Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analysis of Existing Work for I2NSF draft-zhang-gap-analysis-00 H.Rafiee Dacheng Zhang Huawei IETF 91 I2NSF BoF.

Published byIris Webb Modified over 9 years ago

Similar presentations

Presentation on theme: "Analysis of Existing Work for I2NSF draft-zhang-gap-analysis-00 H.Rafiee Dacheng Zhang Huawei IETF 91 I2NSF BoF."— Presentation transcript:

1 Analysis of Existing Work for I2NSF draft-zhang-gap-analysis-00 H.Rafiee Dacheng Zhang Huawei IETF 91 I2NSF BoF

2 NSIS (1) NSIS is for standardizing an IP signaling protocol (RSVP) along data path for end points to request its unique QoS characteristics, unique FW policies or NAT needs (RFC5973) that are different from the FW/NAT original setting. The requests are communicated directly to the FW/NAT devices. NSIS is path-coupled, it's possible to message every participating device along a path without having to know its location, or its location relative to other devices

3 NSIS (2) The I2NSF doesn’t require all network functions to comply. I2NSF is to define clients (applications) oriented descriptors (profiles, or attributes) to request/negotiate/validate network security functions that are not physically located on the local premises.

4 How I2NSF is different from SACM SACM: Security Assessment of End Points End points can be routers, switches, clustered DB, installed piece of software How to encode policies in a manner where assessment can be automated Example: – a Solaris 10 SPARC or Window 7 system used in a environment that requires adherence to a policy of Mission Critical Classified. – rules like "The maximum password age must be 30 days" and "The minimum password age must be 1 day" I2NSF: Interface to Network Security Functions Protocols for clients to request/query/verify Security related functions from Network Providers Firewall DDOS/Anti-DOS Access control/Authorization/Authentication Remote identity management Secure Key management Intrusion Detection System/ Intrusion Prevention System (IDS/IPS) Threat detection: Eavesdropping, Trojans, viruses and worms, Malware, etc. Example: vCPE needs vFW that are hosted in the network. vCPE provides the “Group Policies” for the vFW, like A can talk to B & C, but B can’t talk to C.

5 PCP As indicated by the name, the Port Control Protocol (PCP) enables an IPv4 or IPv6 host to flexibly manage the IP address and port mapping information on Network Address Translators (NATs) or firewalls, to facilitate communication with remote hosts.

6 SFC IETF SFC is about mechanism of chaining together service functions; IETF SFC treats all those Service Functions as black box, i.e. SFC doesn’t care what actions those functions are performing. SFC defines the SFC header to carry Metadata with payload to those functions. But SFC itself doesn?t specify what content is encoded in the metadata.

7 ANIMA ANIMA (Autonomic Networking Integrated Model and Approach) introduces a control paradigm where network processes, driven by objectives (or intent), coordinate their local decisions, autonomically translate them into local actions, and adapt them automatically according to various sources of information including external information and protocol information bases.

8 Thanks

Download ppt "Analysis of Existing Work for I2NSF draft-zhang-gap-analysis-00 H.Rafiee Dacheng Zhang Huawei IETF 91 I2NSF BoF."

Similar presentations

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.

NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Networking Kevin, Ray, Kelvin, Stephan, Norman, Phil.

Networking Kevin, Ray, Kelvin, Stephan, Norman, Phil.
Department Of Computer Engineering

Department Of Computer Engineering
A Survey on Interfaces to Network Security

A Survey on Interfaces to Network Security
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
30/11/20131.1.1 Q & A on Networking. Question No. 1 What is Networking? Two or more computers that are linked in order to share – Resources (such as printers.

30/11/ Q & A on Networking. Question No. 1 What is Networking? Two or more computers that are linked in order to share – Resources (such as printers.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.

Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Similar presentations

Ads by Google