Frank, John, Aldo, and Diego Thank you very much for posting the revised draft-xibassnez-i2nsf-capability-02.The draft provides a very comprehensive description on how to construct rules (or security policies) to NSFs.
The Abstract stated: "This document defines the concept of an NSF (Network Security Function) Capability, as well as its information model. Capabilities are a set of features that are available from a managed entity, and are represented as data that unambiguously characterizes an NSF. But most of the sections of the draft focuses on how to construct security rules to NSFs. Intuitively, "packet filters" or the depth of the packet header used in "conditions" that a NSF can handle would be a "capability". And "proto != tcp" would be a concrete condition for a security rules. Can you explain how to draw the link from the draft's abstract to the sections in the draft? Thank you very much. Linda p.s. is it appropriate to add a note stating that conventional security devices deployed, such as FW, may consists of multiple "Functions"?
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
