| draft-ietf-i2nsf-capability-data-model-15.txt | draft-ietf-i2nsf-capability-data-model-16.txt | |||
|---|---|---|---|---|
| I2NSF Working Group S. Hares, Ed. | I2NSF Working Group S. Hares, Ed. | |||
| Internet-Draft Huawei | Internet-Draft Huawei | |||
| Intended status: Standards Track J. Jeong, Ed. | Intended status: Standards Track J. Jeong, Ed. | |||
| Expires: July 21, 2021 J. Kim | Expires: September 9, 2021 J. Kim | |||
| Sungkyunkwan University | Sungkyunkwan University | |||
| R. Moskowitz | R. Moskowitz | |||
| HTT Consulting | HTT Consulting | |||
| Q. Lin | Q. Lin | |||
| Huawei | Huawei | |||
| January 17, 2021 | March 8, 2021 | |||
| I2NSF Capability YANG Data Model | I2NSF Capability YANG Data Model | |||
| draft-ietf-i2nsf-capability-data-model-15 | draft-ietf-i2nsf-capability-data-model-16 | |||
| Abstract | Abstract | |||
| This document defines an information model and the corresponding YANG | This document defines an information model and the corresponding YANG | |||
| data model for the capabilities of various Network Security Functions | data model for the capabilities of various Network Security Functions | |||
| (NSFs) in the Interface to Network Security Functions (I2NSF) | (NSFs) in the Interface to Network Security Functions (I2NSF) | |||
| framework to centrally manage the capabilities of the various NSFs. | framework to centrally manage the capabilities of the various NSFs. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 39 ¶ | skipping to change at page 1, line 39 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on July 21, 2021. | This Internet-Draft will expire on September 9, 2021. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 25 ¶ | skipping to change at page 2, line 25 ¶ | |||
| 3.1. Design Principles and ECA Policy Model Overview . . . . . 5 | 3.1. Design Principles and ECA Policy Model Overview . . . . . 5 | |||
| 3.2. Matched Policy Rule . . . . . . . . . . . . . . . . . . . 8 | 3.2. Matched Policy Rule . . . . . . . . . . . . . . . . . . . 8 | |||
| 3.3. Conflict, Resolution Strategy and Default Action . . . . 8 | 3.3. Conflict, Resolution Strategy and Default Action . . . . 8 | |||
| 4. Overview of YANG Data Model . . . . . . . . . . . . . . . . . 9 | 4. Overview of YANG Data Model . . . . . . . . . . . . . . . . . 9 | |||
| 5. YANG Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 12 | 5. YANG Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 5.1. Network Security Function (NSF) Capabilities . . . . . . 12 | 5.1. Network Security Function (NSF) Capabilities . . . . . . 12 | |||
| 6. YANG Data Model of I2NSF NSF Capability . . . . . . . . . . . 15 | 6. YANG Data Model of I2NSF NSF Capability . . . . . . . . . . . 15 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 59 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 59 | |||
| 8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 59 | 8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 59 | |||
| 9. Security Considerations . . . . . . . . . . . . . . . . . . . 60 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 60 | |||
| 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 61 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 60 | |||
| 10.1. Normative References . . . . . . . . . . . . . . . . . . 61 | 10.1. Normative References . . . . . . . . . . . . . . . . . . 60 | |||
| 10.2. Informative References . . . . . . . . . . . . . . . . . 65 | 10.2. Informative References . . . . . . . . . . . . . . . . . 65 | |||
| Appendix A. Configuration Examples . . . . . . . . . . . . . . . 67 | Appendix A. Configuration Examples . . . . . . . . . . . . . . . 67 | |||
| A.1. Example 1: Registration for the Capabilities of a General | A.1. Example 1: Registration for the Capabilities of a General | |||
| Firewall . . . . . . . . . . . . . . . . . . . . . . . . 67 | Firewall . . . . . . . . . . . . . . . . . . . . . . . . 67 | |||
| A.2. Example 2: Registration for the Capabilities of a Time- | A.2. Example 2: Registration for the Capabilities of a Time- | |||
| based Firewall . . . . . . . . . . . . . . . . . . . . . 70 | based Firewall . . . . . . . . . . . . . . . . . . . . . 70 | |||
| A.3. Example 3: Registration for the Capabilities of a Web | A.3. Example 3: Registration for the Capabilities of a Web | |||
| Filter . . . . . . . . . . . . . . . . . . . . . . . . . 72 | Filter . . . . . . . . . . . . . . . . . . . . . . . . . 72 | |||
| A.4. Example 4: Registration for the Capabilities of a | A.4. Example 4: Registration for the Capabilities of a | |||
| VoIP/VoLTE Filter . . . . . . . . . . . . . . . . . . . . 72 | VoIP/VoLTE Filter . . . . . . . . . . . . . . . . . . . . 72 | |||
| skipping to change at page 16, line 26 ¶ | skipping to change at page 16, line 26 ¶ | |||
| o [I-D.ietf-tcpm-rfc793bis] | o [I-D.ietf-tcpm-rfc793bis] | |||
| o [I-D.ietf-tcpm-accurate-ecn] | o [I-D.ietf-tcpm-accurate-ecn] | |||
| o [I-D.ietf-tsvwg-udp-options] | o [I-D.ietf-tsvwg-udp-options] | |||
| o [I-D.ietf-i2nsf-nsf-monitoring-data-model] | o [I-D.ietf-i2nsf-nsf-monitoring-data-model] | |||
| o [I-D.ietf-i2nsf-sdn-ipsec-flow-protection] | o [I-D.ietf-i2nsf-sdn-ipsec-flow-protection] | |||
| <CODE BEGINS> file "ietf-i2nsf-capability@2021-01-17.yang" | <CODE BEGINS> file "ietf-i2nsf-capability@2021-03-08.yang" | |||
| module ietf-i2nsf-capability { | module ietf-i2nsf-capability { | |||
| yang-version 1.1; | yang-version 1.1; | |||
| namespace | namespace | |||
| "urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability"; | "urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability"; | |||
| prefix | prefix | |||
| nsfcap; | nsfcap; | |||
| organization | organization | |||
| "IETF I2NSF (Interface to Network Security Functions) | "IETF I2NSF (Interface to Network Security Functions) | |||
| Working Group"; | Working Group"; | |||
| skipping to change at page 17, line 15 ¶ | skipping to change at page 17, line 14 ¶ | |||
| <mailto:shares@ndzh.com>"; | <mailto:shares@ndzh.com>"; | |||
| description | description | |||
| "This module is a YANG module for I2NSF Network Security | "This module is a YANG module for I2NSF Network Security | |||
| Functions (NSFs)'s Capabilities. | Functions (NSFs)'s Capabilities. | |||
| Copyright (c) 2021 IETF Trust and the persons identified as | Copyright (c) 2021 IETF Trust and the persons identified as | |||
| authors of the code. All rights reserved. | authors of the code. All rights reserved. | |||
| Redistribution and use in source and binary forms, with or | Redistribution and use in source and binary forms, with or | |||
| without modification, is permitted pursuant to, and subject | without modification, is permitted pursuant to, and subject to | |||
| to the license terms contained in, the Simplified BSD License | the license terms contained in, the Simplified BSD License set | |||
| set forth in Section 4.c of the IETF Trust's Legal Provisions | forth in Section 4.c of the IETF Trust's Legal Provisions | |||
| Relating to IETF Documents | Relating to IETF Documents | |||
| http://trustee.ietf.org/license-info). | (https://trustee.ietf.org/license-info). | |||
| This version of this YANG module is part of RFC XXXX; see | This version of this YANG module is part of RFC XXXX | |||
| the RFC itself for full legal notices."; | (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself | |||
| for full legal notices."; | ||||
| // RFC Ed.: replace XXXX with an actual RFC number and remove | // RFC Ed.: replace XXXX with an actual RFC number and remove | |||
| // this note. | // this note. | |||
| revision "2021-01-17"{ | revision "2021-03-08"{ | |||
| description "Initial revision."; | description "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: I2NSF Capability YANG Data Model"; | "RFC XXXX: I2NSF Capability YANG Data Model"; | |||
| // RFC Ed.: replace XXXX with an actual RFC number and remove | // RFC Ed.: replace XXXX with an actual RFC number and remove | |||
| // this note. | // this note. | |||
| } | } | |||
| /* | /* | |||
| * Identities | * Identities | |||
| skipping to change at page 61, line 28 ¶ | skipping to change at page 61, line 24 ¶ | |||
| Flow Protection", draft-ietf-i2nsf-sdn-ipsec-flow- | Flow Protection", draft-ietf-i2nsf-sdn-ipsec-flow- | |||
| protection-12 (work in progress), October 2020. | protection-12 (work in progress), October 2020. | |||
| [I-D.ietf-tcpm-accurate-ecn] | [I-D.ietf-tcpm-accurate-ecn] | |||
| Briscoe, B., Kuehlewind, M., and R. Scheffenegger, "More | Briscoe, B., Kuehlewind, M., and R. Scheffenegger, "More | |||
| Accurate ECN Feedback in TCP", draft-ietf-tcpm-accurate- | Accurate ECN Feedback in TCP", draft-ietf-tcpm-accurate- | |||
| ecn-13 (work in progress), November 2020. | ecn-13 (work in progress), November 2020. | |||
| [I-D.ietf-tcpm-rfc793bis] | [I-D.ietf-tcpm-rfc793bis] | |||
| Eddy, W., "Transmission Control Protocol (TCP) | Eddy, W., "Transmission Control Protocol (TCP) | |||
| Specification", draft-ietf-tcpm-rfc793bis-19 (work in | Specification", draft-ietf-tcpm-rfc793bis-20 (work in | |||
| progress), October 2020. | progress), January 2021. | |||
| [I-D.ietf-tsvwg-udp-options] | [I-D.ietf-tsvwg-udp-options] | |||
| Touch, J., "Transport Options for UDP", draft-ietf-tsvwg- | Touch, J., "Transport Options for UDP", draft-ietf-tsvwg- | |||
| udp-options-09 (work in progress), November 2020. | udp-options-09 (work in progress), November 2020. | |||
| [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, | [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, | |||
| DOI 10.17487/RFC0768, August 1980, | DOI 10.17487/RFC0768, August 1980, | |||
| <https://www.rfc-editor.org/info/rfc768>. | <https://www.rfc-editor.org/info/rfc768>. | |||
| [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, | [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, | |||
| skipping to change at page 77, line 29 ¶ | skipping to change at page 77, line 29 ¶ | |||
| Susan Hares (editor) | Susan Hares (editor) | |||
| Huawei | Huawei | |||
| 7453 Hickory Hill | 7453 Hickory Hill | |||
| Saline, MI 48176 | Saline, MI 48176 | |||
| USA | USA | |||
| Phone: +1-734-604-0332 | Phone: +1-734-604-0332 | |||
| EMail: shares@ndzh.com | EMail: shares@ndzh.com | |||
| Jaehoon Paul Jeong (editor) | Jaehoon (Paul) Jeong (editor) | |||
| Department of Computer Science and Engineering | Department of Computer Science and Engineering | |||
| Sungkyunkwan University | Sungkyunkwan University | |||
| 2066 Seobu-Ro, Jangan-Gu | 2066 Seobu-Ro, Jangan-Gu | |||
| Suwon, Gyeonggi-Do 16419 | Suwon, Gyeonggi-Do 16419 | |||
| Republic of Korea | Republic of Korea | |||
| Phone: +82 31 299 4957 | Phone: +82 31 299 4957 | |||
| Fax: +82 31 290 7996 | Fax: +82 31 290 7996 | |||
| EMail: pauljeong@skku.edu | EMail: pauljeong@skku.edu | |||
| URI: http://iotlab.skku.edu/people-jaehoon-jeong.php | URI: http://iotlab.skku.edu/people-jaehoon-jeong.php | |||
| Jinyong Tim Kim | Jinyong (Tim) Kim | |||
| Department of Electronic, Electrical and Computer Engineering | Department of Electronic, Electrical and Computer Engineering | |||
| Sungkyunkwan University | Sungkyunkwan University | |||
| 2066 Seobu-Ro, Jangan-Gu | 2066 Seobu-Ro, Jangan-Gu | |||
| Suwon, Gyeonggi-Do 16419 | Suwon, Gyeonggi-Do 16419 | |||
| Republic of Korea | Republic of Korea | |||
| Phone: +82 10 8273 0930 | Phone: +82 10 8273 0930 | |||
| EMail: timkim@skku.edu | EMail: timkim@skku.edu | |||
| Robert Moskowitz | Robert Moskowitz | |||
| End of changes. 13 change blocks. | ||||
| 19 lines changed or deleted | 19 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||