Dear Mohit: Thank you very much for your review. We really appreciate it. Please see our comments inline:
[Authors] Regarding the abstract, we have applied your suggestions. We can also include a few words to highlight the aspect you mention: we do not define any new protocol but a YANG model. This document describes how to provide IPsec-based flow protection (integrity With respect to notifications, they are defined in NETCONF itself but we had to define through the YANG model the information (notification data) that will be sent: For example: notifications: +---n sadb-acquire | +--ro ipsec-policy-name string | +--ro traffic-selector | +--ro local-subnet inet:ip-prefix | +--ro remote-subnet inet:ip-prefix | +--ro inner-protocol? ipsec-inner-protocol | +--ro local-ports* [start end] | | +--ro start inet:port-number | | +--ro end inet:port-number | +--ro remote-ports* [start end] | +--ro start inet:port-number | +--ro end inet:port-number +---n sadb-expire | +--ro ipsec-sa-name string | +--ro soft-lifetime-expire? boolean | +--ro lifetime-current | +--ro time? uint32 | +--ro bytes? uint32 | +--ro packets? uint32 | +--ro idle? uint32 +---n sadb-seq-overflow | +--ro ipsec-sa-name string +---n sadb-bad-spi +--ro spi uint32 Therefore We define YANG notifications for the ikeless case making use of the notification message defined by NETCONF.
We think this is discussed in Section 5.4 NSF registration and discovery. We acknowledged that I2NSF must discover NSF features. However this is a previous step to what we define in this I-D. Once the NSF is operative and I2NSF controller has knowledge of the NSF and their features, the I2NSF controller can configure properly. Should we extend the section 5.4 somehow? Any suggestion?
In the IKE-less case, the I2NSF controller can apply multiple IPsec SAs in the NSF. Beyond these comments all the minor issues below has been already fixed in the v09 we are preparing. Best regards and thank you so much again!
------------------------------------------------------- Rafa Marin-Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: rafa@xxxxx ------------------------------------------------------- |
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call