<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-8859-1"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Comic Sans MS";
panose-1:3 15 7 2 3 3 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Comic Sans MS";
color:#31849B;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>Eric<o:p></o:p></p><p class=MsoNormal>I agree with you that it would be excessive to make flow records mandatory on Residential CPE.<o:p></o:p></p><p class=MsoNormal>However the Introduction says that the document is BCP for “governments and large enterprises” so I had considered residential CPE out-of-scope.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>To achieve the objectives you state of “secure,..and manageable...” I would say that instrumentation is essential.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>It is possible to identify devices more specifically.<o:p></o:p></p><p class=MsoNormal>Mandatory should apply to:<o:p></o:p></p><p class=MsoNormal>1/ layer3 devices that are to be AS border routers<o:p></o:p></p><p class=MsoNormal>2/ layer3 CPE WAN-edge devices where the site offers service to off-site clients (and is therefore vulnerable to denial of service attacks)<o:p></o:p></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal>Most large enterprises today use flow instrumentation in IPv4, so overlooking it for v6 might be a mistake.<o:p></o:p></p><p class=MsoNormal>If an organisation is convinced that it will not make use of flow data, then it can choose to ignore this recommendation, like any other in the document.<o:p></o:p></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal>I had not viewed this requirement as restrictive to vendor selection, as all the major vendors support flow (especially Cisco). But the requirement will help buyers to size equipment appropriately and avoid purchasing something in the short-term that is inadequate for the life of the device.<o:p></o:p></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal>Regards<o:p></o:p></p><p class=MsoNormal>Steve<o:p></o:p></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Eric Vyncke (evyncke) [mailto:evyncke@cisco.com] <br><b>Sent:</b> 05 January 2011 11:38<br><b>To:</b> Nash, Steve; ipv6-wg@ripe.net<br><b>Subject:</b> RE: [ipv6-wg] "Requirements For IPv6 in ICT Equipment" comment<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-family:"Comic Sans MS";color:#31849B'>Steve,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Comic Sans MS";color:#31849B'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Comic Sans MS";color:#31849B'>Do not you think that this is going too far? Especially if everyone is adding his/her own requirements...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Comic Sans MS";color:#31849B'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Comic Sans MS";color:#31849B'>For example, I cannot imagine a residential CPE having any kind of flow export ;-)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Comic Sans MS";color:#31849B'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Comic Sans MS";color:#31849B'>I would prefer to have RIPE-501 focus on the bare minimum requirements in order to get IPv6 deployed as soon as possible: this means enough requirements to be deployed in a secure, interoperable and manageable way but no more as we (at least I) prefer to have multiple ‘compliant’ devices.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Comic Sans MS";color:#31849B'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Comic Sans MS";color:#31849B'>Hope this helps and does not sound to vendor originated (see my affiliation)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Comic Sans MS";color:#31849B'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Comic Sans MS";color:#31849B'>-éric<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Comic Sans MS";color:#31849B'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Comic Sans MS";color:#31849B'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> ipv6-wg-admin@ripe.net [mailto:ipv6-wg-admin@ripe.net] <b>On Behalf Of </b>Nash, Steve<br><b>Sent:</b> mercredi 5 janvier 2011 10:40<br><b>To:</b> ipv6-wg@ripe.net<br><b>Subject:</b> [ipv6-wg] "Requirements For IPv6 in ICT Equipment" comment<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal>Regarding:<o:p></o:p></p><p class=MsoNormal><a href="http://www.ripe.net/ripe/docs/ripe-501.html">http://www.ripe.net/ripe/docs/ripe-501.html</a> <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I find no mention of flow instrumentation in the November 2010 document.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I suggest that “router and layer 3 switch” Mandatory support should include maintenance and export of flow records , ideally compliant with rfc 3917, with sampling rate capability of at least 1 per 1000 packets, at the maximum packet rate of the device.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Regards<o:p></o:p></p><p class=MsoNormal>Steve Nash<o:p></o:p></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>________________________</span><span lang=EN-US style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Steve Nash CEng MIET</span><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Consulting Engineer</span><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Arbor Networks<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>office +44 118 967 4917</span><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>mobile +44 772 029 1359</span><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p></o:p></span></p><p class=MsoNormal><a href="http://www.arbornetworks.com/" title="http://www.arbornetworks.com/"><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>www.arbornetworks.com</span></a><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>How networks grow™<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif"'>________________________</span><o:p></o:p></p></div></div></body></html>