draft-ietf-i2nsf-registration-interface-dm-06.txt   draft-ietf-i2nsf-registration-interface-dm-07.txt 
I2NSF Working Group S. Hyun I2NSF Working Group S. Hyun
Internet-Draft Myongji University Internet-Draft Myongji University
Intended status: Standards Track J. Jeong Intended status: Standards Track J. Jeong
Expires: July 24, 2020 T. Roh Expires: September 10, 2020 T. Roh
S. Wi S. Wi
Sungkyunkwan University Sungkyunkwan University
J. Park J. Park
ETRI ETRI
January 21, 2020 March 9, 2020
I2NSF Registration Interface YANG Data Model I2NSF Registration Interface YANG Data Model
draft-ietf-i2nsf-registration-interface-dm-06 draft-ietf-i2nsf-registration-interface-dm-07
Abstract Abstract
This document defines an information model and a YANG data model for This document defines an information model and a YANG data model for
Registration Interface between Security Controller and Developer's Registration Interface between Security Controller and Developer's
Management System (DMS) in the Interface to Network Security Management System (DMS) in the Interface to Network Security
Functions (I2NSF) framework to register Network Security Functions Functions (I2NSF) framework to register Network Security Functions
(NSF) of the DMS into the Security Controller. The objective of (NSF) of the DMS into the Security Controller. The objective of
these information and data models is to support NSF capability these information and data models is to support NSF capability
registration and query via I2NSF Registration Interface. registration and query via I2NSF Registration Interface.
skipping to change at page 1, line 41 skipping to change at page 1, line 41
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 24, 2020. This Internet-Draft will expire on September 10, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 12, line 26 skipping to change at page 12, line 26
This module contains the network access information of an NSF that is This module contains the network access information of an NSF that is
required to enable network communications with the NSF. required to enable network communications with the NSF.
6.2. YANG Data Modules 6.2. YANG Data Modules
This section provides YANG modules of the data model for the This section provides YANG modules of the data model for the
registration interface between Security Controller and Developer's registration interface between Security Controller and Developer's
Management System, as defined in Section 5. Management System, as defined in Section 5.
<CODE BEGINS> file "ietf-i2nsf-reg-interface@2020-01-21.yang" <CODE BEGINS> file "ietf-i2nsf-reg-interface@2020-03-09.yang"
module ietf-i2nsf-reg-interface { module ietf-i2nsf-reg-interface {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-reg-interface"; namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-reg-interface";
prefix nsfreg; prefix nsfreg;
import ietf-inet-types { import ietf-inet-types {
prefix inet; prefix inet;
skipping to change at page 13, line 31 skipping to change at page 13, line 31
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision "2020-01-21" { revision "2020-03-09" {
description "Initial revision"; description "Initial revision";
reference reference
"RFC XXXX: I2NSF Registration Interface YANG Data Model"; "RFC XXXX: I2NSF Registration Interface YANG Data Model";
} }
container nsf-registrations {
description
"Information of an NSF that DMS registers
to Security Controller";
list nsf-information {
key "capability-name";
description
"Required information for registration";
leaf capability-name {
type string;
mandatory true;
description
"Unique name of this registered NSF";
}
container nsf-capability-info {
description
"Capability description of this NSF";
uses nsf-capability-info;
}
container nsf-access-info {
description
"Network access information of this NSF";
uses nsf-access-info;
}
}
}
grouping nsf-performance-capability { grouping nsf-performance-capability {
description description
"Description of the performance capabilities "Description of the performance capabilities of an NSF";
of an NSF";
container processing { container processing {
description description
"Processing power of an NSF in the unit of GHz (gigahertz)"; "Processing power of an NSF in the unit of GHz (gigahertz)";
leaf processing-average { leaf processing-average {
type uint16; type uint16;
description description
"Average processing power"; "Average processing power";
} }
skipping to change at page 15, line 34 skipping to change at page 15, line 6
} }
} }
} }
grouping nsf-capability-info { grouping nsf-capability-info {
description description
"Capability description of an NSF"; "Capability description of an NSF";
container security-capability { container security-capability {
description description
"Description of the security capabilities of an NSF"; "Description of the security capabilities of an NSF";
uses "capa:nsf-capabilities"; uses capa:nsf-capabilities;
reference "draft-ietf-i2nsf-capability-data-model-05"; reference "draft-ietf-i2nsf-capability-data-model-05";
} }
container performance-capability { container performance-capability {
description description
"Description of the performance capabilities of an NSF"; "Description of the performance capabilities of an NSF";
uses nsf-performance-capability; uses nsf-performance-capability;
} }
} }
grouping nsf-access-info { grouping nsf-access-info {
skipping to change at page 16, line 16 skipping to change at page 15, line 36
description description
"IPv4/IPv6 address of this NSF"; "IPv4/IPv6 address of this NSF";
} }
leaf port { leaf port {
type inet:port-number; type inet:port-number;
description description
"Port available on this NSF"; "Port available on this NSF";
} }
} }
container nsf-registrations {
description
"Information of an NSF that DMS registers
to Security Controller";
list nsf-information {
key "capability-name";
description
"Required information for registration";
leaf capability-name {
type string;
mandatory true;
description
"Unique name of this registered NSF";
}
container nsf-capability-info {
description
"Capability description of this NSF";
uses nsf-capability-info;
}
container nsf-access-info {
description
"Network access information of this NSF";
uses nsf-access-info;
}
}
}
rpc nsf-capability-query { rpc nsf-capability-query {
description description
"Description of the capabilities that the "Description of the capabilities that the
Security Controller requests to the DMS"; Security Controller requests to the DMS";
input { input {
container query-nsf-capability { container query-nsf-capability {
description description
"Description of the capabilities to request"; "Description of the capabilities to request";
uses "capa:nsf-capabilities"; uses capa:nsf-capabilities;
reference reference
"draft-ietf-i2nsf-capability-data-model-05"; "draft-ietf-i2nsf-capability-data-model-05";
} }
} }
output { output {
container nsf-access-info { container nsf-access-info {
description description
"Network access information of an NSF "Network access information of an NSF
with the requested capabilities"; with the requested capabilities";
uses nsf-access-info; uses nsf-access-info;
skipping to change at page 32, line 24 skipping to change at page 32, line 24
instantiated to enforce security policies in the I2NSF framework, instantiated to enforce security policies in the I2NSF framework,
Security Controller could request the VNFM to instantiate them Security Controller could request the VNFM to instantiate them
through the Ve-Vnfm interface. Or if an NSF, running as a VNF, is through the Ve-Vnfm interface. Or if an NSF, running as a VNF, is
not used by any traffic flows for a time period, Security Controller not used by any traffic flows for a time period, Security Controller
may request deinstantiating it through the interface for efficient may request deinstantiating it through the interface for efficient
resource utilization. resource utilization.
Appendix C. Changes from draft-ietf-i2nsf-registration-interface-dm-05 Appendix C. Changes from draft-ietf-i2nsf-registration-interface-dm-05
The following changes have been made from draft-ietf-i2nsf- The following changes have been made from draft-ietf-i2nsf-
registration-interface-dm-05: registration-interface-dm-06:
o This version is revised according to the comments from Reshad o This version is revised according to the comments from Reshad
Rahman who reviewed this document as a YANG doctor. Rahman who reviewed this document as a YANG doctor.
o The data definition statements (i.e., container nsf-registrations)
are moved after the groupings and before the rpc statements.
o This version checked the indentations over the entire YANG module
and corrected three indentation errors such as uses capa:nsf-
capabilities, uses nsf-capability-info, and uses nsf-access-info.
Appendix D. Acknowledgments Appendix D. Acknowledgments
This work was supported by Institute of Information & Communications This work was supported by Institute of Information & Communications
Technology Planning & Evaluation (IITP) grant funded by the Korea Technology Planning & Evaluation (IITP) grant funded by the Korea
MSIT (Ministry of Science and ICT) (R-20160222-002755, Cloud based MSIT (Ministry of Science and ICT) (R-20160222-002755, Cloud based
Security Intelligence Technology Development for the Customized Security Intelligence Technology Development for the Customized
Security Service Provisioning). Security Service Provisioning).
Appendix E. Contributors Appendix E. Contributors
 End of changes. 13 change blocks. 
38 lines changed or deleted 44 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/