draft-ietf-i2nsf-capability-data-model-19.txt   draft-ietf-i2nsf-capability-data-model-20.txt 
I2NSF Working Group S. Hares, Ed. I2NSF Working Group S. Hares, Ed.
Internet-Draft Huawei Internet-Draft Huawei
Intended status: Standards Track J. Jeong, Ed. Intended status: Standards Track J. Jeong, Ed.
Expires: 1 April 2022 J. Kim Expires: 7 April 2022 J. Kim
Sungkyunkwan University Sungkyunkwan University
R. Moskowitz R. Moskowitz
HTT Consulting HTT Consulting
Q. Lin Q. Lin
Huawei Huawei
28 September 2021 4 October 2021
I2NSF Capability YANG Data Model I2NSF Capability YANG Data Model
draft-ietf-i2nsf-capability-data-model-19 draft-ietf-i2nsf-capability-data-model-20
Abstract Abstract
This document defines an information model and the corresponding YANG This document defines an information model and the corresponding YANG
data model for the capabilities of various Network Security Functions data model for the capabilities of various Network Security Functions
(NSFs) in the Interface to Network Security Functions (I2NSF) (NSFs) in the Interface to Network Security Functions (I2NSF)
framework to centrally manage the capabilities of the various NSFs. framework to centrally manage the capabilities of the various NSFs.
Status of This Memo Status of This Memo
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 1 April 2022. This Internet-Draft will expire on 7 April 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 22 skipping to change at page 2, line 22
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Information Model of I2NSF NSF Capability . . . . . . . . . . 4 3. Information Model of I2NSF NSF Capability . . . . . . . . . . 4
3.1. Design Principles and ECA Policy Model . . . . . . . . . 5 3.1. Design Principles and ECA Policy Model . . . . . . . . . 5
3.2. Conflict, Resolution Strategy and Default Action . . . . 8 3.2. Conflict, Resolution Strategy and Default Action . . . . 8
4. Overview of YANG Data Model . . . . . . . . . . . . . . . . . 10 4. Overview of YANG Data Model . . . . . . . . . . . . . . . . . 10
5. YANG Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 12 5. YANG Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 12
5.1. Network Security Function (NSF) Capabilities . . . . . . 12 5.1. Network Security Function (NSF) Capabilities . . . . . . 12
6. YANG Data Model of I2NSF NSF Capability . . . . . . . . . . . 15 6. YANG Data Model of I2NSF NSF Capability . . . . . . . . . . . 15
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 49 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 49
8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 49 8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 49
9. Security Considerations . . . . . . . . . . . . . . . . . . . 49 9. Security Considerations . . . . . . . . . . . . . . . . . . . 50
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 51 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 51
10.1. Normative References . . . . . . . . . . . . . . . . . . 51 10.1. Normative References . . . . . . . . . . . . . . . . . . 51
10.2. Informative References . . . . . . . . . . . . . . . . . 55 10.2. Informative References . . . . . . . . . . . . . . . . . 56
Appendix A. Configuration Examples . . . . . . . . . . . . . . . 57 Appendix A. Configuration Examples . . . . . . . . . . . . . . . 57
A.1. Example 1: Registration for the Capabilities of a General A.1. Example 1: Registration for the Capabilities of a General
Firewall . . . . . . . . . . . . . . . . . . . . . . . . 57 Firewall . . . . . . . . . . . . . . . . . . . . . . . . 57
A.2. Example 2: Registration for the Capabilities of a A.2. Example 2: Registration for the Capabilities of a
Time-based Firewall . . . . . . . . . . . . . . . . . . . 59 Time-based Firewall . . . . . . . . . . . . . . . . . . . 59
A.3. Example 3: Registration for the Capabilities of a Web A.3. Example 3: Registration for the Capabilities of a Web
Filter . . . . . . . . . . . . . . . . . . . . . . . . . 61 Filter . . . . . . . . . . . . . . . . . . . . . . . . . 61
A.4. Example 4: Registration for the Capabilities of a VoIP/ A.4. Example 4: Registration for the Capabilities of a VoIP/
VoLTE Filter . . . . . . . . . . . . . . . . . . . . . . 62 VoLTE Filter . . . . . . . . . . . . . . . . . . . . . . 62
A.5. Example 5: Registration for the Capabilities of a HTTP and A.5. Example 5: Registration for the Capabilities of a HTTP and
skipping to change at page 17, line 22 skipping to change at page 17, line 22
* [IANA-Protocol-Numbers] * [IANA-Protocol-Numbers]
* [I-D.ietf-tcpm-rfc793bis] * [I-D.ietf-tcpm-rfc793bis]
* [I-D.ietf-tcpm-accurate-ecn] * [I-D.ietf-tcpm-accurate-ecn]
* [I-D.ietf-tsvwg-udp-options] * [I-D.ietf-tsvwg-udp-options]
* [I-D.ietf-i2nsf-nsf-monitoring-data-model] * [I-D.ietf-i2nsf-nsf-monitoring-data-model]
<CODE BEGINS> file "ietf-i2nsf-capability@2021-09-28.yang" <CODE BEGINS> file "ietf-i2nsf-capability@2021-10-04.yang"
module ietf-i2nsf-capability { module ietf-i2nsf-capability {
yang-version 1.1; yang-version 1.1;
namespace namespace
"urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability"; "urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability";
prefix prefix
nsfcap; nsfcap;
organization organization
"IETF I2NSF (Interface to Network Security Functions) "IETF I2NSF (Interface to Network Security Functions)
Working Group"; Working Group";
skipping to change at page 18, line 28 skipping to change at page 18, line 28
Relating to IETF Documents Relating to IETF Documents
(https://trustee.ietf.org/license-info). (https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices."; for full legal notices.";
// RFC Ed.: replace XXXX with an actual RFC number and remove // RFC Ed.: replace XXXX with an actual RFC number and remove
// this note. // this note.
revision "2021-09-28"{ revision "2021-10-04"{
description "Initial revision."; description "Initial revision.";
reference reference
"RFC XXXX: I2NSF Capability YANG Data Model"; "RFC XXXX: I2NSF Capability YANG Data Model";
// RFC Ed.: replace XXXX with an actual RFC number and remove // RFC Ed.: replace XXXX with an actual RFC number and remove
// this note. // this note.
} }
/* /*
* Identities * Identities
skipping to change at page 32, line 22 skipping to change at page 32, line 22
reference reference
"draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol
(TCP) Specification"; (TCP) Specification";
} }
identity flags { identity flags {
base tcp; base tcp;
description description
"Identity for TCP control bits (flags) condition capability"; "Identity for TCP control bits (flags) condition capability";
reference reference
"RFC 3168: The Addition of Explicit Congestion Notification "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol
(ECN) to IP - TCP Header Flags (TCP) Specification - TCP Header Flags
draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol RFC 3168: The Addition of Explicit Congestion Notification
(TCP) Specification (ECN) to IP - ECN-Echo (ECE) Flag and Congestion Window
draft-ietf-tcpm-accurate-ecn: More Accurate ECN Feedback Reduced (CWR) Flag
in TCP"; draft-ietf-tcpm-accurate-ecn-15: More Accurate ECN Feedback
in TCP - ECN-Echo (ECE) Flag and Congestion Window Reduced
(CWR) Flag";
} }
identity tcp-options { identity tcp-options {
base tcp; base tcp;
description description
"Identity for TCP options condition capability."; "Identity for TCP options condition capability.";
reference reference
"draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol
(TCP) Specification (TCP) Specification
RFC 6691: TCP Options and Maximum Segment Size RFC 6691: TCP Options and Maximum Segment Size
skipping to change at page 55, line 14 skipping to change at page 55, line 24
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>. <https://www.rfc-editor.org/info/rfc8446>.
[RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K., [RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K.,
and R. Wilton, "YANG Library", RFC 8525, and R. Wilton, "YANG Library", RFC 8525,
DOI 10.17487/RFC8525, March 2019, DOI 10.17487/RFC8525, March 2019,
<https://www.rfc-editor.org/info/rfc8525>. <https://www.rfc-editor.org/info/rfc8525>.
[I-D.ietf-tcpm-rfc793bis]
Eddy, W. M., "Transmission Control Protocol (TCP)
Specification", Work in Progress, Internet-Draft, draft-
ietf-tcpm-rfc793bis-25, 7 September 2021,
<https://www.ietf.org/archive/id/draft-ietf-tcpm-
rfc793bis-25.txt>.
[I-D.ietf-tcpm-accurate-ecn] [I-D.ietf-tcpm-accurate-ecn]
Briscoe, B., K├╝hlewind, M., and R. Scheffenegger, "More Briscoe, B., K├╝hlewind, M., and R. Scheffenegger, "More
Accurate ECN Feedback in TCP", Work in Progress, Internet- Accurate ECN Feedback in TCP", Work in Progress, Internet-
Draft, draft-ietf-tcpm-accurate-ecn-15, 12 July 2021, Draft, draft-ietf-tcpm-accurate-ecn-15, 12 July 2021,
<https://www.ietf.org/archive/id/draft-ietf-tcpm-accurate- <https://www.ietf.org/archive/id/draft-ietf-tcpm-accurate-
ecn-15.txt>. ecn-15.txt>.
[I-D.ietf-tsvwg-udp-options] [I-D.ietf-tsvwg-udp-options]
Touch, J., "Transport Options for UDP", Work in Progress, Touch, J., "Transport Options for UDP", Work in Progress,
Internet-Draft, draft-ietf-tsvwg-udp-options-13, 19 June Internet-Draft, draft-ietf-tsvwg-udp-options-13, 19 June
2021, <https://www.ietf.org/archive/id/draft-ietf-tsvwg- 2021, <https://www.ietf.org/archive/id/draft-ietf-tsvwg-
udp-options-13.txt>. udp-options-13.txt>.
[I-D.ietf-i2nsf-nsf-monitoring-data-model] [I-D.ietf-i2nsf-nsf-monitoring-data-model]
Jeong, J. (., Lingga, P., Hares, S., Xia, L. (., and H. Jeong, J. (., Lingga, P., Hares, S., Xia, L. (., and H.
Birkholz, "I2NSF NSF Monitoring Interface YANG Data Birkholz, "I2NSF NSF Monitoring Interface YANG Data
Model", Work in Progress, Internet-Draft, draft-ietf- Model", Work in Progress, Internet-Draft, draft-ietf-
i2nsf-nsf-monitoring-data-model-09, 24 August 2021, i2nsf-nsf-monitoring-data-model-10, 15 September 2021,
<https://www.ietf.org/archive/id/draft-ietf-i2nsf-nsf- <https://www.ietf.org/archive/id/draft-ietf-i2nsf-nsf-
monitoring-data-model-09.txt>. monitoring-data-model-10.txt>.
[I-D.ietf-i2nsf-nsf-facing-interface-dm] [I-D.ietf-i2nsf-nsf-facing-interface-dm]
Kim, J. (., Jeong, J. (., Park, J., Hares, S., and Q. Lin, Kim, J. (., Jeong, J. (., Park, J., Hares, S., and Q. Lin,
"I2NSF Network Security Function-Facing Interface YANG "I2NSF Network Security Function-Facing Interface YANG
Data Model", Work in Progress, Internet-Draft, draft-ietf- Data Model", Work in Progress, Internet-Draft, draft-ietf-
i2nsf-nsf-facing-interface-dm-13, 15 August 2021, i2nsf-nsf-facing-interface-dm-14, 15 September 2021,
<https://www.ietf.org/archive/id/draft-ietf-i2nsf-nsf- <https://www.ietf.org/archive/id/draft-ietf-i2nsf-nsf-
facing-interface-dm-13.txt>. facing-interface-dm-14.txt>.
[I-D.ietf-i2nsf-registration-interface-dm] [I-D.ietf-i2nsf-registration-interface-dm]
Hyun, S., Jeong, J. P., Roh, T., Wi, S., and J. Park, Hyun, S., Jeong, J. P., Roh, T., Wi, S., and J. Park,
"I2NSF Registration Interface YANG Data Model", Work in "I2NSF Registration Interface YANG Data Model", Work in
Progress, Internet-Draft, draft-ietf-i2nsf-registration- Progress, Internet-Draft, draft-ietf-i2nsf-registration-
interface-dm-11, 21 August 2021, interface-dm-12, 15 September 2021,
<https://www.ietf.org/archive/id/draft-ietf-i2nsf- <https://www.ietf.org/archive/id/draft-ietf-i2nsf-
registration-interface-dm-11.txt>. registration-interface-dm-12.txt>.
10.2. Informative References 10.2. Informative References
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818,
DOI 10.17487/RFC2818, May 2000, DOI 10.17487/RFC2818, May 2000,
<https://www.rfc-editor.org/info/rfc2818>. <https://www.rfc-editor.org/info/rfc2818>.
[RFC6691] Borman, D., "TCP Options and Maximum Segment Size (MSS)", [RFC6691] Borman, D., "TCP Options and Maximum Segment Size (MSS)",
RFC 6691, DOI 10.17487/RFC6691, July 2012, RFC 6691, DOI 10.17487/RFC6691, July 2012,
<https://www.rfc-editor.org/info/rfc6691>. <https://www.rfc-editor.org/info/rfc6691>.
skipping to change at page 56, line 35 skipping to change at page 57, line 5
[RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R. [RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R.
Kumar, "Framework for Interface to Network Security Kumar, "Framework for Interface to Network Security
Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018, Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018,
<https://www.rfc-editor.org/info/rfc8329>. <https://www.rfc-editor.org/info/rfc8329>.
[RFC8805] Kline, E., Duleba, K., Szamonek, Z., Moser, S., and W. [RFC8805] Kline, E., Duleba, K., Szamonek, Z., Moser, S., and W.
Kumari, "A Format for Self-Published IP Geolocation Kumari, "A Format for Self-Published IP Geolocation
Feeds", RFC 8805, DOI 10.17487/RFC8805, August 2020, Feeds", RFC 8805, DOI 10.17487/RFC8805, August 2020,
<https://www.rfc-editor.org/info/rfc8805>. <https://www.rfc-editor.org/info/rfc8805>.
[I-D.ietf-tcpm-rfc793bis]
Eddy, W. M., "Transmission Control Protocol (TCP)
Specification", Work in Progress, Internet-Draft, draft-
ietf-tcpm-rfc793bis-25, 7 September 2021,
<https://www.ietf.org/archive/id/draft-ietf-tcpm-
rfc793bis-25.txt>.
[IANA-Protocol-Numbers] [IANA-Protocol-Numbers]
"Assigned Internet Protocol Numbers", Available: "Assigned Internet Protocol Numbers", Available:
https://www.iana.org/assignments/protocol- https://www.iana.org/assignments/protocol-
numbers/protocol-numbers.xhtml, September 2020. numbers/protocol-numbers.xhtml, September 2020.
[IEEE802.3-2018] [IEEE802.3-2018]
Committee, I. S., "IEEE 802.3-2018 - IEEE Standard for Committee, I. S., "IEEE 802.3-2018 - IEEE Standard for
Ethernet", August 2018, Ethernet", August 2018,
<https://ieeexplore.ieee.org/document/8457469>. <https://ieeexplore.ieee.org/document/8457469>.
 End of changes. 17 change blocks. 
27 lines changed or deleted 29 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/