[ipv6hackers] Requirements for IPv6 firewalls (new IETF-ID)

Fernando Gont fgont at si6networks.com
Wed Feb 19 06:28:24 CET 2014


We have published a new I-D on "Requirements for IPv6 Firewalls"

The I-D is available at:

The goals of this first (and drafty) version of the document are as follows:

1) Agree on a rationale to write this spec.

For example, one possible rationale is "aim at providing parity of
features with IPv4". Another one could be that "should should aim a
little higher". For example, in the light of
draft-farrell-perpass-attack we may aim at requiring some privacy
features that might not be that common in IPv4 firewalls.

2) Expose different aspects of firewalls that we may want to standardize.

High-level feedback along the lines of "this other aspect is missing,
and should be added" or "we probably should not address this or that
other aspect" are very valuable.

3) Discussion of concrete requirements.

Here the feedback would be in the form of "This or that requirement is
missing", "this or that requirement doesn't make sense and should be
eliminated", etc. And for each of those that we keep in, arguments in
favor of "mandatory", "recommended", or "optional" (i.e., what the level
of each requirement should be).

It would be great if you could post any feedback on the opsec wg
mailing-list (Instructions here: <>). BUt in any case feel free to
discuss this document on this list (ipv6hackers) or send your feedback
to all the co-authors at:
<draft-gont-opsec-ipv6-firewall-reqs at tools.ietf.org>.

P.S.: Regardless of what we end up doing with this I-D, etc., I think
the brainstorming would be fruitful. :-)


Best regards,

-------- Original Message --------
From: internet-drafts at ietf.org
To: Will Liu <liushucheng at huawei.com>, "Shucheng LIU (Will)"
<liushucheng at huawei.com>, Fernando Gont <fgont at si6networks.com>,
"Fernando Gont" <fgont at si6networks.com>, Marco Ermini
<marco.ermini at resmed.com>, "Marco Ermini" <marco.ermini at resmed.com>
Subject: New Version Notification for
Date: Fri, 14 Feb 2014 16:00:33 -0800

A new version of I-D, draft-gont-opsec-ipv6-firewall-reqs-00.txt
has been successfully submitted by Fernando Gont and posted to the
IETF repository.

Name:		draft-gont-opsec-ipv6-firewall-reqs
Revision:	00
Title:		Requirements for IPv6 Firewalls
Document date:	2014-02-15
Group:		Individual Submission
Pages:		12

   While there are a large number of documents discussing IP and IPv6
   packet filtering, requirements for IPv6 firewalls have never been
   specified in the RFC series.  When it comes to IPv6, the more limited
   experience with the protocols, and reduced variety of products has
   made it rather difficult to specify what are reasonable features to
   be expected from an IPv6 firewall.  This has typically been a problem
   for network operators, who typically have to produce a "Request for
   Proposal" (from scratch) that describes such features.  This document
   specifies a set of requirements for IPv6 firewalls, marked as
   "mandatory", "recommended", or "optional".

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

More information about the Ipv6hackers mailing list