[I2nsf] Side Meeting for I2NSF WG
"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Thu, 21 November 2019 03:01 UTC
Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD4FE120919 for <i2nsf@ietfa.amsl.com>; Wed, 20 Nov 2019 19:01:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.987
X-Spam-Level:
X-Spam-Status: No, score=-1.987 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_HK_NAME_FM_MR_MRS=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MZOzyrgW2HUU for <i2nsf@ietfa.amsl.com>; Wed, 20 Nov 2019 19:01:49 -0800 (PST)
Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4358C1207FF for <i2nsf@ietf.org>; Wed, 20 Nov 2019 19:01:49 -0800 (PST)
Received: by mail-wr1-x436.google.com with SMTP id b18so2443566wrj.8 for <i2nsf@ietf.org>; Wed, 20 Nov 2019 19:01:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=s9TSNSzneZdrxuR1ZBLCKPiN4WXTERtuXae6AW4V1CY=; b=lpSs3PJTLhEZKE7q8x5U8+8KhfdAo/F4K0AWSPstrO7PJcqnoyqef5DxWv9Riecci6 ZZl74adbnXsMeT2RaZwzYgya8JtgKciSlPTLyvb+xIilOPkJnud4JifdkrNgXJgSu+LD 0Yd/lGRu6Z0B+NEPMEIAy7fzWltTh81CTDABogBFQ8/Yj+seZmJgjywmdWSdo9ne92bm E2CsgSSgOEVPhWJei3niY0qjvNIDXM/JmT2KP+0ROj/aCe1ShMVxnTI2uOmu4fMMe9yw KKi99SgMbTjpk/D/97Qc4rxWhBsiTTlYouIZa31Bd25t+BK0VRWrDu3LY7BaixoQkYqm mMNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=s9TSNSzneZdrxuR1ZBLCKPiN4WXTERtuXae6AW4V1CY=; b=F3okh6wVO/sTUCa92qvDcrmvfMRzWfXA5xXNY+hazeFYqWoxi0923VSOPlauouFJBM BLCWSg/PKfVAs8cKrlC+ImzBF8wWbKaUfmrIiuQmF7YrYoUaSNxVLW8gPKv1Nn3J9tFq mYZu6NouHAavM5ckfqgMWg7SxGfhOatZ5g9rrS7lTCKnX/8ey65fERvxG61BwTsQRnUu yaZW8jp9Qp2S1Q6IcjWGjfhUbpVEScO6vmbBfTqBS7Mvt2h6gSVgl6L8naVzP4PbaCJp P2KM9ScOke3pLzAof7e96vYJCxJHpc0xa+Qeuo/UB4mqB2M85HwPZqPWlcTCv4/GqKWX Rd6w==
X-Gm-Message-State: APjAAAXSawX+WNG4BuI9y1BhRdtcekrL9hQfsGNKEE+PjGhymvqu2vxE TquIuKlal0lDWRqkSBappaYMTlD1HmM9BWW44rAKrn8QN9k=
X-Google-Smtp-Source: APXvYqwE1EwFmERhhbg858rRG1b/nfhciql6ryvIeBCFgp0kmBXKADXTOVOvqL/hA29cfwHFIM0BWmV/maqhLzSFtZI=
X-Received: by 2002:adf:e2cc:: with SMTP id d12mr7195719wrj.168.1574305307103; Wed, 20 Nov 2019 19:01:47 -0800 (PST)
MIME-Version: 1.0
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Thu, 21 Nov 2019 11:01:11 +0800
Message-ID: <CAPK2Dey7WQvvVC_=1Rk7toWBY2JUSeka_fSWCmpLd0b=Tv3JLA@mail.gmail.com>
To: "i2nsf@ietf.org" <i2nsf@ietf.org>
Cc: Roman Danyliw <rdd@cert.org>, "Ciavaglia, Laurent (Nokia - FR/Paris-Saclay)" <laurent.ciavaglia@nokia.com>, Jérôme François <jerome.francois@inria.fr>, Qin Wu <bill.wu@huawei.com>, skku-iotlab-members <skku-iotlab-members@googlegroups.com>
Content-Type: multipart/alternative; boundary="000000000000991a310597d28462"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/e_FJ8CoE5sp1-jOFUFjgYF4lyjg>
Subject: [I2nsf] Side Meeting for I2NSF WG
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2019 03:01:52 -0000
Hi I2NSF WG, There will be a side meeting for I2NSF WG's next steps from 6PM to 7PM today at Bras Basah. https://datatracker.ietf.org/meeting/106/floor-plan?room=bras-basah#raffles-city-convention-center * Agenda for I2NSF Side Meeting - I2NSF Hackathon Project Report (Jaehoon Paul Jeong, 5 min) - I2NSF Data Model Drafts Update (Jaehoon Paul Jeong, 10 min) . I2NSF Capability YANG Data Model . I2NSF Consumer-Facing Interface YANG Data Model . I2NSF Network Security Function-Facing Interface YANG Data Model . I2NSF Registration Interface YANG Data Model . I2NSF NSF Monitoring YANG Data Model - Security Policy Translator Draft Update (Chaehong Chung, 5 min) - Open Discussion: Possible Work Items for I2NSF Rechartering (30 min) I will report the progress of data model drafts. I would like to discuss the rechartering of I2NSF WG with you. I suggest four work items as the 2nd phase I2NSF. 1. YANG data model of the interface between I2NSF Security Controller and SDN Switch Controller 2. YANG data model of the interface between I2NSF Security Controller and SFC Classifier 3. Configuration of Advanced Security Functions with I2NSF Security Controller 4. Policy Object for Interface to Network Security Functions (I2NSF) Let me explain why each of them is important for I2NSF. 1. YANG data model of the interface between I2NSF Security Controller and SDN Switch Controller According to the I2NSF Applicability Draft and I2NSF Hackathon Project, the SDN switches can perform simple packet filtering and the firewall NSF can perform complicated packet filtering. For this two separated packet filtering, the security policy about a traffic flow should be delivered to an SDN Switch Controller. For the delivery of a security policy to the SDN network, the interface between the I2NSF Security Controller and the SDN Switch Controller is needed. 2. YANG data model of the interface between I2NSF Security Controller and SFC Classifier According to the I2NSF Applicability Draft and I2NSF Hackathon Project, a security policy (e.g., time-based web filtering) requires a Service Function Chaining (SFC) such as firewall and web filter. For this SFC path specification of a security policy, a security about a traffic flow should be delivered to an SFC Classifier. For the delivery of a security policy to specify the service function path in the SFC Classifier, the interface between the I2NSF Security Controller and the SFC Classifier is needed. 3. Configuration of Advanced Security Functions with I2NSF Security Controller (https://tools.ietf.org/html/draft-dong-i2nsf-asf-config-01) With the current NSF-Facing Interface, we can configure basic security functions, such as firewall, deep packet inspection, and DDoS attack mitigator. For rich network security functions, the YANG data model of advanced security services needs to be developed. 4. Policy Object for Interface to Network Security Functions (I2NSF) (https://tools.ietf.org/html/draft-xia-i2nsf-security-policy-object-01) Policy objects for I2NSF security policy rules can provide the I2NSF system with reusability for security policy construction by defining essential attributes for each policy object. This will be useful for security policy rule generation in the I2NSF system. Welcome your feedback. Thanks. Best Regards, Paul
- [I2nsf] Side Meeting for I2NSF WG Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Side Meeting for I2NSF WG Diego R. Lopez
- Re: [I2nsf] Side Meeting for I2NSF WG Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Side Meeting for I2NSF WG Mr. Jaehoon Paul Jeong
- Re: [I2nsf] Side Meeting for I2NSF WG Linda Dunbar