Always interesting responding to a NANOG thread. - the approach is from an end user than service provider. The firewall operator would be more interested in identifying PPS for attacks / compromised hosts VS QOS but I supposed it could be used for QOS as well. (Not my intent) So today we have NAT'd firewalls that overload a particular interface, IMHO since properly implemented V6 should not use NAT I would want my FW vendor to allow me to see what's going on PPS wise via the dashboard function. Most V4 firewalls do this today at an interface level.
- Average packet size for all hosts would allow operator to make a determination and set thresholds for new forms of attacks and exploits. (Thinking forward once applications take advantage of V6) - MTU Negotiated Between Hosts - Since this happens between endpoints in v6 this could be help identify tunnels in the network / changes in WAN topology.. Not like we haven't seen that before. While a change in flight should create a drop.. when the session reestablishes it could resize. Dustin jurman -----Original Message----- From: Dobbins, Roland [mailto:rdobb...@arbor.net] Sent: Thursday, April 17, 2014 8:51 AM To: NANOG Subject: Re: Requirements for IPv6 Firewalls On Apr 17, 2014, at 7:35 PM, Dustin Jurman <dus...@rseng.net> wrote: > - packets per second > - Firewall Level > - Hosts level This is getting into QoS territory . . . > - packet size information Concur - packet-length. > - Average for FW of all Network hosts This isn't very operationally useful, IMHO. > - Negotiated Between Hosts I'm not sure what this means? But classifiers for everything in the IP, TCP, UDP, and ICMP headers, along with packet length, makes a lot of sense. ----------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
