Re: [I2nsf] Éric Vyncke's Discuss on draft-ietf-i2nsf-capability-data-model-12: (with DISCUSS and COMMENT)
"Eric Vyncke (evyncke)" <evyncke@cisco.com> Tue, 22 September 2020 07:12 UTC
Return-Path: <evyncke@cisco.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FCDC3A145D; Tue, 22 Sep 2020 00:12:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.618
X-Spam-Level:
X-Spam-Status: No, score=-9.618 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URI_DOTEDU=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=HYIuoXY1; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=g7fZ30/q
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oM2KfEu21EY2; Tue, 22 Sep 2020 00:12:04 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4150D3A145B; Tue, 22 Sep 2020 00:12:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=19099; q=dns/txt; s=iport; t=1600758724; x=1601968324; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=11n7IUFCmRoDnejwmvwO1S5RaVOZV2WHHMIGOjWNwyY=; b=HYIuoXY1iQWt8I4YePeLY8DcQvRhAggRXXUQpHQLtnyYSOtCllI94yqx r0+xo+K48d7TA58PTAuJ/QT1MkGzG+xlMihA606U1uJgUIO8llPjyrp40 kZ91zLIyJA9tL0FadGP743K/uep+JQIgPx/7YvsYb9mII9fDWIE02MVHs Q=;
IronPort-PHdr: 9a23:eGDe7xX6s32H7OonjwNvsROf9ArV8LGuZFwc94YnhrRSc6+q45XlOgnF6O5wiEPSBNyHuf1BguvS9avnXD9I7ZWAtSUEd5pBH18AhN4NlgMtSMiCFQXgLfHsYiB7eaYKVFJs83yhd0QAHsH4ag7dp3Sz6XgZHRCsfQZwL/7+T4jVicn/3uuu+prVNgNPgjf1Yb57IBis6wvLscxDiop5IaF3wRzM8XY=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C6AAATo2lf/4gNJK1FEQkcAQEBAQEBBwEBEgEBBAQBAYF9BQEBCwGBIi9RB3BZLyyEOoNGA415ig6JeYRugS4UgREDVQsBAQENAQEYAQwIAgQBAYMWgTUCF4IOAiQ2Bw4CAwEBCwEBBQEBAQIBBgRthVwMhXIBAQEBAwEBEBEdAQEsCwENAgIBCBEDAQIkBAMCAgIUCwYLFAYDCAIEDgUigwQBgX5NAy4BDjuqIAKBOYhhdoEygwEBAQWBMwETQYMsDQuCEAkFgTMBgnCDaYEDgSOELBuBQT+BESccgk0+ghpCAQEBAgGBJgEICgE4CQ0JgmEzgi2QBwwQglUBPIZ9gyOFS4MKkDlRCoJniHeGUoV8BIUEAx+DDIEniFKTfR2EL5Y/glOCapIxAgQCBAUCDgEBBYFBGgYtZ1gRB3AVOyoBgj4JRxcCDY18IzeDOmqEKoVCdAI1AgYBCQEBAwkBe40EXwEB
X-IronPort-AV: E=Sophos;i="5.77,289,1596499200"; d="scan'208,217";a="557965580"
Received: from alln-core-3.cisco.com ([173.36.13.136]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 22 Sep 2020 07:12:02 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by alln-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id 08M7C10X017065 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 22 Sep 2020 07:12:02 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 22 Sep 2020 02:12:01 -0500
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 22 Sep 2020 02:12:01 -0500
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 22 Sep 2020 03:12:00 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ofRqkrGXOCjGCR2q1xwPUBz1WWSrcHDNc8s2AK3xxzYlpprPASpz2fyhO4SiwY5kSfgOC4htSRqkFrZLkiZN1gO2LD7E8V5njQvwcktys2EokwBvsiNE8xaBe0fwx0/veY301ASteZ29FrD3zy9JyVAMfpdNoYdbkfRByAABL+EOgZW8qrowpRtxZZrEo7qcx7AiKS0d5ROC2wctJVtRGkeCZciXeQ5dZN5zG0/OAFQFQbuWE7dhAObWRVYL8bvrYYyRc8viSz8Pwv9er7DPPsKs3XQLVMrSc52JaMeks1JGFTL8AcJBdKGuXtYSATdj9xAe3FPOPbpVl9xHsYYYYA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=11n7IUFCmRoDnejwmvwO1S5RaVOZV2WHHMIGOjWNwyY=; b=C8z7iWx8FBn8+9pa3eZ41Oc0w8eNMMSD8ib9EztLKWjjPalucYXtsvlFFr+hVKyo5eXxpT4gUc69jrz34bwiYRPoAQd83jr1K4NKJskMH/TcOPXKJ+IJuY4U0tQrHXEgKgIWF06VK/5QEh5Vjaos15sr7CBdmiVougbuzMMsVZR8XSp4UEJOzOh1aP3FYyGIqei6njej6e+xBRUynWncwtHp7nADjQrAoQGMhQ6nO8UyuUoqu3Ue2ziQ5v93TG2ZvfeoyMHGDsRFic3NPH4AwUprhpLgYOcyArTC96k2784tpqRVbh38GjtOC+goouy+/G8BesWmhnrcyy0QUjo7MQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=11n7IUFCmRoDnejwmvwO1S5RaVOZV2WHHMIGOjWNwyY=; b=g7fZ30/qBTuV+xYNz7qrqZtMe/zoCf1eKUTH7Vk4hMAmaUzbfhiOao2IMDdilbRSIh6we+vGaZxWBLSOw7+dkp6ka7OcSqVHQkY1xYEvb5ad703Ofho4PyCEK4lfhGhi3MJwXwp+qauwavbxVIB8wbP/ID7XLyQ9XAW8YTVvZDE=
Received: from BN6PR11MB1844.namprd11.prod.outlook.com (2603:10b6:404:103::20) by BN8PR11MB3633.namprd11.prod.outlook.com (2603:10b6:408:8a::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.19; Tue, 22 Sep 2020 07:10:46 +0000
Received: from BN6PR11MB1844.namprd11.prod.outlook.com ([fe80::d525:a81a:74e0:12e7]) by BN6PR11MB1844.namprd11.prod.outlook.com ([fe80::d525:a81a:74e0:12e7%12]) with mapi id 15.20.3412.020; Tue, 22 Sep 2020 07:10:45 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
CC: The IESG <iesg@ietf.org>, "i2nsf@ietf.org" <i2nsf@ietf.org>, "draft-ietf-i2nsf-capability-data-model@ietf.org" <draft-ietf-i2nsf-capability-data-model@ietf.org>, Linda Dunbar <dunbar.ll@gmail.com>, "i2nsf-chairs@ietf.org" <i2nsf-chairs@ietf.org>
Thread-Topic: [I2nsf] Éric Vyncke's Discuss on draft-ietf-i2nsf-capability-data-model-12: (with DISCUSS and COMMENT)
Thread-Index: AQHWkJrL8NIO6OskekuAEMqPsVOszql0X0yA
Date: Tue, 22 Sep 2020 07:10:45 +0000
Message-ID: <87900A28-381D-457B-BEAA-6924A0CBF429@cisco.com>
References: <160067995004.16306.16002090566817704506@ietfa.amsl.com> <CAPK2DezA22-EkaM=1rBMNzLZObwEavKcwAVDJw7TWO2My2JDhQ@mail.gmail.com>
In-Reply-To: <CAPK2DezA22-EkaM=1rBMNzLZObwEavKcwAVDJw7TWO2My2JDhQ@mail.gmail.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.41.20091302
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:2000:73d2:fbbd:2eea]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2d7f4ba9-913a-413e-8883-08d85ec6a05b
x-ms-traffictypediagnostic: BN8PR11MB3633:
x-microsoft-antispam-prvs: <BN8PR11MB363369BE98D40F97D6A4CCB1A93B0@BN8PR11MB3633.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: sDljAv2bsKjORGnNDL1QE3pC4YefSpr6SDJ91KXlI/JYKrKt8WDma95gX8JpYc1E4EH4ZY+l+ggFYMTfLk3nlJ7XD3XHA/moM68axVP4ROMsHgRmqB0tpdx/x7xUHtPxUsNtTzkP/29c2pFQQ9kkeTozd3I5afA9ldmjKQSJlancamrDad70fMVBjncaP2GWUTkQRMVEdRcip0odyI9Ngv937vMKnNIkE1fGmwAFzkxCQf1X+JY2BcECoEeaes3vpi5mtEVyCPFaor2f8Lk1WJ/0qDicV5kWPKEWfc76gInaNir3jmnrwBgZW29tXvgJ2yKZe+N9CZUOuMjTneGMkOep13Ge/zjNSi1jljP5KWdeCa2i1nAHEkXZCywcleajPxFe5O+xjFmsT35RiKObIg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1844.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(396003)(136003)(366004)(39860400002)(346002)(21615005)(166002)(83380400001)(4326008)(2616005)(53546011)(186003)(6506007)(16799955002)(8936002)(6512007)(6486002)(86362001)(15188155005)(316002)(224303003)(6916009)(478600001)(66574015)(71200400001)(5660300002)(36756003)(33656002)(54906003)(66556008)(66476007)(66446008)(64756008)(966005)(66946007)(91956017)(2906002)(76116006); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: Q8dsZnEpfU1S4WnXXj0DKazDAJxYI7znh68pTu6w4ZlKlK6rQpWTUgh1KO/44/dMrn8x4mrrYil8UUWjTbcBi1CQNfjGl7xR83ScvdfHy6hnFfGieIikFGO7LQf6IbBO9Z/iPNpuj4QPySOJktjrmfkmVMITcanRzU/f18CZHhS06crV9GrtdB8hZLd8/yG3CcevRbCOGg5g+FwZAgtkrPl6IMtSaeqhw7Cv1nVpdJvODTzoeBPK8EhEQy9sgVaoMO47BirkGfk8Sl1h63XfU4PnZf5pU3B5GjWFtl5fmER+IrOKapSXaw9qvvg3fA6HGUenMUJ/BwYKXV3juw6sXyWHOzIjzWdQllIRKM/UXO+AgSymvE6RwGrqMNSXqZLUkV2izkpO2AwaCLddpBxAm2NNz1783WAbEOnb/z9zHYK3WJods6SngR0xWbGmNDZ+uNrMa3D6BKN+cfHf0waB0QheXubXyYFJ3smkNitgBuXPicrioIdaIci3sEbFmD18f3UQmw15YaFWz/bjaXs1dwVIplqfCHl46HdN8SBFiJTQpCezJwqAf8e7czMmoZWWibCdlVyeBw00rw6FCA14BLHoShIp0u9WjTzYxlI/W4/qtVxDT3ckN43v63u/4PT7GSs/99/KwhGzdxhWygDYiRGLnECmjyg6XHbN2KW8rC6rAlboHlYXclwHJ2DbrC4uOchtlXeNN+h1dSKDcouxTA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_87900A28381D457BBEAA6924A0CBF429ciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1844.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2d7f4ba9-913a-413e-8883-08d85ec6a05b
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Sep 2020 07:10:45.8064 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: CoIAQjT/pmCgHrs9iempf4xRm1Ox9yySUEiQb/G08asXYWsXNnHNb9pDmViiXapyvBVcKilDYMWSPYYF30KyxQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3633
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.11, xch-rcd-001.cisco.com
X-Outbound-Node: alln-core-3.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/-BxP1ti2spfpg8ukQ2xHmyIa23w>
Subject: Re: [I2nsf] Éric Vyncke's Discuss on draft-ietf-i2nsf-capability-data-model-12: (with DISCUSS and COMMENT)
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2020 07:12:07 -0000
Paul, thank you in advance. I will obviously clear my DISCUSS once it is done. Susan and Diego, thank you for the added history about the information and data models document. I appreciate the time taken to provide us with the history. -éric From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Date: Tuesday, 22 September 2020 at 06:42 To: Eric Vyncke <evyncke@cisco.com> Cc: The IESG <iesg@ietf.org>, "i2nsf@ietf.org" <i2nsf@ietf.org>, "draft-ietf-i2nsf-capability-data-model@ietf.org" <draft-ietf-i2nsf-capability-data-model@ietf.org>, Linda Dunbar <dunbar.ll@gmail.com>, "i2nsf-chairs@ietf.org" <i2nsf-chairs@ietf.org>, "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Subject: Re: [I2nsf] Éric Vyncke's Discuss on draft-ietf-i2nsf-capability-data-model-12: (with DISCUSS and COMMENT) Hi Eric, I will try to reflect your comments about IPv6 capabilities in DISCUSS and other capabilities in COMMENT on the revision as an editor of this draft. Thanks. Best Regards, Paul On Mon, Sep 21, 2020 at 6:19 PM Éric Vyncke via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>> wrote: Éric Vyncke has entered the following ballot position for draft-ietf-i2nsf-capability-data-model-12: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-i2nsf-capability-data-model/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thank you for the work put into this document. While I do appreciate that a data model (this document) is derived from an information model, I am concerned that the information model is an expired draft whereas I would expect the information model being published first. Else, what is the use of the information model ? What was the WG reasoning behind 'putting the cart before the horses' ? My concern is that by publishing the YANG model, there is nearly no way to change the information model anymore. Please find below a couple of non-blocking COMMENT points but also a couple of blocking DISCUSS points around IPv6. They should be easy to resolve. I would hate to have NSF having basic IPv6 capabilities that cannot be configured by using the YANG model of this document. I hope that this helps to improve the document, Regards, -éric == DISCUSS == -- Section 4.1 -- It is quite common to apply conditions based on the whole IPv6 extension header chain (i.e., presence of destination option header or wrong order of the extension headers). Why is there no such capabilities in this YANG module ? The only one is 'identity ipv6-next-header' that applies only to the first extension header. What is the difference between 'identity ipv6-protocol' and 'identity ipv6-next-header' ? There is no 'protocol' field in the IPv6 header. While fragmented IPv4 packets are part of the conditions ('identity ipv4-fragment-flags'), there is no equivalent in IPv6. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- -- Section 4.1 -- May be am I misreading the YANG tree, but, I see no 'sctp-capability' in the set of 'condition-capabilities' (even is SCTP is not heavily used). Is there a real reason to have two related containers ? generic-nsf-capabilities and advanced-nsf-capabilities. Why not a single one ? Unsure what is meant by 'range' in 'identity range-ipv*-address'. Usually, addresses are filtered/matched by using a prefix length and not a range (that is difficult to implement in hardware). Is there a reason why ICMP(v6) codes are not part of the conditions ? _______________________________________________ I2nsf mailing list I2nsf@ietf.org<mailto:I2nsf@ietf.org> https://www.ietf.org/mailman/listinfo/i2nsf -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Associate Professor Department of Computer Science and Engineering Sungkyunkwan University Office: +82-31-299-4957 Email: jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>, pauljeong@skku.edu<mailto:pauljeong@skku.edu> Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php<http://cpslab.skku.edu/people-jaehoon-jeong.php>
- [I2nsf] Éric Vyncke's Discuss on draft-ietf-i2nsf… Éric Vyncke via Datatracker
- Re: [I2nsf] Éric Vyncke's Discuss on draft-ietf-i… Susan Hares
- Re: [I2nsf] Éric Vyncke's Discuss on draft-ietf-i… Diego R. Lopez
- Re: [I2nsf] Éric Vyncke's Discuss on draft-ietf-i… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Éric Vyncke's Discuss on draft-ietf-i… Eric Vyncke (evyncke)