| draft-ietf-i2nsf-nsf-facing-interface-dm-08.txt | draft-ietf-i2nsf-nsf-facing-interface-dm-09.txt | |||
|---|---|---|---|---|
| I2NSF Working Group J. Kim | I2NSF Working Group J. Kim | |||
| Internet-Draft J. Jeong | Internet-Draft J. Jeong | |||
| Intended status: Standards Track Sungkyunkwan University | Intended status: Standards Track Sungkyunkwan University | |||
| Expires: May 7, 2020 J. Park | Expires: November 8, 2020 J. Park | |||
| ETRI | ETRI | |||
| S. Hares | S. Hares | |||
| Q. Lin | Q. Lin | |||
| Huawei | Huawei | |||
| November 4, 2019 | May 7, 2020 | |||
| I2NSF Network Security Function-Facing Interface YANG Data Model | I2NSF Network Security Function-Facing Interface YANG Data Model | |||
| draft-ietf-i2nsf-nsf-facing-interface-dm-08 | draft-ietf-i2nsf-nsf-facing-interface-dm-09 | |||
| Abstract | Abstract | |||
| This document defines a YANG data model for configuring security | This document defines a YANG data model for configuring security | |||
| policy rules on Network Security Functions (NSF) in the Interface to | policy rules on Network Security Functions (NSF) in the Interface to | |||
| Network Security Functions (I2NSF) framework. The YANG data model in | Network Security Functions (I2NSF) framework. The YANG data model in | |||
| this document corresponds to the information model for NSF-Facing | this document corresponds to the information model for NSF-Facing | |||
| Interface in the I2NSF framework. | Interface in the I2NSF framework. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 39 ¶ | skipping to change at page 1, line 39 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on May 7, 2020. | This Internet-Draft will expire on November 8, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 2, line 39 ¶ | skipping to change at page 2, line 39 ¶ | |||
| 6.3. Security Requirement 3: Mitigate HTTP and HTTPS Flood | 6.3. Security Requirement 3: Mitigate HTTP and HTTPS Flood | |||
| Attacks on a Company Web Server . . . . . . . . . . . . . 92 | Attacks on a Company Web Server . . . . . . . . . . . . . 92 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 95 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 95 | |||
| 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 96 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 96 | |||
| 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 96 | 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 96 | |||
| 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 96 | 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 96 | |||
| 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 97 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 97 | |||
| 11.1. Normative References . . . . . . . . . . . . . . . . . . 97 | 11.1. Normative References . . . . . . . . . . . . . . . . . . 97 | |||
| 11.2. Informative References . . . . . . . . . . . . . . . . . 99 | 11.2. Informative References . . . . . . . . . . . . . . . . . 99 | |||
| Appendix A. Changes from draft-ietf-i2nsf-nsf-facing-interface- | Appendix A. Changes from draft-ietf-i2nsf-nsf-facing-interface- | |||
| dm-07 . . . . . . . . . . . . . . . . . . . . . . . 100 | dm-08 . . . . . . . . . . . . . . . . . . . . . . . 100 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 100 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 100 | |||
| 1. Introduction | 1. Introduction | |||
| This document defines a YANG [RFC6020][RFC7950] data model for | This document defines a YANG [RFC6020][RFC7950] data model for | |||
| security policy rule configuration of Network Security Functions | security policy rule configuration of Network Security Functions | |||
| (NSF). The YANG data model corresponds to the information model | (NSF). The YANG data model corresponds to the information model | |||
| [draft-ietf-i2nsf-capability] for NSF-Facing Interface in Interface | [draft-ietf-i2nsf-capability] for NSF-Facing Interface in Interface | |||
| to Network Security Functions (I2NSF). The YANG data model in this | to Network Security Functions (I2NSF). The YANG data model in this | |||
| document focuses on security policy configuration for generic network | document focuses on security policy configuration for generic network | |||
| skipping to change at page 15, line 44 ¶ | skipping to change at page 15, line 44 ¶ | |||
| Refer to [draft-ietf-i2nsf-sdn-ipsec-flow-protection] for the | Refer to [draft-ietf-i2nsf-sdn-ipsec-flow-protection] for the | |||
| detailed description of the I2NSF IPsec. | detailed description of the I2NSF IPsec. | |||
| 5. YANG Data Module | 5. YANG Data Module | |||
| 5.1. I2NSF NSF-Facing Interface YANG Data Module | 5.1. I2NSF NSF-Facing Interface YANG Data Module | |||
| This section contains a YANG data module for configuration of | This section contains a YANG data module for configuration of | |||
| security policy rules on network security functions. | security policy rules on network security functions. | |||
| <CODE BEGINS> file "ietf-i2nsf-policy-rule-for-nsf@2019-11-04.yang" | <CODE BEGINS> file "ietf-i2nsf-policy-rule-for-nsf@2020-05-07.yang" | |||
| module ietf-i2nsf-policy-rule-for-nsf { | module ietf-i2nsf-policy-rule-for-nsf { | |||
| yang-version 1.1; | yang-version 1.1; | |||
| namespace | namespace | |||
| "urn:ietf:params:xml:ns:yang:ietf-i2nsf-policy-rule-for-nsf"; | "urn:ietf:params:xml:ns:yang:ietf-i2nsf-policy-rule-for-nsf"; | |||
| prefix | prefix | |||
| nsfintf; | nsfintf; | |||
| import ietf-inet-types{ | import ietf-inet-types{ | |||
| prefix inet; | prefix inet; | |||
| skipping to change at page 17, line 11 ¶ | skipping to change at page 17, line 11 ¶ | |||
| Redistribution and use in source and binary forms, with or | Redistribution and use in source and binary forms, with or | |||
| without modification, is permitted pursuant to, and subject | without modification, is permitted pursuant to, and subject | |||
| to the license terms contained in, the Simplified BSD License | to the license terms contained in, the Simplified BSD License | |||
| set forth in Section 4.c of the IETF Trust's Legal Provisions | set forth in Section 4.c of the IETF Trust's Legal Provisions | |||
| Relating to IETF Documents | Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info). | (http://trustee.ietf.org/license-info). | |||
| This version of this YANG module is part of RFC XXXX; see | This version of this YANG module is part of RFC XXXX; see | |||
| the RFC itself for full legal notices."; | the RFC itself for full legal notices."; | |||
| revision "2019-11-04"{ | revision "2020-05-07"{ | |||
| description "The latest revision."; | description "The latest revision."; | |||
| reference | reference | |||
| "RFC XXXX: I2NSF Network Security Function-Facing Interface | "RFC XXXX: I2NSF Network Security Function-Facing Interface | |||
| YANG Data Model"; | YANG Data Model"; | |||
| } | } | |||
| /* | /* | |||
| * Identities | * Identities | |||
| */ | */ | |||
| skipping to change at page 100, line 5 ¶ | skipping to change at page 100, line 5 ¶ | |||
| Garcia, "Software-Defined Networking (SDN)-based IPsec | Garcia, "Software-Defined Networking (SDN)-based IPsec | |||
| Flow Protection", draft-ietf-i2nsf-sdn-ipsec-flow- | Flow Protection", draft-ietf-i2nsf-sdn-ipsec-flow- | |||
| protection-07 (work in progress), August 2019. | protection-07 (work in progress), August 2019. | |||
| [draft-ietf-supa-generic-policy-info-model] | [draft-ietf-supa-generic-policy-info-model] | |||
| Strassner, J., Halpern, J., and S. Meer, "Generic Policy | Strassner, J., Halpern, J., and S. Meer, "Generic Policy | |||
| Information Model for Simplified Use of Policy | Information Model for Simplified Use of Policy | |||
| Abstractions (SUPA)", draft-ietf-supa-generic-policy-info- | Abstractions (SUPA)", draft-ietf-supa-generic-policy-info- | |||
| model-03 (work in progress), May 2017. | model-03 (work in progress), May 2017. | |||
| Appendix A. Changes from draft-ietf-i2nsf-nsf-facing-interface-dm-07 | Appendix A. Changes from draft-ietf-i2nsf-nsf-facing-interface-dm-08 | |||
| The following changes are made from draft-ietf-i2nsf-nsf-facing- | The following changes are made from draft-ietf-i2nsf-nsf-facing- | |||
| interface-dm-07: | interface-dm-08: | |||
| o The version is revised according to the comments from Acee Lindem | o The version has only a submission date update to maintain the | |||
| who is a YANG doctor for review. | active status of the draft. | |||
| Authors' Addresses | Authors' Addresses | |||
| Jinyong Tim Kim | Jinyong Tim Kim | |||
| Department of Electronic, Electrical and Computer Engineering | Department of Electronic, Electrical and Computer Engineering | |||
| Sungkyunkwan University | Sungkyunkwan University | |||
| 2066 Seobu-Ro, Jangan-Gu | 2066 Seobu-Ro, Jangan-Gu | |||
| Suwon, Gyeonggi-Do 16419 | Suwon, Gyeonggi-Do 16419 | |||
| Republic of Korea | Republic of Korea | |||
| End of changes. 11 change blocks. | ||||
| 12 lines changed or deleted | 12 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||