Software-Defined Networking (SDN)-based IPsec Flow Protection
draft-abad-i2nsf-sdn-ipsec-flow-protection-03

Document Type Replaced Internet-Draft (candidate for i2nsf WG)
Last updated 2017-09-15 (latest revision 2017-05-04)
Replaced by draft-ietf-i2nsf-sdn-ipsec-flow-protection
Stream IETF
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Yang Validation 0 errors, 0 warnings.
Stream WG state Call For Adoption By WG Issued
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-i2nsf-sdn-ipsec-flow-protection
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-abad-i2nsf-sdn-ipsec-flow-protection-03.txt

Abstract

This document describes the use case of providing IPsec-based flow protection by means of a Software-Defined Network (SDN) controller (aka. Security Controller) and establishes the requirements to support this service. It considers two main well-known scenarios in IPsec: (i) gateway-to-gateway and (ii) host-to-host. This document describes a mechanism based on the SDN paradigm to support the distribution and monitoring of IPsec information from a SDN controller to one or several flow-based Network Security Function (NSF). The NSFs implement IPsec to protect data traffic between network resources with IPsec. The document focuses in the NSF Facing Interface by providing models for Configuration and State data model required to allow the Security Controller to configure the IPsec databases (SPD, SAD, PAD) and IKE to establish security associations with a reduced intervention of the network administrator. NOTE: State data model will be developed as part of this work but it is still TBD.

Authors

Rafael Lopez (rafa@um.es)
Gabriel Lopez-Millan (gabilm@um.es)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)