Requirements for IPv6 Firewalls

William Herrin bill at
Fri Apr 18 18:57:13 UTC 2014

On Fri, Apr 18, 2014 at 2:32 PM, Simon Perreault <simon at> wrote:
> Le 2014-04-18 14:20, William Herrin a écrit :
>> That would either be a very short document or a document so
>> ideologically loaded that it has no technical utility. The Internet is
>> pretty resilient. There isn't much a firewall can do to break it.
> In IETF we routinely use the phrase "breaking the Internet" to mean
> something rather more limited than "breaking all of the Internet". There
> are tons of things firewalls can do, and some do today, that would be
> considered breaking the Internet.
> FYI, we had a similar document targeted at CGNs:

Excluding references and remarks RFC 6888 is 8 pages long with 15
total requirements. Short.

I'll let the firewall document's authors speak for themselves about
their document's purpose. In the abstract, they said: ''This has
typically been a problem for network operators, who typically have to
produce a "Request for Proposal" from scratch that describes such

That says, "discriminator for potential purchases" to me. What's your take?

I agree that a "don't break the Internet' firewall requirements
document could have utility. But that doesn't appear to be this
document. And if done well, such a document would be short just like
RFC 6888.

Bill Herrin

William D. Herrin ................ herrin at  bill at
3005 Crane Dr. ...................... Web: <>
Falls Church, VA 22042-3004

More information about the NANOG mailing list