Re: [I2nsf] Request for WGLC on I2NSF YANG Data Models

"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Wed, 17 April 2019 15:06 UTC

Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2FF312032B for <i2nsf@ietfa.amsl.com>; Wed, 17 Apr 2019 08:06:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.988
X-Spam-Level:
X-Spam-Status: No, score=-1.988 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_HK_NAME_FM_MR_MRS=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8LIlhaWpQDPl for <i2nsf@ietfa.amsl.com>; Wed, 17 Apr 2019 08:05:56 -0700 (PDT)
Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 217AC1200C4 for <i2nsf@ietf.org>; Wed, 17 Apr 2019 08:05:56 -0700 (PDT)
Received: by mail-wm1-x329.google.com with SMTP id a184so3814103wma.2 for <i2nsf@ietf.org>; Wed, 17 Apr 2019 08:05:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sT1soWMjuK1OnJ4XVdP5XUMxy5AFtLQT3Dtljy3kOR0=; b=eMFZF+6XU/N711TjGHLuV7Kw0ZGTa7fzNB4elzIZM1IRnnpspMFznBS0V1Nen81Dfm 7mfMEOjd43qKJxoXWneorpL3Zl1d3YkbWzxUuMJgUcST3XjiNPZZ9dqhJL7wWl9Rfq4m e+JglovfS9tG25Nqx+6dPlrTko5hhLqqAsXAmso/IdWvnmJv6s3bzxqRacogVrc3NGZj CQDY9B/cZt2CrvcfF8I+YJLy3gxxIMuNqFi1KSoeL2eZK6Qyi1EhOpB0W9QTVXfoxzEm lLHqNV7aj/jhiT7dG4wasd0s0IdiDYzh8wxsIDmgqMrwV0l9zoNU/OPTJ1C6bL1WyHhv VKmw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sT1soWMjuK1OnJ4XVdP5XUMxy5AFtLQT3Dtljy3kOR0=; b=h1Lmx4K3SLJr299WDY0Nm2awyuRFbozMmXJbVk/xGzqlF71BjaZm9gJMMCAjw2MC8N sku5kJdxMSQxBxKLZUmMDVWgxcYqjsE9i/90Nsr/fOv8ppKkG05a5l7RNaCXuedNrFXf IrzDAQs+pJPY1j85YpWMF9KgXzOZE7PB+Euz/dRPJR9skIZT41fq/cfKIZjqhioXMyQQ zoerfEkp4T1+Hz1slBSJhcUE3B2CYTkLskWxuMsI3wdlzqIrj47oeWQ9HAoiGecNgZ+0 SBTANJ6j9ZOyq+wYGg0UkfaOrM3rdlbpxTJRgewol4L5xbuW6VfzCMRO/w0rz9wcRC7B YvSQ==
X-Gm-Message-State: APjAAAXN7v2UDB9zl3O8Mm+2YA/7LfyBhODtvaODAukEQ1rB3TD4wpCA l5i4FTjvmEGaw2P6aoBmodvRUeNW4YFuc4yEb2E=
X-Google-Smtp-Source: APXvYqw8VGsZBiDk8vJOHe9kgYKO8h5BmcY1cJ89E7EbfPT2MIcawoHD7+9GOSh0OXrXb5NVFKuyaxzZGOIxwb6GByI=
X-Received: by 2002:a1c:4e04:: with SMTP id g4mr80890wmh.127.1555513554423; Wed, 17 Apr 2019 08:05:54 -0700 (PDT)
MIME-Version: 1.0
References: <CAPK2Dewtg++h1-xugHV2RJp1hKszkfJOZLwm7Ydr8MKPg8MR_w@mail.gmail.com> <3C267A4E-8340-4774-9321-BFC2B33D81A6@um.es> <CAPK2Dex31CJ_OYuVBW5abujNSVYHSr0U5p1NKmz2XxmO6bc-Tg@mail.gmail.com> <CAPK2DewX+rRhOP7aRO2xRLmhYvo45WmC_mv8nbEDYP6fHStScA@mail.gmail.com> <4A95BA014132FF49AE685FAB4B9F17F66B3869F7@sjceml521-mbs.china.huawei.com>
In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F66B3869F7@sjceml521-mbs.china.huawei.com>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Thu, 18 Apr 2019 00:05:16 +0900
Message-ID: <CAPK2Deyqi4mpMpbNtuPU7kbjGM656cv8jWOx0TZ+FbTW9JgFTQ@mail.gmail.com>
To: Linda Dunbar <linda.dunbar@huawei.com>
Cc: Gabriel Lopez <gabilm@um.es>, Yoav Nir <ynir.ietf@gmail.com>, "i2nsf@ietf.org" <i2nsf@ietf.org>, Chris Shen <shenyiwen7@gmail.com>, "skku_secu-brain_all@googlegroups.com" <skku_secu-brain_all@googlegroups.com>, "Jingyong (Tim) Kim" <wlsdyd0930@nate.com>
Content-Type: multipart/alternative; boundary="000000000000dad4370586bb3886"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/af4VhuJ5MM7xxfj7KBseDbBTePM>
Subject: Re: [I2nsf] Request for WGLC on I2NSF YANG Data Models
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Apr 2019 15:06:01 -0000

Hi Linda,
No problem.
These WGLC on these two drafts are great!

Are you going to do WGLC on other interface data model drafts, such as
Consumer-Facing Interface, NSF-Facing Interface, and Registration Interface
together
or after WGLC completion of the Capability data model draft?

Thanks.

Best Regards,
Paul


On Wed, Apr 17, 2019 at 11:56 PM Linda Dunbar <linda.dunbar@huawei.com>;
wrote:

> Paul, et al,
>
>
>
> We will start the WGLC after closing the i2nsf-capability WGLC and
> i2nsf-sdn-ipsec-flow-protection.
>
> Should start the WGLC by May 8.
>
>
>
> Thanks for being patient.
>
>
>
> Linda & Yoav.
>
>
>
>
>
> *From:* Mr. Jaehoon Paul Jeong [mailto:jaehoon.paul@gmail.com]
> *Sent:* Thursday, April 04, 2019 5:41 AM
> *To:* Gabriel Lopez <gabilm@um.es>;
> *Cc:* Linda Dunbar <linda.dunbar@huawei.com>;; Yoav Nir <
> ynir.ietf@gmail.com>;; i2nsf@ietf.org; Chris Shen <shenyiwen7@gmail.com>;;
> skku_secu-brain_all@googlegroups.com; Jingyong (Tim) Kim <
> wlsdyd0930@nate.com>;; Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com>;
> *Subject:* Re: [I2nsf] Request for WGLC on I2NSF YANG Data Models
>
>
>
> Hi Gabriel,
>
> I have submitted a revision of the Consumer-Facing Interface Data Model
> draft supporting
>
> your IPsec method for IKE and IKEless cases:
>
>
> https://tools.ietf.org/html/draft-ietf-i2nsf-consumer-facing-interface-dm-04
>
>
>
>
> Thanks.
>
>
>
> Best Regards,
>
> Paul
>
>
>
> On Mon, Apr 1, 2019 at 10:30 PM Mr. Jaehoon Paul Jeong <
> jaehoon.paul@gmail.com>; wrote:
>
> Hi Gabriel,
>
> I will answer your questions inline below.
>
>
>
> On Mon, Apr 1, 2019 at 7:18 PM Gabriel Lopez <gabilm@um.es>; wrote:
>
> Hi Paul.
>
>
>
> Just a few comments about the drafts:
>
>
>
> El 28 mar 2019, a las 8:39, Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com>;
> escribió:
>
>
>
> Hi Linda and Yoav,
>
> As we discussed this I2NSF WG meeting, my SKKU team reflected the data
> convergence
>
> including I2NSF IPsec (such as ipsec-ike case and ipsec-ikeless case) on
> the three data model drafts, and then
>
> uploaded them into the IETF repository this morning:
>
> - NSF Capability Data Model
>
> - NSF-Facing Interface Data Model
>
> - Registration Interface Data Model
>
>
>
> The update of each draft is described in Changes section per draft.
>
>
>
> There is no change in Consumer-Facing Interface Data Model draft.
>
>
>
> Could you start WGLC for the following four data model drafts?
>
> - NSF Capability Data Model
>
>   https://tools.ietf.org/html/draft-ietf-i2nsf-capability-data-model-04
>
>
>
>
>
> This draft specifies whether IKE/ IKE-less cases are supported by the NSF
> or not, in the same way that it specifies if the NSF supports IPS or not.
> But the details about capabilities for ipsec or IDS are moved now to
> another draft (dong-i2nsf-asf-config). Is it right?
>
>
>
>  => Yes. For the detailed configuration of ipsec, we will be able to use
> your data model by
>
>       letting it be referenced by our NSF-facing interface YANG module.
>
>       We will let you know how to modify your YANG module this week so
> that it can be used by our NSF-facing interface data model.
>
>
>
>
>
>
>
> - NSF-Facing Interface Data Model
>
>   https://tools.ietf.org/html/draft-ietf-i2nsf-nsf-facing-interface-dm-05
>
>
>
> How does it align with the security-policy-translation draft?
>
>  => The security policy translator translates a high-level security policy
> XML file (based on Consumer-facing interface data model)
>
>        into a low-level security policy XML file (based on NSF-facing
> interface data model).
>
>        In the security-policy-translation draft,
>
>        there is exemplary XML code as follows:
>
>        - High-level security policy XML Code
>
>
> https://tools.ietf.org/html/draft-yang-i2nsf-security-policy-translation-03#page-7
>
>
>
>        - Low-level security policy XML Code
>
>
> https://tools.ietf.org/html/draft-yang-i2nsf-security-policy-translation-03#page-18
>
>
>
>
>
> - Registration Interface Data Model
>
>
> https://tools.ietf.org/html/draft-ietf-i2nsf-registration-interface-dm-03
>
>
>
>
>
>
>
>
>
> - Consumer-Facing Interface Data Model
>
>
> https://tools.ietf.org/html/draft-ietf-i2nsf-consumer-facing-interface-dm-03
>
>
>
>
>
> Import of the ipsec draft should not be included here. Both drafts (ipsec
> and this one) should stay both like nsf facing interface models, but not
> one integrated into the other.
>
>
>
>   => This statement is not clear to me. Could you clarify this more
> clearly if you have a better way?
>
>
>
>        For Registration interface data model, we use ipsec-method (either
> IKE or IKEless) that is defined in I2NSF Capability data model draft:
>
>
> https://tools.ietf.org/html/draft-ietf-i2nsf-capability-data-model-04#page-7
>
>
>
>        To use this ipsec-method in Registration interface data model, we
> import I2NSF Capability data model as follows:
>
>
>
> ############################################################
>
> 6.1.3. NSF Capability Information - p. 11
>
>
> https://tools.ietf.org/html/draft-ietf-i2nsf-registration-interface-dm-03#page-11
>
>
>
>
>
> ----------------------------------------------------------------------------------------------------
>
> 6.2. YANG Data Modules - p. 12
>
>
> https://tools.ietf.org/html/draft-ietf-i2nsf-registration-interface-dm-03#page-12
>
>
>
>
> import ietf-i2nsf-capability{
>
>   prefix capa;
>
>   reference "draft-ietf-i2nsf-capability-data-model-04";
>
> }
>
>
>
>
> ----------------------------------------------------------------------------------------------------
>
> grouping i2nsf-nsf-capability-info - p. 15-16
>
>
> https://tools.ietf.org/html/draft-ietf-i2nsf-registration-interface-dm-03#page-16
>
>
>
>
> group i2nsf-nsf-capability-info {
>
>   description
>
>   "Detail information of an NSF";
>
>   container i2nsf-capability {
>
>     description
>
>       "ietf i2nsf capability information";
>
>     uses "capa:nsf-capabilities";
>
>     reference "draft-ietf-i2nsf-capability-data-model-04";
>
>   }
>
>   container nsf-performance-capability {
>
>     description
>
>       "performance capability";
>
>     uses i2nsf-nsf-performance-capability;
>
>   }
>
> }
>
>
>
>
> ----------------------------------------------------------------------------------------------------
>
> Configuration Example 1~6: p. 19
>
>
> https://tools.ietf.org/html/draft-ietf-i2nsf-registration-interface-dm-03#page-19
>
>
>
>
> <ipsec-method>ikeless</ipsec-method>
>
> ############################################################
>
>
>
>       For the configuration of IPsec (e.g., SPD and PAD parameters) for an
> NSF, could you make a YANG code
>
>       for such configuration for Registration interface YANG code and XML
> code like our example in
>
>       Registration interface data model draft?
>
>       We will be able to include your YANG code to accommodate IPsec
> configuration in the revision of our Registration interface data model
> draft.
>
>
>
>       If you have a better way to configure your IPsec configuration into
> Security Controller, please let me know.
>
>
>
>  => For Consumer-facing interface data model, we will include ipsec-method
> (either IKE or IKEless) in
>
>       the revision of Consumer-facing interface data model draft.
>
>       This configuration will let NSFs for a high-level security policy
> make an IPsec tunnel between each pair of NSFs
>
>       along the SFC path (e.g., Firewall -> DPI -> DDoS Attack Mitigator).
>
>
>
>       I think your students can work with my students at SKKU for the test
> of this integration and test.
>
>       My Ph.D student, Jinyong (Tim) Kim, is in charge of the
> implementation and test.
>
>
>
>       If you have questions, please let me know.
>
>
>
>       Thanks.
>
>
>
>       Best Regards,
>
>       Paul
>
>
>
> Best regards, Gabi.
>
>
>
>
>
> I hope we can publish them before the IETF-105 Montreal meeting. :-)
>
>
>
> Thanks.
>
>
>
> Best Regards,
>
> Paul
>
> --
>
> ===========================
> Mr. Jaehoon (Paul) Jeong, Ph.D.
> Associate Professor
> Department of Software
> Sungkyunkwan University
> Office: +82-31-299-4957
> Email: jaehoon.paul@gmail.com, pauljeong@skku.edu
> Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php
> <http://cpslab.skku.edu/people-jaehoon-jeong.php>
>
> _______________________________________________
> I2nsf mailing list
> I2nsf@ietf.org
> https://www.ietf.org/mailman/listinfo/i2nsf
>
>
>
> -----------------------------------------------------------
> Gabriel López Millán
> Departamento de Ingeniería de la Información y las Comunicaciones
> University of Murcia
> Spain
> Tel: +34 868888504
> Fax: +34 868884151
> email: gabilm@um.es <gabilm@um.es>;
>
>
>
>
>
>
>
>
>
>
> --
>
> ===========================
> Mr. Jaehoon (Paul) Jeong, Ph.D.
> Associate Professor
> Department of Software
> Sungkyunkwan University
> Office: +82-31-299-4957
> Email: jaehoon.paul@gmail.com, pauljeong@skku.edu
> Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php
> <http://cpslab.skku.edu/people-jaehoon-jeong.php>
>
>
>
>
> --
>
> ===========================
> Mr. Jaehoon (Paul) Jeong, Ph.D.
> Associate Professor
> Department of Software
> Sungkyunkwan University
> Office: +82-31-299-4957
> Email: jaehoon.paul@gmail.com, pauljeong@skku.edu
> Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php
> <http://cpslab.skku.edu/people-jaehoon-jeong.php>
>


-- 
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Associate Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.paul@gmail.com, pauljeong@skku.edu
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php
<http://cpslab.skku.edu/people-jaehoon-jeong.php>