IETF Logo Mail Archive

Re: [I2nsf] IETF 114 I2NSF agenda uploaded

Rafa Marín López <rafa@um.es> Fri, 22 July 2022 09:41 UTC

Return-Path: <rafa@um.es>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69AE7C16ECC0 for <i2nsf@ietfa.amsl.com>; Fri, 22 Jul 2022 02:41:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.009
X-Spam-Level:
X-Spam-Status: No, score=-7.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=um.es
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TTXD23XjIerb for <i2nsf@ietfa.amsl.com>; Fri, 22 Jul 2022 02:41:23 -0700 (PDT)
Received: from mx02.puc.rediris.es (outbound2sev.lav.puc.rediris.es [130.206.19.171]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7131C157908 for <i2nsf@ietf.org>; Fri, 22 Jul 2022 02:41:22 -0700 (PDT)
Authentication-Results: mx02.puc.rediris.es; spf=pass (rediris.es: domain of rafa@um.es designates 155.54.212.170 as permitted sender) smtp.mailfrom=rafa@um.es
Received: from xenon43.um.es (xenon43.um.es [155.54.212.170]) by mx02.puc.rediris.es with ESMTP id 26M9fGbq021577-26M9fGbr021577; Fri, 22 Jul 2022 11:41:16 +0200
Received: from localhost (localhost [127.0.0.1]) by xenon43.um.es (Postfix) with ESMTP id 51C54212E9; Fri, 22 Jul 2022 11:41:16 +0200 (CEST)
X-Virus-Scanned: by antispam in UMU at xenon43.um.es
Received: from xenon43.um.es ([127.0.0.1]) by localhost (xenon43.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id fnqx2cb5LngP; Fri, 22 Jul 2022 11:41:16 +0200 (CEST)
Received: from smtpclient.apple (inf-205-228.inf.um.es [155.54.205.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: rafa@um.es) by xenon43.um.es (Postfix) with ESMTPSA id 2C0AD1FEF1; Fri, 22 Jul 2022 11:41:11 +0200 (CEST)
From: Rafa Marín López <rafa@um.es>
Message-Id: <4287A07D-E1F4-4C71-B0B1-8A00E290594D@um.es>
Content-Type: multipart/alternative; boundary="Apple-Mail=_CBDF22B8-9F68-46A1-BBD4-B5633F766600"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
Date: Fri, 22 Jul 2022 11:41:10 +0200
In-Reply-To: <CAPK2Dex2zkoNxr7F9vvbTm6r9OvAmtUcmY=Fd279Xaq_uCWcsA@mail.gmail.com>
Cc: Rafa Marín López <rafa@um.es>, Susan Hares <shares@ndzh.com>, Linda Dunbar <linda.dunbar@futurewei.com>, "i2nsf@ietf.org" <i2nsf@ietf.org>, skku-iotlab-members <skku-iotlab-members@googlegroups.com>
To: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
References: <CO1PR13MB49205BB48AB81D9BE50E0E77858F9@CO1PR13MB4920.namprd13.prod.outlook.com> <BYAPR08MB4872301332C1854F7DA78AFFB38F9@BYAPR08MB4872.namprd08.prod.outlook.com> <CO1PR13MB4920200D70DC11FBF9DDA04E858F9@CO1PR13MB4920.namprd13.prod.outlook.com> <BYAPR08MB48722EA2CCAD37AC12960FEFB38E9@BYAPR08MB4872.namprd08.prod.outlook.com> <CAPK2Dex2zkoNxr7F9vvbTm6r9OvAmtUcmY=Fd279Xaq_uCWcsA@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
X-FEAS-SPF: spf-result=pass, ip=155.54.212.170, helo=xenon43.um.es, mailFrom=rafa@um.es
X-FE-Policy-ID: 23:15:4:SYSTEM
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=um.es; s=DKIM; c=relaxed/relaxed; h=from:message-id:content-type:mime-version:subject:date:cc:to:references; bh=msiEBLunygJ4bQYSkPHMqYN1N0yTcL5O3QV8DOQmAdM=; b=K3dcZdFD7drNWbqEXg+SLwBmPaw6KqtUiSZMRgCLK7ajVVbtHVZ3tGF/5P9sq2alXzQAzM+CRdce EPq9QLa+LYNvxXZSg8nLO1VK9KnBnx+pUf6WbTJwKie42dGBpLkmx2z4kmsp2+v8QNr6S8DPK320 ELwo2AdnVZqyMv9gLjMo1B48HM3IznWftpIsXSU4+VDr9fzvdmqyOIWKx3aDf/Q3Tma3o4GLH/gG S8cgWSYY7Yeq+PwBXs+1lkqa3FttTxB5XEmuTQd3MsXNw5lieMWxwiur28mMhjUPjRAcl8CNswLf HKLAcCWGfdYTw1GQkRymRkRWj8UNqciv5kwhrw==
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/CNWDZ5lIkP-F9Hkjz1DdXBl-tt8>
Subject: Re: [I2nsf] IETF 114 I2NSF agenda uploaded
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jul 2022 09:41:27 -0000

Dear Paul, all:

> El 20 jul 2022, a las 17:38, Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com> escribió:
> 
> Hi Sue,
> I have much interest in your proposed item.

Yes, we do as well.

> I think the following RFC 9061 can be used for the IPsec interface for BGP over IPsec.
> 
> - RFC 9061: A YANG Data Model for IPsec Flow Protection Based on Software-Defined Networking (SDN)
> https://datatracker.ietf.org/doc/html/rfc9061 <https://datatracker.ietf.org/doc/html/rfc9061>

Yes, we agree with this view.
> 
> We can regard BGP routers as NSFs, and we can run either IKE or IKE-less approach in RFC 9061.

Correct.
> We can also extend the approach in RFC 9061 so that it can accommodate BGP message exchanges 
> (e.g., AS-PATH and NEXT-HOP attributes).
> 
> I will investigate RFC 9061 more to see whether my comments are correct or not.

Paul, Sue, with a clear list of requirements and needs (i.e. what information needs to be configured), we may give precise information about how RFC 9061 can help on this and to discover whether this extension is needed or not. And , in case it is needed, how to carry out this modification.

Best Regards.

> 
> Thanks.
> 
> Best Regards,
> Paul
> 
> On Wed, Jul 20, 2022 at 8:55 PM Susan Hares <shares@ndzh.com <mailto:shares@ndzh.com>> wrote:
> Linda:
> 
>  
> 
> I apologize for being unclear.  We ran into a few problems with trying to complete the BGP Yang model in the area of IPsec links.   BGP runs over TCP over IPsec links in some scenarios.  When creating the modeling, it was unclear which Yang modules were targeted to support this feature.
> 
>  
> 
> What I need is advice from the I2NSF and the IPSECME on the place to ask for work additions to support BGP peers.
> 
>  
> 
> The scenario is between two BGP routers. The type of IPsec connections between BGP routers can be:  
> 
> within a trusted cloud (same administrative domain, same trust cloud),
> across a physically secure private link,
> across the open Internet (where attacks happen).
>  
> 
> The key is we want to configure and monitor the IPsec link. 
> 
>  
> 
> As BGP co-authors looked at this, I did not understand which group to ask help from.  I volunteered to  ask for help.
> 
>  
> 
> If you or anyone can point me to where to go without taking valuable WG time, it would be great.  If you need me to explain more on email, I’d be glad to.
> 
>  
> 
> Rather than just pose this question from the Mike-line, I thought I’d ask ahead of time.
> 
>  
> 
> Cheers, sue
> 
>  
> 
> From: Linda Dunbar <linda.dunbar@futurewei.com <mailto:linda.dunbar@futurewei.com>> 
> Sent: Tuesday, July 19, 2022 6:09 PM
> To: Susan Hares <shares@ndzh.com <mailto:shares@ndzh.com>>; i2nsf@ietf.org <mailto:i2nsf@ietf.org>
> Subject: RE: IETF 114 I2NSF agenda uploaded
> 
>  
> 
> 
>  
> 
> Sue,
> 
>  
> 
> Are you talking about IPsec between two trusted nodes?
> 
> Something different from the IPsecme WG?
> 
>  
> 
> Linda
> 
>  
> 
> From: Susan Hares <shares@ndzh.com <mailto:shares@ndzh.com>> 
> Sent: Tuesday, July 19, 2022 3:00 PM
> To: Linda Dunbar <linda.dunbar@futurewei.com <mailto:linda.dunbar@futurewei.com>>; i2nsf@ietf.org <mailto:i2nsf@ietf.org>
> Subject: RE: IETF 114 I2NSF agenda uploaded
> 
>  
> 
> Linda:
> 
>  
> 
> In the recharter discussion, is it appropriate to ask about specific items such as additions to ipsec work in I2NSF?  
> 
> I do not have a draft for this work.  
> 
>  
> 
> Sue
> 
>  
> 
> From: I2nsf <i2nsf-bounces@ietf.org <mailto:i2nsf-bounces@ietf.org>> On Behalf Of Linda Dunbar
> Sent: Tuesday, July 19, 2022 3:44 PM
> To: i2nsf@ietf.org <mailto:i2nsf@ietf.org>
> Subject: [I2nsf] IETF 114 I2NSF agenda uploaded
> 
>  
> 
>  
> 
> I2NSF WG,
> 
>  
> 
> Here is the agenda for next week’s I2NSF session (Tuesday).
> 
>  
> 
> https://datatracker.ietf.org/doc/agenda-114-i2nsf/ <https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fagenda-114-i2nsf%2F&data=05%7C01%7Clinda.dunbar%40futurewei.com%7C8b5d4da98b89456a579d08da69c1548c%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637938576342441642%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000%7C%7C%7C&sdata=N040a56pN%2BLVElz5IOt4jddwoHRH1pKTpTkAPMhd%2BD4%3D&reserved=0>
>  
> 
> Please let me know if I miss anything.
> 
>  
> 
> Thank you.
> 
> Linda
> 
> _______________________________________________
> I2nsf mailing list
> I2nsf@ietf.org <mailto:I2nsf@ietf.org>
> https://www.ietf.org/mailman/listinfo/i2nsf <https://www.ietf.org/mailman/listinfo/i2nsf>
> _______________________________________________
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf

------------------------------------------------------
Rafa Marin-Lopez, PhD
Dept. Information and Communications Engineering (DIIC)
Faculty of Computer Science-University of Murcia
30100 Murcia - Spain
Telf: +34868888501 Fax: +34868884151 e-mail: rafa@um.es
-------------------------------------------------------

v2.23.0 | Report a Bug | By Email