--- 1/draft-ietf-i2nsf-nsf-monitoring-data-model-13.txt 2022-01-28 06:14:40.036431711 -0800 +++ 2/draft-ietf-i2nsf-nsf-monitoring-data-model-14.txt 2022-01-28 06:14:40.204435927 -0800 @@ -1,23 +1,23 @@ Network Working Group J. Jeong, Ed. Internet-Draft P. Lingga Intended status: Standards Track Sungkyunkwan University -Expires: 30 July 2022 S. Hares +Expires: 1 August 2022 S. Hares L. Xia Huawei H. Birkholz Fraunhofer SIT - 26 January 2022 + 28 January 2022 I2NSF NSF Monitoring Interface YANG Data Model - draft-ietf-i2nsf-nsf-monitoring-data-model-13 + draft-ietf-i2nsf-nsf-monitoring-data-model-14 Abstract This document proposes an information model and the corresponding YANG data model of an interface for monitoring Network Security Functions (NSFs) in the Interface to Network Security Functions (I2NSF) framework. If the monitoring of NSFs is performed with the NSF monitoring interface in a comprehensive way, it is possible to detect the indication of malicious activity, anomalous behavior, the potential sign of denial of service attacks, or system overload in a @@ -35,21 +35,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on 30 July 2022. + This Internet-Draft will expire on 1 August 2022. Copyright Notice Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights @@ -105,21 +105,21 @@ 10.1. I2NSF System Detection Alarm . . . . . . . . . . . . . . 83 10.2. I2NSF Interface Counters . . . . . . . . . . . . . . . . 85 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 87 12. Security Considerations . . . . . . . . . . . . . . . . . . . 87 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 89 14. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 89 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 90 15.1. Normative References . . . . . . . . . . . . . . . . . . 90 15.2. Informative References . . . . . . . . . . . . . . . . . 93 Appendix A. Changes from - draft-ietf-i2nsf-nsf-monitoring-data-model-12 . . . . . . 94 + draft-ietf-i2nsf-nsf-monitoring-data-model-13 . . . . . . 94 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 94 1. Introduction According to [RFC8329], the interface provided by a Network Security Function (NSF) (e.g., Firewall, IPS, or Anti-DDoS function) to enable the collection of monitoring information is referred to as an I2NSF Monitoring Interface. This interface enables the sharing of vital data from the NSFs (e.g., events, records, and counters) to the NSF data collector through a variety of mechanisms (e.g., queries and @@ -1582,21 +1582,21 @@ get information of the monitored of an NSF's monitoring data. Every identity used in the document gives information or status about the current situation of an NSF. This YANG module imports from [RFC6991], [RFC8343], and [I-D.ietf-i2nsf-nsf-facing-interface-dm], and makes references to [RFC0768][RFC0791] [RFC0792][RFC0793][RFC0854] [RFC1939][RFC0959][RFC4340] [RFC4443][RFC4960][RFC5321] [RFC5646] [RFC6242][RFC6265][RFC7230] [RFC7231][RFC8200] [RFC8641][RFC9051] [I-D.ietf-tcpm-rfc793bis] [IANA-HTTP-Status-Code] [IANA-Media-Types]. - file "ietf-i2nsf-nsf-monitoring@2022-01-26.yang" + file "ietf-i2nsf-nsf-monitoring@2022-01-28.yang" module ietf-i2nsf-nsf-monitoring { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring"; prefix nsfmi; import ietf-inet-types{ prefix inet; reference "Section 4 of RFC 6991"; @@ -1646,21 +1646,21 @@ without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself for full legal notices."; - revision "2022-01-26" { + revision "2022-01-28" { description "Latest revision"; reference "RFC XXXX: I2NSF NSF Monitoring Interface YANG Data Model"; // RFC Ed.: replace XXXX with an actual RFC number and remove // this note. } /* * Typedefs @@ -4183,55 +4183,58 @@ Additionally, many of the data nodes in this YANG module such as containers "i2nsf-system-user-activity-log", "i2nsf-system-detection- event", and "i2nsf-nsf-detection-voip-volte" are privacy sensitive. They may describe specific or aggregate user activity to include associating user names with specific IP addresses; or users with specific network usage. 13. Acknowledgments + This document is a product by the I2NSF Working Group (WG) including + WG Chairs (i.e., Linda Dunbar and Yoav Nir) and Diego Lopez. This + document took advantage of the review and comments from the following + people: Roman Danyliw, Tim Bray (IANA), Kyle Rose (TSV-ART), Dale R. + Worley (Gen-ART), Melinda Shore (SecDir), Valery Smyslov (ART-ART), + and Tom Petch. We authors sincerely appreciate their sincere efforts + and kind help. + This work was supported by Institute of Information & Communications Technology Planning & Evaluation (IITP) grant funded by the Korea MSIT (Ministry of Science and ICT) (R-20160222-002755, Cloud based Security Intelligence Technology Development for the Customized Security Service Provisioning). This work was supported in part by the IITP (2020-0-00395, Standard Development of Blockchain based Network Management Automation Technology). This work was supported in part by the MSIT under the Information Technology Research Center (ITRC) support program (IITP-2021-2017-0-01633) supervised by the IITP. 14. Contributors - This document is made by the group effort of I2NSF working group. - Many people actively contributed to this document. The authors - sincerely appreciate their contributions. - The following are co-authors of this document: Chaehong Chung - Department of Electronic, Electrical and Computer Engineering, Sungkyunkwan University, 2066 Seobu-ro Jangan-gu, Suwon, Gyeonggi-do 16419, Republic of Korea, Email: darkhong@skku.edu Jinyong (Tim) Kim - Department of Electronic, Electrical and Computer Engineering, Sungkyunkwan University, 2066 Seobu-ro Jangan-gu, Suwon, - Gyeonggi-do 16419 Republic of Korea, Email: timkim@skku.edu, + Gyeonggi-do 16419, Republic of Korea, Email: timkim@skku.edu Dongjin Hong - Department of Electronic, Electrical and Computer Engineering, Sungkyunkwan University, 2066 Seobu-ro Jangan-gu, Suwon, - Gyeonggi-do 16419, Republic of Korea, Email: dong.jin@skku.edu, + Gyeonggi-do 16419, Republic of Korea, Email: dong.jin@skku.edu Dacheng Zhang - Huawei, Email: dacheng.zhang@huawei.com Yi Wu - Aliababa Group, Email: anren.wy@alibaba-inc.com - Rakesh Kumar - Juniper Networks, 1133 Innovation Way, Sunnyvale, CA 94089, USA, Email: rkkumar@juniper.net Anil Lohiya - Juniper Networks, Email: alohiya@juniper.net 15. References 15.1. Normative References [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, @@ -4339,20 +4342,25 @@ [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", STD 86, RFC 8200, DOI 10.17487/RFC8200, July 2017, . + [RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R. + Kumar, "Framework for Interface to Network Security + Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018, + . + [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, . [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration Access Control Model", STD 91, RFC 8341, DOI 10.17487/RFC8341, March 2018, . [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., @@ -4385,78 +4393,71 @@ [RFC8641] Clemm, A. and E. Voit, "Subscription to YANG Notifications for Datastore Updates", RFC 8641, DOI 10.17487/RFC8641, September 2019, . [RFC9051] Melnikov, A., Ed. and B. Leiba, Ed., "Internet Message Access Protocol (IMAP) - Version 4rev2", RFC 9051, DOI 10.17487/RFC9051, August 2021, . + [I-D.ietf-i2nsf-nsf-facing-interface-dm] + Kim, J. (., Jeong, J. (., Park, J., Hares, S., and Q. Lin, + "I2NSF Network Security Function-Facing Interface YANG + Data Model", Work in Progress, Internet-Draft, draft-ietf- + i2nsf-nsf-facing-interface-dm-16, 13 November 2021, + . + + [I-D.ietf-tcpm-rfc793bis] + Eddy, W. M., "Transmission Control Protocol (TCP) + Specification", Work in Progress, Internet-Draft, draft- + ietf-tcpm-rfc793bis-25, 7 September 2021, + . + 15.2. Informative References [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, . - [RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R. - Kumar, "Framework for Interface to Network Security - Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018, - . - [RFC8792] Watsen, K., Auerswald, E., Farrel, A., and Q. Wu, "Handling Long Lines in Content of Internet-Drafts and RFCs", RFC 8792, DOI 10.17487/RFC8792, June 2020, . - [I-D.ietf-i2nsf-nsf-facing-interface-dm] - Kim, J. (., Jeong, J. (., Park, J., Hares, S., and Q. Lin, - "I2NSF Network Security Function-Facing Interface YANG - Data Model", Work in Progress, Internet-Draft, draft-ietf- - i2nsf-nsf-facing-interface-dm-16, 13 November 2021, - . - [I-D.ietf-i2nsf-consumer-facing-interface-dm] Jeong, J. (., Chung, C., Ahn, T., Kumar, R., and S. Hares, "I2NSF Consumer-Facing Interface YANG Data Model", Work in Progress, Internet-Draft, draft-ietf-i2nsf-consumer- facing-interface-dm-15, 15 September 2021, . - [I-D.ietf-tcpm-rfc793bis] - Eddy, W. M., "Transmission Control Protocol (TCP) - Specification", Work in Progress, Internet-Draft, draft- - ietf-tcpm-rfc793bis-25, 7 September 2021, - . - [IANA-HTTP-Status-Code] Internet Assigned Numbers Authority (IANA), "Hypertext Transfer Protocol (HTTP) Status Code Registry", September 2018, . [IANA-Media-Types] Internet Assigned Numbers Authority (IANA), "Media Types", August 2021, . -Appendix A. Changes from draft-ietf-i2nsf-nsf-monitoring-data-model-12 +Appendix A. Changes from draft-ietf-i2nsf-nsf-monitoring-data-model-13 The following changes are made from draft-ietf-i2nsf-nsf-monitoring- - data-model-12: + data-model-13: - * This version is revised following the comments from Tim Bray - (IANA), Kyle Rose (TSV-ART), Dale R. Worley (Gen-ART), Melinda - Shore (SecDir), Valery Smyslov (ART-ART), and Tom Petch. + * This version is added to update the references. Authors' Addresses Jaehoon (Paul) Jeong (editor) Department of Computer Science and Engineering Sungkyunkwan University 2066 Seobu-Ro, Jangan-Gu Suwon Gyeonggi-Do 16419