Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt
tom petch <ietfa@btconnect.com> Fri, 23 April 2021 09:43 UTC
Return-Path: <ietfa@btconnect.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E422C3A146A for <i2nsf@ietfa.amsl.com>; Fri, 23 Apr 2021 02:43:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ReHOs2uYTe4z for <i2nsf@ietfa.amsl.com>; Fri, 23 Apr 2021 02:43:49 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2098.outbound.protection.outlook.com [40.107.20.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D58FD3A1468 for <i2nsf@ietf.org>; Fri, 23 Apr 2021 02:43:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=it/GemWE4y9ZiwCdXtqq9PdSy+WQNLLqvkpU3ki+kVK0jRYEMUDyr+nWUu0XQz6XhjQDHuYFu2OZLTW0TXdUxLjKWgaBeGAseGqbUEFe4pwigFaJzEPsalNiWd7SZRO44EQ1XJc+xDr5Zpj5mwzdb3ymmnasBxV7TAz3YHaW8qBKZt6mJnMWE5PdZ2MMzhHhhsSwOAutS1oAv/0gexA6RNa+o8WRe5Pql6kSN5U+ZI0vx30RNlHbhkgsQXdBwc+ditlzCi+mFD9w+25We6w+UqRfjTYCSm2Rh0Wg+BD0gYBcNbybzbIc4DZ58UkHae8y8RLcw7N0u/6ey/17vYXVUA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2QrSWA5Rl1+K/EJ0eu5TuccY076oBk06YtJCmlKnbDA=; b=TumO6hlk287AalJhLWLY9W6IVhHWOcRukfzzK6yRY4AzuBDZ09V2zIyKL54sX6zmD5I2OA69KwtXKw8mUgHGNDwYJqv0+S4DqCxRGzz0BC+yO9m76rvr392ZA8KyiizpIZO1l//O0TVTrekXNYB0OALc8RrUjwQOaOxyX73KrAlBDpfKXZhAhAJfIpdqcbp3QapVqHo2+esyR7T419dlwUjmkxErP0JS24+j9U1ILMq+LWzD1ehm84leKcxmFuJaj6DkWNrl0P9uLtbElQMnWXZxJ0qGXZSR4g8N5WXUlA6Muo/dddAZYT/HJerNtwXKCnzaOnMwbG63Lol8ymouQA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2QrSWA5Rl1+K/EJ0eu5TuccY076oBk06YtJCmlKnbDA=; b=IOp9vSkGCAEp3pthsCx+6P++8GE85cIc/QlbrJ7WbVsD4yfVEM2egM9NOMm4Fz2Cc5gQx2NRdOCZFglC+EYzfGVDcxbz7ERu/nCTvRBJIJ0x+lUOLFeUSDXrtN/Fh+dV0RwVRpoZnTR9rvY+oLCISUqch1ex1GXCpcyiAZ1opSg=
Received: from DB7PR07MB5546.eurprd07.prod.outlook.com (2603:10a6:10:73::23) by DB7PR07MB5749.eurprd07.prod.outlook.com (2603:10a6:10:2b::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.6; Fri, 23 Apr 2021 09:43:46 +0000
Received: from DB7PR07MB5546.eurprd07.prod.outlook.com ([fe80::ddb2:16dd:9380:90c7]) by DB7PR07MB5546.eurprd07.prod.outlook.com ([fe80::ddb2:16dd:9380:90c7%3]) with mapi id 15.20.4087.019; Fri, 23 Apr 2021 09:43:46 +0000
From: tom petch <ietfa@btconnect.com>
To: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
CC: "i2nsf@ietf.org" <i2nsf@ietf.org>, Jinyong Tim Kim <timkim09230930@gmail.com>, Patrick Lingga <patricklink888@gmail.com>
Thread-Topic: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt
Thread-Index: AQHXNp/Zycw8JR7XE06cY/2ETl3i9KrAcvYAgAFoG1I=
Date: Fri, 23 Apr 2021 09:43:45 +0000
Message-ID: <DB7PR07MB55464BEDD33460642B17694AA2459@DB7PR07MB5546.eurprd07.prod.outlook.com>
References: <608009A7.9050907@btconnect.com>, <CAPK2DexZ8MVDxUFOA2HMrDjecHvyaZMadVsttEht3GRuFHXJZQ@mail.gmail.com>
In-Reply-To: <CAPK2DexZ8MVDxUFOA2HMrDjecHvyaZMadVsttEht3GRuFHXJZQ@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=btconnect.com;
x-originating-ip: [86.143.250.49]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f3688105-29ff-45e5-ea6c-08d9063c4a1d
x-ms-traffictypediagnostic: DB7PR07MB5749:
x-microsoft-antispam-prvs: <DB7PR07MB574938C1E3108120A071A003A2459@DB7PR07MB5749.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2MhTQb2LTg41vOJ4/W5IftdpBsp8AYoUW8M5nFui8+MneivqPFKsLH4hscNTFfBIIkhHiUZhOa0AKTKB3KOZDkkscqeX1gVlNnbz/YE4PyAKfYUdafAkapJO0G3ynHOc9cApjla57uugGLyShw9hAyfsosK4jDXpndL0Frf3gTwSSppiLRTi0vi4rmlQwqsXvHv+mZGHHWcnXFE0ke7B5HkSTExxcBBpXbpNoSIgzPLghwO75nAbj7EZqJLeoOowfyLYf9xyGUGB04qcF+9WdLIAgFXCasZAQ+rg6qmPYFXMq7rOFTMpGJymjKpI/NcwyAsufLWDWw5R1hPyDnJwHYQocMLvXtGriXbpp8M856FQa9al3x8HdvQhy3G8lMIfUiSteDr9OZiGA6a428P2r1eodJKuD2iVeAtlQdEfTMpbHsXPxlfoHv5mUWrVj20LnDbmfMqB86AnG+6vn4vi3VWKTo3T+eeyd34+7wCqfBS3eT/yJRFuTxvGzH6ahIv2UbMKoNYeMJ+nCdNDR9ywd9N8R2dOsIXSUZJqk9fV0/MUPdL3wHy35jWbPUVc89s/udN0Iiwi3nIi3ihMSG8Qrk9L3gHaIGqN2LshpKyakLC3wG5XECX3sHsLFOA5//0mFCYMAaxE+isqT1+hhhypkcztNZGIJn4jFgHQP1h0t88=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR07MB5546.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(346002)(376002)(39860400002)(396003)(136003)(366004)(5660300002)(8676002)(122000001)(966005)(66476007)(83380400001)(71200400001)(186003)(9686003)(478600001)(6916009)(64756008)(2906002)(8936002)(6506007)(53546011)(52536014)(7696005)(66946007)(54906003)(4326008)(66446008)(38100700002)(66556008)(66574015)(316002)(33656002)(76116006)(91956017)(86362001)(26005)(55016002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: 9SSJksNWycyH2xu4Ld2ADLmYEFMD3TrUTLf1x0MFbygbuvTDm2ODuN+GSg0jzreqU9ZN3GofCAcG8ljBAKB5xA+5i5N0K/ArrwPYupN1RQXDRV2c8I3eeNKmlrn38pfBashPkQzPaOco+Aex1VoF8E3/v6E6c7rUi10JCGkCCL/GPm4EU9q9hWRG+GnNG187+JixxugFPVsu7L5WdlgWf+KV/Mg7W0tl2iZFfGnuMdkpgSyZZdmp7f982UB+s477yUi1XGelR3QpFMvxvfFcp7Jld14Jueg8q/+eSXXtLVHrx0uLPX9upwt+kQTS3PFviECO34Noucfa+ECPb6e0Bfk9Oqn++ZVMq9JazKBy7BOq+YMzVZv+LkHMr6sjqlc3O/pbx1RvLw735GPMYX/TJHv5ZLorZ/ebZlEOjNW/gQwPiSEhwm1TspT++E1+qG9gAV6sUbHYMhi2iMwnLSoma6hvnlNJPtuKvO8M1FGoCitjL6tmsrVn0t2pVx3tdw3QPBDnmq7lLsLiWawcwFn6ntzcmqzWG78qmf+s05ujrr8kJGI+sPwbojku/4ld9fvrSRbjB+LgiQUvFlgtqglb7503ti+1meEyCilFQEsVTsCxGmtty9rQrLeO01CsSpyseNl9Ky2Z79CVvh/wujc1oRQHgrmsUH5315yJeWVxt2dL7QQzU3MAC09C7q4rpKxuwDRXG9eeW2TStaAbTKZAvwOuhPwyElvJwhFzr/2np6StdMSj+3pXYf9tyRcQZdROV7UdNV6bnvByb/OdfaZaceH1jF3q4U/wWH11iZ4AMMzWv8EumA9cxWC7LoXiSKdcJart4hDK18ye4ulf1HN5A5DG6/61RnOfFKwBBy8bZ/nW9RoW0IL1pR7AkinA+S04cr7Ao4JAlD+HM2RKZrmvgyOvtMu/XOmKMJUxFBswtj5FHz8lcj0KikFUu4enCMNsO4xGjy99pqTFOWXk2+SF8hFmCU4exvdIJUHTNA2r4KYBjx9H8f4ZRFrbxkX+/yK4hqJYDfYTF3CMyC2Rftc1eP22M0LGbab1N/eKKkDykgfNW9NK662o+h35lPJMrkzsF93CtsaMOskFwbvEWzrZ4OlIkeXwoMP95azU+gvFBbTHXr4cuUUTNeMqUqn2e1COsjFymfEXl+M2IDnAwewbPmrXjx2WnjlK7BTMCdwLJ4PCJoHlyX8EIRbVOgpbNmpG457krI21wrzlXNpx6pAZHJyNNrmPqlWtlQN71LDqAIpyZSZvZRzM3M6j1Pryu7zBM+80mPs8GMeem2eGq7gyOcN3dW2X7kYwJOoe2vH6q+U=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB7PR07MB5546.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f3688105-29ff-45e5-ea6c-08d9063c4a1d
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Apr 2021 09:43:45.9375 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: bx1gpVPnuvFjGjONwgQwXptO1wZBTSduTGRCVciuNlSCnEQSeu9PT2bNXLJOwCZYL6Z5G7nYjTWM+tqjoQ5tRA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB5749
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/MAZIXqINaMspJY47PUmBXEmtGLg>
Subject: Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Apr 2021 09:43:54 -0000
From: Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com> Sent: 22 April 2021 13:07 Hi Tom, I will address your comments in the revision. <tp> Paul My comments on frequency are perhaps worth expanding. In places, the two I-D are providing the same function but in different ways and this nsf facing I-D has, for me, a more complex way which I then think inferior. However, in other places the function is different between nsf facing and consumer facing and I am uncertain whether that is by design or not. If by design, then there would be differences in the YANG as well. Tom Petch Best Regards, Paul On Wed, Apr 21, 2021 at 8:17 PM t petch <ietfa@btconnect.com<mailto:ietfa@btconnect.com>> wrote: This I-D is technically ok but I think asks more of users than is necessary. I get the feeling of the wheel being reinvented but with a few additions so that it is hexagonal in shape making for a bumpy ride:-) An example of this comes in the specification of ranges which occurs several times. sdn-ipsec [draft-ietf-i2nsf-sdn-ipsec-flow-protection] achieves this with grouping port-range { leaf start {type inet:port-number; } leaf end { type inet:port-number; with a note that when only one value is needed, then start=end; this is a common pattern throughout the IETF. This I-D has +--rw pkt-sec-tcp-src-port-num +--rw (match-type)? +--:(exact-match) +--rw port-num* inet:port-number +--:(range-match) +--rw range-port-num* [start-port-num end-port-num] +--rw start-port-num inet:port-number +--rw end-port-num inet:port-number more complex YANG, more complex identifiers - in the context, 'start' and 'end' seem quite enough. This applies in many such ranges in the I-D. The choice of identifier is equally prolix in other places. The nature of a YANG identifier is (almost always) apparent from the context; -type, -container and such like just get in the way. And if a compound name is needed, then I find putting the more significant elements first the clearer although manyt of the instances here would be eliminated by using just 'start' and 'end'. In a similar vein you have +--rw packet-security-ipv6-condition +--rw ipv6-description? string +--rw pkt-sec-ipv6-traffic-class* identityref +--rw pkt-sec-ipv6-flow-label +--rw pkt-sec-ipv6-payload-length Are all those pkt-sec-ipv6 adding anything given the context of packet-security-ipv6-condition? This occurs repeatedly. (The nomenclature in several places is also out of line with other i2nsf I-D). Equally, the specification of frequency seems overly complex. 'consumer-facing' has leaf start-time { type time; leaf-list date { type int32{ range "1..31"; identity day { leaf-list day { leaf-list month { type string{ pattern '\d{2}-\d{2}'; where this I-D has such as typedef day-type typedef month-type typedef start-time-type typedef end-time-type different YANG constructs - identity v type, ad-hoc types, different choices of how many points in time can be specified, one off versus list, more complex constructs and, well, just different, another accretion to the wheel. There are many references but they often poor, compared with other i2nsf I-D. The reference to IANA needs a URL and think is unhelpful in most cases where it appears. Protocols such as EIGRP are RFC but that is not mentioned. The I-D almost always has separate constructs for IPv4 and IPv6; why? RFC6991 provides IP version neutral types which e.g. sdn-ipsec uses widely. It is as if an entity here is expected to have one IPv4 address and one IPv6 address and that both need specifying. By contrast, ICMPv6 is largely ignored. Yes, it appears as a protocol but there are more than fifty ICMP error messages listed and these are v4; some carry across to v6, others do not. In a similar vein, most I-D separate OSPFv2 and OSPFv3, deriving them from a common OSPF identity which is derived from a protocol base. Is the difference of no import here? Tom Petch ----- Original Message ----- From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> To: <i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>> Cc: <i2nsf@ietf.org<mailto:i2nsf@ietf.org>> Sent: Monday, March 08, 2021 2:26 PM Subject: I-D Action: draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Interface to Network Security Functions WG of the IETF. > > Title : I2NSF Network Security Function-Facing Interface YANG Data Model > Authors : Jinyong (Tim) Kim > Jaehoon (Paul) Jeong > Jung-Soo Park > Susan Hares > Qiushi Lin > Filename : draft-ietf-i2nsf-nsf-facing-interface-dm-12.txt > Pages : 102 > Date : 2021-03-08 > > Abstract: > This document defines a YANG data model for configuring security > policy rules on Network Security Functions (NSF) in the Interface to > Network Security Functions (I2NSF) framework. The YANG data model in > this document corresponds to the information model for NSF-Facing > Interface in the I2NSF framework. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-i2nsf-nsf-facing-interface-d m/<https://datatracker.ietf.org/doc/draft-ietf-i2nsf-nsf-facing-interface-dm/> > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-i2nsf-nsf-facing-interface-dm-12 > https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-nsf-facing-interf ace-dm-12<https://datatracker.ietf.org/doc/html/draft-ietf-i2nsf-nsf-facing-interface-dm-12> > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-i2nsf-nsf-facing-interface- dm-12<https://www.ietf.org/rfcdiff?url2=draft-ietf-i2nsf-nsf-facing-interface-dm-12> > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org<mailto:I-D-Announce@ietf.org> > https://www.ietf.org/mailman/listinfo/i-d-announce > Internet-Draft directories: http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > . > > _______________________________________________ I2nsf mailing list I2nsf@ietf.org<mailto:I2nsf@ietf.org> https://www.ietf.org/mailman/listinfo/i2nsf
- [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-facing-i… internet-drafts
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… t petch
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… tom petch
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… tom petch
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… Mr. Jaehoon Paul Jeong
- Re: [I2nsf] I-D Action: draft-ietf-i2nsf-nsf-faci… tom petch