IETF Logo Mail Archive

Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt

tom petch <ietfa@btconnect.com> Wed, 01 September 2021 12:06 UTC

Return-Path: <ietfa@btconnect.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 364683A0A02 for <i2nsf@ietfa.amsl.com>; Wed, 1 Sep 2021 05:06:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LRR1BEJFpzuL for <i2nsf@ietfa.amsl.com>; Wed, 1 Sep 2021 05:06:44 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80113.outbound.protection.outlook.com [40.107.8.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EC2C3A0A00 for <i2nsf@ietf.org>; Wed, 1 Sep 2021 05:06:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hfUBxeNm7OYslN9bHSghr3aUkNPTqVUJPaVEJet6m7cVarvDbmaIWc4mGpdofT2LyxK8KtPK4veSoEWdLURk3xG+ff53JbfhPbk5dUWNJW6X3Dg5uxfoeP8UGZLFpVqFPztldq/Oe17hwYa7lqOtn/lOPLy68ztUj6EIYH59V1sw2LtfUyQ04/D7DWJf6quig2BGPsn0ahlzhTqgin2OFITpJKLG3wktdZltbE/z9reNe+C+tD+gDbgfLpIC+wcwzc8iXqfScIk6oLuCe/+BEDKSfDl5U841XWiQmPcDK+zbr0apysWAABG/xkT4QWgoV3c9ikxjQYl/TtuF7fMByQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4wVUwNSyYHKeY9dDnolstZ4yPWjnUmXzvNE73J8M8q4=; b=FjsX8uGnF1KGf3944y8hOSgMK11IsbQvoLLiaTJLeu6z0PaHmXZ7iHgS1JrPXeY4l5gwLn3N7xuojVPiz+iBUstdRcuQ2wuCVsLlZL3jGfJ8Eh80H4Mpp8iYKop0Aq5ppzZ2PWPlehJ8CmyYa4pd2KMD3HL2Z532BqAm72hIgaIPtKD2DpB0CyUmZDvfHb/Ufs7QXPP/vLzxtsCp9BT9hWsFFUEZUVsgXiq6FQqsTrNFZHEsneW/adEuxuuPn21o4o/dAnwA71M5S1OZ4VojU+Jgh/Y28cKj3eQY3OokiRxBV5jEQWZ32hyTOssBw7/l7naas/MHg4WYAEucnYhfHg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4wVUwNSyYHKeY9dDnolstZ4yPWjnUmXzvNE73J8M8q4=; b=YYJzmYlLf5AR+rPMRVoX0ewIhWvInk0d8UpEmaf/e6Dxwdnbzt2MJEegG+sRUawV/JTVtrRpsKvoP/HGrHRSAINBz7T5p6gvREji3RMbNUfqBHWoCzNuz7QejSGzUClf2IJmjNtFzGaQsiqVbbre7hEJb/AMsexxpoNePRQdaXA=
Received: from AM6PR07MB5544.eurprd07.prod.outlook.com (2603:10a6:20b:8a::30) by AM7PR07MB7011.eurprd07.prod.outlook.com (2603:10a6:20b:1b3::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.10; Wed, 1 Sep 2021 12:06:41 +0000
Received: from AM6PR07MB5544.eurprd07.prod.outlook.com ([fe80::5193:fe4a:3a4f:69b0]) by AM6PR07MB5544.eurprd07.prod.outlook.com ([fe80::5193:fe4a:3a4f:69b0%5]) with mapi id 15.20.4478.017; Wed, 1 Sep 2021 12:06:41 +0000
From: tom petch <ietfa@btconnect.com>
To: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
CC: "i2nsf@ietf.org" <i2nsf@ietf.org>, Roman Danyliw <rdd@cert.org>, Linda Dunbar <linda.dunbar@futurewei.com>, Yoav Nir <ynir.ietf@gmail.com>, skku-iotlab-members <skku-iotlab-members@googlegroups.com>
Thread-Topic: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt
Thread-Index: AQHXNp/Zycw8JR7XE06cY/2ETl3i9Kt1FPeAgBrMKGY=
Date: Wed, 01 Sep 2021 12:06:41 +0000
Message-ID: <AM6PR07MB554474A522662F5842502C5DA2CD9@AM6PR07MB5544.eurprd07.prod.outlook.com>
References: <608009A7.9050907@btconnect.com> <CAPK2DezBVxzidy1BrLQoEqhhE8Zon2S=MPKBuEXTEsnh2umR9g@mail.gmail.com>
In-Reply-To: <CAPK2DezBVxzidy1BrLQoEqhhE8Zon2S=MPKBuEXTEsnh2umR9g@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=btconnect.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fcaeb80b-0d89-4612-66e7-08d96d40f592
x-ms-traffictypediagnostic: AM7PR07MB7011:
x-microsoft-antispam-prvs: <AM7PR07MB701102F4F26638139638CA0FA2CD9@AM7PR07MB7011.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jQEi0cS9cmcC1w1gw7Jg6PX86u8dx+LQPiISKjjblM+Qo+20VofUhg+0uNQSO3zgltm0ZThmzeIW4nBTSqvO7fCVhjejEZTCiOlwo4J3jruxhr6BoJJHgQW3taCOgEM4hcHkRJHI5B2LzmEswWbTIE0Umv35XlL+2z40ODNYHRTi3l1KlvbH0xvEtLpiBh6GmEo4bwNMdjqCHpgflqC3V+OfACWUi15SKGgJnGD3BDEhuUFSlL8jKzdW7FoY6xDuyWBP+mKlb7DhkApfO9uiWyL1zqRPZ0O8M9qAUZpGtctt+lLYsIm6R6jbRNpoAsu4tbJeCK3sXowFif8/IO5x5bpUbqzncUm3VuGdbyg0Q+EvVj0rR65RW7gED7UpT+ocO1xnJITbI8x4xJ21GCdI8N7/Pv45blYo131a26pnQp3DiuS7Uf6WJeWmhphGRyKiqRqu2ElntQ3ZrTVrdbIn9Hd+twoptqJ3MU4vMpURdP+0vRkNIM2CvkJica19VteclyyZQZfS3YfsINiO9hlbJlIiXFtsf2xfyQA+VehARZGwE5QatRlpqiRrjSaOHafCfPpb0/CfVE4Suf868oAbN6lITKD11AWd5pD8NeJrQh29W+4CQnc6qIJY1oftjEBzp6VY7DtWQzsQQrQ38Lr1iHO2KBN3DHET0TpKQkxiEk0On4cfanwdTNocJW7iCKlBhLQ2/LlG649EPCJ+VFKRfzm2K7QRGvUQlrp+QIYVsivuUCD7LtuZhSM0ofFIMoT2PWdN82+d3sJMcJNYFDWLWAW7wSlfR5PKIr81nji4x4TQIfxigk2sG1aTbgwo9UXf
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR07MB5544.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(9686003)(55016002)(316002)(7696005)(26005)(83380400001)(66574015)(186003)(54906003)(6506007)(53546011)(122000001)(86362001)(71200400001)(91956017)(33656002)(6916009)(76116006)(38100700002)(66946007)(66476007)(66556008)(64756008)(66446008)(8936002)(4326008)(966005)(8676002)(52536014)(38070700005)(5660300002)(508600001)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Hn47VBPwq/gKVvNdNwSnOPA8wlD518ZcRbqKO/YVrvevJ3NVJPk6UluDr+12Fi6VJqNp38D4YzcUy/zM6HEC5rNQ2tXdFDEw7HqKEigtTOVZOhbWQiLpu8PqBU/JsN0Sxz4jNIu+KVcaEbXNpFWRqfqakRGZ7DJeQOfniXtGd96D2VXHNd66+FM6iTXld+YFy2IQotSegjMgx2Is/b8YAwr7xHkaEY/h9vRS556/VazcqNv/l5HumJkadvjtFt8yGjWZoRcUcDlc6WliTfZ6pO6HJsTt+9PA1l/Bj1DaN8N+OYe+YDCsnpVPe2/Zylo+6Gglloa0ZC1teIWLHRVego7/6DwDXmR9xoKm3YuD02r4CZH4r4jynpfdWVgC6SFhYLiVkrGQugcwKh0t82KzABg0KMkdYOwSw3HladFtuIHRdrptL4ijQR+C8zM2kJna1OqDtb9wTpGpKxOw0zwcIlXc+dQW86x2meuOOCwYd52MkS3uUlofxu2jOVmjVw5dXUmct9P63u2c4fzzEKjccSEc8u1iZMFG6g3nDZ1fQ0LIq/kDA4qvPe2upZ/86cwev1JSem7etigIGSF33SancZaKwqI3VxQ33FgbQ5mQrA92Hbskv47kZ8cKq5ieYU910RCZjy62QIrUYuxto0URtccQnaaWHd7q7gIRDDexZYDBuHO4RD5Uf8t9HsFq5A/OtllF7WR4qScVx0qYUoVkOJKNiBtRS9zmtaIPJ7e4eeGStaxsWmMuuA4wbXzgjGzSoHT5487cZJ9L7gpAydl3fTYoTJtnpzcLgCBDloWe3z8C6B+6IkSoIhH67xrpItq2PmN6Rami5EFdlVyKpHwcbH+RW3lSDfDyKM5gznOuaP+kTEZ5uwRIQhLU1ehpJxUSpwdjwaFTFLl03n+/bRRzXae7UsMt2LboT998eIGhFeAUruitS7EsbPyiAtUGt1sVj+CcIXzgiiixvXCcCTB9sbv1dhBUfXs/P6jN2X0ujLKVP6J8VveRfKPPNBho8L5dmLmjBDQ59t+TrjfvtxIh1OUbDxi68s311hSiigh++o4ZIfX7pA4SKnbD54wqdqslrrjaESP+baXqWrrKGPYONKg+U4rct11ZOXq2DvpcnNlznPHYWGZzp89WtpYLkri6hZoiQEvZEHuhBvCh3R1QZ2ACe0YF0845Ap8TmrVTkLC7/JbNfjUG3zbB0xFU6gz9Z0yhVLsYJ0l4DROUq7LP6qen+H2A8V+z6qGfvXuwyCOJTwCnGUlkRUUtnkPVRMSzvLJgwERiWV/CF1iqTi0QV1CTgXGyFvNJQpq5mGrGHOM=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM6PR07MB5544.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fcaeb80b-0d89-4612-66e7-08d96d40f592
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Sep 2021 12:06:41.3963 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4EPXevmGk9sXlvkBwam3vpdSY/eRLiaOYUOEkhWtWsMH57fau7ByqKmu+NbXKnrjBEVIklj0kI8SeKgNAr+55g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB7011
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/AbJc9Y62XHFvcCnAzO0pxfuPBT8>
Subject: Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2021 12:06:50 -0000

From: Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com>
Sent: 15 August 2021 11:34
To: tom petch

Hi Tom,
Here are the revision letter and revised draft reflecting your comments.

https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-nsf-facing-interface-dm-13

You can find my responses to your comments from page 1 in the revision letter.

Patrick and I worked together for this revision.

Please let me know whether this version satisfies your comments or not.

<tp>

Looks good, much easier to read so thank you for the masses of changes.  I will need to take another look to let it all sink in but do have some minor suggestions pro tem.

Some references I think need adding to the I-D references
RFC4443
RFC5595
and while there are two separate references for ICMP IANA, v4 and v6, in the module there is only one in the I-D reference; IANA has two separate groups so I think that this needs bringing in line

http: needs to be https:

identity ingress-action
is described as
Base identity for action
which it is not!  Other I-D do have a base action from which ingress, egress etc are derived so perhaps bring the structure in line rather than just change the description.

leaf-rule-priority
/till/up to/

container long-connection
I would value a longer description of what this is

container period{
could do with another space

rule-group
I am unclear about this.  Do the start and end rule point to the list of rules defined earlier, ie is this a leaf ref?  How is the list ordered, hat starts and ends a list?  I think of start and end in numeric terms as for address or port, or else alphabetic? I am unclear what this does

leaf enable
/This is enable/True is enabled/
perhaps

Tom Petch
Thanks.

Best Regards,
Paul

On Wed, Apr 21, 2021 at 8:17 PM t petch <ietfa@btconnect.com<mailto:ietfa@btconnect.com>> wrote:
This I-D is technically ok but I think asks more of users than is
necessary.  I get the feeling of the wheel being reinvented but with a
few additions so that it is hexagonal in shape making for a bumpy ride:-)

An example of this comes in the specification of ranges which occurs
several times.  sdn-ipsec [draft-ietf-i2nsf-sdn-ipsec-flow-protection]
achieves this with
       grouping port-range  {
         leaf start {type inet:port-number;      }
         leaf end { type inet:port-number;
with a note that when only one value is needed, then start=end; this is
a common pattern throughout the IETF.  This I-D has
   +--rw pkt-sec-tcp-src-port-num
   +--rw (match-type)?
    +--:(exact-match)
   +--rw port-num*         inet:port-number
   +--:(range-match)
   +--rw range-port-num*   [start-port-num end-port-num]
   +--rw start-port-num    inet:port-number
   +--rw end-port-num      inet:port-number
more complex YANG, more complex identifiers - in the context, 'start'
and 'end' seem quite enough.  This applies in many such ranges in the I-D.

The choice of identifier is equally prolix in other places.  The nature
of a YANG identifier is (almost always) apparent from the
context; -type, -container and such like just get in the way.  And if a
compound name is needed, then I find putting the more significant
elements first the clearer although manyt of the instances here would be
eliminated by using just 'start' and 'end'.  In a similar vein you have
+--rw packet-security-ipv6-condition
   +--rw ipv6-description?              string
   +--rw pkt-sec-ipv6-traffic-class*    identityref
   +--rw pkt-sec-ipv6-flow-label
   +--rw pkt-sec-ipv6-payload-length
Are all those pkt-sec-ipv6 adding anything given the context of
packet-security-ipv6-condition?  This occurs repeatedly.  (The
nomenclature in several places is also out of line with other i2nsf
I-D).

Equally, the specification of frequency seems overly complex.
'consumer-facing' has
               leaf start-time {
                 type time;
               leaf-list date {
                 type int32{
                   range "1..31";

          identity day {
               leaf-list day {

               leaf-list month {
                 type string{
                   pattern '\d{2}-\d{2}';
where this I-D has such as
    typedef day-type
    typedef month-type
    typedef start-time-type
    typedef end-time-type
different YANG constructs - identity v type, ad-hoc types, different
choices of how many points in time can be specified, one off versus
list, more complex constructs and, well, just different, another
accretion to the wheel.

There are many references but they often poor, compared with other i2nsf
I-D. The reference to IANA needs a URL and think is unhelpful in most
cases where it appears.  Protocols such as EIGRP are RFC but that is not
mentioned.

The I-D almost always has separate constructs for IPv4 and IPv6; why?
RFC6991 provides IP version neutral types which e.g. sdn-ipsec uses
widely.  It is as if an entity here is expected to have one IPv4 address
and one IPv6 address  and that both need specifying.

By contrast, ICMPv6 is largely ignored.  Yes, it appears as a protocol
but there are more than fifty ICMP error messages listed and these are
v4; some carry across to v6, others do not.

In a similar vein, most I-D separate OSPFv2 and OSPFv3, deriving them
from a common OSPF identity which is derived from a protocol base.  Is
the difference of no import here?

Tom Petch

----- Original Message -----
From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
To: <i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>>
Cc: <i2nsf@ietf.org<mailto:i2nsf@ietf.org>>
Sent: Monday, March 08, 2021 2:26 PM
Subject: I-D Action: draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt


>
> A New Internet-Draft is available from the on-line Internet-Drafts
directories.
> This draft is a work item of the Interface to Network Security
Functions WG of the IETF.
>
>         Title           : I2NSF Network Security Function-Facing
Interface YANG Data Model
>         Authors         : Jinyong (Tim) Kim
>                           Jaehoon (Paul) Jeong
>                           Jung-Soo Park
>                           Susan Hares
>                           Qiushi Lin
>         Filename        :
draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt
>         Pages           : 102
>         Date            : 2021-03-08
>
> Abstract:
>    This document defines a YANG data model for configuring security
>    policy rules on Network Security Functions (NSF) in the Interface
to
>    Network Security Functions (I2NSF) framework.  The YANG data model
in
>    this document corresponds to the information model for NSF-Facing
>    Interface in the I2NSF framework.
>
>
> The IETF datatracker status page for this draft is:
>
https://datatracker.ietf.org/doc/draft-ietf-i2nsf-nsf-facing-interface-d
m/<https://datatracker.ietf.org/doc/draft-ietf-i2nsf-nsf-facing-interface-dm/>
>
> There are also htmlized versions available at:
>
https://tools.ietf.org/html/draft-ietf-i2nsf-nsf-facing-interface-dm-12
>
https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-nsf-facing-interf
ace-dm-12<https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-nsf-facing-interface-dm-12>
>
> A diff from the previous version is available at:
>
https://www.ietf.org/rfcdiff?url2=draft-ietf-i2nsf-nsf-facing-interface-
dm-12<https://www.ietf.org/rfcdiff?url2=draft-ietf-i2nsf-nsf-facing-interface-dm-12>
>
>
> Please note that it may take a couple of minutes from the time of
submission
> until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
>
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce@ietf.org<mailto:I-D-Announce@ietf.org>
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> .
>
>

_______________________________________________
I2nsf mailing list
I2nsf@ietf.org<mailto:I2nsf@ietf.org>
https://www.ietf.org/mailman/listinfo/i2nsf

v2.23.0 | Report a Bug | By Email