--- 1/draft-ietf-i2nsf-capability-data-model-19.txt 2021-10-04 08:13:59.711934531 -0700 +++ 2/draft-ietf-i2nsf-capability-data-model-20.txt 2021-10-04 08:13:59.827937424 -0700 @@ -1,24 +1,24 @@ I2NSF Working Group S. Hares, Ed. Internet-Draft Huawei Intended status: Standards Track J. Jeong, Ed. -Expires: 1 April 2022 J. Kim +Expires: 7 April 2022 J. Kim Sungkyunkwan University R. Moskowitz HTT Consulting Q. Lin Huawei - 28 September 2021 + 4 October 2021 I2NSF Capability YANG Data Model - draft-ietf-i2nsf-capability-data-model-19 + draft-ietf-i2nsf-capability-data-model-20 Abstract This document defines an information model and the corresponding YANG data model for the capabilities of various Network Security Functions (NSFs) in the Interface to Network Security Functions (I2NSF) framework to centrally manage the capabilities of the various NSFs. Status of This Memo @@ -28,21 +28,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on 1 April 2022. + This Internet-Draft will expire on 7 April 2022. Copyright Notice Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights @@ -57,24 +57,24 @@ 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Information Model of I2NSF NSF Capability . . . . . . . . . . 4 3.1. Design Principles and ECA Policy Model . . . . . . . . . 5 3.2. Conflict, Resolution Strategy and Default Action . . . . 8 4. Overview of YANG Data Model . . . . . . . . . . . . . . . . . 10 5. YANG Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 12 5.1. Network Security Function (NSF) Capabilities . . . . . . 12 6. YANG Data Model of I2NSF NSF Capability . . . . . . . . . . . 15 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 49 8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 49 - 9. Security Considerations . . . . . . . . . . . . . . . . . . . 49 + 9. Security Considerations . . . . . . . . . . . . . . . . . . . 50 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 51 10.1. Normative References . . . . . . . . . . . . . . . . . . 51 - 10.2. Informative References . . . . . . . . . . . . . . . . . 55 + 10.2. Informative References . . . . . . . . . . . . . . . . . 56 Appendix A. Configuration Examples . . . . . . . . . . . . . . . 57 A.1. Example 1: Registration for the Capabilities of a General Firewall . . . . . . . . . . . . . . . . . . . . . . . . 57 A.2. Example 2: Registration for the Capabilities of a Time-based Firewall . . . . . . . . . . . . . . . . . . . 59 A.3. Example 3: Registration for the Capabilities of a Web Filter . . . . . . . . . . . . . . . . . . . . . . . . . 61 A.4. Example 4: Registration for the Capabilities of a VoIP/ VoLTE Filter . . . . . . . . . . . . . . . . . . . . . . 62 A.5. Example 5: Registration for the Capabilities of a HTTP and @@ -727,21 +727,21 @@ * [IANA-Protocol-Numbers] * [I-D.ietf-tcpm-rfc793bis] * [I-D.ietf-tcpm-accurate-ecn] * [I-D.ietf-tsvwg-udp-options] * [I-D.ietf-i2nsf-nsf-monitoring-data-model] - file "ietf-i2nsf-capability@2021-09-28.yang" + file "ietf-i2nsf-capability@2021-10-04.yang" module ietf-i2nsf-capability { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability"; prefix nsfcap; organization "IETF I2NSF (Interface to Network Security Functions) Working Group"; @@ -781,21 +781,21 @@ Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself for full legal notices."; // RFC Ed.: replace XXXX with an actual RFC number and remove // this note. - revision "2021-09-28"{ + revision "2021-10-04"{ description "Initial revision."; reference "RFC XXXX: I2NSF Capability YANG Data Model"; // RFC Ed.: replace XXXX with an actual RFC number and remove // this note. } /* * Identities @@ -1445,26 +1445,28 @@ reference "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol (TCP) Specification"; } identity flags { base tcp; description "Identity for TCP control bits (flags) condition capability"; reference - "RFC 3168: The Addition of Explicit Congestion Notification - (ECN) to IP - TCP Header Flags - draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol - (TCP) Specification - draft-ietf-tcpm-accurate-ecn: More Accurate ECN Feedback - in TCP"; + "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol + (TCP) Specification - TCP Header Flags + RFC 3168: The Addition of Explicit Congestion Notification + (ECN) to IP - ECN-Echo (ECE) Flag and Congestion Window + Reduced (CWR) Flag + draft-ietf-tcpm-accurate-ecn-15: More Accurate ECN Feedback + in TCP - ECN-Echo (ECE) Flag and Congestion Window Reduced + (CWR) Flag"; } identity tcp-options { base tcp; description "Identity for TCP options condition capability."; reference "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol (TCP) Specification RFC 6691: TCP Options and Maximum Segment Size @@ -2534,56 +2539,63 @@ [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, . [RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K., and R. Wilton, "YANG Library", RFC 8525, DOI 10.17487/RFC8525, March 2019, . + [I-D.ietf-tcpm-rfc793bis] + Eddy, W. M., "Transmission Control Protocol (TCP) + Specification", Work in Progress, Internet-Draft, draft- + ietf-tcpm-rfc793bis-25, 7 September 2021, + . + [I-D.ietf-tcpm-accurate-ecn] Briscoe, B., Kühlewind, M., and R. Scheffenegger, "More Accurate ECN Feedback in TCP", Work in Progress, Internet- Draft, draft-ietf-tcpm-accurate-ecn-15, 12 July 2021, . [I-D.ietf-tsvwg-udp-options] Touch, J., "Transport Options for UDP", Work in Progress, Internet-Draft, draft-ietf-tsvwg-udp-options-13, 19 June 2021, . [I-D.ietf-i2nsf-nsf-monitoring-data-model] Jeong, J. (., Lingga, P., Hares, S., Xia, L. (., and H. Birkholz, "I2NSF NSF Monitoring Interface YANG Data Model", Work in Progress, Internet-Draft, draft-ietf- - i2nsf-nsf-monitoring-data-model-09, 24 August 2021, + i2nsf-nsf-monitoring-data-model-10, 15 September 2021, . + monitoring-data-model-10.txt>. [I-D.ietf-i2nsf-nsf-facing-interface-dm] Kim, J. (., Jeong, J. (., Park, J., Hares, S., and Q. Lin, "I2NSF Network Security Function-Facing Interface YANG Data Model", Work in Progress, Internet-Draft, draft-ietf- - i2nsf-nsf-facing-interface-dm-13, 15 August 2021, + i2nsf-nsf-facing-interface-dm-14, 15 September 2021, . + facing-interface-dm-14.txt>. [I-D.ietf-i2nsf-registration-interface-dm] Hyun, S., Jeong, J. P., Roh, T., Wi, S., and J. Park, "I2NSF Registration Interface YANG Data Model", Work in Progress, Internet-Draft, draft-ietf-i2nsf-registration- - interface-dm-11, 21 August 2021, + interface-dm-12, 15 September 2021, . + registration-interface-dm-12.txt>. 10.2. Informative References [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, DOI 10.17487/RFC2818, May 2000, . [RFC6691] Borman, D., "TCP Options and Maximum Segment Size (MSS)", RFC 6691, DOI 10.17487/RFC6691, July 2012, . @@ -2603,27 +2615,20 @@ [RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R. Kumar, "Framework for Interface to Network Security Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018, . [RFC8805] Kline, E., Duleba, K., Szamonek, Z., Moser, S., and W. Kumari, "A Format for Self-Published IP Geolocation Feeds", RFC 8805, DOI 10.17487/RFC8805, August 2020, . - [I-D.ietf-tcpm-rfc793bis] - Eddy, W. M., "Transmission Control Protocol (TCP) - Specification", Work in Progress, Internet-Draft, draft- - ietf-tcpm-rfc793bis-25, 7 September 2021, - . - [IANA-Protocol-Numbers] "Assigned Internet Protocol Numbers", Available: https://www.iana.org/assignments/protocol- numbers/protocol-numbers.xhtml, September 2020. [IEEE802.3-2018] Committee, I. S., "IEEE 802.3-2018 - IEEE Standard for Ethernet", August 2018, .