Framework for Interface to Network Security Functions

Document Type Replaced Internet-Draft (individual)
Last updated 2016-03-16
Replaced by draft-ietf-i2nsf-framework
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-i2nsf-framework
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document defines the framework for guiding the functionality provided by I2NSF. Network security functions (NSFs) are packet- processing engines that inspect and optionally modify packets traversing networks, either directly or in the context of sessions in which the packet is associated. This document provides an overview of how NSFs are used, and describes how NSF software interfaces are controlled and monitored using rulesets. The design of these software interfaces must prevent the creation of implied constraints on NSF capability and functionality.


Edward Lopez (
Diego Lopez (
Linda Dunbar (
John Strassner (
Xiaojun Zhuang (
Joe Parrott (
Ramki Krishnan (
Seetharama Durbha (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)