Hi Diego,
Here are my answers inline.
On Sun, Oct 21, 2018 at 2:58 PM Diego R. Lopez <[email protected]>
wrote:
> Hi,
>
> I've gone through the new version of the Registration Interface mode
> draft, that does look much better and integrated to me now, and I have a
> few comments, most of them on the procedures described for using the
> interface and the connection of Controller and the DMS:
>
> 1) First of all, related to terminology: Why do you define the term "NSF
> Profile"? Why not refer to the "Profile" definition in the terminology
> document? By referring just to "Profile" I think you can freely use "NSF
> Profile" later on...
>
=> That's a good suggestion. We will refer to the definition of "Profile"
of the object of an NSF
for the sake of "NSF Profile" in the revision -01.
>
> 2) The actions described in section 4 seems to imply a direct and dynamic
> communication between Controller and DMS, when what I foresee is something
> similar to the onboarding mechanisms in current software-based networks:
> The DMS uses the registration interface to provide and update the
> capabilities of those NSFs provided to the Controller, and the Controller
> makes the appropriate selection once it receives a request from a client,
> instantiating them from the repository. But by no means a direct dialog
> between Controller and DMS should be assumed, nor I think we should specify
> a dynamic instantiation mechanism in this document.
>
> => In the IETF-103 Hackathon project for I2NSF in OpenStack-Based NFV,
DMS is implemented as an EM that has an interface (i.e., Ve-Vnfm Interface)
with VNF Manager.
That is, the instantiation request from Security Controller to DMS will
be delivered to VNF Manager by DMS .
We will clarify this text based on our implementation in the revision.
> 3) The same happens with the process described in section 5. We should
> change this into a decoupled register-select-instantiate operation
> sequence. And, BTW, what do you mean by "a specific NSF required or
> *wasted* in the current system"? Wasted by whom and how?
>
=> The wasted NSF is an NSF that is not used by any traffic flows, yet is
running as a VNF in the NFV environment. For the efficient resource
management, we need to
deinstantiate such an NSF.
The appendix of Registration Interface Information Model Draft below
clarifies the above my answers.
Appendix A. Lifecycle Management Mechanism in
draft-hyun-i2nsf-registration-interface-im-06
https://tools.ietf.org/html/draft-hyun-i2nsf-registration-interface-im-06#page-12
According to your comments, the the instantiation and deinstantiation
of an NSF will clarified in an Appendix rather than in a main section.
>
> 4) Following this, the instantiation and deinstantaiation operations
> described in 5.1 should not be used. What is more, I'd say they are out of
> the scope of this document, and while mechanisms for instance management
> could be generally mentioned, they should not be described in detail here..
>
=> Yes, as mentioned above, the instantiation and deinstantaiation
operations will be described in an Appendix in the revision.
>
> 5) And a question on the access information described in section 5.3:
> should it not include a reference to the mechanisms to secure the access,
> like encryption, reference to certificates or key repositories, etc. I am
> not asking for storing credentials, but at least to let the Controller know
> that IPsec using certificates approved by a particular CA should be used,
> for example.
>
> => As explained in I2NSF-IPsec draft (
https://tools.ietf.org/html/draft-hyun-i2nsf-registration-interface-im-06#page-6
),
NSF Access Information contains the information to access an NSF in
the I2NSF network, such asfollowings
IPv4 address, IPv6 address, port number, and supported transport
protocol(s) rather than security information
such IPsec session information. For secure access, we can use IPsec
for I2NSF in
https://tools.ietf.org/html/draft-ietf-i2nsf-sdn-ipsec-flow-protection-02
We will add the text about secure access using IPsec along with the
above the I2NSF-IPsec draft in the revision.
Thanks.
Paul
> Be goode,
>
> --
> "Esta vez no fallaremos, Doctor Infierno"
>
> Dr Diego R. Lopez
> Telefonica I+D
> https://www.linkedin.com/in/dr2lopez/
>
> e-mail: [email protected]
> Tel: +34 913 129 041
> Mobile: +34 682 051 091
> ----------------------------------
>
> On 20/10/2018, 22:10, "I2nsf on behalf of [email protected]" <
> [email protected] on behalf of [email protected]> wrote:
>
>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Interface to Network Security
> Functions WG of the IETF.
>
> Title : I2NSF Registration Interface Data Model
> Authors : Sangwon Hyun
> Jaehoon Paul Jeong
> Taekyun Roh
> Sarang Wi
> Jung-Soo Park
> Filename : draft-ietf-i2nsf-registration-interface-dm-00.txt
> Pages : 23
> Date : 2018-10-20
>
> Abstract:
> This document defines an information model and a YANG data model for
> Interface to Network Security Functions (I2NSF) Registration
> Interface between Security Controller and Developer's Management
> System (DMS). The objective of these information and data models is
> to support NSF search, instantiation and registration according to
> required security capabilities via I2NSF Registration Interface.
>
>
> The IETF datatracker status page for this draft is:
>
> https://datatracker.ietf.org/doc/draft-ietf-i2nsf-registration-interface-dm/
>
> There are also htmlized versions available at:
>
> https://tools.ietf.org/html/draft-ietf-i2nsf-registration-interface-dm-00
>
> https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-registration-interface-dm-00
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> I2nsf mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/i2nsf
>
>
>
> ________________________________
>
> Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario,
> puede contener información privilegiada o confidencial y es para uso
> exclusivo de la persona o entidad de destino. Si no es usted. el
> destinatario indicado, queda notificado de que la lectura, utilización,
> divulgación y/o copia sin autorización puede estar prohibida en virtud de
> la legislación vigente. Si ha recibido este mensaje por error, le rogamos
> que nos lo comunique inmediatamente por esta misma vía y proceda a su
> destrucción.
>
> The information contained in this transmission is privileged and
> confidential information intended only for the use of the individual or
> entity named above. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have received
> this transmission in error, do not read it. Please immediately reply to the
> sender that you have received this communication in error and then delete
> it.
>
> Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário,
> pode conter informação privilegiada ou confidencial e é para uso exclusivo
> da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário
> indicado, fica notificado de que a leitura, utilização, divulgação e/ou
> cópia sem autorização pode estar proibida em virtude da legislação vigente.
> Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique
> imediatamente por esta mesma via e proceda a sua destruição
> _______________________________________________
> I2nsf mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/i2nsf
>
--
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Associate Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: [email protected], [email protected]
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php
<http://cpslab.skku.edu/people-jaehoon-jeong.php>
_______________________________________________
I2nsf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i2nsf
