draft-ietf-i2nsf-capability-data-model-11.txt   draft-ietf-i2nsf-capability-data-model-12.txt 
I2NSF Working Group S. Hares, Ed. I2NSF Working Group S. Hares, Ed.
Internet-Draft Huawei Internet-Draft Huawei
Intended status: Standards Track J. Jeong, Ed. Intended status: Standards Track J. Jeong, Ed.
Expires: March 12, 2021 J. Kim Expires: March 19, 2021 J. Kim
Sungkyunkwan University Sungkyunkwan University
R. Moskowitz R. Moskowitz
HTT Consulting HTT Consulting
Q. Lin Q. Lin
Huawei Huawei
September 8, 2020 September 15, 2020
I2NSF Capability YANG Data Model I2NSF Capability YANG Data Model
draft-ietf-i2nsf-capability-data-model-11 draft-ietf-i2nsf-capability-data-model-12
Abstract Abstract
This document defines a YANG data model for the capabilities of This document defines a YANG data model for the capabilities of
various Network Security Functions (NSFs) in the Interface to Network various Network Security Functions (NSFs) in the Interface to Network
Security Functions (I2NSF) framework to centrally manage the Security Functions (I2NSF) framework to centrally manage the
capabilities of the various NSFs. capabilities of the various NSFs.
Status of This Memo Status of This Memo
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 12, 2021. This Internet-Draft will expire on March 19, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 5, line 26 skipping to change at page 5, line 26
+-----------------+------------+ +-------------+ +-----------------+------------+ +-------------+
^ New NSF ^ New NSF
| Cap = {FW, WF} | Cap = {FW, WF}
I2NSF | E = {} I2NSF | E = {}
NSF-Facing Interface | C = {IPv4, IPv6} NSF-Facing Interface | C = {IPv4, IPv6}
| A = {Allow, Deny} | A = {Allow, Deny}
v v
+---------------+----+------------+-----------------+ +---------------+----+------------+-----------------+
| | | | | | | |
+---+---+ +---+---+ +---+---+ +---+---+ +---+---+ +---+---+ +---+---+ +---+---+
| NSF-1 | ... | NSF-m | | NSF-1 | ... | NSF-n | ... | NSF-1 | ... | NSF-m | | NSF-1 | ... | NSF-n |
+-------+ +-------+ +-------+ +-------+ +-------+ +-------+ +-------+ +-------+
NSF-1 NSF-m NSF-1 NSF-n NSF-1 NSF-m NSF-1 NSF-n
Cap = {FW, WF} Cap = {FW, WF} Cap = {FW, WF} Cap = {FW, WF} Cap = {FW, WF} Cap = {FW, WF} Cap = {FW, WF} Cap = {FW, WF}
E = {} E = {user} E = {dev} E = {time} E = {} E = {user} E = {dev} E = {time}
C = {IPv4} C = {IPv6} C = {IPv4, IPv6} C = {IPv4} C = {IPv4} C = {IPv6} C = {IPv4, IPv6} C = {IPv4}
A = {Allow, Deny} A = {Allow, Deny} A = {Allow, Deny} A = {Allow, Deny} A = {Allow, Deny} A = {Allow, Deny} A = {Allow, Deny} A = {Allow, Deny}
Developer's Mgmt System A Developer's Mgmt System B Developer's Mgmt System A Developer's Mgmt System B
Figure 1: Capabilities of NSFs in I2NSF Framework Figure 1: Capabilities of NSFs in I2NSF Framework
A use case of an NSF with the capabilities of firewall and web filter A use case of an NSF with the capabilities of firewall and web filter
is described as follows. is described as follows.
o If a network manager wants to apply security policy rules to block o If a network manager wants to apply security policy rules to block
malicious users with firewall and web filter, it is a tremendous malicious users with firewall and web filter, it is a tremendous
burden for a network administrator to apply all of the needed burden for a network administrator to apply all of the needed
rules to NSFs one by one. This problem can be resolved by rules to NSFs one by one. This problem can be resolved by
skipping to change at page 9, line 25 skipping to change at page 9, line 25
5. YANG Data Model of I2NSF NSF Capability 5. YANG Data Model of I2NSF NSF Capability
This section introduces a YANG module for NSFs' capabilities, as This section introduces a YANG module for NSFs' capabilities, as
defined in the [I-D.ietf-i2nsf-capability]. defined in the [I-D.ietf-i2nsf-capability].
This YANG module imports from [RFC6991]. It makes references to [RFC This YANG module imports from [RFC6991]. It makes references to [RFC
0768][IANA-Protocol-Numbers][RFC0791][RFC0792][RFC0793][RFC3261][RFC4 0768][IANA-Protocol-Numbers][RFC0791][RFC0792][RFC0793][RFC3261][RFC4
443][RFC8200][RFC8329][I-D.ietf-i2nsf-capability][I-D.ietf-i2nsf-nsf- 443][RFC8200][RFC8329][I-D.ietf-i2nsf-capability][I-D.ietf-i2nsf-nsf-
monitoring-data-model][I-D.ietf-i2nsf-sdn-ipsec-flow-protection]. monitoring-data-model][I-D.ietf-i2nsf-sdn-ipsec-flow-protection].
<CODE BEGINS> file "ietf-i2nsf-capability@2020-09-08.yang" <CODE BEGINS> file "ietf-i2nsf-capability@2020-09-15.yang"
module ietf-i2nsf-capability { module ietf-i2nsf-capability {
yang-version 1.1; yang-version 1.1;
namespace namespace
"urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability"; "urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability";
prefix prefix
nsfcap; nsfcap;
organization organization
"IETF I2NSF (Interface to Network Security Functions) "IETF I2NSF (Interface to Network Security Functions)
skipping to change at page 10, line 25 skipping to change at page 10, line 25
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
http://trustee.ietf.org/license-info). http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
// RFC Ed.: replace XXXX with an actual RFC number and remove // RFC Ed.: replace XXXX with an actual RFC number and remove
// this note. // this note.
revision "2020-09-08"{ revision "2020-09-15"{
description "Initial revision."; description "Initial revision.";
reference reference
"RFC XXXX: I2NSF Capability YANG Data Model"; "RFC XXXX: I2NSF Capability YANG Data Model";
// RFC Ed.: replace XXXX with an actual RFC number and remove // RFC Ed.: replace XXXX with an actual RFC number and remove
// this note. // this note.
} }
/* /*
* Identities * Identities
skipping to change at page 41, line 29 skipping to change at page 41, line 29
Figure 3: YANG Data Module of I2NSF Capability Figure 3: YANG Data Module of I2NSF Capability
6. IANA Considerations 6. IANA Considerations
This document requests IANA to register the following URI in the This document requests IANA to register the following URI in the
"IETF XML Registry" [RFC3688]: "IETF XML Registry" [RFC3688]:
ID: yang:ietf-i2nsf-capability ID: yang:ietf-i2nsf-capability
URI: urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability URI: urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability
Registrant Contact: The IESG.
XML: N/A; the requested URI is an XML namespace.
Filename: [ TBD-at-Registration ] Filename: [ TBD-at-Registration ]
Reference: [ RFC-to-be ] Reference: [ RFC-to-be ]
This document requests IANA to register the following YANG module in This document requests IANA to register the following YANG module in
the "YANG Module Names" registry [RFC7950][RFC8525]: the "YANG Module Names" registry [RFC7950][RFC8525]:
Name: ietf-i2nsf-capability Name: ietf-i2nsf-capability
File: [ TBD-at-Registration ]
Maintained by IANA? N Maintained by IANA? N
Namespace: urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability Namespace: urn:ietf:params:xml:ns:yang:ietf-i2nsf-capability
Prefix: nsfcap Prefix: nsfcap
Module: Module:
Reference: [ RFC-to-be ] Reference: [ RFC-to-be ]
7. Security Considerations 7. Security Considerations
The YANG module specified in this document defines a data schema The YANG module specified in this document defines a data schema
designed to be accessed through network management protocols such as designed to be accessed through network management protocols such as
skipping to change at page 42, line 42 skipping to change at page 42, line 42
8. References 8. References
8.1. Normative References 8.1. Normative References
[I-D.ietf-i2nsf-capability] [I-D.ietf-i2nsf-capability]
Xia, L., Strassner, J., Basile, C., and D. Lopez, Xia, L., Strassner, J., Basile, C., and D. Lopez,
"Information Model of NSFs Capabilities", draft-ietf- "Information Model of NSFs Capabilities", draft-ietf-
i2nsf-capability-05 (work in progress), April 2019. i2nsf-capability-05 (work in progress), April 2019.
[I-D.ietf-i2nsf-nsf-monitoring-data-model] [I-D.ietf-i2nsf-nsf-monitoring-data-model]
Jeong, J., Chung, C., Hares, S., Xia, L., and H. Birkholz, Jeong, J., Lingga, P., Hares, S., Xia, L., and H.
"I2NSF NSF Monitoring YANG Data Model", draft-ietf-i2nsf- Birkholz, "I2NSF NSF Monitoring YANG Data Model", draft-
nsf-monitoring-data-model-03 (work in progress), May 2020. ietf-i2nsf-nsf-monitoring-data-model-04 (work in
progress), September 2020.
[I-D.ietf-i2nsf-sdn-ipsec-flow-protection] [I-D.ietf-i2nsf-sdn-ipsec-flow-protection]
Lopez, R., Lopez-Millan, G., and F. Pereniguez-Garcia, Lopez, R., Lopez-Millan, G., and F. Pereniguez-Garcia,
"Software-Defined Networking (SDN)-based IPsec Flow "Software-Defined Networking (SDN)-based IPsec Flow
Protection", draft-ietf-i2nsf-sdn-ipsec-flow-protection-08 Protection", draft-ietf-i2nsf-sdn-ipsec-flow-protection-08
(work in progress), June 2020. (work in progress), June 2020.
[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
DOI 10.17487/RFC0768, August 1980, DOI 10.17487/RFC0768, August 1980,
<https://www.rfc-editor.org/info/rfc768>. <https://www.rfc-editor.org/info/rfc768>.
 End of changes. 11 change blocks. 
12 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/