I2NSF NSF Monitoring Interface YANG Data Model
draft-ietf-i2nsf-nsf-monitoring-data-model-07
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Active".
|
|
|---|---|---|---|
| Authors | Jaehoon Paul Jeong , Patrick Lingga , Susan Hares , Liang Xia , Henk Birkholz | ||
| Last updated | 2021-03-31 | ||
| Replaces | draft-hong-i2nsf-nsf-monitoring-data-model | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Reviews |
INTDIR Telechat review
(of
-14)
by Donald Eastlake
Ready w/issues
TSVART Last Call review
(of
-12)
by Kyle Rose
Ready w/nits
GENART Last Call review
(of
-12)
by Dale Worley
Ready w/issues
ARTART Last Call review
(of
-12)
by Valery Smyslov
Ready w/issues
YANGDOCTORS Last Call review
(of
-06)
by Andy Bierman
Ready w/issues
YANGDOCTORS Early review
(of
-04)
by Andy Bierman
Almost ready
|
||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | Submitted to IESG for Publication | |
| Document shepherd | Linda Dunbar | ||
| Shepherd write-up | Show Last changed 2021-02-23 | ||
| IESG | IESG state | Publication Requested | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | Roman Danyliw | ||
| Send notices to | dunbar.ll@gmail.com |
draft-ietf-i2nsf-nsf-monitoring-data-model-07
Internet Engineering Task Force M. Veillette, Ed.
Internet-Draft Trilliant Networks Inc.
Intended status: Standards Track A. Pelov, Ed.
Expires: June 22, 2019 I. Petrov, Ed.
Acklio
December 19, 2018
YANG Schema Item iDentifier (SID)
draft-ietf-core-sid-05
Abstract
YANG Schema Item iDentifiers (SID) are globally unique 64-bit
unsigned numbers used to identify YANG items. This document defines
the semantics, the registration, and assignment processes of SIDs.
To enable the implementation of these processes, this document also
defines a file format used to persist and publish assigned SIDs.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 22, 2019.
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
Veillette, et al. Expires June 22, 2019 [Page 1]
Internet-Draft YANG Schema Item iDentifier (SID) December 2018
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology and Notation . . . . . . . . . . . . . . . . . . 3
3. ".sid" file lifecycle . . . . . . . . . . . . . . . . . . . . 4
4. ".sid" file format . . . . . . . . . . . . . . . . . . . . . 7
5. Third party registries . . . . . . . . . . . . . . . . . . . 11
6. Security Considerations . . . . . . . . . . . . . . . . . . . 11
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
7.1. Module registration . . . . . . . . . . . . . . . . . . . 12
7.2. "SID mega-range" registry . . . . . . . . . . . . . . . . 12
7.2.1. "IANA SID Mega-Range" allocation . . . . . . . . . . 13
7.2.2. "RFC SID range assignment" sub-registry . . . . . . . 14
7.2.3. "Specification SID range assignment" sub-registry . . 14
7.3. "YANG module assignment" registry . . . . . . . . . . . . 15
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 16
9.1. Normative References . . . . . . . . . . . . . . . . . . 16
9.2. Informative References . . . . . . . . . . . . . . . . . 16
Appendix A. ".sid" file example . . . . . . . . . . . . . . . . 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26
1. Introduction
Some of the items defined in YANG [RFC7950] require the use of a
unique identifier. In both NETCONF [RFC6241] and RESTCONF [RFC8040],
these identifiers are implemented using names. To allow the
implementation of data models defined in YANG in constrained devices
and constrained networks, a more compact method to identify YANG
items is required. This compact identifier, called SID, is encoded
using a 64-bit unsigned integer. The following items are identified
using SIDs:
o identities
o data nodes (Note: including those part of a YANG template as
defined by the 'yang-data' extension.)
o RPCs and associated input(s) and output(s)
o actions and associated input(s) and output(s)
o notifications and associated information
o YANG modules, submodules and features
Veillette, et al. Expires June 22, 2019 [Page 2]
Internet-Draft YANG Schema Item iDentifier (SID) December 2018
To minimize their size, SIDs are often represented as a difference
between the current SID and a reference SID. Such difference is
called "delta", shorthand for "delta-encoded SID". Conversion from
SIDs to deltas and back to SIDs is a stateless process. Each
protocol implementing deltas must unambiguously define the reference
SID for each YANG item.
SIDs are globally unique numbers, a registration system is used in
order to guarantee their uniqueness. SIDs are registered in blocks
called "SID ranges".
Assignment of SIDs to YANG items can be automated, the recommended
process to assign SIDs is as follows:
1. A tool extracts the different items defined for a specific YANG
module.
2. The list of items is sorted in alphabetical order, 'namespace' in
descending order, 'identifier' in ascending order. The
'namespace' and 'identifier' formats are described in the YANG
module 'ietf-sid-file' defined in Section 4.
3. SIDs are assigned sequentially from the entry point up to the
size of the registered SID range. This approach is recommended
to minimize the serialization overhead, especially when delta
encoding is implemented.
4. If the number of items exceeds the SID range(s) allocated to a
YANG module, an extra range is added for subsequent assignments.
SIDs are assigned permanently, items introduced by a new revision of
a YANG module are added to the list of SIDs already assigned. This
process can also be automated using the same method described above,
only unassigned YANG items are processed at step #3.
Section 3 provides more details about the registration process of
YANG modules and associated SIDs. To enable the implementation of
this registry, Section 4 defines a standard file format used to store
and publish SIDs.
2. Terminology and Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
The following terms are defined in [RFC7950]:
Veillette, et al. Expires June 22, 2019 [Page 3]
quot;;
uses dampening;
uses enable-notification;
}
container i2nsf-nsf-detection-ddos {
if-feature "i2nsf-nsf-detection-ddos";
description
"The container for configuring I2NSF nsf-detection-ddos
notification";
uses enable-notification;
uses dampening;
}
container i2nsf-nsf-detection-session-table-configuration {
description
"The container for configuring I2NSF nsf-detection-session-table
notification";
uses enable-notification;
uses dampening;
}
container i2nsf-nsf-detection-virus {
if-feature "i2nsf-nsf-detection-virus";
description
"The container for configuring I2NSF nsf-detection-virus
notification";
Jeong, et al. Expires October 2, 2021 [Page 71]
Internet-Draft NSF Monitoring Interface YANG Data Model March 2021
uses enable-notification;
uses dampening;
}
container i2nsf-nsf-detection-intrusion {
if-feature "i2nsf-nsf-detection-intrusion";
description
"The container for configuring I2NSF nsf-detection-intrusion
notification";
uses enable-notification;
uses dampening;
}
container i2nsf-nsf-detection-botnet {
if-feature "i2nsf-nsf-detection-botnet";
description
"The container for configuring I2NSF nsf-detection-botnet
notification";
uses enable-notification;
uses dampening;
}
container i2nsf-nsf-detection-web-attack {
if-feature "i2nsf-nsf-detection-web-attack";
description
"The container for configuring I2NSF nsf-detection-web-attack
notification";
uses enable-notification;
uses dampening;
}
container i2nsf-nsf-system-access-log {
description
"The container for configuring I2NSF system-access-log
notification";
uses enable-notification;
uses dampening;
}
container i2nsf-system-res-util-log {
description
"The container for configuring I2NSF system-res-util-log
notification";
uses enable-notification;
uses dampening;
}
container i2nsf-system-user-activity-log {
description
"The container for configuring I2NSF system-user-activity-log
notification";
uses enable-notification;
uses dampening;
}
Jeong, et al. Expires October 2, 2021 [Page 72]
Internet-Draft NSF Monitoring Interface YANG Data Model March 2021
container i2nsf-nsf-log-dpi {
if-feature "i2nsf-nsf-log-dpi";
description
"The container for configuring I2NSF nsf-log-dpi
notification";
uses enable-notification;
uses dampening;
}
container i2nsf-nsf-log-vuln-scan {
if-feature "i2nsf-nsf-log-vuln-scan";
description
"The container for configuring I2NSF nsf-log-vuln-scan
notification";
uses enable-notification;
uses dampening;
}
container i2nsf-counter {
description
"This is used to configure the counters
for monitoring an NSF";
leaf period {
type uint16;
units "minutes";
default 0;
description
"The configuration for the period interval of reporting
the counter. If 0, then the counter period is disabled.
If value is not 0, then the counter will be reported
following the period value.";
}
}
}
}
<CODE ENDS>
Figure 2: Data Model of Monitoring
11. I2NSF Event Stream
This section discusses the NETCONF event stream for I2NSF NSF
Monitoring subscription. The YANG module in this document supports
"ietf-subscribed-notifications" YANG module [RFC8639] for
subscription. The reserved event stream name for this document is
"I2NSF-Monitoring". The NETCONF Server (e.g., an NSF) MUST support
"I2NSF-Monitoring" event stream for an NSF data collector (e.g.,
Security Controller and NSF data analyzer). The "I2NSF-Monitoring"
event stream contains all I2NSF events described in this document.
The following example shows the capabilities of the event streams of
Jeong, et al. Expires October 2, 2021 [Page 73]
Internet-Draft NSF Monitoring Interface YANG Data Model March 2021
an NSF (e.g., "NETCONF" and "I2NSF-Monitoring" event streams) by the
subscription of an NSF data collector; note that this example XML
file is delivered by an NSF to an NSF data collector:
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<data>
<netconf xmlns="urn:ietf:params:xml:ns:netmod:notification">
<streams>
<stream>
<name>NETCONF</name>
<description>Default NETCONF Event Stream</description>
<replaySupport>false</replaySupport>
</stream>
<stream>
<name>I2NSF-Monitoring</name>
<description>I2NSF Monitoring Event Stream</description>
<replaySupport>true</replaySupport>
<replayLogCreationTime>2021-03-31T09:37:39+00:00</replayLogCreationTime>
</stream>
</streams>
</netconf>
</data>
</rpc-reply>
Figure 3: Example of NETCONF Server supporting I2NSF-Monitoring Event
Stream
12. XML Examples for I2NSF NSF Monitoring
This section shows the XML examples of I2NSF NSF Monitoring data
delivered via Monitoring Interface from an NSF.
12.1. I2NSF System Detection Alarm
The following example shows an alarm triggered by Memory Usage of the
server; note that this example XML file is delivered by an NSF to an
NSF data collector:
Jeong, et al. Expires October 2, 2021 [Page 74]
Internet-Draft NSF Monitoring Interface YANG Data Model March 2021
<?xml version="1.0" encoding="UTF-8"?>
<notification xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
<eventTime>2021-03-31T07:43:52.181088+00:00</eventTime>
<i2nsf-event xmlns="urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring">
<i2nsf-system-detection-alarm>
<alarm-category xmlns:nsfmi="urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring">
nsfmi:mem-usage-alarm
</alarm-category>
<acquisition-method xmlns:nsfmi="urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring">
nsfmi:subscription
</acquisition-method>
<emission-type xmlns:nsfmi="urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring">
nsfmi:on-change
</emission-type>
<dampening-type xmlns:nsfmi="urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring">
nsfmi:on-repetition
</dampening-type>
<usage>91</usage>
<threshold>90</threshold>
<message>Memory Usage Exceeded The Threshold</message>
<nsf-name>time_based_firewall</nsf-name>
<severity>high</severity>
</i2nsf-system-detection-alarm>
</i2nsf-event>
</notification>
Figure 4: Example of I2NSF System Detection Alarm triggered by Memory
Usage
The XML data above shows:
1. The NSF that sends the information is named
"time_based_firewall".
2. The memory usage of the NSF triggered the alarm.
3. The monitoring information is received by subscription method.
4. The monitoring information is emitted "on-change".
5. The monitoring information is dampened "on-repetition".
6. The memory usage of the NSF is 91 percent.
7. The memory threshold to trigger the alarm is 90 percent.
8. The severity level of the notification is high.
Jeong, et al. Expires October 2, 2021 [Page 75]
Internet-Draft NSF Monitoring Interface YANG Data Model March 2021
12.2. I2NSF Interface Counters
To get the I2NSF system interface counters information by query,
NETCONF Client (e.g., NSF data collector) needs to initiate GET
connection with NETCONF Server (e.g., NSF). The following XML file
can be used to get the state data and filter the information.
<?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<get>
<filter xmlns="urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring">
<i2nsf-counters>
<system-interface/>
Internet-Draft YANG Schema Item iDentifier (SID) December 2018&
o action
o feature
o module
o notification
o RPC
o schema node
o schema tree
o submodule
The following term is defined in [RFC8040]:
o yang-data extension
This specification also makes use of the following terminology:
o delta : Difference between the current SID and a reference SID.
Each protocol that uses delta encoded SIDs MUST define how the
reference SID is obtained.
o item: A schema node, an identity, a module, a submodule or a
feature defined using the YANG modeling language.
o path: A path is a string that identifies a schema node within the
schema tree. A path consists of the list of schema node
identifier(s) separated by slashes ("/"). Schema node
identifier(s) are always listed from the top-level schema node up
to the targeted schema node. (e.g. "/ietf-system:system-
state/clock/current-datetime")
o YANG Schema Item iDentifier (SID): Unsigned integer used to
identify different YANG items.
3. ".sid" file lifecycle
YANG is a language designed to model data accessed using one of the
compatible protocols (e.g. NETCONF [RFC6241], RESCONF [RFC8040] and
CoMI [I-D.ietf-core-comi]). A YANG module defines hierarchies of
data, including configuration, state data, RPCs, actions and
notifications.
Veillette, et al. Expires June 22, 2019 [Page 4]
Internet-Draft YANG Schema Item iDentifier (SID) December 2018
YANG modules are not necessarily created in the context of
constrained applications. YANG modules can be implemented using
NETCONF [RFC6241] or RESTCONF [RFC8040] without the need to assign
SIDs.
As needed, authors of YANG modules can assign SIDs to their YANG
modules. In order to do that, they should first obtain a SID range
from a registry. It could be "RFC SID range assignment" sub-registry
as defined in Section Section 7.2.2, the "Specification SID range
assignment" sub-registry as defined in Section Section 7.2.3 or
another one, depending on the particular case. The minimal
information required for this would be a start SID number and a range
size, but might include additional details depending on the registry
policy, which is outside the scope of this document. Once a SID
range is registered, the owner can use it to generate ".sid" file/s
for his YANG module/s. It is recommended to leave some unallocated
SIDs following the allocated range in each ".sid" file in order to
allow better evolution of the YANG module in the future. Generation
of ".sid" files SHOULD be performed using an automated tool. Note
that ".sid" files can only be generated for YANG modules and not for
submodules.
Registration of the .sid file associated to a YANG module is optional
but recommended to promote interoperability between devices and to
avoid duplicate allocation of SIDs to a single YANG module.
Different registries might have different requirement for the
registration and publication of the ".sid" files.
The following activity diagram summarizes the creation of a YANG
module and its associated .sid file.
+---------------+
O | Creation of a |
-|- ->| YANG module |
/ \ +---------------+
|
V
/-------------\
/ Standardized \ yes
\ YANG module ? /-------------+
\-------------/ |
| no |
V V
/-------------\ +---------------+
/ Constrained \ yes | SID range |
+-->\ application ? /---->| registration |<----------+
| \-------------/ +---------------+ |
| | no | |
Veillette, et al. Expires June 22, 2019 [Page 5]
Internet-Draft YANG Schema Item iDentifier (SID) December 2018
| V V |
| +---------------+ +---------------+ |
+---| YANG module | | SID sub-range | |
| update | | assignment |<----------+
+---------------+ +---------------+ |
| |
V |
+---------------+ +-------------+
| .sid file | | Rework YANG |
| generation | | model |
+---------------+ +-------------+
| ^
V |
/----------\ yes |
/ Work in \ -----------+
\ progress /
\----------/
| no
V
/-------------\ /-------------\
/ RFC \ no / Open \ no
\ publication? /---->\ specification?/---+
\-------------/ \-------------/ |
| yes | yes |
| +---------------+ |
V V V
+---------------+ +---------------+
| IANA | | Third party |
| registration | | registration |
+-------+-------+ +-------+-------+
| |
+---------------------------------+
V
[DONE]
Each time a YANG module or one of its imported module(s) or included
sub-module(s) is updated, the ".sid" file MAY need to be updated.
This update SHOULD also be performed using an automated tool.
If a new revision requires more SIDs than initially allocated, a new
SID range MUST be added to the 'assignment-ranges' as defined in
Section 4. These extra SIDs are used for subsequent assignments.
The following activity diagram summarizes the update of a YANG module
and its associated .sid file.
Veillette, et al. Expires June 22, 2019 [Page 6]
Internet-Draft YANG Schema Item iDentifier (SID) December 2018
+---------------+
O | Update of the |
-|- ->| YANG module |
/ \ | or include(s) |
| or import(s) |
+---------------+
|
V
/-------------\
/ New items \ yes
\ created ? /------+
\-------------/ |
| no V
| /-------------\ +----------------+
| / SID range \ yes | Extra sub-range|
| \ exhausted ? /---->| assignment |
| \-------------/ +----------------+
| | no |
| +---------------------+
| |
| V
| +---------------+
| | .sid file |
| | update based |
| | on previous |
| | .sid file |
| +---------------+
| |
| V
| /-------------\ +---------------+
| / Publicly \ yes | YANG module |
| \ available ? /---->| registration |
| \-------------/ +---------------+
| | no |
+--------------+---------------------+
|
[DONE]
4. ".sid" file format
".sid" files are used to persist and publish SIDs assigned to the
different YANG items of a specific YANG module. The following YANG
module defined the structure of this file, encoding is performed
using the rules defined in [RFC7951].
<CODE BEGINS> file "ietf-sid-file@2017-11-26.yang"
module ietf-sid-file {
Veillette, et al. Expires June 22, 2019 [Page 7]
Internet-Draft YANG Schema Item iDentifier (SID) December 2018
namespace "urn:ietf:params:xml:ns:yang:ietf-sid-file";
prefix sid;
import ietf-yang-types {
prefix yang;
}
import ietf-comi {
prefix comi;
}
organization
"IETF Core Working Group";
contact
"Michel Veillette
<mailto:michel.veillette@trilliant.com>
Andy Bierman
<mailto:andy@yumaworks.com>
Alexander Pelov
<mailto:a@ackl.io>";
description
"This module defines the structure of the .sid files.
Each .sid file contains the mapping between the different
string identifiers defined by a YANG module and a
corresponding numeric value called SID.";
revision 2017-11-26 {
description
"Initial revision.";
reference
"[I-D.ietf-core-sid] YANG Schema Item iDentifier (SID)";
}
typedef revision-identifier {
type string {
pattern '\d{4}-\d{2}-\d{2}';
}
description
"Represents a date in YYYY-MM-DD format.";
}
typedef schema-node-path {
type string {
Veillette, et al. Expires June 22, 2019 [Page 8]
Internet-Draft YANG Schema Item iDentifier (SID) December 2018
pattern
'/[a-zA-Z_][a-zA-Z0-9\-_.]*:[a-zA-Z_][a-zA-Z0-9\-_.]*' +
'(/[a-zA-Z_][a-zA-Z0-9\-_.]*(:[a-zA-Z_][a-zA-Z0-9\-_.]*)?)*';
}
description
"Identifies a schema-node path string for use in the
SID registry. This string format follows the rules
for an instance-identifier, as defined in RFC 7959,
except that no predicates are allowed.
This format is intended to support the YANG 1.1 ABNF
for a schema node identifier, except module names
are used instead of prefixes, as specified in RFC 7951.";
reference
"RFC 7950, The YANG 1.1 Data Modeling Language;
Section 6.5: Schema Node Identifier;
RFC 7951, JSON Encoding of YANG Data;
Section 6.11: The instance-identifier type";
}
leaf module-name {
type yang:yang-identifier;
description
"Name of the YANG module associated with this .sid file.";
}
leaf module-revision {
type revision-identifier;
description
"Revision of the YANG module associated with this .sid file.
This leaf is not present if no revision statement is
defined in the YANG module.";
}
list assigment-ranges {
key "entry-point";
description
"SID range(s) allocated to the YANG module identified by
'module-name' and 'module-revision'.";
leaf entry-point {
type comi:sid;
mandatory true;
description
"Lowest SID available for assignment.";
}
leaf size {
Veillette, et al. Expires June 22, 2019 [Page 9]
Internet-Draft YANG Schema Item iDentifier (SID) December 2018
type uint64;
mandatory true;
description
"Number of SIDs available for assignment.";
}
}
list items {
key "namespace identifier";
description
"Each entry within this list defined the mapping between
a YANG item string identifier and a SID. This list MUST
include a mapping entry for each YANG item defined by
the YANG module identified by 'module-name' and
'module-revision'.";
leaf namespace {
type enumeration {
enum module {
value 0;
description
"All module and submodule names share the same
global module identifier namespace.";
}
enum identity {
value 1;
description
"All identity names defined in a module and its
submodules share the same identity identifier
namespace.";
}
enum feature {
value 2;
description
"All feature names defined in a module and its
submodules share the same feature identifier
namespace.";
}
enum data {
value 3;
description
"The namespace for all data nodes, as defined in YANG.";
}
}
description
"Namespace of the YANG item for this mapping entry.";
}
Veillette, et al. Expires June 22, 2019 [Page 10]
Internet-Draft YANG Schema Item iDentifier (SID) December 2018
leaf identifier {
type union {
type yang:yang-identifier;
type schema-node-path;
}
description
"String identifier of the YANG item for this mapping entry.
If the corresponding 'namespace' field is 'module',
'feature', or 'identity', then this field MUST
contain a valid YANG identifier string.
If the corresponding 'namespace' field is 'data',
then this field MUST contain a valid schema node
path.";
}
leaf sid {
type comi:sid;
mandatory true;
description
"SID assigned to the YANG item for this mapping entry.";
}
}
}
<CODE ENDS>
5. Third party registries
The organization and functioning of third party registries is outside
the scope of the current document. The only limitations connected to
those registries are listed in Section 7.2.
6. Security Considerations
The security considerations of [RFC7049] and [RFC7950] apply.
This document defines a new type of identifier used to encode data
models defined in YANG [RFC7950]. As such, this identifier does not
contribute to any new security issues in addition of those identified
for the specific protocols or contexts for which it is used.
7. IANA Considerations
In this section are given specifications for an entry into the module
registry and two new registries, a SID-range registry and a SID
module registry.
Veillette, et al. Expires June 22, 2019 [Page 11]
Internet-Draft YANG Schema Item iDentifier (SID) December 2018
7.1. Module registration
This document registers one YANG modules in the "YANG Module Names"
registry [RFC6020]:
o name: ietf-sid-file
o namespace: urn:ietf:params:xml:ns:yang:ietf-sid-file
o prefix: sid
o reference: [[THISRFC]]
7.2. "SID mega-range" registry
The name of this registry is "SID mega-range". This registry is used
to record the delegation of the management of a block of SIDs to
third parties (e.g. SDO, registrar).
Each entry in this registry must include:
o The entry point (first entry) of the registered SID range.
o The size of the registered SID range.
o The contact information of the requesting organization including:
o Organization name
o Primary contact name, email address, and phone number
o Secondary contact name, email address, and phone number
The initial entry in this registry is allocated to IANA:
+-------------+---------+-------------------+
| Entry Point | Size | Organization name |
+-------------+---------+-------------------+
| 0 | 1000000 | IANA |
+-------------+---------+-------------------+
The IANA policies for future additions to this registry are
"Hierarchical Allocation, Expert Review" [RFC5226]. Prior to a first
allocation, the requesting organization must demonstrate a functional
registry infrastructure. On subsequent allocation request(s), the
organization must demonstrate the exhaustion of the prior range.
These conditions need to be asserted by the assigned expert(s).
Veillette, et al. Expires June 22, 2019 [Page 12]
Internet-Draft YANG Schema Item iDentifier (SID) December 2018
7.2.1. "IANA SID Mega-Range" allocation
The first million SIDs assigned to IANA is sub-divided as follow:
o The range of 0 to 999 is reserved for future extensions. The IANA
policy for this range is "IETF review" [RFC5226]. This range is
reserved for a future uses and no sub-registries are currently
defined for it.
o The range of 1000 to 59,999 is reserved for YANG modules defined
in RFCs. The IANA policy for future additions to this sub-
registry is "RFC required" [RFC5226]. Allocation within this
range requires publishing of the associated ".yang" and ".sid"
files in the YANG module registry. The allocation within this
range is done during IESG review.
o The range of 60,000 to 99,999 is reserved for experimental YANG
modules. This range MUST NOT be used in operational deployments
since these SIDs are not globally unique which limit their
interoperability. The IANA policy for this range is "Experimental
use" [RFC5226].
o The range of 100,000 to 999,999 is reserved for standardized YANG
modules. The IANA policy for future additions to this sub-
registry is "Specification Required" [RFC5226]. Allocation within
this range requires publishing of the associated ".yang" and
".sid" files in the YANG module registry.
+-------------+---------+------------------------+
| Entry Point | Size | IANA policy |
+-------------+---------+------------------------+
| 0 | 1,000 | IETF review |
| 1,000 | 59,000 | RFC required |
| 60,000 | 40,000 | Experimental use |
| 100,000 | 900,000 | Specification Required |
+-------------+---------+------------------------+
The size of a SID range assigned to a YANG module should be at least
33% above the current number of YANG items. This headroom allows
assignment within the same range of new YANG items introduced by
subsequent revisions. A larger SID range size may be requested by
the authors if this recommendation is considered insufficient. It is
important to note that an extra SID range can be allocated to an
existing YANG module if the initial range is exhausted.
Veillette, et al. Expires June 22, 2019 [Page 13]
Internet-Draft YANG Schema Item iDentifier (SID) December 2018
7.2.2. "RFC SID range assignment" sub-registry
The name of this sub-registry is "RFC SID range assignment". This
sub-registry of "IANA SID Mega-Range" allocation Section 7.2.1
corresponds to the SID entry point 1000, size 59000. Each entry in
this sub-registry must include:
o The SID range entry point.
o The SID range size.
o The YANG module name.
o The RFC number.
Initial entries in this registry are as follows:
+-------------+------+------------------+----------------------+
| Entry Point | Size | Module name | RFC number |
+-------------+------+------------------+----------------------+
| 1000 | 100 | ietf-comi | [I-D.ietf-core-comi] |
| 1100 | 50 | ietf-yang-types | [RFC6021] |
| 1150 | 50 | ietf-inet-types | [RFC6021] |
| 1200 | 50 | iana-crypt-hash | [RFC7317] |
| 1250 | 50 | ietf-netconf-acm | [RFC6536] |
| 1300 | 50 | ietf-sid-file | RFCXXXX |
| 1500 | 100 | ietf-interfaces | [RFC7223] |
| 1600 | 100 | ietf-ip | [RFC7277] |
| 1700 | 100 | ietf-system | [RFC7317] |
| 1800 | 400 | iana-if-type | [RFC7224] |
+-------------+------+------------------+----------------------+
// RFC Ed.: replace XXXX with RFC number assigned to this draft.
For allocation, RFC publication of the module is required as per
[RFC5226]. The YANG module must be registered in the "YANG module
Name" registry according to the rules specified in section 14 of
[RFC6020].
7.2.3. "Specification SID range assignment" sub-registry
The name of this sub-registry is "Specification SID range
assignment". This sub-registry of "IANA SID Mega-Range" allocation
Section 7.2.1 corresponds to the SID entry point 100000, size 900000.
Each entry in this sub-registry must include:
o The SID range entry point.
Veillette, et al. Expires June 22, 2019 [Page 14]
Internet-Draft YANG Schema Item iDentifier (SID) December 2018
o The SID range size.
o The YANG module name.
o The name of the standard organization
o The specification identifier or URI
7.3. "YANG module assignment" registry
The name of this registry is "YANG module assignment". This registry
is used to track which YANG modules have been assigned and the
specific YANG items assignment. Each entry in this registry must
include:
o The YANG module name.
o The associated ".yang" file(s)
o The associated ".sid" file
The validity of the ".yang" and ".sid" files added to this registry
MUST be verified.
o The syntax of the registered ".yang" and ".sid" files must be
valid.
o Each YANG item defined by the registered ".yang" file must have a
corresponding SID assigned in the ".sid" file.
o Each SID is assigned to a single YANG item, duplicate assignment
is not allowed.
o The SID range(s) defined in the ".sid" file must be unique, must
not conflict with any other SID ranges defined in already
registered ".sid" files.
o The ownership of the SID range(s) should be verified.
The IANA policy for future additions to this registry is "First Come
First Served" as described in [RFC5226].
8. Acknowledgments
The authors would like to thank Andy Bierman, Carsten Bormann,
Abhinav Somaraju, Laurent Toutain, Randy Turner and Peter van der
Stok for their help during the development of this document and their
useful comments during the review process.
Veillette, et al. Expires June 22, 2019 [Page 15]
Internet-Draft YANG Schema Item iDentifier (SID) December 2018
9. References
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object
Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049,
October 2013, <https://www.rfc-editor.org/info/rfc7049>.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
RFC 7950, DOI 10.17487/RFC7950, August 2016,
<https://www.rfc-editor.org/info/rfc7950>.
[RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG",
RFC 7951, DOI 10.17487/RFC7951, August 2016,
<https://www.rfc-editor.org/info/rfc7951>.
9.2. Informative References
[I-D.ietf-core-comi]
Veillette, M., Stok, P., Pelov, A., and A. Bierman, "CoAP
Management Interface", draft-ietf-core-comi-04 (work in
progress), November 2018.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", RFC 5226,
DOI 10.17487/RFC5226, May 2008,
<https://www.rfc-editor.org/info/rfc5226>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020,
DOI 10.17487/RFC6020, October 2010,
<https://www.rfc-editor.org/info/rfc6020>.
[RFC6021] Schoenwaelder, J., Ed., "Common YANG Data Types",
RFC 6021, DOI 10.17487/RFC6021, October 2010,
<https://www.rfc-editor.org/info/rfc6021>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>.
Veillette, et al. Expires June 22, 2019 [Page 16]
Internet-Draft YANG Schema Item iDentifier (SID) December 2018
[RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration
Protocol (NETCONF) Access Control Model", RFC 6536,
DOI 10.17487/RFC6536, March 2012,
<https://www.rfc-editor.org/info/rfc6536>.
[RFC7223] Bjorklund, M., "A YANG Data Model for Interface
Management", RFC 7223, DOI 10.17487/RFC7223, May 2014,
<https://www.rfc-editor.org/info/rfc7223>.
[RFC7224] Bjorklund, M., "IANA Interface Type YANG Module",
RFC 7224, DOI 10.17487/RFC7224, May 2014,
<https://www.rfc-editor.org/info/rfc7224>.
[RFC7277] Bjorklund, M., "A YANG Data Model for IP Management",
RFC 7277, DOI 10.17487/RFC7277, June 2014,
<https://www.rfc-editor.org/info/rfc7277>.
[RFC7317] Bierman, A. and M. Bjorklund, "A YANG Data Model for
System Management", RFC 7317, DOI 10.17487/RFC7317, August
2014, <https://www.rfc-editor.org/info/rfc7317>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>.
Appendix A. ".sid" file example
The following .sid file (ietf-system@2014-08-06.sid) have been
generated using the following yang modules:
o ietf-system@2014-08-06.yang
o ietf-yang-types@2013-07-15.yang
o ietf-inet-types@2013-07-15.yang
o ietf-netconf-acm@2012-02-22.yang
o iana-crypt-hash@2014-04-04.yang
{
"assignment-ranges": [
{
"entry-point": 1700,
"size": 100
}
],
"module-name": "ietf-system",
Veillette, et al. Expires June 22, 2019 [Page 17]
Internet-Draft YANG Schema Item iDentifier (SID) December 2018
"module-revision": "2014-08-06",
"items": [
{
"namespace": "module",
"identifier": "ietf-system",
"sid": 1700
},
{
"namespace": "identity",
"identifier": "authentication-method",
"sid": 1701
},
{
"namespace": "identity",
"identifier": "local-users",
"sid": 1702
},
{
"namespace": "identity",
"identifier": "radius",
"sid": 1703
},
{
"namespace": "identity",
"identifier": "radius-authentication-type",
"sid": 1704
},
{
"namespace": "identity",
"identifier": "radius-chap",
"sid": 1705
},
{
"namespace</i2nsf-counters>
</filter>
</get>
</rpc>
Figure 5: XML Example for NETCONF GET with System Interface Filter
The following XML file shows the reply from the NETCONF Server (e.g.,
NSF):
Jeong, et al. Expires October 2, 2021 [Page 76]
Internet-Draft NSF Monitoring Interface YANG Data Model March 2021
<?xml version="1.0" encoding="UTF-8"?>
<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<data>
<i2nsf-counters xmlns="urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring">
<system-interface>
<interface-name>ens3</interface-name>
<acquisition-method xmlns:nsfmi="urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring">
nsfmi:query
</acquisition-method>
<in-total-traffic-bytes>549050</in-total-traffic-bytes>
<out-total-traffic-bytes>814956</out-total-traffic-bytes>
<in-drop-traffic-bytes>0</in-drop-traffic-bytes>
<out-drop-traffic-bytes>5078</out-drop-traffic-bytes>
<nsf-name>time_based_firewall</nsf-name>
</system-interface>
<system-interface>
<interface-name>lo</interface-name>
<acquisition-method xmlns:nsfmi="urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring">
nsfmi:query
</acquisition-method>
<in-total-traffic-bytes>48487</in-total-traffic-bytes>
<out-total-traffic-bytes>48487</out-total-traffic-bytes>
<in-drop-traffic-bytes>0</in-drop-traffic-bytes>
<out-drop-traffic-bytes>0</out-drop-traffic-bytes>
<nsf-name>time_based_firewall</nsf-name>
</system-interface>
</i2nsf-counters>
</data>
</rpc-reply>
Figure 6: Example of I2NSF System Interface Counters XML Information
13. IANA Considerations
This document requests IANA to register the following URI in the
"IETF XML Registry" [RFC3688]:
URI: urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring
Registrant Contact: The IESG.
XML: N/A; the requested URI is an XML namespace.
This document requests IANA to register the following YANG module in
the "YANG Module Names" registry [RFC7950][RFC8525]:
Jeong, et al. Expires October 2, 2021 [Page 77]
Internet-Draft NSF Monitoring Interface YANG Data Model March 2021
name: ietf-i2nsf-nsf-monitoring
namespace: urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring
prefix: nsfmi
reference: RFC XXXX
// RFC Ed.: replace XXXX with an actual RFC number and remove
// this note.
14. Security Considerations
The YANG module described in this document defines a schema for data
that is designed to be accessed via network management protocols such
as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer
is the secure transport layer, and the mandatory-to-implement secure
transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer
is HTTPS, and the mandatory-to-implement secure transport is TLS
[RFC8446].
The NETCONF access control model [RFC8341] provides the means to
restrict access for particular NETCONF or RESTCONF users to a
preconfigured subset of all available NETCONF or RESTCONF protocol
operations and content.
All data nodes defined in the YANG module which can be created,
modified and deleted (i.e., config true, which is the default) are
considered sensitive. Write operations (e.g., edit-config) applied
to these data nodes without proper protection can negatively affect
framework operations. The monitoring YANG module should be protected
by the secure communication channel, to ensure its confidentiality
and integrity. In another side, the NSF and NSF data collector can
all be faked, which lead to undesirable results (i.e., leakage of an
NSF's important operational information, and faked NSF sending false
information to mislead the NSF data collector). The mutual
authentication is essential to protected against this kind of attack.
The current mainstream security technologies (i.e., TLS, DTLS, IPsec,
and X.509 PKI) can be employed appropriately to provide the above
security functions.
In addition, to defend against the DDoS attack caused by a lot of
NSFs sending massive notifications to the NSF data collector, the
rate limiting or similar mechanisms should be considered in both an
NSF and NSF data collector, whether in advance or just in the process
of DDoS attack.
Jeong, et al. Expires October 2, 2021 [Page 78]
Internet-Draft NSF Monitoring Interface YANG Data Model March 2021
15. Acknowledgments
This work was supported by Institute of Information & Communications
Technology Planning & Evaluation (IITP) grant funded by the Korea
MSIT (Ministry of Science and ICT) (R-20160222-002755, Cloud based
Security Intelligence Technology Development for the Customized
Security Service Provisioning). This work was supported in part by
the IITP (2020-0-00395, Standard Development of Blockchain based
Network Management Automation Technology). This work was supported
in part by the MSIT under the Information Technology Research Center
(ITRC) support program (IITP-2020-2017-0-01633) supervised by the
IITP.
16. Contributors
This document is made by the group effort of I2NSF working group.
Many people actively contributed to this document. The authors
sincerely appreciate their contributions.
The following are co-authors of this document:
Chaehong Chung
Department of Electronic, Electrical and Computer Engineering
Sungkyunkwan University
2066 Seo-ro Jangan-gu
Suwon, Gyeonggi-do 16419
Republic of Korea
EMail: darkhong@skku.edu
Jinyong (Tim) Kim
Department of Electronic, Electrical and Computer Engineering
Sungkyunkwan University
2066 Seo-ro Jangan-gu
Suwon, Gyeonggi-do 16419
Republic of Korea
EMail: timkim@skku.edu
Dongjin Hong
Department of Electronic, Electrical and Computer Engineering
Sungkyunkwan University
2066 Seo-ro Jangan-gu
Suwon, Gyeonggi-do 16419
Republic of Korea
Jeong, et al. Expires October 2, 2021 [Page 79]
Internet-Draft NSF Monitoring Interface YANG Data Model March 2021
EMail: dong.jin@skku.edu
Dacheng Zhang
Huawei
EMail: dacheng.zhang@huawei.com
Yi Wu
Aliababa Group
EMail: anren.wy@alibaba-inc.com
Rakesh Kumar
Juniper Networks
1133 Innovation Way
Sunnyvale, CA 94089
USA
EMail: rkkumar@juniper.net
Anil Lohiya
Juniper Networks
EMail: alohiya@juniper.net
17. References
17.1. Normative References
[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
DOI 10.17487/RFC0768, August 1980,
<https://www.rfc-editor.org/info/rfc768>.
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791,
DOI 10.17487/RFC0791, September 1981,
<https://www.rfc-editor.org/info/rfc791>.
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, DOI 10.17487/RFC0792, September 1981,
<https://www.rfc-editor.org/info/rfc792>.
Jeong, et al. Expires October 2, 2021 [Page 80]
Internet-Draft NSF Monitoring Interface YANG Data Model March 2021
[RFC0793] Postel, J., "Transmission Control Protocol", STD 7,
RFC 793, DOI 10.17487/RFC0793, September 1981,
<https://www.rfc-editor.org/info/rfc793>.
[RFC0956] Mills, D., "Algorithms for synchronizing network clocks",
RFC 956, DOI 10.17487/RFC0956, September 1985,
<https://www.rfc-editor.org/info/rfc956>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616,
DOI 10.17487/RFC2616, June 1999,
<https://www.rfc-editor.org/info/rfc2616>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>.
[RFC3877] Chisholm, S. and D. Romascanu, "Alarm Management
Information Base (MIB)", RFC 3877, DOI 10.17487/RFC3877,
September 2004, <https://www.rfc-editor.org/info/rfc3877>.
[RFC3954] Claise, B., Ed., "Cisco Systems NetFlow Services Export
Version 9", RFC 3954, DOI 10.17487/RFC3954, October 2004,
<https://www.rfc-editor.org/info/rfc3954>.
[RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet
Control Message Protocol (ICMPv6) for the Internet
Protocol Version 6 (IPv6) Specification", STD 89,
RFC 4443, DOI 10.17487/RFC4443, March 2006,
<https://www.rfc-editor.org/info/rfc4443>.
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2",
FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,
<https://www.rfc-editor.org/info/rfc4949>.
[RFC5424] Gerhards, R., "The Syslog Protocol", RFC 5424,
DOI 10.17487/RFC5424, March 2009,
<https://www.rfc-editor.org/info/rfc5424>.
Jeong, et al. Expires October 2, 2021 [Page 81]
Internet-Draft NSF Monitoring Interface YANG Data Model March 2021
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>.
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure
Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011,
<https://www.rfc-editor.org/info/rfc6242>.
[RFC6587] Gerhards, R. and C. Lonvick, "Transmission of Syslog
Messages over TCP", RFC 6587, DOI 10.17487/RFC6587, April
2012, <https://www.rfc-editor.org/info/rfc6587>.
[RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types",
RFC 6991, DOI 10.17487/RFC6991, July 2013,
<https://www.rfc-editor.org/info/rfc6991>.
[RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken,
"Specification of the IP Flow Information Export (IPFIX)
Protocol for the Exchange of Flow Information", STD 77,
RFC 7011, DOI 10.17487/RFC7011, September 2013,
<https://www.rfc-editor.org/info/rfc7011>.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
RFC 7950, DOI 10.17487/RFC7950, August 2016,
<https://www.rfc-editor.org/info/rfc7950>.
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017,
<https://www.rfc-editor.org/info/rfc8040>.
[RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", STD 86, RFC 8200,
DOI 10.17487/RFC8200, July 2017,
<https://www.rfc-editor.org/info/rfc8200>.
[RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R.
Kumar, "Framework for Interface to Network Security
Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018,
<https://www.rfc-editor.org/info/rfc8329>.
[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
<https://www.rfc-editor.org/info/rfc8340>.
Jeong, et al. Expires October 2, 2021 [Page 82]
Internet-Draft NSF Monitoring Interface YANG Data Model March 2021
[RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration
Access Control Model", STD 91, RFC 8341,
DOI 10.17487/RFC8341, March 2018,
<https://www.rfc-editor.org/info/rfc8341>.
[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K.,
and R. Wilton, "Network Management Datastore Architecture
(NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018,
<https://www.rfc-editor.org/info/rfc8342>.
[RFC8407] Bierman, A., "Guidelines for Authors and Reviewers of
Documents Containing YANG Data Models", BCP 216, RFC 8407,
DOI 10.17487/RFC8407, October 2018,
<https://www.rfc-editor.org/info/rfc8407>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
[RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K.,
and R. Wilton, "YANG Library", RFC 8525,
DOI 10.17487/RFC8525, March 2019,
<https://www.rfc-editor.org/info/rfc8525>.
[RFC8639] Voit, E., Clemm, A., Gonzalez Prieto, A., Nilsen-Nygaard,
E., and A. Tripathy, "Subscription to YANG Notifications",
RFC 8639, DOI 10.17487/RFC8639, September 2019,
<https://www.rfc-editor.org/info/rfc8639>.
[RFC8641] Clemm, A. and E. Voit, "Subscription to YANG Notifications
for Datastore Updates", RFC 8641, DOI 10.17487/RFC8641,
September 2019, <https://www.rfc-editor.org/info/rfc8641>.
17.2. Informative References
[I-D.ietf-i2nsf-applicability]
Jeong, J., Hyun, S., Ahn, T., Hares, S., and D. Lopez,
"Applicability of Interfaces to Network Security Functions
to Network-Based Security Services", draft-ietf-i2nsf-
applicability-18 (work in progress), September 2019.
[I-D.ietf-i2nsf-capability]
Xia, L., Strassner, J., Basile, C., and D. Lopez,
"Information Model of NSFs Capabilities", draft-ietf-
i2nsf-capability-05 (work in progress), April 2019.
Jeong, et al. Expires October 2, 2021 [Page 83]
Internet-Draft NSF Monitoring Interface YANG Data Model March 2021
[I-D.ietf-i2nsf-consumer-facing-interface-dm]
Jeong, J., Chung, C., Ahn, T., Kumar, R., and S. Hares,
"I2NSF Consumer-Facing Interface YANG Data Model", draft-
ietf-i2nsf-consumer-facing-interface-dm-12 (work in
progress), September 2020.
[I-D.ietf-i2nsf-nsf-facing-interface-dm]
Kim, J., Jeong, J., J., J., PARK, P., Hares, S., and Q.
Lin, "I2NSF Network Security Function-Facing Interface
YANG Data Model", draft-ietf-i2nsf-nsf-facing-interface-
dm-10 (work in progress), August 2020.
[I-D.ietf-i2nsf-registration-interface-dm]
Hyun, S., Jeong, J., Roh, T., Wi, S., J., J., and P. PARK,
"I2NSF Registration Interface YANG Data Model", draft-
ietf-i2nsf-registration-interface-dm-09 (work in
progress), August 2020.
[I-D.ietf-netconf-subscribed-notifications]
Voit, E., Clemm, A., Prieto, A., Nilsen-Nygaard, E., and
A. Tripathy, "Subscription to YANG Event Notifications",
draft-ietf-netconf-subscribed-notifications-26 (work in
progress), May 2019.
[I-D.ietf-netconf-yang-push]
Clemm, A. and E. Voit, "Subscription to YANG Datastores",
draft-ietf-netconf-yang-push-25 (work in progress), May
2019.
[I-D.yang-i2nsf-security-policy-translation]
Jeong, J., Yang, J., Chung, C., and J. Kim, "Security
Policy Translation in Interface to Network Security
Functions", draft-yang-i2nsf-security-policy-
translation-07 (work in progress), November 2020.
Jeong, et al. Expires October 2, 2021 [Page 84]
Internet-Draft NSF Monitoring Interface YANG Data Model March 2021
Appendix A. Changes from draft-ietf-i2nsf-nsf-monitoring-data-model-06
The following changes are made from draft-ietf-i2nsf-nsf-monitoring-
data-model-06:
o This version is revised according to the comments of Andy Bierman
who is a YANG doctor.
o This version updates its title as "I2NSF NSF Monitoring Interface
YANG Data Model". It clarifies the NSF Monitoring Interface to
deliver NSF monitoring data to an NSF data collector (e.g.,
Security Controller and NSF data analyzer).
o This version adds an attack destination IP address for DDoS-attack
event to provide I2NSF Analyser with more information about the
destination of DDoS-attack packets.
o This version supports a notification for monitoring traffic flows.
Authors' Addresses
Jaehoon (Paul) Jeong (editor)
Department of Computer Science and Engineering
Sungkyunkwan University
2066 Seobu-Ro, Jangan-Gu
Suwon, Gyeonggi-Do 16419
Republic of Korea
Phone: +82 31 299 4957
Fax: +82 31 290 7996
EMail: pauljeong@skku.edu
URI: http://iotlab.skku.edu/people-jaehoon-jeong.php
Patrick Lingga
Department of Electronic, Electrical and Computer Engineering
Sungkyunkwan University
2066 Seobu-Ro, Jangan-Gu
Suwon, Gyeonggi-Do 16419
Republic of Korea
Phone: +82 31 299 4957
EMail: patricklink@skku.edu
Jeong, et al. Expires October 2, 2021 [Page 85]
Internet-Draft NSF Monitoring Interface YANG Data Model March 2021
Susan Hares
Huawei
7453 Hickory Hill
Saline, MI 48176
USA
Phone: +1-734-604-0332
EMail: shares@ndzh.com
Liang (Frank) Xia
Huawei
101 Software Avenue, Yuhuatai District
Nanjing, Jiangsu
China
EMail: Frank.xialiang@huawei.com
Henk Birkholz
Fraunhofer Institute for Secure Information Technology
Rheinstrasse 75
Darmstadt 64295
Germany
EMail: henk.birkholz@sit.fraunhofer.de
Jeong, et al. Expires October 2, 2021 [Page 86]