Folks,
A few months ago we published an IETF I-D with requirements for IPv6
firewalls.
Based on the feedback received since then, we've published a revision of
the I-D:
http://www.ietf.org/internet-drafts/draft-gont-opsec-ipv6-firewall-reqs-01.txt
If you have any feedback/thoughts, please do
Fernando,
I did not see:
- packets per second
- Firewall Level
- Hosts level
- packet size information
- Average for FW of all Network hosts
- Negotiated Between Hosts
I apologize if I missed it.
Dustin
Dustin Jurman
CEO
Rapid Systems Corporation
1211 N.
On Apr 17, 2014, at 7:35 PM, Dustin Jurman dus...@rseng.net wrote:
- packets per second
- Firewall Level
- Hosts level
This is getting into QoS territory . . .
- packet size information
Concur - packet-length.
- Average for FW of all Network hosts
This isn't very
On Wed 16 Apr 2014 09:40:11 PM PDT, Jim Popovitch wrote:
On Thu, Apr 17, 2014 at 12:19 AM, Private Sender nob...@snovc.com wrote:
On 04/14/2014 03:47 PM, Jim Popovitch wrote:
On Mon, Apr 14, 2014 at 6:21 PM, Scott Howard sc...@doc.net.au wrote:
On Mon, Apr 14, 2014 at 2:59 PM, Jim Popovitch
On 04/16/2014 09:19 PM, Private Sender wrote:
I'm sorry but is there a fundamental misunderstanding of dmarc going on
in this thread? Yahoo doesn't want you to be able to send @yahoo.com
email from anything other than THEIR servers which contain the private
key that corresponds to their DKIM
On 4/17/14, 5:51 AM, Dobbins, Roland wrote:
- packets per second
- Firewall Level
- Hosts level
This is getting into QoS territory . . .
- packet size information
Concur - packet-length.
The use of RFC 2544-esque metrics for firewall performance testing
mostly benefits
On Wed, 16 Apr 2014 21:19:18 -0700, Private Sender said:
I'm sorry but is there a fundamental misunderstanding of dmarc going on
in this thread?
Yes, apparently mostly on the part of Yahoo apologists...
There is no need to flame a company because they implemented a policy to
ensure QoS to
On 04/17/2014 08:34 AM, valdis.kletni...@vt.edu wrote:
On Wed, 16 Apr 2014 21:19:18 -0700, Private Sender said:
I'm sorry but is there a fundamental misunderstanding of dmarc going on
in this thread?
Yes, apparently mostly on the part of Yahoo apologists...
There is no need to flame a
On Thu, Apr 17, 2014 at 6:30 AM, Fernando Gont ferna...@gont.com.ar wrote:
A few months ago we published an IETF I-D with requirements for IPv6
firewalls.
Based on the feedback received since then, we've published a revision of
the I-D:
On Apr 17, 2014, at 10:26 PM, David Newman dnew...@networktest.com wrote:
For firewalls handling TCP traffic, upper-layer traffic metrics such as HTTP
object size, concurrent connection capacity, and connection setup rate are a
lot more meaningful.
I'm referring here to the ability to use
Michael Thomas wrote:
On 04/17/2014 08:34 AM, valdis.kletni...@vt.edu wrote:
On Wed, 16 Apr 2014 21:19:18 -0700, Private Sender said:
I'm sorry but is there a fundamental misunderstanding of dmarc going on
in this thread?
Yes, apparently mostly on the part of Yahoo apologists...
There is no
Hi, David,
Thanks so much for your feedback! -- Comments in-line
On 04/17/2014 12:26 PM, David Newman wrote:
The use of RFC 2544-esque metrics for firewall performance testing
mostly benefits ill-informed or unscrupulous firewall marketeers, who
send 1500-byte UDP packets and then brag
Hi, William!
Thanks so much for your feedback! One meta comment: this document is an
Internet-Draft, not an RFC. It's just the second version (-01) we have
published... so it's not meant to be there. The reason for posting the
I-D here was so that I could get your input as early in the production
Hi Bill,
Also, I note your draft is entitled Requirements for IPv6 Enterprise
Firewalls. Frankly, no enterprise firewall will be taken seriously
without address-overloaded NAT. I realize that's a controversial
statement in the IPv6 world but until you get past it you're basically
wasting
Always interesting responding to a NANOG thread.
- the approach is from an end user than service provider. The firewall operator
would be more interested in identifying PPS for attacks / compromised hosts VS
QOS but I supposed it could be used for QOS as well. (Not my intent) So today
we
On Thu, Apr 17, 2014 at 12:15 PM, Fernando Gont ferna...@gont.com.ar wrote:
Thanks so much for your feedback! One meta comment: this document is an
Internet-Draft, not an RFC. It's just the second version (-01) we have
published... so it's not meant to be there.
Hi Fernando,
I apologize; my
On Thu, Apr 17, 2014 at 9:05 PM, William Herrin b...@herrin.us wrote:
Here's the drill: From an enterprise security perspective, deploying
IPv6 is high risk. I have to re-implement every rule I set on my IPv4
addresses all over again with my IPv6 addresses and hope I don't screw
it up in a
Hail NANOG,
The Future of the Internet 2014: Defining Software Defined Networks call
for presenters is now open!
The Future of the Internet 2014 (TFI2014) will be held in Denver, Colorado
on Friday, 22 August, 2014.
At this year's event, the Colorado Chapter of the Internet Society (CO
ISOC) is
On Thu, Apr 17, 2014 at 2:32 PM, Eugeniu Patrascu eu...@imacandi.net wrote:
It's a bigger risk to think that NAT somehow magically protects you against
stuff on the Internet.
You are entitled to your opinion and you are entitled to run your
network in accordance with your opinion.
To vendors
On Thu, 17 Apr 2014 14:50:01 -0400, William Herrin said:
To vendors who would sell me product, I would respectfully suggest
that attempts to forcefully educate me as to what I *should want*
offers neither a short nor particularly successful path to closing a
sale.
Which is why you reject
On Apr 17, 2014 3:07 PM, valdis.kletni...@vt.edu wrote:
On Thu, 17 Apr 2014 14:50:01 -0400, William Herrin said:
To vendors who would sell me product, I would respectfully suggest
that attempts to forcefully educate me as to what I *should want*
offers neither a short nor particularly
On Thu, Apr 17, 2014 at 4:04 PM, valdis.kletni...@vt.edu wrote:
On Thu, 17 Apr 2014 14:50:01 -0400, William Herrin said:
To vendors who would sell me product, I would respectfully suggest
that attempts to forcefully educate me as to what I *should want*
offers neither a short nor
On Thu, Apr 17, 2014 at 11:32 AM, Eugeniu Patrascu eu...@imacandi.netwrote:
...
It's a bigger risk to think that NAT somehow magically protects you against
stuff on the Internet.
Also, if your problem is that someone can screw up firewalls rules, then
you have bigger issue in your
On Apr 18, 2014, at 1:04 AM, Dustin Jurman dus...@rseng.net wrote:
- the approach is from an end user than service provider. The firewall
operator would be more interested in identifying PPS for attacks /
compromised hosts VS QOS but I supposed it could be used for QOS as well.
(Not my
On 4/17/2014 1:45 PM, George Herbert wrote:
This is why listening to operators is important.
Why start now? After all, most of the useful input operators could have
provided would have been much more useful at the beginning.
Matthew Kaufman
In message 53504c18.7050...@matthew.at, Matthew Kaufman writes:
On 4/17/2014 1:45 PM, George Herbert wrote:
This is why listening to operators is important.
Why start now? After all, most of the useful input operators could have
provided would have been much more useful at the beginning.
On 04/17/2014 06:48 PM, Matthew Kaufman wrote:
On 4/17/2014 1:45 PM, George Herbert wrote:
This is why listening to operators is important.
Why start now? After all, most of the useful input operators could have
provided would have been much more useful at the beginning.
I cannot speak for
On Thu, 17 Apr 2014, Sander Steffann wrote:
Also, I note your draft is entitled Requirements for IPv6 Enterprise
Firewalls. Frankly, no enterprise firewall will be taken seriously
without address-overloaded NAT. I realize that's a controversial
statement in the IPv6 world but until you get past
While you're at it, the document can explain to admins who have been burned,
often more than once, by the pain of re-numbering internal services at static
addresses how IPv6 without NAT will magically solve this problem.
Matthew Kaufman
(Sent from my iPhone)
On Apr 17, 2014, at 4:20 PM,
On Apr 17, 2014 7:52 PM, Matthew Kaufman matt...@matthew.at wrote:
While you're at it, the document can explain to admins who have been
burned, often more than once, by the pain of re-numbering internal services
at static addresses how IPv6 without NAT will magically solve this problem.
If
To the Comcast v6 Team,
Thank you for enabling my CMTS for v6 in Colchester, VT
Works great!
Thanks,
-Mike
Michael T. Voity
Network Engineer
University of Vermont
On Thu, 17 Apr 2014, Timothy Morizot wrote:
On Apr 17, 2014 7:52 PM, Matthew Kaufman matt...@matthew.at wrote:
While you're at it, the document can explain to admins who have been
burned, often more than once, by the pain of re-numbering internal services
at static addresses how IPv6 without
+ Redmond, WA. Good job guys.
mehmet
On Apr 17, 2014, at 7:28 PM, Michael T. Voity mvo...@uvm.edu wrote:
To the Comcast v6 Team,
Thank you for enabling my CMTS for v6 in Colchester, VT
Works great!
Thanks,
-Mike
Michael T. Voity
Network Engineer
University of Vermont
Please don't reply to a message on the list and change the subject line.
Doing so causes your new topic to show under the previous one for
those using mail readers that thread properly, and may cause your
message to be missed altogether if someone has blocked that thread.
Instead, save the
I think I got you to say NAT
Matthew Kaufman
(Sent from my iPhone)
On Apr 17, 2014, at 7:05 PM, Timothy Morizot tmori...@gmail.com wrote:
On Apr 17, 2014 7:52 PM, Matthew Kaufman matt...@matthew.at wrote:
While you're at it, the document can explain to admins who have been
burned,
Hello,
I was wondering if anyone can recommend a good contact at Internap
to discuss thier anycast services.
Please contact me directly. Any help is greatly appreciated..
Cheers,
Carlos.
Op 17 apr. 2014, om 20:50 heeft William Herrin b...@herrin.us het volgende
geschreven:
On Thu, Apr 17, 2014 at 2:32 PM, Eugeniu Patrascu eu...@imacandi.net wrote:
It's a bigger risk to think that NAT somehow magically protects you against
stuff on the Internet.
You are entitled to your
37 matches
Mail list logo