draft-ietf-i2nsf-nsf-facing-interface-dm-08.txt   draft-ietf-i2nsf-nsf-facing-interface-dm-09.txt 
I2NSF Working Group J. Kim I2NSF Working Group J. Kim
Internet-Draft J. Jeong Internet-Draft J. Jeong
Intended status: Standards Track Sungkyunkwan University Intended status: Standards Track Sungkyunkwan University
Expires: May 7, 2020 J. Park Expires: November 8, 2020 J. Park
ETRI ETRI
S. Hares S. Hares
Q. Lin Q. Lin
Huawei Huawei
November 4, 2019 May 7, 2020
I2NSF Network Security Function-Facing Interface YANG Data Model I2NSF Network Security Function-Facing Interface YANG Data Model
draft-ietf-i2nsf-nsf-facing-interface-dm-08 draft-ietf-i2nsf-nsf-facing-interface-dm-09
Abstract Abstract
This document defines a YANG data model for configuring security This document defines a YANG data model for configuring security
policy rules on Network Security Functions (NSF) in the Interface to policy rules on Network Security Functions (NSF) in the Interface to
Network Security Functions (I2NSF) framework. The YANG data model in Network Security Functions (I2NSF) framework. The YANG data model in
this document corresponds to the information model for NSF-Facing this document corresponds to the information model for NSF-Facing
Interface in the I2NSF framework. Interface in the I2NSF framework.
Status of This Memo Status of This Memo
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 7, 2020. This Internet-Draft will expire on November 8, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 39 skipping to change at page 2, line 39
6.3. Security Requirement 3: Mitigate HTTP and HTTPS Flood 6.3. Security Requirement 3: Mitigate HTTP and HTTPS Flood
Attacks on a Company Web Server . . . . . . . . . . . . . 92 Attacks on a Company Web Server . . . . . . . . . . . . . 92
7. Security Considerations . . . . . . . . . . . . . . . . . . . 95 7. Security Considerations . . . . . . . . . . . . . . . . . . . 95
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 96 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 96
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 96 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 96
10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 96 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 96
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 97 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 97
11.1. Normative References . . . . . . . . . . . . . . . . . . 97 11.1. Normative References . . . . . . . . . . . . . . . . . . 97
11.2. Informative References . . . . . . . . . . . . . . . . . 99 11.2. Informative References . . . . . . . . . . . . . . . . . 99
Appendix A. Changes from draft-ietf-i2nsf-nsf-facing-interface- Appendix A. Changes from draft-ietf-i2nsf-nsf-facing-interface-
dm-07 . . . . . . . . . . . . . . . . . . . . . . . 100 dm-08 . . . . . . . . . . . . . . . . . . . . . . . 100
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 100 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 100
1. Introduction 1. Introduction
This document defines a YANG [RFC6020][RFC7950] data model for This document defines a YANG [RFC6020][RFC7950] data model for
security policy rule configuration of Network Security Functions security policy rule configuration of Network Security Functions
(NSF). The YANG data model corresponds to the information model (NSF). The YANG data model corresponds to the information model
[draft-ietf-i2nsf-capability] for NSF-Facing Interface in Interface [draft-ietf-i2nsf-capability] for NSF-Facing Interface in Interface
to Network Security Functions (I2NSF). The YANG data model in this to Network Security Functions (I2NSF). The YANG data model in this
document focuses on security policy configuration for generic network document focuses on security policy configuration for generic network
skipping to change at page 15, line 44 skipping to change at page 15, line 44
Refer to [draft-ietf-i2nsf-sdn-ipsec-flow-protection] for the Refer to [draft-ietf-i2nsf-sdn-ipsec-flow-protection] for the
detailed description of the I2NSF IPsec. detailed description of the I2NSF IPsec.
5. YANG Data Module 5. YANG Data Module
5.1. I2NSF NSF-Facing Interface YANG Data Module 5.1. I2NSF NSF-Facing Interface YANG Data Module
This section contains a YANG data module for configuration of This section contains a YANG data module for configuration of
security policy rules on network security functions. security policy rules on network security functions.
<CODE BEGINS> file "ietf-i2nsf-policy-rule-for-nsf@2019-11-04.yang" <CODE BEGINS> file "ietf-i2nsf-policy-rule-for-nsf@2020-05-07.yang"
module ietf-i2nsf-policy-rule-for-nsf { module ietf-i2nsf-policy-rule-for-nsf {
yang-version 1.1; yang-version 1.1;
namespace namespace
"urn:ietf:params:xml:ns:yang:ietf-i2nsf-policy-rule-for-nsf"; "urn:ietf:params:xml:ns:yang:ietf-i2nsf-policy-rule-for-nsf";
prefix prefix
nsfintf; nsfintf;
import ietf-inet-types{ import ietf-inet-types{
prefix inet; prefix inet;
skipping to change at page 17, line 11 skipping to change at page 17, line 11
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision "2019-11-04"{ revision "2020-05-07"{
description "The latest revision."; description "The latest revision.";
reference reference
"RFC XXXX: I2NSF Network Security Function-Facing Interface "RFC XXXX: I2NSF Network Security Function-Facing Interface
YANG Data Model"; YANG Data Model";
} }
/* /*
* Identities * Identities
*/ */
skipping to change at page 100, line 5 skipping to change at page 100, line 5
Garcia, "Software-Defined Networking (SDN)-based IPsec Garcia, "Software-Defined Networking (SDN)-based IPsec
Flow Protection", draft-ietf-i2nsf-sdn-ipsec-flow- Flow Protection", draft-ietf-i2nsf-sdn-ipsec-flow-
protection-07 (work in progress), August 2019. protection-07 (work in progress), August 2019.
[draft-ietf-supa-generic-policy-info-model] [draft-ietf-supa-generic-policy-info-model]
Strassner, J., Halpern, J., and S. Meer, "Generic Policy Strassner, J., Halpern, J., and S. Meer, "Generic Policy
Information Model for Simplified Use of Policy Information Model for Simplified Use of Policy
Abstractions (SUPA)", draft-ietf-supa-generic-policy-info- Abstractions (SUPA)", draft-ietf-supa-generic-policy-info-
model-03 (work in progress), May 2017. model-03 (work in progress), May 2017.
Appendix A. Changes from draft-ietf-i2nsf-nsf-facing-interface-dm-07 Appendix A. Changes from draft-ietf-i2nsf-nsf-facing-interface-dm-08
The following changes are made from draft-ietf-i2nsf-nsf-facing- The following changes are made from draft-ietf-i2nsf-nsf-facing-
interface-dm-07: interface-dm-08:
o The version is revised according to the comments from Acee Lindem o The version has only a submission date update to maintain the
who is a YANG doctor for review. active status of the draft.
Authors' Addresses Authors' Addresses
Jinyong Tim Kim Jinyong Tim Kim
Department of Electronic, Electrical and Computer Engineering Department of Electronic, Electrical and Computer Engineering
Sungkyunkwan University Sungkyunkwan University
2066 Seobu-Ro, Jangan-Gu 2066 Seobu-Ro, Jangan-Gu
Suwon, Gyeonggi-Do 16419 Suwon, Gyeonggi-Do 16419
Republic of Korea Republic of Korea
 End of changes. 11 change blocks. 
12 lines changed or deleted 12 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/