Hi all,
We have uploaded a new version of the i2nsf-sdn-ipsec-flow-protection. We
have reviewed the main sections and added a first draft of a Yang model for
IPsec management.
Comments are welcome.
Regards, Gabi.
----- Mensaje reenviado de [email protected] -----
Fecha: Tue, 02 May 2017 09:01:12 -0700
De: [email protected]
Asunto: New Version Notification for
draft-abad-i2nsf-sdn-ipsec-flow-protection-02.txt
Para: Rafa Marin-Lopez <[email protected]>, Rafael Lopez <[email protected]>, Gabriel
Lopez-Millan <[email protected]>
A new version of I-D, draft-abad-i2nsf-sdn-ipsec-flow-protection-02.txt
has been successfully submitted by Rafa Marin-Lopez and posted to the
IETF repository.
Name: draft-abad-i2nsf-sdn-ipsec-flow-protection
Revision: 02
Title: Software-Defined Networking (SDN)-based IPsec
Flow Protection
Document date: 2017-05-02
Group: Individual Submission
Pages: 45
URL:
https://www.ietf.org/internet-drafts/draft-abad-i2nsf-sdn-ipsec-flow-protection-02.txt
Status:
https://datatracker.ietf.org/doc/draft-abad-i2nsf-sdn-ipsec-flow-protection/
Htmlized:
https://tools.ietf.org/html/draft-abad-i2nsf-sdn-ipsec-flow-protection-02
Htmlized:
https://datatracker.ietf.org/doc/html/draft-abad-i2nsf-sdn-ipsec-flow-protection-02
Diff:
https://www.ietf.org/rfcdiff?url2=draft-abad-i2nsf-sdn-ipsec-flow-protection-02
Abstract:
This document describes the use case of providing IPsec-based flow
protection by means of a Software-Defined Network (SDN) controller
(aka. Security Controller) and establishes the requirements to
support this service. It considers two main well-known scenarios in
IPsec: (i) gateway-to-gateway and (ii) host-to-host. This document
describes a mechanism based on the SDN paradigm to support the
distribution and monitoring of IPsec information from a SDN
controller to one or several flow-based Network Security Function
(NSF). The NSFs implement IPsec to protect data traffic between
network resources with IPsec.
The document focuses in the NSF Facing Interface by providing models
for Configuration and State data model required to allow the Security
Controller to configure the IPsec databases (SPD, SAD, PAD) and IKE
to establish security associations with a reduced intervention of the
network administrator. NOTE: State data model will be developed as
part of this work but it is still TBD.
Please note that it may take a couple of minutes from the time of
submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
----- Terminar mensaje reenviado -----
--- Begin Message ---
A new version of I-D, draft-abad-i2nsf-sdn-ipsec-flow-protection-02.txt
has been successfully submitted by Rafa Marin-Lopez and posted to the
IETF repository.
Name: draft-abad-i2nsf-sdn-ipsec-flow-protection
Revision: 02
Title: Software-Defined Networking (SDN)-based IPsec Flow Protection
Document date: 2017-05-02
Group: Individual Submission
Pages: 45
URL:
https://www.ietf.org/internet-drafts/draft-abad-i2nsf-sdn-ipsec-flow-protection-02.txt
Status:
https://datatracker.ietf.org/doc/draft-abad-i2nsf-sdn-ipsec-flow-protection/
Htmlized:
https://tools.ietf.org/html/draft-abad-i2nsf-sdn-ipsec-flow-protection-02
Htmlized:
https://datatracker.ietf.org/doc/html/draft-abad-i2nsf-sdn-ipsec-flow-protection-02
Diff:
https://www.ietf.org/rfcdiff?url2=draft-abad-i2nsf-sdn-ipsec-flow-protection-02
Abstract:
This document describes the use case of providing IPsec-based flow
protection by means of a Software-Defined Network (SDN) controller
(aka. Security Controller) and establishes the requirements to
support this service. It considers two main well-known scenarios in
IPsec: (i) gateway-to-gateway and (ii) host-to-host. This document
describes a mechanism based on the SDN paradigm to support the
distribution and monitoring of IPsec information from a SDN
controller to one or several flow-based Network Security Function
(NSF). The NSFs implement IPsec to protect data traffic between
network resources with IPsec.
The document focuses in the NSF Facing Interface by providing models
for Configuration and State data model required to allow the Security
Controller to configure the IPsec databases (SPD, SAD, PAD) and IKE
to establish security associations with a reduced intervention of the
network administrator. NOTE: State data model will be developed as
part of this work but it is still TBD.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
--- End Message ---
_______________________________________________
I2nsf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i2nsf
