draft-ietf-i2nsf-capability-data-model-11.txt		draft-ietf-i2nsf-capability-data-model-12.txt
	I2NSF Working Group S. Hares, Ed.		I2NSF Working Group S. Hares, Ed.
	Internet-Draft Huawei		Internet-Draft Huawei
	Intended status: Standards Track J. Jeong, Ed.		Intended status: Standards Track J. Jeong, Ed.
	Expires: March 12, 2021 J. Kim		Expires: March 19, 2021 J. Kim
	Sungkyunkwan University		Sungkyunkwan University
	R. Moskowitz		R. Moskowitz
	HTT Consulting		HTT Consulting
	Q. Lin		Q. Lin
	Huawei		Huawei
	September 8, 2020		September 15, 2020
	I2NSF Capability YANG Data Model		I2NSF Capability YANG Data Model
	draft-ietf-i2nsf-capability-data-model-11		draft-ietf-i2nsf-capability-data-model-12
	Abstract		Abstract
	This document defines a YANG data model for the capabilities of		This document defines a YANG data model for the capabilities of
	various Network Security Functions (NSFs) in the Interface to Network		various Network Security Functions (NSFs) in the Interface to Network
	Security Functions (I2NSF) framework to centrally manage the		Security Functions (I2NSF) framework to centrally manage the
	capabilities of the various NSFs.		capabilities of the various NSFs.
	Status of This Memo		Status of This Memo
	skipping to change at page 1, line 39 ¶		skipping to change at page 1, line 39 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at https://datatracker.ietf.org/drafts/current/.		Drafts is at https://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on March 12, 2021.		This Internet-Draft will expire on March 19, 2021.
	Copyright Notice		Copyright Notice
	Copyright (c) 2020 IETF Trust and the persons identified as the		Copyright (c) 2020 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(https://trustee.ietf.org/license-info) in effect on the date of		(https://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 5, line 26 ¶		skipping to change at page 5, line 26 ¶
	+-----------------+------------+ +-------------+		+-----------------+------------+ +-------------+
	^ New NSF		^ New NSF
	| Cap = {FW, WF}		| Cap = {FW, WF}
	I2NSF | E = {}		I2NSF | E = {}
	NSF-Facing Interface | C = {IPv4, IPv6}		NSF-Facing Interface | C = {IPv4, IPv6}
	| A = {Allow, Deny}		| A = {Allow, Deny}
	v		v
	+---------------+----+------------+-----------------+		+---------------+----+------------+-----------------+
	| | | |		| | | |
	+---+---+ +---+---+ +---+---+ +---+---+		+---+---+ +---+---+ +---+---+ +---+---+
	| NSF-1 | ... | NSF-m | | NSF-1 | ... | NSF-n | ...		| NSF-1 | ... | NSF-m | | NSF-1 | ... | NSF-n |
	+-------+ +-------+ +-------+ +-------+		+-------+ +-------+ +-------+ +-------+
	NSF-1 NSF-m NSF-1 NSF-n		NSF-1 NSF-m NSF-1 NSF-n
	Cap = {FW, WF} Cap = {FW, WF} Cap = {FW, WF} Cap = {FW, WF}		Cap = {FW, WF} Cap = {FW, WF} Cap = {FW, WF} Cap = {FW, WF}
	E = {} E = {user} E = {dev} E = {time}		E = {} E = {user} E = {dev} E = {time}
	C = {IPv4} C = {IPv6} C = {IPv4, IPv6} C = {IPv4}		C = {IPv4} C = {IPv6} C = {IPv4, IPv6} C = {IPv4}
	A = {Allow, Deny} A = {Allow, Deny} A = {Allow, Deny} A = {Allow, Deny}		A = {Allow, Deny} A = {Allow, Deny} A = {Allow, Deny} A = {Allow, Deny}
	Developer's Mgmt System A Developer's Mgmt System B		Developer's Mgmt System A Developer's Mgmt System B
	Figure 1: Capabilities of NSFs in I2NSF Framework		Figure 1: Capabilities of NSFs in I2NSF Framework
	A use case of an NSF with the capabilities of firewall and web filter		A use case of an NSF with the capabilities of firewall and web filter
	is described as follows.		is described as follows.
	o If a network manager wants to apply security policy rules to block		o If a network manager wants to apply security policy rules to block
	malicious users with firewall and web filter, it is a tremendous		malicious users with firewall and web filter, it is a tremendous
	burden for a network administrator to apply all of the needed		burden for a network administrator to apply all of the needed
	rules to NSFs one by one. This problem can be resolved by		rules to NSFs one by one. This problem can be resolved by
	skipping to change at page 9, line 25 ¶		skipping to change at page 9, line 25 ¶
	5. YANG Data Model of I2NSF NSF Capability		5. YANG Data Model of I2NSF NSF Capability
	This section introduces a YANG module for NSFs' capabilities, as		This section introduces a YANG module for NSFs' capabilities, as
	defined in the [I-D.ietf-i2nsf-capability].		defined in the [I-D.ietf-i2nsf-capability].
	This YANG module imports from [RFC6991]. It makes references to [RFC		This YANG module imports from [RFC6991]. It makes references to [RFC
	0768][IANA-Protocol-Numbers][RFC0791][RFC0792][RFC0793][RFC3261][RFC4		0768][IANA-Protocol-Numbers][RFC0791][RFC0792][RFC0793][RFC3261][RFC4
	443][RFC8200][RFC8329][I-D.ietf-i2nsf-capability][I-D.ietf-i2nsf-nsf-		443][RFC8200][RFC8329][I-D.ietf-i2nsf-capability][I-D.ietf-i2nsf-nsf-
	monitoring-data-model][I-D.ietf-i2nsf-sdn-ipsec-flow-protection].		monitoring-data-model][I-D.ietf-i2nsf-sdn-ipsec-flow-protection].
	<CODE BEGINS> file "ietf-i2nsf-capability@2020-09-08.yang"		<CODE BEGINS> file "ietf-i2nsf-capability@2020-09-15.yang"
	module ietf-i2nsf-capability {		module ietf-i2nsf-capability {
	yang-version 1.1;		yang-version 1.1;
	namespace		namespace
	"urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability";		"urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability";
	prefix		prefix
	nsfcap;		nsfcap;
	organization		organization
	"IETF I2NSF (Interface to Network Security Functions)		"IETF I2NSF (Interface to Network Security Functions)
	skipping to change at page 10, line 25 ¶		skipping to change at page 10, line 25 ¶
	set forth in Section 4.c of the IETF Trust's Legal Provisions		set forth in Section 4.c of the IETF Trust's Legal Provisions
	Relating to IETF Documents		Relating to IETF Documents
	http://trustee.ietf.org/license-info).		http://trustee.ietf.org/license-info).
	This version of this YANG module is part of RFC XXXX; see		This version of this YANG module is part of RFC XXXX; see
	the RFC itself for full legal notices.";		the RFC itself for full legal notices.";
	// RFC Ed.: replace XXXX with an actual RFC number and remove		// RFC Ed.: replace XXXX with an actual RFC number and remove
	// this note.		// this note.
	revision "2020-09-08"{		revision "2020-09-15"{
	description "Initial revision.";		description "Initial revision.";
	reference		reference
	"RFC XXXX: I2NSF Capability YANG Data Model";		"RFC XXXX: I2NSF Capability YANG Data Model";
	// RFC Ed.: replace XXXX with an actual RFC number and remove		// RFC Ed.: replace XXXX with an actual RFC number and remove
	// this note.		// this note.
	}		}
	/*		/*
	* Identities		* Identities
	skipping to change at page 41, line 29 ¶		skipping to change at page 41, line 29 ¶
	Figure 3: YANG Data Module of I2NSF Capability		Figure 3: YANG Data Module of I2NSF Capability
	6. IANA Considerations		6. IANA Considerations
	This document requests IANA to register the following URI in the		This document requests IANA to register the following URI in the
	"IETF XML Registry" [RFC3688]:		"IETF XML Registry" [RFC3688]:
	ID: yang:ietf-i2nsf-capability		ID: yang:ietf-i2nsf-capability
	URI: urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability		URI: urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability
			Registrant Contact: The IESG.
			XML: N/A; the requested URI is an XML namespace.
	Filename: [ TBD-at-Registration ]		Filename: [ TBD-at-Registration ]
	Reference: [ RFC-to-be ]		Reference: [ RFC-to-be ]
	This document requests IANA to register the following YANG module in		This document requests IANA to register the following YANG module in
	the "YANG Module Names" registry [RFC7950][RFC8525]:		the "YANG Module Names" registry [RFC7950][RFC8525]:
	Name: ietf-i2nsf-capability		Name: ietf-i2nsf-capability
	File: [ TBD-at-Registration ]
	Maintained by IANA? N		Maintained by IANA? N
	Namespace: urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability		Namespace: urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability
	Prefix: nsfcap		Prefix: nsfcap
	Module:		Module:
	Reference: [ RFC-to-be ]		Reference: [ RFC-to-be ]
	7. Security Considerations		7. Security Considerations
	The YANG module specified in this document defines a data schema		The YANG module specified in this document defines a data schema
	designed to be accessed through network management protocols such as		designed to be accessed through network management protocols such as
	skipping to change at page 42, line 42 ¶		skipping to change at page 42, line 42 ¶
	8. References		8. References
	8.1. Normative References		8.1. Normative References
	[I-D.ietf-i2nsf-capability]		[I-D.ietf-i2nsf-capability]
	Xia, L., Strassner, J., Basile, C., and D. Lopez,		Xia, L., Strassner, J., Basile, C., and D. Lopez,
	"Information Model of NSFs Capabilities", draft-ietf-		"Information Model of NSFs Capabilities", draft-ietf-
	i2nsf-capability-05 (work in progress), April 2019.		i2nsf-capability-05 (work in progress), April 2019.
	[I-D.ietf-i2nsf-nsf-monitoring-data-model]		[I-D.ietf-i2nsf-nsf-monitoring-data-model]
	Jeong, J., Chung, C., Hares, S., Xia, L., and H. Birkholz,		Jeong, J., Lingga, P., Hares, S., Xia, L., and H.
	"I2NSF NSF Monitoring YANG Data Model", draft-ietf-i2nsf-		Birkholz, "I2NSF NSF Monitoring YANG Data Model", draft-
	nsf-monitoring-data-model-03 (work in progress), May 2020.		ietf-i2nsf-nsf-monitoring-data-model-04 (work in
			progress), September 2020.
	[I-D.ietf-i2nsf-sdn-ipsec-flow-protection]		[I-D.ietf-i2nsf-sdn-ipsec-flow-protection]
	Lopez, R., Lopez-Millan, G., and F. Pereniguez-Garcia,		Lopez, R., Lopez-Millan, G., and F. Pereniguez-Garcia,
	"Software-Defined Networking (SDN)-based IPsec Flow		"Software-Defined Networking (SDN)-based IPsec Flow
	Protection", draft-ietf-i2nsf-sdn-ipsec-flow-protection-08		Protection", draft-ietf-i2nsf-sdn-ipsec-flow-protection-08
	(work in progress), June 2020.		(work in progress), June 2020.
	[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,		[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
	DOI 10.17487/RFC0768, August 1980,		DOI 10.17487/RFC0768, August 1980,
	<https://www.rfc-editor.org/info/rfc768>.		<https://www.rfc-editor.org/info/rfc768>.
End of changes. 11 change blocks.
	12 lines changed or deleted		14 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/