@misc{rfc9061,
    series =    {Request for Comments},
    number =    9061,
    howpublished =  {RFC 9061},
    publisher = {RFC Editor},
    doi =       {10.17487/RFC9061},
    url =       {https://www.rfc-editor.org/info/rfc9061},
    author =    {Rafael Marin-Lopez and Gabriel Lopez-Millan and Fernando Pereniguez-Garcia},
    title =     {{A YANG Data Model for IPsec Flow Protection Based on Software-Defined Networking (SDN)}},
    pagetotal = 90,
    year =      2021,
    month =     jul,
    abstract =  {This document describes how to provide IPsec-based flow protection (integrity and confidentiality) by means of an Interface to Network Security Function (I2NSF) Controller. It considers two main well-known scenarios in IPsec: gateway-to-gateway and host-to-host. The service described in this document allows the configuration and monitoring of IPsec Security Associations (IPsec SAs) from an I2NSF Controller to one or several flow-based Network Security Functions (NSFs) that rely on IPsec to protect data traffic. This document focuses on the I2NSF NSF-Facing Interface by providing YANG data models for configuring the IPsec databases, namely Security Policy Database (SPD), Security Association Database (SAD), Peer Authorization Database (PAD), and Internet Key Exchange Version 2 (IKEv2). This allows IPsec SA establishment with minimal intervention by the network administrator. This document defines three YANG modules, but it does not define any new protocol.},
}