%% You should probably cite draft-ietf-i2nsf-sdn-ipsec-flow-protection instead of this I-D. @techreport{abad-i2nsf-sdn-ipsec-flow-protection-03, number = {draft-abad-i2nsf-sdn-ipsec-flow-protection-03}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-abad-i2nsf-sdn-ipsec-flow-protection/03/}, author = {Rafael Marin-Lopez and Gabriel Lopez-Millan}, title = {{Software-Defined Networking (SDN)-based IPsec Flow Protection}}, pagetotal = 45, year = 2017, month = may, day = 4, abstract = {This document describes the use case of providing IPsec-based flow protection by means of a Software-Defined Network (SDN) controller (aka. Security Controller) and establishes the requirements to support this service. It considers two main well-known scenarios in IPsec: (i) gateway-to-gateway and (ii) host-to-host. This document describes a mechanism based on the SDN paradigm to support the distribution and monitoring of IPsec information from a SDN controller to one or several flow-based Network Security Function (NSF). The NSFs implement IPsec to protect data traffic between network resources with IPsec. The document focuses in the NSF Facing Interface by providing models for Configuration and State data model required to allow the Security Controller to configure the IPsec databases (SPD, SAD, PAD) and IKE to establish security associations with a reduced intervention of the network administrator. NOTE: State data model will be developed as part of this work but it is still TBD.}, }