Operational Feedback Requested on Pending Standard

Ted Seely tseely at sprint.net
Mon Aug 27 19:08:32 UTC 2007



All,

Below is an email sent to the IETF OPS Area mailing list soliciting
feedback from operators regarding firewalls.  We would also appreciate
feedback from the Operators Mailing Lists.  Please respond to the OPS Area
mailing list if you have a position on the item below.  You can subscribe
to the Operations and Management Area mailing list at the URL below if you
are not already subscribed.

https://www.ietf.org/mailman/listinfo/ops-area

On behalf of the OPS Area Directors and myself, thank you.

Ted - With OPS Area WG Hat On


--------------------------------------------------------------


During the final review phases of the review of
http://www.ietf.org/internet-drafts/draft-ietf-midcom-mib-09.txt the
issue described below surfaced. It is actually not completely new, it
was discussed in the past in a form or another, and it is not
necessarily specific to this document and MIB module only, but also to
other MIB modules. We believe that input from network operators can
help, and we solicit this input.

The MIDCOM-MIB defines tables containing firewall rules, indexed by
ifIndex. ifIndex values can change when interfaces are swapped or
devices reboot, and this could lead to rules being applied to the wrong
interface.

How do you, network operators, prefer interfaces be identified?
 - Is ifIndex the preferred choice even though the indices can change on
reboot?
 - Is ifName a better choice for identifying interfaces in rules, since
it is set by the device and remains fairly stable across reboots and is
guaranteed to be unique?
 - is ifAlias a better choice, since it can be set by operators,
although it is not guaranteed to be unique?

We would appreciate inputs and thank you for your cooperation.







More information about the NANOG mailing list