Re: [I2nsf] Request for WGLC on I2NSF YANG Data Models
"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Thu, 04 April 2019 10:41 UTC
Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1557912047D for <i2nsf@ietfa.amsl.com>; Thu, 4 Apr 2019 03:41:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.988
X-Spam-Level:
X-Spam-Status: No, score=-1.988 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_HK_NAME_FM_MR_MRS=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qSjNa1NY8IIt for <i2nsf@ietfa.amsl.com>; Thu, 4 Apr 2019 03:41:13 -0700 (PDT)
Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 612D7120486 for <i2nsf@ietf.org>; Thu, 4 Apr 2019 03:41:12 -0700 (PDT)
Received: by mail-wr1-x42d.google.com with SMTP id r4so3111133wrq.8 for <i2nsf@ietf.org>; Thu, 04 Apr 2019 03:41:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EaAM5rANxV/7WmEp0ZkHClbSmQ/mgSWOaE6v0QxnhsE=; b=EtI7h+sByXDRHcajif+56s15VwKP8ANVENGeo8VDVDzfbI7Y48fUGHa2mhpEdrnCgC 9lSaqBtFIhZPbSkNYc6OWl2wu2Hd/HvCmDja8z2s5fmy7D1pTVlEvBChXrzTcQp35jmF FOcM6bpGY4LrKN0mx6MVTVnMXUgBVmBWkY23f9HKQlypNjLdInSohx+cPXt5Wx/awoPR Iu9uwRYho6CTjvkSyMxOeQD3bFl7BsVvMcRzwOvZhp4Mj76/StX6b7eWu6EOOy/0aTs2 YBjS66qQA4U3snK1SGDkmjb2/3A1fKKyJyiiohSBxYBa4WgUCdNhgi9d0cPe5AEPsPlh 15tA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EaAM5rANxV/7WmEp0ZkHClbSmQ/mgSWOaE6v0QxnhsE=; b=VHZqXic9EsquW/UvjAe2fWwCGqIpqEGqdcYzR0r/N4g1As7DxcusmpjaBxMzFFEBcV u+EyDe7WlZKrlKHhHmgqHdkg+anuhtKOm8uvRyAHUJm8pjNcE5n55mG+2kb1/R8n4Ypl E9qv5qoJLbgPBAAP37NUpd4oMk+q9qs9nn0b70sqKRm8zIkEK13je66hfeZoPTA6vnDU PUkQyukyrDtGs0HKv2D9NchGZ1/J1M5p4eTrT+H6THwS5PnC3o5zVuewuuDeXDY8rDWj BJcntd9kBXNKpexVKwhol93mNVi2RCuzECjZ7pCWXufYrnv6XWHdyhofee7blhkaU2Yf hqsg==
X-Gm-Message-State: APjAAAWXuvNi/sz9ElgCarlYzuFzDGorqKwWnVs4tHm3LVVIt8Vs0RyL tjUHNfmmyc6MURNAZQanQ9LwNVRXT5zLzgycv9g=
X-Google-Smtp-Source: APXvYqxLp5VMHrQRNVaoCLq295IrFC4jdBOVy4J3C/+T3G0No4MR6S0RxwrGPxhzrAick8hAa4L4a9TXYR6nWk+wVec=
X-Received: by 2002:adf:f64d:: with SMTP id x13mr3670373wrp.298.1554374470644; Thu, 04 Apr 2019 03:41:10 -0700 (PDT)
MIME-Version: 1.0
References: <CAPK2Dewtg++h1-xugHV2RJp1hKszkfJOZLwm7Ydr8MKPg8MR_w@mail.gmail.com> <3C267A4E-8340-4774-9321-BFC2B33D81A6@um.es> <CAPK2Dex31CJ_OYuVBW5abujNSVYHSr0U5p1NKmz2XxmO6bc-Tg@mail.gmail.com>
In-Reply-To: <CAPK2Dex31CJ_OYuVBW5abujNSVYHSr0U5p1NKmz2XxmO6bc-Tg@mail.gmail.com>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Thu, 04 Apr 2019 19:40:31 +0900
Message-ID: <CAPK2DewX+rRhOP7aRO2xRLmhYvo45WmC_mv8nbEDYP6fHStScA@mail.gmail.com>
To: Gabriel Lopez <gabilm@um.es>
Cc: Linda Dunbar <linda.dunbar@huawei.com>, Yoav Nir <ynir.ietf@gmail.com>, "i2nsf@ietf.org" <i2nsf@ietf.org>, Chris Shen <shenyiwen7@gmail.com>, skku_secu-brain_all@googlegroups.com, "Jingyong (Tim) Kim" <wlsdyd0930@nate.com>, "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000002bb8b90585b20298"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/2IKgUk_eF_ZcdO9H94y9p9IfvGQ>
Subject: Re: [I2nsf] Request for WGLC on I2NSF YANG Data Models
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2019 10:41:17 -0000
Hi Gabriel, I have submitted a revision of the Consumer-Facing Interface Data Model draft supporting your IPsec method for IKE and IKEless cases: https://tools.ietf.org/html/draft-ietf-i2nsf-consumer-facing-interface-dm-04 Thanks. Best Regards, Paul On Mon, Apr 1, 2019 at 10:30 PM Mr. Jaehoon Paul Jeong < jaehoon.paul@gmail.com> wrote: > Hi Gabriel, > I will answer your questions inline below. > > On Mon, Apr 1, 2019 at 7:18 PM Gabriel Lopez <gabilm@um.es> wrote: > >> Hi Paul. >> >> Just a few comments about the drafts: >> >> El 28 mar 2019, a las 8:39, Mr. Jaehoon Paul Jeong < >> jaehoon.paul@gmail.com> escribió: >> >> Hi Linda and Yoav, >> As we discussed this I2NSF WG meeting, my SKKU team reflected the data >> convergence >> including I2NSF IPsec (such as ipsec-ike case and ipsec-ikeless case) on >> the three data model drafts, and then >> uploaded them into the IETF repository this morning: >> - NSF Capability Data Model >> - NSF-Facing Interface Data Model >> - Registration Interface Data Model >> >> The update of each draft is described in Changes section per draft. >> >> There is no change in Consumer-Facing Interface Data Model draft. >> >> Could you start WGLC for the following four data model drafts? >> - NSF Capability Data Model >> https://tools.ietf.org/html/draft-ietf-i2nsf-capability-data-model-04 >> >> >> >> This draft specifies whether IKE/ IKE-less cases are supported by the NSF >> or not, in the same way that it specifies if the NSF supports IPS or not. >> But the details about capabilities for ipsec or IDS are moved now to >> another draft (dong-i2nsf-asf-config). Is it right? >> > > => Yes. For the detailed configuration of ipsec, we will be able to use > your data model by > letting it be referenced by our NSF-facing interface YANG module. > We will let you know how to modify your YANG module this week so > that it can be used by our NSF-facing interface data model. > > >> >> - NSF-Facing Interface Data Model >> https://tools.ietf.org/html/draft-ietf-i2nsf-nsf-facing-interface-dm-05 >> >> >> How does it align with the security-policy-translation draft? >> > => The security policy translator translates a high-level security policy > XML file (based on Consumer-facing interface data model) > into a low-level security policy XML file (based on NSF-facing > interface data model). > In the security-policy-translation draft, > there is exemplary XML code as follows: > - High-level security policy XML Code > > https://tools.ietf.org/html/draft-yang-i2nsf-security-policy-translation-03#page-7 > > - Low-level security policy XML Code > > https://tools.ietf.org/html/draft-yang-i2nsf-security-policy-translation-03#page-18 > > >> >> - Registration Interface Data Model >> >> https://tools.ietf.org/html/draft-ietf-i2nsf-registration-interface-dm-03 >> >> >> >> >> >> - Consumer-Facing Interface Data Model >> >> https://tools.ietf.org/html/draft-ietf-i2nsf-consumer-facing-interface-dm-03 >> >> >> >> Import of the ipsec draft should not be included here. Both drafts (ipsec >> and this one) should stay both like nsf facing interface models, but not >> one integrated into the other. >> >> => This statement is not clear to me. Could you clarify this more > clearly if you have a better way? > > For Registration interface data model, we use ipsec-method (either > IKE or IKEless) that is defined in I2NSF Capability data model draft: > > https://tools.ietf.org/html/draft-ietf-i2nsf-capability-data-model-04#page-7 > > To use this ipsec-method in Registration interface data model, we > import I2NSF Capability data model as follows: > > ############################################################ > 6.1.3. NSF Capability Information - p. 11 > > https://tools.ietf.org/html/draft-ietf-i2nsf-registration-interface-dm-03#page-11 > > > > ---------------------------------------------------------------------------------------------------- > 6.2. YANG Data Modules - p. 12 > > https://tools.ietf.org/html/draft-ietf-i2nsf-registration-interface-dm-03#page-12 > > > import ietf-i2nsf-capability{ > prefix capa; > reference "draft-ietf-i2nsf-capability-data-model-04"; > } > > > ---------------------------------------------------------------------------------------------------- > grouping i2nsf-nsf-capability-info - p. 15-16 > > https://tools.ietf.org/html/draft-ietf-i2nsf-registration-interface-dm-03#page-16 > > > group i2nsf-nsf-capability-info { > description > "Detail information of an NSF"; > container i2nsf-capability { > description > "ietf i2nsf capability information"; > uses "capa:nsf-capabilities"; > reference "draft-ietf-i2nsf-capability-data-model-04"; > } > container nsf-performance-capability { > description > "performance capability"; > uses i2nsf-nsf-performance-capability; > } > } > > > ---------------------------------------------------------------------------------------------------- > Configuration Example 1~6: p. 19 > > https://tools.ietf.org/html/draft-ietf-i2nsf-registration-interface-dm-03#page-19 > > > <ipsec-method>ikeless</ipsec-method> > ############################################################ > > For the configuration of IPsec (e.g., SPD and PAD parameters) for an > NSF, could you make a YANG code > for such configuration for Registration interface YANG code and XML > code like our example in > Registration interface data model draft? > We will be able to include your YANG code to accommodate IPsec > configuration in the revision of our Registration interface data model > draft. > > If you have a better way to configure your IPsec configuration into > Security Controller, please let me know. > > => For Consumer-facing interface data model, we will include ipsec-method > (either IKE or IKEless) in > the revision of Consumer-facing interface data model draft. > This configuration will let NSFs for a high-level security policy > make an IPsec tunnel between each pair of NSFs > along the SFC path (e.g., Firewall -> DPI -> DDoS Attack Mitigator). > > I think your students can work with my students at SKKU for the test > of this integration and test. > My Ph.D student, Jinyong (Tim) Kim, is in charge of the > implementation and test. > > If you have questions, please let me know. > > Thanks. > > Best Regards, > Paul > >> >> Best regards, Gabi. >> >> >> I hope we can publish them before the IETF-105 Montreal meeting. :-) >> >> Thanks. >> >> Best Regards, >> Paul >> -- >> =========================== >> Mr. Jaehoon (Paul) Jeong, Ph.D. >> Associate Professor >> Department of Software >> Sungkyunkwan University >> Office: +82-31-299-4957 >> Email: jaehoon.paul@gmail.com, pauljeong@skku.edu >> Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php >> <http://cpslab.skku.edu/people-jaehoon-jeong.php> >> _______________________________________________ >> I2nsf mailing list >> I2nsf@ietf.org >> https://www.ietf.org/mailman/listinfo/i2nsf >> >> >> ----------------------------------------------------------- >> Gabriel López Millán >> Departamento de Ingeniería de la Información y las Comunicaciones >> University of Murcia >> Spain >> Tel: +34 868888504 >> Fax: +34 868884151 >> email: gabilm@um.es <gabilm@um.es> >> >> >> >> > > -- > =========================== > Mr. Jaehoon (Paul) Jeong, Ph.D. > Associate Professor > Department of Software > Sungkyunkwan University > Office: +82-31-299-4957 > Email: jaehoon.paul@gmail.com, pauljeong@skku.edu > Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php > <http://cpslab.skku.edu/people-jaehoon-jeong.php> > -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Associate Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: jaehoon.paul@gmail.com, pauljeong@skku.edu Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
- [I2nsf] Request for WGLC on I2NSF YANG Data Models Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for WGLC on I2NSF YANG Data M… Gabriel Lopez
- Re: [I2nsf] Request for WGLC on I2NSF YANG Data M… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for WGLC on I2NSF YANG Data M… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for WGLC on I2NSF YANG Data M… Linda Dunbar
- Re: [I2nsf] Request for WGLC on I2NSF YANG Data M… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Request for WGLC on I2NSF YANG Data M… Linda Dunbar
- Re: [I2nsf] Request for WGLC on I2NSF YANG Data M… Mr. Jaehoon Paul Jeong