%% You should probably cite rfc9061 instead of this I-D. @techreport{ietf-i2nsf-sdn-ipsec-flow-protection-14, number = {draft-ietf-i2nsf-sdn-ipsec-flow-protection-14}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-i2nsf-sdn-ipsec-flow-protection/14/}, author = {Rafael Marin-Lopez and Gabriel Lopez-Millan and Fernando Pereniguez-Garcia}, title = {{A YANG Data Model for IPsec Flow Protection Based on Software-Defined Networking (SDN)}}, pagetotal = 90, year = 2021, month = mar, day = 25, abstract = {This document describes how to provide IPsec-based flow protection (integrity and confidentiality) by means of an Interface to Network Security Function (I2NSF) Controller. It considers two main well-known scenarios in IPsec: gateway-to-gateway and host-to-host. The service described in this document allows the configuration and monitoring of IPsec Security Associations (IPsec SAs) from an I2NSF Controller to one or several flow-based Network Security Functions (NSFs) that rely on IPsec to protect data traffic. This document focuses on the I2NSF NSF-Facing Interface by providing YANG data models for configuring the IPsec databases, namely Security Policy Database (SPD), Security Association Database (SAD), Peer Authorization Database (PAD), and Internet Key Exchange Version 2 (IKEv2). This allows IPsec SA establishment with minimal intervention by the network administrator. This document defines three YANG modules, but it does not define any new protocol.}, }