{
  "draft": "draft-ietf-i2nsf-sdn-ipsec-flow-protection-14",
  "doc_id": "RFC9061",
  "title": "A YANG Data Model for IPsec Flow Protection Based on Software-Defined Networking (SDN)",
  "authors": [
    "R. Marin-Lopez",
    "G. Lopez-Millan",
    "F. Pereniguez-Garcia"
  ],
  "format": [
    "XML",
    "TEXT",
    "HTML",
    "PDF"
  ],
  "page_count": "90",
  "pub_status": "PROPOSED STANDARD",
  "status": "PROPOSED STANDARD",
  "source": "Interface to Network Security Functions",
  "abstract": "This document describes how to provide IPsec-based flow protection (integrity and confidentiality) by means of an Interface to Network Security Function (I2NSF) Controller. It considers two main well-known scenarios in IPsec: gateway-to-gateway and host-to-host. The service described in this document allows the configuration and monitoring of IPsec Security Associations (IPsec SAs) from an I2NSF Controller to one or several flow-based Network Security Functions (NSFs) that rely on IPsec to protect data traffic.\n\n This document focuses on the I2NSF NSF-Facing Interface by providing YANG data models for configuring the IPsec databases, namely Security Policy Database (SPD), Security Association Database (SAD), Peer Authorization Database (PAD), and Internet Key Exchange Version 2 (IKEv2). This allows IPsec SA establishment with minimal intervention by the network administrator. This document defines three YANG modules, but it does not define any new protocol.",
  "pub_date": "July 2021",
  "keywords": [
    "NSF",
    "SDN",
    "IPsec"
  ],
  "obsoletes": [],
  "obsoleted_by": [],
  "updates": [],
  "updated_by": [],
  "see_also": [],
  "doi": "10.17487/RFC9061",
  "errata_url": null
}