--- 1/draft-ietf-i2nsf-sdn-ipsec-flow-protection-10.txt 2020-10-22 07:15:07.234180753 -0700 +++ 2/draft-ietf-i2nsf-sdn-ipsec-flow-protection-11.txt 2020-10-22 07:15:08.854221817 -0700 @@ -1,20 +1,20 @@ I2NSF R. Marin-Lopez Internet-Draft G. Lopez-Millan Intended status: Standards Track University of Murcia -Expires: April 24, 2021 F. Pereniguez-Garcia +Expires: April 25, 2021 F. Pereniguez-Garcia University Defense Center - October 21, 2020 + October 22, 2020 Software-Defined Networking (SDN)-based IPsec Flow Protection - draft-ietf-i2nsf-sdn-ipsec-flow-protection-10 + draft-ietf-i2nsf-sdn-ipsec-flow-protection-11 Abstract This document describes how to provide IPsec-based flow protection (integrity and confidentiality) by means of an Interface to Network Security Function (I2NSF) controller. It considers two main well- known scenarios in IPsec: (i) gateway-to-gateway and (ii) host-to- host. The service described in this document allows the configuration and monitoring of IPsec Security Associations (SAs) from a I2NSF Controller to one or several flow-based Network Security @@ -34,21 +34,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on April 24, 2021. + This Internet-Draft will expire on April 25, 2021. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -1408,21 +1408,21 @@ Appendix A. Common YANG model for IKE and IKE-less cases This Appendix is Normative. This YANG module has normative references to [RFC3947], [RFC4301], [RFC4303], [RFC8174], [RFC8221] and [IKEv2-Parameters]. This YANG module has informative references to [RFC3948] and [RFC8229]. - file "ietf-i2nsf-ikec@2020-10-21.yang" + file "ietf-i2nsf-ikec@2020-10-22.yang" module ietf-i2nsf-ikec { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikec"; prefix "nsfikec"; import ietf-inet-types { prefix inet; reference "RFC 6991: Common YANG Data Types"; } @@ -1464,21 +1464,21 @@ This version of this YANG module is part of RFC XXXX;; see the RFC itself for full legal notices. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision "2020-10-21" { + revision "2020-10-22" { description "Initial version."; reference "RFC XXXX: Software-Defined Networking (SDN)-based IPsec Flow Protection."; } typedef encryption-algorithm-type { type uint16; description "The encryption algorithm is specified with a 16-bit number extracted from IANA Registry. The acceptable @@ -2128,21 +2128,21 @@ This Appendix is Normative. This YANG module has normative references to [RFC2247], [RFC5280], [RFC4301], [RFC5280], [RFC5915], [RFC6991], [RFC7296], [RFC7383], [RFC7427], [RFC7619], [RFC8017], [RFC8174], [RFC8341], [ITU-T.X.690], [I-D.draft-ietf-netconf-crypto-types] and [IKEv2-Parameters]. This YANG module has informative references to [RFC8229]. - file "ietf-i2nsf-ike@2020-10-21.yang" + file "ietf-i2nsf-ike@2020-10-22.yang" module ietf-i2nsf-ike { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ike"; prefix "nsfike"; import ietf-inet-types { prefix inet; reference "RFC 6991: Common YANG Data Types"; } @@ -2208,21 +2208,21 @@ This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision "2020-10-21" { + revision "2020-10-22" { description "Initial version."; reference "RFC XXXX: Software-Defined Networking (SDN)-based IPsec Flow Protection."; } typedef ike-spi { type uint64 { range "0..max"; } description "Security Parameter Index (SPI)'s IKE SA."; @@ -3062,21 +3062,21 @@ Appendix C. YANG model for IKE-less case This Appendix is Normative. This YANG module has normative references to [RFC4301], [RFC6991], [RFC8174] and [RFC8341]. - file "ietf-i2nsf-ikeless@2020-10-21.yang" + file "ietf-i2nsf-ikeless@2020-10-22.yang" module ietf-i2nsf-ikeless { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikeless"; prefix "nsfikels"; import ietf-yang-types { prefix yang; @@ -3128,29 +3128,32 @@ This version of this YANG module is part of RFC XXXX;; see the RFC itself for full legal notices. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here."; - revision "2020-10-21" { + revision "2020-10-22" { description "Initial version."; reference "RFC XXXX: Software-Defined Networking (SDN)-based IPsec Flow Protection."; } feature ikeless-notification { description - "To ensure broader applicability of this module, + "This feature indicates that the server supports + generating notifications in the ikeless module. + + To ensure broader applicability of this module, the notifications are marked as a feature. For the implementation of ikeless case, the NSF is expected to implement this feature."; } container ipsec-ikeless { description "Container for configuration of the IKE-less case. The container contains two additional