IETF Logo Mail Archive

Re: [I2nsf] [yang-doctors] Yangdoctors last call review of draft-ietf-i2nsf-sdn-ipsec-flow-protection-08

Martin Björklund <mbj+ietf@4668.se> Wed, 23 September 2020 10:58 UTC

Return-Path: <mbj+ietf@4668.se>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE8A13A0F70; Wed, 23 Sep 2020 03:58:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.12
X-Spam-Level:
X-Spam-Status: No, score=-0.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, PDS_NAKED_TO_NUMERO=1.999, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=4668.se header.b=cNvF++Xf; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=PSHvPLgD
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ta8RYTCdeaWz; Wed, 23 Sep 2020 03:58:34 -0700 (PDT)
Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F3263A0F6D; Wed, 23 Sep 2020 03:58:34 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id 62BDFAEA; Wed, 23 Sep 2020 06:58:32 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Wed, 23 Sep 2020 06:58:33 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=4668.se; h=date :message-id:to:cc:subject:from:in-reply-to:references :mime-version:content-type:content-transfer-encoding; s=fm2; bh= gHrQ2+0qdBUGo0YgVrBVXAqyXo3IqaC4R1TuExNRf0g=; b=cNvF++Xf8I7qb714 asXV25U217mpQ0v1b8M8kr5tHj/RAdVWcfshC33S7f7TS24VF7jr6cCWtcoNt656 6oW41j1qsd7ZWXOCLSuQes9/W8HnnbfKzbOU8ArKS2E76dkMi4/NCzMv0KVRsOvQ NpjLLmctN/ZQuW1rEGYT6LT71oBxG+H9/yBRJlhpnDCdVmD99OIuEpUrQa4TXDVJ A4xqxGBjsLOin8BsWuaDqJVHIev4ML79SwTgfjmbwSPWAtpv+1IaRKFAH3avVlES HbgQ4nOAubtcaQsr/6LM0/zeJsmQs7aGc5jQ1vLeoykVTSjfz1h7Y+atXbr8qifJ +SjfpA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=gHrQ2+0qdBUGo0YgVrBVXAqyXo3IqaC4R1TuExNRf 0g=; b=PSHvPLgDsx+Bnfk8wGy8ga7BldnSDPv/BYXW/5M0k2jbX7pksdVUeB5eI WYHHS6IIu/ugexZF1A8A4H0Ax1mD188stkxAcscnmWOHmr9eaUIPfzi6pVq58EbS iLJT7HR2h3TXj/8+Doaq0P1PKqBpt/NHwhkTB9nl3sCjUnzf+7hkjRxQvSwIaEiy i/k2Eq0Op/LbdB3pq2WDQMVpbXT/J13txafHV1dXY74aTlQIn9rhhlTgI2Kpe3rJ qmNRhTYL0e3PiXc83PK7kndWdtBJJU7cHDUouzP9MzOyq85NJGXkIr3X3ZWBVGb0 xYOIiyxSTSUJEJwcPfPf33IgRXMAw==
X-ME-Sender: <xms:ViprX3ir21etEz8tjcBkMMkd7sowQJil4VrbZ_EsoPEpB-TUGUhpvw> <xme:ViprX0DuKy9pKkkE-5wDndknFdTyzzxlpWoHwjMapsRcWws05gmxxu8SaK9eOFc9Z OddETYobJVHY-2lXQw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudeigdefhecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepfffkvffuhfgjfhfogggtgfesthgsre dtredtjeenucfhrhhomhepofgrrhhtihhnuceujhpnrhhklhhunhguuceomhgsjhdoihgv thhfseegieeikedrshgvqeenucggtffrrghtthgvrhhnpeehteegtdffgfegffekvdejke evleetuedutddtfffhlefgtedvveehvdeguedtudenucfkphepudehkedrudejgedrgedr geegnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmh gsjhdoihgvthhfseegieeikedrshgv
X-ME-Proxy: <xmx:ViprX3FJIqjg_4pzGBzHcF2xefAsFOB869R7QSj7xHp19j-PCJ-WSA> <xmx:ViprX0Q3pFsbyWqQ4HJONgiVctax9FpAOT7w3S9P0fSVwD5d04TUcw> <xmx:ViprX0xkhrWcccT2A8_VpXe6xQ7M6nrU2TJE_dkWtRKpMyISWyd15A> <xmx:WCprX3yIbTmztzB92wSg6jPupsItqCfmKh5kuiTXoO-hGqC0-wTbIA>
Received: from localhost (unknown [158.174.4.44]) by mail.messagingengine.com (Postfix) with ESMTPA id 27D8E306467D; Wed, 23 Sep 2020 06:58:29 -0400 (EDT)
Date: Wed, 23 Sep 2020 12:58:26 +0200
Message-Id: <20200923.125826.1562347052257995146.id@4668.se>
To: chopps@chopps.org
Cc: rafa@um.es, rwilton=40cisco.com@dmarc.ietf.org, i2nsf@ietf.org, gabilm@um.es, draft-ietf-i2nsf-sdn-ipsec-flow-protection.all@ietf.org, ipsec@ietf.org, last-call@ietf.org, mbj+ietf@4668.se, yang-doctors@ietf.org
From: Martin Björklund <mbj+ietf@4668.se>
In-Reply-To: <70A0A406-0742-4F28-A5A4-8D539B160E24@chopps.org>
References: <MN2PR11MB4366E30B3C372D13B391AE07B53B0@MN2PR11MB4366.namprd11.prod.outlook.com> <2B88888E-A264-4D81-A8DA-9C6225E83E0E@um.es> <70A0A406-0742-4F28-A5A4-8D539B160E24@chopps.org>
X-Mailer: Mew version 6.8 on Emacs 26.3
Mime-Version: 1.0
Content-Type: Text/Plain; charset="utf-8"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/3i0eu6qWjOUJ3elnL_7XsWje0xw>
Subject: Re: [I2nsf] [yang-doctors] Yangdoctors last call review of draft-ietf-i2nsf-sdn-ipsec-flow-protection-08
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2020 10:58:36 -0000

Hi,

Christian Hopps <chopps@chopps.org> wrote:
> 
> 
> > On Sep 23, 2020, at 5:29 AM, Rafa Marin-Lopez <rafa@um.es> wrote:
> > 
> >> 
> >> 
> >> But I would like to check: My understanding is that the changes that
> >> Chris is proposing are pretty small.  I.e. move the SA structure under
> >> ipsec-common, and put it under a YANG feature.  Are you sure that it
> >> is impractical to accommodate this change which would allow a single
> >> ipsec module to be shared and extended via YANG augmentations?
> > 
> > 
> > In the context of our I-D, if we move SAD structure to ipsec-common,
> > what we are meaning is that IPsec SA configuration data (setting
> > values to the SAD structure) are common to the IKE case and the
> > IKE-less cases, which are not. It is confusing.
> 
> Something defined in a common module but marked as a feature does not
> imply that that feature has to be implemented by an importing
> module. This is not confusing to YANG implementers or users I
> think. If we are just talking about document flow here, then a
> sentence saying "the SAD feature is not required to implement IKE
> functionality" is quite enough to clear that up I think.

Another alternative could be to move these containers to another
(new) module.


/martin



> 
> Thanks,
> Chris.
> 
> > Moreover, the usage of feature means that, after all, this “common” is
> > not “common” to both cases IKE case and IKE-less. Again, it seems
> > confusing. In the IKE case, the SDN/I2NSF controller does not
> > configure the SAD at all but the IKE implementation in the NSF. In our
> > opinion, in order to properly add this IPsec SA operational state to
> > the IKE case we should include operational data about the IPsec SAs
> > (config false) to the ietf-ipsec-ike. Alternatively, we have certain
> > operational data (ro) in the SAD structure in the IKE-less case. If
> > only those are moved to the common part should be ok but we think it
> > does not solve the problem.
> > 
>

v2.23.0 | Report a Bug | By Email