The IESG has received a request from the Interface to Network Security Functions WG (i2nsf) to consider the following document: - 'Software-Defined Networking (SDN)-based IPsec Flow Protection' <draft-ietf-i2nsf-sdn-ipsec-flow-protection-08.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2020-09-04. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document describes how to provide IPsec-based flow protection (integrity and confidentiality) by means of an I2NSF Controller. It considers two main well-known scenarios in IPsec: (i) gateway-to- gateway and (ii) host-to-host. The service described in this document allows the configuration and monitoring of IPsec information from a I2NSF Controller to one or several flow-based Network Security Function (NSF) that implement IPsec to protect data traffic. The document focuses on the I2NSF NSF-Facing Interface by providing YANG data models for configuration and state data required to allow the I2NSF Controller to configure the IPsec databases (SPD, SAD, PAD) and IKEv2 to establish IPsec Security Associations with a reduced intervention of the network administrator. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-i2nsf-sdn-ipsec-flow-protection/ No IPR declarations have been submitted directly on this I-D. _______________________________________________ I2nsf mailing list [email protected] https://www.ietf.org/mailman/listinfo/i2nsf
