Paul,
Thanks.
Also the “source” and “destination” of the “policy-rule*” in the general data
model (page 7) shouldn’t be “string”, should it refer to the
policy-endpoint-groups specified on Page 5 instead?
+--rw policy-rule* [policy-rule-id]
| +--rw policy-rule-id string
| +--rw name? string
| +--rw date? yang:date-and-time
| +--rw source? policy-endpoint-groups
| +--rw destination? policy-endpoint-groups
| +--rw exception? string
| +--rw action? string
| +--rw precedence? uint8
On page 7, your “policy-instance” has both “policy-rule*” and
“policy-instance*” listed under. Is it intended? Or typeo?
Thanks, Linda
From: Mr. Jaehoon Paul Jeong [mailto:[email protected]]
Sent: Wednesday, August 16, 2017 7:41 AM
To: Linda Dunbar <[email protected]>
Cc: [email protected]; [email protected];
[email protected]; [email protected]
Subject: Re: [I2nsf] questions & comments to
draft-jeong-i2nsf-consumer-facing-interface-dm-03
Hi Linda,
You are right.
In the revision, we authors will revise the Consumer-Facing Interface data model
such that it lists individual values for rules.
Also, we will explicitly list the 'Policy Endpoint Group' and 'Custom-List'.
Thanks for your good points.
Best Regards,
Paul
On Wed, Aug 16, 2017 at 8:03 AM, Linda Dunbar
<[email protected]<mailto:[email protected]>> wrote:
Paul, Eunsoo, Tae-Jin, Rakesh, and Sue,
Thank you very much for the updated i2nsf-consumer-facing-interface-dm03, which
matches much better with the i2nsf-consumer-facing-im draft.
Just a few questions.
I noticed that you don’t list individual value for the rules. For example,
“primary-action” list the “permit”, “deny”, “rate limit”, etc in the
description:
leaf primary-action {
type string;
description
"This field identifies the action when a rule
is matched by NSF. The action could be one of
'PERMIT', 'DENY', 'RATE-LIMIT', 'TRAFFIC-CLASS',
'AUTHENTICATE-SESSION', 'IPS, 'APP-FIREWALL', etc.";
}
In draft-ietf-netmod-acl-model-11, the actions are listed as explicit value.
[cid:[email protected]]
Similar paten goes with the definition of “Source” and “destination”. You have:
leaf source {
type string;
description
"This field identifies the source of
the traffic. This could be reference to
either 'Policy Endpoint Group' or
'Threat-Feed' or 'Custom-List' if Security
Admin wants to specify the source; otherwise,
the default is to match all traffic.";
}
Not an expert in the data model, I am wondering if you need to explicitly list
the 'Policy Endpoint Group', 'Custom-List', etc
Thank you very much,
Linda
_______________________________________________
I2nsf mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/i2nsf
--
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Assistant Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: [email protected]<mailto:[email protected]>,
[email protected]<mailto:[email protected]>
Personal Homepage:
http://iotlab.skku.edu/people-jaehoon-jeong.php<http://cpslab.skku.edu/people-jaehoon-jeong.php>
_______________________________________________
I2nsf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i2nsf
