draft-ietf-i2nsf-nsf-facing-interface-dm-14.txt   draft-ietf-i2nsf-nsf-facing-interface-dm-15.txt 
I2NSF Working Group J. Kim, Ed. I2NSF Working Group J. Kim, Ed.
Internet-Draft J. Jeong, Ed. Internet-Draft J. Jeong, Ed.
Intended status: Standards Track Sungkyunkwan University Intended status: Standards Track Sungkyunkwan University
Expires: 19 March 2022 J. Park Expires: 7 April 2022 J. Park
ETRI ETRI
S. Hares S. Hares
Q. Lin Q. Lin
Huawei Huawei
15 September 2021 4 October 2021
I2NSF Network Security Function-Facing Interface YANG Data Model I2NSF Network Security Function-Facing Interface YANG Data Model
draft-ietf-i2nsf-nsf-facing-interface-dm-14 draft-ietf-i2nsf-nsf-facing-interface-dm-15
Abstract Abstract
This document defines a YANG data model for configuring security This document defines a YANG data model for configuring security
policy rules on Network Security Functions (NSF) in the Interface to policy rules on Network Security Functions (NSF) in the Interface to
Network Security Functions (I2NSF) framework. The YANG data model in Network Security Functions (I2NSF) framework. The YANG data model in
this document corresponds to the information model for NSF-Facing this document corresponds to the information model for NSF-Facing
Interface in the I2NSF framework. Interface in the I2NSF framework.
Status of This Memo Status of This Memo
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 19 March 2022. This Internet-Draft will expire on 7 April 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 19 skipping to change at page 2, line 19
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. YANG Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 3 3. YANG Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 3
3.1. General I2NSF Security Policy Rule . . . . . . . . . . . 3 3.1. General I2NSF Security Policy Rule . . . . . . . . . . . 3
3.2. Event Clause . . . . . . . . . . . . . . . . . . . . . . 5 3.2. Event Clause . . . . . . . . . . . . . . . . . . . . . . 5
3.3. Condition Clause . . . . . . . . . . . . . . . . . . . . 6 3.3. Condition Clause . . . . . . . . . . . . . . . . . . . . 6
3.4. Action Clause . . . . . . . . . . . . . . . . . . . . . . 11 3.4. Action Clause . . . . . . . . . . . . . . . . . . . . . . 11
4. YANG Data Model of NSF-Facing Interface . . . . . . . . . . . 12 4. YANG Data Model of NSF-Facing Interface . . . . . . . . . . . 12
4.1. YANG Module of NSF-Facing Interface . . . . . . . . . . . 12 4.1. YANG Module of NSF-Facing Interface . . . . . . . . . . . 13
5. XML Configuration Examples of Low-Level Security Policy 5. XML Configuration Examples of Low-Level Security Policy
Rules . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Rules . . . . . . . . . . . . . . . . . . . . . . . . . . 65
5.1. Security Requirement 1: Block Social Networking Service 5.1. Security Requirement 1: Block Social Networking Service
(SNS) Access during Business Hours . . . . . . . . . . . 64 (SNS) Access during Business Hours . . . . . . . . . . . 65
5.2. Security Requirement 2: Block Malicious VoIP/VoLTE Packets 5.2. Security Requirement 2: Block Malicious VoIP/VoLTE Packets
Coming to a Company . . . . . . . . . . . . . . . . . . . 68 Coming to a Company . . . . . . . . . . . . . . . . . . . 69
5.3. Security Requirement 3: Mitigate HTTP and HTTPS Flood 5.3. Security Requirement 3: Mitigate HTTP and HTTPS Flood
Attacks on a Company Web Server . . . . . . . . . . . . . 71 Attacks on a Company Web Server . . . . . . . . . . . . . 72
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 74 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 75
7. Security Considerations . . . . . . . . . . . . . . . . . . . 74 7. Security Considerations . . . . . . . . . . . . . . . . . . . 75
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 75 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 76
9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 75 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 76
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 76 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 77
10.1. Normative References . . . . . . . . . . . . . . . . . . 76 10.1. Normative References . . . . . . . . . . . . . . . . . . 77
10.2. Informative References . . . . . . . . . . . . . . . . . 79 10.2. Informative References . . . . . . . . . . . . . . . . . 80
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 80 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 81
1. Introduction 1. Introduction
This document defines a YANG [RFC6020][RFC7950] data model for This document defines a YANG [RFC6020][RFC7950] data model for
security policy rule configuration of Network Security Functions security policy rule configuration of Network Security Functions
(NSF). The YANG data model in this document is based on the (NSF). The YANG data model in this document is based on the
information and data model in [I-D.ietf-i2nsf-capability-data-model] information and data model in [I-D.ietf-i2nsf-capability-data-model]
for the NSF-Facing Interface in the Interface to Network Security for the NSF-Facing Interface in the Interface to Network Security
Functions (I2NSF) architecture [RFC8329]. The YANG data model in Functions (I2NSF) architecture [RFC8329]. The YANG data model in
this document focuses on security policy configuration for the NSFs this document focuses on security policy configuration for the NSFs
skipping to change at page 12, line 48 skipping to change at page 13, line 12
firewall, web filter, VoIP/VoLTE security service, and DDoS-attack firewall, web filter, VoIP/VoLTE security service, and DDoS-attack
mitigation in Section 5. mitigation in Section 5.
4.1. YANG Module of NSF-Facing Interface 4.1. YANG Module of NSF-Facing Interface
This section describes a YANG module of NSF-Facing Interface. This This section describes a YANG module of NSF-Facing Interface. This
document provides identities in the data model for the configuration document provides identities in the data model for the configuration
of an NSF. The identity has the same concept with the corresponding of an NSF. The identity has the same concept with the corresponding
identity in [I-D.ietf-i2nsf-consumer-facing-interface-dm] This YANG identity in [I-D.ietf-i2nsf-consumer-facing-interface-dm] This YANG
module imports from [RFC6991]. It makes references to [RFC0768] module imports from [RFC6991]. It makes references to [RFC0768]
[RFC0791] [RFC0792] [RFC0793] [RFC2474] [RFC3261] [RFC4340] [RFC4443] [RFC0791] [RFC0792] [RFC2474] [RFC3261] [RFC4340] [RFC4443] [RFC4960]
[RFC4960] [RFC5595] [RFC6335] [RFC8200] [RFC8329] [RFC8335] [RFC8344] [RFC5595] [RFC6335] [RFC8200] [RFC8329] [RFC8335] [RFC8344]
[IEEE-802.3] [ISO-Country-Codes] [IANA-Protocol-Numbers] [IEEE-802.3] [ISO-Country-Codes] [IANA-Protocol-Numbers]
[IANA-ICMP-Parameters] [I-D.ietf-i2nsf-capability-data-model] [IANA-ICMP-Parameters] [I-D.ietf-tcpm-rfc793bis]
[I-D.ietf-i2nsf-capability-data-model]
[I-D.ietf-i2nsf-nsf-monitoring-data-model]. [I-D.ietf-i2nsf-nsf-monitoring-data-model].
<CODE BEGINS> file "ietf-i2nsf-policy-rule-for-nsf@2021-09-15.yang" <CODE BEGINS> file "ietf-i2nsf-policy-rule-for-nsf@2021-10-04.yang"
module ietf-i2nsf-policy-rule-for-nsf { module ietf-i2nsf-policy-rule-for-nsf {
yang-version 1.1; yang-version 1.1;
namespace namespace
"urn:ietf:params:xml:ns:yang:ietf-i2nsf-policy-rule-for-nsf"; "urn:ietf:params:xml:ns:yang:ietf-i2nsf-policy-rule-for-nsf";
prefix prefix
nsfintf; nsfintf;
import ietf-inet-types{ import ietf-inet-types{
prefix inet; prefix inet;
reference reference
skipping to change at page 14, line 14 skipping to change at page 14, line 28
without modification, is permitted pursuant to, and subject to without modification, is permitted pursuant to, and subject to
the license terms contained in, the Simplified BSD License set the license terms contained in, the Simplified BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(https://trustee.ietf.org/license-info). (https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices."; for full legal notices.";
revision "2021-09-15"{ revision "2021-10-04"{
description "The latest revision."; description "The latest revision.";
reference reference
"RFC XXXX: I2NSF Network Security Function-Facing Interface "RFC XXXX: I2NSF Network Security Function-Facing Interface
YANG Data Model"; YANG Data Model";
} }
/* /*
* Identities * Identities
*/ */
skipping to change at page 19, line 23 skipping to change at page 19, line 38
"Identity for 'any IP options "Identity for 'any IP options
included in IPv4 packet"; included in IPv4 packet";
reference reference
"RFC 791: Internet Protocol - Options"; "RFC 791: Internet Protocol - Options";
} }
identity tcp-flags { identity tcp-flags {
description description
"Base identity for TCP flags"; "Base identity for TCP flags";
reference reference
"RFC 793: Transmission Control Protocol - Flags"; "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol
(TCP) Specification - TCP Header Flags
RFC 3168: The Addition of Explicit Congestion Notification
(ECN) to IP - ECN-Echo (ECE) Flag and Congestion Window
Reduced (CWR) Flag
draft-ietf-tcpm-accurate-ecn-15: More Accurate ECN Feedback
in TCP - ECN-Echo (ECE) Flag and Congestion Window Reduced
(CWR) Flag";
} }
identity cwr { identity cwr {
base tcp-flags; base tcp-flags;
description description
"Identity for 'Congestion Window Reduced' TCP flag"; "Identity for 'Congestion Window Reduced' TCP flag";
reference reference
"RFC 793: Transmission Control Protocol - Flags"; "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol
(TCP) Specification - TCP Header Flags
RFC 3168: The Addition of Explicit Congestion Notification
(ECN) to IP - ECN-Echo (ECE) Flag and Congestion Window
Reduced (CWR) Flag
draft-ietf-tcpm-accurate-ecn-15: More Accurate ECN Feedback
in TCP - ECN-Echo (ECE) Flag and Congestion Window Reduced
(CWR) Flag";
} }
identity ecn { identity ece {
base tcp-flags; base tcp-flags;
description description
"Identity for 'Explicit Congestion Notification' "Identity for 'Explicit Congestion Notification-Echo'
TCP flag"; TCP flag";
reference reference
"RFC 793: Transmission Control Protocol - Flags"; "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol
(TCP) Specification - TCP Header Flags
RFC 3168: The Addition of Explicit Congestion Notification
(ECN) to IP - ECN-Echo (ECE) Flag and Congestion Window
Reduced (CWR) Flag
draft-ietf-tcpm-accurate-ecn-15: More Accurate ECN Feedback
in TCP - ECN-Echo (ECE) Flag and Congestion Window Reduced
(CWR) Flag";
} }
identity urg { identity urg {
base tcp-flags; base tcp-flags;
description description
"Identity for 'Urgent' TCP flag"; "Identity for 'Urgent' TCP flag";
reference reference
"RFC 793: Transmission Control Protocol - Flags"; "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol
(TCP) Specification - Flags";
} }
identity ack { identity ack {
base tcp-flags; base tcp-flags;
description description
"Identity for 'acknowledgement' TCP flag"; "Identity for 'acknowledgement' TCP flag";
reference reference
"RFC 793: Transmission Control Protocol - Flags"; "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol
(TCP) Specification - Flags";
} }
identity psh { identity psh {
base tcp-flags; base tcp-flags;
description description
"Identity for 'Push' TCP flag"; "Identity for 'Push' TCP flag";
reference reference
"RFC 793: Transmission Control Protocol - Flags"; "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol
(TCP) Specification - Flags";
} }
identity rst { identity rst {
base tcp-flags; base tcp-flags;
description description
"Identity for 'Reset' TCP flag"; "Identity for 'Reset' TCP flag";
reference reference
"RFC 793: Transmission Control Protocol - Flags"; "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol
(TCP) Specification - Flags";
} }
identity syn { identity syn {
base tcp-flags; base tcp-flags;
description description
"Identity for 'Synchronize' TCP flag"; "Identity for 'Synchronize' TCP flag";
reference reference
"RFC 793: Transmission Control Protocol - Flags"; "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol
(TCP) Specification - Flags";
} }
identity fin { identity fin {
base tcp-flags; base tcp-flags;
description description
"Identity for 'Finish' TCP flag"; "Identity for 'Finish' TCP flag";
reference reference
"RFC 793: Transmission Control Protocol - Flags"; "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol
(TCP) Specification - Flags";
} }
identity target-device { identity target-device {
description description
"Base identity for target devices"; "Base identity for target devices";
reference reference
"draft-ietf-i2nsf-capability-data-model-17: "draft-ietf-i2nsf-capability-data-model-17:
I2NSF Capability YANG Data Model"; I2NSF Capability YANG Data Model";
} }
skipping to change at page 32, line 15 skipping to change at page 33, line 8
"The end port number MUST be equal to or greater than the "The end port number MUST be equal to or greater than the
start port number."; start port number.";
} }
description description
"Ending port number for a range match."; "Ending port number for a range match.";
} }
description description
"Range match for the port numbers. If only one value is needed, "Range match for the port numbers. If only one value is needed,
then set both start and end to the same value."; then set both start and end to the same value.";
reference reference
"RFC 793: Transmission Control Protocol - Port number "draft-ietf-tcpm-rfc793bis-25: Transmission Control Protocol
(TCP) Specification - Port Number
RFC 768: User Datagram Protocol - Port Number RFC 768: User Datagram Protocol - Port Number
RFC 4960: Stream Control Transmission Protocol - Port number RFC 4960: Stream Control Transmission Protocol - Port Number
RFC 4340: Datagram Congestion Control Protocol (DCCP) RFC 4340: Datagram Congestion Control Protocol (DCCP)
- Port number"; - Port Number";
} }
/* /*
* Data nodes * Data nodes
*/ */
list i2nsf-security-policy { list i2nsf-security-policy {
key "system-policy-name"; key "system-policy-name";
skipping to change at page 47, line 32 skipping to change at page 48, line 28
} }
} }
container tcp { container tcp {
description description
"The purpose of this container is to represent "The purpose of this container is to represent
TCP packet header information to determine TCP packet header information to determine
if the set of policy actions in this ECA policy if the set of policy actions in this ECA policy
rule should be executed or not."; rule should be executed or not.";
reference reference
"RFC 793: Transmission Control Protocol"; "draft-ietf-tcpm-rfc793bis-25: Transmission Control
Protocol (TCP) Specification";
leaf description { leaf description {
type string; type string;
description description
"This is description for tcp condition."; "This is description for tcp condition.";
} }
list source-port-number { list source-port-number {
key "start end"; key "start end";
uses port-range; uses port-range;
description description
"The security policy rule according to "The security policy rule according to
tcp source port number."; tcp source port number.";
reference reference
"RFC 793: Transmission Control Protocol "draft-ietf-tcpm-rfc793bis-25: Transmission Control
- Port number"; Protocol (TCP) Specification - Port Number";
} }
list destination-port-number { list destination-port-number {
key "start end"; key "start end";
uses port-range; uses port-range;
description description
"The security policy rule according to "The security policy rule according to
tcp destination port number."; tcp destination port number.";
reference reference
"RFC 793: Transmission Control Protocol "draft-ietf-tcpm-rfc793bis-25: Transmission Control
- Port number"; Protocol (TCP) Specification - Port Number";
} }
leaf-list flags { leaf-list flags {
type identityref { type identityref {
base tcp-flags; base tcp-flags;
} }
description description
"The security policy rule according to "The security policy rule according to
tcp flags."; tcp flags.";
reference reference
"RFC 793: Transmission Control Protocol "draft-ietf-tcpm-rfc793bis-25: Transmission Control
- Flags"; Protocol (TCP) Specification - Flags";
} }
} }
container udp { container udp {
description description
"The purpose of this container is to represent "The purpose of this container is to represent
UDP packet header information to determine UDP packet header information to determine
if the set of policy actions in this ECA policy if the set of policy actions in this ECA policy
rule should be executed or not."; rule should be executed or not.";
reference reference
skipping to change at page 76, line 46 skipping to change at page 77, line 46
<https://www.rfc-editor.org/info/rfc768>. <https://www.rfc-editor.org/info/rfc768>.
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791,
DOI 10.17487/RFC0791, September 1981, DOI 10.17487/RFC0791, September 1981,
<https://www.rfc-editor.org/info/rfc791>. <https://www.rfc-editor.org/info/rfc791>.
[RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, DOI 10.17487/RFC0792, September 1981, RFC 792, DOI 10.17487/RFC0792, September 1981,
<https://www.rfc-editor.org/info/rfc792>. <https://www.rfc-editor.org/info/rfc792>.
[RFC0793] Postel, J., "Transmission Control Protocol", STD 7,
RFC 793, DOI 10.17487/RFC0793, September 1981,
<https://www.rfc-editor.org/info/rfc793>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black, [RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black,
"Definition of the Differentiated Services Field (DS "Definition of the Differentiated Services Field (DS
Field) in the IPv4 and IPv6 Headers", RFC 2474, Field) in the IPv4 and IPv6 Headers", RFC 2474,
DOI 10.17487/RFC2474, December 1998, DOI 10.17487/RFC2474, December 1998,
<https://www.rfc-editor.org/info/rfc2474>. <https://www.rfc-editor.org/info/rfc2474>.
skipping to change at page 79, line 28 skipping to change at page 80, line 19
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>. <https://www.rfc-editor.org/info/rfc8446>.
[RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K., [RFC8525] Bierman, A., Bjorklund, M., Schoenwaelder, J., Watsen, K.,
and R. Wilton, "YANG Library", RFC 8525, and R. Wilton, "YANG Library", RFC 8525,
DOI 10.17487/RFC8525, March 2019, DOI 10.17487/RFC8525, March 2019,
<https://www.rfc-editor.org/info/rfc8525>. <https://www.rfc-editor.org/info/rfc8525>.
[I-D.ietf-tcpm-rfc793bis]
Eddy, W. M., "Transmission Control Protocol (TCP)
Specification", Work in Progress, Internet-Draft, draft-
ietf-tcpm-rfc793bis-25, 7 September 2021,
<https://www.ietf.org/archive/id/draft-ietf-tcpm-
rfc793bis-25.txt>.
[I-D.ietf-i2nsf-capability-data-model] [I-D.ietf-i2nsf-capability-data-model]
Hares, S., Jeong, J. (., Kim, J. (., Moskowitz, R., and Q. Hares, S., Jeong, J. (., Kim, J. (., Moskowitz, R., and Q.
Lin, "I2NSF Capability YANG Data Model", Work in Progress, Lin, "I2NSF Capability YANG Data Model", Work in Progress,
Internet-Draft, draft-ietf-i2nsf-capability-data-model-17, Internet-Draft, draft-ietf-i2nsf-capability-data-model-19,
14 August 2021, <https://www.ietf.org/archive/id/draft- 28 September 2021, <https://www.ietf.org/archive/id/draft-
ietf-i2nsf-capability-data-model-17.txt>. ietf-i2nsf-capability-data-model-19.txt>.
[I-D.ietf-i2nsf-nsf-monitoring-data-model] [I-D.ietf-i2nsf-nsf-monitoring-data-model]
Jeong, J. (., Lingga, P., Hares, S., Xia, L. (., and H. Jeong, J. (., Lingga, P., Hares, S., Xia, L. (., and H.
Birkholz, "I2NSF NSF Monitoring Interface YANG Data Birkholz, "I2NSF NSF Monitoring Interface YANG Data
Model", Work in Progress, Internet-Draft, draft-ietf- Model", Work in Progress, Internet-Draft, draft-ietf-
i2nsf-nsf-monitoring-data-model-09, 24 August 2021, i2nsf-nsf-monitoring-data-model-10, 15 September 2021,
<https://www.ietf.org/archive/id/draft-ietf-i2nsf-nsf- <https://www.ietf.org/archive/id/draft-ietf-i2nsf-nsf-
monitoring-data-model-09.txt>. monitoring-data-model-10.txt>.
10.2. Informative References 10.2. Informative References
[RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R. [RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R.
Kumar, "Framework for Interface to Network Security Kumar, "Framework for Interface to Network Security
Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018, Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018,
<https://www.rfc-editor.org/info/rfc8329>. <https://www.rfc-editor.org/info/rfc8329>.
[I-D.ietf-i2nsf-consumer-facing-interface-dm] [I-D.ietf-i2nsf-consumer-facing-interface-dm]
Jeong, J. (., Chung, C., Ahn, T., Kumar, R., and S. Hares, Jeong, J. (., Chung, C., Ahn, T., Kumar, R., and S. Hares,
"I2NSF Consumer-Facing Interface YANG Data Model", Work in "I2NSF Consumer-Facing Interface YANG Data Model", Work in
Progress, Internet-Draft, draft-ietf-i2nsf-consumer- Progress, Internet-Draft, draft-ietf-i2nsf-consumer-
facing-interface-dm-14, 21 August 2021, facing-interface-dm-15, 15 September 2021,
<https://www.ietf.org/archive/id/draft-ietf-i2nsf- <https://www.ietf.org/archive/id/draft-ietf-i2nsf-
consumer-facing-interface-dm-14.txt>. consumer-facing-interface-dm-15.txt>.
[ISO-Country-Codes] [ISO-Country-Codes]
"Codes for the representation of names of countries and "Codes for the representation of names of countries and
their subdivisions", ISO 3166, September 2018, their subdivisions", ISO 3166, September 2018,
<https://www.iso.org/iso-3166-country-codes.html>. <https://www.iso.org/iso-3166-country-codes.html>.
[IANA-Protocol-Numbers] [IANA-Protocol-Numbers]
Internet Assigned Numbers Authority (IANA), "Assigned Internet Assigned Numbers Authority (IANA), "Assigned
Internet Protocol Numbers", September 2020, Internet Protocol Numbers", September 2020,
<https://www.iana.org/assignments/protocol-numbers/ <https://www.iana.org/assignments/protocol-numbers/
 End of changes. 39 change blocks. 
54 lines changed or deleted 88 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/