draft-ietf-i2nsf-nsf-monitoring-data-model-13.txt   draft-ietf-i2nsf-nsf-monitoring-data-model-14.txt 
Network Working Group J. Jeong, Ed. Network Working Group J. Jeong, Ed.
Internet-Draft P. Lingga Internet-Draft P. Lingga
Intended status: Standards Track Sungkyunkwan University Intended status: Standards Track Sungkyunkwan University
Expires: 30 July 2022 S. Hares Expires: 1 August 2022 S. Hares
L. Xia L. Xia
Huawei Huawei
H. Birkholz H. Birkholz
Fraunhofer SIT Fraunhofer SIT
26 January 2022 28 January 2022
I2NSF NSF Monitoring Interface YANG Data Model I2NSF NSF Monitoring Interface YANG Data Model
draft-ietf-i2nsf-nsf-monitoring-data-model-13 draft-ietf-i2nsf-nsf-monitoring-data-model-14
Abstract Abstract
This document proposes an information model and the corresponding This document proposes an information model and the corresponding
YANG data model of an interface for monitoring Network Security YANG data model of an interface for monitoring Network Security
Functions (NSFs) in the Interface to Network Security Functions Functions (NSFs) in the Interface to Network Security Functions
(I2NSF) framework. If the monitoring of NSFs is performed with the (I2NSF) framework. If the monitoring of NSFs is performed with the
NSF monitoring interface in a comprehensive way, it is possible to NSF monitoring interface in a comprehensive way, it is possible to
detect the indication of malicious activity, anomalous behavior, the detect the indication of malicious activity, anomalous behavior, the
potential sign of denial of service attacks, or system overload in a potential sign of denial of service attacks, or system overload in a
skipping to change at page 1, line 46 skipping to change at page 1, line 46
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 30 July 2022. This Internet-Draft will expire on 1 August 2022.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 3, line 24 skipping to change at page 3, line 24
10.1. I2NSF System Detection Alarm . . . . . . . . . . . . . . 83 10.1. I2NSF System Detection Alarm . . . . . . . . . . . . . . 83
10.2. I2NSF Interface Counters . . . . . . . . . . . . . . . . 85 10.2. I2NSF Interface Counters . . . . . . . . . . . . . . . . 85
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 87 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 87
12. Security Considerations . . . . . . . . . . . . . . . . . . . 87 12. Security Considerations . . . . . . . . . . . . . . . . . . . 87
13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 89 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 89
14. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 89 14. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 89
15. References . . . . . . . . . . . . . . . . . . . . . . . . . 90 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 90
15.1. Normative References . . . . . . . . . . . . . . . . . . 90 15.1. Normative References . . . . . . . . . . . . . . . . . . 90
15.2. Informative References . . . . . . . . . . . . . . . . . 93 15.2. Informative References . . . . . . . . . . . . . . . . . 93
Appendix A. Changes from Appendix A. Changes from
draft-ietf-i2nsf-nsf-monitoring-data-model-12 . . . . . . 94 draft-ietf-i2nsf-nsf-monitoring-data-model-13 . . . . . . 94
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 94 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 94
1. Introduction 1. Introduction
According to [RFC8329], the interface provided by a Network Security According to [RFC8329], the interface provided by a Network Security
Function (NSF) (e.g., Firewall, IPS, or Anti-DDoS function) to enable Function (NSF) (e.g., Firewall, IPS, or Anti-DDoS function) to enable
the collection of monitoring information is referred to as an I2NSF the collection of monitoring information is referred to as an I2NSF
Monitoring Interface. This interface enables the sharing of vital Monitoring Interface. This interface enables the sharing of vital
data from the NSFs (e.g., events, records, and counters) to the NSF data from the NSFs (e.g., events, records, and counters) to the NSF
data collector through a variety of mechanisms (e.g., queries and data collector through a variety of mechanisms (e.g., queries and
skipping to change at page 34, line 22 skipping to change at page 34, line 22
get information of the monitored of an NSF's monitoring data. Every get information of the monitored of an NSF's monitoring data. Every
identity used in the document gives information or status about the identity used in the document gives information or status about the
current situation of an NSF. This YANG module imports from current situation of an NSF. This YANG module imports from
[RFC6991], [RFC8343], and [I-D.ietf-i2nsf-nsf-facing-interface-dm], [RFC6991], [RFC8343], and [I-D.ietf-i2nsf-nsf-facing-interface-dm],
and makes references to [RFC0768][RFC0791] and makes references to [RFC0768][RFC0791]
[RFC0792][RFC0793][RFC0854] [RFC1939][RFC0959][RFC4340] [RFC0792][RFC0793][RFC0854] [RFC1939][RFC0959][RFC4340]
[RFC4443][RFC4960][RFC5321] [RFC5646] [RFC6242][RFC6265][RFC7230] [RFC4443][RFC4960][RFC5321] [RFC5646] [RFC6242][RFC6265][RFC7230]
[RFC7231][RFC8200] [RFC8641][RFC9051] [I-D.ietf-tcpm-rfc793bis] [RFC7231][RFC8200] [RFC8641][RFC9051] [I-D.ietf-tcpm-rfc793bis]
[IANA-HTTP-Status-Code] [IANA-Media-Types]. [IANA-HTTP-Status-Code] [IANA-Media-Types].
<CODE BEGINS> file "ietf-i2nsf-nsf-monitoring@2022-01-26.yang" <CODE BEGINS> file "ietf-i2nsf-nsf-monitoring@2022-01-28.yang"
module ietf-i2nsf-nsf-monitoring { module ietf-i2nsf-nsf-monitoring {
yang-version 1.1; yang-version 1.1;
namespace namespace
"urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring"; "urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring";
prefix prefix
nsfmi; nsfmi;
import ietf-inet-types{ import ietf-inet-types{
prefix inet; prefix inet;
reference reference
"Section 4 of RFC 6991"; "Section 4 of RFC 6991";
skipping to change at page 35, line 39 skipping to change at page 35, line 39
without modification, is permitted pursuant to, and subject to without modification, is permitted pursuant to, and subject to
the license terms contained in, the Simplified BSD License set the license terms contained in, the Simplified BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(https://trustee.ietf.org/license-info). (https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices."; for full legal notices.";
revision "2022-01-26" { revision "2022-01-28" {
description "Latest revision"; description "Latest revision";
reference reference
"RFC XXXX: I2NSF NSF Monitoring Interface YANG Data Model"; "RFC XXXX: I2NSF NSF Monitoring Interface YANG Data Model";
// RFC Ed.: replace XXXX with an actual RFC number and remove // RFC Ed.: replace XXXX with an actual RFC number and remove
// this note. // this note.
} }
/* /*
* Typedefs * Typedefs
skipping to change at page 89, line 14 skipping to change at page 89, line 14
Additionally, many of the data nodes in this YANG module such as Additionally, many of the data nodes in this YANG module such as
containers "i2nsf-system-user-activity-log", "i2nsf-system-detection- containers "i2nsf-system-user-activity-log", "i2nsf-system-detection-
event", and "i2nsf-nsf-detection-voip-volte" are privacy sensitive. event", and "i2nsf-nsf-detection-voip-volte" are privacy sensitive.
They may describe specific or aggregate user activity to include They may describe specific or aggregate user activity to include
associating user names with specific IP addresses; or users with associating user names with specific IP addresses; or users with
specific network usage. specific network usage.
13. Acknowledgments 13. Acknowledgments
This document is a product by the I2NSF Working Group (WG) including
WG Chairs (i.e., Linda Dunbar and Yoav Nir) and Diego Lopez. This
document took advantage of the review and comments from the following
people: Roman Danyliw, Tim Bray (IANA), Kyle Rose (TSV-ART), Dale R.
Worley (Gen-ART), Melinda Shore (SecDir), Valery Smyslov (ART-ART),
and Tom Petch. We authors sincerely appreciate their sincere efforts
and kind help.
This work was supported by Institute of Information & Communications This work was supported by Institute of Information & Communications
Technology Planning & Evaluation (IITP) grant funded by the Korea Technology Planning & Evaluation (IITP) grant funded by the Korea
MSIT (Ministry of Science and ICT) (R-20160222-002755, Cloud based MSIT (Ministry of Science and ICT) (R-20160222-002755, Cloud based
Security Intelligence Technology Development for the Customized Security Intelligence Technology Development for the Customized
Security Service Provisioning). This work was supported in part by Security Service Provisioning). This work was supported in part by
the IITP (2020-0-00395, Standard Development of Blockchain based the IITP (2020-0-00395, Standard Development of Blockchain based
Network Management Automation Technology). This work was supported Network Management Automation Technology). This work was supported
in part by the MSIT under the Information Technology Research Center in part by the MSIT under the Information Technology Research Center
(ITRC) support program (IITP-2021-2017-0-01633) supervised by the (ITRC) support program (IITP-2021-2017-0-01633) supervised by the
IITP. IITP.
14. Contributors 14. Contributors
This document is made by the group effort of I2NSF working group.
Many people actively contributed to this document. The authors
sincerely appreciate their contributions.
The following are co-authors of this document: The following are co-authors of this document:
Chaehong Chung - Department of Electronic, Electrical and Computer Chaehong Chung - Department of Electronic, Electrical and Computer
Engineering, Sungkyunkwan University, 2066 Seobu-ro Jangan-gu, Suwon, Engineering, Sungkyunkwan University, 2066 Seobu-ro Jangan-gu, Suwon,
Gyeonggi-do 16419, Republic of Korea, Email: darkhong@skku.edu Gyeonggi-do 16419, Republic of Korea, Email: darkhong@skku.edu
Jinyong (Tim) Kim - Department of Electronic, Electrical and Computer Jinyong (Tim) Kim - Department of Electronic, Electrical and Computer
Engineering, Sungkyunkwan University, 2066 Seobu-ro Jangan-gu, Suwon, Engineering, Sungkyunkwan University, 2066 Seobu-ro Jangan-gu, Suwon,
Gyeonggi-do 16419 Republic of Korea, Email: timkim@skku.edu, Gyeonggi-do 16419, Republic of Korea, Email: timkim@skku.edu
Dongjin Hong - Department of Electronic, Electrical and Computer Dongjin Hong - Department of Electronic, Electrical and Computer
Engineering, Sungkyunkwan University, 2066 Seobu-ro Jangan-gu, Suwon, Engineering, Sungkyunkwan University, 2066 Seobu-ro Jangan-gu, Suwon,
Gyeonggi-do 16419, Republic of Korea, Email: dong.jin@skku.edu, Gyeonggi-do 16419, Republic of Korea, Email: dong.jin@skku.edu
Dacheng Zhang - Huawei, Email: dacheng.zhang@huawei.com Dacheng Zhang - Huawei, Email: dacheng.zhang@huawei.com
Yi Wu - Aliababa Group, Email: anren.wy@alibaba-inc.com Yi Wu - Aliababa Group, Email: anren.wy@alibaba-inc.com
Rakesh Kumar - Juniper Networks, 1133 Innovation Way, Sunnyvale, CA Rakesh Kumar - Juniper Networks, 1133 Innovation Way, Sunnyvale, CA
94089, USA, Email: rkkumar@juniper.net 94089, USA, Email: rkkumar@juniper.net
Anil Lohiya - Juniper Networks, Email: alohiya@juniper.net Anil Lohiya - Juniper Networks, Email: alohiya@juniper.net
15. References 15. References
15.1. Normative References 15.1. Normative References
[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
skipping to change at page 92, line 27 skipping to change at page 92, line 32
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", STD 86, RFC 8200, (IPv6) Specification", STD 86, RFC 8200,
DOI 10.17487/RFC8200, July 2017, DOI 10.17487/RFC8200, July 2017,
<https://www.rfc-editor.org/info/rfc8200>. <https://www.rfc-editor.org/info/rfc8200>.
[RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R.
Kumar, "Framework for Interface to Network Security
Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018,
<https://www.rfc-editor.org/info/rfc8329>.
[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
<https://www.rfc-editor.org/info/rfc8340>. <https://www.rfc-editor.org/info/rfc8340>.
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Model", STD 91, RFC 8341, Access Control Model", STD 91, RFC 8341,
DOI 10.17487/RFC8341, March 2018, DOI 10.17487/RFC8341, March 2018,
<https://www.rfc-editor.org/info/rfc8341>. <https://www.rfc-editor.org/info/rfc8341>.
[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
skipping to change at page 93, line 24 skipping to change at page 93, line 37
[RFC8641] Clemm, A. and E. Voit, "Subscription to YANG Notifications [RFC8641] Clemm, A. and E. Voit, "Subscription to YANG Notifications
for Datastore Updates", RFC 8641, DOI 10.17487/RFC8641, for Datastore Updates", RFC 8641, DOI 10.17487/RFC8641,
September 2019, <https://www.rfc-editor.org/info/rfc8641>. September 2019, <https://www.rfc-editor.org/info/rfc8641>.
[RFC9051] Melnikov, A., Ed. and B. Leiba, Ed., "Internet Message [RFC9051] Melnikov, A., Ed. and B. Leiba, Ed., "Internet Message
Access Protocol (IMAP) - Version 4rev2", RFC 9051, Access Protocol (IMAP) - Version 4rev2", RFC 9051,
DOI 10.17487/RFC9051, August 2021, DOI 10.17487/RFC9051, August 2021,
<https://www.rfc-editor.org/info/rfc9051>. <https://www.rfc-editor.org/info/rfc9051>.
[I-D.ietf-i2nsf-nsf-facing-interface-dm]
Kim, J. (., Jeong, J. (., Park, J., Hares, S., and Q. Lin,
"I2NSF Network Security Function-Facing Interface YANG
Data Model", Work in Progress, Internet-Draft, draft-ietf-
i2nsf-nsf-facing-interface-dm-16, 13 November 2021,
<https://www.ietf.org/archive/id/draft-ietf-i2nsf-nsf-
facing-interface-dm-16.txt>.
[I-D.ietf-tcpm-rfc793bis]
Eddy, W. M., "Transmission Control Protocol (TCP)
Specification", Work in Progress, Internet-Draft, draft-
ietf-tcpm-rfc793bis-25, 7 September 2021,
<https://www.ietf.org/archive/id/draft-ietf-tcpm-
rfc793bis-25.txt>.
15.2. Informative References 15.2. Informative References
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2", [RFC4949] Shirey, R., "Internet Security Glossary, Version 2",
FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,
<https://www.rfc-editor.org/info/rfc4949>. <https://www.rfc-editor.org/info/rfc4949>.
[RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R.
Kumar, "Framework for Interface to Network Security
Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018,
<https://www.rfc-editor.org/info/rfc8329>.
[RFC8792] Watsen, K., Auerswald, E., Farrel, A., and Q. Wu, [RFC8792] Watsen, K., Auerswald, E., Farrel, A., and Q. Wu,
"Handling Long Lines in Content of Internet-Drafts and "Handling Long Lines in Content of Internet-Drafts and
RFCs", RFC 8792, DOI 10.17487/RFC8792, June 2020, RFCs", RFC 8792, DOI 10.17487/RFC8792, June 2020,
<https://www.rfc-editor.org/info/rfc8792>. <https://www.rfc-editor.org/info/rfc8792>.
[I-D.ietf-i2nsf-nsf-facing-interface-dm]
Kim, J. (., Jeong, J. (., Park, J., Hares, S., and Q. Lin,
"I2NSF Network Security Function-Facing Interface YANG
Data Model", Work in Progress, Internet-Draft, draft-ietf-
i2nsf-nsf-facing-interface-dm-16, 13 November 2021,
<https://www.ietf.org/archive/id/draft-ietf-i2nsf-nsf-
facing-interface-dm-16.txt>.
[I-D.ietf-i2nsf-consumer-facing-interface-dm] [I-D.ietf-i2nsf-consumer-facing-interface-dm]
Jeong, J. (., Chung, C., Ahn, T., Kumar, R., and S. Hares, Jeong, J. (., Chung, C., Ahn, T., Kumar, R., and S. Hares,
"I2NSF Consumer-Facing Interface YANG Data Model", Work in "I2NSF Consumer-Facing Interface YANG Data Model", Work in
Progress, Internet-Draft, draft-ietf-i2nsf-consumer- Progress, Internet-Draft, draft-ietf-i2nsf-consumer-
facing-interface-dm-15, 15 September 2021, facing-interface-dm-15, 15 September 2021,
<https://www.ietf.org/archive/id/draft-ietf-i2nsf- <https://www.ietf.org/archive/id/draft-ietf-i2nsf-
consumer-facing-interface-dm-15.txt>. consumer-facing-interface-dm-15.txt>.
[I-D.ietf-tcpm-rfc793bis]
Eddy, W. M., "Transmission Control Protocol (TCP)
Specification", Work in Progress, Internet-Draft, draft-
ietf-tcpm-rfc793bis-25, 7 September 2021,
<https://www.ietf.org/archive/id/draft-ietf-tcpm-
rfc793bis-25.txt>.
[IANA-HTTP-Status-Code] [IANA-HTTP-Status-Code]
Internet Assigned Numbers Authority (IANA), "Hypertext Internet Assigned Numbers Authority (IANA), "Hypertext
Transfer Protocol (HTTP) Status Code Registry", September Transfer Protocol (HTTP) Status Code Registry", September
2018, <https://www.iana.org/assignments/http-status-codes/ 2018, <https://www.iana.org/assignments/http-status-codes/
http-status-codes.xhtml>. http-status-codes.xhtml>.
[IANA-Media-Types] [IANA-Media-Types]
Internet Assigned Numbers Authority (IANA), "Media Types", Internet Assigned Numbers Authority (IANA), "Media Types",
August 2021, <https://www.iana.org/assignments/media- August 2021, <https://www.iana.org/assignments/media-
types/media-types.xhtml>. types/media-types.xhtml>.
Appendix A. Changes from draft-ietf-i2nsf-nsf-monitoring-data-model-12 Appendix A. Changes from draft-ietf-i2nsf-nsf-monitoring-data-model-13
The following changes are made from draft-ietf-i2nsf-nsf-monitoring- The following changes are made from draft-ietf-i2nsf-nsf-monitoring-
data-model-12: data-model-13:
* This version is revised following the comments from Tim Bray * This version is added to update the references.
(IANA), Kyle Rose (TSV-ART), Dale R. Worley (Gen-ART), Melinda
Shore (SecDir), Valery Smyslov (ART-ART), and Tom Petch.
Authors' Addresses Authors' Addresses
Jaehoon (Paul) Jeong (editor) Jaehoon (Paul) Jeong (editor)
Department of Computer Science and Engineering Department of Computer Science and Engineering
Sungkyunkwan University Sungkyunkwan University
2066 Seobu-Ro, Jangan-Gu 2066 Seobu-Ro, Jangan-Gu
Suwon Suwon
Gyeonggi-Do Gyeonggi-Do
16419 16419
 End of changes. 20 change blocks. 
39 lines changed or deleted 40 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/