On Apr 18, 2014, at 1:04 AM, Dustin Jurman <dus...@rseng.net> wrote:
> - the approach is from an end user than service provider. The firewall > operator would be more interested in identifying PPS for attacks / > compromised hosts VS QOS but I supposed it could be used for QOS as well. > (Not my intent) So today we have NAT'd firewalls that overload a particular > interface, IMHO since properly implemented V6 should not use NAT I would want > my FW vendor to allow me to see what's going on PPS wise via the dashboard > function. Most V4 firewalls do this today at an interface level. This is a telemetry function (separately, I noted IPFIX functionality should be included). > - Average packet size for all hosts would allow operator to make a > determination and set thresholds for new forms of attacks and exploits. > (Thinking forward once applications take advantage of V6) Again, this is a telemetry function, not a policy function. > - MTU Negotiated Between Hosts - Since this happens between endpoints in v6 > this could be help identify tunnels in the network / changes in WAN > topology.. Not like we haven't seen that before. While a change in flight > should create a drop.. when the session reestablishes it could resize. Yet again, a telemetry function. The MTU negotiation itself is irrelevant; the resultant packet-size is relevant, from a classification point of view. ----------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
