Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt

tom petch <ietfa@btconnect.com> Fri, 23 April 2021 09:43 UTC

Return-Path: <ietfa@btconnect.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E422C3A146A for <i2nsf@ietfa.amsl.com>; Fri, 23 Apr 2021 02:43:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ReHOs2uYTe4z for <i2nsf@ietfa.amsl.com>; Fri, 23 Apr 2021 02:43:49 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2098.outbound.protection.outlook.com [40.107.20.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D58FD3A1468 for <i2nsf@ietf.org>; Fri, 23 Apr 2021 02:43:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=it/GemWE4y9ZiwCdXtqq9PdSy+WQNLLqvkpU3ki+kVK0jRYEMUDyr+nWUu0XQz6XhjQDHuYFu2OZLTW0TXdUxLjKWgaBeGAseGqbUEFe4pwigFaJzEPsalNiWd7SZRO44EQ1XJc+xDr5Zpj5mwzdb3ymmnasBxV7TAz3YHaW8qBKZt6mJnMWE5PdZ2MMzhHhhsSwOAutS1oAv/0gexA6RNa+o8WRe5Pql6kSN5U+ZI0vx30RNlHbhkgsQXdBwc+ditlzCi+mFD9w+25We6w+UqRfjTYCSm2Rh0Wg+BD0gYBcNbybzbIc4DZ58UkHae8y8RLcw7N0u/6ey/17vYXVUA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2QrSWA5Rl1+K/EJ0eu5TuccY076oBk06YtJCmlKnbDA=; b=TumO6hlk287AalJhLWLY9W6IVhHWOcRukfzzK6yRY4AzuBDZ09V2zIyKL54sX6zmD5I2OA69KwtXKw8mUgHGNDwYJqv0+S4DqCxRGzz0BC+yO9m76rvr392ZA8KyiizpIZO1l//O0TVTrekXNYB0OALc8RrUjwQOaOxyX73KrAlBDpfKXZhAhAJfIpdqcbp3QapVqHo2+esyR7T419dlwUjmkxErP0JS24+j9U1ILMq+LWzD1ehm84leKcxmFuJaj6DkWNrl0P9uLtbElQMnWXZxJ0qGXZSR4g8N5WXUlA6Muo/dddAZYT/HJerNtwXKCnzaOnMwbG63Lol8ymouQA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2QrSWA5Rl1+K/EJ0eu5TuccY076oBk06YtJCmlKnbDA=; b=IOp9vSkGCAEp3pthsCx+6P++8GE85cIc/QlbrJ7WbVsD4yfVEM2egM9NOMm4Fz2Cc5gQx2NRdOCZFglC+EYzfGVDcxbz7ERu/nCTvRBJIJ0x+lUOLFeUSDXrtN/Fh+dV0RwVRpoZnTR9rvY+oLCISUqch1ex1GXCpcyiAZ1opSg=
Received: from DB7PR07MB5546.eurprd07.prod.outlook.com (2603:10a6:10:73::23) by DB7PR07MB5749.eurprd07.prod.outlook.com (2603:10a6:10:2b::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.6; Fri, 23 Apr 2021 09:43:46 +0000
Received: from DB7PR07MB5546.eurprd07.prod.outlook.com ([fe80::ddb2:16dd:9380:90c7]) by DB7PR07MB5546.eurprd07.prod.outlook.com ([fe80::ddb2:16dd:9380:90c7%3]) with mapi id 15.20.4087.019; Fri, 23 Apr 2021 09:43:46 +0000
From: tom petch <ietfa@btconnect.com>
To: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
CC: "i2nsf@ietf.org" <i2nsf@ietf.org>, Jinyong Tim Kim <timkim09230930@gmail.com>, Patrick Lingga <patricklink888@gmail.com>
Thread-Topic: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt
Thread-Index: AQHXNp/Zycw8JR7XE06cY/2ETl3i9KrAcvYAgAFoG1I=
Date: Fri, 23 Apr 2021 09:43:45 +0000
Message-ID: <DB7PR07MB55464BEDD33460642B17694AA2459@DB7PR07MB5546.eurprd07.prod.outlook.com>
References: <608009A7.9050907@btconnect.com>, <CAPK2DexZ8MVDxUFOA2HMrDjecHvyaZMadVsttEht3GRuFHXJZQ@mail.gmail.com>
In-Reply-To: <CAPK2DexZ8MVDxUFOA2HMrDjecHvyaZMadVsttEht3GRuFHXJZQ@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=btconnect.com;
x-originating-ip: [86.143.250.49]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f3688105-29ff-45e5-ea6c-08d9063c4a1d
x-ms-traffictypediagnostic: DB7PR07MB5749:
x-microsoft-antispam-prvs: <DB7PR07MB574938C1E3108120A071A003A2459@DB7PR07MB5749.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2MhTQb2LTg41vOJ4/W5IftdpBsp8AYoUW8M5nFui8+MneivqPFKsLH4hscNTFfBIIkhHiUZhOa0AKTKB3KOZDkkscqeX1gVlNnbz/YE4PyAKfYUdafAkapJO0G3ynHOc9cApjla57uugGLyShw9hAyfsosK4jDXpndL0Frf3gTwSSppiLRTi0vi4rmlQwqsXvHv+mZGHHWcnXFE0ke7B5HkSTExxcBBpXbpNoSIgzPLghwO75nAbj7EZqJLeoOowfyLYf9xyGUGB04qcF+9WdLIAgFXCasZAQ+rg6qmPYFXMq7rOFTMpGJymjKpI/NcwyAsufLWDWw5R1hPyDnJwHYQocMLvXtGriXbpp8M856FQa9al3x8HdvQhy3G8lMIfUiSteDr9OZiGA6a428P2r1eodJKuD2iVeAtlQdEfTMpbHsXPxlfoHv5mUWrVj20LnDbmfMqB86AnG+6vn4vi3VWKTo3T+eeyd34+7wCqfBS3eT/yJRFuTxvGzH6ahIv2UbMKoNYeMJ+nCdNDR9ywd9N8R2dOsIXSUZJqk9fV0/MUPdL3wHy35jWbPUVc89s/udN0Iiwi3nIi3ihMSG8Qrk9L3gHaIGqN2LshpKyakLC3wG5XECX3sHsLFOA5//0mFCYMAaxE+isqT1+hhhypkcztNZGIJn4jFgHQP1h0t88=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR07MB5546.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(346002)(376002)(39860400002)(396003)(136003)(366004)(5660300002)(8676002)(122000001)(966005)(66476007)(83380400001)(71200400001)(186003)(9686003)(478600001)(6916009)(64756008)(2906002)(8936002)(6506007)(53546011)(52536014)(7696005)(66946007)(54906003)(4326008)(66446008)(38100700002)(66556008)(66574015)(316002)(33656002)(76116006)(91956017)(86362001)(26005)(55016002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: 9SSJksNWycyH2xu4Ld2ADLmYEFMD3TrUTLf1x0MFbygbuvTDm2ODuN+GSg0jzreqU9ZN3GofCAcG8ljBAKB5xA+5i5N0K/ArrwPYupN1RQXDRV2c8I3eeNKmlrn38pfBashPkQzPaOco+Aex1VoF8E3/v6E6c7rUi10JCGkCCL/GPm4EU9q9hWRG+GnNG187+JixxugFPVsu7L5WdlgWf+KV/Mg7W0tl2iZFfGnuMdkpgSyZZdmp7f982UB+s477yUi1XGelR3QpFMvxvfFcp7Jld14Jueg8q/+eSXXtLVHrx0uLPX9upwt+kQTS3PFviECO34Noucfa+ECPb6e0Bfk9Oqn++ZVMq9JazKBy7BOq+YMzVZv+LkHMr6sjqlc3O/pbx1RvLw735GPMYX/TJHv5ZLorZ/ebZlEOjNW/gQwPiSEhwm1TspT++E1+qG9gAV6sUbHYMhi2iMwnLSoma6hvnlNJPtuKvO8M1FGoCitjL6tmsrVn0t2pVx3tdw3QPBDnmq7lLsLiWawcwFn6ntzcmqzWG78qmf+s05ujrr8kJGI+sPwbojku/4ld9fvrSRbjB+LgiQUvFlgtqglb7503ti+1meEyCilFQEsVTsCxGmtty9rQrLeO01CsSpyseNl9Ky2Z79CVvh/wujc1oRQHgrmsUH5315yJeWVxt2dL7QQzU3MAC09C7q4rpKxuwDRXG9eeW2TStaAbTKZAvwOuhPwyElvJwhFzr/2np6StdMSj+3pXYf9tyRcQZdROV7UdNV6bnvByb/OdfaZaceH1jF3q4U/wWH11iZ4AMMzWv8EumA9cxWC7LoXiSKdcJart4hDK18ye4ulf1HN5A5DG6/61RnOfFKwBBy8bZ/nW9RoW0IL1pR7AkinA+S04cr7Ao4JAlD+HM2RKZrmvgyOvtMu/XOmKMJUxFBswtj5FHz8lcj0KikFUu4enCMNsO4xGjy99pqTFOWXk2+SF8hFmCU4exvdIJUHTNA2r4KYBjx9H8f4ZRFrbxkX+/yK4hqJYDfYTF3CMyC2Rftc1eP22M0LGbab1N/eKKkDykgfNW9NK662o+h35lPJMrkzsF93CtsaMOskFwbvEWzrZ4OlIkeXwoMP95azU+gvFBbTHXr4cuUUTNeMqUqn2e1COsjFymfEXl+M2IDnAwewbPmrXjx2WnjlK7BTMCdwLJ4PCJoHlyX8EIRbVOgpbNmpG457krI21wrzlXNpx6pAZHJyNNrmPqlWtlQN71LDqAIpyZSZvZRzM3M6j1Pryu7zBM+80mPs8GMeem2eGq7gyOcN3dW2X7kYwJOoe2vH6q+U=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB7PR07MB5546.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f3688105-29ff-45e5-ea6c-08d9063c4a1d
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Apr 2021 09:43:45.9375 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: bx1gpVPnuvFjGjONwgQwXptO1wZBTSduTGRCVciuNlSCnEQSeu9PT2bNXLJOwCZYL6Z5G7nYjTWM+tqjoQ5tRA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB5749
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/MAZIXqINaMspJY47PUmBXEmtGLg>
Subject: Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Apr 2021 09:43:54 -0000

From: Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com>
Sent: 22 April 2021 13:07

Hi Tom,
I will address your comments in the revision.

<tp>
Paul

My comments on frequency are perhaps worth expanding.  In places, the two I-D are providing the same function but in different ways and this  nsf facing I-D has, for me,  a more complex way which I then think inferior.  

However, in other places the function is different between nsf facing and consumer facing and I am uncertain whether that is by design or not.  If by design, then there would be differences in the YANG as well.

Tom Petch

Best Regards,
Paul

On Wed, Apr 21, 2021 at 8:17 PM t petch <ietfa@btconnect.com<mailto:ietfa@btconnect.com>> wrote:
This I-D is technically ok but I think asks more of users than is
necessary.  I get the feeling of the wheel being reinvented but with a
few additions so that it is hexagonal in shape making for a bumpy ride:-)

An example of this comes in the specification of ranges which occurs
several times.  sdn-ipsec [draft-ietf-i2nsf-sdn-ipsec-flow-protection]
achieves this with
       grouping port-range  {
         leaf start {type inet:port-number;      }
         leaf end { type inet:port-number;
with a note that when only one value is needed, then start=end; this is
a common pattern throughout the IETF.  This I-D has
   +--rw pkt-sec-tcp-src-port-num
   +--rw (match-type)?
    +--:(exact-match)
   +--rw port-num*         inet:port-number
   +--:(range-match)
   +--rw range-port-num*   [start-port-num end-port-num]
   +--rw start-port-num    inet:port-number
   +--rw end-port-num      inet:port-number
more complex YANG, more complex identifiers - in the context, 'start'
and 'end' seem quite enough.  This applies in many such ranges in the I-D.

The choice of identifier is equally prolix in other places.  The nature
of a YANG identifier is (almost always) apparent from the
context; -type, -container and such like just get in the way.  And if a
compound name is needed, then I find putting the more significant
elements first the clearer although manyt of the instances here would be
eliminated by using just 'start' and 'end'.  In a similar vein you have
+--rw packet-security-ipv6-condition
   +--rw ipv6-description?              string
   +--rw pkt-sec-ipv6-traffic-class*    identityref
   +--rw pkt-sec-ipv6-flow-label
   +--rw pkt-sec-ipv6-payload-length
Are all those pkt-sec-ipv6 adding anything given the context of
packet-security-ipv6-condition?  This occurs repeatedly.  (The
nomenclature in several places is also out of line with other i2nsf
I-D).

Equally, the specification of frequency seems overly complex.
'consumer-facing' has
               leaf start-time {
                 type time;
               leaf-list date {
                 type int32{
                   range "1..31";

          identity day {
               leaf-list day {

               leaf-list month {
                 type string{
                   pattern '\d{2}-\d{2}';
where this I-D has such as
    typedef day-type
    typedef month-type
    typedef start-time-type
    typedef end-time-type
different YANG constructs - identity v type, ad-hoc types, different
choices of how many points in time can be specified, one off versus
list, more complex constructs and, well, just different, another
accretion to the wheel.

There are many references but they often poor, compared with other i2nsf
I-D. The reference to IANA needs a URL and think is unhelpful in most
cases where it appears.  Protocols such as EIGRP are RFC but that is not
mentioned.

The I-D almost always has separate constructs for IPv4 and IPv6; why?
RFC6991 provides IP version neutral types which e.g. sdn-ipsec uses
widely.  It is as if an entity here is expected to have one IPv4 address
and one IPv6 address  and that both need specifying.

By contrast, ICMPv6 is largely ignored.  Yes, it appears as a protocol
but there are more than fifty ICMP error messages listed and these are
v4; some carry across to v6, others do not.

In a similar vein, most I-D separate OSPFv2 and OSPFv3, deriving them
from a common OSPF identity which is derived from a protocol base.  Is
the difference of no import here?

Tom Petch

----- Original Message -----
From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
To: <i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>>
Cc: <i2nsf@ietf.org<mailto:i2nsf@ietf.org>>
Sent: Monday, March 08, 2021 2:26 PM
Subject: I-D Action: draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt


>
> A New Internet-Draft is available from the on-line Internet-Drafts
directories.
> This draft is a work item of the Interface to Network Security
Functions WG of the IETF.
>
>         Title           : I2NSF Network Security Function-Facing
Interface YANG Data Model
>         Authors         : Jinyong (Tim) Kim
>                           Jaehoon (Paul) Jeong
>                           Jung-Soo Park
>                           Susan Hares
>                           Qiushi Lin
>         Filename        :
draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt
>         Pages           : 102
>         Date            : 2021-03-08
>
> Abstract:
>    This document defines a YANG data model for configuring security
>    policy rules on Network Security Functions (NSF) in the Interface
to
>    Network Security Functions (I2NSF) framework.  The YANG data model
in
>    this document corresponds to the information model for NSF-Facing
>    Interface in the I2NSF framework.
>
>
> The IETF datatracker status page for this draft is:
>
https://datatracker.ietf.org/doc/draft-ietf-i2nsf-nsf-facing-interface-d
m/<https://datatracker.ietf.org/doc/draft-ietf-i2nsf-nsf-facing-interface-dm/>
>
> There are also htmlized versions available at:
>
https://tools.ietf.org/html/draft-ietf-i2nsf-nsf-facing-interface-dm-12
>
https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-nsf-facing-interf
ace-dm-12<https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-nsf-facing-interface-dm-12>
>
> A diff from the previous version is available at:
>
https://www.ietf.org/rfcdiff?url2=draft-ietf-i2nsf-nsf-facing-interface-
dm-12<https://www.ietf.org/rfcdiff?url2=draft-ietf-i2nsf-nsf-facing-interface-dm-12>
>
>
> Please note that it may take a couple of minutes from the time of
submission
> until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
>
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce@ietf.org<mailto:I-D-Announce@ietf.org>
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> .
>
>

_______________________________________________
I2nsf mailing list
I2nsf@ietf.org<mailto:I2nsf@ietf.org>
https://www.ietf.org/mailman/listinfo/i2nsf