Linda and Daniel:
To follow-up on Linda's second question, this draft appears to be similar to the draft-inter-cloud-DDOS Yang model (draft-hares-i2nsf-ddos-yang-dm-00). Is it reasonable to have to different yang models or to make one an augmentation of the other data model? It might make sense to have a general collaboration model for inter-domain SSF functions with the DDOS Yang model as a sub-function. I'll send some Yang model interactions offline. Sue From: I2nsf [mailto:[email protected]] On Behalf Of Linda Dunbar Sent: Monday, September 12, 2016 5:59 PM To: 'Daniel Migault'; Alireza Ranjbar; [email protected] Subject: [I2nsf] Is the "Security Service Function (SSF)" in draft-mglt-i2nsf-ssf-collaboration same as the NSF defined by the I2NSF-problem-and-use-cases? Daniel and Alirezza, Is the "Security Service Function (SSF)" in your draft equivalent to the Network Security Function (NSF) defined in https://www.ietf.org/id/draft-ietf-i2nsf-problem-and-use-cases-01.pdf ? NSF: Network Security Function. An NSF is a function that detects abnormal activity and blocks/mitigates the effect of such abnormal activity in order to preserve the availability of a network or a service. In addition, the NSF can help in supporting communication stream integrity and confidentiality. Flow-based NSF: An NSF which inspects network flows according to a security policy. Flow-based security also means that packets are inspected in the order they are received, and without altering packets due to the inspection process (e.g., MAC rewrites, TTL decrement action, or NAT inspection or changes). If they are the same, can you change the terminology? If they are different, can you elaborate the differences in your draft? Second question: When the "Cloud based services" need network provider to enforce certain flow rules for the traffic destined to (originated from) the "Cloud based services", do you anticipate those flow rules to be applied to specific SSFs belonging to different administrators? Or can those rules be to the "controller" of the SSFs belonging to network providers? As described by https://datatracker.ietf.org/doc/draft-kumar-i2nsf-controller-northbound-fra mework/ ? Thanks, Linda
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
