Hi Gabi, I think the latest update about the wrapping IPSec model in I2NSF-NSF-Facing interface model reflects and addresses the issue raised in last IETF meeting in Prague, see: https://datatracker.ietf.org/meeting/104/materials/slides-104-i2nsf-model-convergence-proposal-00
In summary, it tries to keep the I2NSF capability data model as the basic and only one entry point for all the specific capability model (i.e., IPSec, IDS, etc.) consistently, while ensure independent configuration model for each specific model. We think this is a good proposal and are addressing it. B.R. Frank 夏靓 (Frank Xia) IP安全标准专家 - 数据通信标准专利部 华为技术有限公司 Tel : +86 25 56624539 / 139138 40549 Email : [email protected] [cid:[email protected]] This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it! 发件人: I2nsf [mailto:[email protected]] 代表 Mr. Jaehoon Paul Jeong 发送时间: 2019年5月11日 21:59 收件人: Gabriel Lopez <[email protected]> 抄送: [email protected]; [email protected]; Linda Dunbar <[email protected]>; Fernando Pereñíguez García <[email protected]>; Yoav Nir <[email protected]>; Rafa Marin Lopez <[email protected]>; Mr. Jaehoon Paul Jeong <[email protected]> 主题: Re: [I2nsf] WGLC and IPR poll for draft-ietf-i2nsf-sdn-ipsec-flow-protection-04 Hi Gabriel, Yes, I think the current ipsec-ietf-ike and ipsec-ietf-ikeless without change will be fine to our I2NSF interfaces after I discuss with my student, Jinyong. Our Registration Interface with capability data model will register into Security Controller whether an NSF can support ipsec or not, and also in the case of the support of ipsec whether an NSF can support ike or ikeless. The NSF-Facing will do the same thing for an NSF rather than the actual configuration of ipsec stuff. I assume that the detailed ipsec configuration will be done by your ipsec modules. Thanks. Best Regards, Paul On Fri, May 10, 2019 at 5:37 PM Gabriel Lopez <[email protected]<mailto:[email protected]>> wrote: Hi Paul. The ipsec-ietf-ike and ipsec-ietf-ikeless modules are standalone modules that can be used in the facing interface. We do not understand why do you need to include them in the nsf-facing interface data model. The idea of having a data model with all the security services a nfs can support is not practical and can turns into a huge complex model. Do you have in mind to include also configuration groupings for TLS, SSH, IDS, ACLs, etc.? Best regards, Gabi. El 9 may 2019, a las 23:09, Mr. Jaehoon Paul Jeong <[email protected]<mailto:[email protected]>> escribió: Hi Gabriel, we need to make ipsec-ike and ipsec-ikeless be grouping type so that your ipsec module can be imported by our data modules for two ipsec cases. The container type cannot be imported by other data modules. Thanks. Best Regards, Paul 2019년 5월 10일 (금) 오전 1:43, Gabriel Lopez <[email protected]<mailto:[email protected]>>님이 작성: Hi Paul. Could you explain what is the purpose of this change? Best regards, Gabi. El 9 may 2019, a las 16:02, Mr. Jaehoon Paul Jeong <[email protected]<mailto:[email protected]>> escribió: Hi Authors: Rafa, Gabriel, and Fernando, I have a request to let your authors revise i2nsf ipsec draft (draft-ietf-i2nsf-sdn-ipsec-flow-protection-04) in order to conform to our i2nsf interface data models. For your YANG data module to be used in our NSF-Facing Interface data model through import, your YANG data module needs some modification as follows. ########### Original Code ############# container ikev2 { ..... } container ietf-ipsec { .... } ########### Modified Code ############# grouping ipsec-ike { ... } grouping ipsec-ikeless { ... } container ikev2 { description "Configure the IKEv2 software"; uses ipsec-ike; } container ietf-ipsec { description "IPsec configuration"; uses ipsec-ikeless; } With your modification, my SKKU team will modify our YANG data models to accommodate your ipsec data model. If you have any questions, please let me know. Thank you. Best Regards, Paul On Wed, Apr 17, 2019 at 11:54 PM Linda Dunbar <[email protected]<mailto:[email protected]>> wrote: Hello Working Group, This email starts a four weeks Working Group Last Call on draft-ietf-i2nsf-sdn-ipsec-flow-protection-04. This poll runs until May 15, 2019. Authors: please update the draft per the comments and suggestions from YANG Doctors. We are also polling for knowledge of any undisclosed IPR that applies to this Document, to ensure that IPR has been disclosed in compliance with IETF IPR rules (see RFCs 3979, 4879, 3669 and 5378 for more details). If you are listed as an Author or a Contributor of this Document please respond to this email and indicate whether or not you are aware of any relevant undisclosed IPR. The Document won't progress without answers from all the Authors and Contributors. If you are not listed as an Author or a Contributor, then please explicitly respond only if you are aware of any IPR that has not yet been disclosed in conformance with IETF rules. Thank you. Yoav & Linda _______________________________________________ I2nsf mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/i2nsf -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Associate Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: [email protected]<mailto:[email protected]>, [email protected]<mailto:[email protected]> Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php<http://cpslab.skku.edu/people-jaehoon-jeong.php> ----------------------------------------------------------- Gabriel López Millán Departamento de Ingeniería de la Información y las Comunicaciones University of Murcia Spain Tel: +34 868888504 Fax: +34 868884151 email: [email protected]<mailto:[email protected]> ----------------------------------------------------------- Gabriel López Millán Departamento de Ingeniería de la Información y las Comunicaciones University of Murcia Spain Tel: +34 868888504 Fax: +34 868884151 email: [email protected]<mailto:[email protected]> -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Associate Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: [email protected]<mailto:[email protected]>, [email protected]<mailto:[email protected]> Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php<http://cpslab.skku.edu/people-jaehoon-jeong.php>
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
