| draft-ietf-i2nsf-capability-data-model-19.txt | draft-ietf-i2nsf-capability-data-model-20.txt | |||
|---|---|---|---|---|
| I2NSF Working Group S. Hares, Ed. | I2NSF Working Group S. Hares, Ed. | |||
| Internet-Draft Huawei | Internet-Draft Huawei | |||
| Intended status: Standards Track J. Jeong, Ed. | Intended status: Standards Track J. Jeong, Ed. | |||
| Expires: 1 April 2022 J. Kim | Expires: 7 April 2022 J. Kim | |||
| Sungkyunkwan University | Sungkyunkwan University | |||
| R. Moskowitz | R. Moskowitz | |||
| HTT Consulting | HTT Consulting | |||
| Q. Lin | Q. Lin | |||
| Huawei | Huawei | |||
| 28 September 2021 | 4 October 2021 | |||
| I2NSF Capability YANG Data Model | I2NSF Capability YANG Data Model | |||
| draft-ietf-i2nsf-capability-data-model-19 | draft-ietf-i2nsf-capability-data-model-20 | |||
| Abstract | Abstract | |||
| This document defines an information model and the corresponding YANG | This document defines an information model and the corresponding YANG | |||
| data model for the capabilities of various Network Security Functions | data model for the capabilities of various Network Security Functions | |||
| (NSFs) in the Interface to Network Security Functions (I2NSF) | (NSFs) in the Interface to Network Security Functions (I2NSF) | |||
| framework to centrally manage the capabilities of the various NSFs. | framework to centrally manage the capabilities of the various NSFs. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 39 ¶ | skipping to change at page 1, line 39 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 1 April 2022. | This Internet-Draft will expire on 7 April 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 2, line 22 ¶ | skipping to change at page 2, line 22 ¶ | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3. Information Model of I2NSF NSF Capability . . . . . . . . . . 4 | 3. Information Model of I2NSF NSF Capability . . . . . . . . . . 4 | |||
| 3.1. Design Principles and ECA Policy Model . . . . . . . . . 5 | 3.1. Design Principles and ECA Policy Model . . . . . . . . . 5 | |||
| 3.2. Conflict, Resolution Strategy and Default Action . . . . 8 | 3.2. Conflict, Resolution Strategy and Default Action . . . . 8 | |||
| 4. Overview of YANG Data Model . . . . . . . . . . . . . . . . . 10 | 4. Overview of YANG Data Model . . . . . . . . . . . . . . . . . 10 | |||
| 5. YANG Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 12 | 5. YANG Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 5.1. Network Security Function (NSF) Capabilities . . . . . . 12 | 5.1. Network Security Function (NSF) Capabilities . . . . . . 12 | |||
| 6. YANG Data Model of I2NSF NSF Capability . . . . . . . . . . . 15 | 6. YANG Data Model of I2NSF NSF Capability . . . . . . . . . . . 15 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 49 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 49 | |||
| 8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 49 | 8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 49 | |||
| 9. Security Considerations . . . . . . . . . . . . . . . . . . . 49 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 50 | |||
| 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 51 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 51 | |||
| 10.1. Normative References . . . . . . . . . . . . . . . . . . 51 | 10.1. Normative References . . . . . . . . . . . . . . . . . . 51 | |||
| 10.2. Informative References . . . . . . . . . . . . . . . . . 55 | 10.2. Informative References . . . . . . . . . . . . . . . . . 56 | |||
| Appendix A. Configuration Examples . . . . . . . . . . . . . . . 57 | Appendix A. Configuration Examples . . . . . . . . . . . . . . . 57 | |||
| A.1. Example 1: Registration for the Capabilities of a General | A.1. Example 1: Registration for the Capabilities of a General | |||
| Firewall . . . . . . . . . . . . . . . . . . . . . . . . 57 | Firewall . . . . . . . . . . . . . . . . . . . . . . . . 57 | |||
| A.2. Example 2: Registration for the Capabilities of a | A.2. Example 2: Registration for the Capabilities of a | |||
| Time-based Firewall . . . . . . . . . . . . . . . . . . . 59 | Time-based Firewall . . . . . . . . . . . . . . . . . . . 59 | |||
| A.3. Example 3: Registration for the Capabilities of a Web | A.3. Example 3: Registration for the Capabilities of a Web | |||
| Filter . . . . . . . . . . . . . . . . . . . . . . . . . 61 | Filter . . . . . . . . . . . . . . . . . . . . . . . . . 61 | |||
| A.4. Example 4: Registration for the Capabilities of a VoIP/ | A.4. Example 4: Registration for the Capabilities of a VoIP/ | |||
| VoLTE Filter . . . . . . . . . . . . . . . . . . . . . . 62 | VoLTE Filter . . . . . . . . . . . . . . . . . . . . . . 62 | |||
| A.5. Example 5: Registration for the Capabilities of a HTTP and | A.5. Example 5: Registration for the Capabilities of a HTTP and | |||
| skipping to change at page 17, line 22 ¶ | skipping to change at page 17, line 22 ¶ | |||
| * [IANA-Protocol-Numbers] | * [IANA-Protocol-Numbers] | |||
| * [I-D.ietf-tcpm-rfc793bis] | * [I-D.ietf-tcpm-rfc793bis] | |||
| * [I-D.ietf-tcpm-accurate-ecn] | * [I-D.ietf-tcpm-accurate-ecn] | |||
| * [I-D.ietf-tsvwg-udp-options] | * [I-D.ietf-tsvwg-udp-options] | |||
| * [I-D.ietf-i2nsf-nsf-monitoring-data-model] | * [I-D.ietf-i2nsf-nsf-monitoring-data-model] | |||
| <CODE BEGINS> file "ietf-i2nsf-capability@2021-09-28.yang" | <CODE BEGINS> file "ietf-i2nsf-capability@2021-10-04.yang" | |||
| module ietf-i2nsf-capability { | module ietf-i2nsf-capability { | |||
| yang-version 1.1; | yang-version 1.1; | |||
| namespace | namespace | |||
| "urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability"; | "urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability"; | |||
| prefix | prefix | |||
| nsfcap; | nsfcap; | |||
| organization | organization | |||
| "IETF I2NSF (Interface to Network Security Functions) | "IETF I2NSF (Interface to Network Security Functions) | |||
| Working Group"; | Working Group"; | |||
| skipping to change at page 18, line 28 ¶ | skipping to change at page 18, line 28 ¶ | |||
| Relating to IETF Documents | Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info). | (https://trustee.ietf.org/license-info). | |||
| This version of this YANG module is part of RFC XXXX | This version of this YANG module is part of RFC XXXX | |||
| (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself | (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself | |||
| for full legal notices."; | for full legal notices."; | |||
| // RFC Ed.: replace XXXX with an actual RFC number and remove | // RFC Ed.: replace XXXX with an actual RFC number and remove | |||
| // this note. | // this note. | |||
| revision "2021-09-28"{ | revision "2021-10-04"{ | |||
| description "Initial revision."; | description "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: I2NSF Capability YANG Data Model"; | "RFC XXXX: I2NSF Capability YANG Data Model"; | |||
| // RFC Ed.: replace XXXX with an actual RFC number and remove | // RFC Ed.: replace XXXX with an actual RFC number and remove | |||
| // this note. | // this note. | |||
| } | } | |||
| /* | /* | |||
| * Identities | * Identities | |||
| skipping to change at page 32, line 22 ¶ | skipping to change at page 32, line 22 ¶ | |||
| reference | reference | |||
| "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol | "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol | |||
| (TCP) Specification"; | (TCP) Specification"; | |||
| } | } | |||
| identity flags { | identity flags { | |||
| base tcp; | base tcp; | |||
| description | description | |||
| "Identity for TCP control bits (flags) condition capability"; | "Identity for TCP control bits (flags) condition capability"; | |||
| reference | reference | |||
| "RFC 3168: The Addition of Explicit Congestion Notification | "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol | |||
| (ECN) to IP - TCP Header Flags | (TCP) Specification - TCP Header Flags | |||
| draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol | RFC 3168: The Addition of Explicit Congestion Notification | |||
| (TCP) Specification | (ECN) to IP - ECN-Echo (ECE) Flag and Congestion Window | |||
| draft-ietf-tcpm-accurate-ecn: More Accurate ECN Feedback | Reduced (CWR) Flag | |||
| in TCP"; | draft-ietf-tcpm-accurate-ecn-15: More Accurate ECN Feedback | |||
| in TCP - ECN-Echo (ECE) Flag and Congestion Window Reduced | ||||
| (CWR) Flag"; | ||||
| } | } | |||
| identity tcp-options { | identity tcp-options { | |||
| base tcp; | base tcp; | |||
| description | description | |||
| "Identity for TCP options condition capability."; | "Identity for TCP options condition capability."; | |||
| reference | reference | |||
| "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol | "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol | |||
| (TCP) Specification | (TCP) Specification | |||
| RFC 6691: TCP Options and Maximum Segment Size | RFC 6691: TCP Options and Maximum Segment Size | |||
| skipping to change at page 55, line 14 ¶ | skipping to change at page 55, line 24 ¶ | |||
| [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | |||
| <https://www.rfc-editor.org/info/rfc8446>. | <https://www.rfc-editor.org/info/rfc8446>. | |||
| [RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K., | [RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K., | |||
| and R. Wilton, "YANG Library", RFC 8525, | and R. Wilton, "YANG Library", RFC 8525, | |||
| DOI 10.17487/RFC8525, March 2019, | DOI 10.17487/RFC8525, March 2019, | |||
| <https://www.rfc-editor.org/info/rfc8525>. | <https://www.rfc-editor.org/info/rfc8525>. | |||
| [I-D.ietf-tcpm-rfc793bis] | ||||
| Eddy, W. M., "Transmission Control Protocol (TCP) | ||||
| Specification", Work in Progress, Internet-Draft, draft- | ||||
| ietf-tcpm-rfc793bis-25, 7 September 2021, | ||||
| <https://www.ietf.org/archive/id/draft-ietf-tcpm- | ||||
| rfc793bis-25.txt>. | ||||
| [I-D.ietf-tcpm-accurate-ecn] | [I-D.ietf-tcpm-accurate-ecn] | |||
| Briscoe, B., Kühlewind, M., and R. Scheffenegger, "More | Briscoe, B., Kühlewind, M., and R. Scheffenegger, "More | |||
| Accurate ECN Feedback in TCP", Work in Progress, Internet- | Accurate ECN Feedback in TCP", Work in Progress, Internet- | |||
| Draft, draft-ietf-tcpm-accurate-ecn-15, 12 July 2021, | Draft, draft-ietf-tcpm-accurate-ecn-15, 12 July 2021, | |||
| <https://www.ietf.org/archive/id/draft-ietf-tcpm-accurate- | <https://www.ietf.org/archive/id/draft-ietf-tcpm-accurate- | |||
| ecn-15.txt>. | ecn-15.txt>. | |||
| [I-D.ietf-tsvwg-udp-options] | [I-D.ietf-tsvwg-udp-options] | |||
| Touch, J., "Transport Options for UDP", Work in Progress, | Touch, J., "Transport Options for UDP", Work in Progress, | |||
| Internet-Draft, draft-ietf-tsvwg-udp-options-13, 19 June | Internet-Draft, draft-ietf-tsvwg-udp-options-13, 19 June | |||
| 2021, <https://www.ietf.org/archive/id/draft-ietf-tsvwg- | 2021, <https://www.ietf.org/archive/id/draft-ietf-tsvwg- | |||
| udp-options-13.txt>. | udp-options-13.txt>. | |||
| [I-D.ietf-i2nsf-nsf-monitoring-data-model] | [I-D.ietf-i2nsf-nsf-monitoring-data-model] | |||
| Jeong, J. (., Lingga, P., Hares, S., Xia, L. (., and H. | Jeong, J. (., Lingga, P., Hares, S., Xia, L. (., and H. | |||
| Birkholz, "I2NSF NSF Monitoring Interface YANG Data | Birkholz, "I2NSF NSF Monitoring Interface YANG Data | |||
| Model", Work in Progress, Internet-Draft, draft-ietf- | Model", Work in Progress, Internet-Draft, draft-ietf- | |||
| i2nsf-nsf-monitoring-data-model-09, 24 August 2021, | i2nsf-nsf-monitoring-data-model-10, 15 September 2021, | |||
| <https://www.ietf.org/archive/id/draft-ietf-i2nsf-nsf- | <https://www.ietf.org/archive/id/draft-ietf-i2nsf-nsf- | |||
| monitoring-data-model-09.txt>. | monitoring-data-model-10.txt>. | |||
| [I-D.ietf-i2nsf-nsf-facing-interface-dm] | [I-D.ietf-i2nsf-nsf-facing-interface-dm] | |||
| Kim, J. (., Jeong, J. (., Park, J., Hares, S., and Q. Lin, | Kim, J. (., Jeong, J. (., Park, J., Hares, S., and Q. Lin, | |||
| "I2NSF Network Security Function-Facing Interface YANG | "I2NSF Network Security Function-Facing Interface YANG | |||
| Data Model", Work in Progress, Internet-Draft, draft-ietf- | Data Model", Work in Progress, Internet-Draft, draft-ietf- | |||
| i2nsf-nsf-facing-interface-dm-13, 15 August 2021, | i2nsf-nsf-facing-interface-dm-14, 15 September 2021, | |||
| <https://www.ietf.org/archive/id/draft-ietf-i2nsf-nsf- | <https://www.ietf.org/archive/id/draft-ietf-i2nsf-nsf- | |||
| facing-interface-dm-13.txt>. | facing-interface-dm-14.txt>. | |||
| [I-D.ietf-i2nsf-registration-interface-dm] | [I-D.ietf-i2nsf-registration-interface-dm] | |||
| Hyun, S., Jeong, J. P., Roh, T., Wi, S., and J. Park, | Hyun, S., Jeong, J. P., Roh, T., Wi, S., and J. Park, | |||
| "I2NSF Registration Interface YANG Data Model", Work in | "I2NSF Registration Interface YANG Data Model", Work in | |||
| Progress, Internet-Draft, draft-ietf-i2nsf-registration- | Progress, Internet-Draft, draft-ietf-i2nsf-registration- | |||
| interface-dm-11, 21 August 2021, | interface-dm-12, 15 September 2021, | |||
| <https://www.ietf.org/archive/id/draft-ietf-i2nsf- | <https://www.ietf.org/archive/id/draft-ietf-i2nsf- | |||
| registration-interface-dm-11.txt>. | registration-interface-dm-12.txt>. | |||
| 10.2. Informative References | 10.2. Informative References | |||
| [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, | [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, | |||
| DOI 10.17487/RFC2818, May 2000, | DOI 10.17487/RFC2818, May 2000, | |||
| <https://www.rfc-editor.org/info/rfc2818>. | <https://www.rfc-editor.org/info/rfc2818>. | |||
| [RFC6691] Borman, D., "TCP Options and Maximum Segment Size (MSS)", | [RFC6691] Borman, D., "TCP Options and Maximum Segment Size (MSS)", | |||
| RFC 6691, DOI 10.17487/RFC6691, July 2012, | RFC 6691, DOI 10.17487/RFC6691, July 2012, | |||
| <https://www.rfc-editor.org/info/rfc6691>. | <https://www.rfc-editor.org/info/rfc6691>. | |||
| skipping to change at page 56, line 35 ¶ | skipping to change at page 57, line 5 ¶ | |||
| [RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R. | [RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R. | |||
| Kumar, "Framework for Interface to Network Security | Kumar, "Framework for Interface to Network Security | |||
| Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018, | Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018, | |||
| <https://www.rfc-editor.org/info/rfc8329>. | <https://www.rfc-editor.org/info/rfc8329>. | |||
| [RFC8805] Kline, E., Duleba, K., Szamonek, Z., Moser, S., and W. | [RFC8805] Kline, E., Duleba, K., Szamonek, Z., Moser, S., and W. | |||
| Kumari, "A Format for Self-Published IP Geolocation | Kumari, "A Format for Self-Published IP Geolocation | |||
| Feeds", RFC 8805, DOI 10.17487/RFC8805, August 2020, | Feeds", RFC 8805, DOI 10.17487/RFC8805, August 2020, | |||
| <https://www.rfc-editor.org/info/rfc8805>. | <https://www.rfc-editor.org/info/rfc8805>. | |||
| [I-D.ietf-tcpm-rfc793bis] | ||||
| Eddy, W. M., "Transmission Control Protocol (TCP) | ||||
| Specification", Work in Progress, Internet-Draft, draft- | ||||
| ietf-tcpm-rfc793bis-25, 7 September 2021, | ||||
| <https://www.ietf.org/archive/id/draft-ietf-tcpm- | ||||
| rfc793bis-25.txt>. | ||||
| [IANA-Protocol-Numbers] | [IANA-Protocol-Numbers] | |||
| "Assigned Internet Protocol Numbers", Available: | "Assigned Internet Protocol Numbers", Available: | |||
| https://www.iana.org/assignments/protocol- | https://www.iana.org/assignments/protocol- | |||
| numbers/protocol-numbers.xhtml, September 2020. | numbers/protocol-numbers.xhtml, September 2020. | |||
| [IEEE802.3-2018] | [IEEE802.3-2018] | |||
| Committee, I. S., "IEEE 802.3-2018 - IEEE Standard for | Committee, I. S., "IEEE 802.3-2018 - IEEE Standard for | |||
| Ethernet", August 2018, | Ethernet", August 2018, | |||
| <https://ieeexplore.ieee.org/document/8457469>. | <https://ieeexplore.ieee.org/document/8457469>. | |||
| End of changes. 17 change blocks. | ||||
| 27 lines changed or deleted | 29 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||