This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[ipv6-wg] "Requirements For IPv6 in ICT Equipment" comment
- Previous message (by thread): [ipv6-wg] "Requirements For IPv6 in ICT Equipment" comment
- Next message (by thread): [ipv6-wg] "Requirements For IPv6 in ICT Equipment" comment
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Nash, Steve
snash at arbor.net
Fri Jan 7 09:52:14 CET 2011
Eric I agree with you that it would be excessive to make flow records mandatory on Residential CPE. However the Introduction says that the document is BCP for "governments and large enterprises" so I had considered residential CPE out-of-scope. To achieve the objectives you state of "secure,..and manageable..." I would say that instrumentation is essential. It is possible to identify devices more specifically. Mandatory should apply to: 1/ layer3 devices that are to be AS border routers 2/ layer3 CPE WAN-edge devices where the site offers service to off-site clients (and is therefore vulnerable to denial of service attacks) Most large enterprises today use flow instrumentation in IPv4, so overlooking it for v6 might be a mistake. If an organisation is convinced that it will not make use of flow data, then it can choose to ignore this recommendation, like any other in the document. I had not viewed this requirement as restrictive to vendor selection, as all the major vendors support flow (especially Cisco). But the requirement will help buyers to size equipment appropriately and avoid purchasing something in the short-term that is inadequate for the life of the device. Regards Steve From: Eric Vyncke (evyncke) [mailto:evyncke at cisco.com] Sent: 05 January 2011 11:38 To: Nash, Steve; ipv6-wg at ripe.net Subject: RE: [ipv6-wg] "Requirements For IPv6 in ICT Equipment" comment Steve, Do not you think that this is going too far? Especially if everyone is adding his/her own requirements... For example, I cannot imagine a residential CPE having any kind of flow export ;-) I would prefer to have RIPE-501 focus on the bare minimum requirements in order to get IPv6 deployed as soon as possible: this means enough requirements to be deployed in a secure, interoperable and manageable way but no more as we (at least I) prefer to have multiple 'compliant' devices. Hope this helps and does not sound to vendor originated (see my affiliation) -éric From: ipv6-wg-admin at ripe.net [mailto:ipv6-wg-admin at ripe.net] On Behalf Of Nash, Steve Sent: mercredi 5 janvier 2011 10:40 To: ipv6-wg at ripe.net Subject: [ipv6-wg] "Requirements For IPv6 in ICT Equipment" comment Regarding: http://www.ripe.net/ripe/docs/ripe-501.html I find no mention of flow instrumentation in the November 2010 document. I suggest that "router and layer 3 switch" Mandatory support should include maintenance and export of flow records , ideally compliant with rfc 3917, with sampling rate capability of at least 1 per 1000 packets, at the maximum packet rate of the device. Regards Steve Nash ________________________ Steve Nash CEng MIET Consulting Engineer Arbor Networks office +44 118 967 4917 mobile +44 772 029 1359 www.arbornetworks.com<http://www.arbornetworks.com/> How networks grow(tm) ________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/ipv6-wg/attachments/20110107/7c979e0d/attachment.html>
- Previous message (by thread): [ipv6-wg] "Requirements For IPv6 in ICT Equipment" comment
- Next message (by thread): [ipv6-wg] "Requirements For IPv6 in ICT Equipment" comment
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]