I2nsf Workgroup RFCs

Browse I2nsf Workgroup RFCs by Number

RFC8192 - Interface to Network Security Functions (I2NSF): Problem Statement and Use Cases
This document sets out the problem statement for Interface to Network Security Functions (I2NSF) and outlines some companion use cases.
RFC8329 - Framework for Interface to Network Security Functions
This document describes the framework for Interface to Network Security Functions (I2NSF) and defines a reference model (including major functional components) for I2NSF. Network Security Functions (NSFs) are packet-processing engines that inspect and optionally modify packets traversing networks, either directly or in the context of sessions to which the packet is associated.
RFC9061 - A YANG Data Model for IPsec Flow Protection Based on Software-Defined Networking (SDN)
This document describes how to provide IPsec-based flow protection (integrity and confidentiality) by means of an Interface to Network Security Function (I2NSF) Controller. It considers two main well-known scenarios in IPsec: gateway-to-gateway and host-to-host. The service described in this document allows the configuration and monitoring of IPsec Security Associations (IPsec SAs) from an I2NSF Controller to one or several flow-based Network Security Functions (NSFs) that rely on IPsec to protect data traffic.
This document focuses on the I2NSF NSF-Facing Interface by providing YANG data models for configuring the IPsec databases, namely Security Policy Database (SPD), Security Association Database (SAD), Peer Authorization Database (PAD), and Internet Key Exchange Version 2 (IKEv2). This allows IPsec SA establishment with minimal intervention by the network administrator. This document defines three YANG modules, but it does not define any new protocol.