Always interesting responding to a NANOG thread. - the approach is from an end user than service provider. The firewall operator would be more interested in identifying PPS for attacks / compromised hosts VS QOS but I supposed it could be used for QOS as well. (Not my intent) So today we have NAT'd firewalls that overload a particular interface, IMHO since properly implemented V6 should not use NAT I would want my FW vendor to allow me to see what's going on PPS wise via the dashboard function. Most V4 firewalls do this today at an interface level. - Average packet size for all hosts would allow operator to make a determination and set thresholds for new forms of attacks and exploits. (Thinking forward once applications take advantage of V6) - MTU Negotiated Between Hosts - Since this happens between endpoints in v6 this could be help identify tunnels in the network / changes in WAN topology.. Not like we haven't seen that before. While a change in flight should create a drop.. when the session reestablishes it could resize. Dustin jurman -----Original Message----- From: Dobbins, Roland [mailto:rdobbins@arbor.net] Sent: Thursday, April 17, 2014 8:51 AM To: NANOG Subject: Re: Requirements for IPv6 Firewalls On Apr 17, 2014, at 7:35 PM, Dustin Jurman <dustin@rseng.net> wrote:
- packets per second - Firewall Level - Hosts level
This is getting into QoS territory . . .
- packet size information
Concur - packet-length.
- Average for FW of all Network hosts
This isn't very operationally useful, IMHO.
- Negotiated Between Hosts
I'm not sure what this means? But classifiers for everything in the IP, TCP, UDP, and ICMP headers, along with packet length, makes a lot of sense. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton