IPsec%20Benchmarking%20Terminology/Methodology%20IETF69%20-%20Chicago,%20USA - PowerPoint PPT Presentation

About This Presentation
Title:

IPsec%20Benchmarking%20Terminology/Methodology%20IETF69%20-%20Chicago,%20USA

Description:

Should the length of the burst be different than that which is defined in RFC1242? ... the number of frames in the longest burst that the DUT will handle without the ... – PowerPoint PPT presentation

Number of Views:30
Avg rating:3.0/5.0
Slides: 6
Provided by: timre8
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: IPsec%20Benchmarking%20Terminology/Methodology%20IETF69%20-%20Chicago,%20USA


1
IPsec Benchmarking Terminology/MethodologyIETF69
- Chicago, USA
  • Merike Kaeo
  • merike_at_doubleshotsecurit
    y.com

2
Latest Documents
  • Terminology for Benchmarking IPsec Devices
  • draft-ietf-bmwg-ipsec-term-09.txt
  • Methodology for Benchmarking IPsec Devices
  • draft-ietf-bmwg-ipsec-meth-02.txt

3
Terminology Document Changes
  • Updated all references to latest IPsec RFCs
  • Adding limited and scoped DoS Testing
  • IKE Phase 1 PSK or certificate mismatch
  • IKE Phase 2 hash mismatch (for AH or ESP/Null)
  • Replay attack
  • Still need to clean up section 8 Framesizes
  • Need to clean up examples for IPv4/IPv6 cleartext
    and IPv4/IPv6 IPsec protected framesizes
  • New consideration regarding section 10.5
    Back-to-Back Frames
  • Is this test still relevant?
  • Should the length of the burst be different than
    that which is defined in RFC1242?

4
Methodology Document Changes
  • Updated all references to latest IPsec RFCs
  • Modified transform sets to conform to latest
    algorithms
  • Updated security context parameters
  • Back-to-Back Frame Baseline
  • The back-to-back value is the number of frames in
    the longest burst that the DUT will handle
    without the loss of any frames. The trial length
    MUST be at least 2 seconds and SHOULD be repeated
    at least 50 times with the average of the
    recorded values being reported.
  • Is above text appropriate or should length of
    trial be increased?
  • Need to still add DoS Resiliency Methodology

5
Final Steps.
  • Input on missing items would be useful
  • Will ask for last call on next revisions of both
    documents
Write a Comment
User Comments (0)
About PowerShow.com