[I2nsf] 答复: WGLC and IPR poll for draft-ietf-i2nsf-sdn-ipsec-flow-protection-04

"Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com> Mon, 13 May 2019 02:00 UTC

Return-Path: <frank.xialiang@huawei.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E30D12012D for <i2nsf@ietfa.amsl.com>; Sun, 12 May 2019 19:00:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WADJXdiKz1_1 for <i2nsf@ietfa.amsl.com>; Sun, 12 May 2019 19:00:09 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAB0112008D for <i2nsf@ietf.org>; Sun, 12 May 2019 19:00:08 -0700 (PDT)
Received: from lhreml707-cah.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id 336D332E0D6AA22EF611; Mon, 13 May 2019 03:00:06 +0100 (IST)
Received: from lhreml708-chm.china.huawei.com (10.201.108.57) by lhreml707-cah.china.huawei.com (10.201.108.48) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 13 May 2019 03:00:04 +0100
Received: from lhreml708-chm.china.huawei.com (10.201.108.57) by lhreml708-chm.china.huawei.com (10.201.108.57) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Mon, 13 May 2019 03:00:03 +0100
Received: from DGGEMM423-HUB.china.huawei.com (10.1.198.40) by lhreml708-chm.china.huawei.com (10.201.108.57) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1713.5 via Frontend Transport; Mon, 13 May 2019 03:00:03 +0100
Received: from DGGEMM531-MBS.china.huawei.com ([169.254.6.202]) by dggemm423-hub.china.huawei.com ([10.1.198.40]) with mapi id 14.03.0439.000; Mon, 13 May 2019 09:59:51 +0800
From: "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>
To: Gabriel Lopez <gabilm@um.es>, "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
CC: "i2nsf@ietf.org" <i2nsf@ietf.org>, "skku_secu-brain_all@googlegroups.com" <skku_secu-brain_all@googlegroups.com>, Linda Dunbar <linda.dunbar@huawei.com>, =?utf-8?B?RmVybmFuZG8gUGVyZcOxw61ndWV6IEdhcmPDrWE=?= <fernando.pereniguez@cud.upct.es>, Yoav Nir <ynir.ietf@gmail.com>, "Rafa Marin Lopez" <rafa@um.es>, "Diego R. Lopez" <diego.r.lopez@telefonica.com>
Thread-Topic: [I2nsf] WGLC and IPR poll for draft-ietf-i2nsf-sdn-ipsec-flow-protection-04
Thread-Index: AdT1LThqzmgVobBpQv6JyYX9XtHDxAQ/47uAAAWbIQAACUrTAAAYCqCAAD2HIIAAW52k0A==
Date: Mon, 13 May 2019 01:59:50 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F12CA71ADC@DGGEMM531-MBS.china.huawei.com>
References: <4A95BA014132FF49AE685FAB4B9F17F66B3869DE@sjceml521-mbs.china.huawei.com> <CAPK2DeyWU8gyQd+cEMg3bef-CybJvVRr1eF2br1h-LPAy34=Xw@mail.gmail.com> <40D323E6-AEFD-47AF-9E81-F5B55D7D7E14@um.es> <CAPK2DeyG2zd-8qjYEzKXGDUEj_zW=X6X2qL63Zd159y9VZJmTg@mail.gmail.com> <867C4A23-0335-4B5A-8FB2-430FBF77E990@um.es> <CAPK2DexPHcX6HdNeZE_pBTUeFXw3dOQmV1B=spOJ6EAPOTzuMg@mail.gmail.com>
In-Reply-To: <CAPK2DexPHcX6HdNeZE_pBTUeFXw3dOQmV1B=spOJ6EAPOTzuMg@mail.gmail.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.134.159.76]
Content-Type: multipart/related; boundary="_004_C02846B1344F344EB4FAA6FA7AF481F12CA71ADCDGGEMM531MBSchi_"; type="multipart/alternative"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/jZ7_7h_PgwEcIc_TxLkfyL7HDjw>
Subject: [I2nsf] =?utf-8?b?562U5aSNOiAgV0dMQyBhbmQgSVBSIHBvbGwgZm9yIGRy?= =?utf-8?q?aft-ietf-i2nsf-sdn-ipsec-flow-protection-04?=
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 May 2019 02:00:13 -0000

Hi Gabi,
I think the latest update about the wrapping IPSec model in I2NSF-NSF-Facing interface model reflects and addresses the issue raised in last IETF meeting in Prague, see:
https://datatracker.ietf.org/meeting/104/materials/slides-104-i2nsf-model-convergence-proposal-00

In summary, it tries to keep the I2NSF capability data model as the basic and only one entry point for all the specific capability model (i.e., IPSec, IDS, etc.) consistently, while ensure independent configuration model for each specific model.
We think this is a good proposal and are addressing it.

B.R.
Frank

夏靓 (Frank Xia)
IP安全标准专家  -  数据通信标准专利部
华为技术有限公司
Tel : +86 25 56624539  /  139138 40549
Email : frank.xialiang@huawei.com
[cid:image001.png@01D50972.8E28D4E0]

This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!

发件人: I2nsf [mailto:i2nsf-bounces@ietf.org] 代表 Mr. Jaehoon Paul Jeong
发送时间: 2019年5月11日 21:59
收件人: Gabriel Lopez <gabilm@um.es>;
抄送: i2nsf@ietf.org; skku_secu-brain_all@googlegroups.com; Linda Dunbar <linda.dunbar@huawei.com>;; Fernando Pereñíguez García <fernando.pereniguez@cud.upct.es>;; Yoav Nir <ynir.ietf@gmail.com>;; Rafa Marin Lopez <rafa@um.es>;; Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com>;
主题: Re: [I2nsf] WGLC and IPR poll for draft-ietf-i2nsf-sdn-ipsec-flow-protection-04

Hi Gabriel,
Yes, I think the current ipsec-ietf-ike and ipsec-ietf-ikeless without change will be fine to our I2NSF interfaces
after I discuss with my student, Jinyong.

Our Registration Interface with capability data model will register into Security Controller
whether an NSF can support ipsec or not, and also in the case of the support of ipsec
whether an NSF can support ike or ikeless.

The NSF-Facing will do the same thing for an NSF rather than the actual configuration of ipsec stuff.
I assume that the detailed ipsec configuration will be done by your ipsec modules.

Thanks.

Best Regards,
Paul

On Fri, May 10, 2019 at 5:37 PM Gabriel Lopez <gabilm@um.es<mailto:gabilm@um.es>> wrote:
Hi Paul.

The ipsec-ietf-ike and ipsec-ietf-ikeless modules are standalone modules that can be used in the facing interface. We do not understand why do you need to include them in the nsf-facing interface data model.

The idea of having a data model with all the security services a nfs can support is not practical and can turns into a huge complex model. Do you have in mind to include also configuration groupings for TLS, SSH, IDS, ACLs, etc.?

Best regards, Gabi.


El 9 may 2019, a las 23:09, Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>> escribió:

Hi Gabriel,
we need to make ipsec-ike and ipsec-ikeless be grouping type so that your ipsec module can be imported by our data modules for two ipsec cases.
The container type cannot be imported by other data modules.

Thanks.

Best Regards,
Paul


2019년 5월 10일 (금) 오전 1:43, Gabriel Lopez <gabilm@um.es<mailto:gabilm@um.es>>님이 작성:
Hi Paul.

Could you explain what is the purpose of this change?

Best regards, Gabi.


El 9 may 2019, a las 16:02, Mr. Jaehoon Paul Jeong <jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>> escribió:

Hi Authors: Rafa, Gabriel, and Fernando,

I have a request to let your authors revise i2nsf ipsec draft
(draft-ietf-i2nsf-sdn-ipsec-flow-protection-04)
in order to conform to our i2nsf interface data models.
For your YANG data module to be used in our NSF-Facing Interface data model through import,
your YANG data module needs some modification as follows.

########### Original Code #############
container ikev2 {
   .....
}

container ietf-ipsec {
   ....
}

########### Modified Code #############

grouping ipsec-ike {
   ...
}

grouping ipsec-ikeless {
   ...
}

container ikev2 {
 description "Configure the IKEv2 software";
 uses ipsec-ike;
}

container ietf-ipsec {
 description "IPsec configuration";
 uses ipsec-ikeless;
}

With your modification, my SKKU team will modify our YANG data models
to accommodate your ipsec data model.

If you have any questions, please let me know.

Thank you.

Best Regards,
Paul

On Wed, Apr 17, 2019 at 11:54 PM Linda Dunbar <linda.dunbar@huawei.com<mailto:linda.dunbar@huawei.com>> wrote:
Hello Working Group,

This email starts a four weeks Working Group Last Call on draft-ietf-i2nsf-sdn-ipsec-flow-protection-04.
This poll runs until May 15, 2019.

Authors: please update the draft per the comments and suggestions from YANG Doctors.

We are also polling for knowledge of any undisclosed IPR that applies to this Document, to ensure that IPR has been disclosed in compliance with IETF IPR rules (see RFCs 3979, 4879, 3669 and 5378 for more details).
If you are listed as an Author or a Contributor of this Document please respond to this email and indicate whether or not you are aware of any relevant undisclosed IPR. The Document won't progress without answers from all the Authors and Contributors.

If you are not listed as an Author or a Contributor, then please explicitly respond only if you are aware of any IPR that has not yet been disclosed in conformance with IETF rules.


Thank you.

Yoav & Linda
_______________________________________________
I2nsf mailing list
I2nsf@ietf.org<mailto:I2nsf@ietf.org>
https://www.ietf.org/mailman/listinfo/i2nsf


--
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Associate Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>, pauljeong@skku.edu<mailto:pauljeong@skku.edu>
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php<http://cpslab.skku.edu/people-jaehoon-jeong.php>

-----------------------------------------------------------
Gabriel López Millán
Departamento de Ingeniería de la Información y las Comunicaciones
University of Murcia
Spain
Tel: +34 868888504
Fax: +34 868884151
email: gabilm@um.es<mailto:gabilm@um.es>


-----------------------------------------------------------
Gabriel López Millán
Departamento de Ingeniería de la Información y las Comunicaciones
University of Murcia
Spain
Tel: +34 868888504
Fax: +34 868884151
email: gabilm@um.es<mailto:gabilm@um.es>





--
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Associate Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.paul@gmail.com<mailto:jaehoon.paul@gmail.com>, pauljeong@skku.edu<mailto:pauljeong@skku.edu>
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php<http://cpslab.skku.edu/people-jaehoon-jeong.php>