Hi Paul, Linda. Thanks again for your comments.
> El 18 may 2019, a las 7:11, Mr. Jaehoon Paul Jeong <[email protected]> > escribió: > > Hi Linda, > For your first question, > it seems like Gabriel does not like to modify their code to let NSF-Facing > Interface data module import ikev2 and ietf-ipsec (i.e., ike-less) > according to IETF YANG conventions such as TLS, SSH, IDS, and ACL. > In our data models, we will specify whether an NSF supports an IPsec > configuration mechanism (IKEv2 or IKEless), > or does not support any IPsec configuration mechanism. > That is, our data models assume that the actual IPsec configuration will be > handled by Rafa's IPsec module through NETCONF, and > our I2NSF interfaces will do nothing related to the IPsec configuration. > The question is not whether I (we) like or don't like to modify the model. The question is whether it is the best technical approach or not. As said before, the ipsec model has been designed to work in a standalone mode in a NSF, so the controller can configure ipsec on NSFs without any other module. You mention the consensous on the last meeting, but what I get from this consensous is to study how, making use of the capability model, the controller can learn if the NSF node supports IKE case or IKE-less case, and then in the discussion there is a mention to a "reference" to the corresponding data model implementing these capabilities (our model) (here the "reference" clause could be used). But it does not imply to extend the NSF client interface to include all the available yang models for every security service a NSF can support. Our main concerns is if the objective of the nsf-client-dm is: - To import all other models (SSH, TLS, ALCs, etc...) just for sake of having all of them gathered in a single model (nsf-client-dm). But I don't see the benefit. In fact, SSH or TLS yang models are designed to be used by other yang model for especific applications, such as a model for HTTPS importing the TLS model or a model for a SSH server importing the SSH model. What is the service in this case?. In the case of the ACL yang module, it is also defined to work in a standalone mode (no main grouping based). In the case of IDS, could you point out the yang module? - To adapt them in some way to the ECA model. The ECA model is the keystone of the nsf-client-dm, as described in section 4. If it is the case, then it is difficult to see examples of how they can be adapted. Said that, the draft is a WG item and the WG has to decide what is the right way to proceed. Regards, Gabi. > For your second question, > "ietf-ipsec" is the same as "ipsec-ikeless". > > Thanks. > > Best Regards, > Paul > > On Sat, May 18, 2019 at 6:28 AM Linda Dunbar <[email protected] > <mailto:[email protected]>> wrote: > Paul, > > > > If you simply want to import the “ikev2” and “ietf-ipsec” to NSF-Facing > Interface data model, can the new code be the following? > > > > > > ########### Modified Code ############# > > > > grouping ikev2 { > > ... > > } > > > > grouping ietf-ipsec { > > ... > > } > > ######## > > > > <> > By the way “ietf-ipsec” is not same as “ipsec-ikeless”, is it? > > > > > > Linda > > > > From: Mr. Jaehoon Paul Jeong [mailto:[email protected] > <mailto:[email protected]>] > Sent: Thursday, May 09, 2019 9:02 AM > To: [email protected] <mailto:[email protected]>; Gabriel Lopez <[email protected] > <mailto:[email protected]>>; [email protected] > <mailto:[email protected]> > Cc: Linda Dunbar <[email protected] <mailto:[email protected]>>; > Yoav Nir <[email protected] <mailto:[email protected]>>; [email protected] > <mailto:[email protected]>; [email protected] > <mailto:[email protected]>; Mr. Jaehoon Paul Jeong > <[email protected] <mailto:[email protected]>> > Subject: Re: [I2nsf] WGLC and IPR poll for > draft-ietf-i2nsf-sdn-ipsec-flow-protection-04 > > > > Hi Authors: Rafa, Gabriel, and Fernando, > > > > I have a request to let your authors revise i2nsf ipsec draft > > (draft-ietf-i2nsf-sdn-ipsec-flow-protection-04) > > in order to conform to our i2nsf interface data models. > > For your YANG data module to be used in our NSF-Facing Interface data model > through import, > > your YANG data module needs some modification as follows. > > > > ########### Original Code ############# > > container ikev2 { > > .... > > } > > > > container ietf-ipsec { > > .... > > } > > > > ########### Modified Code ############# > > > > grouping ipsec-ike { > > ... > > } > > > > grouping ipsec-ikeless { > > ... > > } > > > > container ikev2 { > > description "Configure the IKEv2 software"; > > uses ipsec-ike; > > } > > > > container ietf-ipsec { > > description "IPsec configuration"; > > uses ipsec-ikeless; > > } > > > > With your modification, my SKKU team will modify our YANG data models > > to accommodate your ipsec data model. > > > > If you have any questions, please let me know. > > > > Thank you. > > > > Best Regards, > > Paul > > > > On Wed, Apr 17, 2019 at 11:54 PM Linda Dunbar <[email protected] > <mailto:[email protected]>> wrote: > > Hello Working Group, > > > > This email starts a four weeks Working Group Last Call on > draft-ietf-i2nsf-sdn-ipsec-flow-protection-04. > > This poll runs until May 15, 2019. > > > > Authors: please update the draft per the comments and suggestions from YANG > Doctors. > > > > We are also polling for knowledge of any undisclosed IPR that applies to this > Document, to ensure that IPR has been disclosed in compliance with IETF IPR > rules (see RFCs 3979, 4879, 3669 and 5378 for more details). > > If you are listed as an Author or a Contributor of this Document please > respond to this email and indicate whether or not you are aware of any > relevant undisclosed IPR. The Document won't progress without answers from > all the Authors and Contributors. > > > > If you are not listed as an Author or a Contributor, then please explicitly > respond only if you are aware of any IPR that has not yet been disclosed in > conformance with IETF rules. > > > > > > Thank you. > > > > Yoav & Linda > > _______________________________________________ > I2nsf mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/i2nsf > <https://www.ietf.org/mailman/listinfo/i2nsf> > > > > -- > > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Associate Professor > Department of Software > Sungkyunkwan University > Office: +82-31-299-4957 > Email: [email protected] <mailto:[email protected]>, > [email protected] <mailto:[email protected]> > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <http://cpslab.skku.edu/people-jaehoon-jeong.php> > > -- > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Associate Professor > Department of Software > Sungkyunkwan University > Office: +82-31-299-4957 > Email: [email protected] <mailto:[email protected]>, > [email protected] <mailto:[email protected]> > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <http://cpslab.skku.edu/people-jaehoon-jeong.php> > _______________________________________________ > I2nsf mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/i2nsf ----------------------------------------------------------- Gabriel López Millán Departamento de Ingeniería de la Información y las Comunicaciones University of Murcia Spain Tel: +34 868888504 Fax: +34 868884151 email: [email protected]
_______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
