[OPSAWG] Fwd: I-D Action: draft-ietf-opsawg-firewalls-01.txt

Mon, 18 Mar 2013 01:17:29 -0700 

I read the draft,and I think this is useful for decistion of operators's 
security policy and vendor's implementation.
BTW,Today's IPv6 network environment easy to build cascade networks,because 
most of CPE equipment already
implemented "hierarchical DHCPv6 Prefix Delegation" and most of ISP provides 
IPv6 prefix by dhcp-pd.
http://tools.ietf.org/html/draft-chakrabarti-homenet-prefix-alloc-01#section-6

User---|Home GW|----|CPE|-------ISP network
               <--DHCP-pd   <--DHCP-pd

In this case,who should act Firewall security?

CPE would do firewall to the user traffic for all of delegated prefix, Home GW 
might do firewall to user traffic.
If security policy is same then user traffic would be double count/check on 
both HomeGW and CPE.
It is waste of resource and might be downgraded for user experience.

It is enough to do by each of one.
What do think?

If security policy differs among CPE and Home GW,then it might need to 
communicate and exchange policy.
Does PCP would be useful for this case?

Regards,
-Shishio

-------- Original Message --------
Subject: I-D Action: draft-ietf-opsawg-firewalls-01.txt
Date: Thu, 18 Oct 2012 15:50:55 -0700
From: <[email protected]>
Reply-To: <[email protected]>
To: <[email protected]>
CC: <[email protected]>


A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Operations and Management Area Working Group 
Working Group of the IETF.

        Title           : On Firewalls in Internet Security
        Author(s)       : Fred Baker
                          Paul Hoffman
        Filename        : draft-ietf-opsawg-firewalls-01.txt
        Pages           : 10
        Date            : 2012-10-18

Abstract:
   This document discusses the most important operational and security
   implications of using modern firewalls in networks.  It makes
   recommendations for operators of firewalls, as well as for firewall
   vendors.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-opsawg-firewalls

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-opsawg-firewalls-01

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-firewalls-01


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
.




.


_______________________________________________
OPSAWG mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsawg

Reply via email to