Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt
tom petch <ietfa@btconnect.com> Wed, 01 September 2021 12:06 UTC
Return-Path: <ietfa@btconnect.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 364683A0A02 for <i2nsf@ietfa.amsl.com>; Wed, 1 Sep 2021 05:06:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LRR1BEJFpzuL for <i2nsf@ietfa.amsl.com>; Wed, 1 Sep 2021 05:06:44 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80113.outbound.protection.outlook.com [40.107.8.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EC2C3A0A00 for <i2nsf@ietf.org>; Wed, 1 Sep 2021 05:06:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hfUBxeNm7OYslN9bHSghr3aUkNPTqVUJPaVEJet6m7cVarvDbmaIWc4mGpdofT2LyxK8KtPK4veSoEWdLURk3xG+ff53JbfhPbk5dUWNJW6X3Dg5uxfoeP8UGZLFpVqFPztldq/Oe17hwYa7lqOtn/lOPLy68ztUj6EIYH59V1sw2LtfUyQ04/D7DWJf6quig2BGPsn0ahlzhTqgin2OFITpJKLG3wktdZltbE/z9reNe+C+tD+gDbgfLpIC+wcwzc8iXqfScIk6oLuCe/+BEDKSfDl5U841XWiQmPcDK+zbr0apysWAABG/xkT4QWgoV3c9ikxjQYl/TtuF7fMByQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4wVUwNSyYHKeY9dDnolstZ4yPWjnUmXzvNE73J8M8q4=; b=FjsX8uGnF1KGf3944y8hOSgMK11IsbQvoLLiaTJLeu6z0PaHmXZ7iHgS1JrPXeY4l5gwLn3N7xuojVPiz+iBUstdRcuQ2wuCVsLlZL3jGfJ8Eh80H4Mpp8iYKop0Aq5ppzZ2PWPlehJ8CmyYa4pd2KMD3HL2Z532BqAm72hIgaIPtKD2DpB0CyUmZDvfHb/Ufs7QXPP/vLzxtsCp9BT9hWsFFUEZUVsgXiq6FQqsTrNFZHEsneW/adEuxuuPn21o4o/dAnwA71M5S1OZ4VojU+Jgh/Y28cKj3eQY3OokiRxBV5jEQWZ32hyTOssBw7/l7naas/MHg4WYAEucnYhfHg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4wVUwNSyYHKeY9dDnolstZ4yPWjnUmXzvNE73J8M8q4=; b=YYJzmYlLf5AR+rPMRVoX0ewIhWvInk0d8UpEmaf/e6Dxwdnbzt2MJEegG+sRUawV/JTVtrRpsKvoP/HGrHRSAINBz7T5p6gvREji3RMbNUfqBHWoCzNuz7QejSGzUClf2IJmjNtFzGaQsiqVbbre7hEJb/AMsexxpoNePRQdaXA=
Received: from AM6PR07MB5544.eurprd07.prod.outlook.com (2603:10a6:20b:8a::30) by AM7PR07MB7011.eurprd07.prod.outlook.com (2603:10a6:20b:1b3::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.10; Wed, 1 Sep 2021 12:06:41 +0000
Received: from AM6PR07MB5544.eurprd07.prod.outlook.com ([fe80::5193:fe4a:3a4f:69b0]) by AM6PR07MB5544.eurprd07.prod.outlook.com ([fe80::5193:fe4a:3a4f:69b0%5]) with mapi id 15.20.4478.017; Wed, 1 Sep 2021 12:06:41 +0000
From: tom petch <ietfa@btconnect.com>
To: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
CC: "i2nsf@ietf.org" <i2nsf@ietf.org>, Roman Danyliw <rdd@cert.org>, Linda Dunbar <linda.dunbar@futurewei.com>, Yoav Nir <ynir.ietf@gmail.com>, skku-iotlab-members <skku-iotlab-members@googlegroups.com>
Thread-Topic: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt
Thread-Index: AQHXNp/Zycw8JR7XE06cY/2ETl3i9Kt1FPeAgBrMKGY=
Date: Wed, 01 Sep 2021 12:06:41 +0000
Message-ID: <AM6PR07MB554474A522662F5842502C5DA2CD9@AM6PR07MB5544.eurprd07.prod.outlook.com>
References: <608009A7.9050907@btconnect.com> <CAPK2DezBVxzidy1BrLQoEqhhE8Zon2S=MPKBuEXTEsnh2umR9g@mail.gmail.com>
In-Reply-To: <CAPK2DezBVxzidy1BrLQoEqhhE8Zon2S=MPKBuEXTEsnh2umR9g@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=btconnect.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: fcaeb80b-0d89-4612-66e7-08d96d40f592
x-ms-traffictypediagnostic: AM7PR07MB7011:
x-microsoft-antispam-prvs: <AM7PR07MB701102F4F26638139638CA0FA2CD9@AM7PR07MB7011.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jQEi0cS9cmcC1w1gw7Jg6PX86u8dx+LQPiISKjjblM+Qo+20VofUhg+0uNQSO3zgltm0ZThmzeIW4nBTSqvO7fCVhjejEZTCiOlwo4J3jruxhr6BoJJHgQW3taCOgEM4hcHkRJHI5B2LzmEswWbTIE0Umv35XlL+2z40ODNYHRTi3l1KlvbH0xvEtLpiBh6GmEo4bwNMdjqCHpgflqC3V+OfACWUi15SKGgJnGD3BDEhuUFSlL8jKzdW7FoY6xDuyWBP+mKlb7DhkApfO9uiWyL1zqRPZ0O8M9qAUZpGtctt+lLYsIm6R6jbRNpoAsu4tbJeCK3sXowFif8/IO5x5bpUbqzncUm3VuGdbyg0Q+EvVj0rR65RW7gED7UpT+ocO1xnJITbI8x4xJ21GCdI8N7/Pv45blYo131a26pnQp3DiuS7Uf6WJeWmhphGRyKiqRqu2ElntQ3ZrTVrdbIn9Hd+twoptqJ3MU4vMpURdP+0vRkNIM2CvkJica19VteclyyZQZfS3YfsINiO9hlbJlIiXFtsf2xfyQA+VehARZGwE5QatRlpqiRrjSaOHafCfPpb0/CfVE4Suf868oAbN6lITKD11AWd5pD8NeJrQh29W+4CQnc6qIJY1oftjEBzp6VY7DtWQzsQQrQ38Lr1iHO2KBN3DHET0TpKQkxiEk0On4cfanwdTNocJW7iCKlBhLQ2/LlG649EPCJ+VFKRfzm2K7QRGvUQlrp+QIYVsivuUCD7LtuZhSM0ofFIMoT2PWdN82+d3sJMcJNYFDWLWAW7wSlfR5PKIr81nji4x4TQIfxigk2sG1aTbgwo9UXf
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR07MB5544.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(9686003)(55016002)(316002)(7696005)(26005)(83380400001)(66574015)(186003)(54906003)(6506007)(53546011)(122000001)(86362001)(71200400001)(91956017)(33656002)(6916009)(76116006)(38100700002)(66946007)(66476007)(66556008)(64756008)(66446008)(8936002)(4326008)(966005)(8676002)(52536014)(38070700005)(5660300002)(508600001)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Hn47VBPwq/gKVvNdNwSnOPA8wlD518ZcRbqKO/YVrvevJ3NVJPk6UluDr+12Fi6VJqNp38D4YzcUy/zM6HEC5rNQ2tXdFDEw7HqKEigtTOVZOhbWQiLpu8PqBU/JsN0Sxz4jNIu+KVcaEbXNpFWRqfqakRGZ7DJeQOfniXtGd96D2VXHNd66+FM6iTXld+YFy2IQotSegjMgx2Is/b8YAwr7xHkaEY/h9vRS556/VazcqNv/l5HumJkadvjtFt8yGjWZoRcUcDlc6WliTfZ6pO6HJsTt+9PA1l/Bj1DaN8N+OYe+YDCsnpVPe2/Zylo+6Gglloa0ZC1teIWLHRVego7/6DwDXmR9xoKm3YuD02r4CZH4r4jynpfdWVgC6SFhYLiVkrGQugcwKh0t82KzABg0KMkdYOwSw3HladFtuIHRdrptL4ijQR+C8zM2kJna1OqDtb9wTpGpKxOw0zwcIlXc+dQW86x2meuOOCwYd52MkS3uUlofxu2jOVmjVw5dXUmct9P63u2c4fzzEKjccSEc8u1iZMFG6g3nDZ1fQ0LIq/kDA4qvPe2upZ/86cwev1JSem7etigIGSF33SancZaKwqI3VxQ33FgbQ5mQrA92Hbskv47kZ8cKq5ieYU910RCZjy62QIrUYuxto0URtccQnaaWHd7q7gIRDDexZYDBuHO4RD5Uf8t9HsFq5A/OtllF7WR4qScVx0qYUoVkOJKNiBtRS9zmtaIPJ7e4eeGStaxsWmMuuA4wbXzgjGzSoHT5487cZJ9L7gpAydl3fTYoTJtnpzcLgCBDloWe3z8C6B+6IkSoIhH67xrpItq2PmN6Rami5EFdlVyKpHwcbH+RW3lSDfDyKM5gznOuaP+kTEZ5uwRIQhLU1ehpJxUSpwdjwaFTFLl03n+/bRRzXae7UsMt2LboT998eIGhFeAUruitS7EsbPyiAtUGt1sVj+CcIXzgiiixvXCcCTB9sbv1dhBUfXs/P6jN2X0ujLKVP6J8VveRfKPPNBho8L5dmLmjBDQ59t+TrjfvtxIh1OUbDxi68s311hSiigh++o4ZIfX7pA4SKnbD54wqdqslrrjaESP+baXqWrrKGPYONKg+U4rct11ZOXq2DvpcnNlznPHYWGZzp89WtpYLkri6hZoiQEvZEHuhBvCh3R1QZ2ACe0YF0845Ap8TmrVTkLC7/JbNfjUG3zbB0xFU6gz9Z0yhVLsYJ0l4DROUq7LP6qen+H2A8V+z6qGfvXuwyCOJTwCnGUlkRUUtnkPVRMSzvLJgwERiWV/CF1iqTi0QV1CTgXGyFvNJQpq5mGrGHOM=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM6PR07MB5544.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fcaeb80b-0d89-4612-66e7-08d96d40f592
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Sep 2021 12:06:41.3963 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4EPXevmGk9sXlvkBwam3vpdSY/eRLiaOYUOEkhWtWsMH57fau7ByqKmu+NbXKnrjBEVIklj0kI8SeKgNAr+55g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB7011
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/AbJc9Y62XHFvcCnAzO0pxfuPBT8>
Subject: Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2021 12:06:50 -0000
From: Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com> Sent: 15 August 2021 11:34 To: tom petch Hi Tom, Here are the revision letter and revised draft reflecting your comments. https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-nsf-facing-interface-dm-13 You can find my responses to your comments from page 1 in the revision letter. Patrick and I worked together for this revision. Please let me know whether this version satisfies your comments or not. <tp> Looks good, much easier to read so thank you for the masses of changes. I will need to take another look to let it all sink in but do have some minor suggestions pro tem. Some references I think need adding to the I-D references RFC4443 RFC5595 and while there are two separate references for ICMP IANA, v4 and v6, in the module there is only one in the I-D reference; IANA has two separate groups so I think that this needs bringing in line http: needs to be https: identity ingress-action is described as Base identity for action which it is not! Other I-D do have a base action from which ingress, egress etc are derived so perhaps bring the structure in line rather than just change the description. leaf-rule-priority /till/up to/ container long-connection I would value a longer description of what this is container period{ could do with another space rule-group I am unclear about this. Do the start and end rule point to the list of rules defined earlier, ie is this a leaf ref? How is the list ordered, hat starts and ends a list? I think of start and end in numeric terms as for address or port, or else alphabetic? I am unclear what this does leaf enable /This is enable/True is enabled/ perhaps Tom Petch Thanks. Best Regards, Paul On Wed, Apr 21, 2021 at 8:17 PM t petch <ietfa@btconnect.com<mailto:ietfa@btconnect.com>> wrote: This I-D is technically ok but I think asks more of users than is necessary. I get the feeling of the wheel being reinvented but with a few additions so that it is hexagonal in shape making for a bumpy ride:-) An example of this comes in the specification of ranges which occurs several times. sdn-ipsec [draft-ietf-i2nsf-sdn-ipsec-flow-protection] achieves this with grouping port-range { leaf start {type inet:port-number; } leaf end { type inet:port-number; with a note that when only one value is needed, then start=end; this is a common pattern throughout the IETF. This I-D has +--rw pkt-sec-tcp-src-port-num +--rw (match-type)? +--:(exact-match) +--rw port-num* inet:port-number +--:(range-match) +--rw range-port-num* [start-port-num end-port-num] +--rw start-port-num inet:port-number +--rw end-port-num inet:port-number more complex YANG, more complex identifiers - in the context, 'start' and 'end' seem quite enough. This applies in many such ranges in the I-D. The choice of identifier is equally prolix in other places. The nature of a YANG identifier is (almost always) apparent from the context; -type, -container and such like just get in the way. And if a compound name is needed, then I find putting the more significant elements first the clearer although manyt of the instances here would be eliminated by using just 'start' and 'end'. In a similar vein you have +--rw packet-security-ipv6-condition +--rw ipv6-description? string +--rw pkt-sec-ipv6-traffic-class* identityref +--rw pkt-sec-ipv6-flow-label +--rw pkt-sec-ipv6-payload-length Are all those pkt-sec-ipv6 adding anything given the context of packet-security-ipv6-condition? This occurs repeatedly. (The nomenclature in several places is also out of line with other i2nsf I-D). Equally, the specification of frequency seems overly complex. 'consumer-facing' has leaf start-time { type time; leaf-list date { type int32{ range "1..31"; identity day { leaf-list day { leaf-list month { type string{ pattern '\d{2}-\d{2}'; where this I-D has such as typedef day-type typedef month-type typedef start-time-type typedef end-time-type different YANG constructs - identity v type, ad-hoc types, different choices of how many points in time can be specified, one off versus list, more complex constructs and, well, just different, another accretion to the wheel. There are many references but they often poor, compared with other i2nsf I-D. The reference to IANA needs a URL and think is unhelpful in most cases where it appears. Protocols such as EIGRP are RFC but that is not mentioned. The I-D almost always has separate constructs for IPv4 and IPv6; why? RFC6991 provides IP version neutral types which e.g. sdn-ipsec uses widely. It is as if an entity here is expected to have one IPv4 address and one IPv6 address and that both need specifying. By contrast, ICMPv6 is largely ignored. Yes, it appears as a protocol but there are more than fifty ICMP error messages listed and these are v4; some carry across to v6, others do not. In a similar vein, most I-D separate OSPFv2 and OSPFv3, deriving them from a common OSPF identity which is derived from a protocol base. Is the difference of no import here? Tom Petch ----- Original Message ----- From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> To: <i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>> Cc: <i2nsf@ietf.org<mailto:i2nsf@ietf.org>> Sent: Monday, March 08, 2021 2:26 PM Subject: I-D Action: draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Interface to Network Security Functions WG of the IETF. > > Title : I2NSF Network Security Function-Facing Interface YANG Data Model > Authors : Jinyong (Tim) Kim > Jaehoon (Paul) Jeong > Jung-Soo Park > Susan Hares > Qiushi Lin > Filename : draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt > Pages : 102 > Date : 2021-03-08 > > Abstract: > This document defines a YANG data model for configuring security > policy rules on Network Security Functions (NSF) in the Interface to > Network Security Functions (I2NSF) framework. The YANG data model in > this document corresponds to the information model for NSF-Facing > Interface in the I2NSF framework. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-i2nsf-nsf-facing-interface-d m/<https://datatracker.ietf.org/doc/draft-ietf-i2nsf-nsf-facing-interface-dm/> > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-i2nsf-nsf-facing-interface-dm-12 > https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-nsf-facing-interf ace-dm-12<https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-nsf-facing-interface-dm-12> > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-i2nsf-nsf-facing-interface- dm-12<https://www.ietf.org/rfcdiff?url2=draft-ietf-i2nsf-nsf-facing-interface-dm-12> > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org<mailto:I-D-Announce@ietf.org> > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > . > > _______________________________________________ I2nsf mailing list I2nsf@ietf.org<mailto:I2nsf@ietf.org> https://www.ietf.org/mailman/listinfo/i2nsf
- [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-facing-i… internet-drafts
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… t petch
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… tom petch
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… tom petch
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… tom petch