On Thu, Jan 31, 2019 at 3:10 PM Joe Touch <to...@strayalpha.com> wrote: > > > > > > On 2019-01-31 13:56, Tom Herbert wrote: > > On Thu, Jan 31, 2019 at 7:59 AM Joe Touch <to...@strayalpha.com> wrote: > > > The problem with dropping the entire paragraph is the section title - talking > about stateless firewalls begs the question of stateful ones. This is > reinforced later in the recommendations. The sentences you remove were the > only thing that tied the two together, which IMO is important. > > > Joe, > > The term "Stateless firewalls" is unambiguous in this context. In a > stateless firewall, each packet is inspected and judge based solely on > it's content. > > > My statement above has no relation to any potential ambiguity in the term. > > --- > > However, the term stateless is inaccurate in a few places: > > (Sec 4.6) NAT is a stateful procedure for an otherwise stateless protocol as > well. The same could be argued for load balancers that retain similar state > through a connection for a flow (i.e., not just hashing the flow or tuple, > but doing round-robin per-flow/tuple 'sticky' routing) > > (Sec 7.3) The problem is not just stateless middle boxes, but also certain > stateful ones (e.g., NATs, some load balancers, etc.) > > --- > > Thus "stateful" actually is both ambiguous and inaccurate here. > > You appear to want to distinguish between the state needed for virtual > reassembly and the state needed to maintain NAT translations or sticky > round-robin load balancing, but there's no simple term that differentiates > them. They're both content-dependent, context-dependent, and stateful. > > > Further, as you note there are no *specified* algorithms for virtual > reassembly, nor are there any *specified* for NAT translation table > maintenance or sticky load balancing. Everyone comes up with their own and > the basic concept is well enough defined as to not need a specification. > In that case, if it's so obvious and well defined then there shouldn't be any issue in either providing a reference to a description or specifying it in the draft (if authors do choose discuss virtual reassembly in the draft).
Tom > Joe _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
