[netmod] ECA Policy: Relationship with I2NSF YANG capability-data-model
Qin Wu <bill.wu@huawei.com> Tue, 09 March 2021 04:07 UTC
Return-Path: <bill.wu@huawei.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AEC43A0E32; Mon, 8 Mar 2021 20:07:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7yBgcBqKMFMT; Mon, 8 Mar 2021 20:07:47 -0800 (PST)
Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F2803A0E30; Mon, 8 Mar 2021 20:07:47 -0800 (PST)
Received: from fraeml702-chm.china.huawei.com (unknown [172.18.147.207]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4DvhNW5MxFz67wws; Tue, 9 Mar 2021 12:01:47 +0800 (CST)
Received: from fraeml702-chm.china.huawei.com (10.206.15.51) by fraeml702-chm.china.huawei.com (10.206.15.51) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2106.2; Tue, 9 Mar 2021 05:07:42 +0100
Received: from DGGEML403-HUB.china.huawei.com (10.3.17.33) by fraeml702-chm.china.huawei.com (10.206.15.51) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.2106.2 via Frontend Transport; Tue, 9 Mar 2021 05:07:42 +0100
Received: from DGGEML511-MBS.china.huawei.com ([169.254.4.181]) by DGGEML403-HUB.china.huawei.com ([fe80::74d9:c659:fbec:21fa%31]) with mapi id 14.03.0513.000; Tue, 9 Mar 2021 12:05:25 +0800
From: Qin Wu <bill.wu@huawei.com>
To: "pauljeong@skku.edu" <pauljeong@skku.edu>, "i2nsf@ietf.org" <i2nsf@ietf.org>, "netmod@ietf.org" <netmod@ietf.org>, "draft-ietf-i2nsf-capability-data-model@ietf.org" <draft-ietf-i2nsf-capability-data-model@ietf.org>, "draft-ietf-netmod-eca-policy@ietf.org" <draft-ietf-netmod-eca-policy@ietf.org>
Thread-Topic: ECA Policy: Relationship with I2NSF YANG capability-data-model
Thread-Index: AdcUmOrGLG+NBoqATgansS8BtVSEKw==
Date: Tue, 09 Mar 2021 04:05:23 +0000
Message-ID: <B8F9A780D330094D99AF023C5877DABAADE4CB00@dggeml511-mbs.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.123.117]
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/yvVc_aId86PaAXDds1KIBvGsKGQ>
Subject: [netmod] ECA Policy: Relationship with I2NSF YANG capability-data-model
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Mar 2021 04:07:49 -0000
Hi, One of issues raised on draft-ietf-netmod-eca-policy-00 during adoption call is Relationship with I2NSF YANG capability-data-model. I believe two work in I2NSF WG are related to draft-ietf-netmod-eca-policy (https://tools.ietf.org/html/draft-ietf-netmod-eca-policy-01). 1. RFC8329, which define ECA as Imperative paradigm related to data packet or data flow treatment, three clause are defined a. An Event clause is used to trigger the evaluation of the Condition clause of the I2NSF Policy Rule. b. A Condition clause is used to determine whether or not the set of Actions in the I2NSF Policy Rule can be executed or not. c. An Action clause defines the type of operations that may be performed on this packet or flow. I think this ECA paradigm is also security policy specific, not generic enough 2. draft-ietf-i2nsf-capability-data-model, which use RFC8529 as basis for the design of the capability model in draft-ietf-i2nsf-capability-data-model; Here is the ECA definition we proposed in draft-ietf-netmod-eca-policy a. The event is defined as one related to datastore subscription or event stream subscription. b. Condition: Condition can be seen as a logical test that, if satisfied or evaluated to be true, causes the action to be carried out. c. Action: Update or invocation on local managed object attributes. As you can see ECA is not tied to specific technology, to clarify the relationship with I2NSF YANG capability-data-model, we think NSF can be an example use case for draft-ietf-netmod-eca-policy. Let us know if this proposal make sense to you. Thanks! -Qin (on behalf of authors) -----邮件原件----- 发件人: netmod [mailto:netmod-bounces@ietf.org] 代表 Qin Wu 发送时间: 2020年12月23日 22:30 收件人: tom petch <ietfc@btconnect.com>; Dhruv Dhody <dhruv.ietf@gmail.com>; Lou Berger <lberger@labn.net> 抄送: NetMod WG Chairs <netmod-chairs@ietf.org>; NETMOD Group <netmod@ietf.org> 主题: Re: [netmod] Adoption poll for draft-wwx-netmod-event-yang-10 Hi, Tom: -----邮件原件----- 发件人: netmod [mailto:netmod-bounces@ietf.org] 代表 tom petch 发送时间: 2020年12月23日 19:14 收件人: Dhruv Dhody <dhruv.ietf@gmail.com>; Lou Berger <lberger@labn.net> 抄送: NetMod WG Chairs <netmod-chairs@ietf.org>; NETMOD Group <netmod@ietf.org> 主题: Re: [netmod] Adoption poll for draft-wwx-netmod-event-yang-10 From: netmod <netmod-bounces@ietf.org> on behalf of Dhruv Dhody <dhruv.ietf@gmail.com> Sent: 21 December 2020 17:12 Hi Lou, WG, I find the motivation in the Introduction to be focused on ECA at the network devices (with all the talk about issues with Centralized network management). I see the value of ECA on the controller as well, say a customer network controller or an orchestrator can set the ECA on a central controller (reference ACTN in TEAS WG). Perhaps you would consider adding a sentence to describe this as well. The client-server terminology in the rest of the document covers it already. And I do see value in this and support adoption. <tp> My take is that the I-D is unclear on what ECA is. [Qin]: Thanks Tom, Adrian raised the similar issue about the abstract improvement and we will address this in v-01. ECA has been worked on in at least two IETF WG AFAICT. It cropped up in I2RS but as I recall, it was along the lines of 'This is ECA' 'No It is not' 'Yes it is' which gave me the impression that ECA is not a well-defined, or well-understood, term. More recently, I2NSF have produced a YANG capability-data-model which is 55 pages of ECA. Lacking a definition in this netmod I-D, I am unclear what the relationship is between the I2NSF I-D and the netmod I-D, whether or not they are using ECA in the same sense. [Qin]: I haven't followed closely on what had been done in I2NSF. But I did talk with two of I2NSF proponents in this year. They tend to agree the model proposed in draft-wwx will serve as the basis for I2NSF security policy model or NSF facing interface DM. Unfortunately I haven't seen their update to do the alignment. I missed their I2NSF recharter discussion meeting. But I would also highly recommend they import the model in draft-wwx and reuse some of these building block. I plan to raise this issue later on. For I2RS model, it was packet forwarding policy model, which has been expired for many years. If that draft needs to be revived, I think we can follow the similar approach for I2NSF security policy model. Thanks! Dhruv On Tue, Dec 8, 2020 at 3:59 AM Lou Berger <lberger@labn.net> wrote: > > This email begins a 2-week adoption poll for: > > https://tools.ietf.org/html/draft-wwx-netmod-event-yang-10 > > Please voice your support or technical objections on list before the > end of December 21, any time zone. > > Thank you! > > Netmod Chairs > > PS Note the IPR poll is running concurrently as the private response > all indicated that no IPR exists. The draft will not be formally > adopted until both the IPR and WG polls are complete. > > > _______________________________________________ > netmod mailing list > netmod@ietf.org > https://www.ietf.org/mailman/listinfo/netmod _______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod _______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod _______________________________________________ netmod mailing list netmod@ietf.org https://www.ietf.org/mailman/listinfo/netmod
- [netmod] ECA Policy: Relationship with I2NSF YANG… Qin Wu
- Re: [netmod] ECA Policy: Relationship with I2NSF … Mr. Jaehoon Paul Jeong