Re: [I2nsf] Side Meeting for I2NSF WG
"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Thu, 21 November 2019 04:03 UTC
Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D44E6120955 for <i2nsf@ietfa.amsl.com>; Wed, 20 Nov 2019 20:03:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.987
X-Spam-Level:
X-Spam-Status: No, score=-1.987 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_HK_NAME_FM_MR_MRS=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XLjLZflGP2og for <i2nsf@ietfa.amsl.com>; Wed, 20 Nov 2019 20:03:38 -0800 (PST)
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACC35120951 for <i2nsf@ietf.org>; Wed, 20 Nov 2019 20:03:37 -0800 (PST)
Received: by mail-wr1-x42b.google.com with SMTP id t1so2610537wrv.4 for <i2nsf@ietf.org>; Wed, 20 Nov 2019 20:03:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qK+GXiahvfaVmUOZXpjrsLwTIAnXV9Y9eXqSt8VcY1s=; b=GJTc8VTkoSjZUQpz2vi/0ImDuVjFORWd8+6nMlBM60nbnWzQ8FwE2xdGhyX+CrEbEA /MJjSpONYQNZj9j8A6lSxRHzCFj3rpqCa9FqGtakJrPBnfOT7Fdzd6Bhl22gJvArWXrX lsYglEh/SK04g52HbvnZdaxF8BLo0ViFmyKMdzJiB16FMjlVuRMeUWtOuTCRDMbSNfDJ hnzvYqIIdR0qJcVtIywbNzXIvE71cmt/WVEVArzXmWzlUwLJc3B0p1h31UreV3uBRsJc z2JCVSzF4ja3G4q23pVSvf742LlR1q3HxJkKJfGTLr2ncuW66ajfEO6zdJqlX9ABhbRR 4vvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qK+GXiahvfaVmUOZXpjrsLwTIAnXV9Y9eXqSt8VcY1s=; b=R4AjXlP6gJooXg5KHZNaqCFF6t82EGyrtLb8ZfhYMJgl7cYlUqjJ81wz6tOE2pSiin 6bcqMe1wvXsfKRPDdKOpV4paorF1EYcmKAy6esHmOfa+jOzLLTGcjU0WNrvQVFvKoER2 V28yEOo/AH1HZAgOioF6iulhPg950xxAsD0wo9scO9fNLsQj1iDBDwDtDrkISv6P95a0 hOJjL/hxgkW6FmvYbabNtF97kLiFUuM+LGczWipVPzKw91sOgdJLmTCn6ElyIoGQ+pf+ lhsgY2OFzxgK7zBeAUIbPhBdgKbfpS6vW3aUGYLKK4b5mmdxepVCa3B1Daz4ZXZfSsMJ IqEQ==
X-Gm-Message-State: APjAAAViQojHXmSSxSbbvijXP0k1SEEb1vixV5PHm2PUwmCSZ4N7uLt5 bjYBZVX+Q5nKT7bGhFOgRy4T8GGimV0MsI6YQY0=
X-Google-Smtp-Source: APXvYqzXcvQvP+4vxWY1OQbtgGik+htcFDiYUF5HU4t6XH/n8RZt6wn9lsuAVJREkZkmw6PPV+JOjILNQ9of/Zeb/KA=
X-Received: by 2002:adf:8b09:: with SMTP id n9mr7417103wra.95.1574309015804; Wed, 20 Nov 2019 20:03:35 -0800 (PST)
MIME-Version: 1.0
References: <CAPK2Dey7WQvvVC_=1Rk7toWBY2JUSeka_fSWCmpLd0b=Tv3JLA@mail.gmail.com> <03F50305-C65C-4622-8953-F4740E2D39A3@telefonica.com>
In-Reply-To: <03F50305-C65C-4622-8953-F4740E2D39A3@telefonica.com>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Thu, 21 Nov 2019 12:02:59 +0800
Message-ID: <CAPK2Dex7n+xxmRWO8=r3Qav=eG=yaHoGU+0bWFEvw_cqDBnGNw@mail.gmail.com>
To: "Diego R. Lopez" <diego.r.lopez@telefonica.com>
Cc: "i2nsf@ietf.org" <i2nsf@ietf.org>, Roman Danyliw <rdd@cert.org>, "Ciavaglia, Laurent (Nokia - FR/Paris-Saclay)" <laurent.ciavaglia@nokia.com>, skku-iotlab-members <skku-iotlab-members@googlegroups.com>, Qin Wu <bill.wu@huawei.com>, Jérôme François <jerome.francois@inria.fr>
Content-Type: multipart/alternative; boundary="000000000000a760e40597d3618b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/TUdCRMwWir49g1gCw6EcZ9S_Ofo>
Subject: Re: [I2nsf] Side Meeting for I2NSF WG
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2019 04:03:41 -0000
Diego, I agree with you at the remark on points 3 and 4. However, for points 1 and 2, we need to bridge I2NSF and SFC (or SDN). At least, we can work for the interface with SFC within IETF. Thanks. Paul On Thu, Nov 21, 2019 at 11:50 AM Diego R. Lopez < diego.r.lopez@telefonica.com> wrote: > Hi Paul, > > > > Just to frame today’s discussion, let me remark I find especially > interesting points (3) and (4), that I believe can only happen within > I2NSF. We can connect (3) with the ECA discussions happening in OPSAWG and > NMRG, and I see (4) as an interesting opportunity for consolidating and > achieving the full potential of the capability model. > > > > Be goode, > > > > -- > > "Esta vez no fallaremos, Doctor Infierno" > > > > Dr Diego R. Lopez > > Telefonica I+D > > https://www.linkedin.com/in/dr2lopez/ > > > > e-mail: diego.r.lopez@telefonica.com > > Tel: +34 913 129 041 > > Mobile: +34 682 051 091 > > ---------------------------------- > > > > On 21/11/2019, 11:02, "I2nsf on behalf of Mr. Jaehoon Paul Jeong" < > i2nsf-bounces@ietf.org on behalf of jaehoon.paul@gmail.com> wrote: > > > > Hi I2NSF WG, > > There will be a side meeting for I2NSF WG's next steps from 6PM to 7PM > today at Bras Basah. > > > https://datatracker.ietf.org/meeting/106/floor-plan?room=bras-basah#raffles-city-convention-center > > > > > * Agenda for I2NSF Side Meeting > - I2NSF Hackathon Project Report (Jaehoon Paul Jeong, 5 min) > - I2NSF Data Model Drafts Update (Jaehoon Paul Jeong, 10 min) > . I2NSF Capability YANG Data Model > . I2NSF Consumer-Facing Interface YANG Data Model > . I2NSF Network Security Function-Facing Interface YANG Data Model > . I2NSF Registration Interface YANG Data Model > . I2NSF NSF Monitoring YANG Data Model > - Security Policy Translator Draft Update (Chaehong Chung, 5 min) > - Open Discussion: Possible Work Items for I2NSF Rechartering (30 min) > > > > I will report the progress of data model drafts. > > I would like to discuss the rechartering of I2NSF WG with you. > > > > I suggest four work items as the 2nd phase I2NSF. > > 1. YANG data model of the interface between I2NSF Security Controller and > SDN Switch Controller > > 2. YANG data model of the interface between I2NSF Security Controller and > SFC Classifier > > 3. Configuration of Advanced Security Functions with I2NSF Security > Controller > > 4. Policy Object for Interface to Network Security Functions (I2NSF) > > > > Let me explain why each of them is important for I2NSF. > > > > 1. YANG data model of the interface between I2NSF Security Controller and > SDN Switch Controller > > According to the I2NSF Applicability Draft and I2NSF Hackathon Project, > > the SDN switches can perform simple packet filtering and the firewall NSF > can perform complicated packet filtering. > > For this two separated packet filtering, the security policy about a > traffic flow should be delivered to an SDN Switch Controller. > > For the delivery of a security policy to the SDN network, the interface > between the I2NSF Security Controller and > > the SDN Switch Controller is needed. > > > > 2. YANG data model of the interface between I2NSF Security Controller and > SFC Classifier > > According to the I2NSF Applicability Draft and I2NSF Hackathon Project, > > a security policy (e.g., time-based web filtering) requires a Service > Function Chaining (SFC) such as > > firewall and web filter. > > For this SFC path specification of a security policy, a security about a > traffic flow should be delivered to an SFC Classifier. > > For the delivery of a security policy to specify the service function path > in the SFC Classifier, the interface between > > the I2NSF Security Controller and the SFC Classifier is needed. > > > > 3. Configuration of Advanced Security Functions with I2NSF Security > Controller > > (https://tools.ietf.org/html/draft-dong-i2nsf-asf-config-01) > > With the current NSF-Facing Interface, we can configure basic security > functions, such as firewall, deep packet inspection, and > > DDoS attack mitigator. For rich network security functions, the YANG data > model of advanced security services needs to be > > developed. > > > > 4. Policy Object for Interface to Network Security Functions (I2NSF) > > (https://tools.ietf.org/html/draft-xia-i2nsf-security-policy-object-01 > ) > > Policy objects for I2NSF security policy rules can provide the I2NSF > system with reusability for security policy construction > > by defining essential attributes for each policy object. This will be > useful for security policy rule generation in the I2NSF system. > > > > Welcome your feedback. > > > > Thanks. > > > > Best Regards, > > Paul > > > > ------------------------------ > > Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, > puede contener información privilegiada o confidencial y es para uso > exclusivo de la persona o entidad de destino. Si no es usted. el > destinatario indicado, queda notificado de que la lectura, utilización, > divulgación y/o copia sin autorización puede estar prohibida en virtud de > la legislación vigente. Si ha recibido este mensaje por error, le rogamos > que nos lo comunique inmediatamente por esta misma vía y proceda a su > destrucción. > > The information contained in this transmission is privileged and > confidential information intended only for the use of the individual or > entity named above. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution or > copying of this communication is strictly prohibited. If you have received > this transmission in error, do not read it. Please immediately reply to the > sender that you have received this communication in error and then delete > it. > > Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, > pode conter informação privilegiada ou confidencial e é para uso exclusivo > da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário > indicado, fica notificado de que a leitura, utilização, divulgação e/ou > cópia sem autorização pode estar proibida em virtude da legislação vigente. > Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique > imediatamente por esta mesma via e proceda a sua destruição > -- =========================== Mr. Jaehoon (Paul) Jeong, Ph.D. Associate Professor Department of Software Sungkyunkwan University Office: +82-31-299-4957 Email: jaehoon.paul@gmail.com, pauljeong@skku.edu Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php <http://cpslab.skku.edu/people-jaehoon-jeong.php>
- [I2nsf] Side Meeting for I2NSF WG Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Side Meeting for I2NSF WG Diego R. Lopez
- Re: [I2nsf] Side Meeting for I2NSF WG Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Side Meeting for I2NSF WG Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Side Meeting for I2NSF WG Linda Dunbar