Interface to Network Security Functions (I2NSF) Working Group Overview

A Network Security Function (NSF) is a function used to ensure integrity, confidentiality, or availability of network communications, to detect unwanted network activity, or to block or at least mitigate the effects of unwanted activity. NSFs are provided and consumed in increasingly diverse environments. Users could consume network security services enforced by NSFs hosted by one or more providers, which may be their own enterprise, service providers, or a combination of both. Similarly, service providers may offer their customers network security services that are enforced by multiple security products, functions from different vendors, or open source technologies. NSFs may be provided by physical and/or virtualized infrastructure. Without standard interfaces to control and monitor the behavior of NSFs, it has become virtually impossible for providers of security services to automate service offerings that utilize different security functions from multiple vendors.

The goal of I2NSF is to define a set of software interfaces and data models for controlling and monitoring aspects of physical and virtual Network Security Functions (NSFs), enabling clients to specify rulesets. If the working group finds it necessary to work on an information model before the data models, to help provide guidance and derive the data models, it may do so. The working group will decide later whether the information model needs to be published as an RFC. Other aspects of NSFs, such as device or network provisioning and configuration, are out of scope. As there are many different security vendors or open source technologies supporting different features and functions on their devices, I2NSF will focus on flow-based NSFs that provide treatment to packets/flows, such as Intrusion Protection or Detection System (IPS/IDS), web filtering, flow filtering, deep packet inspection, or pattern matching and remediation.

The WG's charter is being periodically updated and can be found at I2NSF charter.

Working Group Status

All the I2NSF documents are accessible and listed here.

Presentations of the Sept 6 2017 I2NSF Interim discussing SDN Controlled IPsec Key

Video Recording of the Sept 6 2017 I2NSF Interim discussing SDN Controlled IPsec Key management

Implementation and Source Code

Industry Events

  • Software Defined Secure Networks -- Presentation at ISOCORE 2016 by Juniper Networks
  • Using IETF I2NSF to mitigate DDoS attacks-- Presentation at NANOG 68 by Linda Dunbar

IETF 97 Hackathon - I2NSF

IETF I2NSF Hackathon 97


Any questions or suggestions regarding I2NSF's work can be directed to the I2NSF mailing list.

Last modified 2 weeks ago Last modified on Sep 6, 2017, 3:19:38 PM