draft-ietf-i2nsf-sdn-ipsec-flow-protection-10.txt   draft-ietf-i2nsf-sdn-ipsec-flow-protection-11.txt 
I2NSF R. Marin-Lopez I2NSF R. Marin-Lopez
Internet-Draft G. Lopez-Millan Internet-Draft G. Lopez-Millan
Intended status: Standards Track University of Murcia Intended status: Standards Track University of Murcia
Expires: April 24, 2021 F. Pereniguez-Garcia Expires: April 25, 2021 F. Pereniguez-Garcia
University Defense Center University Defense Center
October 21, 2020 October 22, 2020
Software-Defined Networking (SDN)-based IPsec Flow Protection Software-Defined Networking (SDN)-based IPsec Flow Protection
draft-ietf-i2nsf-sdn-ipsec-flow-protection-10 draft-ietf-i2nsf-sdn-ipsec-flow-protection-11
Abstract Abstract
This document describes how to provide IPsec-based flow protection This document describes how to provide IPsec-based flow protection
(integrity and confidentiality) by means of an Interface to Network (integrity and confidentiality) by means of an Interface to Network
Security Function (I2NSF) controller. It considers two main well- Security Function (I2NSF) controller. It considers two main well-
known scenarios in IPsec: (i) gateway-to-gateway and (ii) host-to- known scenarios in IPsec: (i) gateway-to-gateway and (ii) host-to-
host. The service described in this document allows the host. The service described in this document allows the
configuration and monitoring of IPsec Security Associations (SAs) configuration and monitoring of IPsec Security Associations (SAs)
from a I2NSF Controller to one or several flow-based Network Security from a I2NSF Controller to one or several flow-based Network Security
skipping to change at page 1, line 45 skipping to change at page 1, line 45
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 24, 2021. This Internet-Draft will expire on April 25, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 31, line 15 skipping to change at page 31, line 15
Appendix A. Common YANG model for IKE and IKE-less cases Appendix A. Common YANG model for IKE and IKE-less cases
This Appendix is Normative. This Appendix is Normative.
This YANG module has normative references to [RFC3947], [RFC4301], This YANG module has normative references to [RFC3947], [RFC4301],
[RFC4303], [RFC8174], [RFC8221] and [IKEv2-Parameters]. [RFC4303], [RFC8174], [RFC8221] and [IKEv2-Parameters].
This YANG module has informative references to [RFC3948] and This YANG module has informative references to [RFC3948] and
[RFC8229]. [RFC8229].
<CODE BEGINS> file "ietf-i2nsf-ikec@2020-10-21.yang" <CODE BEGINS> file "ietf-i2nsf-ikec@2020-10-22.yang"
module ietf-i2nsf-ikec { module ietf-i2nsf-ikec {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikec"; namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikec";
prefix "nsfikec"; prefix "nsfikec";
import ietf-inet-types { import ietf-inet-types {
prefix inet; prefix inet;
reference "RFC 6991: Common YANG Data Types"; reference "RFC 6991: Common YANG Data Types";
} }
skipping to change at page 32, line 24 skipping to change at page 32, line 24
This version of this YANG module is part of RFC XXXX;; This version of this YANG module is part of RFC XXXX;;
see the RFC itself for full legal notices. see the RFC itself for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this
document are to be interpreted as described in BCP 14 document are to be interpreted as described in BCP 14
(RFC 2119) (RFC 8174) when, and only when, they appear (RFC 2119) (RFC 8174) when, and only when, they appear
in all capitals, as shown here."; in all capitals, as shown here.";
revision "2020-10-21" { revision "2020-10-22" {
description "Initial version."; description "Initial version.";
reference "RFC XXXX: Software-Defined Networking reference "RFC XXXX: Software-Defined Networking
(SDN)-based IPsec Flow Protection."; (SDN)-based IPsec Flow Protection.";
} }
typedef encryption-algorithm-type { typedef encryption-algorithm-type {
type uint16; type uint16;
description description
"The encryption algorithm is specified with a 16-bit "The encryption algorithm is specified with a 16-bit
number extracted from IANA Registry. The acceptable number extracted from IANA Registry. The acceptable
skipping to change at page 46, line 16 skipping to change at page 46, line 16
This Appendix is Normative. This Appendix is Normative.
This YANG module has normative references to [RFC2247], [RFC5280], This YANG module has normative references to [RFC2247], [RFC5280],
[RFC4301], [RFC5280], [RFC5915], [RFC6991], [RFC7296], [RFC7383], [RFC4301], [RFC5280], [RFC5915], [RFC6991], [RFC7296], [RFC7383],
[RFC7427], [RFC7619], [RFC8017], [RFC8174], [RFC8341], [ITU-T.X.690], [RFC7427], [RFC7619], [RFC8017], [RFC8174], [RFC8341], [ITU-T.X.690],
[I-D.draft-ietf-netconf-crypto-types] and [IKEv2-Parameters]. [I-D.draft-ietf-netconf-crypto-types] and [IKEv2-Parameters].
This YANG module has informative references to [RFC8229]. This YANG module has informative references to [RFC8229].
<CODE BEGINS> file "ietf-i2nsf-ike@2020-10-21.yang" <CODE BEGINS> file "ietf-i2nsf-ike@2020-10-22.yang"
module ietf-i2nsf-ike { module ietf-i2nsf-ike {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ike"; namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ike";
prefix "nsfike"; prefix "nsfike";
import ietf-inet-types { import ietf-inet-types {
prefix inet; prefix inet;
reference "RFC 6991: Common YANG Data Types"; reference "RFC 6991: Common YANG Data Types";
} }
skipping to change at page 47, line 49 skipping to change at page 47, line 49
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices. the RFC itself for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this
document are to be interpreted as described in BCP 14 document are to be interpreted as described in BCP 14
(RFC 2119) (RFC 8174) when, and only when, they appear (RFC 2119) (RFC 8174) when, and only when, they appear
in all capitals, as shown here."; in all capitals, as shown here.";
revision "2020-10-21" { revision "2020-10-22" {
description "Initial version."; description "Initial version.";
reference "RFC XXXX: Software-Defined Networking reference "RFC XXXX: Software-Defined Networking
(SDN)-based IPsec Flow Protection."; (SDN)-based IPsec Flow Protection.";
} }
typedef ike-spi { typedef ike-spi {
type uint64 { range "0..max"; } type uint64 { range "0..max"; }
description description
"Security Parameter Index (SPI)'s IKE SA."; "Security Parameter Index (SPI)'s IKE SA.";
skipping to change at page 65, line 34 skipping to change at page 65, line 34
<CODE ENDS> <CODE ENDS>
Appendix C. YANG model for IKE-less case Appendix C. YANG model for IKE-less case
This Appendix is Normative. This Appendix is Normative.
This YANG module has normative references to [RFC4301], [RFC6991], This YANG module has normative references to [RFC4301], [RFC6991],
[RFC8174] and [RFC8341]. [RFC8174] and [RFC8341].
<CODE BEGINS> file "ietf-i2nsf-ikeless@2020-10-21.yang" <CODE BEGINS> file "ietf-i2nsf-ikeless@2020-10-22.yang"
module ietf-i2nsf-ikeless { module ietf-i2nsf-ikeless {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikeless"; namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikeless";
prefix "nsfikels"; prefix "nsfikels";
import ietf-yang-types { import ietf-yang-types {
prefix yang; prefix yang;
skipping to change at page 67, line 9 skipping to change at page 67, line 9
This version of this YANG module is part of RFC XXXX;; This version of this YANG module is part of RFC XXXX;;
see the RFC itself for full legal notices. see the RFC itself for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL',
'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED',
'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this
document are to be interpreted as described in BCP 14 document are to be interpreted as described in BCP 14
(RFC 2119) (RFC 8174) when, and only when, they appear (RFC 2119) (RFC 8174) when, and only when, they appear
in all capitals, as shown here."; in all capitals, as shown here.";
revision "2020-10-21" { revision "2020-10-22" {
description "Initial version."; description "Initial version.";
reference "RFC XXXX: Software-Defined Networking reference "RFC XXXX: Software-Defined Networking
(SDN)-based IPsec Flow Protection."; (SDN)-based IPsec Flow Protection.";
} }
feature ikeless-notification { feature ikeless-notification {
description description
"To ensure broader applicability of this module, "This feature indicates that the server supports
generating notifications in the ikeless module.
To ensure broader applicability of this module,
the notifications are marked as a feature. the notifications are marked as a feature.
For the implementation of ikeless case, For the implementation of ikeless case,
the NSF is expected to implement this the NSF is expected to implement this
feature."; feature.";
} }
container ipsec-ikeless { container ipsec-ikeless {
description description
"Container for configuration of the IKE-less "Container for configuration of the IKE-less
case. The container contains two additional case. The container contains two additional
 End of changes. 11 change blocks. 
11 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/