Dear all: We have revised our I-D trying to answer the questions we got from the previous meeting. We are working on the definition of the data model for IKE, SAD, SPD, and PAD. We will provide a first draft in the next versions of the I-D.
Basically we have included: - A mapping between PFKEY_v2 and XFRM, due to the importance of XFRM in Linux systems. - Adding some comments about IPsec SA rekeying and NAT traversal in case 2. Any feedback is welcome. Best Regards. > Inicio del mensaje reenviado: > > De: [email protected] > Asunto: New Version Notification for > draft-abad-i2nsf-sdn-ipsec-flow-protection-01.txt > Fecha: 30 de octubre de 2016, 23:30:42 CET > Para: "Gabriel Lopez-Millan" <[email protected]>, "Rafa Marin-Lopez" <[email protected]>, > "Rafael Lopez" <[email protected]>, "Sowmini Varadhan" <[email protected]> > > > A new version of I-D, draft-abad-i2nsf-sdn-ipsec-flow-protection-01.txt > has been successfully submitted by Rafa Marin-Lopez and posted to the > IETF repository. > > Name: draft-abad-i2nsf-sdn-ipsec-flow-protection > Revision: 01 > Title: Software-Defined Networking (SDN)-based IPsec Flow > Protection > Document date: 2016-10-30 > Group: Individual Submission > Pages: 23 > URL: > https://www.ietf.org/internet-drafts/draft-abad-i2nsf-sdn-ipsec-flow-protection-01.txt > Status: > https://datatracker.ietf.org/doc/draft-abad-i2nsf-sdn-ipsec-flow-protection/ > Htmlized: > https://tools.ietf.org/html/draft-abad-i2nsf-sdn-ipsec-flow-protection-01 > Diff: > https://www.ietf.org/rfcdiff?url2=draft-abad-i2nsf-sdn-ipsec-flow-protection-01 > > Abstract: > This document describes the use case of providing IPsec-based flow > protection by means of a Software-Defined Network (SDN) controller > and raises the requirements to support this service. It considers > two main scenarios: (i) gateway-to-gateway and (ii) host-to-gateway > (Road Warrior). For the gateway-to-gateway scenario, this document > describes a mechanism to support the distribution of IPsec > information to flow-based Network Security Functions (NSFs) that > implements IPsec to protect data traffic. between network resources > to protect data traffic with IPsec and IKE, in intra and inter-SDN > cases. The host-to-gateway case defines a mechanism to distribute > IPsec information to the NSF to protect data with IPsec between an > end user's device (host) and a gateway. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > ------------------------------------------------------- Rafael Marin Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: [email protected] ------------------------------------------------------- _______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
