Hi all,
As we mentioned in draft-xia-i2nsf-sec-object-dm-00, attribute based policy
rule configuration is repetitive when creating new policy rules and is hard to
maintain consistency when making modification.
We propose to introduce the “object” concept in I2NSF policy rule to provide
re-usability and simplicity, and define commonly used policy objects.
Taking address attribute as an example, address object and address group object
are defined. The YANG tree structure of address object is as follows.
grouping addr-objects:
+--rw addr-object* [name]
+--rw name address-set-name
+ ...
+--rw elements* [elem-id]
+--rw elem-id uint16
+--rw (object-items)
+--: (ipv4)
| ...
+--: (ipv6)
| ...
+--: (mac)
| ...
+--: (ipv4-range)
| ...
+--: (ipv6-range)
...
For other policy objects, please review the draft:
https://tools.ietf.org/html/draft-xia-i2nsf-sec-object-dm-00.
We want to solicit comments from I2NSF WG. Would the WG like to adopt “policy
object” in I2NSF policy rule? Is an individual draft needed? Or just
incorporating it into the existing drafts?
Thanks.
Best Regards,
Qiushi (Jessica) Lin
发件人: Linqiushi (Jessica, CSPL)
发送时间: 2018年7月2日 14:49
收件人: [email protected]
抄送: Xialiang (Frank, Network Integration Technology Research Dept)
<[email protected]>
主题: FW: New Version Notification for draft-xia-i2nsf-sec-object-dm-00.txt
Dear all,
We just submitted a new draft on I2NSF policy object data model. Object based
rule configuration provides reusability and is widely adopted in NSFs. This
document defines several commonly used policy objects, e.g. address object,
service object, etc.
Besides, this data model draft is aligned with the previous information model
draft. The policy objects are defined as groupings to be reused in different
rules.
Your comments and suggestions are warmly welcome.
Best Regards,
Qiushi (Jessica) Lin
-----邮件原件-----
发件人: [email protected]<mailto:[email protected]>
[mailto:[email protected]]
发送时间: 2018年7月2日 14:46
收件人: Linqiushi (Jessica, CSPL)
<[email protected]<mailto:[email protected]>>; Xialiang (Frank, Network
Integration Technology Research Dept)
<[email protected]<mailto:[email protected]>>; Linqiushi
(Jessica, CSPL) <[email protected]<mailto:[email protected]>>; Xialiang
(Frank, Network Integration Technology Research Dept)
<[email protected]<mailto:[email protected]>>
主题: New Version Notification for draft-xia-i2nsf-sec-object-dm-00.txt
A new version of I-D, draft-xia-i2nsf-sec-object-dm-00.txt
has been successfully submitted by Qiushi Lin and posted to the IETF repository.
Name: draft-xia-i2nsf-sec-object-dm
Revision: 00
Title: I2NSF Security Policy Object YANG Data Model
Document date: 2018-07-01
Group: Individual Submission
Pages: 41
URL:
https://www.ietf.org/internet-drafts/draft-xia-i2nsf-sec-object-dm-00.txt
Status: https://datatracker.ietf.org/doc/draft-xia-i2nsf-sec-object-dm/
Htmlized: https://tools.ietf.org/html/draft-xia-i2nsf-sec-object-dm-00
Htmlized:
https://datatracker.ietf.org/doc/html/draft-xia-i2nsf-sec-object-dm
Abstract:
This document describes a set of policy objects which are reusable
and can be referenced by variable I2NSF policy rules. And the YANG
data models of these policy objects are provided.
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
_______________________________________________
I2nsf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i2nsf
