{"draft":"draft-ietf-i2nsf-sdn-ipsec-flow-protection-14","doc_id":"RFC9061","title":"A YANG Data Model for IPsec Flow Protection Based on Software-Defined Networking (SDN)","authors":["R. Marin-Lopez","G. Lopez-Millan","F. Pereniguez-Garcia"],"format":["HTML","TEXT","PDF","XML"],"page_count":"90","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Interface to Network Security Functions","abstract":"This document describes how to provide IPsec-based flow protection\r\n(integrity and confidentiality) by means of an Interface to Network\r\nSecurity Function (I2NSF) Controller.  It considers two main\r\nwell-known scenarios in IPsec: gateway-to-gateway and host-to-host.\r\nThe service described in this document allows the configuration and\r\nmonitoring of IPsec Security Associations (IPsec SAs) from an I2NSF\r\nController to one or several flow-based Network Security Functions\r\n(NSFs) that rely on IPsec to protect data traffic. \r\n\r\nThis document focuses on the I2NSF NSF-Facing Interface by providing\r\nYANG data models for configuring the IPsec databases, namely Security\r\nPolicy Database (SPD), Security Association Database (SAD), Peer\r\nAuthorization Database (PAD), and Internet Key Exchange Version 2\r\n(IKEv2). This allows IPsec SA establishment with minimal intervention\r\nby the network administrator. This document defines three YANG\r\nmodules, but it does not define any new protocol.","pub_date":"July 2021","keywords":["NSF","SDN","IPsec"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9061","errata_url":null}