[I2nsf] draft-zarny-i2nsf-data-center-use-cases
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 12 February 2015 14:16 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9116C1A88A7 for <i2nsf@ietfa.amsl.com>; Thu, 12 Feb 2015 06:16:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gT8n6ZXcTTnN for <i2nsf@ietfa.amsl.com>; Thu, 12 Feb 2015 06:16:55 -0800 (PST)
Received: from mail-la0-f51.google.com (mail-la0-f51.google.com [209.85.215.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 368F01A8872 for <I2nsf@ietf.org>; Thu, 12 Feb 2015 06:16:55 -0800 (PST)
Received: by lamq1 with SMTP id q1so10321204lam.5 for <I2nsf@ietf.org>; Thu, 12 Feb 2015 06:16:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=Wb/cU2I4ehcpNQGI5MMSJ+HltsZ/TNWG8+DvVBQPYYw=; b=r3q80iWKYMqp5zcqnAsmVyelwCrNgR2SoLxFUdSrfbV12UB4sVXUTY7coqUpUq8Am1 ZM5kjj3dK4+7ZNJq8FGfIyffvQ7OGBxTkHaoLmZ8RSbhrsx8HiJTTZ0vKTAkLUnKgxLL PcIXBDYYidZVR4EOeF3aL25oiMx2gEWP6IrPJR2YMWDotrELD54l0np3SvjI5SSfx3H2 evUmcdzikXp8fPwZLwktg+mGTcsxRHlhxk8jphjGDcUbFYajjMeQr2kXiGmFQuePwwhU YxlXmssVjIIq3TEtOQUogPEK1rb9ix9hMK5rSSqI5byrp+W6CyqwFrK/hMpVIk6AKO5Q sK3g==
MIME-Version: 1.0
X-Received: by 10.152.42.133 with SMTP id o5mr3358413lal.113.1423750613726; Thu, 12 Feb 2015 06:16:53 -0800 (PST)
Received: by 10.112.167.101 with HTTP; Thu, 12 Feb 2015 06:16:53 -0800 (PST)
Date: Thu, 12 Feb 2015 09:16:53 -0500
Message-ID: <CAHbuEH7vnZynLLz8-vTCi2rXTfC99jA-hxwDw+qCcniVwsO5wA@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: "i2nsf@ietf.org" <I2nsf@ietf.org>
Content-Type: multipart/alternative; boundary="001a11c366e6947a61050ee4c5e8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/i2nsf/WIwnTbo9Qs0k-qfO1viYp_8H-6c>
Subject: [I2nsf] draft-zarny-i2nsf-data-center-use-cases
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Feb 2015 14:16:57 -0000
The scope in section 1 would need to be trimmed to meet the evolving scope of the I2NSF list. It would be good to combine this with draft-qi-i2nsf-access-network-usecase or select one of these to develop. This will help avoid scope confusion. In reviewing draft-zarny-i2nsf-data-center-use-cases, my first recommendation is to get rid of the word cloud and instead use a term that explicitly defines what is intended. Instead of "Cloud-scale network resources", perhaps "Hosted DC resources" or some other set of terms could be used. Section 4. I do like the idea of this service and can think of one particular firewall I've managed in bulk where this type of thing would be easy. The problem is that is not vendor agnostic. If there were some way to replicate sets of existing policy deployments for particular services (mail, video calls, access to ERP systems, etc.) independent of firewall brand where you might replace to/from addresses for the deployment of rules making them replaceable objects, there could be a way to do this in a vendor agnostic way. Firewalls would need service configuration defaults where IP addressees may be added in the I2NSF configuration for particular service. This is really borrowing from how the Lucent Managed Firewall works as the management scales well using an object oriented management approach. I don't know if they have IP on that method of management though. In any case, more work is needed to define what types of policies would be deployed and how this could work across vendors and for multiple tenants. This draft is too high-level at the moment to get an idea of how I2NSF will accomplish these goals. If the work switches to manage flow-based policy automation, understanding how I2NSF will affect the deployed policies will be needed instead. -- Best regards, Kathleen
- [I2nsf] draft-zarny-i2nsf-data-center-use-cases Kathleen Moriarty