Re: [I2nsf] can you comment on the I2NSF problem space?
"Toy, Mehmet" <Mehmet_Toy@cable.comcast.com> Sat, 23 May 2015 03:37 UTC
Return-Path: <Mehmet_Toy@cable.comcast.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76C481A8F4D for <i2nsf@ietfa.amsl.com>; Fri, 22 May 2015 20:37:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.225
X-Spam-Level:
X-Spam-Status: No, score=0.225 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_MODEMCABLE=0.768, HOST_EQ_MODEMCABLE=1.368, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n30n_u8qqwUO for <i2nsf@ietfa.amsl.com>; Fri, 22 May 2015 20:37:05 -0700 (PDT)
Received: from pacdcmhout01.cable.comcast.com (PACDCMHOUT01.cable.comcast.com [68.87.31.167]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D55A61A8F4A for <I2nsf@ietf.org>; Fri, 22 May 2015 20:37:04 -0700 (PDT)
X-AuditID: 44571fa7-f79216d000002c77-d2-555ff5df912e
Received: from PACDCEXHUB03.cable.comcast.com (dlpemail-wc-2p.sys.comcast.net [24.40.12.145]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by pacdcmhout01.cable.comcast.com (SMTP Gateway) with SMTP id B3.7A.11383.FD5FF555; Fri, 22 May 2015 23:37:03 -0400 (EDT)
Received: from PACDCEXMB13.cable.comcast.com ([169.254.5.13]) by PACDCEXHUB03.cable.comcast.com ([fe80::7da6:458a:eadf:dadb%16]) with mapi id 14.03.0181.006; Fri, 22 May 2015 23:37:03 -0400
From: "Toy, Mehmet" <Mehmet_Toy@cable.comcast.com>
To: list <I2nsf@ietf.org>
Thread-Topic: can you comment on the I2NSF problem space?
Thread-Index: AQHQlMY9ogK9G31MQkCd9vVIuVR/wZ2I1zhg
Date: Sat, 23 May 2015 03:37:01 +0000
Message-ID: <E0CCE9D2B396674BABDD84B7C422BE1C6F7E75BD@PACDCEXMB13.cable.comcast.com>
References: <4A95BA014132FF49AE685FAB4B9F17F657C49A05@dfweml701-chm>
In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F657C49A05@dfweml701-chm>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [24.40.1.141]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Forward
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrHIsWRmVeSWpSXmKPExsUiocEzUff+1/hQg+m3zCy+/vzBavHo/AN2 i3t3/7Fa/L56itGBxePgyjnsHkuW/GTyaP0u6vGk/RhrAEsUl01Kak5mWWqRvl0CV8aVGYeZ Cj6oVSzcJ9/A+EG1i5GTQ0LARKLn2xZmCFtM4sK99WxdjFwcQgLbmCSebprECuEcZJS40tnI AlLFJmAkMe/IVTBbREBS4vnPv+wgRcwC7xglOs5/ZwdJCAtYSDT+XscMUWQpcf/mDyCbA8g2 kti/3wMkzCKgKrF5yyVGEJtXIERi7/sWsFYhAReJVYuegs3nFHCV+PXsFZjNCHTd91NrmEBs ZgFxiVtP5jNBXC0gsWTPeagPRCVePv7HCmHLSzQ1TWcHWcssoCmxfpc+RKuixJTuh+wQawUl Ts58wgJRLi5x+MgO1gmM4rOQbJiF0D0LSfcsJN0LGFlWMcoVJCanJOdm5JeWGBjqJScm5aTq JefnJicWl4DoTYzAWHQJl1++g/HeC6dDjAIcjEo8vEzAGBViTSwrrsw9xCjBwawkwuv6DijE m5JYWZValB9fVJqTWnyIUZqDRUmc98iv2FAhgfTEktTs1NSC1CKYLBMHp1QDo/u9gyFHSjce velbUVeyaeOaxVUaV6Ujf+z93q7d9i5jX6JlzcIp653L9p7Ker7nsM2XGMem1hbxz5cFnCqO 8f3jfv+25VRM1XGpFCYtl9Yb0xWY7vgHqp464en16VT39z0XtC995swP/Nh/f2OcJJN0oG/O WnPz44tLbph3bG1kCP++4aPpPSWW4oxEQy3mouJEALRo/XjBAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2nsf/-B6sQHb4JkxOVIlsakOAQhycg9k>
X-Mailman-Approved-At: Mon, 25 May 2015 11:26:06 -0700
Cc: "Romascanu, Dan (Dan) (dromasca@avaya.com)" <dromasca@avaya.com>, "Hongwen Zhang (hongwen.zhang@wedgenetworks.com)" <hongwen.zhang@wedgenetworks.com>, "Schell, Richard C (richard.schell@verizon.com)" <richard.schell@verizon.com>
Subject: Re: [I2nsf] can you comment on the I2NSF problem space?
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 May 2015 03:37:09 -0000
Linda,
A couple comments:
1. In 3.4, "Today there is no standard interface to exchange security profiles
between organizations." Open Cloud Connect Architecture made an attempt to describe the interface and its associated attributes. Further work is being done by OCC Technical Committee. You might reference the OCC Arch. Document.
2. In 4, "I2NSF Capability Layer
- I2NSF Service Layer".
Capability Layer sounds like OAM layer. Should you replace Capability Layer with OAM Layer?
3. in 6.4, you can mention OCC. OCC TC is also working on SECaaS.
Hongwen might be able to point you a to a document that he is working on.
Thanks
Mehmet
-----Original Message-----
From: Linda Dunbar
Sent: Thursday, May 21, 2015 5:43 PM
To: 'i2nsf@ietf.org'
Subject: updated I2NSF problem statement to reflect the narrower scoped charter
We updated the I2NSF problem statement to reflect the narrower scoped charter.
The primary issues and challenges facing NSFs hosted by different domains are:
3.1. Challenges Facing Security Service Providers..............5
3.1.1. Diverse types of Security Functions..................5
3.1.2. No Standard Characterization of NSFs.................6
3.1.3. More Distributed NSFs and vNSFs......................7
3.1.4. More Demand to Control NSFs Dynamically..............7
3.1.5. Diverse Interfaces to Control and Monitor NSFs.......7
3.1.6. Lack of mechanism to monitor the behavior of NSFs....8
3.2. Challenges Facing Customers...............................8
3.2.1. Need to integrate on-premises NSFs with Remote NSFs..8
3.2.2. Today's Policy Expressions are Vendors Specific......9
3.2.3. Difficulty to Monitor the Execution of Desired Policies
...........................................................10
3.3. Difficulty to Validate Policies across Multiple Domains..10
3.4. Lack of Standard Interface to Inject Feedback to NSF.....11
Your comments and suggestions are highly appreciated.
Linda
-----Original Message-----
From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org]
Sent: Thursday, May 21, 2015 5:37 PM
To: Mohamed Boucadair; Shaibal Chakrabarty; Linda Dunbar; Christian Jacquenet; Myo Zarny; Christian Jacquenet; Myo Zarny; Shaibal Chakrabarty; Linda Dunbar; Mohamed Boucadair
Subject: New Version Notification for draft-dunbar-i2nsf-problem-statement-04.txt
A new version of I-D, draft-dunbar-i2nsf-problem-statement-04.txt
has been successfully submitted by Linda Dunbar and posted to the IETF repository.
Name: draft-dunbar-i2nsf-problem-statement
Revision: 04
Title: Interface to Network Security Functions (I2NSF) Problem Statement
Document date: 2015-05-21
Group: Individual Submission
Pages: 20
URL: https://www.ietf.org/internet-drafts/draft-dunbar-i2nsf-problem-statement-04.txt
Status: https://datatracker.ietf.org/doc/draft-dunbar-i2nsf-problem-statement/
Htmlized: https://tools.ietf.org/html/draft-dunbar-i2nsf-problem-statement-04
Diff: https://www.ietf.org/rfcdiff?url2=draft-dunbar-i2nsf-problem-statement-04
Abstract:
This document describes the motivation and the problem statement for
Interface to Network Security Functions (I2NSF).
Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat