draft-ietf-i2nsf-nsf-monitoring-data-model-02.txt   draft-ietf-i2nsf-nsf-monitoring-data-model-03.txt 
Network Working Group J. Jeong Network Working Group J. Jeong
Internet-Draft C. Chung Internet-Draft C. Chung
Intended status: Standards Track Sungkyunkwan University Intended status: Standards Track Sungkyunkwan University
Expires: May 7, 2020 S. Hares Expires: November 8, 2020 S. Hares
L. Xia L. Xia
Huawei Huawei
H. Birkholz H. Birkholz
Fraunhofer SIT Fraunhofer SIT
November 4, 2019 May 7, 2020
I2NSF NSF Monitoring YANG Data Model I2NSF NSF Monitoring YANG Data Model
draft-ietf-i2nsf-nsf-monitoring-data-model-02 draft-ietf-i2nsf-nsf-monitoring-data-model-03
Abstract Abstract
This document proposes an information model and the corresponding This document proposes an information model and the corresponding
YANG data model for monitoring Network Security Functions (NSFs) in YANG data model for monitoring Network Security Functions (NSFs) in
the Interface to Network Security Functions (I2NSF) framework. If the Interface to Network Security Functions (I2NSF) framework. If
the monitoring of NSFs is performed in a comprehensive way, it is the monitoring of NSFs is performed in a comprehensive way, it is
possible to detect the indication of malicious activity, anomalous possible to detect the indication of malicious activity, anomalous
behavior or the potential sign of denial of service attacks in a behavior or the potential sign of denial of service attacks in a
timely manner. This monitoring functionality is based on the timely manner. This monitoring functionality is based on the
skipping to change at page 2, line 12 skipping to change at page 2, line 12
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 7, 2020. This Internet-Draft will expire on November 8, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 3, line 43 skipping to change at page 3, line 43
9. Tree Structure . . . . . . . . . . . . . . . . . . . . . . . 28 9. Tree Structure . . . . . . . . . . . . . . . . . . . . . . . 28
10. YANG Data Model . . . . . . . . . . . . . . . . . . . . . . . 37 10. YANG Data Model . . . . . . . . . . . . . . . . . . . . . . . 37
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 72 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 72
12. Security Considerations . . . . . . . . . . . . . . . . . . . 72 12. Security Considerations . . . . . . . . . . . . . . . . . . . 72
13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 73 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 73
14. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 73 14. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 73
15. References . . . . . . . . . . . . . . . . . . . . . . . . . 73 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 73
15.1. Normative References . . . . . . . . . . . . . . . . . . 73 15.1. Normative References . . . . . . . . . . . . . . . . . . 73
15.2. Informative References . . . . . . . . . . . . . . . . . 75 15.2. Informative References . . . . . . . . . . . . . . . . . 75
Appendix A. Changes from draft-ietf-i2nsf-nsf-monitoring-data- Appendix A. Changes from draft-ietf-i2nsf-nsf-monitoring-data-
model-01 . . . . . . . . . . . . . . . . . . . . . . 77 model-02 . . . . . . . . . . . . . . . . . . . . . . 77
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 77
1. Introduction 1. Introduction
According to [I-D.ietf-i2nsf-terminology], the interface provided by According to [I-D.ietf-i2nsf-terminology], the interface provided by
a Network Security Function (NSF) (e.g., Firewall, IPS, Anti-DDoS, or a Network Security Function (NSF) (e.g., Firewall, IPS, Anti-DDoS, or
Anti-Virus function) to administrative entities (e.g., Security Anti-Virus function) to administrative entities (e.g., Security
Controller) to enable remote management (i.e., configuring and Controller) to enable remote management (i.e., configuring and
monitoring) is referred to as an I2NSF NSF-Facing Interface monitoring) is referred to as an I2NSF NSF-Facing Interface
skipping to change at page 19, line 36 skipping to change at page 19, line 36
Access logs record administrators' login, logout, and operations on a Access logs record administrators' login, logout, and operations on a
device. By analyzing them, security vulnerabilities can be device. By analyzing them, security vulnerabilities can be
identified. The following information should be included in an identified. The following information should be included in an
operation report: operation report:
o Administrator: Administrator that operates on the device o Administrator: Administrator that operates on the device
o login_ip_address: IP address used by an administrator to log in o login_ip_address: IP address used by an administrator to log in
o login_mode: Specifies the administrator logs in mode e.g. root, o login_mode: Specifies the administrator logs in mode e.g. root,
user user
o operation_type: The operation type that the administrator execute, o operation_type: The operation type that the administrator execute,
e.g., login, logout, and configuration. e.g., login, logout, and configuration.
o result: Command execution result o result: Command execution result
o content: Operation performed by an administrator after login. o content: Operation performed by an administrator after login.
7.4.2. Resource Utilization Log 7.4.2. Resource Utilization Log
skipping to change at page 37, line 10 skipping to change at page 37, line 10
+--ro module-name? string +--ro module-name? string
+--ro severity? severity +--ro severity? severity
Figure 1: Information Model for NSF Monitoring Figure 1: Information Model for NSF Monitoring
10. YANG Data Model 10. YANG Data Model
This section introduces a YANG data model for the information model This section introduces a YANG data model for the information model
of the NSF monitoring information model. of the NSF monitoring information model.
<CODE BEGINS> file "ietf-i2nsf-monitor@2019-11-04.yang" <CODE BEGINS> file "ietf-i2nsf-monitor@2020-05-07.yang"
module ietf-i2nsf-monitor { module ietf-i2nsf-monitor {
yang-version 1.1; yang-version 1.1;
namespace namespace
"urn:ietf:params:xml:ns:yang:ietf-i2nsf-monitor"; "urn:ietf:params:xml:ns:yang:ietf-i2nsf-monitor";
prefix prefix
iim; iim;
import ietf-inet-types{ import ietf-inet-types{
prefix inet; prefix inet;
reference reference
"Section 4 of RFC 6991"; "Section 4 of RFC 6991";
skipping to change at page 38, line 11 skipping to change at page 38, line 11
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 6087; see This version of this YANG module is part of RFC 6087; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision "2019-11-04" { revision "2020-05-07" {
description "The third revision"; description "The third revision";
reference reference
"RFC XXXX: I2NSF NSF Monitoring YANG Data Model"; "RFC XXXX: I2NSF NSF Monitoring YANG Data Model";
} }
typedef severity { typedef severity {
type enumeration { type enumeration {
enum high { enum high {
description description
"high-level"; "high-level";
skipping to change at page 75, line 45 skipping to change at page 75, line 45
<https://www.rfc-editor.org/info/rfc8446>. <https://www.rfc-editor.org/info/rfc8446>.
15.2. Informative References 15.2. Informative References
[I-D.ietf-i2nsf-capability] [I-D.ietf-i2nsf-capability]
Xia, L., Strassner, J., Basile, C., and D. Lopez, Xia, L., Strassner, J., Basile, C., and D. Lopez,
"Information Model of NSFs Capabilities", draft-ietf- "Information Model of NSFs Capabilities", draft-ietf-
i2nsf-capability-05 (work in progress), April 2019. i2nsf-capability-05 (work in progress), April 2019.
[I-D.ietf-i2nsf-consumer-facing-interface-dm] [I-D.ietf-i2nsf-consumer-facing-interface-dm]
Jeong, J., Kim, E., Ahn, T., Kumar, R., and S. Hares, Jeong, J., Chung, C., Ahn, T., Kumar, R., and S. Hares,
"I2NSF Consumer-Facing Interface YANG Data Model", draft- "I2NSF Consumer-Facing Interface YANG Data Model", draft-
ietf-i2nsf-consumer-facing-interface-dm-06 (work in ietf-i2nsf-consumer-facing-interface-dm-08 (work in
progress), July 2019. progress), March 2020.
[I-D.ietf-i2nsf-nsf-facing-interface-dm] [I-D.ietf-i2nsf-nsf-facing-interface-dm]
Kim, J., Jeong, J., J., J., PARK, P., Hares, S., and Q. Kim, J., Jeong, J., J., J., PARK, P., Hares, S., and Q.
Lin, "I2NSF Network Security Function-Facing Interface Lin, "I2NSF Network Security Function-Facing Interface
YANG Data Model", draft-ietf-i2nsf-nsf-facing-interface- YANG Data Model", draft-ietf-i2nsf-nsf-facing-interface-
dm-07 (work in progress), July 2019. dm-08 (work in progress), November 2019.
[I-D.ietf-i2nsf-registration-interface-dm] [I-D.ietf-i2nsf-registration-interface-dm]
Hyun, S., Jeong, J., Roh, T., Wi, S., J., J., and P. PARK, Hyun, S., Jeong, J., Roh, T., Wi, S., J., J., and P. PARK,
"I2NSF Registration Interface YANG Data Model", draft- "I2NSF Registration Interface YANG Data Model", draft-
ietf-i2nsf-registration-interface-dm-05 (work in ietf-i2nsf-registration-interface-dm-08 (work in
progress), July 2019. progress), March 2020.
[I-D.ietf-i2nsf-terminology] [I-D.ietf-i2nsf-terminology]
Hares, S., Strassner, J., Lopez, D., Xia, L., and H. Hares, S., Strassner, J., Lopez, D., Xia, L., and H.
Birkholz, "Interface to Network Security Functions (I2NSF) Birkholz, "Interface to Network Security Functions (I2NSF)
Terminology", draft-ietf-i2nsf-terminology-08 (work in Terminology", draft-ietf-i2nsf-terminology-08 (work in
progress), July 2019. progress), July 2019.
[I-D.yang-i2nsf-nfv-architecture] [I-D.yang-i2nsf-nfv-architecture]
Yang, H., Kim, Y., Jeong, J., and J. Kim, "I2NSF on the Yang, H., Kim, Y., Jeong, J., and J. Kim, "I2NSF on the
NFV Reference Architecture", draft-yang-i2nsf-nfv- NFV Reference Architecture", draft-yang-i2nsf-nfv-
architecture-05 (work in progress), July 2019. architecture-05 (work in progress), July 2019.
[I-D.yang-i2nsf-security-policy-translation] [I-D.yang-i2nsf-security-policy-translation]
Jeong, J., Yang, J., Chung, C., and J. Kim, "Security Jeong, J., Yang, J., Chung, C., and J. Kim, "Security
Policy Translation in Interface to Network Security Policy Translation in Interface to Network Security
Functions", draft-yang-i2nsf-security-policy- Functions", draft-yang-i2nsf-security-policy-
translation-04 (work in progress), July 2019. translation-05 (work in progress), November 2019.
[RFC3954] Claise, B., Ed., "Cisco Systems NetFlow Services Export [RFC3954] Claise, B., Ed., "Cisco Systems NetFlow Services Export
Version 9", RFC 3954, DOI 10.17487/RFC3954, October 2004, Version 9", RFC 3954, DOI 10.17487/RFC3954, October 2004,
<https://www.rfc-editor.org/info/rfc3954>. <https://www.rfc-editor.org/info/rfc3954>.
[RFC6087] Bierman, A., "Guidelines for Authors and Reviewers of YANG [RFC6087] Bierman, A., "Guidelines for Authors and Reviewers of YANG
Data Model Documents", RFC 6087, DOI 10.17487/RFC6087, Data Model Documents", RFC 6087, DOI 10.17487/RFC6087,
January 2011, <https://www.rfc-editor.org/info/rfc6087>. January 2011, <https://www.rfc-editor.org/info/rfc6087>.
[RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R. [RFC8329] Lopez, D., Lopez, E., Dunbar, L., Strassner, J., and R.
Kumar, "Framework for Interface to Network Security Kumar, "Framework for Interface to Network Security
Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018, Functions", RFC 8329, DOI 10.17487/RFC8329, February 2018,
<https://www.rfc-editor.org/info/rfc8329>. <https://www.rfc-editor.org/info/rfc8329>.
[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams",
BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018,
<https://www.rfc-editor.org/info/rfc8340>. <https://www.rfc-editor.org/info/rfc8340>.
Appendix A. Changes from draft-ietf-i2nsf-nsf-monitoring-data-model-01 Appendix A. Changes from draft-ietf-i2nsf-nsf-monitoring-data-model-02
The following changes are made from draft-ietf-i2nsf-nsf-monitoring- The following changes are made from draft-ietf-i2nsf-nsf-monitoring-
data-model-01: data-model-02:
o Section 7 is reorganized such that the subsections for the o This version has a submission date update to maintain the active
monitored objects (i.e., event, log, and counter) of System and status of the draft.
NSF are listed up pairwisely with a pair of System and NSF except
alarm because alarm is a monitored object to only System. o This version updates the version numbers of the referenced drafts.
Authors' Addresses Authors' Addresses
Jaehoon Paul Jeong Jaehoon Paul Jeong
Department of Computer Science and Engineering Department of Computer Science and Engineering
Sungkyunkwan University Sungkyunkwan University
2066 Seobu-Ro, Jangan-Gu 2066 Seobu-Ro, Jangan-Gu
Suwon, Gyeonggi-Do 16419 Suwon, Gyeonggi-Do 16419
Republic of Korea Republic of Korea
 End of changes. 17 change blocks. 
22 lines changed or deleted 22 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/