draft-ietf-i2nsf-nsf-monitoring-data-model-18.txt   draft-ietf-i2nsf-nsf-monitoring-data-model-19.txt 
Network Working Group J. Jeong, Ed. Network Working Group J. Jeong, Ed.
Internet-Draft P. Lingga Internet-Draft P. Lingga
Intended status: Standards Track Sungkyunkwan University Intended status: Standards Track Sungkyunkwan University
Expires: 21 October 2022 S. Hares Expires: 24 November 2022 S. Hares
L. Xia L. Xia
Huawei Huawei
H. Birkholz H. Birkholz
Fraunhofer SIT Fraunhofer SIT
19 April 2022 23 May 2022
I2NSF NSF Monitoring Interface YANG Data Model I2NSF NSF Monitoring Interface YANG Data Model
draft-ietf-i2nsf-nsf-monitoring-data-model-18 draft-ietf-i2nsf-nsf-monitoring-data-model-19
Abstract Abstract
This document proposes an information model and the corresponding This document proposes an information model and the corresponding
YANG data model of an interface for monitoring Network Security YANG data model of an interface for monitoring Network Security
Functions (NSFs) in the Interface to Network Security Functions Functions (NSFs) in the Interface to Network Security Functions
(I2NSF) framework. If the monitoring of NSFs is performed with the (I2NSF) framework. If the monitoring of NSFs is performed with the
NSF monitoring interface in a standard way, it is possible to detect NSF monitoring interface in a standard way, it is possible to detect
the indication of malicious activity, anomalous behavior, the the indication of malicious activity, anomalous behavior, the
potential sign of denial-of-service attacks, or system overload in a potential sign of denial-of-service attacks, or system overload in a
skipping to change at page 1, line 46 skipping to change at page 1, line 46
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 21 October 2022. This Internet-Draft will expire on 24 November 2022.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 3, line 24 skipping to change at page 3, line 24
10.1. I2NSF System Detection Alarm . . . . . . . . . . . . . . 86 10.1. I2NSF System Detection Alarm . . . . . . . . . . . . . . 86
10.2. I2NSF Interface Counters . . . . . . . . . . . . . . . . 88 10.2. I2NSF Interface Counters . . . . . . . . . . . . . . . . 88
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 89 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 89
12. Security Considerations . . . . . . . . . . . . . . . . . . . 90 12. Security Considerations . . . . . . . . . . . . . . . . . . . 90
13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 92 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 92
14. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 92 14. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 92
15. References . . . . . . . . . . . . . . . . . . . . . . . . . 92 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 92
15.1. Normative References . . . . . . . . . . . . . . . . . . 93 15.1. Normative References . . . . . . . . . . . . . . . . . . 93
15.2. Informative References . . . . . . . . . . . . . . . . . 97 15.2. Informative References . . . . . . . . . . . . . . . . . 97
Appendix A. Changes from Appendix A. Changes from
draft-ietf-i2nsf-nsf-monitoring-data-model-16 . . . . . . 98 draft-ietf-i2nsf-nsf-monitoring-data-model-18 . . . . . . 98
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 98 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 98
1. Introduction 1. Introduction
According to [RFC8329], the interface provided by a Network Security According to [RFC8329], the interface provided by a Network Security
Function (NSF) (e.g., Firewall, IPS, or Anti-DDoS function) to enable Function (NSF) (e.g., Firewall, IPS, or Anti-DDoS function) to enable
the collection of monitoring information is referred to as an I2NSF the collection of monitoring information is referred to as an I2NSF
Monitoring Interface. This interface enables the sharing of vital Monitoring Interface. This interface enables the sharing of vital
data from the NSFs (e.g., events, records, and counters) to an NSF data from the NSFs (e.g., events, records, and counters) to an NSF
data collector (e.g., Security Controller) through a variety of data collector (e.g., Security Controller) through a variety of
skipping to change at page 28, line 18 skipping to change at page 28, line 18
initialization of the local management subsystem, then this node initialization of the local management subsystem, then this node
contains the time the local management subsystem was re- contains the time the local management subsystem was re-
initialized. The time format used is following the rules in initialized. The time format used is following the rules in
Section 5.6 of [RFC3339]. Section 5.6 of [RFC3339].
7. YANG Tree Structure of NSF Monitoring YANG Module 7. YANG Tree Structure of NSF Monitoring YANG Module
The tree structure of the NSF monitoring YANG module is provided The tree structure of the NSF monitoring YANG module is provided
below: below:
module: ietf-i2nsf-nsf-monitoring module: ietf-i2nsf-monitoring-interface
+--ro i2nsf-counters +--ro i2nsf-counters
| +--ro vendor-name? string | +--ro vendor-name? string
| +--ro device-model? string | +--ro device-model? string
| +--ro software-version? string | +--ro software-version? string
| +--ro nsf-name union | +--ro nsf-name union
| +--ro timestamp? yang:date-and-time | +--ro timestamp? yang:date-and-time
| +--ro acquisition-method? identityref | +--ro acquisition-method? identityref
| +--ro emission-type? identityref | +--ro emission-type? identityref
| +--ro system-interface* [interface-name] | +--ro system-interface* [interface-name]
| | +--ro interface-name if:interface-ref | | +--ro interface-name if:interface-ref
skipping to change at page 28, line 52 skipping to change at page 28, line 52
| | +--ro in-traffic-peak-rate? uint64 | | +--ro in-traffic-peak-rate? uint64
| | +--ro in-traffic-average-throughput? uint64 | | +--ro in-traffic-average-throughput? uint64
| | +--ro in-traffic-peak-throughput? uint64 | | +--ro in-traffic-peak-throughput? uint64
| | +--ro out-traffic-average-rate? uint64 | | +--ro out-traffic-average-rate? uint64
| | +--ro out-traffic-peak-rate? uint64 | | +--ro out-traffic-peak-rate? uint64
| | +--ro out-traffic-average-throughput? uint64 | | +--ro out-traffic-average-throughput? uint64
| | +--ro out-traffic-peak-throughput? uint64 | | +--ro out-traffic-peak-throughput? uint64
| +--ro nsf-firewall* [policy-name] | +--ro nsf-firewall* [policy-name]
| | +--ro in-interface? if:interface-ref | | +--ro in-interface? if:interface-ref
| | +--ro out-interface? if:interface-ref | | +--ro out-interface? if:interface-ref
| | +--ro policy-name -> /nsfintf:i2nsf-security-policy/name | | +--ro policy-name -> /i2nsfnfi:i2nsf-security-policy/name
| | +--ro discontinuity-time yang:date-and-time | | +--ro discontinuity-time yang:date-and-time
| | +--ro measurement-time? uint32 | | +--ro measurement-time? uint32
| | +--ro total-traffic? yang:counter64 | | +--ro total-traffic? yang:counter64
| | +--ro in-traffic-average-rate? uint64 | | +--ro in-traffic-average-rate? uint64
| | +--ro in-traffic-peak-rate? uint64 | | +--ro in-traffic-peak-rate? uint64
| | +--ro in-traffic-average-throughput? uint64 | | +--ro in-traffic-average-throughput? uint64
| | +--ro in-traffic-peak-throughput? uint64 | | +--ro in-traffic-peak-throughput? uint64
| | +--ro out-traffic-average-rate? uint64 | | +--ro out-traffic-average-rate? uint64
| | +--ro out-traffic-peak-rate? uint64 | | +--ro out-traffic-peak-rate? uint64
| | +--ro out-traffic-average-throughput? uint64 | | +--ro out-traffic-average-throughput? uint64
| | +--ro out-traffic-peak-throughput? uint64 | | +--ro out-traffic-peak-throughput? uint64
| +--ro nsf-policy-hits* [policy-name] | +--ro nsf-policy-hits* [policy-name]
| +--ro policy-name -> /nsfintf:i2nsf-security-policy/name | +--ro policy-name -> /i2nsfnfi:i2nsf-security-policy/name
| +--ro discontinuity-time yang:date-and-time | +--ro discontinuity-time yang:date-and-time
| +--ro hit-times? yang:counter64 | +--ro hit-times? yang:counter64
+--rw i2nsf-monitoring-configuration +--rw i2nsf-monitoring-configuration
+--rw i2nsf-system-detection-alarm +--rw i2nsf-system-detection-alarm
| +--rw enabled? boolean | +--rw enabled? boolean
| +--rw system-alarm* [alarm-type] | +--rw system-alarm* [alarm-type]
| +--rw alarm-type enumeration | +--rw alarm-type enumeration
| +--rw threshold? uint8 | +--rw threshold? uint8
| +--rw dampening-period? centiseconds | +--rw dampening-period? centiseconds
+--rw i2nsf-system-detection-event +--rw i2nsf-system-detection-event
skipping to change at page 30, line 51 skipping to change at page 30, line 51
| +--:(i2nsf-system-detection-event) | +--:(i2nsf-system-detection-event)
| | +--ro i2nsf-system-detection-event | | +--ro i2nsf-system-detection-event
| | +--ro event-category? identityref | | +--ro event-category? identityref
| | +--ro user string | | +--ro user string
| | +--ro group* string | | +--ro group* string
| | +--ro ip-address inet:ip-address-no-zone | | +--ro ip-address inet:ip-address-no-zone
| | +--ro l4-port-number inet:port-number | | +--ro l4-port-number inet:port-number
| | +--ro authentication? identityref | | +--ro authentication? identityref
| | +--ro changes* [policy-name] | | +--ro changes* [policy-name]
| | +--ro policy-name | | +--ro policy-name
-> /nsfintf:i2nsf-security-policy/name -> /i2nsfnfi:i2nsf-security-policy/name
| +--:(i2nsf-traffic-flows) | +--:(i2nsf-traffic-flows)
| | +--ro i2nsf-traffic-flows | | +--ro i2nsf-traffic-flows
| | +--ro interface-name? if:interface-ref | | +--ro interface-name? if:interface-ref
| | +--ro interface-type? enumeration | | +--ro interface-type? enumeration
| | +--ro src-mac? yang:mac-address | | +--ro src-mac? yang:mac-address
| | +--ro dst-mac? yang:mac-address | | +--ro dst-mac? yang:mac-address
| | +--ro src-ip? inet:ip-address-no-zone | | +--ro src-ip? inet:ip-address-no-zone
| | +--ro dst-ip? inet:ip-address-no-zone | | +--ro dst-ip? inet:ip-address-no-zone
| | +--ro protocol? identityref | | +--ro protocol? identityref
skipping to change at page 32, line 33 skipping to change at page 32, line 33
| | +--ro type? enumeration | | +--ro type? enumeration
| | +--ro cause? string | | +--ro cause? string
| +--:(i2nsf-nsf-log-dpi) {i2nsf-nsf-log-dpi}? | +--:(i2nsf-nsf-log-dpi) {i2nsf-nsf-log-dpi}?
| +--ro i2nsf-nsf-log-dpi | +--ro i2nsf-nsf-log-dpi
| +--ro attack-type? identityref | +--ro attack-type? identityref
| +--ro src-ip? inet:ip-address-no-zone | +--ro src-ip? inet:ip-address-no-zone
| +--ro src-port? inet:port-number | +--ro src-port? inet:port-number
| +--ro dst-ip? inet:ip-address-no-zone | +--ro dst-ip? inet:ip-address-no-zone
| +--ro dst-port? inet:port-number | +--ro dst-port? inet:port-number
| +--ro rule-name | +--ro rule-name
-> /nsfintf:i2nsf-security-policy/rules/name -> /i2nsfnfi:i2nsf-security-policy/rules/name
| +--ro action* identityref | +--ro action* identityref
+---n i2nsf-nsf-event +---n i2nsf-nsf-event
+--ro vendor-name? string +--ro vendor-name? string
+--ro device-model? string +--ro device-model? string
+--ro software-version? string +--ro software-version? string
+--ro nsf-name union +--ro nsf-name union
+--ro message? string +--ro message? string
+--ro language? string +--ro language? string
+--ro acquisition-method? identityref +--ro acquisition-method? identityref
+--ro emission-type? identityref +--ro emission-type? identityref
skipping to change at page 33, line 8 skipping to change at page 33, line 8
+--:(i2nsf-nsf-detection-ddos) {i2nsf-nsf-detection-ddos}? +--:(i2nsf-nsf-detection-ddos) {i2nsf-nsf-detection-ddos}?
| +--ro i2nsf-nsf-detection-ddos | +--ro i2nsf-nsf-detection-ddos
| +--ro attack-type? identityref | +--ro attack-type? identityref
| +--ro start-time yang:date-and-time | +--ro start-time yang:date-and-time
| +--ro end-time? yang:date-and-time | +--ro end-time? yang:date-and-time
| +--ro attack-src-ip* inet:ip-address-no-zone | +--ro attack-src-ip* inet:ip-address-no-zone
| +--ro attack-dst-ip* inet:ip-address-no-zone | +--ro attack-dst-ip* inet:ip-address-no-zone
| +--ro attack-src-port* inet:port-number | +--ro attack-src-port* inet:port-number
| +--ro attack-dst-port* inet:port-number | +--ro attack-dst-port* inet:port-number
| +--ro rule-name | +--ro rule-name
-> /nsfintf:i2nsf-security-policy/rules/name -> /i2nsfnfi:i2nsf-security-policy/rules/name
| +--ro attack-rate? uint64 | +--ro attack-rate? uint64
| +--ro attack-throughput? uint64 | +--ro attack-throughput? uint64
+--:(i2nsf-nsf-detection-virus) +--:(i2nsf-nsf-detection-virus)
{i2nsf-nsf-detection-virus}? {i2nsf-nsf-detection-virus}?
| +--ro i2nsf-nsf-detection-virus | +--ro i2nsf-nsf-detection-virus
| +--ro src-ip? inet:ip-address-no-zone | +--ro src-ip? inet:ip-address-no-zone
| +--ro src-port? inet:port-number | +--ro src-port? inet:port-number
| +--ro dst-ip? inet:ip-address-no-zone | +--ro dst-ip? inet:ip-address-no-zone
| +--ro dst-port? inet:port-number | +--ro dst-port? inet:port-number
| +--ro rule-name | +--ro rule-name
-> /nsfintf:i2nsf-security-policy/rules/name -> /i2nsfnfi:i2nsf-security-policy/rules/name
| +--ro virus-name? string | +--ro virus-name? string
| +--ro virus-type? identityref | +--ro virus-type? identityref
| +--ro host? union | +--ro host? union
| +--ro file-type? string | +--ro file-type? string
| +--ro file-name? string | +--ro file-name? string
| +--ro os? string | +--ro os? string
+--:(i2nsf-nsf-detection-intrusion) +--:(i2nsf-nsf-detection-intrusion)
{i2nsf-nsf-detection-intrusion}? {i2nsf-nsf-detection-intrusion}?
| +--ro i2nsf-nsf-detection-intrusion | +--ro i2nsf-nsf-detection-intrusion
| +--ro src-ip? inet:ip-address-no-zone | +--ro src-ip? inet:ip-address-no-zone
| +--ro src-port? inet:port-number | +--ro src-port? inet:port-number
| +--ro dst-ip? inet:ip-address-no-zone | +--ro dst-ip? inet:ip-address-no-zone
| +--ro dst-port? inet:port-number | +--ro dst-port? inet:port-number
| +--ro rule-name | +--ro rule-name
-> /nsfintf:i2nsf-security-policy/rules/name -> /i2nsfnfi:i2nsf-security-policy/rules/name
| +--ro protocol? identityref | +--ro protocol? identityref
| +--ro app? identityref | +--ro app? identityref
| +--ro attack-type? identityref | +--ro attack-type? identityref
+--:(i2nsf-nsf-detection-web-attack) +--:(i2nsf-nsf-detection-web-attack)
{i2nsf-nsf-detection-web-attack}? {i2nsf-nsf-detection-web-attack}?
| +--ro i2nsf-nsf-detection-web-attack | +--ro i2nsf-nsf-detection-web-attack
| +--ro src-ip? inet:ip-address-no-zone | +--ro src-ip? inet:ip-address-no-zone
| +--ro src-port? inet:port-number | +--ro src-port? inet:port-number
| +--ro dst-ip? inet:ip-address-no-zone | +--ro dst-ip? inet:ip-address-no-zone
| +--ro dst-port? inet:port-number | +--ro dst-port? inet:port-number
| +--ro rule-name | +--ro rule-name
-> /nsfintf:i2nsf-security-policy/rules/name -> /i2nsfnfi:i2nsf-security-policy/rules/name
| +--ro attack-type? identityref | +--ro attack-type? identityref
| +--ro req-method? identityref | +--ro req-method? identityref
| +--ro req-target? string | +--ro req-target? string
| +--ro filtering-type* identityref | +--ro filtering-type* identityref
| +--ro cookies? string | +--ro cookies? string
| +--ro req-host? string | +--ro req-host? string
| +--ro response-code? string | +--ro response-code? string
+--:(i2nsf-nsf-detection-voip-vocn) +--:(i2nsf-nsf-detection-voip-vocn)
{i2nsf-nsf-detection-voip-vocn}? {i2nsf-nsf-detection-voip-vocn}?
+--ro i2nsf-nsf-detection-voip-vocn +--ro i2nsf-nsf-detection-voip-vocn
+--ro src-ip? inet:ip-address-no-zone +--ro src-ip? inet:ip-address-no-zone
+--ro src-port? inet:port-number +--ro src-port? inet:port-number
+--ro dst-ip? inet:ip-address-no-zone +--ro dst-ip? inet:ip-address-no-zone
+--ro dst-port? inet:port-number +--ro dst-port? inet:port-number
+--ro rule-name +--ro rule-name
-> /nsfintf:i2nsf-security-policy/rules/name -> /i2nsfnfi:i2nsf-security-policy/rules/name
+--ro source-voice-id* string +--ro source-voice-id* string
+--ro destination-voice-id* string +--ro destination-voice-id* string
+--ro user-agent* string +--ro user-agent* string
Figure 1: NSF Monitoring YANG Module Tree Figure 1: NSF Monitoring YANG Module Tree
8. YANG Data Model of NSF Monitoring YANG Module 8. YANG Data Model of NSF Monitoring YANG Module
This section describes a YANG module of I2NSF NSF Monitoring. The This section describes a YANG module of I2NSF NSF Monitoring. The
data model provided in this document uses identities to be used to data model provided in this document uses identities to be used to
skipping to change at page 34, line 36 skipping to change at page 34, line 36
identity used in the document gives information or status about the identity used in the document gives information or status about the
current situation of an NSF. This YANG module imports from current situation of an NSF. This YANG module imports from
[RFC6991], [RFC8343], and [I-D.ietf-i2nsf-nsf-facing-interface-dm], [RFC6991], [RFC8343], and [I-D.ietf-i2nsf-nsf-facing-interface-dm],
and makes references to [RFC0768] [RFC0791] [RFC0792] [RFC0826] and makes references to [RFC0768] [RFC0791] [RFC0792] [RFC0826]
[RFC0854] [RFC1939] [RFC0959] [RFC2595] [RFC4340] [RFC4443] [RFC4861] [RFC0854] [RFC1939] [RFC0959] [RFC2595] [RFC4340] [RFC4443] [RFC4861]
[RFC5321] [RFC5646] [RFC6242] [RFC6265] [RFC8200] [RFC8641] [RFC9051] [RFC5321] [RFC5646] [RFC6242] [RFC6265] [RFC8200] [RFC8641] [RFC9051]
[I-D.ietf-httpbis-http2bis] [I-D.ietf-httpbis-messaging] [I-D.ietf-httpbis-http2bis] [I-D.ietf-httpbis-messaging]
[I-D.ietf-httpbis-semantics] [I-D.ietf-tcpm-rfc793bis] [I-D.ietf-httpbis-semantics] [I-D.ietf-tcpm-rfc793bis]
[I-D.ietf-tsvwg-rfc4960-bis] [IANA-HTTP-Status-Code] [IEEE-802.1AB] [I-D.ietf-tsvwg-rfc4960-bis] [IANA-HTTP-Status-Code] [IEEE-802.1AB]
<CODE BEGINS> file "ietf-i2nsf-nsf-monitoring@2022-04-19.yang" <CODE BEGINS> file "ietf-i2nsf-monitoring-interface@2022-05-23.yang"
module ietf-i2nsf-nsf-monitoring { module ietf-i2nsf-monitoring-interface {
yang-version 1.1; yang-version 1.1;
namespace namespace
"urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring"; "urn:ietf:params:xml:ns:yang:ietf-i2nsf-monitoring-interface";
prefix prefix
nsfmi; i2nsfmi;
import ietf-inet-types { import ietf-inet-types {
prefix inet; prefix inet;
reference reference
"Section 4 of RFC 6991"; "Section 4 of RFC 6991";
} }
import ietf-yang-types { import ietf-yang-types {
prefix yang; prefix yang;
reference reference
"Section 3 of RFC 6991"; "Section 3 of RFC 6991";
} }
import ietf-i2nsf-policy-rule-for-nsf { import ietf-i2nsf-nsf-facing-interface {
prefix nsfintf; prefix i2nsfnfi;
reference reference
"Section 4.1 of draft-ietf-i2nsf-nsf-facing-interface-dm-17"; "Section 4.1 of draft-ietf-i2nsf-nsf-facing-interface-dm-28";
} }
import ietf-interfaces { import ietf-interfaces {
prefix if; prefix if;
reference reference
"Section 5 of RFC 8343"; "Section 5 of RFC 8343";
} }
organization organization
"IETF I2NSF (Interface to Network Security Functions) "IETF I2NSF (Interface to Network Security Functions)
Working Group"; Working Group";
contact contact
skipping to change at page 36, line 5 skipping to change at page 36, line 5
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Revised BSD License to the license terms contained in, the Revised BSD License
set forth in Section 4.c of the IETF Trust's set forth in Section 4.c of the IETF Trust's
Legal Provisions Relating to IETF Documents Legal Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info). (https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices."; for full legal notices.";
revision "2022-04-19" { revision "2022-05-23" {
description "Latest revision"; description "Latest revision";
reference reference
"RFC XXXX: I2NSF NSF Monitoring Interface YANG Data Model"; "RFC XXXX: I2NSF NSF Monitoring Interface YANG Data Model";
// RFC Ed.: replace XXXX with an actual RFC number and remove // RFC Ed.: replace XXXX with an actual RFC number and remove
// this note. // this note.
} }
/* /*
* Typedefs * Typedefs
skipping to change at page 54, line 39 skipping to change at page 54, line 39
"A set of characteristics of a monitoring information."; "A set of characteristics of a monitoring information.";
leaf acquisition-method { leaf acquisition-method {
type identityref { type identityref {
base acquisition-method; base acquisition-method;
} }
description description
"The acquisition-method for characteristics"; "The acquisition-method for characteristics";
} }
leaf emission-type { leaf emission-type {
when "derived-from-or-self(../acquisition-method, " when "derived-from-or-self(../acquisition-method, "
+ "'nsfmi:subscription')"; + "'i2nsfmi:subscription')";
type identityref { type identityref {
base emission-type; base emission-type;
} }
description description
"The emission-type for characteristics. This attribute is "The emission-type for characteristics. This attribute is
used only when the acquisition-method is a 'subscription'"; used only when the acquisition-method is a 'subscription'";
} }
} }
grouping characteristics-extended { grouping characteristics-extended {
description description
skipping to change at page 56, line 40 skipping to change at page 56, line 40
"The destination IPv4 or IPv6 address of the packet"; "The destination IPv4 or IPv6 address of the packet";
} }
leaf dst-port { leaf dst-port {
type inet:port-number; type inet:port-number;
description description
"The destination port of the packet"; "The destination port of the packet";
} }
leaf rule-name { leaf rule-name {
type leafref { type leafref {
path path
"/nsfintf:i2nsf-security-policy" "/i2nsfnfi:i2nsf-security-policy"
+"/nsfintf:rules/nsfintf:name"; +"/i2nsfnfi:rules/i2nsfnfi:name";
} }
mandatory true; mandatory true;
description description
"The name of the I2NSF Policy Rule being triggered"; "The name of the I2NSF Policy Rule being triggered";
} }
} }
grouping i2nsf-nsf-event-type-content-extend { grouping i2nsf-nsf-event-type-content-extend {
description description
"A set of extended common IPv4 or IPv6 related NSF "A set of extended common IPv4 or IPv6 related NSF
event content elements"; event content elements";
skipping to change at page 57, line 22 skipping to change at page 57, line 22
description description
"The source port of the packet or flow"; "The source port of the packet or flow";
} }
uses i2nsf-nsf-event-type-content; uses i2nsf-nsf-event-type-content;
} }
grouping action { grouping action {
description description
"A grouping for action."; "A grouping for action.";
leaf-list action { leaf-list action {
type identityref { type identityref {
base nsfintf:ingress-action; base i2nsfnfi:ingress-action;
} }
description description
"Action type: pass, drop, reject, mirror, or rate limit"; "Action type: pass, drop, reject, mirror, or rate limit";
} }
} }
grouping attack-rates { grouping attack-rates {
description description
"A set of traffic rates for monitoring attack traffic "A set of traffic rates for monitoring attack traffic
data"; data";
leaf attack-rate { leaf attack-rate {
skipping to change at page 61, line 15 skipping to change at page 61, line 15
} }
uses traffic-rates; uses traffic-rates;
} }
grouping i2nsf-nsf-counters-type-content { grouping i2nsf-nsf-counters-type-content {
description description
"A set of contents of a policy in an NSF."; "A set of contents of a policy in an NSF.";
leaf policy-name { leaf policy-name {
type leafref { type leafref {
path path
"/nsfintf:i2nsf-security-policy" "/i2nsfnfi:i2nsf-security-policy"
+"/nsfintf:name"; +"/i2nsfnfi:name";
} }
mandatory true; mandatory true;
description description
"The name of the policy being triggered"; "The name of the policy being triggered";
} }
} }
grouping enable-notification { grouping enable-notification {
description description
"A grouping for enabling or disabling notification"; "A grouping for enabling or disabling notification";
skipping to change at page 63, line 46 skipping to change at page 63, line 46
} }
leaf component-name { leaf component-name {
type string; type string;
description description
"The hardware component responsible for generating "The hardware component responsible for generating
the message. Applicable for Hardware Failure the message. Applicable for Hardware Failure
Alarm."; Alarm.";
} }
leaf interface-name { leaf interface-name {
when "derived-from-or-self(../alarm-category, " when "derived-from-or-self(../alarm-category, "
+ "'nsfmi:interface-alarm')"; + "'i2nsfmi:interface-alarm')";
type if:interface-ref; type if:interface-ref;
description description
"The interface name responsible for generating "The interface name responsible for generating
the message. Applicable for Network Interface the message. Applicable for Network Interface
Failure Alarm."; Failure Alarm.";
reference reference
"RFC 8343: A YANG Data Model for Interface Management"; "RFC 8343: A YANG Data Model for Interface Management";
} }
leaf interface-state { leaf interface-state {
when "derived-from-or-self(../alarm-category, " when "derived-from-or-self(../alarm-category, "
+ "'nsfmi:interface-alarm')"; + "'i2nsfmi:interface-alarm')";
type enumeration { type enumeration {
enum up { enum up {
value 1; value 1;
description description
"The interface state is up and not congested. "The interface state is up and not congested.
The interface is ready to pass packets."; The interface is ready to pass packets.";
} }
enum down { enum down {
value 2; value 2;
description description
skipping to change at page 65, line 40 skipping to change at page 65, line 40
leaf event-category { leaf event-category {
type identityref { type identityref {
base system-event; base system-event;
} }
description description
"The event category for system-detection-event"; "The event category for system-detection-event";
} }
uses i2nsf-system-event-type-content; uses i2nsf-system-event-type-content;
list changes { list changes {
when "derived-from-or-self(../event-category, " when "derived-from-or-self(../event-category, "
+ "'nsfmi:configuration-change')"; + "'i2nsfmi:configuration-change')";
key policy-name; key policy-name;
description description
"Describes the modification that was made to the "Describes the modification that was made to the
configuration. This list is only applicable when the configuration. This list is only applicable when the
event is 'configuration-change'. event is 'configuration-change'.
The minimum information that must be provided is the The minimum information that must be provided is the
name of the policy that has been altered (added, name of the policy that has been altered (added,
modified, or removed). modified, or removed).
This list can be extended with the detailed This list can be extended with the detailed
information about the specific changes made to the information about the specific changes made to the
configuration based on the implementation."; configuration based on the implementation.";
leaf policy-name { leaf policy-name {
type leafref { type leafref {
path path
"/nsfintf:i2nsf-security-policy" "/i2nsfnfi:i2nsf-security-policy"
+"/nsfintf:name"; +"/i2nsfnfi:name";
} }
description description
"The name of the policy configuration that has been "The name of the policy configuration that has been
added, modified, or removed."; added, modified, or removed.";
} }
} }
} }
} }
case i2nsf-traffic-flows { case i2nsf-traffic-flows {
skipping to change at page 76, line 23 skipping to change at page 76, line 23
leaf-list attack-dst-port { leaf-list attack-dst-port {
type inet:port-number; type inet:port-number;
description description
"The transport-layer destination ports of the DDoS "The transport-layer destination ports of the DDoS
attack. Note that not all ports will have been seen attack. Note that not all ports will have been seen
on all the corresponding destination IP addresses."; on all the corresponding destination IP addresses.";
} }
leaf rule-name { leaf rule-name {
type leafref { type leafref {
path path
"/nsfintf:i2nsf-security-policy" "/i2nsfnfi:i2nsf-security-policy"
+"/nsfintf:rules/nsfintf:name"; +"/i2nsfnfi:rules/i2nsfnfi:name";
} }
mandatory true; mandatory true;
description description
"The name of the I2NSF Policy Rule being triggered"; "The name of the I2NSF Policy Rule being triggered";
} }
uses attack-rates; uses attack-rates;
} }
} }
case i2nsf-nsf-detection-virus { case i2nsf-nsf-detection-virus {
skipping to change at page 87, line 5 skipping to change at page 87, line 5
This section shows XML examples of I2NSF NSF Monitoring data This section shows XML examples of I2NSF NSF Monitoring data
delivered via Monitoring Interface from an NSF. The XML examples are delivered via Monitoring Interface from an NSF. The XML examples are
following the guidelines from [RFC6241] [RFC7950]. following the guidelines from [RFC6241] [RFC7950].
10.1. I2NSF System Detection Alarm 10.1. I2NSF System Detection Alarm
The following example shows an alarm triggered by Memory Usage on the The following example shows an alarm triggered by Memory Usage on the
server; this example XML file is delivered by an NSF to an NSF data server; this example XML file is delivered by an NSF to an NSF data
collector: collector:
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<notification <notification
xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0"> xmlns="urn:ietf:params:xml:ns:netconf:notification:1.0">
<eventTime>2021-04-29T07:43:52.181088+00:00</eventTime> <eventTime>2021-04-29T07:43:52.181088+00:00</eventTime>
<i2nsf-event <i2nsf-event
xmlns="urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring"> xmlns="urn:ietf:params:xml:ns:yang:ietf-i2nsf-monitoring-interface">
<acquisition-method>subscription</acquisition-method> <acquisition-method>subscription</acquisition-method>
<emission-type>on-change</emission-type> <emission-type>on-change</emission-type>
<dampening-type>on-repetition</dampening-type> <dampening-type>on-repetition</dampening-type>
<language>en-US</language> <language>en-US</language>
<i2nsf-system-detection-alarm> <i2nsf-system-detection-alarm>
<alarm-category>memory-alarm</alarm-category> <alarm-category>memory-alarm</alarm-category>
<usage>91</usage> <usage>91</usage>
<threshold>90</threshold> <threshold>90</threshold>
<message>Memory Usage Exceeded the Threshold</message> <message>Memory Usage Exceeded the Threshold</message>
<nsf-name>time_based_firewall</nsf-name> <nsf-name>time_based_firewall</nsf-name>
<severity>high</severity> <severity>high</severity>
</i2nsf-system-detection-alarm> </i2nsf-system-detection-alarm>
</i2nsf-event> </i2nsf-event>
</notification> </notification>
Figure 4: Example of I2NSF System Detection Alarm triggered by Figure 4: Example of I2NSF System Detection Alarm triggered by
Memory Usage Memory Usage
The XML data above shows: The XML data above shows:
1. The NSF that sends the information is named 1. The NSF that sends the information is named
"time_based_firewall". "time_based_firewall".
2. The memory usage of the NSF triggered the alarm. 2. The memory usage of the NSF triggered the alarm.
3. The monitoring information is received by subscription method. 3. The monitoring information is received by subscription method.
skipping to change at page 88, line 12 skipping to change at page 88, line 12
8. The severity level of the notification is high. 8. The severity level of the notification is high.
10.2. I2NSF Interface Counters 10.2. I2NSF Interface Counters
To get the I2NSF system interface counters information by query, To get the I2NSF system interface counters information by query,
NETCONF Client (e.g., NSF data collector) needs to initiate GET NETCONF Client (e.g., NSF data collector) needs to initiate GET
connection with NETCONF Server (e.g., NSF). The following XML file connection with NETCONF Server (e.g., NSF). The following XML file
can be used to get the state data and filter the information. can be used to get the state data and filter the information.
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1"> <rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="1">
<get> <get>
<filter <filter
xmlns="urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring"> xmlns="urn:ietf:params:xml:ns:yang:ietf-i2nsf-monitoring-interface">
<i2nsf-counters> <i2nsf-counters>
<system-interface/> <system-interface/>
</i2nsf-counters> </i2nsf-counters>
</filter> </filter>
</get> </get>
</rpc> </rpc>
Figure 5: XML Example for NETCONF GET with System Interface Filter Figure 5: XML Example for NETCONF GET with System Interface Filter
The following XML file shows the reply from the NETCONF Server (e.g., The following XML file shows the reply from the NETCONF Server (e.g.,
NSF): NSF):
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<rpc-reply message-id="1" <rpc-reply message-id="1"
xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<data> <data>
<i2nsf-counters <i2nsf-counters
xmlns="urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring"> xmlns="urn:ietf:params:xml:ns:yang:ietf-i2nsf-monitoring-interface">
<acquisition-method>query</acquisition-method> <acquisition-method>query</acquisition-method>
<system-interface> <system-interface>
<discontinuity-time> <discontinuity-time>
2021-04-29T08:43:52.181088+00:00 2021-04-29T08:43:52.181088+00:00
</discontinuity-time> </discontinuity-time>
<interface-name>ens3</interface-name> <interface-name>ens3</interface-name>
<in-total-traffic-bytes>549050</in-total-traffic-bytes> <in-total-traffic-bytes>549050</in-total-traffic-bytes>
<out-total-traffic-bytes>814956</out-total-traffic-bytes> <out-total-traffic-bytes>814956</out-total-traffic-bytes>
<in-drop-traffic-bytes>0</in-drop-traffic-bytes> <in-drop-traffic-bytes>0</in-drop-traffic-bytes>
<out-drop-traffic-bytes>5078</out-drop-traffic-bytes> <out-drop-traffic-bytes>5078</out-drop-traffic-bytes>
<nsf-name>time_based_firewall</nsf-name> <nsf-name>time_based_firewall</nsf-name>
</system-interface> </system-interface>
<system-interface> <system-interface>
<discontinuity-time> <discontinuity-time>
2021-04-29T08:43:52.181088+00:00 2021-04-29T08:43:52.181088+00:00
</discontinuity-time> </discontinuity-time>
<interface-name>lo</interface-name> <interface-name>lo</interface-name>
<in-total-traffic-bytes>48487</in-total-traffic-bytes> <in-total-traffic-bytes>48487</in-total-traffic-bytes>
<out-total-traffic-bytes>48487</out-total-traffic-bytes> <out-total-traffic-bytes>48487</out-total-traffic-bytes>
<in-drop-traffic-bytes>0</in-drop-traffic-bytes> <in-drop-traffic-bytes>0</in-drop-traffic-bytes>
<out-drop-traffic-bytes>0</out-drop-traffic-bytes> <out-drop-traffic-bytes>0</out-drop-traffic-bytes>
<nsf-name>time_based_firewall</nsf-name> <nsf-name>time_based_firewall</nsf-name>
</system-interface> </system-interface>
</i2nsf-counters> </i2nsf-counters>
</data> </data>
</rpc-reply> </rpc-reply>
Figure 6: Example of I2NSF System Interface Counters XML Information Figure 6: Example of I2NSF System Interface Counters XML Information
11. IANA Considerations 11. IANA Considerations
This document requests IANA to register the following URI in the This document requests IANA to register the following URI in the
"IETF XML Registry" [RFC3688]: "IETF XML Registry" [RFC3688]:
URI: urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring URI: urn:ietf:params:xml:ns:yang:ietf-i2nsf-monitoring-interface
Registrant Contact: The IESG. Registrant Contact: The IESG.
XML: N/A; the requested URI is an XML namespace. XML: N/A; the requested URI is an XML namespace.
This document requests IANA to register the following YANG module in This document requests IANA to register the following YANG module in
the "YANG Module Names" registry [RFC7950][RFC8525]: the "YANG Module Names" registry [RFC7950][RFC8525]:
name: ietf-i2nsf-nsf-monitoring name: ietf-i2nsf-monitoring-interface
namespace: urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring namespace: urn:ietf:params:xml:ns:yang:ietf-i2nsf-monitoring-interface
prefix: nsfmi prefix: i2nsfmi
reference: RFC XXXX reference: RFC XXXX
// RFC Ed.: replace XXXX with an actual RFC number and remove // RFC Ed.: replace XXXX with an actual RFC number and remove
// this note. // this note.
12. Security Considerations 12. Security Considerations
The YANG module described in this document defines a schema for data The YANG module described in this document defines a schema for data
that is designed to be accessed via network management protocols such that is designed to be accessed via network management protocols such
as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer
is the secure transport layer, and the required secure transport is is the secure transport layer, and the required secure transport is
Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS, Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer is HTTPS,
and the required secure transport is TLS [RFC8446]. and the required secure transport is TLS [RFC8446].
skipping to change at page 97, line 6 skipping to change at page 97, line 6
messaging-19.txt>. messaging-19.txt>.
[I-D.ietf-httpbis-semantics] [I-D.ietf-httpbis-semantics]
Fielding, R. T., Nottingham, M., and J. Reschke, "HTTP Fielding, R. T., Nottingham, M., and J. Reschke, "HTTP
Semantics", Work in Progress, Internet-Draft, draft-ietf- Semantics", Work in Progress, Internet-Draft, draft-ietf-
httpbis-semantics-19, 12 September 2021, httpbis-semantics-19, 12 September 2021,
<https://www.ietf.org/archive/id/draft-ietf-httpbis- <https://www.ietf.org/archive/id/draft-ietf-httpbis-
semantics-19.txt>. semantics-19.txt>.
[I-D.ietf-i2nsf-capability-data-model] [I-D.ietf-i2nsf-capability-data-model]
Hares, S., Jeong, J. (., Kim, J. (., Moskowitz, R., and Q. Hares, S., Jeong, J. P., Kim, J. T., Moskowitz, R., and Q.
Lin, "I2NSF Capability YANG Data Model", Work in Progress, Lin, "I2NSF Capability YANG Data Model", Work in Progress,
Internet-Draft, draft-ietf-i2nsf-capability-data-model-30, Internet-Draft, draft-ietf-i2nsf-capability-data-model-31,
13 April 2022, <https://www.ietf.org/archive/id/draft- 14 May 2022, <https://www.ietf.org/archive/id/draft-ietf-
ietf-i2nsf-capability-data-model-30.txt>. i2nsf-capability-data-model-31.txt>.
[I-D.ietf-i2nsf-nsf-facing-interface-dm] [I-D.ietf-i2nsf-nsf-facing-interface-dm]
Kim, J. (., Jeong, J. (., Park, J., Hares, S., and Q. Lin, Kim, J. T., Jeong, J. P., Park, J., Hares, S., and Q. Lin,
"I2NSF Network Security Function-Facing Interface YANG "I2NSF Network Security Function-Facing Interface YANG
Data Model", Work in Progress, Internet-Draft, draft-ietf- Data Model", Work in Progress, Internet-Draft, draft-ietf-
i2nsf-nsf-facing-interface-dm-25, 13 April 2022, i2nsf-nsf-facing-interface-dm-27, 14 May 2022,
<https://www.ietf.org/archive/id/draft-ietf-i2nsf-nsf- <https://www.ietf.org/archive/id/draft-ietf-i2nsf-nsf-
facing-interface-dm-25.txt>. facing-interface-dm-27.txt>.
[I-D.ietf-tcpm-rfc793bis] [I-D.ietf-tcpm-rfc793bis]
Eddy, W. M., "Transmission Control Protocol (TCP) Eddy, W. M., "Transmission Control Protocol (TCP)
Specification", Work in Progress, Internet-Draft, draft- Specification", Work in Progress, Internet-Draft, draft-
ietf-tcpm-rfc793bis-28, 7 March 2022, ietf-tcpm-rfc793bis-28, 7 March 2022,
<https://www.ietf.org/archive/id/draft-ietf-tcpm- <https://www.ietf.org/archive/id/draft-ietf-tcpm-
rfc793bis-28.txt>. rfc793bis-28.txt>.
[I-D.ietf-tsvwg-rfc4960-bis] [I-D.ietf-tsvwg-rfc4960-bis]
Stewart, R. R., Tüxen, M., and K. E. E. Nielsen, "Stream Stewart, R. R., Tüxen, M., and K. E. E. Nielsen, "Stream
skipping to change at page 98, line 11 skipping to change at page 98, line 11
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2", [RFC4949] Shirey, R., "Internet Security Glossary, Version 2",
FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,
<https://www.rfc-editor.org/info/rfc4949>. <https://www.rfc-editor.org/info/rfc4949>.
[RFC8792] Watsen, K., Auerswald, E., Farrel, A., and Q. Wu, [RFC8792] Watsen, K., Auerswald, E., Farrel, A., and Q. Wu,
"Handling Long Lines in Content of Internet-Drafts and "Handling Long Lines in Content of Internet-Drafts and
RFCs", RFC 8792, DOI 10.17487/RFC8792, June 2020, RFCs", RFC 8792, DOI 10.17487/RFC8792, June 2020,
<https://www.rfc-editor.org/info/rfc8792>. <https://www.rfc-editor.org/info/rfc8792>.
[I-D.ietf-i2nsf-consumer-facing-interface-dm] [I-D.ietf-i2nsf-consumer-facing-interface-dm]
Jeong, J. (., Chung, C., Ahn, T., Kumar, R., and S. Hares, Jeong, J. P., Chung, C., Ahn, T., Kumar, R., and S. Hares,
"I2NSF Consumer-Facing Interface YANG Data Model", Work in "I2NSF Consumer-Facing Interface YANG Data Model", Work in
Progress, Internet-Draft, draft-ietf-i2nsf-consumer- Progress, Internet-Draft, draft-ietf-i2nsf-consumer-
facing-interface-dm-18, 13 April 2022, facing-interface-dm-19, 18 May 2022,
<https://www.ietf.org/archive/id/draft-ietf-i2nsf- <https://www.ietf.org/archive/id/draft-ietf-i2nsf-
consumer-facing-interface-dm-18.txt>. consumer-facing-interface-dm-19.txt>.
[IANA-HTTP-Status-Code] [IANA-HTTP-Status-Code]
Internet Assigned Numbers Authority (IANA), "Hypertext Internet Assigned Numbers Authority (IANA), "Hypertext
Transfer Protocol (HTTP) Status Code Registry", September Transfer Protocol (HTTP) Status Code Registry", September
2018, <https://www.iana.org/assignments/http-status-codes/ 2018, <https://www.iana.org/assignments/http-status-codes/
http-status-codes.xhtml>. http-status-codes.xhtml>.
[IEEE-802.1AB] [IEEE-802.1AB]
Institute of Electrical and Electronics Engineers, "IEEE Institute of Electrical and Electronics Engineers, "IEEE
Standard for Local and metropolitan area networks - Standard for Local and metropolitan area networks -
Station and Media Access Control Connectivity Discovery", Station and Media Access Control Connectivity Discovery",
March 2016, March 2016,
<https://ieeexplore.ieee.org/document/7433915>. <https://ieeexplore.ieee.org/document/7433915>.
Appendix A. Changes from draft-ietf-i2nsf-nsf-monitoring-data-model-16 Appendix A. Changes from draft-ietf-i2nsf-nsf-monitoring-data-model-18
The following changes are made from draft-ietf-i2nsf-nsf-monitoring- The following changes are made from draft-ietf-i2nsf-nsf-monitoring-
data-model-16: data-model-18:
* This version is added following Benjamin Kaduk, Francesca * The YANG module's prefix is updated from 'nsfmi' to 'i2nsfmi'.
Palombini, and Robert Wilton's comments
* This version updated the IETF Trust Copyright statement in the * The YANG module's name is updated from 'ietf-i2nsf-nsf-monitoring'
YANG data model. to 'ietf-i2nsf-monitoring-interface'.
Authors' Addresses Authors' Addresses
Jaehoon (Paul) Jeong (editor) Jaehoon Paul Jeong (editor)
Department of Computer Science and Engineering Department of Computer Science and Engineering
Sungkyunkwan University Sungkyunkwan University
2066 Seobu-Ro, Jangan-Gu 2066 Seobu-Ro, Jangan-Gu
Suwon Suwon
Gyeonggi-Do Gyeonggi-Do
16419 16419
Republic of Korea Republic of Korea
Phone: +82 31 299 4957 Phone: +82 31 299 4957
Email: pauljeong@skku.edu Email: pauljeong@skku.edu
URI: http://iotlab.skku.edu/people-jaehoon-jeong.php URI: http://iotlab.skku.edu/people-jaehoon-jeong.php
skipping to change at page 99, line 26 skipping to change at page 99, line 25
Email: patricklink@skku.edu Email: patricklink@skku.edu
Susan Hares Susan Hares
Huawei Huawei
7453 Hickory Hill 7453 Hickory Hill
Saline, MI 48176 Saline, MI 48176
United States of America United States of America
Phone: +1-734-604-0332 Phone: +1-734-604-0332
Email: shares@ndzh.com Email: shares@ndzh.com
Liang (Frank) Xia Liang Frank Xia
Huawei Huawei
101 Software Avenue, Yuhuatai District 101 Software Avenue, Yuhuatai District
Nanjing Nanjing
Jiangsu, Jiangsu,
China China
Email: Frank.xialiang@huawei.com Email: Frank.xialiang@huawei.com
Henk Birkholz Henk Birkholz
Fraunhofer Institute for Secure Information Technology Fraunhofer Institute for Secure Information Technology
Rheinstrasse 75 Rheinstrasse 75
 End of changes. 53 change blocks. 
128 lines changed or deleted 127 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/