Re: [I2nsf] Side Meeting for I2NSF WG

"Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com> Thu, 21 November 2019 10:03 UTC

Return-Path: <jaehoon.paul@gmail.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E731120A3A for <i2nsf@ietfa.amsl.com>; Thu, 21 Nov 2019 02:03:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.987
X-Spam-Level:
X-Spam-Status: No, score=-1.987 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_HK_NAME_FM_MR_MRS=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZrYJgg6yx0rN for <i2nsf@ietfa.amsl.com>; Thu, 21 Nov 2019 02:03:21 -0800 (PST)
Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE49D1208B0 for <i2nsf@ietf.org>; Thu, 21 Nov 2019 02:03:19 -0800 (PST)
Received: by mail-wr1-x42d.google.com with SMTP id z3so3610722wru.3 for <i2nsf@ietf.org>; Thu, 21 Nov 2019 02:03:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yUKa3IaAIIzPoxXY0I29GRBQxkHSdGl6O1yaA+I4enI=; b=fTHxLEgHiLTiRO1251UYrfcJblNym5xBSMceDAcLK3fiWWgPMd33UvPqqzcstAk+Es Q7ulGQHl/Xx1Nk3qwcizSfDiedXkhE+espAhJAfq1Iuca7EGr3My6w6ibQ/HfciW/IZO 4GkOMWPZgCdGGpmdECsm2kc7J9qEhpb9KWcWqqwB8yd9ggN2qnNr9qsFHKS8pt8/HHa0 JJjt2AFQdidh6FZjyd9RLlEMwu88JpO5NdyCMRCCctuLt6UFoU9pKZ2HkaUT8qol+E7b n/fUBqYM2Ddi0/5ajfM1vNzd/leT2wNHDBH5fdaqY/D5ZtPGzPXJxB5Ya/GVX4KEwO/v VEPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yUKa3IaAIIzPoxXY0I29GRBQxkHSdGl6O1yaA+I4enI=; b=VyR8RXlar5Y2Us275oOxntED7sayEHIGh2SxkYksMgu6RXBKUzMNKN12WVnomgG6Gq 47DAzO1ZnBpEcyCLknxfPPddtG0/VnjOl3Dc5hmYFterp0D49WnHZ7ptf9i816CGw2vx 8EH4Wd+rrlK/Yi0ECRNkaQqa4h5joomEbZHoZg+TUCm/Bp3HPadue9a3xnCTGNgwF11A ubF5NidTlxZEzZVWpstLFxdgV3VzwdLDdSu2AMtygCnCydJUJfcLo/yxM+bodORNwpHR lxVrfWP7SXsqtwG7LGBwCppDP18oSHSvGXhn5wXo+Qb9bqK5HJjQZayDtmE1wAV0elyZ fIjw==
X-Gm-Message-State: APjAAAXaGirQNLzfI0bExpBWPoQZZCyuFM58WSRTkhPs5s89aYnIBjN4 B7feDlE8ans3HJl9o5SL9qmdWcpWbi//KY4Y6SMhwAku
X-Google-Smtp-Source: APXvYqyza260dBzfcfvmvLY8GyswjvwVouNz3jBKkRbW2VFuwRvx/eKhDdfXRfI0ExLkrGmKKrpCzwXDhrgrp5P+0aw=
X-Received: by 2002:a5d:490b:: with SMTP id x11mr1976002wrq.111.1574330596030; Thu, 21 Nov 2019 02:03:16 -0800 (PST)
MIME-Version: 1.0
References: <CAPK2Dey7WQvvVC_=1Rk7toWBY2JUSeka_fSWCmpLd0b=Tv3JLA@mail.gmail.com>
In-Reply-To: <CAPK2Dey7WQvvVC_=1Rk7toWBY2JUSeka_fSWCmpLd0b=Tv3JLA@mail.gmail.com>
From: "Mr. Jaehoon Paul Jeong" <jaehoon.paul@gmail.com>
Date: Thu, 21 Nov 2019 19:02:35 +0900
Message-ID: <CAPK2DexwrHNLT-U1EqN93DS3fDBUo4L0FVBRC9FFYZn86L3eLw@mail.gmail.com>
To: "i2nsf@ietf.org" <i2nsf@ietf.org>
Cc: Roman Danyliw <rdd@cert.org>, "Ciavaglia, Laurent (Nokia - FR/Paris-Saclay)" <laurent.ciavaglia@nokia.com>, =?UTF-8?B?SsOpcsO0bWUgRnJhbsOnb2lz?= <jerome.francois@inria.fr>, Qin Wu <bill.wu@huawei.com>, skku-iotlab-members <skku-iotlab-members@googlegroups.com>
Content-Type: multipart/mixed; boundary="000000000000eff6530597d867ee"
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/wx_i8gJQFskdDsXiO0KoIyj3utc>
Subject: Re: [I2nsf] Side Meeting for I2NSF WG
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Nov 2019 10:03:30 -0000

Hi I2NSF WG,
Here are the slides for today's side meeting.

Thanks.

Paul


On Thu, Nov 21, 2019 at 12:01 PM Mr. Jaehoon Paul Jeong <
jaehoon.paul@gmail.com> wrote:

> Hi I2NSF WG,
> There will be a side meeting for I2NSF WG's next steps from 6PM to 7PM
> today at Bras Basah.
>
> https://datatracker.ietf.org/meeting/106/floor-plan?room=bras-basah#raffles-city-convention-center
>
>
> * Agenda for I2NSF Side Meeting
> - I2NSF Hackathon Project Report (Jaehoon Paul Jeong, 5 min)
> - I2NSF Data Model Drafts Update (Jaehoon Paul Jeong, 10 min)
>   . I2NSF Capability YANG Data Model
>   . I2NSF Consumer-Facing Interface YANG Data Model
>   . I2NSF Network Security Function-Facing Interface YANG Data Model
>   . I2NSF Registration Interface YANG Data Model
>   . I2NSF NSF Monitoring YANG Data Model
> - Security Policy Translator Draft Update (Chaehong Chung, 5 min)
> - Open Discussion: Possible Work Items for I2NSF Rechartering (30 min)
>
> I will report the progress of data model drafts.
> I would like to discuss the rechartering of I2NSF WG with you.
>
> I suggest four work items as the 2nd phase I2NSF.
> 1. YANG data model of the interface between I2NSF Security Controller and
> SDN Switch Controller
> 2. YANG data model of the interface between I2NSF Security Controller and
> SFC Classifier
> 3. Configuration of Advanced Security Functions with I2NSF Security
> Controller
> 4.  Policy Object for Interface to Network Security Functions (I2NSF)
>
> Let me explain why each of them is important for I2NSF.
>
> 1.  YANG data model of the interface between I2NSF Security Controller and
> SDN Switch Controller
> According to the I2NSF Applicability Draft and I2NSF Hackathon Project,
> the SDN switches can perform simple packet filtering and the firewall NSF
> can perform complicated packet filtering.
> For this two separated packet filtering, the security policy about a
> traffic flow should be delivered to an SDN Switch Controller.
> For the delivery of a security policy to the SDN network, the interface
> between the I2NSF Security Controller and
> the SDN Switch Controller is needed.
>
> 2.  YANG data model of the interface between I2NSF Security Controller and
> SFC Classifier
> According to the I2NSF Applicability Draft and I2NSF Hackathon Project,
> a security policy (e.g., time-based web filtering) requires a Service
> Function Chaining (SFC) such as
> firewall and web filter.
> For this SFC path specification of a security policy, a security about a
> traffic flow should be delivered to an SFC Classifier.
> For the delivery of a security policy to specify the service function path
> in the SFC Classifier, the interface between
> the I2NSF Security Controller and the SFC Classifier is needed.
>
> 3. Configuration of Advanced Security Functions with I2NSF Security
> Controller
>     (https://tools.ietf.org/html/draft-dong-i2nsf-asf-config-01)
> With the current NSF-Facing Interface, we can configure basic security
> functions, such as firewall, deep packet inspection, and
> DDoS attack mitigator. For rich network security functions,  the YANG data
> model of advanced security services needs to be
> developed.
>
> 4. Policy Object for Interface to Network Security Functions (I2NSF)
>     (https://tools.ietf.org/html/draft-xia-i2nsf-security-policy-object-01
> )
> Policy objects for I2NSF security policy rules can provide the I2NSF
> system with reusability for security policy construction
> by defining essential attributes for each policy object. This will be
> useful for security policy rule generation in the I2NSF system.
>
> Welcome your feedback.
>
> Thanks.
>
> Best Regards,
> Paul
>
>

-- 
===========================
Mr. Jaehoon (Paul) Jeong, Ph.D.
Associate Professor
Department of Software
Sungkyunkwan University
Office: +82-31-299-4957
Email: jaehoon.paul@gmail.com, pauljeong@skku.edu
Personal Homepage: http://iotlab.skku.edu/people-jaehoon-jeong.php
<http://cpslab.skku.edu/people-jaehoon-jeong.php>