On 16/1/19 16:26, Tom Herbert wrote:
> Ron,
>
> A stateless firewall that maintains state is no longer a stateless
> firewall. Introducing state requires memory and additional logic that
> are at odds with the goal of cheap low end devices..
>
> A stateless firewall could just drop the first
FWIW...
On 1/16/2019 11:26 AM, Tom Herbert wrote:
> ...A stateless firewall could just drop the first fragment that
> contains the transport layer header and allow non first fragments to
> past. This achieves the filtering goal to prevent delivery of the
> reassmbled packet.
That works only if
> Subject: Re: [Int-area] WGLC on draft-ietf-intarea-frag-fragile-05 (Tom
> Herbert)
>
> On Wed, Jan 16, 2019 at 11:40 AM Ron Bonica wrote:
> >
> > Inline…..
> >
> >
> >
> > From: Tom Herbert
> > Sent: Wednesday, January 16, 2019 2:27 PM
&
On Wed, Jan 16, 2019 at 11:40 AM Ron Bonica wrote:
>
> Inline…..
>
>
>
> From: Tom Herbert
> Sent: Wednesday, January 16, 2019 2:27 PM
> To: Ron Bonica
> Cc: int-area
> Subject: Re: [Int-area] WGLC on draft-ietf-intarea-frag-fragile-05 (Tom
> Herbert)
>
>
Inline…..
From: Tom Herbert
Sent: Wednesday, January 16, 2019 2:27 PM
To: Ron Bonica
Cc: int-area
Subject: Re: [Int-area] WGLC on draft-ietf-intarea-frag-fragile-05 (Tom Herbert)
On Tue, Jan 15, 2019, 6:17 PM Ron Bonica
mailto:rbon...@juniper.net> wrote:
Tom,
Please take a look at Sect
On Tue, Jan 15, 2019, 6:17 PM Ron Bonica Tom,
>
> Please take a look at Section 4.3 (Stateless Firewalls). How can the
> stateless firewall behave optimally without maintaining state?
>
Ron,
A stateless firewall that maintains state is no longer a stateless
firewall. Introducing state requires
Tom,
Please take a look at Section 4.3 (Stateless Firewalls). How can the stateless
firewall behave optimally without maintaining state?
While flow labels may help in the case of load balancers, the don't help at all
in the case of stateless firewalls.