Hi all, I have posted a revised i2nsf I-D: - Title Service Function Chaining-Enabled I2NSF Architecture
- File https://tools.ietf.org/html/draft-hyun-i2nsf-sfc-enabled-i2nsf-01 - Abstract This document describes an architecture of the I2NSF framework which enables traffic steering between NSFs for security policy enforcement. Such traffic steering enables composite inspection of network traffic by steering the traffic through multiple types of security functions according to the information model for the NSF facing interface in the I2NSF framework. This document explains the additional components integrated into the I2NSF framework and their functionalities to achieve NSF-triggered traffic steering. It also describes representative use cases to address major benefits from the proposed architecture. This draft will articulate the procedure of performing network security functions according to the information model of I2NSF capability interface: https://tools.ietf.org/html/draft-xia-i2nsf-capability-interface-im-06 This draft proposes an NSF-triggered Traffic Steering Architecture where the result of the execution of an NSF (e.g., firewall) for a packet determines the next NSF for the packet (e.g., DPI). It also explains how to instantiate and eliminate an NSF through Developer's Management System (i.e., Security Vendor System) via Registration Interface. That is, the proposed architecture provides load balancing, auto supplementary NSF instance generation, and the elimination of unused NSF instances in the i2nsf framework. The changes from the previous version are as follows: o This version reflects the framework for I2NSF in draft-ietf-i2nsf-framework-03. o As a term change, Security Function (SF) is replaced by Network Security Function (NSF). As new terms, the following terms are added, such as Advanced Inspection/Action, NSF Profile, NSF Operation Manager, and Packet Forwarding Header. o As an architecture change, the next NSF in service function chaining is determined by both the policy from I2NSF Client and the result of the current NSF. o As a use case change, the first two use cases in the previous version is integrated into one use case. It will be great for you to give us comments or suggestions. Thanks. Best Regards, Paul -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Assistant Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: [email protected], [email protected] Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
