Network Working Group H. Hong
Internet-Draft J. Jeong
Intended status: Standards Track J. Kim
Expires: January 20, 2018 Sungkyunkwan University
S. Hares
L. Xia
Huawei
July 19, 2017
I2NSF Network Security Function Monitoring YANG Data Model
draft-hong-i2nsf-nsf-monitoring-data-model-00
Abstract
This document proposes a YANG data model for monitoring Network
Security Functions (NSFs) in the Interface to Network Security
Functions (I2NSF) system. If the monitoring of NSFs is performed in
a timely and comrehensive way, it is possible to detect the
indication of malicious activity, anomalous behavior or the potential
sign of denial of service attacks. This monitoring functionality is
based on the monitoring information that is generated by NSFs. Thus,
this document describes not only a data tree to specify monitoring
information model but also a YANG data model for monitoring NSFs.
Status of This Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on January 20, 2018.
Hong, et al. Expires January 20, 2018 [Page 1]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3
4. Information Model Structure . . . . . . . . . . . . . . . . . 4
5. YANG Data Model . . . . . . . . . . . . . . . . . . . . . . . 12
6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 45
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 45
7.1. Normative References . . . . . . . . . . . . . . . . . . . 45
7.2. Informative References . . . . . . . . . . . . . . . . . . 45
Hong, et al. Expires January 20, 2018 [Page 2]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
1. Introduction
This document defines a YANG [RFC6020] data model for monitoring
Network Security Functions (NSFs). This monitoring means the
aquisition of vital information about NSFs via notifications, events,
records or counters. The data model for the monitoring presented in
this document is derived from the information model for the security
policy provisioning of the NSF-Facing Interface specified in
[i2nsf-monitoring-im].
2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Terminology
This document uses the terminology described in
[i2nsf-terminology][i2nsf-framework]. Especially, the following
terms are from [i2nsf-monitoring-im].
o Information Model: An information model is a representation of
concepts of interest to an environment in a form that is
independent of data repository, data definition language, query
language, implementation language, and protocol.
o Data Model: A data model is a representation of concepts of
interest to an environment in a form that is dependent on data
repository, data definition language, query language,
implementation language, and protocol.
3.1. Tree Diagrams
A simplified graphical representation of the data model is used in
this document. The meaning of the symbols in these diagrams
[i2rs-rib-data-model] is as follows:
o Brackets "[" and "]" enclose list keys.
o Abbreviations before data node names: "rw" means configuration
(read-write) and "ro" state data (read-only).
o Symbols after data node names: "?" means an optional node and "*"
denotes a "list" and "leaf-list".
o Parentheses enclose choice and case nodes, and case nodes are also
marked with a colon (":").
Hong, et al. Expires January 20, 2018 [Page 3]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
o Ellipsis ("...") stands for contents of subtrees that are not
shown.
4. Information Model Structure
Figure 1 shows the overview of a structure tree of monitoring
information based on the [i2nsf-monitoring-im].
module: ietf-i2nsf-monitoring-information
+--rw monitoring-message
+--rw monitoring-messages* [message-id]
+--rw message-id uint8
+--rw message-version uint8
+--rw (message-type)?
| +--:(alarm)
| | +--rw (alarm-type)?
| | +--:(system-alarm)
| | +--rw memory-alarm
| | | +--rw event-name string
| | | +--rw usage? uint8
| | | +--rw threshold? uint8
| | | +--rw message string
| | | +--rw module-name string
| | +--rw cpu-alarm
| | | +--rw event-name string
| | | +--rw usage? uint8
| | | +--rw threshold? uint8
| | | +--rw message string
| | +--rw disk-alarm
| | | +--rw event-name string
| | | +--rw usage? uint8
| | | +--rw threshold? uint8
| | | +--rw message string
| | +--rw hardware-alarm
| | | +--rw event-name string
| | | +--rw usage? uint8
| | | +--rw threshold? uint8
| | | +--rw message string
| | | +--rw component-name? string
| | +--rw interface-alarm
| | +--rw event-name string
| | +--rw usage? uint8
| | +--rw threshold? uint8
| | +--rw message string
| | +--rw interface-name? string
| | +--rw interface-state
| | +--rw up boolean
| | +--rw down boolean
Hong, et al. Expires January 20, 2018 [Page 4]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
| | +--rw congested boolean
| +--:(event)
| | +--rw (event-type)?
| | +--:(system-event)
| | | +--rw access-violation
| | | | +--rw event-name string
| | | | +--rw user-name string
| | | | +--rw group string
| | | | +--rw login-ip inet:ipv4-address
| | | | +--rw authentication-mode
| | | | | +--rw local-auth boolean
| | | | | +--rw third-part-auth boolean
| | | | | +--rw exemption-auth boolean
| | | | | +--rw sso-auth boolean
| | | | +--rw message string
| | | +--rw config-change
| | | +--rw event-name string
| | | +--rw user-name string
| | | +--rw group string
| | | +--rw login-ip inet:ipv4-address
| | | +--rw authentication-mode
| | | | +--rw local-auth boolean
| | | | +--rw third-part-auth boolean
| | | | +--rw exemption-auth boolean
| | | | +--rw sso-auth boolean
| | | +--rw message string
| | +--:(nsf-event)
| | +--rw ddos-event
| | | +--rw event-name string
| | | +--rw user-name? string
| | | +--rw message? string
| | | +--rw src-ip? inet:ipv4-address
| | | +--rw dst-ip? inet:ipv4-address
| | | +--rw src-port? inet:port-number
| | | +--rw dst-port? inet:port-number
| | | +--rw src-zone? string
| | | +--rw dst-zone? string
| | | +--rw rule-id uint8
| | | +--rw rule-name string
| | | +--rw profile? string
| | | +--rw raw-info? string
| | | +--rw ddos-attack-type
| | | | +--rw syn-flood? boolean
| | | | +--rw ack-flood? boolean
| | | | +--rw syn-ack-flood? boolean
| | | | +--rw fin-rst-flood? boolean
| | | | +--rw tcp-con-flood? boolean
| | | | +--rw udp-flood? boolean
Hong, et al. Expires January 20, 2018 [Page 5]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
| | | | +--rw icmp-flood? boolean
| | | | +--rw https-flood? boolean
| | | | +--rw http-flood? boolean
| | | | +--rw dns-reply-flood? boolean
| | | | +--rw dns-query-flood? boolean
| | | | +--rw sip-flood? boolean
| | | +--rw start-time yang:date-and-time
| | | +--rw end-time yang:date-and-time
| | | +--rw attack-rate? uint32
| | | +--rw attack-speed? uint32
| | +--rw session-table-event
| | | +--rw event-name? string
| | | +--rw current-session? uint8
| | | +--rw maximum-session? uint8
| | | +--rw threshold? uint8
| | | +--rw message? string
| | +--rw virus-event
| | | +--rw event-name string
| | | +--rw user-name? string
| | | +--rw message? string
| | | +--rw src-ip? inet:ipv4-address
| | | +--rw dst-ip? inet:ipv4-address
| | | +--rw src-port? inet:port-number
| | | +--rw dst-port? inet:port-number
| | | +--rw src-zone? string
| | | +--rw dst-zone? string
| | | +--rw rule-id uint8
| | | +--rw rule-name string
| | | +--rw profile? string
| | | +--rw raw-info? string
| | | +--rw virus-type
| | | | +--rw trajan? boolean
| | | | +--rw worm? boolean
| | | | +--rw macro? boolean
| | | +--rw virus-name? string
| | | +--rw file-type? string
| | | +--rw file-name? string
| | +--rw intrusion-event
| | | +--rw event-name string
| | | +--rw user-name? string
| | | +--rw message? string
| | | +--rw src-ip? inet:ipv4-address
| | | +--rw dst-ip? inet:ipv4-address
| | | +--rw src-port? inet:port-number
| | | +--rw dst-port? inet:port-number
| | | +--rw src-zone? string
| | | +--rw dst-zone? string
| | | +--rw rule-id uint8
Hong, et al. Expires January 20, 2018 [Page 6]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
| | | +--rw rule-name string
| | | +--rw profile? string
| | | +--rw raw-info? string
| | | +--rw protocol
| | | | +--rw tcp? boolean
| | | | +--rw udp? boolean
| | | | +--rw icmp? boolean
| | | | +--rw icmpv6? boolean
| | | | +--rw ip? boolean
| | | | +--rw http? boolean
| | | | +--rw ftp? boolean
| | | +--rw intrusion-attack-type
| | | +--rw brutal-force? boolean
| | | +--rw buffer-overflow? boolean
| | +--rw botnet-event
| | | +--rw event-name string
| | | +--rw user-name? string
| | | +--rw message? string
| | | +--rw src-ip? inet:ipv4-address
| | | +--rw dst-ip? inet:ipv4-address
| | | +--rw src-port? inet:port-number
| | | +--rw dst-port? inet:port-number
| | | +--rw src-zone? string
| | | +--rw dst-zone? string
| | | +--rw rule-id uint8
| | | +--rw rule-name string
| | | +--rw profile? string
| | | +--rw raw-info? string
| | | +--rw protocol
| | | | +--rw tcp? boolean
| | | | +--rw udp? boolean
| | | | +--rw icmp? boolean
| | | | +--rw icmpv6? boolean
| | | | +--rw ip? boolean
| | | | +--rw http? boolean
| | | | +--rw ftp? boolean
| | | +--rw botnet-name? string
| | | +--rw role? string
| | +--rw web-attack-event
| | +--rw event-name string
| | +--rw user-name? string
| | +--rw message? string
| | +--rw src-ip? inet:ipv4-address
| | +--rw dst-ip? inet:ipv4-address
| | +--rw src-port? inet:port-number
| | +--rw dst-port? inet:port-number
| | +--rw src-zone? string
| | +--rw dst-zone? string
Hong, et al. Expires January 20, 2018 [Page 7]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
| | +--rw rule-id uint8
| | +--rw rule-name string
| | +--rw profile? string
| | +--rw raw-info? string
| | +--rw web-attack-type
| | | +--rw sql-injection? boolean
| | | +--rw command-injection? boolean
| | | +--rw xss? boolean
| | | +--rw csrf? boolean
| | +--rw req-method
| | | +--rw put? boolean
| | | +--rw get? boolean
| | +--rw req-url? string
| | +--rw url-category? string
| | +--rw filtering-type
| | +--rw blacklist? boolean
| | +--rw whitelist? boolean
| | +--rw user-defined? boolean
| | +--rw balicious-category? boolean
| | +--rw unknown? boolean
| +--:(log)
| | +--rw (log-type)?
| | +--:(system-log)
| | | +--rw access-logs
| | | | +--rw login-ip inet:ipv4-address
| | | | +--rw administartor? string
| | | | +--rw login-mode? login-mode
| | | | +--rw operation-type? operation-type
| | | | +--rw result? string
| | | | +--rw content? string
| | | +--rw resource-utiliz-logs
| | | | +--rw system-status? string
| | | | +--rw cpu-usage? uint8
| | | | +--rw memory-usage? uint8
| | | | +--rw disk-usage? uint8
| | | | +--rw disk-left? uint8
| | | | +--rw session-num? uint8
| | | | +--rw process-num? uint8
| | | | +--rw in-traffic-rate? uint32
| | | | +--rw out-traffic-rate? uint32
| | | | +--rw in-traffic-speed? uint32
| | | | +--rw out-traffic-speed? uint32
| | | +--rw user-activity-logs
| | | +--rw user string
| | | +--rw group string
| | | +--rw login-ip inet:ipv4-address
| | | +--rw authentication-mode
| | | | +--rw local-auth boolean
Hong, et al. Expires January 20, 2018 [Page 8]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
| | | | +--rw third-part-auth boolean
| | | | +--rw exemption-auth boolean
| | | | +--rw sso-auth boolean
| | | +--rw access-mode
| | | | +--rw ppp? boolean
| | | | +--rw svn? boolean
| | | | +--rw local? boolean
| | | +--rw online-duration? string
| | | +--rw logout-duration? string
| | | +--rw addtional-info? string
| | +--:(nsf-log)
| | +--rw ddos-logs
| | | +--rw attack-type? string
| | | +--rw attack-ave-rate? uint32
| | | +--rw attack-ave-speed? uint32
| | | +--rw attack-pkt-num? uint32
| | | +--rw attack-src-ip? inet:ipv4-address
| | | +--rw action? all-action
| | | +--rw os? string
| | +--rw virus-logs
| | | +--rw protocol
| | | | +--rw tcp? boolean
| | | | +--rw udp? boolean
| | | | +--rw icmp? boolean
| | | | +--rw icmpv6? boolean
| | | | +--rw ip? boolean
| | | | +--rw http? boolean
| | | | +--rw ftp? boolean
| | | +--rw attack-type? string
| | | +--rw action? all-action
| | | +--rw os? string
| | | +--rw time yang:date-and-time
| | +--rw intrusion-logs
| | | +--rw attack-type? string
| | | +--rw action? all-action
| | | +--rw time yang:date-and-time
| | | +--rw attack-rate? uint32
| | | +--rw attack-speed? uint32
| | +--rw botnet-logs
| | | +--rw attack-type? string
| | | +--rw botnet-pkt-num? uint8
| | | +--rw action? all-action
| | | +--rw os? string
| | +--rw dpi-logs
| | | +--rw dpi-type? dpi-type
| | | +--rw src-ip? inet:ipv4-address
| | | +--rw dst-ip? inet:ipv4-address
| | | +--rw src-port? inet:port-number
Hong, et al. Expires January 20, 2018 [Page 9]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
| | | +--rw dst-port? inet:port-number
| | | +--rw src-zone? string
| | | +--rw dst-zone? string
| | | +--rw src-region? string
| | | +--rw dst-region? string
| | | +--rw policy-id uint8
| | | +--rw policy-name string
| | | +--rw src-user? string
| | | +--rw protocol
| | | | +--rw tcp? boolean
| | | | +--rw udp? boolean
| | | | +--rw icmp? boolean
| | | | +--rw icmpv6? boolean
| | | | +--rw ip? boolean
| | | | +--rw http? boolean
| | | | +--rw ftp? boolean
| | | +--rw file-type? string
| | | +--rw file-name? string
| | +--rw vul-scan-logs* [vulnerability-id]
| | | +--rw vul-id uint8
| | | +--rw victim-ip? inet:ipv4-address
| | | +--rw protocol
| | | | +--rw tcp? boolean
| | | | +--rw udp? boolean
| | | | +--rw icmp? boolean
| | | | +--rw icmpv6? boolean
| | | | +--rw ip? boolean
| | | | +--rw http? boolean
| | | | +--rw ftp? boolean
| | | +--rw port-num? inet:port-number
| | | +--rw level? severity
| | | +--rw os? string
| | | +--rw addtional-info? string
| | +--rw web-attack-logs
| | +--rw attack-type? string
| | +--rw rsp-code? string
| | +--rw req-clientapp? string
| | +--rw req-cookies? string
| | +--rw req-host? string
| | +--rw raw-info? string
| +--:(counters)
| +--rw (counter-type)?
| +--:(system-counter)
| | +--rw interface-counters
| | +--rw interface-name? string
| | +--rw in-total-traffic-pkts? uint32
| | +--rw out-total-traffic-pkts? uint32
| | +--rw in-total-traffic-bytes? uint32
Hong, et al. Expires January 20, 2018 [Page 10]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
| | +--rw out-total-traffic-bytes? uint32
| | +--rw in-drop-traffic-pkts? uint32
| | +--rw out-drop-traffic-pkts? uint32
| | +--rw in-drop-traffic-bytes? uint32
| | +--rw out-drop-traffic-bytes? uint32
| | +--rw total-traffic? uint32
| | +--rw in-traffic-ave-rate? uint32
| | +--rw in-traffic-peak-rate? uint32
| | +--rw in-traffic-ave-speed? uint32
| | +--rw in-traffic-peak-speed? uint32
| | +--rw out-traffic-ave-rate? uint32
| | +--rw out-traffic-peak-rate? uint32
| | +--rw out-traffic-ave-speed? uint32
| | +--rw out-traffic-peak-speed? uint32
| +--:(nsf-counter)
| +--rw firewall-counters
| | +--rw src-ip? inet:ipv4-address
| | +--rw dst-ip? inet:ipv4-address
| | +--rw src-port? inet:port-number
| | +--rw dst-port? inet:port-number
| | +--rw src-zone? string
| | +--rw dst-zone? string
| | +--rw src-region? string
| | +--rw dst-region? string
| | +--rw policy-id uint8
| | +--rw policy-name string
| | +--rw src-user? string
| | +--rw protocol
| | | +--rw tcp? boolean
| | | +--rw udp? boolean
| | | +--rw icmp? boolean
| | | +--rw icmpv6? boolean
| | | +--rw ip? boolean
| | | +--rw http? boolean
| | | +--rw ftp? boolean
| | +--rw total-traffic? uint32
| | +--rw in-traffic-ave-rate? uint32
| | +--rw in-traffic-peak-rate? uint32
| | +--rw in-traffic-ave-speed? uint32
| | +--rw in-traffic-peak-speed? uint32
| | +--rw out-traffic-ave-rate? uint32
| | +--rw out-traffic-peak-rate? uint32
| | +--rw out-traffic-ave-speed? uint32
| | +--rw out-traffic-peak-speed? uint32
| | +--rw bound
| | +--rw in-interface? boolean
| | +--rw out-interface? boolean
| +--rw policy-hit-counters
Hong, et al. Expires January 20, 2018 [Page 11]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
| +--rw src-ip? inet:ipv4-address
| +--rw dst-ip? inet:ipv4-address
| +--rw src-port? inet:port-number
| +--rw dst-port? inet:port-number
| +--rw src-zone? string
| +--rw dst-zone? string
| +--rw src-region? string
| +--rw dst-region? string
| +--rw policy-id uint8
| +--rw policy-name string
| +--rw src-user? string
| +--rw protocol
| | +--rw tcp? boolean
| | +--rw udp? boolean
| | +--rw icmp? boolean
| | +--rw icmpv6? boolean
| | +--rw ip? boolean
| | +--rw http? boolean
| | +--rw ftp? boolean
| +--rw total-traffic? uint32
| +--rw in-traffic-ave-rate? uint32
| +--rw in-traffic-peak-rate? uint32
| +--rw in-traffic-ave-speed? uint32
| +--rw in-traffic-peak-speed? uint32
| +--rw out-traffic-ave-rate? uint32
| +--rw out-traffic-peak-rate? uint32
| +--rw out-traffic-ave-speed? uint32
| +--rw out-traffic-peak-speed? uint32
| +--rw hit-times? uint32
+--rw time-stamp yang:date-and-time
+--rw severity severity
+--rw vendor-name? string
Figure 1: Information Model for NSF Monitoring
5. YANG Data Model
This section introduces a YANG data model for the information model
of monitoring inforamtion based on [i2nsf-monitoring-im].
<CODE BEGINS> file "ietf-i2nsf-nsf-monitoring-data-model@20170719.yang"
module ietf-i2nsf-monitoring-information {
namespace
"urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-monitoring-data-model";
prefix
monitoring-information;
import ietf-inet-types{
Hong, et al. Expires January 20, 2018 [Page 12]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
prefix inet;
}
import ietf-yang-types {
prefix yang;
}
organization
"IETF I2NSF (Interface to Network Security Functions)
Working Group";
contact
"WG Web: <http://tools.ietf.org/wg/i2nsf>
WG List: <mailto:i2nsf@ietf.org>
WG Chair: Linda Dunbar
<mailto:Linda.duhbar@huawei.com>
Editor: Dongjin Hong
<mailto:dong.jin@skku.edu>
Editor: Jaehoon Paul Jeong
<mailto:pauljeong@skku.edu>";
description
"This module defines a YANG data module for monitoring NSFs.";
revision "2017-07-19" {
description "Initial revision";
reference
"draft-zhang-i2nsf-info-model-monitoring-04";
}
typedef severity {
type enumeration {
enum high {
description
"high-level";
}
enum middle {
description
"middle-level";
}
enum low {
description
"low-level";
}
}
description
"This is used for indicating the severity";
Hong, et al. Expires January 20, 2018 [Page 13]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
}
typedef all-action {
type enumeration {
enum allow {
description
"TBD";
}
enum alert {
description
"TBD";
}
enum block {
description
"TBD";
}
enum discard {
description
"TBD";
}
enum declare {
description
"TBD";
}
enum block-ip {
description
"TBD";
}
enum block-service{
description
"TBD";
}
}
description
"This is used for protocol";
}
typedef dpi-type{
type enumeration {
enum file-blocking{
description
"TBD";
}
enum data-filtering{
description
"TBD";
}
enum application-behavior-control{
description
"TBD";
Hong, et al. Expires January 20, 2018 [Page 14]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
}
}
description
"This is used for dpi type";
}
typedef operation-type{
type enumeration {
enum login{
description
"TBD";
}
enum logout{
description
"TBD";
}
enum configuration{
description
"TBD";
}
}
description
"This is used for operation type";
}
typedef login-mode{
type enumeration {
enum root{
description
"TBD";
}
enum user{
description
"TBD";
}
enum guest{
description
"TBD";
}
}
description
"This is used for login mode";
}
grouping protocol {
description
"A set of protocols";
container protocol {
description
"Protocol types:
TCP, UDP, ICMP, ICMPv6, IP, HTTP, FTP and etc.";
Hong, et al. Expires January 20, 2018 [Page 15]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
leaf tcp {
type boolean;
description
"TCP protocol type.";
}
leaf udp {
type boolean;
description
"UDP protocol type.";
}
leaf icmp {
type boolean;
description
"ICMP protocol type.";
}
leaf icmpv6 {
type boolean;
description
"ICMPv6 protocol type.";
}
leaf ip {
type boolean;
description
"IP protocol type.";
}
leaf http {
type boolean;
description
"HTTP protocol type.";
}
leaf ftp {
type boolean;
description
"ftp protocol type.";
}
}
}
grouping traffic-rates {
description
"A set of traffic rates
for statistics data";
leaf total-traffic {
type uint32;
description
"Total traffic";
}
leaf in-traffic-ave-rate {
type uint32;
Hong, et al. Expires January 20, 2018 [Page 16]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
description
"Inbound traffic average rate in pps";
}
leaf in-traffic-peak-rate {
type uint32;
description
"Inbound traffic peak rate in pps";
}
leaf in-traffic-ave-speed {
type uint32;
description
"Inbound traffic average speed in bps";
}
leaf in-traffic-peak-speed {
type uint32;
description
"Inbound traffic peak speed in bps";
}
leaf out-traffic-ave-rate {
type uint32;
description
"Outbound traffic average rate in pps";
}
leaf out-traffic-peak-rate {
type uint32;
description
"Outbound traffic peak rate in pps";
}
leaf out-traffic-ave-speed {
type uint32;
description
"Outbound traffic average speed in bps";
}
leaf out-traffic-peak-speed {
type uint32;
description
"Outbound traffic peak speed in bps";
}
}
grouping i2nsf-system-alarm-type-content {
description
"A set of system alarm type contents";
leaf event-name {
type string;
mandatory true;
description
"This is used to distinguish event type";
}
Hong, et al. Expires January 20, 2018 [Page 17]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
leaf usage {
type uint8;
description
"specifies the amount of usage";
}
leaf threshold {
type uint8;
description
"The threshold triggering the alarm or the event";
}
leaf message {
type string;
mandatory true;
description
"The usage exceeded the threshold";
}
}
grouping i2nsf-system-event-type-content {
description
"A set of system event type contents";
leaf event-name {
type string;
mandatory true;
description
"ACCESS_DENIED, CONFIG_CHANGE and so on.";
}
leaf user-name {
type string;
mandatory true;
description
"Name of a user";
}
leaf group {
type string;
mandatory true;
description
"Group to which a user belongs.";
}
leaf login-ip {
type inet:ipv4-address;
mandatory true;
description
"Login IP address of a user.";
}
container authentication-mode {
description
"User authentication mode. e.g., Local Authentication,
Third-Party Server Authentication,
Hong, et al. Expires January 20, 2018 [Page 18]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
Authentication Exemption, SSO Authentication.";
leaf local-authentication {
type boolean;
mandatory true;
description
"Authentication-mode : local authentication.";
}
leaf third-part-server-authentication {
type boolean;
mandatory true;
description
"TBD";
}
leaf exemption-authentication {
type boolean;
mandatory true;
description
"TBD";
}
leaf sso-authentication {
type boolean;
mandatory true;
description
"TBD";
}
}
leaf message {
type string;
mandatory true;
description
"The message for system events";
}
}
grouping i2nsf-nsf-event-type-content {
description
"A set of nsf event type contents";
leaf event-name {
type string;
mandatory true;
description
"This is used to distinguish event type";
}
leaf user-name {
type string;
description
"User name who generates traffic";
}
leaf message {
Hong, et al. Expires January 20, 2018 [Page 19]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
type string;
description
"The message for nsf events";
}
leaf src-ip {
type inet:ipv4-address;
description
"The source IP address of the packet";
}
leaf dst-ip {
type inet:ipv4-address;
description
"The destination IP address of the packet";
}
leaf src-port {
type inet:port-number;
description
"The source port of the packet";
}
leaf dst-port {
type inet:port-number;
description
"The destination port of the packet";
}
leaf src-zone {
type string;
description
"The source security zone of the packet";
}
leaf dst-zone {
type string;
description
"The destination security zone of the packet";
}
leaf rule-id {
type uint8;
mandatory true;
description
"The ID of the rule being triggered";
}
leaf rule-name {
type string;
mandatory true;
description
"The name of the rule being triggered";
}
leaf profile {
type string;
Hong, et al. Expires January 20, 2018 [Page 20]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
description
"Security profile that traffic matches.";
}
leaf raw-info {
type string;
description
"The information describing the packet
triggering the event.";
}
}
grouping i2nsf-system-counter-type-content{
description
"A set of system counter type contents";
leaf interface-name {
type string;
description
"Network interface name configured in NSF";
}
leaf in-total-traffic-pkts {
type uint32;
description
"Total inbound packets";
}
leaf out-total-traffic-pkts {
type uint32;
description
"Total outbound packets";
}
leaf in-total-traffic-bytes {
type uint32;
description
"Total inbound bytes";
}
leaf out-total-traffic-bytes {
type uint32;
description
"Total outbound bytes";
}
leaf in-drop-traffic-pkts {
type uint32;
description
"Total inbound drop packets";
}
leaf out-drop-traffic-pkts {
type uint32;
description
"Total outbound drop packets";
}
Hong, et al. Expires January 20, 2018 [Page 21]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
leaf in-drop-traffic-bytes {
type uint32;
description
"Total inbound drop bytes";
}
leaf out-drop-traffic-bytes {
type uint32;
description
"Total outbound drop bytes";
}
uses traffic-rates;
}
grouping i2nsf-nsf-counters-type-content{
description
"A set of nsf counters type contents";
leaf src-ip {
type inet:ipv4-address;
description
"The source IP address of the packet";
}
leaf dst-ip {
type inet:ipv4-address;
description
"The destination IP address of the packet";
}
leaf src-port {
type inet:port-number;
description
"The source port of the packet";
}
leaf dst-port {
type inet:port-number;
description
"The destination port of the packet";
}
leaf src-zone {
type string;
description
"The source security zone of the packet";
}
leaf dst-zone {
type string;
description
"The destination security zone of the packet";
}
leaf src-region {
type string;
description
Hong, et al. Expires January 20, 2018 [Page 22]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
"Source region of the traffic";
}
leaf dst-region{
type string;
description
"Destination region of the traffic";
}
leaf policy-id {
type uint8;
mandatory true;
description
"The ID of the policy being triggered";
}
leaf policy-name {
type string;
mandatory true;
description
"The name of the policy being triggered";
}
leaf src-user{
type string;
description
"User who generates traffic";
}
uses protocol;
uses traffic-rates;
}
container monitoring-message {
description
"The message for monitoring information";
list monitoring-messages {
key message-id;
description
"The messages according to monitoring information";
leaf message-id {
type uint8;
mandatory true;
description
"This is message ID
This is key for monitoring messages";
}
leaf message-version {
type uint8;
mandatory true;
description
"The version of message";
}
Hong, et al. Expires January 20, 2018 [Page 23]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
choice message-type {
description
"The type of message";
case alarm {
description
"If the message type is alarm";
choice alarm-type {
description
"This is alarm type such as system alarm";
case system-alarm{
description
"If the alarm type is system alarm";
container memory-alarm {
description
"This is memory alarm in
system alarm";
uses i2nsf-system-alarm-type-content;
leaf module-name {
type string;
mandatory true;
description
"Indicate the NSF module
responsible for generating
this alarm";
}
}
container cpu-alarm {
description
"This is cpu alarm in system alarm";
uses i2nsf-system-alarm-type-content;
}
container disk-alarm {
description
"This is disk alarm in system alarm";
uses i2nsf-system-alarm-type-content;
}
container hardware-alarm {
description
"This is hardware alarm
in system alarm";
uses i2nsf-system-alarm-type-content;
leaf component-name {
type string;
description
"Indicate the HW component
responsible for generating
this alarm.";
}
Hong, et al. Expires January 20, 2018 [Page 24]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
}
container interface-alarm {
description
"This is interface alarm
in system alarm";
uses i2nsf-system-alarm-type-content;
leaf interface-name {
type string;
description
"The name of interface.";
}
container interface-state {
description
"This is isnteface state
in interface-alarm";
leaf up {
type boolean;
mandatory true;
description
"The state of interface is up";
}
leaf down {
type boolean;
mandatory true;
description
"The state of interface is down";
}
leaf congested {
type boolean;
mandatory true;
description
"The state of interface is
congested";
}
}
}
}
}
}
case event {
description
"If the message type is event";
choice event-type {
description
"This is event type such as system event
and nsf event.";
case system-event {
description
Hong, et al. Expires January 20, 2018 [Page 25]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
"If the event type is system event";
container access-violation {
description
"If the system event is
access violation";
uses i2nsf-system-event-type-content;
}
container config-change {
description
"If the system event is
config change violation";
uses i2nsf-system-event-type-content;
}
}
case nsf-event {
description
"If the event type is nsf event";
container ddos-event {
description
"If the event type is DDoS event";
uses i2nsf-nsf-event-type-content;
container ddos-attack-type{
description
"Type of DDoS attack";
leaf syn-flood{
type boolean;
description
"If the DDoS attack is
syn flood";
}
leaf ack-flood{
type boolean;
description
"If the DDoS attack is
ack flood";
}
leaf syn-ack-flood{
type boolean;
description
"If the DDoS attack is
syn ack flood";
}
leaf fin-rst-flood{
type boolean;
description
"If the DDoS attack is
fin rst flood";
}
Hong, et al. Expires January 20, 2018 [Page 26]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
leaf tcp-connection-flood{
type boolean;
description
"If the DDoS attack is
tcp connection flood";
}
leaf udp-flood{
type boolean;
description
"If the DDoS attack is
udp flood";
}
leaf icmp-flood{
type boolean;
description
"If the DDoS attack is
icmp flood";
}
leaf https-flood{
type boolean;
description
"If the DDoS attack is
https flood";
}
leaf http-flood{
type boolean;
description
"If the DDoS attack is
http flood";
}
leaf dns-reply-flood{
type boolean;
description
"If the DDoS attack is
dns reply flood";
}
leaf dns-query-flood{
type boolean;
description
"If the DDoS attack is
dns query flood";
}
leaf sip-flood{
type boolean;
description
"If the DDoS attack is
sip flood";
}
Hong, et al. Expires January 20, 2018 [Page 27]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
}
leaf start-time {
type yang:date-and-time;
mandatory true;
description
"The time stamp indicating
when the attack started";
}
leaf end-time {
type yang:date-and-time;
mandatory true;
description
"The time stamp indicating
when the attack ended";
}
leaf attack-rate {
type uint32;
description
"The PPS of attack traffic";
}
leaf attack-speed {
type uint32;
description
"the bps of attack traffic";
}
}
container session-table-event {
description
"If the event type is session
table event";
leaf event-name {
type string;
description
"The event name for
session table event";
}
leaf current-session {
type uint8;
description
"The number of concurrent
sessions";
}
leaf maximum-session {
type uint8;
description
"The maximum number of sessions
that the session table can
support";
Hong, et al. Expires January 20, 2018 [Page 28]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
}
leaf threshold {
type uint8;
description
"The threshold triggering
the event";
}
leaf message {
type string;
description
"The number of session table
exceeded the threshold";
}
}
container virus-event {
description
"If the event type is virus event";
uses i2nsf-nsf-event-type-content;
container virus-type {
description
"The type of virus";
leaf trajan {
type boolean;
description
"If the virus type is trajan";
}
leaf worm {
type boolean;
description
"If the virus type is worm";
}
leaf macro {
type boolean;
description
"If the virus type is macro";
}
}
leaf virus-name {
type string;
description
"The name of virus";
}
leaf file-type {
type string;
description
"The type of file";
}
leaf file-name {
Hong, et al. Expires January 20, 2018 [Page 29]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
type string;
description
"The name of file";
}
}
container intrusion-event {
description
"If the event type is intrusion event";
uses i2nsf-nsf-event-type-content;
uses protocol;
container intrusion-attack-type {
description
"The attack type of intrusion";
leaf brutal-force {
type boolean;
description
"The intrusion type is
brutal force";
}
leaf buffer-overflow {
type boolean;
description
"The intrusion type is
buffer overflow";
}
}
}
container botnet-event {
description
"If the event type is botnet event";
uses i2nsf-nsf-event-type-content;
uses protocol;
leaf botnet-name {
type string;
description
"The name of the detected botnet";
}
leaf role {
type string;
description
"The role of the communicating
parties within the botnet";
}
}
container web-attack-event {
description
"If the event type is web
attack event";
Hong, et al. Expires January 20, 2018 [Page 30]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
uses i2nsf-nsf-event-type-content;
container web-attack-type {
description
"To determine the attack
type";
leaf sql-injection {
type boolean;
description
"If the web attack type is
sql injection";
}
leaf command-injection {
type boolean;
description
"If the web attack type is
command injection";
}
leaf xss {
type boolean;
description
"If the web attack type is
xss injection";
}
leaf csrf {
type boolean;
description
"If the web attack type is
csrf injection";
}
}
container req-method {
description
"The method of requirement.
For instance, PUT or GET
in HTTP";
leaf put{
type boolean;
description
"If req method is PUT";
}
leaf get {
type boolean;
description
"If req method is GET";
}
}
leaf req-url {
type string;
Hong, et al. Expires January 20, 2018 [Page 31]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
description
"Requested URL";
}
leaf url-category {
type string;
description
"Matched URL category";
}
container filtering-type {
description
"URL filtering type,
e.g., Blacklist, Whitelist,
User-Defined, Predefined,
Malicious Category, Unknown";
leaf blacklist {
type boolean;
description
"The filtering type is
blacklist";
}
leaf whitelist {
type boolean;
description
"The filtering type is
whitelist";
}
leaf user-defined {
type boolean;
description
"The filtering type is
user defined";
}
leaf balicious-category{
type boolean;
description
"The filtering type is
balicious category";
}
leaf unknown {
type boolean;
description
"The filtering type is
unknown";
}
}
}
}
}
Hong, et al. Expires January 20, 2018 [Page 32]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
}
case log {
description
"If the message type is log";
choice log-type {
description
"The type of log";
case system-log{
description
"If the log type is system log";
container access-logs {
description
"If the log is access logs
in system log";
leaf login-ip {
type inet:ipv4-address;
mandatory true;
description
"Login IP address of a user.";
}
leaf administartor {
type string;
description
"Administrator that
operates on the device";
}
leaf login-mode {
type login-mode;
description
"Specifies the
administrator logs in mode";
}
leaf operation-type {
type operation-type;
description
"The operation type that
the administrator execute";
}
leaf result {
type string;
description
"Command execution result";
}
leaf content {
type string;
description
"Operation performed by
an administrator after login.";
Hong, et al. Expires January 20, 2018 [Page 33]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
}
}
container resource-utiliz-logs {
description
"If the log is resource utilize
logs in system log";
leaf system-status {
type string;
description
"TBD";
}
leaf cpu-usage {
type uint8;
description
"specifies the amount of
cpu usage";
}
leaf memory-usage {
type uint8;
description
"specifies the amount of
memory usage";
}
leaf disk-usage {
type uint8;
description
"specifies the amount of
disk usage";
}
leaf disk-left {
type uint8;
description
"specifies the amount of
disk left";
}
leaf session-num {
type uint8;
description
"The total number of
sessions";
}
leaf process-num {
type uint8;
description
"The total number of
process";
}
leaf in-traffic-rate {
Hong, et al. Expires January 20, 2018 [Page 34]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
type uint32;
description
"The total inbound
traffic rate in pps";
}
leaf out-traffic-rate {
type uint32;
description
"The total outbound
traffic rate in pps";
}
leaf in-traffic-speed {
type uint32;
description
"The total inbound
traffic speed in bps";
}
leaf out-traffic-speed {
type uint32;
description
"The total outbound
traffic speed in bps";
}
}
container user-activity-logs {
description
"If the log is user activity
logs in system log";
leaf user {
type string;
mandatory true;
description
"Name of a user";
}
leaf group {
type string;
mandatory true;
description
"Group to which a user belongs.";
}
leaf login-ip {
type inet:ipv4-address;
mandatory true;
description
"Login IP address of a user.";
}
container authentication-mode {
description
Hong, et al. Expires January 20, 2018 [Page 35]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
"User authentication mode. e.g.,
Local Authentication,
Third-Party Server Authentication,
Authentication Exemption, SSO Authentication.";
leaf local-authentication {
type boolean;
mandatory true;
description
"Authentication-mode : local authentication.";
}
leaf third-part-server-authentication {
type boolean;
mandatory true;
description
"TBD";
}
leaf exemption-authentication {
type boolean;
mandatory true;
description
"TBD";
}
leaf sso-authentication {
type boolean;
mandatory true;
description
"TBD";
}
}
container access-mode {
description
"TBD";
leaf ppp{
type boolean;
description
"TBD";
}
leaf svn{
type boolean;
description
"TBD";
}
leaf local{
type boolean;
description
"TBD";
}
}
Hong, et al. Expires January 20, 2018 [Page 36]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
leaf online-duration {
type string;
description
"TBD";
}
leaf logout-duration {
type string;
description
"TBD";
}
leaf addtional-info {
type string;
description
"TBD";
}
}
}
case nsf-log{
description
"If the log type is nsf log";
container ddos-logs {
description
"If the log is DDoS logs
in nsf log";
leaf attack-type{
type string;
description
"DDoS";
}
leaf attack-ave-rate {
type uint32;
description
"The ave PPS of
attack traffic";
}
leaf attack-ave-speed {
type uint32;
description
"the ave bps of
attack traffic";
}
leaf attack-pkt-num{
type uint32;
description
"the number of
attack packets";
}
leaf attack-src-ip {
Hong, et al. Expires January 20, 2018 [Page 37]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
type inet:ipv4-address;
description
"TBD";
}
leaf action {
type all-action;
description
"TBD";
}
leaf os {
type string;
description
"simple os information";
}
}
container virus-logs {
description
"If the log is virus logs
in nsf log";
uses protocol;
leaf attack-type{
type string;
description
"Virus";
}
leaf action{
type all-action;
description
"TBD";
}
leaf os{
type string;
description
"simple os information";
}
leaf time {
type yang:date-and-time;
mandatory true;
description
"Indicate the time when the
message is generated";
}
}
container intrusion-logs {
description
"If the log is intrusion logs
in nsf log";
leaf attack-type{
Hong, et al. Expires January 20, 2018 [Page 38]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
type string;
description
"Intrusion";
}
leaf action{
type all-action;
description
"TBD";
}
leaf time {
type yang:date-and-time;
mandatory true;
description
"Indicate the time when the
message is generated";
}
leaf attack-rate {
type uint32;
description
"The PPS of attack traffic";
}
leaf attack-speed {
type uint32;
description
"the bps of attack traffic";
}
}
container botnet-logs {
description
"If the log is botnet logs
in nsf log";
leaf attack-type{
type string;
description
"Botnet";
}
leaf botnet-pkt-num{
type uint8;
description
"The number of the packets
sent to or from the
detected botnet";
}
leaf action{
type all-action;
description
"TBD";
}
Hong, et al. Expires January 20, 2018 [Page 39]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
leaf os{
type string;
description
"simple os information";
}
}
container dpi-logs {
description
"If the log is dpi logs
in nsf log";
leaf dpi-type{
type dpi-type;
description
"The type of dpi";
}
leaf src-ip {
type inet:ipv4-address;
description
"The source IP address of the packet";
}
leaf dst-ip {
type inet:ipv4-address;
description
"The destination IP address of the packet";
}
leaf src-port {
type inet:port-number;
description
"The source port of the packet";
}
leaf dst-port {
type inet:port-number;
description
"The destination port of the packet";
}
leaf src-zone {
type string;
description
"The source security zone of the packet";
}
leaf dst-zone {
type string;
description
"The destination security zone of the packet";
}
leaf src-region {
type string;
description
Hong, et al. Expires January 20, 2018 [Page 40]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
"Source region of the traffic";
}
leaf dst-region{
type string;
description
"Destination region of the traffic";
}
leaf policy-id {
type uint8;
mandatory true;
description
"The ID of the policy being triggered";
}
leaf policy-name {
type string;
mandatory true;
description
"The name of the policy being triggered";
}
leaf src-user{
type string;
description
"User who generates traffic";
}
uses protocol;
leaf file-type {
type string;
description
"The type of file";
}
leaf file-name {
type string;
description
"The name of file";
}
}
list vulnerability-scanning-logs {
key vulnerability-id;
description
"If the log is vulnerability
scanning logs in nsf log";
leaf vulnerability-id{
type uint8;
description
"The vulnerability id";
}
leaf victim-ip {
type inet:ipv4-address;
Hong, et al. Expires January 20, 2018 [Page 41]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
description
"IP address of the victim
host which has vulnerabilities";
}
uses protocol;
leaf port-num{
type inet:port-number;
description
"The port number";
}
leaf level{
type severity;
description
"The vulnerability severity";
}
leaf os{
type string;
description
"simple os information";
}
leaf addtional-info{
type string;
description
"TBD";
}
}
container web-attack-logs {
description
"If the log is web attack
logs in nsf log";
leaf attack-type{
type string;
description
"Web Attack";
}
leaf rsp-code{
type string;
description
"Response code";
}
leaf req-clientapp{
type string;
description
"The client application";
}
leaf req-cookies{
type string;
description
Hong, et al. Expires January 20, 2018 [Page 42]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
"Cookies";
}
leaf req-host{
type string;
description
"The domain name of the
requested host";
}
leaf raw-info{
type string;
description
"The information describing
the packet triggering the
event.";
}
}
}
}
}
case counters {
description
"If the message type is counters";
choice counter-type {
description
"The type of counter";
case system-counter {
container interface-counters {
description
"The system counter type is
interface counter";
uses i2nsf-system-counter-type-content;
}
}
case nsf-counter{
container firewall-counters {
description
"The nsf counter type is
firewall counter";
uses i2nsf-nsf-counters-type-content;
container bound{
description
"Inbound or Outbound";
leaf in-interface {
type boolean;
description
"If the bound is inbound";
}
leaf out-interface {
Hong, et al. Expires January 20, 2018 [Page 43]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
type boolean;
description
"If the bound is outbound";
}
}
}
container policy-hit-counters {
description
"The counters of policy hit";
uses i2nsf-nsf-counters-type-content;
leaf hit-times{
type uint32;
description
"The hit times for policy";
}
}
}
}
}
}
leaf time-stamp {
type yang:date-and-time;
mandatory true;
description
"Indicate the time when the message is generated";
}
leaf severity {
type severity;
mandatory true;
description
"The severity of the alarm such as
critical, high, middle, low.";
}
leaf vendor-name {
type string;
description
"The name of the NSF vendor";
}
}
}
}
<CODE ENDS>
Figure 2: Data Model of Monitoring
Hong, et al. Expires January 20, 2018 [Page 44]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
6. Acknowledgments
This work was supported by Institute for Information &iamp;
communications Technology Promotion (IITP) grant funded by the Korea
government (MSIP) (R-20160222-002755, Cloud based Security
Intelligence Technology Development for the Customized Security
Service Provisioning).
This document has greatly benefited from inputs by Daeyoung Hyun.
7. References
7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to
Indicate Requirement Levels", BCP 14,
RFC 2119, March 1997.
[RFC6020] Bjorklund, M., "YANG - A Data Modeling
Language for the Network Configuration
Protocol (NETCONF)", RFC 6020, October 2010.
7.2. Informative References
[i2rs-rib-data-model] Wang, L., Ananthakrishnan, H., Chen, M., Dass,
A., Kini, S., and N. Bahadur, "A YANG Data
Model for Routing Information Base (RIB)",
draft-ietf-i2rs-rib-data-model-07 (work in
progress), January 2017.
[i2nsf-terminology] Hares,, S., Strassner,, J., Lopez,, D., Xia,,
L., and H. Birkholz,, "Interface to Network
Security Functions (I2NSF) Terminology",
draft-ietf-i2nsf-terminology-04 (work in
progress), July 2017.
[i2nsf-framework] Hares,, S., Lopez,, J., Dunbar, L., Strassner,
J., and R. Kumar, "Framework for Interface to
Network Security Functions",
draft-ietf-i2nsf-framework-05 (work in
progress), May 2017.
[i2nsf-monitoring-im] Xia,, L., Zhang,, D., Wu, Y., Kumar, R.,
Lohiya, A., and H. Birkholz, "An Information
Model for the Monitoring of Network Security
Functions (NSF)",
draft-zhang-i2nsf-info-model-monitoring-04
(work in progress), July 2017.
Hong, et al. Expires January 20, 2018 [Page 45]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
Authors' Addresses
Dongjin Hong
Department of Computer Engineering
Sungkyunkwan University
2066 Seobu-Ro, Jangan-Gu
Suwon, Gyeonggi-Do 16419
Republic of Korea
Phone: +82 10 7630 5473
EMail: dong.jin@skku.edu
Jaehoon Paul Jeong
Department of Software
Sungkyunkwan University
2066 Seobu-Ro, Jangan-Gu
Suwon, Gyeonggi-Do 16419
Republic of Korea
Phone: +82 31 299 4957
Fax: +82 31 290 7996
EMail: pauljeong@skku.edu
URI: http://iotlab.skku.edu/people-jaehoon-jeong.php
Jinyong Tim Kim
Department of Computer Engineering
Sungkyunkwan University
2066 Seobu-Ro, Jangan-Gu
Suwon, Gyeonggi-Do 16419
Republic of Korea
Phone: +82 10 8273 0930
EMail: timkim@skku.edu
Susan Hares
Huawei
7453 Hickory Hill
Saline, MI 48176
USA
Phone: +1-734-604-0332
EMail: shares@ndzh.com
Hong, et al. Expires January 20, 2018 [Page 46]
Internet-Draft I2NSF NSF Monitoring YANG Data Model July 2017
Liang Xia (Frank)
Huawei
101 Software Avenue, Yuhuatai District
Nanjing, Jiangsu
China
Phone:
EMail: Frank.xialiang@huawei.com
Hong, et al. Expires January 20, 2018 [Page 47]