| draft-ietf-i2nsf-consumer-facing-interface-dm-12.txt | draft-ietf-i2nsf-consumer-facing-interface-dm-13.txt | |||
|---|---|---|---|---|
| I2NSF Working Group J. Jeong, Ed. | I2NSF Working Group J. Jeong, Ed. | |||
| Internet-Draft C. Chung | Internet-Draft C. Chung | |||
| Intended status: Standards Track Sungkyunkwan University | Intended status: Standards Track Sungkyunkwan University | |||
| Expires: March 12, 2021 T. Ahn | Expires: September 9, 2021 T. Ahn | |||
| Korea Telecom | Korea Telecom | |||
| R. Kumar | R. Kumar | |||
| Juniper Networks | Juniper Networks | |||
| S. Hares | S. Hares | |||
| Huawei | Huawei | |||
| September 8, 2020 | March 8, 2021 | |||
| I2NSF Consumer-Facing Interface YANG Data Model | I2NSF Consumer-Facing Interface YANG Data Model | |||
| draft-ietf-i2nsf-consumer-facing-interface-dm-12 | draft-ietf-i2nsf-consumer-facing-interface-dm-13 | |||
| Abstract | Abstract | |||
| This document describes an information model and a YANG data model | This document describes an information model and a YANG data model | |||
| for the Consumer-Facing Interface between an Interface to Network | for the Consumer-Facing Interface between an Interface to Network | |||
| Security Functions (I2NSF) User and Security Controller in an I2NSF | Security Functions (I2NSF) User and Security Controller in an I2NSF | |||
| system in a Network Functions Virtualization (NFV) environment. The | system in a Network Functions Virtualization (NFV) environment. The | |||
| information model defines various types of managed objects and the | information model defines various types of managed objects and the | |||
| relationship among them needed to build the interface. The | relationship among them needed to build the interface. The | |||
| information model is based on the "Event-Condition-Action" (ECA) | information model is based on the "Event-Condition-Action" (ECA) | |||
| skipping to change at page 1, line 47 ¶ | skipping to change at page 1, line 47 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on March 12, 2021. | This Internet-Draft will expire on September 9, 2021. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 18, line 36 ¶ | skipping to change at page 18, line 36 ¶ | |||
| based firewall, VoIP/VoLTE security service, and DDoS-attack | based firewall, VoIP/VoLTE security service, and DDoS-attack | |||
| mitigation in Section 8. | mitigation in Section 8. | |||
| 7.1. YANG Module of Consumer-Facing Interface | 7.1. YANG Module of Consumer-Facing Interface | |||
| This section describes a YANG module of Consumer-Facing Interface. | This section describes a YANG module of Consumer-Facing Interface. | |||
| This YANG module imports from [RFC6991]. It makes references to [RFC | This YANG module imports from [RFC6991]. It makes references to [RFC | |||
| 0854][RFC0913][RFC0959][RFC1081][RFC1631][RFC2616][RFC2818][RFC4250][ | 0854][RFC0913][RFC0959][RFC1081][RFC1631][RFC2616][RFC2818][RFC4250][ | |||
| RFC5321]. | RFC5321]. | |||
| <CODE BEGINS> file "ietf-i2nsf-cfi-policy@2020-09-08.yang" | <CODE BEGINS> file "ietf-i2nsf-cfi-policy@2021-03-08.yang" | |||
| module ietf-i2nsf-cfi-policy { | module ietf-i2nsf-cfi-policy { | |||
| yang-version 1.1; | yang-version 1.1; | |||
| namespace | namespace | |||
| "urn:ietf:params:xml:ns:yang:ietf-i2nsf-cfi-policy"; | "urn:ietf:params:xml:ns:yang:ietf-i2nsf-cfi-policy"; | |||
| prefix nsfcfi; | prefix nsfcfi; | |||
| import ietf-inet-types{ | import ietf-inet-types{ | |||
| prefix inet; | prefix inet; | |||
| } | } | |||
| skipping to change at page 19, line 24 ¶ | skipping to change at page 19, line 24 ¶ | |||
| Editor: Jaehoon Paul Jeong | Editor: Jaehoon Paul Jeong | |||
| <mailto:pauljeong@skku.edu> | <mailto:pauljeong@skku.edu> | |||
| Editor: Patrick Lingga | Editor: Patrick Lingga | |||
| <mailto:patricklink@skku.edu>"; | <mailto:patricklink@skku.edu>"; | |||
| description | description | |||
| "This module is a YANG module for Consumer-Facing Interface. | "This module is a YANG module for Consumer-Facing Interface. | |||
| Copyright (c) 2020 IETF Trust and the persons identified as | Copyright (c) 2021 IETF Trust and the persons identified as | |||
| authors of the code. All rights reserved. | authors of the code. All rights reserved. | |||
| Redistribution and use in source and binary forms, with or | Redistribution and use in source and binary forms, with or | |||
| without modification, is permitted pursuant to, and subject | without modification, is permitted pursuant to, and subject to | |||
| to the license terms contained in, the Simplified BSD License | the license terms contained in, the Simplified BSD License set | |||
| set forth in Section 4.c of the IETF Trust's Legal Provisions | forth in Section 4.c of the IETF Trust's Legal Provisions | |||
| Relating to IETF Documents | Relating to IETF Documents | |||
| http://trustee.ietf.org/license-info). | (https://trustee.ietf.org/license-info). | |||
| This version of this YANG module is part of RFC XXXX; see | This version of this YANG module is part of RFC XXXX | |||
| the RFC itself for full legal notices."; | (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself | |||
| for full legal notices."; | ||||
| // RFC Ed.: replace XXXX with an actual RFC number and remove | // RFC Ed.: replace XXXX with an actual RFC number and remove | |||
| // this note. | // this note. | |||
| revision "2020-09-08"{ | revision "2021-03-08"{ | |||
| description "Initial revision."; | description "Initial revision."; | |||
| reference | reference | |||
| "RFC XXXX: I2NSF Consumer-Facing Interface YANG Data Model"; | "RFC XXXX: I2NSF Consumer-Facing Interface YANG Data Model"; | |||
| // RFC Ed.: replace XXXX with an actual RFC number and remove | // RFC Ed.: replace XXXX with an actual RFC number and remove | |||
| // this note. | // this note. | |||
| } | } | |||
| identity malware-file-type { | identity malware-file-type { | |||
| description | description | |||
| skipping to change at page 30, line 23 ¶ | skipping to change at page 30, line 23 ¶ | |||
| reference | reference | |||
| "draft-ietf-i2nsf-sdn-ipsec-flow-protection-08: | "draft-ietf-i2nsf-sdn-ipsec-flow-protection-08: | |||
| Software-Defined Networking (SDN)-based IPsec Flow Protection | Software-Defined Networking (SDN)-based IPsec Flow Protection | |||
| - IPsec method types can be selected."; | - IPsec method types can be selected."; | |||
| } | } | |||
| } | } | |||
| } | } | |||
| grouping user-group { | grouping user-group { | |||
| description | description | |||
| "The grouping for user-group entities, and contains information | "This group represents user group information such as name and | |||
| such as name & ip-address."; | ip-address."; | |||
| leaf name { | leaf name { | |||
| type string; | type string; | |||
| description | description | |||
| "This represents the name of a user-group. A user-group name | "This represents the name of a user-group. A user-group name | |||
| is used to map a user-group's name (e.g., employees) to an IP | is used to map a user-group's name (e.g., employees) to an IP | |||
| address. It is dependent on implementation."; | address. It is dependent on implementation."; | |||
| } | } | |||
| uses ip-address-info{ | uses ip-address-info{ | |||
| refine match-type{ | refine match-type{ | |||
| mandatory true; | mandatory true; | |||
| } | } | |||
| description | description | |||
| "This represent the IP addresses of a user-group."; | "This represents the IP addresses of a user-group."; | |||
| } | } | |||
| } | } | |||
| grouping device-group { | grouping device-group { | |||
| description | description | |||
| "This group represents device group information such as ip-address | "This group represents device group information such as ip-address | |||
| protocol."; | protocol."; | |||
| leaf name { | leaf name { | |||
| type string; | type string; | |||
| description | description | |||
| "This represents the name of a device-group."; | "This represents the name of a device-group."; | |||
| } | } | |||
| uses ip-address-info{ | uses ip-address-info{ | |||
| refine match-type{ | refine match-type{ | |||
| mandatory true; | mandatory true; | |||
| } | } | |||
| } | } | |||
| leaf-list protocol { | leaf-list protocol { | |||
| type identityref { | type identityref { | |||
| base protocol-type; | base protocol-type; | |||
| } | } | |||
| skipping to change at page 56, line 11 ¶ | skipping to change at page 56, line 11 ¶ | |||
| <https://www.rfc-editor.org/info/rfc8805>. | <https://www.rfc-editor.org/info/rfc8805>. | |||
| 14.2. Informative References | 14.2. Informative References | |||
| [I-D.ietf-i2nsf-capability] | [I-D.ietf-i2nsf-capability] | |||
| Xia, L., Strassner, J., Basile, C., and D. Lopez, | Xia, L., Strassner, J., Basile, C., and D. Lopez, | |||
| "Information Model of NSFs Capabilities", draft-ietf- | "Information Model of NSFs Capabilities", draft-ietf- | |||
| i2nsf-capability-05 (work in progress), April 2019. | i2nsf-capability-05 (work in progress), April 2019. | |||
| [I-D.ietf-i2nsf-sdn-ipsec-flow-protection] | [I-D.ietf-i2nsf-sdn-ipsec-flow-protection] | |||
| Lopez, R., Lopez-Millan, G., and F. Pereniguez-Garcia, | Marin-Lopez, R., Lopez-Millan, G., and F. Pereniguez- | |||
| "Software-Defined Networking (SDN)-based IPsec Flow | Garcia, "Software-Defined Networking (SDN)-based IPsec | |||
| Protection", draft-ietf-i2nsf-sdn-ipsec-flow-protection-08 | Flow Protection", draft-ietf-i2nsf-sdn-ipsec-flow- | |||
| (work in progress), June 2020. | protection-12 (work in progress), October 2020. | |||
| [SNORT] Roesch, M., Green, C., and B. Caswell, "SNORT", SNORT | [SNORT] Roesch, M., Green, C., and B. Caswell, "SNORT", SNORT | |||
| Documents https://www.snort.org/#documents, August 2020. | Documents https://www.snort.org/#documents, August 2020. | |||
| [STIX] Jordan, B., Piazza, R., and T. Darley, "Structured Threat | [STIX] Jordan, B., Piazza, R., and T. Darley, "Structured Threat | |||
| Information Expression (STIX)", STIX Version 2.1: | Information Expression (STIX)", STIX Version 2.1: | |||
| Committee Specification 01 https://docs.oasis- | Committee Specification 01 https://docs.oasis- | |||
| open.org/cti/stix/v2.1/stix-v2.1.pdf, March 2020. | open.org/cti/stix/v2.1/stix-v2.1.pdf, March 2020. | |||
| [SURICATA] | [SURICATA] | |||
| Julien, V. and , "SURICATA", SURICATA Documents | Julien, V. and , "SURICATA", SURICATA Documents | |||
| https://suricata-ids.org/docs/, August 2020. | https://suricata-ids.org/docs/, August 2020. | |||
| [YARA] Alvarez, V., Bengen, H., Metz, J., Buehlmann, S., and W. | [YARA] Alvarez, V., Bengen, H., Metz, J., Buehlmann, S., and W. | |||
| Shields, "YARA", YARA | Shields, "YARA", YARA | |||
| Documents https://yara.readthedocs.io/en/v3.5.0/, August | Documents https://yara.readthedocs.io/en/v3.5.0/, August | |||
| 2020. | 2020. | |||
| Authors' Addresses | Authors' Addresses | |||
| Jaehoon Paul Jeong (editor) | Jaehoon (Paul) Jeong (editor) | |||
| Department of Computer Science and Engineering | Department of Computer Science and Engineering | |||
| Sungkyunkwan University | Sungkyunkwan University | |||
| 2066 Seobu-Ro, Jangan-Gu | 2066 Seobu-Ro, Jangan-Gu | |||
| Suwon, Gyeonggi-Do 16419 | Suwon, Gyeonggi-Do 16419 | |||
| Republic of Korea | Republic of Korea | |||
| Phone: +82 31 299 4957 | Phone: +82 31 299 4957 | |||
| Fax: +82 31 290 7996 | Fax: +82 31 290 7996 | |||
| EMail: pauljeong@skku.edu | EMail: pauljeong@skku.edu | |||
| URI: http://iotlab.skku.edu/people-jaehoon-jeong.php | URI: http://iotlab.skku.edu/people-jaehoon-jeong.php | |||
| End of changes. 16 change blocks. | ||||
| 24 lines changed or deleted | 25 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||