[I2nsf] 答复: New Version Notification for draft-xia-i2nsf-capability-interface-im-04.txt

"Xialiang (Frank)" <frank.xialiang@huawei.com> Mon, 19 October 2015 08:23 UTC

From: "Xialiang (Frank)" <frank.xialiang@huawei.com>
To: Luyuan Fang <lufang@microsoft.com>
Thread-Topic: New Version Notification for draft-xia-i2nsf-capability-interface-im-04.txt
Thread-Index: AQHRCg+W88Za7B3DI0exKdSM/pq9FJ5yCyywgABJf6CAACJyIA==
Date: Mon, 19 Oct 2015 08:18:44 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F12AE8DEC6@SZXEMA502-MBS.china.huawei.com>
References: <C02846B1344F344EB4FAA6FA7AF481F12AE8DDB2@SZXEMA502-MBS.china.huawei.com> <DM2PR0301MB070434D50531604DCD328505D63A0@DM2PR0301MB0704.namprd03.prod.outlook.com>
In-Reply-To: <DM2PR0301MB070434D50531604DCD328505D63A0@DM2PR0301MB0704.namprd03.prod.outlook.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2nsf/HuG-pmTvbfLSuecGhAleYCwgStQ>
Cc: "i2nsf@ietf.org" <i2nsf@ietf.org>
Subject: [I2nsf] 答复: New Version Notification for draft-xia-i2nsf-capability-interface-im-04.txt
Precedence: list

Hi Luyuan,
I am interested with those you mentioned.
Please share with us~~

B.R.
Frank

-----邮件原件-----
发件人: Luyuan Fang [mailto:lufang@microsoft.com] 
发送时间: 2015年10月19日 15:37
收件人: Xialiang (Frank); i2nsf@ietf.org
主题: RE: New Version Notification for draft-xia-i2nsf-capability-interface-im-04.txt

Hi Frank,

Very good work.

Some quick comments on IPv6 - there are more need to be considered/added, like in table 1 and other places.

For example, ICMPv6 (next header 58) is very different in v6 than ICMP for v4. We must distinguish each msg type under header 58. Such as,
	- Msg type 128,129: Echo Request/Reply
	- Msg type 130 - 132: MLD
	- Msg type 133 - 137: ND (RS, RA, NS, NA, RD). 

When we implement filtering rules, we must look the v6 next header value and then the message type, to decide on the action, just basic v6 header, or the next header 58 is not good enough.

DHCPv6 also has its unique security issues. And the use of link-local carries its security risks.
These are very important when we implement ipv6 security in our Cloud, Data Centers. It would be very important in other networks too.

I can send you some suggested text for IPv6 security later, and we can discuss it.

Thanks,
Luyuan



-----Original Message-----
From: I2nsf [mailto:i2nsf-bounces@ietf.org] On Behalf Of Xialiang (Frank)
Sent: Sunday, October 18, 2015 6:53 PM
To: i2nsf@ietf.org
Subject: [I2nsf] 转发: New Version Notification for draft-xia-i2nsf-capability-interface-im-04.txt

Hi all,
We submit a latest version of I2NSF capability interface IM draft. In this draft, the main changes include:
1.  Introduce a security capability category; 2.  Restructure the draft to make it more clear; 3.  Improve the network security control IM; 4.  Add new security capabilities: content security control and attack mitigation control; 5.  Editorial changes.

Your comments are greatly appreciated!

B.R.
Frank

-----邮件原件-----
发件人: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org]
发送时间: 2015年10月19日 9:44
收件人: elopez@fortinet.com; Dacheng Zhang; DaCheng Zhang; Xialiang (Frank); Nicolas Bouthors; Edward Lopez; Nicolas BOUTHORS; Xialiang (Frank)
主题: New Version Notification for draft-xia-i2nsf-capability-interface-im-04.txt


A new version of I-D, draft-xia-i2nsf-capability-interface-im-04.txt
has been successfully submitted by Liang Xia and posted to the IETF repository.

Name:		draft-xia-i2nsf-capability-interface-im
Revision:	04
Title:		Information Model of Interface to Network Security Functions Capability Interface
Document date:	2015-10-19
Group:		Individual Submission
Pages:		23
URL:            https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2finternet-drafts%2fdraft-xia-i2nsf-capability-interface-im-04.txt&data=01%7c01%7clufang%40microsoft.com%7cbc91a3262cda4f4bd62608d2d827ff6f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=r%2fC%2fLD8r0atAlSvOAYBjGP%2bv87kHYCQ6jV0ckKrtt4M%3d
Status:         https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fdatatracker.ietf.org%2fdoc%2fdraft-xia-i2nsf-capability-interface-im%2f&data=01%7c01%7clufang%40microsoft.com%7cbc91a3262cda4f4bd62608d2d827ff6f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ZYXm6Uemtxo49E43cUD1ql1iNo2AQSe0bEUnb0VUbeM%3d
Htmlized:       https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-xia-i2nsf-capability-interface-im-04&data=01%7c01%7clufang%40microsoft.com%7cbc91a3262cda4f4bd62608d2d827ff6f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=mrozUlRKVCIs%2fcCrJvrYrG0cxXqsiTFqc9HBH%2ff9jvI%3d
Diff:           https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2frfcdiff%3furl2%3ddraft-xia-i2nsf-capability-interface-im-04&data=01%7c01%7clufang%40microsoft.com%7cbc91a3262cda4f4bd62608d2d827ff6f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=m4UGQ953OCwyvcdRCxBovltz%2buWXHqazJStaVE3Hgb4%3d

Abstract:
   This draft is focused on the capability interface of NSFs (Network
   Security Functions) and proposes its information model for
   controlling the various network security functions.

                                                                                  


Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

_______________________________________________
I2nsf mailing list
I2nsf@ietf.org
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2fi2nsf%0a&data=01%7c01%7clufang%40microsoft.com%7cbc91a3262cda4f4bd62608d2d827ff6f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=NvL%2fciCXhav5GYpn9PIAuCsSoDQKDrjm5SjWZUCOq90%3d

[I2nsf] 转发: New Version Notification for draft-xi… Xialiang (Frank)
Re: [I2nsf] New Version Notification for draft-xi… Luyuan Fang
[I2nsf] 答复: New Version Notification for draft-xi… Xialiang (Frank)