<?xml version="1.0"encoding="US-ASCII"?> <!-- $Id: draft-ietf-i2nsf-sdn-ipsec-flow-protection-14.xml,v 1.5 2020/10/07 06:27:15 Exp $ --> <!-- This template is for creating an Internet Draft using xml2rfc, which is available here: http://xml.resource.org. -->encoding="UTF-8"?> <!DOCTYPE rfc SYSTEM"rfc2629.dtd" [ <!-- One method to get references from the online citation libraries. There has to be one entity for each item to be referenced. An alternate method (rfc include) is described in the references. --> <!ENTITY RFC2119 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"> <!ENTITY RFC2865 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2865.xml"> <!ENTITY RFC2866 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2866.xml"> <!ENTITY RFC3575 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3575.xml"> <!ENTITY RFC3579 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3579.xml"> <!ENTITY RFC4849 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4849.xml"> <!ENTITY RFC5080 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5080.xml"> <!ENTITY RFC5226 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5226.xml"> <!ENTITY RFC7149 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7149.xml"> <!ENTITY RFC4301 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4301.xml"> <!ENTITY RFC6071 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6071.xml"> <!ENTITY RFC2367 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2367.xml"> <!ENTITY RFC3549 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3549.xml"> <!ENTITY RFC3948 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3948.xml"> <!ENTITY RFC6437 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6437.xml"> <!ENTITY RFC7296 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7296.xml"> <!ENTITY RFC8229 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8229.xml"> <!ENTITY RFC8192 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8192.xml"> <!ENTITY RFC7426 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7426.xml"> <!ENTITY RFC8329 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8329.xml"> <!ENTITY RFC6020 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6020.xml"> <!ENTITY RFC3688 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3688.xml"> <!ENTITY RFC8446 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml"> <!ENTITY RFC6241 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6241.xml"> <!ENTITY RFC6242 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6242.xml"> <!ENTITY RFC8341 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8341.xml"> <!ENTITY RFC8040 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8040.xml"> <!ENTITY RFC8247 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8247.xml"> <!ENTITY RFC7950 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7950.xml"> <!ENTITY RFC8342 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8342.xml"> <!ENTITY RFC8340 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8340.xml"> <!ENTITY RFC2247 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2247.xml"> <!ENTITY RFC3947 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3947.xml"> <!ENTITY RFC4303 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4303.xml"> <!ENTITY RFC5280 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5280.xml"> <!ENTITY RFC5915 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5915.xml"> <!ENTITY RFC6040 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6040.xml"> <!ENTITY RFC6991 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6991.xml"> <!ENTITY RFC7383 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7383.xml"> <!ENTITY RFC7427 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7427.xml"> <!ENTITY RFC7619 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7619.xml"> <!ENTITY RFC8017 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8017.xml"> <!ENTITY RFC8174 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"> <!ENTITY RFC8221 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8221.xml"> <!ENTITY RFC5322 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5322.xml"> <!ENTITY RFC8221 SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3280.xml"> ]> <?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?> <!-- used by XSLT processors --> <!-- For a complete list and description of processing instructions (PIs), please see http://xml.resource.org/authoring/README.html. --> <!-- Below are generally applicable Processing Instructions (PIs) that most I-Ds might want to use. (Here they are set differently than their defaults in xml2rfc v1.32) --> <!-- <?rfc strict="yes" ?> --> <!-- give errors regarding ID-nits and DTD validation --> <!-- control the table of contents (ToC) --> <?rfc toc="yes"?> <!-- generate a ToC --> <?rfc tocdepth="3"?> <!-- the number of levels of subsections in ToC. default: 3 --> <!-- control references --> <?rfc symrefs="yes"?> <!-- use symbolic references tags, i.e, [RFC2119] instead of [1] --> <?rfc sortrefs="yes" ?> <!-- sort the reference entries alphabetically --> <!-- control vertical white space (using these PIs as follows is recommended by the RFC Editor) --> <?rfc compact="yes" ?> <!-- do not start each main section on a new page --> <?rfc subcompact="no" ?> <!-- keep one blank line between list items --> <!-- end of list of popular I-D processing instructions --> <?rfc inline="yes"?> <?rfc strict="no"?> <?rfc rfcedstyle="yes"?>"rfc2629-xhtml.ent"> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-i2nsf-sdn-ipsec-flow-protection-14" number="9061" obsoletes="" updates="" submissionType="IETF" category="std"docName="draft-ietf-i2nsf-sdn-ipsec-flow-protection-14">consensus="true" xml:lang="en" tocInclude="true" tocDepth="3" symRefs="true" sortRefs="true" version="3"> <!--category values: std, bcp, info, exp, and historic ipr values: full3667, noModification3667, noDerivatives3667 you can add the attributes updates="NNNN" and obsoletes="NNNN" they will automatically be output with "(if approved)" --> <!-- ***** FRONT MATTER *****xml2rfc v2v3 conversion 3.7.0 --> <front><!-- The abbreviated title is used in the page header - it is only necessary if the full title is longer than 39 characters --><titleabbrev="SDN-basedabbrev="IPsec Flow Protection Based on SDN">A YANG Data Model for IPsec FlowProtection">Protection Based on Software-Defined Networking(SDN)-based IPsec Flow Protection</title> <!-- add 'role="editor"' below for the editors if appropriate --> <!-- Another author who claims to be an editor -->(SDN)</title> <seriesInfo name="RFC" value="9061"/> <author fullname="Rafa Marin-Lopez" initials="R." surname="Marin-Lopez"> <organization>University of Murcia</organization> <address> <postal> <extaddr>Faculty of Computer Science</extaddr> <street>Campus de EspinardoS/N, Faculty of Computer Science</street> <!-- Reorder these if your country does things differently --> <city>Murcia</city> <region/>S/N</street> <region>Murcia</region> <code>30100</code> <country>Spain</country> </postal> <phone>+34 868 88 85 01</phone> <email>rafa@um.es</email><!-- uri and facsimile elements may also be added --></address> </author> <author fullname="Gabriel Lopez-Millan" initials="G." surname="Lopez-Millan"> <organization>University of Murcia</organization> <address> <postal><street>Campus de Espinardo S/N, Faculty<extaddr>Faculty of ComputerScience</street> <!-- Reorder these if your country does things differently --> <city>Murcia</city> <region/> <code>30100</code> <country>Spain</country> </postal> <phone>+34 868 88 85 04</phone> <email>gabilm@um.es</email> <!-- uri and facsimile elements may also be added --> </address> </author> <author fullname="Fernando Pereniguez-Garcia" initials="F." surname="Pereniguez-Garcia"> <organization>University Defense Center</organization> <address> <postal> <street>Spanish Air Force Academy, MDE-UPCT</street> <!-- Reorder these if your country does things differently --> <city>San Javier (Murcia)</city> <region/> <code>30720</code> <country>Spain</country> </postal> <phone>+34 968 18 99 46</phone> <email>fernando.pereniguez@cud.upct.es</email> <!-- uri and facsimile elements may also be added --> </address> </author> <date month="March" year="2021"/> <!-- If the month and year are both specified and are the current ones, xml2rfc will fill in the current day for you. If only the current year is specified, xml2rfc will fill in the current day and month for you. If the year is not the current one, it is necessary to specify at least a month (xml2rfc assumes day="1" if not specified for the purpose of calculating the expiry date). With drafts it is normally sufficient to specify just the year. --> <!-- Meta-data Declarations --> <area>General</area> <workgroup>I2NSF</workgroup> <!-- WG name at the upperleft corner of the doc, IETF is fine for individual submissions. If this element is not present, the default is "Network Working Group", which is used by the RFC Editor as a nod to the history of the IETF. --> <keyword>NSF, SDN, IPsec</keyword> <!-- Keywords will be incorporated into HTML output files in a meta tag but they have no effect on text or nroff output. If you submit your draft to the RFC Editor, the keywords will be used for the search engine. -->Science</extaddr> <street>Campus de Espinardo S/N</street> <region>Murcia</region> <code>30100</code> <country>Spain</country> </postal> <phone>+34 868 88 85 04</phone> <email>gabilm@um.es</email> </address> </author> <author fullname="Fernando Pereniguez-Garcia" initials="F." surname="Pereniguez-Garcia"> <organization>University Defense Center</organization> <address> <postal> <extaddr>Spanish Air Force Academy</extaddr> <street>MDE-UPCT</street> <city>San Javier</city> <region>Murcia</region> <code>30720</code> <country>Spain</country> </postal> <phone>+34 968 18 99 46</phone> <email>fernando.pereniguez@cud.upct.es</email> </address> </author> <date month="June" year="2021"/> <area>General</area> <workgroup>I2NSF</workgroup> <keyword>NSF</keyword> <keyword>SDN</keyword> <keyword>IPsec</keyword> <abstract> <t>This document describes how to provide IPsec-based flow protection (integrity and confidentiality) by means of an Interface to Network Security Function (I2NSF)controller.Controller. It considers two main well-known scenarios in IPsec:(i)gateway-to-gateway and(ii)host-to-host. The service described in this document allows the configuration and monitoring of IPsec Security Associations (IPsec SAs) fromaan I2NSF Controller to one or several flow-based Network Security Functions (NSFs) that rely on IPsec to protect data traffic. </t> <t>TheThis document focuses on the I2NSFNSF-facingNSF-Facing Interface by providing YANG data models for configuring the IPsec databases, namely Security Policy Database (SPD), Security Association Database (SAD), Peer Authorization Database (PAD), andIKEv2.Internet Key Exchange Version 2 (IKEv2). This allows IPsec SA establishment with minimal intervention by the network administrator.ItThis document defines three YANGmodulesmodules, but it does not define any new protocol. </t> </abstract> </front> <middle> <section anchor="intro"title="Introduction">numbered="true" toc="default"> <name>Introduction</name> <t> Software-Defined Networking (SDN) is an architecture that enables administrators to directly program, orchestrate,controlcontrol, and manage network resources through software. The SDN paradigm relocates the control of network resources to a centralized entity, namely the SDN Controller. SDNcontrollersControllers configure and manage distributed network resources and provide an abstracted view of the network resources to SDN applications. SDN applications can customize and automate the operations (including management) of the abstracted network resources in a programmable manner via this interface <xreftarget="RFC7149"/>target="RFC7149" format="default"/> <xreftarget="ITU-T.Y.3300"/>target="ITU-T.Y.3300" format="default"/> <xreftarget="ONF-SDN-Architecture"/>target="ONF-SDN-Architecture" format="default"/> <xreftarget="ONF-OpenFlow"/>.target="ONF-OpenFlow" format="default"/>. </t> <t> Recently, several network scenarios now demand a centralized way of managing different security aspects, for example, Software-Defined WANs (SD-WANs). SD-WANs areanSDNextensionextensions providingasoftwareabstractionabstractions to create secure network overlays over traditional WAN and branch networks. SD-WANs utilize IPsec <xreftarget="RFC4301"/>target="RFC4301" format="default"/> as an underlying security protocol. The goal of SD-WANs is to provide flexible and automated deployment from a centralized point to enable on-demand network securityservicesservices, such as IPsec Security Association (IPsec SA) management. Additionally, Section4.3.3<xref target="RFC8192" sectionFormat="bare" section="4.3.3">"Client-Specific Security Policy in Cloud VPNs"</xref> of <xref target="RFC8192"/> describes another example use case forCloud Data Center Scenario titled "Client-Specific Security Policy in Cloud VPNs".a cloud data center scenario. The use case inRFC 8192<xref target="RFC8192" format="default"/> states that "dynamic key management is critical for securing the VPN and the distribution of policies". These VPNs can be established using IPsec. The management of IPsec SAs in data centers using a centralized entity is a scenario where the current specification may be applicable. </t> <t> Therefore, with the growth of SDN-based scenarios where network resources are deployed in an autonomous manner, a mechanism to manage IPsec SAs from a centralized entity becomes more relevant in the industry. </t> <t> In response to this need, the Interface to Network Security Functions (I2NSF) charter states that the goal of this working group is "to define a set of software interfaces andYANGdata models for controlling and monitoring aspects of physical and virtualNetwork Security Functions".NSFs". As defined in <xreftarget="RFC8192"/> antarget="RFC8192" format="default"/>, a Network Security Function (NSF) is "a function that is used to ensure integrity, confidentiality, or availability of network communication; to detect unwanted network activity; or to block, or at least mitigate, the effects of unwanted activity". This document pays special attention to flow-based NSFs that ensure integrity and confidentiality by means of IPsec.</t> <t> In fact,as Section 3.1.9 in<xreftarget="RFC8192"/>target="RFC8192" sectionFormat="of" section="3.1.9"/> states that "there is a need for a controller to create, manage, and distribute various keys to distributedNSFs.", howeverNSFs"; however, "there is a lack of a standard interface to provision and manage security associations". Inspired by the SDN paradigm, the I2NSF framework <xreftarget="RFC8329"/>target="RFC8329" format="default"/> defines a centralized entity, the I2NSF Controller, which manages one or multiple NSFs throughaan I2NSF NSF-Facing Interface. In thisdocumentdocument, an architecture is defined for allowing the I2NSF Controller to carry out the key management procedures. More specifically, three YANG data models are defined for the I2NSF NSF-FacingInterface that allowInterface, which allows the I2NSF Controller to configure and monitorIPsec-enabledIPsec-enabled, flow-based NSFs.</t> <t>The IPsec architecture <xreftarget="RFC4301"/>target="RFC4301" format="default"/> defines a clear separation between the processing to provide security services to IP packets and the key management procedures to establish the IPsec SAs, which allows centralizing the key management procedures in the I2NSF Controller. This document considers two typical scenarios to autonomously manage IPsec SAs: gateway-to-gateway and host-to-host <xreftarget="RFC6071"/>.target="RFC6071" format="default"/>. In these cases, hosts,gatewaysgateways, or both may act as NSFs. Due to its complexity, consideration for the host-to-gateway scenario is out of scope. The source of this complexity comes from the fact that, in this scenario, the host may not be under the control of the I2NSFcontrollerController and, therefore, it is not configurable. Nevertheless, the I2NSF interfaces defined in this document can be considered as a starting point to analyze and provide a solution for the host-to-gateway scenario.</t> <t> For the definition of the YANG data models for the I2NSF NSF-Facing Interface, this document considers two general cases,namely: <list style="format %d)"> <t>namely:</t> <ol spacing="normal" type="1"> <li> IKE case. The NSF implements the Internet Key ExchangeversionVersion 2 (IKEv2) protocol and the IPsec databases: the Security Policy Database (SPD), the Security Association Database(SAD)(SAD), and the Peer Authorization Database (PAD). The I2NSF Controller is in charge of provisioning the NSF with the required information in the SPD and PAD (e.g., IKEcredentials),credentials) andforthe IKE protocol itself (e.g., parameters for the IKE_SA_INITnegotiation). </t> <t>negotiation).</li> <li> IKE-less case. The NSF only implements the IPsec databases (no IKE implementation). The I2NSF Controller will provide the required parameters to create valid entries in the SPD and the SAD of the NSF. Therefore, the NSF will only have support for IPsecwhilewhereas key management functionality is moved to the I2NSFController. </t> </list> </t>Controller.</li> </ol> <t> In both cases, a YANG data model for the I2NSF NSF-Facing Interface is required to carry out this provisioning in a secure manner between the I2NSF Controller and the NSF.<!--In particular, the IKE case requires the provision of SPD and PAD entries, the IKE credential and information related with the IKE negotiation (e.g. IKE_SA_INIT). -->Using YANG datamodellingmodeling language version 1.1 <xreftarget="RFC7950"/>target="RFC7950" format="default"/> and based on YANG data models defined in <xreftarget="netconf-vpn"/>,target="netconf-vpn" format="default"/> and <xreftarget="I-D.tran-ipsecme-yang"/>, antarget="I-D.tran-ipsecme-yang" format="default"/> and the data structures defined inRFC 4301<xreftarget="RFC4301"/>target="RFC4301" format="default"/> andRFC 7296<xreftarget="RFC7296"/>,target="RFC7296" format="default"/>, this document defines the required interfaces with a YANG data model for configuration and state data for IKE, PAD,SPDSPD, and SAD (see Sections <xreftarget="ike-common-model"/>,target="ike-common-model" format="counter"/>, <xreftarget="ike-case-model"/>target="ike-case-model" format="counter"/>, and <xreftarget="ike-less-model"/>).target="ike-less-model" format="counter"/>). The proposed YANG data model conforms to the Network Management Datastore Architecture (NMDA) defined in <xreftarget="RFC8342"/>.target="RFC8342" format="default"/>. Examples of the usage of these data models can be found in Appendices <xreftarget="appendix-d"/>, <xref target="appendix-e"/> andtarget="appendix-d" format="counter"/>, <xreftarget="appendix-f"/>. </t> <!-- <t> This document considers two typical scenarios to manage autonomously IPsec SAs: gateway-to-gatewaytarget="appendix-e" format="counter"/>, andhost-to-host<xreftarget="RFC6071" />. In these cases, hosts, gateways or both may act as NSFs. Consideration for the host-to-gateway scenario is out of scope of this document.target="appendix-f" format="counter"/>. </t>--> <!--<t> Finally, this work pays attention to the challenge "Lack of Mechanism for Dynamic Key Distribution to NSFs" defined in <xref target="RFC8192" /> in the particular case of the establishment and management of IPsec SAs. In fact,this I-D could be considered as a proper use case for this particular challenge in <xref target="RFC8192" />. </t>--><t> In summary, the objectives of this document are:</t><t> <list style="symbols"> <t><ul spacing="normal"> <li> To describe the architecture for I2NSF-based IPsec management, which allows for the establishment and management of IPsecsecurity associationsSecurity Associations from the I2NSF Controller in order to protect specific data flows between two flow-based NSFs implementingIPsec.</t> <t>ToIPsec.</li> <li>To map this architecture to the I2NSFFramework.</t> <t>Toframework.</li> <li>To define the interfaces required to manage and monitor the IPsec SAs in the NSF fromaan I2NSF Controller. YANG data models are defined for configuration and state data for IPsec and IKEv2 management through the I2NSF NSF-Facing Interface. The YANG data models can be used via existingprotocolsprotocols, such asNETCONFthe Network Configuration Protocol (NETCONF) <xreftarget="RFC6241"/>target="RFC6241" format="default"/> or RESTCONF <xreftarget="RFC8040"/>.target="RFC8040" format="default"/>. Thus, this document defines three YANG modules (see <xreftarget="models"/>)target="models" format="default"/>) but does not define any newprotocol.</t> </list> </t> </section> <section title="Requirements Language"> <t> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119" format="default"/> <xref target="RFC8174" format="default"/> when, and only when, they appear in all capitals, as shown here. </t>protocol.</li> </ul> </section> <section anchor="notation"title="Terminology">numbered="true" toc="default"> <name>Terminology</name> <t> This document uses the terminology described in <xreftarget="RFC8329"/>,target="ITU-T.Y.3300" format="default"/>, <xreftarget="RFC8192"/>, <xref target="RFC4301"/>,<xref target="RFC7296"/>,target="RFC8192" format="default"/>, <xreftarget="RFC6241"/>,target="RFC4301" format="default"/>, <xreftarget="ITU-T.Y.3300"/>. <!--<xref target="ONF-SDN-Architecture"/>,target="RFC6437" format="default"/>, <xreftarget="ONF-OpenFlow"/>,target="RFC7296" format="default"/>, <xreftarget="ITU-T.X.1252"/>,target="RFC6241" format="default"/>, and <xreftarget="ITU-T.X.800"/>. <xref target="RFC7149"/>--> Thetarget="RFC8329" format="default"/>. </t> <t>The following term is defined in <xreftarget="ITU-T.Y.3300"/>: <list style="symbols"> <t> Software-Defined Networking. </t> </list> Thetarget="ITU-T.Y.3300" format="default"/>:</t> <ul spacing="normal"> <li>Software-Defined Networking (SDN)</li> </ul> <t>The following terms are defined in <xreftarget="RFC8192"/>: <list style="symbols"> <t>NSF.</t> <t>Flow-based NSF.</t> </list> Thetarget="RFC8192" format="default"/>:</t> <ul spacing="normal"> <li>Network Security Function (NSF)</li> <li>flow-based NSF</li> </ul> <t>The following terms are defined in <xreftarget="RFC4301"/>: <list style="symbols"> <t> Peertarget="RFC4301" format="default"/>:</t> <ul spacing="normal"> <li>Peer Authorization Database(PAD). </t> <t> Security Associations(PAD)</li> <li>Security Association Database(SAD). </t> <t> Security(SAD)</li> <li>Security Policy Database(SPD). </t> </list> The(SPD)</li> </ul> <t>The following two termsthatare related or have identical definition/usage in <xreftarget="RFC6437"/>: <list style="symbols"> <t> Flow or traffic flow. </t> </list> Thetarget="RFC6437" format="default"/>:</t> <ul spacing="normal"> <li>flow</li> <li>traffic flow</li> </ul> <t>The following term is defined in <xreftarget="RFC7296"/>: <list style="symbols"> <t> Internettarget="RFC7296" format="default"/>:</t> <ul spacing="normal"> <li>Internet Key ExchangeversionVersion 2(IKEv2). </t> </list> <!--<t> Flow-based Protection Policy. The set of rules defining the conditions under which a data flow MUST be protected with IPsec, and the rules that MUST be applied to the specific flow. </t>--> The(IKEv2)</li> </ul> <t>The following terms are defined in <xreftarget="RFC6241"/>: <list style="symbols"> <t> Configuration data. </t><t> Configuration datastore. </t><t> State data. </t><t> Startuptarget="RFC6241" format="default"/>: </t> <ul spacing="normal"> <li>configuration data</li> <li>configuration datastore</li> <li>state data</li> <li>startup configurationdatastore. </t><t> Runningdatastore</li> <li>running configurationdatastore. </t> </list>datastore</li> </ul> <section numbered="true" toc="default"> <name>Requirements Language</name> <t> The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here. </t> </section><!-- Terminology --></section> <section anchor="cases"title="SDN-basednumbered="true" toc="default"> <name>SDN-Based IPsecmanagement description">Management Description</name> <t> As mentioned in <xreftarget="intro"/>,target="intro" format="default"/>, two cases are considered, depending on whether the NSF implements IKEv2 or not: the IKE case and the IKE-less case. </t> <section anchor="case1"title="IKE case:numbered="true" toc="default"> <name>IKE Case: IKEv2/IPsec in theNSF">NSF</name> <t> In this case, the NSF implements IPsec with IKEv2 support. The I2NSF Controller is in charge of managing and applying IPsec connection information (determining which nodes need to start an IKEv2/IPsec session, identifying the type of traffic to be protected, and deriving and delivering IKEv2credentialscredentials, such as a pre-sharedkey,key (PSK), certificates,etc.),etc.) and applying other IKEv2 configuration parameters (e.g., cryptographic algorithms for establishing an IKEv2 SA) to the NSF necessary for the IKEv2 negotiation. </t> <t> With these entries, the IKEv2 implementation can operate to establish the IPsec SAs. The I2NSF User establishes the IPsec requirements and information about theend pointsendpoints (through the I2NSF Consumer-FacingInterface,Interface <xreftarget="RFC8329"/>),target="RFC8329" format="default"/>), and the I2NSF Controller translates these requirements into IKEv2,SPDSPD, and PAD entries that will be installed into the NSF (through the I2NSF NSF-Facing Interface). With that information, the NSF can just run IKEv2 to establish the required IPsec SA (when the traffic flow needs protection). <xreftarget="fig:nsf-architecture1"/>target="fig_nsf-architecture1" format="default"/> shows the different layers and corresponding functionality. </t><!-- maximum wide of the figure --><figurealign="center" anchor="fig:nsf-architecture1" title="IKE case:anchor="fig_nsf-architecture1"> <name>IKE Case: IKE/IPsec in theNSF">NSF</name> <artworkalign="center"> <![CDATA[align="center" name="" type="" alt=""><![CDATA[ +-------------------------------------------+ | IPsec Management System | I2NSF User +-------------------------------------------+ | | I2NSF Consumer-Facing | Interface +-------------------------------------------+ | IKEv2 Configuration, PAD and SPD Entries | I2NSF | Distribution | Controller +-------------------------------------------+ | | I2NSF NSF-Facing | Interface +-------------------------------------------+ | IKEv2 | IPsec(PAD, SPD) | Network |-------------------------------------------| Security | IPsec Data Protection and Forwarding | Function +-------------------------------------------+]]> </artwork>]]></artwork> </figure> <t> I2NSF-based IPsec flow protection services provide dynamic and flexible management of IPsec SAs in flow-based NSFs. In order to support this capability in the IKE case, a YANG data model for IKEv2,SPDSPD, and PAD configurationdata,data and for IKEv2 state data needs to be defined for the I2NSF NSF-Facing Interface (see <xreftarget="models"/>).</t>target="models" format="default"/>).</t> </section><!-- "IKE case: IKE/IPsec in the NSF"" --><section anchor="case2"title="IKE-less case:numbered="true" toc="default"> <name>IKE-less Case: IPsec(no(No IKEv2) in theNSF.">NSF</name> <t> In this case, the NSF does not deploy IKEv2 and, therefore, the I2NSF Controller has to perform the IKEv2 security functions and management of IPsec SAs by populating and managing the SPD and the SAD. </t> <t> As shown in <xreftarget="fig:nsf-architecture2"/>,target="fig_nsf-architecture2" format="default"/>, when an I2NSF User enforces flow-based protection policies through the Consumer-Facing Interface, the I2NSF Controller translates these requirements into SPD and SAD entries, which are installed in the NSF. PAD entries are notrequiredrequired, since there is no IKEv2 in the NSF. </t> <figurealign="center" anchor="fig:nsf-architecture2" title="IKE-less case:anchor="fig_nsf-architecture2"> <name>IKE-less Case: IPsec(no(No IKEv2) in theNSF">NSF</name> <artworkalign="center"> <![CDATA[align="center" name="" type="" alt=""><![CDATA[ +-----------------------------------------+ | IPsec Management System | I2NSF User +-----------------------------------------+ | | I2NSF Consumer-Facing Interface | +-----------------------------------------+ | SPD and SAD Entries | I2NSF | Distribution | Controller +-----------------------------------------+ | | I2NSF NSF-Facing Interface | +-----------------------------------------+ | IPsec (SPD, SAD) | Network |-----------------------------------------| Security | IPsec Data Protection and Forwarding | Function +-----------------------------------------+]]> </artwork>]]></artwork> </figure> <t> In order to support the IKE-less case, a YANG data model for SPD and SAD configuration data and SAD state dataMUST<bcp14>MUST</bcp14> be defined for the NSF-Facing Interface (see <xreftarget="models"/>).target="models" format="default"/>). </t> <t> Specifically, the IKE-less case assumes that the I2NSF Controller has to perform some security functions that IKEv2 typically does, namely(non-exhaustive):</t> <t> <list style="symbols"> <t>IV generation.</t> <t>Prevent(non-exhaustive list):</t> <ul spacing="normal"> <li>Initialization Vector (IV) generation</li> <li>prevention of counter resets for the samekey.</t> <t>Generationkey</li> <li>generation ofpseudo-randompseudorandom cryptographic keys for the IPsecSAs.</t> <t>GenerationSAs</li> <li>generation of the IPsec SAs when required based on notifications(i.e.(i.e., sadb-acquire) from theNSF.</t> <t>RekeyNSF</li> <li>rekey of the IPsec SAs based on notifications from the NSF(i.e. expire).</t> <t>NAT Traversal(i.e., expire)</li> <li>NAT traversal discovery andmanagement.</t> </list> </t>management</li> </ul> <t>Additionally to these functions, another set of tasks must be performed by the I2NSF Controller (non-exhaustive list):</t><t> <list style="symbols"> <t>IPsec<ul spacing="normal"> <li>IPsec SA'sSPISecurity Parameter Index (SPI) randomgeneration.</t> <t>Cryptographicgeneration</li> <li>cryptographic algorithmselection.</t> <t>Usageselection</li> <li>usage of extended sequencenumbers.</t> <t>Establishmentnumbers</li> <li>establishment of propertraffic selectors.</t> </list> </t>Traffic Selectors</li> </ul> </section> </section><!-- "IKE-less case: IPsec (no IKE) in the NSF" --><section anchor="comparison"title="IKE case vsnumbered="true" toc="default"> <name>IKE Case vs. IKE-lesscase">Case</name> <t>In principle, the IKE case is easier to deploy than the IKE-less case because current flow-based NSFs (either hosts or gateways) have access to IKEv2 implementations. While gateways typically deploy an IKEv2/IPsec implementation, hosts can easily install it. As a downside, the NSF needs more resources to useIKEv2IKEv2, such as memory for the IKEv2implementation,implementation and computation, since each IPsecsecurity associationSecurity Association rekeyingMAY<bcp14>MAY</bcp14> involve a Diffie-Hellman (DH) exchange. </t> <t>Alternatively, the IKE-less case benefits the deployment in resource-constrained NSFs. Moreover, IKEv2 does not need to be performed in gateway-to-gateway and host-to-host scenarios under the same I2NSF Controller (see <xreftarget="appendix-g1"/>).target="appendix-g1" format="default"/>). On the contrary, the complexity of creating and managing IPsec SAs is shifted to the I2NSF Controller since IKEv2 is not in the NSF. As a consequence, this may result in a more complex implementation in the controller side in comparison with the IKE case. For example, the I2NSF Controller has to deal with the latency existing in the path between the I2NSF Controller and theNSF, inNSF (in order to solvetaskstasks, such asrekey,rekey) or creation and installation of new IPsec SAs. However, this is not specific to this contribution but a general aspect in any SDN-based network. In summary, this complexity may create some scalability and performance issues when the number of NSFs is high. </t> <t>Nevertheless, literature around SDN-based network management using a centralized controller (like the I2NSF Controller) is aware of scalability and performanceissuesissues, and solutions have been already provided and discussed (e.g., hierarchical controllers, having multiple replicated controllers, dedicated high-speed management networks,etc).etc.). In the context ofI2SNF-basedI2NSF-based IPsec management, one way to reduce the latency and alleviate some performance issues can bethe installation ofto install the IPsec policies and IPsec SAs at the same time (proactive mode, as described in <xreftarget="appendix-g1"/>)target="appendix-g1" format="default"/>) instead of waiting for notifications (e.g., a sadb-acquire notification received fromaan NSF requiring a new IPsec SA) to proceed with the IPsec SA installation (reactive mode). Another way to reduce the overhead and the potential scalability and performance issues in the I2NSF Controller is to apply the IKE case described in thisdocument,document since the IPsec SAs are managed between NSFs without the involvement of the I2NSF Controller at all, except by the initial configuration(i.e.(i.e., IKEv2,PADPAD, and SPD entries) provided by the I2NSF Controller. Other solutions, such as Controller-IKE <xreftarget="I-D.carrel-ipsecme-controller-ike"/>,target="I-D.carrel-ipsecme-controller-ike" format="default"/>, have proposed that NSFs provide their DH public keys to the I2NSFController,Controller so that the I2NSF Controller distributes all public keys to all peers. All peers can calculate a unique pairwise secret for each otherpeerpeer, and there is no inter-NSF messages. A rekey mechanism is further described in <xreftarget="I-D.carrel-ipsecme-controller-ike"/>.target="I-D.carrel-ipsecme-controller-ike" format="default"/>. </t> <t>In terms of security, the IKE case provides better security properties than the IKE-less case, as discussed in <xreftarget="security"/>.target="security" format="default"/>. The main reason is that the NSFs generate the session keys and not the I2NSF Controller.</t> <section anchor="rekeying"title="Rekeying process">numbered="true" toc="default"> <name>Rekeying Process</name> <t>Performing a rekey for IPsec SAs is an important operation during the IPsec SAs management. With the YANG data models defined in this document the I2NSF Controller can configure parameters of the rekey process (IKE case) or conduct the rekey process (IKE-less case). Indeed, depending on the case, the rekey process is different.</t> <t>For the IKE case, the rekeying process is carried out by IKEv2, following the information defined in the SPD and SAD(i.e.(i.e., based on the IPsec SA lifetime established by the I2NSF Controller using the YANG data model defined in this document). Therefore, IPsec connections will live unless something different is required by the I2NSF User or the I2NSF Controller detects something wrong.</t> <t>For the IKE-less case, the I2NSF ControllerMUST<bcp14>MUST</bcp14> take care of the rekeying process. When the IPsec SA is going to expire (e.g., IPsec SA soft lifetime), itMUST<bcp14>MUST</bcp14> create a new IPsec SA and itMAY<bcp14>MAY</bcp14> remove the old one(e.g.(e.g., when the lifetime of the old IPsec SA has not been defined). This rekeying process starts when the I2NSF Controller receives a sadb-expire notification or, on the I2NSF Controller's initiative, based on lifetime state data obtained from the NSF. How the I2NSF Controller implements an algorithm for the rekey process is out of the scope of this document. Nevertheless, an example of how this rekey could be performed is described in <xreftarget="appendix-g2"/>.</t>target="appendix-g2" format="default"/>.</t> </section> <section anchor="restart"title="NSF state loss.">numbered="true" toc="default"> <name>NSF State Loss</name> <t>If one of the NSF restarts, it will lose the IPsec state (affected NSF). By default, the I2NSF Controller can assume that all the state has been lostand thereforeand, therefore, it will have to send IKEv2,SPDSPD, and PAD information to the NSF in the IKEcase,case and SPD and SAD information in the IKE-less case.</t> <t> In both cases, the I2NSF Controller is aware of the affected NSF (e.g., the NETCONF/TCP connection is broken with the affected NSF, the I2NSF Controller is receiving a sadb-bad-spi notification from a particular NSF, etc.). Moreover, the I2NSF Controller keeps a list of NSFs that have IPsec SAs with the affected NSF. Therefore, it knows the affected IPsec SAs.</t> <t>In the IKE case, the I2NSF Controller may need to configure the affected NSF with the new IKEv2,SPDSPD, and PAD information. Alternatively, IKEv2 configurationMAY<bcp14>MAY</bcp14> be made permanent between NSF reboots without compromising security by means of the startup configuration datastore in the NSF. This way, each timeaan NSFrebootsreboots, it will use that configuration for each rebooting. It would imply avoiding contact with the I2NSF Controller. Finally, the I2NSF Controller may also need to send new parameters (e.g., a new fresh PSK for authentication) to the NSFswhichthat had IKEv2 SAs and IPsec SAs with the affected NSF.</t> <t>In the IKE-less case, the I2NSF ControllerSHOULD<bcp14>SHOULD</bcp14> delete the old IPsec SAs in the non-failed nodes established with the affected NSF. Once the affected node restarts, the I2NSF ControllerMUST<bcp14>MUST</bcp14> take the necessary actions to reestablishIPsec protectedIPsec-protected communication between the failed node and those others having IPsec SAs with the affected NSF. How the I2NSF Controller implements an algorithm for managing a potential NSF state loss is out of the scope of this document. Nevertheless, an example of how this could be performed is described in <xreftarget="appendix-g3"/>.target="appendix-g3" format="default"/>. </t> </section> <section anchor="nat-traversal"title="NAT Traversal">numbered="true" toc="default"> <name>NAT Traversal</name> <t>In the IKE case, IKEv2 already provides a mechanism to detect whether some of the peers or both are located behind a NAT. In this case, UDP or TCP encapsulation forESPEncapsulating Security Payload (ESP) packets(<xref target="RFC3948"/>,<xreftarget="RFC8229"/>)target="RFC3948" format="default"/> <xref target="RFC8229" format="default"/> is required. Note that IPsec transport modeMUST NOT<bcp14>MUST NOT</bcp14> be used in this specification when NAT is required. </t> <t>In the IKE-less case, the NSF does not have the assistance of the IKEv2 implementation to detect if it is located behind a NAT. If the NSF does not have any other mechanism to detect this situation, the I2NSF ControllerSHOULD<bcp14>SHOULD</bcp14> implement a mechanism to detect that case. The SDN paradigm generally assumes the I2NSF Controller has a view of the network under its control. This view is built either by requesting information from the NSFs under itscontrol,control orbyinformation pushed from the NSFs to the I2NSF Controller. Based on this information, the I2NSF ControllerMAY<bcp14>MAY</bcp14> guess if there is a NAT configured between twohosts,hosts and apply the required policies to both NSFs besides activating the usage of UDP or TCP encapsulation of ESP packets(<xref target="RFC3948"/>,<xreftarget="RFC8229"/>).target="RFC3948" format="default"/> <xref target="RFC8229" format="default"/>. The interface for discovering if the NSF is behind a NAT is out of scope of this document.</t> <t>If the I2NSF Controller does not have any mechanism to know whether a host is behind a NAT or not, then theIKE-case MUSTIKE case <bcp14>MUST</bcp14> be used and not the IKE-less case.</t> </section> <section anchor="nsf-discovery"title="NSF registrationnumbered="true" toc="default"> <name>NSF Registration anddiscovery">Discovery</name> <t>NSF registration refers to the process of providing the I2NSF Controller information about a validNSFNSF, such as certificate, IP address, etc. This information is incorporated in a list of NSFs under its control.</t> <t>The assumption in this document is that, for both cases, beforeaan NSF can operate in this system, itMUST<bcp14>MUST</bcp14> be registered in the I2NSF Controller. In this way, when the NSF starts and establishes a connection to the I2NSF Controller, it knows that the NSF is valid for joining the system.</t> <t>Either during this registration process or when the NSF connects with the I2NSF Controller, the I2NSF ControllerMUST<bcp14>MUST</bcp14> discover certain capabilities of this NSF, such as what are the cryptographic suites supported, the authentication method, the support of the IKE case and/or the IKE-less case, etc.</t> <t>The registration and discovery processes are out of the scope of this document.</t> </section> </section><!--SDN-based IPsec management description--><section anchor="models"title="YANG configuration data models">numbered="true" toc="default"> <name>YANG Configuration Data Models</name> <t> In order to support the IKE and IKE-less cases, models are provided for the different parameters and values that must be configured to manage IPsec SAs. Specifically, the IKE case requires modeling IKEv2 configuration parameters, SPD and PAD, while the IKE-less case requires configuration YANG data models for the SPD and SAD. Three modules have been defined: ietf-i2nsf-ikec (<xreftarget="ike-common-model"/>,target="ike-common-model" format="default"/>, common to both cases), ietf-i2nsf-ike (<xreftarget="ike-case-model"/>,target="ike-case-model" format="default"/>, IKE case), and ietf-i2nsf-ikeless (<xreftarget="ike-less-model"/>,target="ike-less-model" format="default"/>, IKE-less case). Since the module ietf-i2nsf-ikec has only typedef and groupings common to the other modules, a simplified view of the ietf-i2nsf-ike and ietf-i2nsf-ikeless modules is shown.</t><!--> <t> In the following, we just summarize, by using a tree representation, the different configuration and state data models related with SPD, SAD, PAD and IKEv2.</t> <section anchor="spd-model" title="Security Policy Database (SPD) Model">--><section anchor="ike-common-model"title="Thenumbered="true" toc="default"> <name>The 'ietf-i2nsf-ikec'Module">Module</name> <section anchor="common-overview"title="Data model overview">numbered="true" toc="default"> <name>Data Model Overview</name> <t>The module ietf-i2nsf-ikechasonlydefinitionhas definitions of data types (typedef) and groupingswhichthat are common to the other modules.</t> </section> <section anchor="common-module"title="YANG Module">numbered="true" toc="default"> <name>YANG Module</name> <t> This module has normative references to <xreftarget="RFC3947"/>,target="RFC3947" format="default"/>, <xreftarget="RFC4301"/>,target="RFC4301" format="default"/>, <xreftarget="RFC4303"/>,target="RFC4303" format="default"/>, <xreftarget="RFC8174"/>,target="RFC8174" format="default"/>, <xref target="RFC8221" format="default"/>, <xreftarget="RFC8221"/>,target="RFC3948" format="default"/>, <xreftarget="RFC3948"/>,target="RFC8229" format="default"/>, <xreftarget="RFC8229"/>,target="RFC6991" format="default"/>, <xreftarget="IANA-Protocols-Number"/>,target="IANA-Protocols-Number" format="default"/>, <xreftarget="IKEv2-Parameters"/>,target="IKEv2-Parameters" format="default"/>, <xreftarget="IKEv2-Transform-Type-1"/>target="IKEv2-Transform-Type-1" format="default"/>, and <xreftarget="IKEv2-Transform-Type-3"/>.target="IKEv2-Transform-Type-3" format="default"/>. </t><t> <figure> <artwork> <![CDATA[ <CODE BEGINS> file "ietf-i2nsf-ikec@2021-03-18.yang"<sourcecode name="ietf-i2nsf-ikec@2021-06-09.yang" type="yang" markers="true"><![CDATA[ module ietf-i2nsf-ikec { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikec"; prefix"nsfikec";nsfikec; import ietf-inet-types { prefix inet; reference "RFC 6991: Common YANG DataTypes";Types."; } organization "IETF I2NSF Working Group"; contact "WG Web: <https://datatracker.ietf.org/wg/i2nsf/> WG List: <mailto:i2nsf@ietf.org> Author: Rafael Marin-Lopez <mailto:rafa@um.es> Author: Gabriel Lopez-Millan <mailto:gabilm@um.es> Author: Fernando Pereniguez-Garcia <mailto:fernando.pereniguez@cud.upct.es> "; description "CommonDatadata model for the IKE and IKE-less cases defined by the SDN-based IPsec flow protection service. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here. Copyright (c)20202021 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFCXXXX;;9061; see the RFC itself for full legalnotices. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here.";notices."; revision"2021-03-18"2021-06-09 { description "Initial version."; reference "RFCXXXX: Software-Defined Networking (SDN)-based9061: A YANG Data Model for IPsec FlowProtection.";Protection Based on Software-Defined Networking (SDN)."; } typedef encr-alg-t { type uint16; description "The encryption algorithm is specified with a 16-bit number extracted from the IANARegistry.registry. The acceptable values MUST follow the requirement levels for encryption algorithms for ESP and IKEv2."; reference"IANA;"IANA: Internet Key ExchangeV2Version 2 (IKEv2)Parameters;Parameters, IKEv2 TransformAtribute Types;Attribute Types, Transform Type 1 - Encryption Algorithm TransformIDs.IDs RFC8221 -8221: Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)andRFC8247 -8247: Algorithm Implementation Requirements and Usage Guidance for the Internet Key Exchange Protocol Version 2 (IKEv2)."; } typedef intr-alg-t { type uint16; description "The integrity algorithm is specified with a 16-bit number extracted from the IANARegistry.registry. The acceptable values MUST follow the requirement levels for integrity algorithms for ESP and IKEv2."; reference"IANA;"IANA: Internet Key ExchangeV2Version 2 (IKEv2)Parameters;Parameters, IKEv2 TransformAtribute Types;Attribute Types, Transform Type 3 - Integrity Algorithm TransformIDs.IDs RFC8221 -8221: Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)andRFC8247 -8247: Algorithm Implementation Requirements and Usage Guidance for the Internet Key Exchange Protocol Version 2 (IKEv2)."; } typedef ipsec-mode { type enumeration { enum transport { description "IPsec transport mode. No Network Address Translation (NAT) support."; } enum tunnel { description "IPsec tunnel mode."; } } description "Type definition of IPsec mode: transport or tunnel."; reference"Section 3.2 in RFC 4301.";"RFC 4301: Security Architecture for the Internet Protocol, Section 3.2."; } typedef esp-encap { type enumeration { enum espintcp { description "ESP in TCP encapsulation."; reference "RFC8229 -8229: TCP Encapsulation of IKE and IPsec Packets."; } enum espinudp { description "ESP in UDP encapsulation."; reference "RFC3948 -3948: UDP Encapsulation of IPsec ESP Packets."; } enum none { description "No ESP encapsulation."; } } description "Types of ESP encapsulation when Network Address Translation (NAT) may be present between two NSFs."; reference "RFC8229 -8229: TCP Encapsulation of IKE and IPsec PacketsandRFC3948 -3948: UDP Encapsulation of IPsec ESP Packets."; } typedefipsec-protocol-parametersipsec-protocol-params { type enumeration { enum esp { description "IPsec ESP protocol."; } } description "Only the Encapsulation Security Protocol (ESP) issupportedsupported, but it could be extended in the future."; reference "RFC4303-4303: IP Encapsulating Security Payload (ESP)."; } typedef lifetime-action { type enumeration { enum terminate-clear { description "Terminates the IPsec SA and allows the packets through."; } enum terminate-hold { description "Terminates the IPsec SA and drops the packets."; } enum replace { description "Replaces the IPsec SA with a new one:rekey. ";rekey."; } } description "When the lifetime of an IPsec SAexpiresexpires, an action needs to be performed for the IPsec SA that reached the lifetime. There are threeposiblepossible options: terminate-clear,terminate-holdterminate-hold, and replace."; reference"Section 4.5 in RFC 4301.";"RFC 4301: Security Architecture for the Internet Protocol, Section 4.5."; } typedef ipsec-traffic-direction { type enumeration { enum inbound { description "Inbound traffic."; } enum outbound { description "Outbound traffic."; } } description "IPsec traffic direction is defined in two directions: inbound and outbound. Fromaan NSF perspective, inbound and outbound are defined as mentioned inRFC 4301 (Section 3.1)."; reference "SectionSection 3.1 in RFC 4301."; reference "RFC 4301: Security Architecture for the Internet Protocol, Section 3.1."; } typedef ipsec-spd-action { type enumeration { enum protect { description "PROTECT the traffic with IPsec."; } enum bypass { description "BYPASS the traffic. The packet is forwarded without IPsec protection."; } enum discard { description "DISCARD the traffic. The IP packet is discarded."; } } description "The action when traffic matches an IPsec security policy. According to RFC43014301, there are three possible values: BYPASS,PROTECT AND DISCARD";PROTECT, and DISCARD."; reference"Section 4.4.1 in RFC 4301.";"RFC 4301: Security Architecture for the Internet Protocol, Section 4.4.1."; } typedef ipsec-inner-protocol { type union { type uint8; type enumeration { enum any { value 256; description "Any IP protocol number value."; } } } defaultany;"any"; description "IPsec protection can be applied to specific IP traffic andlayerLayer 4 traffic (TCP, UDP, SCTP, etc.) or ANY protocol in the IP packet payload.WeThe IP protocol number is specified withana uint8 or ANY defining an enumerate with value 256 to indicate the protocol number.NOTE: InNote that in case of IPv6, the protocol in the IP packet payload is indicated in the Next Header field of the IPv6 packet."; reference"Section"RFC 4301: Security Architecture for the Internet Protocol, Section 4.4.1.1in RFC 4301. IANA Registry -IANA: Protocol Numbers."; } grouping encap { description "This group of nodes allowsto definedefining of the type of encapsulation in case NAT traversal is required and includes port information."; leaf espencap { type esp-encap; defaultnone;"none"; description "ESP in TCP, ESP inUDPUDP, or ESP in TLS."; } leaf sport { type inet:port-number; default4500;"4500"; description "Encapsulation source port."; } leaf dport { type inet:port-number; default4500;"4500"; description "Encapsulation destination port."; } leaf-list oaddr { type inet:ip-address; description "If required, this is the original address that was used before NAT was applied over thePacket. ";packet."; } reference "RFC3947 and3947: Negotiation of NAT-Traversal in the IKE RFC8229.";8229: TCP Encapsulation of IKE and IPsec Packets."; } grouping lifetime { description "Different lifetime values limited to an IPsec SA."; leaf time { type uint32; units "seconds"; default0;"0"; description "Time in seconds since the IPsec SA was added. For example, if this value is 180secondsseconds, it means the IPsec SA expires in 180 seconds since it was added. The value 0 implies infinite."; } leaf bytes { type uint64; default0;"0"; description "If the IPsec SA processes the number of bytes expressed in this leaf, the IPsec SA expires and SHOULD be rekeyed. The value 0 implies infinite."; } leaf packets { type uint32; default0;"0"; description "If the IPsec SA processes the number of packets expressed in this leaf, the IPsec SA expires and SHOULD be rekeyed. The value 0 implies infinite."; } leaf idle { type uint32; units "seconds"; default0;"0"; description "Whenaan NSF stores an IPsec SA, it consumes system resources. For an idle IPsecSASA, this is a waste of resources. If the IPsec SA is idle during this number ofsecondsseconds, the IPsec SA SHOULD be removed. The value 0 implies infinite."; } reference"Section 4.4.2.1 in RFC 4301.";"RFC 4301: Security Architecture for the Internet Protocol, Section 4.4.2.1."; } grouping port-range { description "This grouping defines a port range, such as that expressed in RFC4301. For example:4301, for example, 1500 (Start Port Number)-1600 (End Port Number). A port range is used in the Traffic Selector."; leaf start { type inet:port-number; description "Start port number."; } leaf end { type inet:port-number; must '. >= ../start' { error-message "The end port number MUST be equal or greater than the start port number."; } description "End port number. To express a single port, set the same value as start and end."; } reference"Section 4.4.1.2 in RFC 4301.";"RFC 4301: Security Architecture for the Internet Protocol, Section 4.4.1.2."; } grouping tunnel-grouping { description "The parameters required to define the IP tunnel endpoints when IPsec SA requires tunnel mode. The tunnel is defined by two endpoints: the local IP address and the remote IP address."; leaf local { type inet:ip-address; mandatory true; description "Local IP address' tunnel endpoint."; } leaf remote { type inet:ip-address; mandatory true; description "Remote IP address' tunnel endpoint."; } leaf df-bit { type enumeration { enum clear { description "Disable theDF (Don't Fragment)Don't Fragment (DF) bit in the outer header. This is the default value."; } enum set { description "Enable the DF bit in the outer header."; } enum copy { description "Copy the DF bit to the outer header."; } } defaultclear;"clear"; description "Allow configuring the DF bit when encapsulating tunnel mode IPsec traffic. RFC 4301 describes three options to handle the DF bit during tunnel encapsulation: clear,setset, and copy from the inner IP header. This MUST be ignored or has no meaning when the local/remote IP addresses are IPv6 addresses."; reference"Section 8.1 in RFC 4301.";"RFC 4301: Security Architecture for the Internet Protocol, Section 8.1."; } leaf bypass-dscp { type boolean; defaulttrue;"true"; description "IfTruetrue, to copy theDSCPDifferentiated Services Code Point (DSCP) value from inner header to outer header. IfFalsefalse, to map DSCP values from an inner header to values in an outer header following../dscp-mapping";../dscp-mapping."; reference"Section 4.4.1.2. in RFC 4301.";"RFC 4301: Security Architecture for the Internet Protocol, Section 4.4.1.2."; } list dscp-mapping { must '../bypass-dscp = "false"'; keyid;"id"; ordered-by user; leaf id { type uint8; description "The index of list with the different mappings."; } leaf inner-dscp { type inet:dscp; description "The DSCP value of the inner IP packet. If this leaf is notdefineddefined, it means ANY inner DSCPvalue";value."; } leaf outer-dscp { type inet:dscp; default0;"0"; description "The DSCP value of the outer IPpacket";packet."; } description "A list that represents an array with the mapping from the inner DSCP value to outer DSCP value when bypass-dscp isFalse.false. To express a default mapping in the list where any other inner dscp value is not matching a node in the list, a new node has to be included at the end of the list where the leaf inner-dscp is not defined (ANY) and the leaf outer-dscp includes the value of the mapping. If there is no value set in the leafouter-dscpouter-dscp, the default value for this leaf is 0."; reference"Section 4.4.1.2."RFC 4301: Security Architecture for the Internet Protocol, Section 4.4.1.2 and AppendixC in RFC 4301.";C."; } } grouping selector-grouping { description "This grouping contains the definition of a Traffic Selector, which is used in the IPsec policies and IPsec SAs."; leaf local-prefix { type inet:ip-prefix; mandatory true; description "Local IP address prefix."; } leaf remote-prefix { type inet:ip-prefix; mandatory true; description "Remote IP address prefix."; } leaf inner-protocol { type ipsec-inner-protocol; defaultany;"any"; description "InnerProtocolprotocol that is going to be protected with IPsec."; } list local-ports { key "start end"; uses port-range; description "List of local ports. When the inner protocol isICMPICMP, this16 bit16-bit value represents code and type. If this list is notdefineddefined, it is assumed that start and end are 0 by default (any port)."; } list remote-ports { key "start end"; uses port-range; description "List of remote ports. When the upper layer protocol isICMPICMP, this16 bit16-bit value represents code andtype.Iftype. If this list is notdefineddefined, it is assumed that start and end are 0 by default (anyport)";port)."; } reference"Section 4.4.1.2 in RFC 4301.";"RFC 4301: Security Architecture for the Internet Protocol, Section 4.4.1.2."; } grouping ipsec-policy-grouping { description "Holds configuration information for an IPsec SPD entry."; leaf anti-replay-window-size { type uint32; default64;"64"; description "To set the anti-replay window size. The default value is set to6464, followingRFC 4303 recommendation."; reference "Section 3.4.3the recommendation in RFC4303";4303."; reference "RFC 4303: IP Encapsulating Security Payload (ESP), Section 3.4.3."; } container traffic-selector { description "Packets are selected for processing actions based ontraffic selectorTraffic Selector values, which refer to IP and inner protocol header information."; uses selector-grouping; reference"Section 4.4.4.1 in RFC 4301.";"RFC 4301: Security Architecture for the Internet Protocol, Section 4.4.4.1."; } container processing-info { description "SPD processing. If the required processing action is protect, it contains the required information to process the packet."; leaf action { type ipsec-spd-action; defaultdiscard;"discard"; description "If bypass or discard, container ipsec-sa-cfg is empty."; } container ipsec-sa-cfg { when "../action = 'protect'"; description "IPsec SA configuration included in the SPD entry."; leaf pfp-flag { type boolean; defaultfalse;"false"; description "Each selector has a Populate From Packet (PFP) flag. If asserted for a given selector X, the flag indicates that the IPsec SA to be created should take its value (local IP address, remote IP address, Next Layer Protocol, etc.) for X from the value in the packet. Otherwise, the IPsec SA should take its value(s) for X from the value(s) in the SPD entry."; } leaf ext-seq-num { type boolean; defaultfalse;"false"; description "True if this IPsec SA is using extended sequence numbers. If true, the 64-bit extended sequence number counter is used; if false, the normal 32-bit sequence number counter is used."; } leaf seq-overflow { type boolean; defaultfalse;"false"; description "The flag indicating whether overflow of the sequence number counter should prevent transmission of additional packets on the IPsec SA (false) and,thereforetherefore, needs to berekeyed,rekeyed or whether rollover is permitted (true). If Authenticated Encryption with Associated Data (AEAD) is used (leafesp-algorithms/encryption/algorithm-type)esp-algorithms/encryption/algorithm-type), this flag MUST be false. Setting this flag to true is strongly discouraged."; } leaf stateful-frag-check { type boolean; defaultfalse;"false"; description "Indicates whether (true) or not (false) stateful fragment checking applies to the IPsec SA to be created."; } leaf mode { type ipsec-mode; defaulttransport;"transport"; description "IPsec SA has to be processed in transport or tunnel mode."; } leaf protocol-parameters { typeipsec-protocol-parameters;ipsec-protocol-params; defaultesp;"esp"; description "Security protocol of the IPsecSA:SA. Only ESP issupportedsupported, but it could be extended in the future."; } container esp-algorithms { when "../protocol-parameters = 'esp'"; description "Configuration of Encapsulating Security Payload (ESP) parameters and algorithms."; leaf-list integrity { type intr-alg-t; default0;"0"; ordered-by user; description "Configuration of ESP authentication based on the specified integrity algorithm. With AEAD encryption algorithms, the integrity node is not used."; reference"Section 3.2 in RFC 4303.";"RFC 4303: IP Encapsulating Security Payload (ESP), Section 3.2."; } list encryption { keyid;"id"; ordered-by user; leaf id { type uint16; description "An identifier that unequivocally identifies each entry of the list, i.e., an encryption algorithm and itskey-lengthkey length (if required)."; } leaf algorithm-type { type encr-alg-t; default20;"20"; description "Default value 20(ENCR_AES_GCM_16)";(ENCR_AES_GCM_16)."; } leaf key-length { type uint16; default128;"128"; description "Bydefaultdefault, key length is 128bits";bits."; } description "Encryption or AEAD algorithm for the IPsec SAs. This list is ordered following from the higher priority to lower priority. First node of the list will be the algorithm with higher priority. In case the list is empty, then no encryption algorithm is applied (NULL)."; reference"Section 3.2 in RFC 4303.";"RFC 4303: IP Encapsulating Security Payload (ESP), Section 3.2."; } leaf tfc-pad { type boolean; defaultfalse;"false"; description "If Traffic Flow Confidentiality (TFC) padding for ESP encryption can be used (true) or not(false)";(false)."; reference"Section 2.7 in RFC 4303.";"RFC 4303: IP Encapsulating Security Payload (ESP), Section 2.7."; } reference "RFC4303.";4303: IP Encapsulating Security Payload (ESP)."; } container tunnel { when "../mode = 'tunnel'"; uses tunnel-grouping; description "IPsec tunnel endpoints definition."; } } reference"Section 4.4.1.2 in RFC 4301.";"RFC 4301: Security Architecture for the Internet Protocol, Section 4.4.1.2."; } } }<CODE ENDS> ]]> </artwork> </figure> </t>]]></sourcecode> </section> </section> <section anchor="ike-case-model"title="Thenumbered="true" toc="default"> <name>The 'ietf-i2nsf-ike'Module">Module</name> <t>In this section, the YANG module for the IKE case is described.</t> <section anchor="ike-overview"title="Data model overview">numbered="true" toc="default"> <name>Data Model Overview</name> <t>The model related to IKEv2 has been extracted from reading the IKEv2 standard in <xreftarget="RFC7296"/>,target="RFC7296" format="default"/> and observing some open source implementations, such asStrongswanstrongSwan <xreftarget="strongswan"/>target="strongswan" format="default"/> or Libreswan <xreftarget="libreswan"/>.</t>target="libreswan" format="default"/>.</t> <t>The definition of the PAD model has been extracted from the specification insection 4.4.3 in<xreftarget="RFC4301"/> (NOTE: Manytarget="RFC4301" sectionFormat="of" section="4.4.3"/>. (Note that many implementations integrate PAD configuration as part of the IKEv2configuration).</t>configuration.)</t> <t> The definition of the SPD model has been mainly extracted from the specification insection 4.4.1Section <xref target="RFC4301" section="4.4.1" sectionFormat="bare"/> and AppendixD in<xreftarget="RFC4301"/>.target="RFC4301" section="D" sectionFormat="bare"/> of <xref target="RFC4301" format="default"/>. </t> <t> The YANG data model for the IKE case is defined by the module "ietf-i2nsf-ike". Its structure is depicted in the following diagram, using the notation syntax for YANG tree diagrams(<xref target="RFC8340"/>).<xref target="RFC8340" format="default"/>. </t><t> <figure> <artwork> <![CDATA[<sourcecode type="yangtree"><![CDATA[ module: ietf-i2nsf-ike +--rw ipsec-ike +--rw pad | +--rw pad-entry* [name] | +--rw name string | +--rw (identity) | | +--:(ipv4-address) | | | +--rw ipv4-address? inet:ipv4-address | | +--:(ipv6-address) | | | +--rw ipv6-address? inet:ipv6-address | | +--:(fqdn-string) | | | +--rw fqdn-string? inet:domain-name | | +--:(rfc822-address-string) | | | +--rw rfc822-address-string? string | | +--:(dnx509) | | | +--rw dnx509? binary | | +--:(gnx509) | | | +--rw gnx509? binary | | +--:(id-key) | | | +--rw id-key? binary | | +--:(id-null) | | +--rw id-null? empty | +--rw auth-protocol? auth-protocol-type | +--rw peer-authentication | +--rw auth-method? auth-method-type | +--rw eap-method | | +--rw eap-type uint64 | +--rw pre-shared | | +--rw secret? yang:hex-string | +--rw digital-signature | +--rw ds-algorithm? uint8 | +--rw (public-key)? | | +--:(raw-public-key) | | | +--rw raw-public-key? binary | | +--:(cert-data) | | +--rw cert-data? binary | +--rw private-key? binary | +--rw ca-data* binary | +--rw crl-data? binary | +--rw crl-uri? inet:uri | +--rw oscp-uri? inet:uri +--rw conn-entry* [name] | +--rw name string | +--rw autostartup? autostartup-type | +--rw initial-contact? boolean | +--rw version? auth-protocol-type | +--rw fragmentation | | +--rwenable?enabled? boolean | | +--rw mtu? uint16 | +--rw ike-sa-lifetime-soft | | +--rw rekey-time? uint32 | | +--rw reauth-time? uint32 | +--rw ike-sa-lifetime-hard | | +--rw over-time? uint32 | +--rw ike-sa-intr-alg* nsfikec:intr-alg-t | +--rw ike-sa-encr-alg* [id] | | +--rw id uint16 | | +--rw algorithm-type? nsfikec:encr-alg-t | | +--rw key-length? uint16 | +--rw dh-group? fs-group | +--rw half-open-ike-sa-timer? uint32 | +--rw half-open-ike-sa-cookie-threshold? uint32 | +--rw local | | +--rw local-pad-entry-name string | +--rw remote | | +--rw remote-pad-entry-name string | +--rw encapsulation-type | | +--rw espencap? esp-encap | | +--rw sport? inet:port-number | | +--rw dport? inet:port-number | | +--rw oaddr* inet:ip-address | +--rw spd | | +--rw spd-entry* [name] | | +--rw name string | | +--rw ipsec-policy-config | | +--rw anti-replay-window-size? uint32 | | +--rw traffic-selector | | | +--rw local-prefix inet:ip-prefix | | | +--rw remote-prefix inet:ip-prefix | | | +--rw inner-protocol? ipsec-inner-protocol | | | +--rw local-ports* [start end] | | | | +--rw start inet:port-number | | | | +--rw end inet:port-number | | | +--rw remote-ports* [start end] | | | +--rw start inet:port-number | | | +--rw end inet:port-number | | +--rw processing-info | | +--rw action? ipsec-spd-action | | +--rw ipsec-sa-cfg | | +--rw pfp-flag? boolean | | +--rw ext-seq-num? boolean | | +--rw seq-overflow? boolean | | +--rw stateful-frag-check? boolean | | +--rw mode? ipsec-mode | | +--rw protocol-parameters?ipsec-protocol-parametersipsec-protocol-params | | +--rw esp-algorithms | | | +--rw integrity* intr-alg-t | | | +--rw encryption* [id] | | | | +--rw id uint16 | | | | +--rw algorithm-type? encr-alg-t | | | | +--rw key-length? uint16 | | | +--rw tfc-pad? boolean | | +--rw tunnel | | +--rw local inet:ip-address | | +--rw remote inet:ip-address | | +--rw df-bit? enumeration | | +--rw bypass-dscp? boolean | | +--rw dscp-mapping* [id] | | +--rw id uint8 | | +--rw inner-dscp? inet:dscp | | +--rw outer-dscp? inet:dscp | +--rw child-sa-info | | +--rw fs-groups* fs-group | | +--rw child-sa-lifetime-soft | | | +--rw time? uint32 | | | +--rw bytes? yang:counter64 | | | +--rw packets? uint32 | | | +--rw idle? uint32 | | | +--rw action? nsfikec:lifetime-action | | +--rw child-sa-lifetime-hard | | +--rw time? uint32 | | +--rw bytes? yang:counter64 | | +--rw packets? uint32 | | +--rw idle? uint32 | +--ro state | +--ro initiator? boolean | +--ro initiator-ikesa-spi? ike-spi | +--ro responder-ikesa-spi? ike-spi | +--ro nat-local? boolean | +--ro nat-remote? boolean | +--ro encapsulation-type | | +--ro espencap? esp-encap | | +--ro sport? inet:port-number | | +--ro dport? inet:port-number | | +--ro oaddr* inet:ip-address | +--ro established? uint64 | +--ro current-rekey-time? uint64 | +--ro current-reauth-time? uint64 +--ro number-ike-sas +--ro total? yang:gauge64 +--ro half-open? yang:gauge64 +--ro half-open-cookies? yang:gauge64]]> </artwork> </figure> </t>]]></sourcecode> <t> The YANG data model consists of a unique "ipsec-ike" container defined as follows. Firstly, it contains a "pad" container that serves to configure the Peer Authentication Database with authentication information about local and remote peers (NSFs). More precisely, it consists of a list of entries, each one indicating the identity, authenticationmethodmethod, and credentials that a particular peer (local or remote) will use. Therefore, each entry contains identity, authentication information, and credentials of either the local NSF or the remote NSF. As a consequence, the I2NF Controller can store identity, authenticationinformationinformation, and credentials for the local NSF and the remote NSF. </t> <t> Next, a list "conn-entry" is defined with information about the different IKE connections a peer can maintain with others. Each connection entry is composed of a wide number of parameters to configure different aspects of a particular IKE connection between two peers: local and remote peer authenticationinformation;information, IKE SA configuration (soft and hard lifetimes, cryptographic algorithms,etc.);etc.), a list of IPsec policies describing the type of network traffic to be secured (local/remote subnet and ports, etc.) and how it must be protected (ESP, tunnel/transport, cryptographic algorithms,etc.); CHILDetc.), Child SA configuration (soft and hardlifetimes); and,lifetimes), and state information of the IKE connection (SPIs, usage of NAT, current expiration times, etc.). </t> <t>Lastly, the "ipsec-ike" container declares a "number-ike-sas" container to specify state information reported by the IKE software related to the amount of IKE connections established. </t> </section> <section anchor="ike-example"title="Example Usage">numbered="true" toc="default"> <name>Example Usage</name> <t><xreftarget="appendix-d"/>target="appendix-d" format="default"/> shows an example of IKE case configuration foraan NSF, in tunnel mode (gateway-to-gateway), withNSFsNSF authentication based on X.509 certificates.</t> </section> <section anchor="ike-module"title="YANG Module"> <t> Thisnumbered="true" toc="default"> <name>YANG Module</name> <t>This YANG module has normative references to <xreftarget="RFC2247"/>, <xref target="RFC5280"/>,target="RFC5280" format="default"/>, <xreftarget="RFC4301"/>,target="RFC4301" format="default"/>, <xreftarget="RFC5280"/>,target="RFC5915" format="default"/>, <xreftarget="RFC5915"/>,target="RFC6991" format="default"/>, <xreftarget="RFC6991"/>,target="RFC7296" format="default"/>, <xreftarget="RFC7296"/>,target="RFC7383" format="default"/>, <xreftarget="RFC7383"/>,target="RFC7427" format="default"/>, <xreftarget="RFC7427"/>,target="RFC7619" format="default"/>, <xreftarget="RFC7619"/>,target="RFC8017" format="default"/>, <xreftarget="RFC8017"/>,target="ITU-T.X.690" format="default"/>, <xreftarget="ITU-T.X.690"/>,target="RFC5322" format="default"/>, <xreftarget="RFC5322"/>,target="RFC8229" format="default"/>, <xreftarget="RFC8229"/>,target="RFC8174" format="default"/>, <xreftarget="RFC8174"/>,target="RFC6960" format="default"/>, <xreftarget="IKEv2-Auth-Method"/>,target="IKEv2-Auth-Method" format="default"/>, <xreftarget="IKEv2-Transform-Type-4"/>,target="IKEv2-Transform-Type-4" format="default"/>, <xreftarget="IKEv2-Parameters"/>target="IKEv2-Parameters" format="default"/>, and <xreftarget="IANA-Method-Type"/>.target="IANA-Method-Type" format="default"/>. </t><t> <figure> <artwork> <![CDATA[ <CODE BEGINS> file "ietf-i2nsf-ike@2021-03-18.yang"<sourcecode name="ietf-i2nsf-ike@2021-06-09.yang" type="yang" markers="true"><![CDATA[ module ietf-i2nsf-ike { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ike"; prefix"nsfike";nsfike; import ietf-inet-types { prefix inet; reference "RFC 6991: Common YANG DataTypes";Types."; } import ietf-yang-types { prefix yang; reference "RFC 6991: Common YANG DataTypes";Types."; } import ietf-i2nsf-ikec { prefix nsfikec; reference "RFCXXXX: Software-Defined Networking (SDN)-based9061: A YANG Data Model for IPsec FlowProtection.";Protection Based on Software-Defined Networking (SDN)."; } import ietf-netconf-acm { prefix nacm; reference "RFC 8341: Network Configuration Access Control Model."; } organization "IETF I2NSF Working Group"; contact "WG Web: <https://datatracker.ietf.org/wg/i2nsf/> WG List: <mailto:i2nsf@ietf.org> Author: Rafael Marin-Lopez <mailto:rafa@um.es> Author: Gabriel Lopez-Millan <mailto:gabilm@um.es> Author: Fernando Pereniguez-Garcia <mailto:fernando.pereniguez@cud.upct.es> "; description "This module contains the IPsec IKE case model for the SDN-based IPsec flow protection service. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here. Copyright (c)20202021 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFCXXXX;9061; see the RFC itself for full legalnotices. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here.";notices."; revision"2021-03-18"2021-06-09 { description "Initial version."; reference "RFCXXXX: Software-Defined Networking (SDN)-based9061: A YANG Data Model for IPsec FlowProtection.";Protection Based on Software-Defined Networking (SDN)."; } typedef ike-spi { type uint64 { range "0..max"; } description "Security Parameter Index (SPI)'s IKE SA."; reference"Section 2.6 in RFC 7296.";"RFC 7296: Internet Key Exchange Protocol Version 2 (IKEv2), Section 2.6."; } typedef autostartup-type { type enumeration { enum add { description "IKE/IPsec configuration is only loaded into IKEimplementationimplementation, but IKE/IPsec SA is not started."; } enum on-demand { description "IKE/IPsec configuration is loaded into IKE implementation. The IPsec policies are transferred to theNSFNSF, but the IPsec SAs are not established immediately. The IKE implementation will negotiate the IPsec SAs when they arerequired. (i.e.required (i.e., through an ACQUIRE notification)."; } enum start { description "IKE/IPsec configuration is loaded and transferred to the NSF's kernel, and theIKEv2 basedIKEv2-based IPsec SAs are established immediately without waiting for any packet."; } } description "Different policies to set IPsec SA configuration into NSF's kernel when IKEv2 implementation has started."; } typedef fs-group { type uint16; description "DH groups for IKE and IPsec SA rekey."; reference"IANA;"IANA: Internet Key ExchangeV2Version 2 (IKEv2)Parameters;Parameters, IKEv2 TransformAtribute Types;Attribute Types, Transform Type 4 - Diffie-Hellman Group TransformIDs. Section 3.3.2 inIDs RFC7296.";7296: Internet Key Exchange Protocol Version 2 (IKEv2), Section 3.3.2."; } typedef auth-protocol-type { type enumeration { enum ikev2 { value 2; description "IKEv2 authentication protocol. It is the only one defined right now. An enum is used for further extensibility."; } } description "IKE authentication protocol version specified in the Peer Authorization Database (PAD). It is defined as enumerated to allow new IKE versions in the future."; reference "RFC7296.";7296: Internet Key Exchange Protocol Version 2 (IKEv2)."; } typedef auth-method-type { type enumeration { enum pre-shared { description "Select pre-shared key as the authentication method."; reference "RFC7296.";7296: Internet Key Exchange Protocol Version 2 (IKEv2)."; } enum eap { description "SelectEAPthe Extensible Authentication Protocol (EAP) as the authentication method."; reference "RFC7296.";7296: Internet Key Exchange Protocol Version 2 (IKEv2)."; } enum digital-signature { description "Select digital signature as the authentication method."; reference "RFC7296 and7296: Internet Key Exchange Protocol Version 2 (IKEv2) RFC7427.";7427: Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)."; } enum null { description "Null authentication."; reference "RFC7619.";7619: The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2)."; } } description "Peer authentication method specified in the Peer Authorization Database (PAD)."; } container ipsec-ike { description "IKE configuration foraan NSF. It includes PAD parameters, IKE connectioninformationinformation, and state data."; container pad { description "Configuration of the Peer Authorization Database (PAD). Each entry of PAD contains authentication information of either the local peer or the remote peer. Therefore, the I2NSF Controller stores authentication information (and credentials) not only for the remote NSF but also for the local NSF. The local NSF MAY use the same identity for different types of authentication and credentials. Pointing to the entry for a local NSF (e.g., A) and the entry for remote NSF (e.g., B) is possible to specify all the required information to carry out the authentication between A and B (see ../conn-entry/local and ../conn-entry/remote)."; list pad-entry { key "name"; ordered-by user; description "Peer Authorization Database (PAD) entry. It is a list of PAD entries ordered by the I2NSFControllerController, and each entry isunivocallyunequivocally identified by aname";name."; leaf name { type string; description"PAD unique"PAD-unique name to identify this entry."; } choice identity { mandatory true; description "A particular IKE peer will be identified by one of these identities. This peer can be a remote peer or local peer (this NSF)."; reference"Section 4.4.3.1 in RFC 4301.";"RFC 4301: Security Architecture for the Internet Protocol, Section 4.4.3.1."; case ipv4-address { leaf ipv4-address { type inet:ipv4-address; description "Specifies the identity as a singlefour (4) octet4-octet IPv4 address."; } } caseipv6-address{ipv6-address { leaf ipv6-address { type inet:ipv6-address; description "Specifies the identity as a singlesixteen (16) octet16-octet IPv6 address. An example is 2001:db8::8:800:200c:417a."; } } case fqdn-string { leaf fqdn-string { type inet:domain-name; description "Specifies the identity as aFully-QualifiedFully Qualified Domain Name (FQDN) string. An exampleis:is example.com. The string MUST NOT contain any terminators (e.g., NULL,CR,Carriage Return (CR), etc.)."; } } case rfc822-address-string { leaf rfc822-address-string { type string; description "Specifies the identity as afully-qualified RFC5322fully qualified email addressstring.string (RFC 5322). An exampleis,is jsmith@example.com. The string MUST NOT contain any terminators (e.g., NULL, CR, etc.)."; reference "RFC5322.";5322: Internet Message Format."; } } case dnx509 { leaf dnx509 { type binary; description "The binary Distinguished Encoding Rules (DER) encoding of an ASN.1 X.500 Distinguished Name, as specified in IKEv2."; reference "RFC5280. Section 3.5 in5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile RFC7296.";7296: Internet Key Exchange Protocol Version 2 (IKEv2), Section 3.5."; } } case gnx509 { leaf gnx509 { type binary; description "ASN.1 X.509 GeneralNamestructurestructure, as specified in RFC 5280, encoded using ASN.1distinguished encoding rulesDistinguished Encoding Rules (DER), as specified in ITU-T X.690."; reference "RFC5280";5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile."; } } case id-key { leaf id-key { type binary; description "Opaque octet stream that may be used to pass vendor-specific information for proprietary types of identification."; reference"Section 3.5 in RFC 7296.";"RFC 7296: Internet Key Exchange Protocol Version 2 (IKEv2), Section 3.5."; } } case id-null { leaf id-null { type empty; description "The ID_NULL identification is used when the IKE identification payload is notused." ;used."; reference "RFC7619.";7619: The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2)."; } } } leaf auth-protocol { type auth-protocol-type; defaultikev2;"ikev2"; description "Only IKEv2 is supported rightnownow, but other authentication protocols may be supported in the future."; } container peer-authentication { description "This container allows theSecurity Controllersecurity controller to configure the authentication method (pre-shared key, eap,digitial-signature,digital-signature, null) that will be used with a particular peer and the credentials to use, which will depend on the selected authentication method."; leaf auth-method { type auth-method-type; defaultpre-shared;"pre-shared"; description "Type of authentication method(pre-shared,(pre-shared key, eap, digital signature, null)."; reference"Section 2.15 in RFC 7296.";"RFC 7296: Internet Key Exchange Protocol Version 2 (IKEv2), Section 2.15."; } container eap-method { when "../auth-method = 'eap'"; leaf eap-type { type uint32{range{ range "1 .. 4294967295"; } mandatory true; description "EAP method type specified with a value extracted from the IANARegistry.registry. This information provides the particular EAP method to be used. Depending on the EAP method, pre-shared keys or certificates may be used."; } description "EAP method description used when authentication method is 'eap'."; reference"IANA Registry;"IANA: Extensible Authentication Protocol(EAP); Registry;(EAP) Registry, MethodTypes. Section 2.16 inTypes RFC7296.";7296: Internet Key Exchange Protocol Version 2 (IKEv2), Section 2.16."; } container pre-shared { when "../auth-method[.='pre-shared' or .='eap']"; leaf secret { nacm:default-deny-all; type yang:hex-string; description "Pre-shared secret value. The NSF has to prevent read access to this value for security reasons. This value MUST be set if the EAP method uses a pre-shared key or pre-shared authentication has been chosen."; } description "Shared secret value for PSK or EAP method authentication based on PSK."; } container digital-signature { when "../auth-method[.='digital-signature' or .='eap']"; leaf ds-algorithm { type uint8; default14;"14"; description "The digital signature algorithm is specified with a value extracted from the IANARegistry.registry. Default is the genericDigital Signaturedigital signature method. Depending on the algorithm, the following leafs MUST contain information. Forexampleexample, if digital signature or the EAP method involves acertificatecertificate, thenleafleaves 'cert-data' and 'private-key' will contain this information."; reference"IANA Registry;"IANA: Internet Key Exchange Version 2(IKEv2); Parameters;(IKEv2) Parameters, IKEv2 Authentication Method."; } choice public-key { leaf raw-public-key { type binary; description "A binary that contains the value of the public key. The interpretation of the content is defined by the digital signature algorithm. For example, an RSA key is represented asRSAPublicKeyRSAPublicKey, as defined in RFC 8017, and an Elliptic Curve Cryptography (ECC) key is represented using the 'publicKey' described in RFC 5915."; reference "RFC 5915: Elliptic Curve Private Key Structure RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2."; } leaf cert-data { type binary; description "X.509 certificate data in DER format. If raw-public-key is defined, this leaf is empty."; reference "RFC5280";5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile."; } description "If the I2NSF Controller knows that the NSF already owns a private key associated to this public key (e.g., the NSF generated the pair public key/private key out of band), it will only configure one of theleafleaves of this choice but not the leaf private-key. The NSF, based on the public key value, can know the private key to be used."; } leaf private-key { nacm:default-deny-all; type binary; description "A binary that contains the value of the private key. The interpretation of the content is defined by the digital signature algorithm. For example, an RSA key is represented asRSAPrivateKeyRSAPrivateKey, as defined in RFC 8017, and an Elliptic Curve Cryptography (ECC) key is represented asECPrivateKeyECPrivateKey, as defined in RFC 5915. This value is set ifpublic-keypublic key is defined and the I2NSFcontrollerController is in charge of configuring theprivate-key.private key. Otherwise, it is not set and the value is kept in secret."; reference "RFC 5915: Elliptic Curve Private Key Structure RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2."; } leaf-list ca-data { type binary; description "List of trusted Certification Authorities(CA)(CAs) certificates encoded using ASN.1distinguished encoding rulesDistinguished Encoding Rules (DER). If it is notdefineddefined, the default value is empty."; } leaf crl-data { type binary; description "A CertificateList structure, as specified in RFC 5280, encoded using ASN.1distinguished encoding rules (DER),asDistinguished Encoding Rules (DER), as specified in ITU-T X.690. If it is notdefineddefined, the default value is empty."; reference "RFC5280";5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile."; } leaf crl-uri { type inet:uri; description "X.509CRLCertificate Revocation List (CRL) certificate URI. If it is notdefineddefined, the default value is empty."; reference "RFC5280";5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile."; } leaf oscp-uri { type inet:uri; description"OCSP"Online Certificate Status Protocol (OCSP) URI. If it is notdefineddefined, the default value is empty."; reference "RFC2560 and6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP RFC5280";5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile."; } description"Digital Signature"digital-signature container."; } /*container digital-signature*/ } /*container peer-authentication*/ } } list conn-entry { key "name"; description "IKE peer connection information. This list contains the IKE connection for this peer with other peers. This willcreatecreate, in realtimetime, IKE Security Associations established with these nodes."; leaf name { type string; description "Identifier for this connection entry."; } leaf autostartup { type autostartup-type; defaultadd;"add"; description"By-default: Only"By default, only add configuration without starting the security association."; } leaf initial-contact { type boolean; defaultfalse;"false"; description "The goal of this value is to deactivate the usage of INITIAL_CONTACT notification (true). If this flag remains set tofalsefalse, it means the usage of the INITIAL_CONTACT notification will depend on the IKEv2 implementation."; } leaf version { type auth-protocol-type; defaultikev2;"ikev2"; description "IKE version. Only version 2 is supported."; } container fragmentation { leafenableenabled { type boolean; defaultfalse;"false"; description "Whether or not to enable IKEv2 fragmentation (true or false)."; reference "RFC7383.";7383: Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation."; } leaf mtu { when"../enable='true'";"../enabled='true'"; type uint16 { range "68..65535"; } description "MTU that IKEv2 can use for IKEv2 fragmentation."; reference "RFC7383.";7383: Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation."; } description "IKEv2fragmentationfragmentation, as per RFC 7383. If the IKEv2 fragmentation isenabledenabled, it is possible to specify the MTU."; } container ike-sa-lifetime-soft { description "IKE SA lifetime soft. Two lifetime values can be configured: either rekey time of the IKE SA or reauth time of the IKE SA. When the rekey lifetimeexpiresexpires, a rekey of the IKE SA starts. When reauth lifetimeexpires aexpires, an IKE SA reauthentication starts."; leaf rekey-time { type uint32; units "seconds"; default0;"0"; description "Time in seconds between each IKE SA rekey. The value 0 means infinite."; } leaf reauth-time { type uint32; units "seconds"; default0;"0"; description "Time in seconds between each IKE SA reauthentication. The value 0 means infinite."; } reference"Section 2.8 in RFC 7296.";"RFC 7296: Internet Key Exchange Protocol Version 2 (IKEv2), Section 2.8."; } container ike-sa-lifetime-hard { description "Hard IKE SA lifetime. When this time isreachedreached, the IKE SA is removed."; leaf over-time { type uint32; units "seconds"; default0;"0"; description "Time in seconds before the IKE SA is removed. The value 0 means infinite."; } reference "RFC7296.";7296: Internet Key Exchange Protocol Version 2 (IKEv2)."; } leaf-list ike-sa-intr-alg { type nsfikec:intr-alg-t; default12;"12"; ordered-by user; description "Integrity algorithm for establishing the IKE SA. This list is ordered following from the higher priority to lower priority.FirstThe first node of the list will be the algorithm with higher priority. Default value 12(AUTH_HMAC_SHA2_256_128)";(AUTH_HMAC_SHA2_256_128)."; } list ike-sa-encr-alg { keyid;"id"; min-elements 1; ordered-by user; leaf id { type uint16; description "An identifier that unequivocally identifies each entry of the list, i.e., an encryption algorithm and itskey-lengthkey length (ifrequired)";required)."; } leaf algorithm-type { type nsfikec:encr-alg-t; default12;"12"; description "Default value 12(ENCR_AES_CBC)";(ENCR_AES_CBC)."; } leaf key-length { type uint16; default128;"128"; description "Bydefaultdefault, key length is 128bits";bits."; } description "Encryption or AEAD algorithm for the IKE SAs. This list is ordered following from the higher priority to lower priority.FirstThe first node of the list will be the algorithm with higherpriority";priority."; } leaf dh-group { type fs-group; default14;"14"; description "Group number for Diffie-Hellman Exponentiation used during IKE_SA_INIT for the IKE SA key exchange."; } leaf half-open-ike-sa-timer { type uint32; units "seconds"; default0;"0"; description "Set the half-open IKE SA timeout duration. The value 0 implies infinite."; reference"Section"RFC 7296: Internet Key Exchange Protocol Version 2in RFC 7296.";(IKEv2), Section 2."; } leaf half-open-ike-sa-cookie-threshold { type uint32; default0;"0"; description "Number of half-open IKE SAs that activate the cookie mechanism. The value 0 impliesinfinite." ;infinite."; reference"Section 2.6 in RFC 7296.";"RFC 7296: Internet Key Exchange Protocol Version 2 (IKEv2), Section 2.6."; } container local { leaf local-pad-entry-name { type string; mandatory true; description "Local peer authentication information. This node points to a specific entry in the PAD where the authorization information about this particular local peer is stored. It MUST match a pad-entry-name."; } description "Local peer authentication information."; } container remote { leaf remote-pad-entry-name { type string; mandatory true; description "Remote peer authentication information. This node points to a specific entry in the PAD where the authorization information about this particular remote peer is stored. It MUST match a pad-entry-name."; } description "Remote peer authentication information."; } container encapsulation-type { uses nsfikec:encap; description "This container carries configuration information about the source and destination ports of encapsulation that IKE should use and the type of encapsulation that shouldusebe used when NAT traversal is required. However, this is just a best effort since the IKE implementation may need to use a differentencapsulationencapsulation, as described in RFC 8229."; reference "RFC8229.";8229: TCP Encapsulation of IKE and IPsec Packets."; } container spd { description "Configuration of the Security Policy Database (SPD). This main information is placed in the grouping ipsec-policy-grouping."; list spd-entry { key "name"; ordered-by user; leaf name { type string; description"SPD entry unique"SPD-entry-unique name to identify the IPsec policy."; } container ipsec-policy-config { description "This container carries the configuration ofaan IPsec policy."; uses nsfikec:ipsec-policy-grouping; } description "List of entrieswhichthat will constitute the representation of the SPD. In this case, since the NSF implements IKE, it is only required to sendaan IPsec policy from this NSF where 'local' is this NSF and 'remote' the other NSF. The IKE implementation will install IPsec policies in the NSF's kernel in both directions (inbound and outbound) and their corresponding IPsec SAs based on the information in this SPD entry."; } reference"Section 2.9 in RFC 7296.";"RFC 7296: Internet Key Exchange Protocol Version 2 (IKEv2), Section 2.9."; } container child-sa-info { leaf-list fs-groups { type fs-group; default0;"0"; ordered-by user; description "If non-zero, forward secrecy is required when a new IPsec SA is beingcreated. Thecreated, the (non-zero) value indicates the group number to use for the key exchange process used to achieve forward secrecy. This list is ordered following from the higher priority to lower priority.FirstThe first node of the list will be the algorithm with higher priority."; } container child-sa-lifetime-soft { description "Soft IPsec SA lifetime. After thelifetimelifetime, the action is defined in this container in the leaf action."; uses nsfikec:lifetime; leaf action { type nsfikec:lifetime-action; defaultreplace;"replace"; description "When the lifetime of an IPsec SAexpiresexpires, an action needs to be performed over the IPsec SA that reached the lifetime. There are three possible options: terminate-clear,terminate-holdterminate-hold, and replace."; reference"Section"RFC 4301: Security Architecture for the Internet Protocol, Section 4.5inRFC4301 and7296: Internet Key Exchange Protocol Version 2 (IKEv2), Section2.8 in RFC 7296.";2.8."; } } container child-sa-lifetime-hard { description "IPsec SA lifetime hard. The action will be to terminate the IPsec SA."; uses nsfikec:lifetime; reference"Section 2.8 in RFC 7296.";"RFC 7296: Internet Key Exchange Protocol Version 2 (IKEv2), Section 2.8."; } description "Specific information for IPsecSAsSAs. It includesPFSthe Perfect Forward Secrecy (PFS) group and IPsec SAs rekey lifetimes."; } container state { config false; leaf initiator { type boolean; description "It is acting as an initiator for this connection."; } leaf initiator-ikesa-spi { type ike-spi; description "Initiator's IKE SA SPI."; } leaf responder-ikesa-spi { type ike-spi; description "Responder's IKE SA SPI."; } leaf nat-local { type boolean; description"True,"True if local endpoint is behind a NAT."; } leaf nat-remote { type boolean; description"True,"True if remote endpoint is behind a NAT."; } container encapsulation-type { uses nsfikec:encap; description "This container provides information about the source and destination ports of encapsulation that IKE isusing,using and the type of encapsulation when NAT traversal is required."; reference "RFC8229.";8229: TCP Encapsulation of IKE and IPsec Packets."; } leaf established { type uint64; units "seconds"; description "Seconds since this IKE SA has been established."; } leaf current-rekey-time { type uint64; units "seconds"; description "Seconds before IKE SA is rekeyed."; } leaf current-reauth-time { type uint64; units "seconds"; description "Seconds before IKE SA isre-authenticated.";reauthenticated."; } description "IKE state data for a particular connection."; } /* ike-sa-state */ } /* ike-conn-entries */ container number-ike-sas { config false; leaf total { type yang:gauge64; description "Total number of active IKE SAs."; } leaf half-open { type yang:gauge64; description "Number of half-open active IKE SAs."; } leaf half-open-cookies { type yang:gauge64; description "Number ofhalf openhalf-open active IKE SAs with cookie activated."; } description "General information about the IKE SAs. In particular, it provides the current number of IKE SAs."; } } /* container ipsec-ike */ }<CODE ENDS> ]]> </artwork> </figure> </t>]]></sourcecode> </section> </section> <section anchor="ike-less-model"title="Thenumbered="true" toc="default"> <name>The 'ietf-i2nsf-ikeless'Module ">Module</name> <t>In this section, the YANG module for the IKE-less case is described.</t> <section anchor="ikeless-overview"title="Data model overview">numbered="true" toc="default"> <name>Data Model Overview</name> <t> For this case, the definition of the SPD model has been mainly extracted from the specification insection 4.4.1Section <xref target="RFC4301" section="4.4.1" sectionFormat="bare"/> and AppendixD<xref target="RFC4301" section="D" sectionFormat="bare"/> in <xreftarget="RFC4301"/>,target="RFC4301" format="default"/>, though with some changes, namely:</t><t> <list style="symbols"> <t>For<ul spacing="normal"> <li>For simplicity, each IPsec policy (spd-entry) contains onetraffic selector,Traffic Selector, instead of a list of them. The reason is that actual kernel implementations only admit a singletraffic selectorTraffic Selector per IPsecpolicy.</t> <t>Eachpolicy.</li> <li>Each IPsec policy contains an identifier (reqid) to relate the policy with the IPsec SA. This is common in Linux-basedsystems.</t> <t>Eachsystems.</li> <li>Each IPsec policy has only one name and not a list ofnames.</t> <t>Combinednames.</li> <li>Combined algorithms have been removed because encryption algorithmsMAY<bcp14>MAY</bcp14> includeauthenticated encryptionAuthenticated Encryption withassociated data (AEAD).</t> <t>TunnelAssociated Data (AEAD).</li> <li>Tunnel information has been extended with information about DSCP mapping. The reason is that certain kernel implementations accept configuration of thesevalues.</t> </list> </t>values.</li> </ul> <t>The definition of the SAD model has been mainly extracted from the specification insection 4.4.2 in<xreftarget="RFC4301"/>target="RFC4301" sectionFormat="of" section="4.4.2"/>, though with some changes, namely:</t><t> <list style="symbols"> <t>For<ul spacing="normal"> <li>For simplicity, each IPsec SA (sad-entry) contains onetraffic selector,Traffic Selector, instead of a list of them. The reason is that actual kernel implementations only admit a singletraffic selectorTraffic Selector per IPsecSA.</t> <t>EachSA.</li> <li>Each IPsec SA containsaan identifier (reqid) to relate the IPsec SA with the IPsecPolicy.policy. The reason is that real kernel implementations allowto includethisvalue.</t> <t>Eachvalue to be included.</li> <li>Each IPsec SAhasis alsoa namenamed in the same way as IPsecpolicies.</t> <t>Thepolicies.</li> <li>The model allows specifying the algorithm for encryption. This can beanAuthenticated Encryption with Associated Data (AEAD) or non-AEAD. If an AEAD algorithm isspecifiedspecified, the integrity algorithm is not required. Ifana non-AEAD algorithm isspecifiedspecified, the integrity algorithm is required <xreftarget="RFC8221"/>.</t> <t>Tunneltarget="RFC8221" format="default"/>.</li> <li>Tunnel information has been extended with information about Differentiated Services Code Point (DSCP) mapping. It is assumed that NSFs involved in this document provide ECNfull-functionalityfull functionality to prevent discarding of ECN congestion indications <xreftarget="RFC6040"/>.</t> <t>Lifetimetarget="RFC6040" format="default"/>.</li> <li>The lifetime of the IPsec SAs alsoincludeincludes idle time and the number of IP packets as a threshold to trigger the lifetime. The reason is that actual kernel implementations allowto setfor setting these types oflifetimes.</t> <t>Informationlifetimes.</li> <li>Information to configure the type of encapsulation (encapsulation-type) for IPsec ESP packets in UDP(<xref target="RFC3948"/>),<xref target="RFC3948" format="default"/> or TCP(<xref target="RFC8229"/>)<xref target="RFC8229" format="default"/> has beenincluded.</t> </list> </t> <!--In other words, each traffic selector of a policy (spd-entry) generates a different IPsec SA (sad-entry). -->included.</li> </ul> <t> The notifications model has been definedusingusing, asreferencereference, the PF_KEYv2 specification in <xreftarget="RFC2367"/>.</t>target="RFC2367" format="default"/>.</t> <t> The YANG data model for the IKE-less case is defined by the module "ietf-i2nsf-ikeless". Its structure is depicted in the following diagram, using the notation syntax for YANG tree diagrams(<xref target="RFC8340"/>).<xref target="RFC8340" format="default"/>. </t><t> <figure> <artwork> <![CDATA[<sourcecode type="yangtree"><![CDATA[ module: ietf-i2nsf-ikeless +--rw ipsec-ikeless +--rw spd | +--rw spd-entry* [name] | +--rw name string | +--rw direction nsfikec:ipsec-traffic-direction | +--rw reqid? uint64 | +--rw ipsec-policy-config | +--rw anti-replay-window-size? uint32 | +--rw traffic-selector | | +--rw local-prefix inet:ip-prefix | | +--rw remote-prefix inet:ip-prefix | | +--rw inner-protocol? ipsec-inner-protocol | | +--rw local-ports* [start end] | | | +--rw start inet:port-number | | | +--rw end inet:port-number | | +--rw remote-ports* [start end] | | +--rw start inet:port-number | | +--rw end inet:port-number | +--rw processing-info | +--rw action? ipsec-spd-action | +--rw ipsec-sa-cfg | +--rw pfp-flag? boolean | +--rw ext-seq-num? boolean | +--rw seq-overflow? boolean | +--rw stateful-frag-check? boolean | +--rw mode? ipsec-mode | +--rw protocol-parameters?ipsec-protocol-parametersipsec-protocol-params | +--rw esp-algorithms | | +--rw integrity* intr-alg-t | | +--rw encryption* [id] | | | +--rw id uint16 | | | +--rw algorithm-type? encr-alg-t | | | +--rw key-length? uint16 | | +--rw tfc-pad? boolean | +--rw tunnel | +--rw local inet:ip-address | +--rw remote inet:ip-address | +--rw df-bit? enumeration | +--rw bypass-dscp? boolean | +--rw dscp-mapping* [id] | +--rw id uint8 | +--rw inner-dscp? inet:dscp | +--rw outer-dscp? inet:dscp +--rw sad +--rw sad-entry* [name] +--rw name string +--rw reqid? uint64 +--rw ipsec-sa-config | +--rw spi uint32 | +--rw ext-seq-num? boolean | +--rw seq-overflow? boolean | +--rw anti-replay-window-size? uint32 | +--rw traffic-selector | | +--rw local-prefix inet:ip-prefix | | +--rw remote-prefix inet:ip-prefix | | +--rw inner-protocol? ipsec-inner-protocol | | +--rw local-ports* [start end] | | | +--rw start inet:port-number | | | +--rw end inet:port-number | | +--rw remote-ports* [start end] | | +--rw start inet:port-number | | +--rw end inet:port-number | +--rw protocol-parameters?nsfikec:ipsec-protocol-parametersnsfikec:ipsec-protocol-params | +--rw mode? nsfikec:ipsec-mode | +--rw esp-sa | | +--rw encryption | | | +--rw encryption-algorithm? nsfikec:encr-alg-t | | | +--rw key? yang:hex-string | | | +--rw iv? yang:hex-string | | +--rw integrity | | +--rw integrity-algorithm? nsfikec:intr-alg-t | | +--rw key? yang:hex-string | +--rw sa-lifetime-hard | | +--rw time? uint32 | | +--rw bytes? yang:counter64 | | +--rw packets? uint32 | | +--rw idle? uint32 | +--rw sa-lifetime-soft | | +--rw time? uint32 | | +--rw bytes? yang:counter64 | | +--rw packets? uint32 | | +--rw idle? uint32 | | +--rw action? nsfikec:lifetime-action | +--rw tunnel | | +--rw local inet:ip-address | | +--rw remote inet:ip-address | | +--rw df-bit? enumeration | | +--rw bypass-dscp? boolean | | +--rw dscp-mapping* [id] | | | +--rw id uint8 | | | +--rw inner-dscp? inet:dscp | | | +--rw outer-dscp? inet:dscp | | +--rw dscp-values* inet:dscp | +--rw encapsulation-type | +--rw espencap? esp-encap | +--rw sport? inet:port-number | +--rw dport? inet:port-number | +--rw oaddr* inet:ip-address +--ro ipsec-sa-state +--ro sa-lifetime-current | +--ro time? uint32 | +--ro bytes? yang:counter64 | +--ro packets? uint32 | +--ro idle? uint32 +--ro replay-stats +--ro replay-window | +--ro w? uint32 | +--ro t? uint64 | +--ro b? uint64 +--ro packet-dropped? yang:counter64 +--ro failed? yang:counter64 +--ro seq-number-counter? uint64 notifications: +---n sadb-acquire {ikeless-notification}? | +--ro ipsec-policy-name string | +--ro traffic-selector | +--ro local-prefix inet:ip-prefix | +--ro remote-prefix inet:ip-prefix | +--ro inner-protocol? ipsec-inner-protocol | +--ro local-ports* [start end] | | +--ro start inet:port-number | | +--ro end inet:port-number | +--ro remote-ports* [start end] | +--ro start inet:port-number | +--ro end inet:port-number +---n sadb-expire {ikeless-notification}? | +--ro ipsec-sa-name string | +--ro soft-lifetime-expire? boolean | +--ro lifetime-current | +--ro time? uint32 | +--ro bytes? yang:counter64 | +--ro packets? uint32 | +--ro idle? uint32 +---n sadb-seq-overflow {ikeless-notification}? | +--ro ipsec-sa-name string +---n sadb-bad-spi {ikeless-notification}? +--ro spi uint32]]> </artwork> </figure> </t>]]></sourcecode> <t> The YANG data model consists of a unique "ipsec-ikeless"containercontainer, which, in turn, is composed of two additional containers: "spd" and "sad". The "spd" container consists of a list of entries that form the Security Policy Database. Compared to the IKE case YANG data model, this part specifies a few additional parameters necessary due to the absence of an IKE software in the NSF: traffic direction to apply the IPsecpolicy,policy and a "reqid" value to link an IPsec policy with its associated IPsec SAs since it is otherwise a little hard to find by searching. The "sad" container is a list of entries that form the Security Association Database. In general, each entry allows specifying both configuration information (SPI,traffic selectors,Traffic Selectors, tunnel/transport mode, cryptographic algorithms and keying material, soft/hard lifetimes, etc.) as well asstatestating information (time to expire, replay statistics, etc.) of a concrete IPsec SA. </t><t> In<t>In addition, the module defines a set of notifications to allow the NSF to inform the I2NSFcontrollerController about relevanteventsevents, such as IPsec SA expiration, sequence numberoverflowoverflow, or bad SPI in a received packet. </t> </section> <section anchor="ikeless-examples"title="Example Usage">numbered="true" toc="default"> <name>Example Usage</name> <t> <xreftarget="appendix-e"/>target="appendix-e" format="default"/> shows an example of an IKE-less case configuration fora NSF,an NSF in transport mode (host-to-host). Additionally, <xreftarget="appendix-f"/>target="appendix-f" format="default"/> shows examples of IPsec SA expire, acquire, sequence numberoverflowoverflow, and bad SPI notifications. </t> </section> <section anchor="ikeless-module"title="YANG Module">numbered="true" toc="default"> <name>YANG Module</name> <t> This YANG module has normative references to <xreftarget="RFC4301"/>,target="RFC4301" format="default"/>, <xreftarget="RFC6991"/>,target="RFC4303" format="default"/>, <xreftarget="RFC8174"/>target="RFC6991" format="default"/>, <xref target="RFC8174" format="default"/> and <xreftarget="RFC8341"/>.target="RFC8341" format="default"/>. </t><t> <figure> <artwork> <![CDATA[ <CODE BEGINS> file "ietf-i2nsf-ikeless@2021-03-18.yang"<sourcecode name="ietf-i2nsf-ikeless@2021-06-09.yang" type="yang" markers="true"><![CDATA[ module ietf-i2nsf-ikeless { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikeless"; prefix"nsfikels";nsfikels; import ietf-inet-types { prefix inet; reference "RFC 6991: Common YANG DataTypes";Types."; } import ietf-yang-types { prefix yang; reference "RFC 6991: Common YANG DataTypes";Types."; } import ietf-i2nsf-ikec { prefix nsfikec; reference "RFCXXXX: Software-Defined Networking (SDN)-based9061: A YANG Data Model for IPsec FlowProtection.";Protection Based on Software-Defined Networking (SDN)."; } import ietf-netconf-acm { prefix nacm; reference "RFC 8341: Network Configuration Access Control Model."; } organization "IETF I2NSF Working Group"; contact "WG Web: <https://datatracker.ietf.org/wg/i2nsf/> WG List: <mailto:i2nsf@ietf.org> Author: Rafael Marin-Lopez <mailto:rafa@um.es> Author: Gabriel Lopez-Millan <mailto:gabilm@um.es> Author: Fernando Pereniguez-Garcia <mailto:fernando.pereniguez@cud.upct.es> "; description "Data model for IKE-less case in theSDN-baseSDN-based IPsec flow protection service. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here. Copyright (c)20202021 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFCXXXX;;9061; see the RFC itself for full legalnotices. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here.";notices."; revision"2021-03-18"2021-06-09 { description "Initial version."; reference "RFCXXXX: Software-Defined Networking (SDN)-based9061: A YANG Data Model for IPsec FlowProtection.";Protection Based on Software-Defined Networking (SDN)."; } feature ikeless-notification { description "This feature indicates that the server supports generating notifications in the ikeless module. To ensure broader applicability of this module, the notifications are marked as a feature. For the implementation ofikelessthe IKE-less case, the NSF is expected to implement this feature."; } container ipsec-ikeless { description "Container for configuration of the IKE-less case. The container contains two additional containers: 'spd' and 'sad'. The first allows the I2NSF Controller to configure IPsec policies in the Security Policy DatabaseSPD,(SPD), and the second allows the I2NSF Controller to configure IPsec Security Associations (IPsec SAs) in the Security Association Database (SAD)."; reference "RFC4301.";4301: Security Architecture for the Internet Protocol."; container spd { description "Configuration of the Security Policy Database(SPD.)";(SPD)."; reference"Section 4.4.1.2 in RFC 4301.";"RFC 4301: Security Architecture for the Internet Protocol, Section 4.4.1.2."; list spd-entry { key "name"; ordered-by user; leaf name { type string; description"SPD entry unique"SPD-entry-unique name to identify this entry."; } leaf direction { type nsfikec:ipsec-traffic-direction; mandatory true; description "Inbound traffic or outbound traffic. In the IKE-lesscasecase, the I2NSF Controller needs to specify the policy direction to be applied in the NSF. In the IKEcasecase, this direction does not need to bespecifiedspecified, since IKE will determine the direction that the IPsec policy will require."; } leaf reqid { type uint64; default0;"0"; description "This value allowsto linklinking this IPsec policy with IPsec SAs with the same reqid. It is only required in the IKE-less model since, in the IKEcasecase, this link is handled internally by IKE."; } container ipsec-policy-config { description "This container carries the configuration ofaan IPsec policy."; uses nsfikec:ipsec-policy-grouping; } description "The SPD is represented as a list of SPD entries, where each SPD entry represents an IPsec policy."; } /*list spd-entry*/ } /*container spd*/ container sad { description "Configuration of the IPsec Security Association Database(SAD)";(SAD)."; reference"Section 4.4.2.1 in RFC 4301.";"RFC 4301: Security Architecture for the Internet Protocol, Section 4.4.2.1."; list sad-entry { key "name"; ordered-by user; leaf name { type string; description"SAD entry unique"SAD-entry-unique name to identify this entry."; } leaf reqid { type uint64; default0;"0"; description "This value allowsto linklinking this IPsec SA with an IPsec policy with the same reqid."; } container ipsec-sa-config { description "This container allows configuring details of an IPsec SA."; leaf spi { type uint32 { range "0..max"; } mandatory true; description"Security"IPsec SA of Security Parameter Index(SPI)'s IPsec SA.";(SPI)."; } leaf ext-seq-num { type boolean; defaulttrue;"true"; description "True if this IPsec SA is using extended sequence numbers. If true, the 64-bit extended sequence number counter is used; if false, the normal 32-bit sequence number counter is used."; } leaf seq-overflow { type boolean; defaultfalse;"false"; description "The flag indicating whether overflow of the sequence number counter should prevent transmission of additional packets on the IPsec SA (false) and,thereforetherefore, needs to berekeyed,rekeyed or whether rollover is permitted (true). If Authenticated Encryption with Associated Data (AEAD) is used (leafesp-algorithms/encryption/algorithm-type)esp-algorithms/encryption/algorithm-type), this flag MUST BE false. Setting this flag to true is strongly discouraged."; } leaf anti-replay-window-size { type uint32; default64;"64"; description "To set the anti-replay window size. The default value is set to6464, followingRFC 4303 recommendation."; reference "Section 3.4.3the recommendation in RFC4303";4303."; reference "RFC 4303: IP Encapsulating Security Payload (ESP), Section 3.4.3."; } container traffic-selector { uses nsfikec:selector-grouping; description "The IPsec SAtraffic selector.";Traffic Selector."; } leaf protocol-parameters { typensfikec:ipsec-protocol-parameters;nsfikec:ipsec-protocol-params; defaultesp;"esp"; description "Security protocol of IPsecSA: OnlySA, only ESP so far."; } leaf mode { type nsfikec:ipsec-mode; defaulttransport;"transport"; description "Tunnel or transport mode."; } container esp-sa { when "../protocol-parameters = 'esp'"; description "In case the IPsec SA is an Encapsulation Security Payload (ESP), it is required to specify encryption and integrityalgorithms,algorithms and keymaterial.";materials."; container encryption { description "Configuration of encryption or AEAD algorithm for IPsec Encapsulation Security Payload (ESP)."; leaf encryption-algorithm { type nsfikec:encr-alg-t; default12;"12"; description "Configuration of ESP encryption. With AEAD algorithms, the integrity-algorithm leaf is not used."; } leaf key { nacm:default-deny-all; type yang:hex-string; description "ESP encryption key value. If this leaf is notdefineddefined, the key is not defined (e.g., encryption is NULL). The key length is determined by the length of the key set in this leaf. Bydefaultdefault, it is 128 bits."; } leaf iv { nacm:default-deny-all; type yang:hex-string; description "ESP encryption IV value. If this leaf is notdefineddefined, the IV is not defined (e.g., encryption isNULL)";NULL)."; } } container integrity { description "Configuration of integrity for IPsec Encapsulation Security Payload (ESP). This container allows configuration of integrity algorithms when no AEAD algorithms areused,used and integrity is required."; leaf integrity-algorithm { type nsfikec:intr-alg-t; default12;"12"; description "Message Authentication Code (MAC) algorithm to provide integrity in ESP (default AUTH_HMAC_SHA2_256_128). With AEAD algorithms, the integrity leaf is not used."; } leaf key { nacm:default-deny-all; type yang:hex-string; description "ESP integrity key value. If this leaf is notdefineddefined, the key is not defined (e.g., AEAD algorithm is chosen and integrity algorithm is not required). The key length is determined by the length of the key configured."; } } } /*container esp-sa*/ container sa-lifetime-hard { description "IPsec SA hard lifetime. The action associated is terminate and hold."; uses nsfikec:lifetime; } container sa-lifetime-soft { description "IPsec SA soft lifetime."; uses nsfikec:lifetime; leaf action { type nsfikec:lifetime-action; description "Action lifetime: terminate-clear,terminate-holdterminate-hold, or replace."; } } container tunnel { when "../mode = 'tunnel'"; uses nsfikec:tunnel-grouping; leaf-list dscp-values { type inet:dscp; description "DSCP values allowed for ingress packets carried over this IPsec SA. If no values are specified, no DSCP-specific filtering is applied. When ../bypass-dscp is false and a dscp-mapping is defined, each value here would be the same as the 'inner' DSCP value for the DSCP mapping (listdscp-mapping)";dscp-mapping)."; reference"Section 4.4.2.1. in RFC 4301.";"RFC 4301: Security Architecture for the Internet Protocol, Section 4.4.2.1."; } description "Endpoints of the IPsec tunnel."; } container encapsulation-type { uses nsfikec:encap; description "This container carries configuration information about the source and destination portswhichthat will be used for ESP encapsulationthatof ESP packets and the type of encapsulation when NAT traversal is in place."; } } /*ipsec-sa-config*/ container ipsec-sa-state { config false; description "Container describing IPsec SA state data."; container sa-lifetime-current { uses nsfikec:lifetime; description "SAD lifetime current."; } container replay-stats { description "State data about the anti-replay window."; container replay-window { leaf w { type uint32; description "Size of the replay window."; } leaf t { type uint64; description "Highest sequence number authenticated so far, upper bound of window."; } leaf b { type uint64; description "Lower bound of window."; } description "This container contains three parameters thatdefinesdefine the state of the replay window: window size (w), highest sequence number authenticated(t)(t), and lower bound of the window(b). According(b), according to Appendix A2.1-in RFC 4303w(w =t-b+1.";t - b + 1)."; reference"Appendix A in RFC 4303.";"RFC 4303: IP Encapsulating Security Payload (ESP), Appendix A."; } leaf packet-dropped { type yang:counter64; description "Packets dropped because they are replay packets."; } leaf failed { type yang:counter64; description "Number of packets detected out of the replay window."; } leaf seq-number-counter { type uint64; description "A 64-bit counter when this IPsec SA is using Extended Sequence Number or 32-bit counter when it is not. Current value of sequence number."; } } /* container replay-stats*/ } /*ipsec-sa-state*/ description "List of SAD entries thatformsform the SAD."; } /*list sad-entry*/ } /*containersad*/ }/*containersad*/ } /*container ipsec-ikeless*/ /* Notifications */ notification sadb-acquire { if-featureikeless-notification;"ikeless-notification"; description "The NSF detects and notifies that an IPsec SA is required for an outbound IP packet that has matchedaan SPD entry. The traffic-selector container in this notification contains information about the IP packet that triggered this notification."; leaf ipsec-policy-name { type string; mandatory true; description "It contains the SPD entry name (unique) of the IPsec policy that hits theIP packet requiredIP-packet-required IPsec SA. It is assumed the I2NSF Controller will have a copy of the information of this policy so it can extract all the information with this unique identifier. The type of IPsec SA is defined in the policy so theSecurity Controllersecurity controller can also know the type of IPsec SA that MUST be generated."; } container traffic-selector { description "The IP packet that triggered the acquire and requires an IPsec SA.SpecificallySpecifically, it will contain the IP source/mask and IPdestination/mask;destination/mask, protocol (udp, tcp,etc...);etc.), and source and destination ports."; uses nsfikec:selector-grouping; } } notification sadb-expire { if-featureikeless-notification;"ikeless-notification"; description "An IPsec SA expiration (soft or hard)."; leaf ipsec-sa-name { type string; mandatory true; description "It contains the SAD entry name (unique) of the IPsec SA that is about to expire. It is assumed the I2NSF Controller will have a copy of the IPsec SA information (except the cryptographic material and state data) indexed by this name (unique identifier) so it can know all the information (crypto algorithms, etc.) about the IPsec SA that has expired in order to perform a rekey (soft lifetime) or delete it (hard lifetime) with this unique identifier."; } leaf soft-lifetime-expire { type boolean; defaulttrue;"true"; description "If this value istruetrue, the lifetime expired is soft. If it isfalsefalse, the lifetime is hard."; } container lifetime-current { description "IPsec SA current lifetime. If soft-lifetime-expired istruetrue, this container is set with the lifetime information about current soft lifetime. It can help the NSF Controller to know which of the (soft) lifetime limits raised the event: time, bytes,packetspackets, or idle."; uses nsfikec:lifetime; } } notification sadb-seq-overflow { if-featureikeless-notification;"ikeless-notification"; description "Sequence overflow notification."; leaf ipsec-sa-name { type string; mandatory true; description "It contains the SAD entry name (unique) of the IPsec SA that is about to have a sequence numberoverflowoverflow, and rollover is not permitted. When the NSF issues this event before reaching a sequencenumbernumber, overflow is implementation specific and out of scope of this specification. It is assumed the I2NSF Controller will have a copy of the IPsec SA information (except the cryptographic material and state data) indexed by this name (unique identifier) so it can know all the information (crypto algorithms, etc.) about the IPsec SA in order to perform a rekey of the IPsec SA."; } } notification sadb-bad-spi { if-featureikeless-notification;"ikeless-notification"; description "Notify when the NSF receives a packet with an incorrect SPI(i.e.(i.e., not present in the SAD)."; leaf spi { type uint32 { range "0..max"; } mandatory true; description "SPI number contained in the erroneous IPsec packet."; } } }<CODE ENDS> ]]> </artwork> </figure> </t>]]></sourcecode> </section> </section> </section> <section anchor="iana"title="IANA Considerations"> <t>This document registers three URIsnumbered="true" toc="default"> <name>IANA Considerations</name> <t>IANA has registered the following namespaces in the "ns" subregistryofwithin theIETF"IETF XMLRegistry <xref target="RFC3688"/>. Following the format inRegistry" <xreftarget="RFC3688"/>, the following registrations are requested:</t> <t> <figure> <artwork> URI: urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikec Registrant Contact: The IESG. XML: N/A,target="RFC3688" format="default"/>:</t> <dl newline="false" spacing="compact"> <dt>URI:</dt> <dd>urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikec</dd> <dt>Registrant Contact:</dt> <dd>The IESG.</dd> <dt>XML:</dt> <dd>N/A, the requested URI is an XMLnamespace. URI: urn:ietf:params:xml:ns:yang:ietf-i2nsf-ike Registrant Contact: The IESG. XML: N/A,namespace.</dd> </dl> <dl newline="false" spacing="compact"> <dt>URI:</dt> <dd>urn:ietf:params:xml:ns:yang:ietf-i2nsf-ike</dd> <dt>Registrant Contact:</dt> <dd>The IESG.</dd> <dt>XML:</dt> <dd>N/A, the requested URI is an XMLnamespace. URI: urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikeless Registrant Contact: The IESG. XML: N/A,namespace.</dd> </dl> <dl newline="false" spacing="compact"> <dt>URI:</dt> <dd>urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikeless</dd> <dt>Registrant Contact:</dt> <dd>The IESG.</dd> <dt>XML:</dt> <dd>N/A, the requested URI is an XMLnamespace. </artwork> </figure> </t> <t>This document registers threenamespace.</dd> </dl> <t>IANA has registered the following YANG modules in the "YANG Module Names" registry <xreftarget="RFC6020"/>. Following the format in <xref target="RFC6020"/>, the following registrations are requested:</t> <t> <figure> <artwork> Name: ietf-i2nsf-ikec Namespace: urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikec Prefix: nsfikec Reference: RFC XXXX Name: ietf-i2nsf-ike Namespace: urn:ietf:params:xml:ns:yang:ietf-i2nsf-ike Prefix: nsfike Reference: RFC XXXX Name: ietf-i2nsf-ikeless Namespace: urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikeless Prefix: nsfikels Reference: RFC XXXX </artwork> </figure> </t>target="RFC6020" format="default"/>:</t> <dl newline="false" spacing="compact" indent="14"> <dt>Name:</dt> <dd>ietf-i2nsf-ikec</dd> <dt>Maintained by IANA:</dt> <dd>N</dd> <dt>Namespace:</dt> <dd>urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikec</dd> <dt>Prefix:</dt> <dd>nsfikec</dd> <dt>Reference:</dt> <dd>RFC 9061</dd> </dl> <dl newline="false" spacing="compact" indent="14"> <dt>Name:</dt> <dd>ietf-i2nsf-ike</dd> <dt>Maintained by IANA:</dt> <dd>N</dd> <dt>Namespace:</dt> <dd>urn:ietf:params:xml:ns:yang:ietf-i2nsf-ike</dd> <dt>Prefix:</dt> <dd>nsfike</dd> <dt>Reference:</dt> <dd>RFC 9061</dd> </dl> <dl newline="false" spacing="compact" indent="14"> <dt>Name:</dt> <dd>ietf-i2nsf-ikeless</dd> <dt>Maintained by IANA:</dt> <dd>N</dd> <dt>Namespace:</dt> <dd>urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikeless</dd> <dt>Prefix:</dt> <dd>nsfikels</dd> <dt>Reference:</dt> <dd>RFC 9061</dd> </dl> </section> <section anchor="security"title="Security Considerations">numbered="true" toc="default"> <name>Security Considerations</name> <t> First of all, this document shares all the security issues of SDN that are specified in the"Security Considerations" sectionSecurity Considerations sections of <xreftarget="ITU-T.Y.3300"/>target="ITU-T.Y.3300" format="default"/> and <xreftarget="RFC7426"/>.target="RFC7426" format="default"/>. </t> <t>On the one hand, it is important to note that thereMUST<bcp14>MUST</bcp14> exist a security association between the I2NSF Controller and the NSFs to protect the critical information (cryptographic keys, configuration parameter, etc.) exchanged between these entities. The nature of and means to create that security association is out of the scope of this document (i.e., it is part of device provisioning or onboarding).</t> <t>On the other hand, if encryption is mandatory for all traffic ofaan NSF, its default policyMUST<bcp14>MUST</bcp14> be to drop (DISCARD) packets to prevent cleartext packet leaks. This default policyMUST<bcp14>MUST</bcp14> bepre-configuredpreconfigured in the startup configuration datastore in the NSF before the NSF contacts the I2NSF Controller. Moreover, the startup configuration datastoreMUST<bcp14>MUST</bcp14> be alsopre-configuredpreconfigured with the required ALLOW policies that allow the NSF to communicate with the I2NSF Controller once the NSF is deployed. Thispre-configurationpreconfiguration step is not carried out by the I2NSF Controller but by some other entity before the NSF deployment.<!--Moreover, this initial startup configuration MUST include the different policies that allow this NSF to contact the SC once the NSF has been deployed. -->InIn this manner, when the NSF starts/reboots, it will always first apply the configuration in the startup configuration before contacting the I2NSF Controller.</t> <t>Finally, this section is divided in two parts in order to analyze different security considerations for both cases: NSF with IKEv2 (IKE case) and NSF without IKEv2 (IKE-less case). In general, the I2NSF Controller, as typically in the SDN paradigm, is a target for different type ofattacksattacks; see <xreftarget="SDNSecServ"/>target="SDNSecServ" format="default"/> and <xreftarget="SDNSecurity"/>.target="SDNSecurity" format="default"/>. Thus, the I2NSF Controller is a key entity in the infrastructure andMUST<bcp14>MUST</bcp14> be protected accordingly. In particular, the I2NSF Controller will handle cryptographicmaterial thusmaterial; thus, the attacker may try to access this information. The impact is different depending on the IKE case or the IKE-less case.</t> <section anchor="sec-case1"title="IKE case">numbered="true" toc="default"> <name>IKE Case</name> <t>In the IKE case, the I2NSF Controller sends IKEv2 credentials (PSK, public/private keys, certificates, etc.) to the NSFs using the security association between the I2NSF Controller and NSFs. The I2NSF ControllerMUST NOT<bcp14>MUST NOT</bcp14> store the IKEv2 credentials after distributing them. Moreover, the NSFsMUST NOT<bcp14>MUST NOT</bcp14> allow the reading of these values once they have been applied by the I2NSF Controller(i.e. write only(i.e., write-only operations). One option is to always return the same value(i.e.(i.e., all 0s) if a read operation is carried out.</t> <t>If the attacker has access to the I2NSF Controller during the period of time that key material is generated, it might have access to the key material. Since these values are used during NSF authentication in IKEv2, it may impersonate the affected NSFs. Several recommendations are important.<list style="symbols"> <t></t> <ul spacing="normal"> <li> IKEv2 configurationsSHOULD<bcp14>SHOULD</bcp14> adhere to the recommendations in <xreftarget="RFC8247"/>. </t> <t>target="RFC8247" format="default"/>. </li> <li> If PSK authentication is used in IKEv2, the I2NSF ControllerMUST<bcp14>MUST</bcp14> remove the PSK immediately after generating and distributing it.</t> <t>When</li> <li>When public/private keys are used, the I2NSF ControllerMAY<bcp14>MAY</bcp14> generate both public key and private key. In such a case, the I2NSF ControllerMUST<bcp14>MUST</bcp14> remove the associated private key immediately after distributing them to the NSFs. Alternatively, the NSFMAY<bcp14>MAY</bcp14> generate the private key and export only the public key to the I2NSF Controller. How the NSF generates these cryptographicmaterialmaterials (public key/ private keys) and exports the publickey,key is out of scope of this document.</t> <t>If</li> <li>If certificates are used, the NSFMAY<bcp14>MAY</bcp14> generate the private key and export the public key for certification to the I2NSF Controller. How the NSF generates these cryptographic material (public key/ private keys) and exports the publickey,key is out of scope of thisdocument.</t> </list> </t>document.</li> </ul> </section> <section anchor="sec-case2"title="IKE-less case">numbered="true" toc="default"> <name>IKE-less Case</name> <t> In the IKE-less case, the I2NSF Controller sends the IPsec SA information to the NSF's SAD that includes the private session keys required for integrity and encryption. The I2NSF ControllerMUST NOT<bcp14>MUST NOT</bcp14> store the keys after distributing them. Moreover, the NSFs receiving private key materialMUST NOT<bcp14>MUST NOT</bcp14> allow the reading of these values by any other entity (including the I2NSF Controller itself) once they have been applied(i.e. write only(i.e., write-only operations) into the NSFs. Nevertheless, if the attacker has access to the I2NSF Controller during the period of time that key material is generated, it may obtain these values. In other words, the attacker might be able to observe the IPsec traffic and decrypt, or even modify and re-encrypt, the traffic between peers. </t> <t>Finally, the security association between the I2NSF Controller and the NSFsMUST<bcp14>MUST</bcp14> provide, at least, the same degree of protection as the one achieved by the IPsec SAs configured in the NSFs. In particular, the security association between the I2NSF Controller and the NSFsMUST<bcp14>MUST</bcp14> provide forward secrecy if this property is to be achieved in the IPsec SAs that the I2NSF Controller configures in the NSFs. Similarly, the encryption algorithms used in the security association between the I2NSF Controller and the NSFMUST<bcp14>MUST</bcp14> have, at least, the same strength (minimum strength of a 128-bit key) as the algorithms used to establish the IPsec SAs. </t> </section> <section anchor="sec-yang"title="YANG modules">numbered="true" toc="default"> <name>YANG Modules</name> <t>The YANG modules specified in this document define a schema for data that is designed to be accessed via network management protocols such as NETCONF <xreftarget="RFC6241"/>target="RFC6241" format="default"/> or RESTCONF <xreftarget="RFC8040"/>.target="RFC8040" format="default"/>. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) <xreftarget="RFC6242"/>.target="RFC6242" format="default"/>. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS <xreftarget="RFC8446"/>.</t>target="RFC8446" format="default"/>.</t> <t>The Network Configuration Access Control Model (NACM) <xreftarget="RFC8341"/>target="RFC8341" format="default"/> provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content.</t> <t>There are a number of data nodes defined in these YANG modules that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. These are the subtrees and data nodes and their sensitivity/vulnerability:</t><t> For<dl newline="true" spacing="normal"> <dt>For the IKE case(ietf-i2nsf-ike): <list hangIndent="6" style="hanging"> <t>/ipsec-ike: The(ietf-i2nsf-ike):</dt> <dd> <dl newline="false" spacing="normal"> <dt>/ipsec-ike:</dt> <dd>The entire container in this module is sensitive to write operations. An attacker may add/modify the credentials to be used for the authentication (e.g., to impersonateaan NSF), for the trust root (e.g., changing the trusted CA certificates), for the cryptographic algorithms (allowing a downgrading attack), for the IPsec policies (e.g., by allowing leaking of data traffic by changing to an allow policy), and ingeneralgeneral, changing the IKE SA conditions and credentials between anyNSF.</t> </list> </t> <t>NSF.</dd></dl> </dd> <dt> For the IKE-less case(ietf-i2nsf-ikeless): <list hangIndent="6" style="hanging"> <t>/ipsec-ikeless: The(ietf-i2nsf-ikeless):</dt> <dd> <dl newline="false" spacing="normal"> <dt>/ipsec-ikeless: </dt> <dd>The entire container in this module is sensitive to write operations. An attacker may add/modify/delete any IPsec policies (e.g., by allowing leaking of data traffic by changing toaan allow policy) in the /ipsec-ikeless/spd container,andadd/modify/delete any IPsec SAs between two NSF by means of /ipsec-ikeless/sadcontainercontainer, and, in general,changingchange any IPsec SAs and IPsec policies between anyNSF.</t> </list> </t>NSF.</dd></dl> </dd> </dl> <t>Some of the readable data nodes inthisthese YANGmodulemodules may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. These are the subtrees and data nodes and their sensitivity/vulnerability:</t><t><dl newline="true" spacing="normal"> <dt> For the IKE case(ietf-i2nsf-ike): <list hangIndent="6" style="hanging"> <t>/ipsec-ike/pad: This(ietf-i2nsf-ike):</dt> <dd> <dl newline="false" spacing="normal"> <dt>/ipsec-ike/pad:</dt> <dd>This container includes sensitive information to read operations. This informationMUST NOT<bcp14>MUST NOT</bcp14> be returned to a client. For example, cryptographic material configured in the NSFs (peer-authentication/pre-shared/secret and peer-authentication/digital-signature/private-key) are already protected by the NACM extension "default-deny-all" in thisdocument.</t> </list> </t> <t>document.</dd></dl> </dd> <dt> For the IKE-less case(ietf-i2nsf-ikeless): <list hangIndent="6" style="hanging"> <t>/ipsec-ikeless/sad/sad-entry/ipsec-sa-config/esp-sa: This(ietf-i2nsf-ikeless):</dt> <dd> <dl newline="false" spacing="normal"> <dt>/ipsec-ikeless/sad/sad-entry/ipsec-sa-config/esp-sa:</dt> <dd>This container includes symmetric keys for the IPsec SAs. For example, encryption/key contains an ESP encryption key value and encryption/iv contains aninitialization vectorInitialization Vector value. Similarly, integrity/key has an ESP integrity key value. Those valuesMUST NOT<bcp14>MUST NOT</bcp14> be read by anyone and are protected by the NACM extension "default-deny-all" in this document.</t> </list> </t> </section></dd></dl> </dd> </dl> </section><section anchor="ack" title="Acknowledgements"> <t> Authors want to thank Paul Wouters, Valery Smyslov,Sowmini Varadhan, David Carrel, Yoav Nir, Tero Kivinen, Martin Bjorklund, Graham Bartlett, Sandeep Kampati, Linda Dunbar, Mohit Sethi, Martin Bjorklund, Tom Petch, Christian Hopps, Rob Wilton, Carlos J. Bernardos, Alejandro Perez-Mendez, Alejandro Abad-Carrascosa, Ignacio Martinez, Ruben Ricart, and all IESG members that have reviewed this document for their valuable comments. </t></section> </middle> <back><references title="Normative References"> &RFC2119; &RFC4301; &RFC7296; &RFC6020; &RFC8446; &RFC6241; &RFC6242; &RFC8341; &RFC8040; &RFC7950; &RFC8247; &RFC8342; &RFC8340; &RFC2247; &RFC3947; &RFC4303; &RFC5280; &RFC5915; &RFC7383; &RFC7427; &RFC7619; &RFC8017; &RFC8174; &RFC8221; &RFC6991; &RFC5322; &RFC3948; &RFC8229;<displayreference target="I-D.tran-ipsecme-yang" to="TRAN-IPSECME-YANG"/> <displayreference target="I-D.carrel-ipsecme-controller-ike" to="IPSECME-CONTROLLER-IKE"/> <references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4301.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7296.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6020.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6241.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6242.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8341.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8040.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7950.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8247.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8342.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8340.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3947.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4303.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5280.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5915.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7383.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7427.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7619.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8017.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8221.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6991.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5322.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3948.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8229.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6960.xml"/> <reference anchor="IKEv2-Parameters"target='https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml'>target="https://www.iana.org/assignments/ikev2-parameters/"> <front> <title>Internet Key Exchange Version 2 (IKEv2) Parameters </title><author initials="IANA"> <organization>Internet Assigned Numbers Authority (IANA)</organization><author> <organization>IANA</organization> </author><date month="August" day="14" year="2020"/></front><format type="TXT" target="https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml"/></reference> <reference anchor="IKEv2-Transform-Type-1"target='https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-5'>target="https://www.iana.org/assignments/ikev2-parameters/"> <front><title>Internet Key Exchange Version 2 (IKEv2) Parameters - Transform Type Values - Transform<title>Transform Type 1 - Encryption Algorithm Transform IDs</title><author initials="IANA"> <organization>Internet Assigned Numbers Authority (IANA)</organization><author> <organization>IANA</organization> </author><date month="August" day="14" year="2020"/></front><format type="TXT" target="https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-5"/> </reference> <reference anchor="IKEv2-Transform-Type-3" target='https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-7'> <front> <title>Internet Key Exchange Version 2 (IKEv2) Parameters - Transform Type Values - Transform</reference> <reference anchor="IKEv2-Transform-Type-3" target="https://www.iana.org/assignments/ikev2-parameters/"> <front> <title>Transform Type 3 - Integrity Algorithm Transform IDs</title><author initials="IANA"> <organization>Internet Assigned Numbers Authority (IANA)</organization><author> <organization>IANA</organization> </author><date month="August" day="14" year="2020"/></front><format type="TXT" target="https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-7"/></reference> <reference anchor="IKEv2-Transform-Type-4"target='https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-8'>target="https://www.iana.org/assignments/ikev2-parameters/"> <front><title>Internet Key Exchange Version 2 (IKEv2) Parameters - Transform Type Values - Transform<title>Transform Type 4 - Diffie-Hellman Group Transform IDs</title><author initials="IANA"> <organization>Internet Assigned Numbers Authority (IANA)</organization><author> <organization>IANA</organization> </author><date month="August" day="14" year="2020"/></front><format type="TXT" target="https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-8"/></reference> <reference anchor="IKEv2-Auth-Method"target='https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-12'>target="https://www.iana.org/assignments/ikev2-parameters/"> <front><title>Internet Key Exchange Version 2 (IKEv2) Parameters - IKEv2<title>IKEv2 Authentication Method</title><author initials="IANA"> <organization>Internet Assigned Numbers Authority (IANA)</organization><author> <organization>IANA</organization> </author><date month="August" day="14" year="2020"/></front><format type="TXT" target="https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-12"/></reference> <reference anchor="IANA-Protocols-Number"target='https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml'>target="https://www.iana.org/assignments/protocol-numbers/"> <front> <title>Protocol Numbers</title><author initials="IANA"> <organization>Internet Assigned Numbers Authority (IANA)</organization><author> <organization>IANA</organization> </author><date month="January" day="31" year="2020"/></front><format type="TXT" target="https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml"/></reference> <reference anchor="IANA-Method-Type"target='https://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml#eap-numbers-4'>target="https://www.iana.org/assignments/eap-numbers/"> <front> <title>Method Type</title><author initials="IANA"> <organization>Internet Assigned Numbers Authority (IANA)</organization><author> <organization>IANA</organization> </author><date month="April" day="14" year="2020"/></front><format type="TXT" target="https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml"/></reference> <reference anchor="ITU-T.X.690"> <front><title>Recommendation ITU-T X.690</title> <author/> <date month="August" year="2015"/> </front> </reference> </references> <references title="Informative References"> &RFC7149; &RFC2367; &RFC6071; &RFC7426; &RFC3688; &RFC6437; &RFC8192; &RFC8329; &RFC6040; <reference anchor="I-D.tran-ipsecme-yang"> <front> <title>Yang Data Model for Internet Protocol Security (IPsec)</title> <author initials="K" surname="Tran" fullname="Khanh Tran"> <organization/> </author> <author initials="H" surname="Wang" fullname="Honglei Wang"> <organization/> </author> <author initials="V" surname="Nagaraj" fullname="Vijay Kumar Nagaraj"> <organization/> </author> <author initials="X" surname="Chen" fullname="Xia Chen"> <organization/> </author> <date month="June" day="15" year="2015"/> <abstract> <t> This document describes a YANG data model for the IPsec(Internet Protocol Security) protocol. The model covers the IPsec protocol operational state<title>Information Technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) andremote procedural calls. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-tran-ipsecme-yang-01"/> <format type="TXT" target="https://tools.ietf.org/html/draft-tran-ipsecme-yang-01"/> </reference> <reference anchor="I-D.carrel-ipsecme-controller-ike"> <front> <title>IPsec Key Exchange using a Controller</title> <author initials="D" surname="Carrel" fullname="David Carrel"> <organization/> </author> <author initials="B" surname="Weiss" fullname="Brian Weiss"> <organization/> </author>Distinguished Encoding Rules (DER)</title> <author><organization>International Telecommunication Union</organization></author> <datemonth="March" day="11" year="2019"/> <abstract> <t> This document presents a key exchange method allowing devices managed by a controller (e.g., an SDN management station) to create private pair-wise IPsec SAs without IKEv2 or any other direct peer-to-peer session establishment messages. The method can be used when a full mesh of IKEv2 sessions between IPsec devices is not appropriate. </t> </abstract>month="February" year="2021"/> </front><seriesInfo name="Internet-Draft" value="draft-carrel-ipsecme-controller-ike-01"/> <format type="TXT" target="https://tools.ietf.org/html/draft-carrel-ipsecme-controller-ike-01"/><refcontent>ITU-T Recommendation X.690</refcontent> <refcontent>ISO/IEC 8825-1</refcontent> </reference> </references> <references> <name>Informative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7149.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2367.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6071.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7426.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3688.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6437.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8192.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8329.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6040.xml"/> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.tran-ipsecme-yang.xml"/> <xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.carrel-ipsecme-controller-ike.xml"/> <reference anchor="ITU-T.Y.3300"target='https://www.itu.int/rec/T-REC-Y.3300/en'>target="https://www.itu.int/rec/T-REC-Y.3300/en"> <front><title>Recommendation ITU-T Y.3300</title> <author/><title>Y.3300: Framework of software-defined networking</title> <author> <organization>International Telecommunications Union</organization> </author> <date month="June" year="2014"/> </front> </reference> <reference anchor="ONF-SDN-Architecture"target='https://www.opennetworking.org/wp-content/uploads/2013/02/TR_SDN_ARCH_1.0_06062014.pdf '>target="https://www.opennetworking.org/wp-content/uploads/2013/02/TR_SDN_ARCH_1.0_06062014.pdf "> <front> <title>SDNArchitecture</title> <author/>architecture</title> <author> <organization>Open Networking Foundation</organization> </author> <date month="June" year="2014"/> </front> <seriesInfo name="Issue" value="1"/> </reference> <reference anchor="ONF-OpenFlow"target='https://www.opennetworking.org/wp-content/uploads/2014/10/openflow-spec-v1.4.0.pdf '>target="https://www.opennetworking.org/wp-content/uploads/2014/10/openflow-spec-v1.4.0.pdf "> <front> <title>OpenFlow SwitchSpecification (Version 1.4.0)</title>Specification</title> <author><organization>ONF</organization><organization>Open Networking Foundation</organization> </author> <date month="October" year="2013"/> </front> <seriesInfo name="Version" value="1.4.0 (Wire Protocol 0x05)"/> </reference><!--<reference anchor="ITU-T.X.1252"> <front> <title>Baseline Identity Management Terms and Definitions</title> <author/> <date month="April" year="2010"/> </front> </reference>--> <!--<reference anchor="ITU-T.X.800"> <front> <title>Security Architecture for Open Systems Interconnection for CCITT Applications</title> <author/> <date month="March" year="1991"/> </front> </reference>--><reference anchor="netconf-vpn"target='https://ripe68.ripe.net/presentations/181-NETCONF-YANG-tutorial-43.pdf'>target="https://ripe68.ripe.net/presentations/181-NETCONF-YANG-tutorial-43.pdf"> <front> <title>Tutorial: NETCONF and YANG</title> <author> <organization>Stefan Wallin</organization> </author> <date month="January" year="2014"/> </front> </reference> <reference anchor="strongswan"target='https://www.strongswan.org/'>target="https://www.strongswan.org/"> <front><title>StrongSwan:<title>strongSwan: the OpenSource IPsec-based VPN Solution</title> <author initials="CESNET"> <organization>CESNET</organization> </author><date month="September" day="07" year="2020"/></front> <format type="TXT" target="https://www.strongswan.org"/> </reference> <reference anchor="libreswan"target='https://libreswan.org/'>target="https://libreswan.org/"> <front> <title>Libreswan VPN software</title> <author initials="The Libreswan Project"> <organization>The Libreswan Project</organization> </author><date month="September" day="7" year="2020"/></front><format type="TXT" target="https://libreswan.org/"/></reference> <reference anchor="SDNSecurity"> <front> <title>Towards secure and dependable software-definednetworks. HotSDN 2013 - Proceedings of the 2013 ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 55-60. 10.1145/2491185.2491199. </title>networks</title> <author initials="D" surname="Kreutz" fullname="D. Kreutz"> <organization/> </author> <author initials="F" surname="Ramos" fullname="F. Ramos"> <organization/> </author> <author initials="P" surname="Verissimo" fullname="P. Verissimo"> <organization/> </author> <date month="August" year="2013"/> </front></reference> <reference anchor="SDNSecServ"> <front> <title>SDN Security: A Survey. IEEE SDN for Future Networks and Services (SDN4FNS), Trento, 2013,<refcontent>Proceedings of the second ACM SIGCOMM workshop on Hot Topics in software defined networking, pp.1-7, doi: 10.1109/SDN4FNS.2013.6702553.</title>55-60</refcontent> <seriesInfo name="DOI" value="10.1145/2491185.2491199"/> </reference> <reference anchor="SDNSecServ"> <front> <title>Sdn Security: A Survey</title> <author initials="S" surname="Scott-Hayward" fullname="S. Scott-Hayward"> <organization/> </author> <author initials="G" surname="O'Callaghan" fullname="G. O'Callaghan"> <organization/> </author> <author initials="P" surname="Sezer" fullname="P. Sezer"> <organization/> </author> <date month="November" year="2013"/> </front> <refcontent>2013 IEEE SDN for Future Networks and Services (SDN4FNS), pp. 1-7</refcontent> <seriesInfo name="DOI" value="10.1109/SDN4FNS.2013.6702553"/> </reference> </references> </references> <section anchor="appendix-d"title="XML configuration examplenumbered="true" toc="default"> <name>XML Configuration Example for IKEcase (gateway-to-gateway)">Case (Gateway-to-Gateway)</name> <t>This example showsaan XML configuration file sent by the I2NSF Controller to establishaan IPsec SA between two NSFs (see <xreftarget="fig:example-ike"/>)target="fig_example-ike" format="default"/>) in tunnel mode (gateway-to-gateway) with ESP, with authentication based on X.509 certificates (simplified for brevity with "base64encodedvalue==") and applying the IKE case.</t><t><figurealign="center" anchor="fig:example-ike" title="IKE case, tunnel mode ,anchor="fig_example-ike"> <name>IKE Case, Tunnel Mode, X.509certificate authentication.">Certificate Authentication</name> <artworkalign="center"> <![CDATA[align="center" name="" type="" alt=""><![CDATA[ +------------------+ | I2NSF Controller | +------------------+ I2NSF NSF-Facing | Interface | /-----------------+---------------\ / \ / \ +----+ +--------+ +--------+ +----+ | h1 |--| nsf_h1 |== IPsec_ESP_Tunnel_mode == | nsf_h2 |--| h2 | +----+ +--------+ +--------+ +----+ :1 :100 :200 :1 (2001:db8:1:/64) (2001:db8:123:/64) (2001:db8:2:/64)]]> </artwork>]]></artwork> </figure></t> <t> <figure> <artwork> <![CDATA[<sourcecode type="xml"><![CDATA[ <ipsec-ike xmlns="urn:ietf:params:xml:ns:yang:ietf-i2nsf-ike" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"> <pad> <pad-entry> <name>nsf_h1_pad</name> <ipv6-address>2001:db8:123::100</ipv6-address> <peer-authentication> <auth-method>digital-signature</auth-method> <digital-signature> <cert-data>base64encodedvalue==</cert-data> <private-key>base64encodedvalue==</private-key> <ca-data>base64encodedvalue==</ca-data> </digital-signature> </peer-authentication> </pad-entry> <pad-entry> <name>nsf_h2_pad</name> <ipv6-address>2001:db8:123::200</ipv6-address> <auth-protocol>ikev2</auth-protocol> <peer-authentication> <auth-method>digital-signature</auth-method> <digital-signature> <!-- RSA Digital Signature --> <ds-algorithm>1</ds-algorithm> <cert-data>base64encodedvalue==</cert-data> <ca-data>base64encodedvalue==</ca-data> </digital-signature> </peer-authentication> </pad-entry> </pad> <conn-entry> <name>nsf_h1-nsf_h2</name> <autostartup>start</autostartup> <version>ikev2</version> <initial-contact>false</initial-contact><fragmentation><enable>false</enable></fragmentation><fragmentation><enabled>false</enabled></fragmentation> <ike-sa-lifetime-soft> <rekey-time>60</rekey-time> <reauth-time>120</reauth-time> </ike-sa-lifetime-soft> <ike-sa-lifetime-hard> <over-time>3600</over-time> </ike-sa-lifetime-hard> <!--AUTH_HMAC_SHA2_512_256--> <ike-sa-intr-alg>14</ike-sa-intr-alg> <!--ENCR_AES_CBC - 128 bits--> <ike-sa-encr-alg> <id>1</id> </ike-sa-encr-alg> <!--8192-bit MODP Group--> <dh-group>18</dh-group> <half-open-ike-sa-timer>30</half-open-ike-sa-timer> <half-open-ike-sa-cookie-threshold> 15 </half-open-ike-sa-cookie-threshold> <local> <local-pad-entry-name>nsf_h1_pad</local-pad-entry-name> </local> <remote> <remote-pad-entry-name>nsf_h2_pad</remote-pad-entry-name> </remote> <spd> <spd-entry> <name>nsf_h1-nsf_h2</name> <ipsec-policy-config> <anti-replay-window-size>64</anti-replay-window-size> <traffic-selector> <local-prefix>2001:db8:1::0/64</local-prefix> <remote-prefix>2001:db8:2::0/64</remote-prefix> <inner-protocol>any</inner-protocol> </traffic-selector> <processing-info> <action>protect</action> <ipsec-sa-cfg> <pfp-flag>false</pfp-flag> <ext-seq-num>true</ext-seq-num> <seq-overflow>false</seq-overflow> <stateful-frag-check>false</stateful-frag-check> <mode>tunnel</mode> <protocol-parameters>esp</protocol-parameters> <esp-algorithms> <!-- AUTH_HMAC_SHA1_96 --> <integrity>2</integrity> <encryption> <!-- ENCR_AES_CBC --> <id>1</id> <algorithm-type>12</algorithm-type> <key-length>128</key-length> </encryption> <encryption> <!-- ENCR_3DES--> <id>2</id> <algorithm-type>3</algorithm-type> </encryption> <tfc-pad>false</tfc-pad> </esp-algorithms> <tunnel> <local>2001:db8:123::100</local> <remote>2001:db8:123::200</remote> <df-bit>clear</df-bit> <bypass-dscp>true</bypass-dscp> </tunnel> </ipsec-sa-cfg> </processing-info> </ipsec-policy-config> </spd-entry> </spd> <child-sa-info> <!--8192-bit MODP Group --> <fs-groups>18</fs-groups> <child-sa-lifetime-soft> <bytes>1000000</bytes> <packets>1000</packets> <time>30</time> <idle>60</idle> <action>replace</action> </child-sa-lifetime-soft> <child-sa-lifetime-hard> <bytes>2000000</bytes> <packets>2000</packets> <time>60</time> <idle>120</idle> </child-sa-lifetime-hard> </child-sa-info> </conn-entry> </ipsec-ike>]]> </artwork> </figure> </t>]]></sourcecode> </section> <section anchor="appendix-e"title="XML configuration examplenumbered="true" toc="default"> <name>XML Configuration Example for IKE-lesscase (host-to-host)">Case (Host-to-Host)</name> <t>This example showsaan XML configuration file sent by the I2NSF Controller to establishaan IPsec SA between two NSFs (see <xreftarget="fig:example-ikeless"/>)target="fig_example-ikeless" format="default"/>) in transport mode (host-to-host) with ESP in the IKE-less case.</t><t><figurealign="center" anchor="fig:example-ikeless" title="IKE-less case, transport mode.">anchor="fig_example-ikeless"> <name>IKE-less Case, Transport Mode</name> <artworkalign="center"> <![CDATA[align="center" name="" type="" alt=""><![CDATA[ +------------------+ | I2NSF Controller | +------------------+ I2NSF NSF-Facing | Interface | /--------------------+-------------------\ / \ / \ +--------+ +--------+ | nsf_h1 |===== IPsec_ESP_Transport_mode =====| nsf_h2 | +--------+ +--------+ :100 (2001:db8:123:/64) :200]]> </artwork>]]></artwork> </figure></t> <t> <figure> <artwork> <![CDATA[<sourcecode type="xml"><![CDATA[ <ipsec-ikeless xmlns="urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikeless" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"> <spd> <spd-entry> <name> in/trans/2001:db8:123::200/2001:db8:123::100 </name> <direction>inbound</direction> <reqid>1</reqid> <ipsec-policy-config> <traffic-selector> <local-prefix>2001:db8:123::200/128</local-prefix> <remote-prefix>2001:db8:123::100/128</remote-prefix> <inner-protocol>any</inner-protocol> </traffic-selector> <processing-info> <action>protect</action> <ipsec-sa-cfg> <ext-seq-num>true</ext-seq-num> <seq-overflow>false</seq-overflow> <mode>transport</mode> <protocol-parameters>esp</protocol-parameters> <esp-algorithms> <!--AUTH_HMAC_SHA1_96--> <integrity>2</integrity> <!--ENCR_AES_CBC --> <encryption> <id>1</id> <algorithm-type>12</algorithm-type> <key-length>128</key-length> </encryption> <encryption> <id>2</id> <algorithm-type>3</algorithm-type> </encryption> </esp-algorithms> </ipsec-sa-cfg> </processing-info> </ipsec-policy-config> </spd-entry> <spd-entry> <name>out/trans/2001:db8:123::100/2001:db8:123::200</name> <direction>outbound</direction> <reqid>1</reqid> <ipsec-policy-config> <traffic-selector> <local-prefix>2001:db8:123::100/128</local-prefix> <remote-prefix>2001:db8:123::200/128</remote-prefix> <inner-protocol>any</inner-protocol> </traffic-selector> <processing-info> <action>protect</action> <ipsec-sa-cfg> <ext-seq-num>true</ext-seq-num> <seq-overflow>false</seq-overflow> <mode>transport</mode> <protocol-parameters>esp</protocol-parameters> <esp-algorithms> <!-- AUTH_HMAC_SHA1_96 --> <integrity>2</integrity> <!-- ENCR_AES_CBC --> <encryption> <id>1</id> <algorithm-type>12</algorithm-type> <key-length>128</key-length> </encryption> <encryption> <id>2</id> <algorithm-type>3</algorithm-type> </encryption> </esp-algorithms> </ipsec-sa-cfg> </processing-info> </ipsec-policy-config> </spd-entry> </spd> <sad> <sad-entry> <name>out/trans/2001:db8:123::100/2001:db8:123::200</name> <reqid>1</reqid> <ipsec-sa-config> <spi>34501</spi> <ext-seq-num>true</ext-seq-num> <seq-overflow>false</seq-overflow> <anti-replay-window-size>64</anti-replay-window-size> <traffic-selector> <local-prefix>2001:db8:123::100/128</local-prefix> <remote-prefix>2001:db8:123::200/128</remote-prefix> <inner-protocol>any</inner-protocol> </traffic-selector> <protocol-parameters>esp</protocol-parameters> <mode>transport</mode> <esp-sa> <encryption> <!-- //ENCR_AES_CBC --> <encryption-algorithm>12</encryption-algorithm> <key>01:23:45:67:89:AB:CE:DF</key> <iv>01:23:45:67:89:AB:CE:DF</iv> </encryption> <integrity> <!-- //AUTH_HMAC_SHA1_96 --> <integrity-algorithm>2</integrity-algorithm> <key>01:23:45:67:89:AB:CE:DF</key> </integrity> </esp-sa> </ipsec-sa-config> </sad-entry> <sad-entry> <name>in/trans/2001:db8:123::200/2001:db8:123::100</name> <reqid>1</reqid> <ipsec-sa-config> <spi>34502</spi> <ext-seq-num>true</ext-seq-num> <seq-overflow>false</seq-overflow> <anti-replay-window-size>64</anti-replay-window-size> <traffic-selector> <local-prefix>2001:db8:123::200/128</local-prefix> <remote-prefix>2001:db8:123::100/128</remote-prefix> <inner-protocol>any</inner-protocol> </traffic-selector> <protocol-parameters>esp</protocol-parameters> <mode>transport</mode> <esp-sa> <encryption> <!-- //ENCR_AES_CBC --> <encryption-algorithm>12</encryption-algorithm> <key>01:23:45:67:89:AB:CE:DF</key> <iv>01:23:45:67:89:AB:CE:DF</iv> </encryption> <integrity> <!-- //AUTH_HMAC_SHA1_96 --> <integrity-algorithm>2</integrity-algorithm> <key>01:23:45:67:89:AB:CE:DF</key> </integrity> </esp-sa> <sa-lifetime-hard> <bytes>2000000</bytes> <packets>2000</packets> <time>60</time> <idle>120</idle> </sa-lifetime-hard> <sa-lifetime-soft> <bytes>1000000</bytes> <packets>1000</packets> <time>30</time> <idle>60</idle> <action>replace</action> </sa-lifetime-soft> </ipsec-sa-config> </sad-entry> </sad> </ipsec-ikeless>]]> </artwork> </figure> </t>]]></sourcecode> </section> <section anchor="appendix-f"title="XML notification examples">numbered="true" toc="default"> <name>XML Notification Examples</name> <t>In the following, several XML files are shown to illustrate different types of notifications defined in the IKE-less YANG data model, which are sent by the NSF to the I2NSF Controller. The notifications happen in the IKE-less case.</t><t><figurealign="center" anchor="fig:expire-example" title="Exampleanchor="sadb-expire-not"> <name>Example of the sadb-expirenotification."> <artwork> <![CDATA[Notification</name> <sourcecode type="xml"><![CDATA[ <sadb-expire xmlns="urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikeless"> <ipsec-sa-name>in/trans/2001:db8:123::200/2001:db8:123::100 </ipsec-sa-name> <soft-lifetime-expire>true</soft-lifetime-expire> <lifetime-current> <bytes>1000000</bytes> <packets>1000</packets> <time>30</time> <idle>60</idle> </lifetime-current> </sadb-expire>]]> </artwork>]]></sourcecode> </figure></t> <t><figurealign="center" anchor="fig:acquire-example" title="Exampleanchor="sadb-acquire-not"> <name>Example of the sadb-acquirenotification."> <artwork> <![CDATA[Notification</name> <sourcecode type="xml"><![CDATA[ <sadb-acquire xmlns="urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikeless"> <ipsec-policy-name>in/trans/2001:db8:123::200/2001:db8:123::100 </ipsec-policy-name> <traffic-selector> <local-prefix>2001:db8:123::200/128</local-prefix> <remote-prefix>2001:db8:123::100/128</remote-prefix> <inner-protocol>any</inner-protocol> <local-ports> <start>0</start> <end>0</end> </local-ports> <remote-ports> <start>0</start> <end>0</end> </remote-ports> </traffic-selector> </sadb-acquire>]]> </artwork>]]></sourcecode> </figure></t> <t><figurealign="center" anchor="fig:seqoverflow-example" title="Exampleanchor="sadb-seq-overflow-not"> <name>Example of the sadb-seq-overflownotification."> <artwork> <![CDATA[Notification</name> <sourcecode type="xml"><![CDATA[ <sadb-seq-overflow xmlns="urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikeless"> <ipsec-sa-name>in/trans/2001:db8:123::200/2001:db8:123::100 </ipsec-sa-name> </sadb-seq-overflow>]]> </artwork>]]></sourcecode> </figure></t> <t><figurealign="center" anchor="fig:bad-spi-example" title="Exampleanchor="sadb-bad-spi-not"> <name>Example of the sadb-bad-spinotification."> <artwork> <![CDATA[Notification</name> <sourcecode type="xml"><![CDATA[ <sadb-bad-spi xmlns="urn:ietf:params:xml:ns:yang:ietf-i2nsf-ikeless"> <spi>666</spi> </sadb-bad-spi>]]> </artwork>]]></sourcecode> </figure></t></section> <section anchor="appendix-g"title="Operational use cases examples">numbered="true" toc="default"> <name>Operational Use Case Examples</name> <section anchor="appendix-g1"title="Examplenumbered="true" toc="default"> <name>Example of IPsec SAestablishment">Establishment</name> <t>This appendix exemplifies the applicability of the IKE case and IKE-less case to traditional IPsec configurations, that is, host-to-host and gateway-to-gateway. The following examples assume the existence of two NSFs needing to establish an end-to-end IPsec SA to protect their communications. Both NSFs could be two hosts that exchange traffic (host-to-host) or gateways (gateway-to-gateway), for example, within an enterprise that needs to protect the traffic between the networks of two branch offices.</t> <t>Applicability of these configurations appear in current and new networking scenarios. For example, SD-WAN technologies are providing dynamic and on-demand VPN connections between branchoffices,offices or between branches andSaaSSoftware as a Service (SaaS) cloud services. Besides,IaaSInfrastructure as a Service (IaaS) services providing virtualization environments are deployments that often rely on IPsec to provide secure channels between virtual instances (host-to-host) and providing VPN solutions for virtualized networks (gateway-to-gateway).</t> <t>As can be observed in the following, the I2NSF-based IPsec management system (for IKE and IKE-lesscases),cases) exhibits various advantages:<list style="numbers"> <t></t> <ol spacing="normal" type="1"><li> It allowsto createcreating IPsec SAs among two NSFs, based only on the application of generalFlow-based Protection Policiesflow-based protection policies at the I2NSF User. Thus, administrators can manage all security associations in a centralized point with an abstracted view of the network.</t> <t></li> <li> Any NSF deployed in the system does not need manual configuration,thereforetherefore, allowing its deployment in an automated manner.</t> </list> </t></li> </ol> <section anchor="sec-example-ikecase"title="IKE case"> <!-- maximum wide of the figure -->numbered="true" toc="default"> <name>IKE Case</name> <figurealign="center" anchor="fig:g2gsinglecontroller1" title="Host-to-host / gateway-to-gatewayanchor="fig_g2gsinglecontroller1"> <name>Host-to-Host/Gateway-to-Gateway for the IKEcase.">Case</name> <artworkalign="center"> <![CDATA[align="center" name="" type="" alt=""><![CDATA[ +----------------------------------------+ | I2NSF User (IPsec Management System) | +----------------------------------------+ | (1) Flow-based I2NSF Consumer-Facing Protection Policy Interface | +---------|------------------------------+ | | | | | I2NSF Controller | | V | | +--------------+ (2)+--------------+ | | |Translate into|--->| NETCONF/ | | | |IPsec Policies| | RESTCONF | | | +--------------+ +--------------+ | | | | | | | | | +--------------------------|-----|-------+ | | I2NSF NSF-Facing Interface | | | (3) | |-------------------------+ +---| V V +----------------------+ +----------------------+ | NSF A | | NSF B | | IKEv2/IPsec(SPD/PAD) | | IKEv2/IPsec(SPD/PAD) | +----------------------+ +----------------------+]]> </artwork>]]></artwork> </figure> <t> <xreftarget="fig:g2gsinglecontroller1"/>target="fig_g2gsinglecontroller1" format="default"/> describes the application of the IKE case when a data packet needs to be protected in the path betweentheNSF A and NSF B: </t><t> <list style="numbers"> <t> The<ol spacing="normal" type="1"> <li>The I2NSF User defines a general flow-based protection policy (e.g., protect data traffic between NSF A and B). The I2NSF Controller looks for the NSFs involved (NSF A and NSF B).</t> <t> The</li> <li>The I2NSF Controller generates IKEv2 credentials for them and translates the policies into SPD and PAD entries.</t> <t> The</li> <li>The I2NSF Controller inserts an IKEv2 configuration that includes the SPD and PAD entries in both NSF A and NSF B. If some of operations with NSF A and NSF Bfailfail, the I2NSF Controller will stop the process and perform a rollback operation by deleting any IKEv2,SPDSPD, and PAD configuration that had been successfully installed in NSF A or B.</t> </list> </t></li> </ol> <t> If the previous steps are successful, the flow is protected by means of the IPsec SA established with IKEv2 between NSF A and NSF B.</t> </section> <section anchor="sec-example-ikeless-case"title="IKE-less case"> <!-- maximum wide of the figure -->numbered="true" toc="default"> <name>IKE-less Case</name> <figurealign="center" anchor="fig:g2gsinglecontroller2" title="Host-to-host / gateway-to-gatewayanchor="fig_g2gsinglecontroller2"> <name>Host-to-Host/Gateway-to-Gateway for the IKE-lesscase.">Case</name> <artworkalign="center"> <![CDATA[align="center" name="" type="" alt=""><![CDATA[ +----------------------------------------+ | I2NSF User (IPsec Management System) | +----------------------------------------+ | (1) Flow-based I2NSF Consumer-Facing Protection Policy Interface | +---------|------------------------------+ | | | | | I2NSF Controller | | V | | +--------------+ (2) +--------------+ | | |Translate into|---->| NETCONF/ | | | |IPsec Policies| | RESTCONF | | | +--------------+ +--------------+ | | | | | +-------------------------|-----|--------+ | | I2NSF NSF-Facing Interface | | | (3) | |----------------------+ +--| V V +----------------+ +----------------+ | NSF A | | NSF B | | IPsec(SPD/SAD) | | IPsec(SPD/SAD) | +----------------+ +----------------+]]> </artwork>]]></artwork> </figure> <t> <xreftarget="fig:g2gsinglecontroller2"/>target="fig_g2gsinglecontroller2" format="default"/> describes the application of the IKE-less case when a data packet needs to be protected in the path betweentheNSF A and NSF B: </t><t> <list style="numbers"> <t>The<ol spacing="normal" type="1"> <li>The I2NSF User establishes a generalFlow-based Protection Policyflow-based protection policy, and the I2NSF Controller looks for the involvedNSFs.</t> <t>NSFs.</li> <li> The I2NSF Controller translates the flow-based security policies into IPsec SPD and SADentries.</t>entries.</li> <li> <t>The I2NSF Controller inserts these entries in both NSF A and NSF B IPsec databases (i.e., SPD and SAD). The following text describes how this wouldhappen: <list style="symbols"> <t>Thehappen:</t> <ul spacing="normal"> <li>The I2NSF Controller chooses two random values asSPIs:SPIs, for example, SPIa1 for the inbound IPsec SA intheNSF A and SPIb1 for the inbound IPsec SA in NSF B. The value of the SPIa1MUST NOT<bcp14>MUST NOT</bcp14> be the same as any inbound SPI in A. In the same way, the value of the SPIb1MUST NOT<bcp14>MUST NOT</bcp14> be the same as any inbound SPI in B. Moreover, the SPIa1MUST<bcp14>MUST</bcp14> be used in B for the outbound IPsec SA to A, while SPIb1MUST<bcp14>MUST</bcp14> be used in A for the outbound IPsec SA to B. It also generates fresh cryptographic material for the new inbound/outbound IPsec SAs and theirparameters.</t> <t>parameters.</li> <li> After that, the I2NSF Controllersendssimultaneously sends the new inbound IPsec SA with SPIa1 and new outbound IPsec SA with SPIb1 to NSFA;A and the new inbound IPsec SA with SPIb1 and new outbound IPsec SA with SPIa1 to B, together with the corresponding IPsec policies.</t> <t>Once</li> <li>Once the I2NSF Controller receives confirmation from NSF A and NSF B, it knows that the IPsec SAs are correctly installed andready.</t> </list> Otherready.</li> </ul> <t> Another alternative to this operationis:is the I2NSF Controllersendsfirst sends the IPsec policies and new inbound IPsec SAs to A andB and, onceB. Once it obtains a successful confirmation of these operations from NSF A and NSF B, it proceeds with installing the new outbound IPsec SAs. Even though this procedure may increase the latency to complete the process, no traffic is sent over the network until the IPsec SAs are completely operative. In anycasecase, other alternativesMAY<bcp14>MAY</bcp14> be possible to implement step3. </t> <t>If3.</t> </li> <li>If some of the operations described above fail (e.g.,theNSF A reports an error when the I2NSF Controller is trying to install the SPD entry, the new inbound or outbound IPsecSAs)SAs), the I2NSF ControllerMUST<bcp14>MUST</bcp14> perform rollback operations by deleting any new inbound or outbound IPsec SA and SPD entry that had been successfully installed in any of the NSFs (e.g., NSF B) and stop the process. Note that the I2NSF ControllerMAY<bcp14>MAY</bcp14> retry several times before givingup.</t> <t>up.</li> <li> Otherwise, if the steps 1 to 3 are successful, the flow between NSF A and NSF B is protected by means of the IPsec SAs established by the I2NSF Controller. It is worth mentioning that the I2NSF Controller associates a lifetime to the new IPsec SAs. When this lifetime expires, the NSF will send a sadb-expire notification to the I2NSF Controller in order to start the rekeyingprocess.</t> </list> </t>process.</li> </ol> <t>Instead of installing IPsec policies (in the SPD) and IPsec SAs (in the SAD) in step 3 (proactive mode), it is also possible that the I2NSF Controller only installs the SPD entries in step 3 (reactive mode). In such a case, when a data packet requires to be protected with IPsec, the NSF thatsawfirst saw the data packet will send a sadb-acquire notification that informs the I2NSF Controller that needs SAD entries with the IPsec SAs to process the data packet. Again, if some of the operations installing the new inbound/outbound IPsec SAs fail, the I2NSF Controller stops the process and performs a rollback operation by deleting any new inbound/outbound SAs that had been successfully installed.</t> </section> </section> <section anchor="appendix-g2"title="Examplenumbered="true" toc="default"> <name>Example of therekeying processRekeying Process in IKE-lesscase">Case</name> <t>To explain an example of the rekeying process between two IPsecNSFsNSFs, A and B,letassume that SPIa1 identifies the inbound IPsec SA inA,A and SPIb1 identifies the inbound IPsec SA in B. The rekeying process will take the following steps:</t><t> <list style="numbers"> <t>The<ol spacing="normal" type="1"> <li>The I2NSF Controller chooses two random values as SPI for the new inbound IPsecSAs:SAs, for example, SPIa2 for the inbound IPsec SA in A and SPIb2 for the inbound IPsec SA in B. The value of the SPIa1MUST NOT<bcp14>MUST NOT</bcp14> be the same as any inbound SPI in A. In the same way, the value of the SPIb1MUST NOT<bcp14>MUST NOT</bcp14> be the same as any inbound SPI in B. Then, the I2NSF Controller creates an inbound IPsec SA with SPIa2 in A and another inbound IPsec SA in B with SPIb2. It can send this information simultaneously to A andB.</t> <t>B.</li> <li> Once the I2NSF Controller receives confirmation from A and B, the controller knows that the inbound IPsec SAs are correctly installed.ThenThen, it proceeds tosendsend, in parallel to A and B, the outbound IPsec SAs: the outbound IPsec SA to A withSPIb2,SPIb2 and the outbound IPsec SA to B with SPIa2. At thispointpoint, the new IPsec SAs areready.</t> <t>ready.</li> <li> Once the I2NSF Controller receives confirmation from A and B that the outbound IPsec SAs have been installed, the I2NSF Controller, in parallel, deletes the old IPsec SAs from A (inbound SPIa1 and outbound SPIb1) and B (outbound SPIa1 and inboundSPIb1).</t> </list> </t>SPIb1).</li> </ol> <t>If some of the operations in step 1 fail (e.g.,theNSF A reports an error when the I2NSF Controller is trying to install a new inbound IPsecSA)SA), the I2NSF ControllerMUST<bcp14>MUST</bcp14> perform rollback operations by removing any new inbound SA that had been successfully installed during step 1. </t> <t>If step 1 is successful but some of the operations in step 2 fail (e.g.,theNSF A reports an error when the I2NSF Controller is trying to install the new outbound IPsec SA), the I2NSF ControllerMUST<bcp14>MUST</bcp14> perform a rollback operation by deleting any new outbound SA that had been successfully installed during step 2 and by deleting the inbound SAs created in step 1, in that order. </t> <t>If the steps 1 and 2 are successful but the step 3 fails, the I2NSF Controller will avoid any rollback of the operations carried out instepsteps 1 andstep 22, since new and valid IPsec SAs were created and are functional. The I2NSF ControllerMAY<bcp14>MAY</bcp14> reattempt to remove the old inbound and outbound IPsec SAs in NSF A and NSF B several times until it receives a success or it gives up. In the last case, the old IPsec SAs will be removed when their corresponding hard lifetime is reached. </t> </section> <section anchor="appendix-g3"title="Examplenumbered="true" toc="default"> <name>Example ofmanagingManaging NSFstate lossState Loss in the IKE-lesscase">Case</name> <t> In the IKE-less case, if the I2NSF Controller detects thataan NSF has lost the IPsec state, it could follow the next steps:<list style="numbers"> <t></t> <ol spacing="normal" type="1"> <li> The I2NSF ControllerSHOULD<bcp14>SHOULD</bcp14> delete the old IPsec SAs on the non-failed nodes, established with the failed node. This prevents the non-failed nodes from leakingplaintext.</t> <t>Ifplaintext.</li> <li>If the affected node restarts, the I2NSF Controller configures the new inbound IPsec SAs between the affected node and all the nodes it was talking to.</t> <t></li> <li> After these inbound IPsec SAs have been established, the I2NSF Controller configures the outbound IPsec SAs in parallel.</t> </list> </t> <t>Step</li> </ol> <t>Steps 2 andstep3 can be performed at the same time at the cost of a potential packet loss. If this is notcriticalcritical, then it is an optimization since the number of exchanges between the I2NSF Controller and NSFs is lower.</t> </section> </section> <section anchor="ack" numbered="false" toc="default"> <name>Acknowledgements</name> <t> Authors want to thank <contact fullname="Paul Wouters"/>, <contact fullname="Valery Smyslov"/>,<contact fullname="Sowmini Varadhan"/>, <contact fullname="David Carrel"/>, <contact fullname="Yoav Nir"/>, <contact fullname="Tero Kivinen"/>, <contact fullname="Martin Bjorklund"/>, <contact fullname="Graham Bartlett"/>, <contact fullname="Sandeep Kampati"/>, <contact fullname="Linda Dunbar"/>, <contact fullname="Mohit Sethi"/>, <contact fullname="Martin Bjorklund"/>, <contact fullname="Tom Petch"/>, <contact fullname="Christian Hopps"/>, <contact fullname="Rob Wilton"/>, <contact fullname="Carlos J. Bernardos"/>, <contact fullname="Alejandro Perez-Mendez"/>, <contact fullname="Alejandro Abad-Carrascosa"/>, <contact fullname="Ignacio Martinez"/>, <contact fullname="Ruben Ricart"/>, and all IESG members that have reviewed this document for their valuable comments. </t> </section> </back> </rfc>