Re: [alto] 5/3/2022 Meeting Minutes
Danny Lachos <dlachos@benocs.com> Wed, 25 May 2022 11:45 UTC
Return-Path: <dlachos@benocs.com>
X-Original-To: alto@ietfa.amsl.com
Delivered-To: alto@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9373AC1850CB for <alto@ietfa.amsl.com>; Wed, 25 May 2022 04:45:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.252
X-Spam-Level:
X-Spam-Status: No, score=-8.252 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_ABOUTYOU=0.5, HTML_MESSAGE=0.001, NICE_REPLY_A=-1.857, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x76y0JFsQ8WV for <alto@ietfa.amsl.com>; Wed, 25 May 2022 04:45:31 -0700 (PDT)
Received: from mail.benocs.com (mx-01.benocs.com [91.102.13.130]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCDCFC18412B for <alto@ietf.org>; Wed, 25 May 2022 04:45:29 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.benocs.com (Postfix) with ESMTP id 095B353CE; Wed, 25 May 2022 13:45:27 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at benocs.com
Received: from mail.benocs.com ([127.0.0.1]) by localhost (mail.benocs.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id egf-qR3Ofoz0; Wed, 25 May 2022 13:45:25 +0200 (CEST)
Received: from [192.168.1.134] (unknown [192.168.1.134]) by mail.benocs.com (Postfix) with ESMTPSA id 95FA653BB; Wed, 25 May 2022 13:45:25 +0200 (CEST)
Content-Type: multipart/alternative; boundary="------------gRmP1bkIzTatZjnVhKa2fEq2"
Message-ID: <784a6f4b-d82d-2445-f37b-fe47a1516522@benocs.com>
Date: Wed, 25 May 2022 13:45:22 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
Content-Language: en-US
To: kaigao@scu.edu.cn, Qin Wu <bill.wu@huawei.com>
Cc: Jordi Ros Giralt <jros@qti.qualcomm.com>, "alto@ietf.org" <alto@ietf.org>
References: <87529f12355a46eea974e31fa8441bc4@huawei.com> <3b6ad709.d836.180d6d8044e.Coremail.kaigao@scu.edu.cn>
From: Danny Lachos <dlachos@benocs.com>
In-Reply-To: <3b6ad709.d836.180d6d8044e.Coremail.kaigao@scu.edu.cn>
Archived-At: <https://mailarchive.ietf.org/arch/msg/alto/_EHK_KSCpT_Piadz2Vk7Ioooewg>
Subject: Re: [alto] 5/3/2022 Meeting Minutes
X-BeenThere: alto@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "Application-Layer Traffic Optimization \(alto\) WG mailing list" <alto.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/alto>, <mailto:alto-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/alto/>
List-Post: <mailto:alto@ietf.org>
List-Help: <mailto:alto-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/alto>, <mailto:alto-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 May 2022 11:45:35 -0000
Hello Kai, Qin, all,
Thanks a lot for your comments/answers,
See below more details about our PoC & correlation:
Given a set of applications/media services (e.g., Disney+, DAZN, etc.)
that use infrastructures (e.g., CDNs) for content distribution, a couple
of questions to try to solve with this PoC:
* What are those infrastructures and how much traffic is coming from them?
* What are those applications and how much traffic is coming from them?
Therefore, the main idea with the DNS and Netflow correlation (including
BGP) is to annotate the Netflow traffic with the domain name(s) they
came from.
Regarding DNS information, we are collecting A/4A records and CName records:
* A/4A records to map an IPv4/IPv6 address to a FQDN (Fully Qualified
Domain Name).
* CNAME records to map a FQDN to another FQDN.
Main technical/research challenges for this DNS/Netflow mapping include:
* Live processing with multiple DNS and Netflow pipes running in parallel
* Domain name and IP address aggregation
* Desynchronized Netflow/DNS streams, including different formats
* DNS records need to be tracked in order to know if they are still
valid or not
* Warm-up periods of more than 12 hours
* Recursive CNAME mapping (and sometimes endless)
* Recursive lookup of FQDNs is not always completed because we only
receive the “cache misses” in the DNS stream data
* ...
We are implementing our PoC environment to validate and obtain different
proposals and results.
This is a work-in-progress and we are fully open to discuss in more
details this project, and working together with people interested in
this topic.
btw, regarding how the correlated data is consumed by applications, it
is supposed to use the same approach like FlowDirector
(https://datatracker.ietf.org/meeting/112/materials/slides-112-alto-implementation-deployment-experience-update-01),
i.e., through ALTO-based interfaces, BGP-based interfaces, or
customized interfaces.
On 18.05.22 13:05, kaigao@scu.edu.cn wrote:
>
> Hi Qin, Danny and all,
>
>
> Sorry I did not get the email from Danny and just saw this discussion.
> Please see my comments inline.
>
>
> Best,
>
> Kai
>
>
>
> -----Original Messages-----
> *From:*"Qin Wu" <bill.wu@huawei.com>
> *Sent Time:*2022-05-18 13:07:36 (Wednesday)
> *To:* "Danny Lachos" <dlachos@benocs.com>, "Jordi Ros Giralt"
> <jros@qti.qualcomm.com>, "kaigao@scu.edu.cn" <kaigao@scu.edu.cn>,
> "alto@ietf.org" <alto@ietf.org>
> *Cc:*
> *Subject:* RE: [alto] 5/3/2022 Meeting Minutes
>
> Hi, Danny:
>
> Interesting PoC, any more details about your PoC introduction. I
> am wondering what technique you are using for data correlation,
> how these correlated information are consumed by the application?
> I assume these steps do not require extension to Network Map or
> Cost Map.
>
> -Qin
>
> *发件人:*alto [mailto:alto-bounces@ietf.org] *代表 *Danny Lachos
> *发送时间:*2022年5月10日2:38
> *收件人:*Jordi Ros Giralt <jros@qti.qualcomm.com>; kaigao@scu.edu.cn;
> alto@ietf.org
> *主题:*Re: [alto] ?==?utf-8?q? ?==?utf-8?q? 5/3/2022 Meeting Minutes
>
> Hello Jordi, Kai, all
>
> Thanks a lot for sharing,
>
> I have a couple of quick comments/questions:
>
> Regarding the OpenALTO meetings [0], I saw that Kai is currently
> working on integrate ALTO in DNS. If I do not wrong, it is
> supposed to use ALTO as a northbound interface to provide
> information about the domain name resolution to DNS clients,
> right?, if not, there is a chance to explain a little bit more
> about what is being done on ALTO/DNS?
>
>
> There are two directions. One is to provide ALTO information through
> DNS and the other is to use ALTO to feed information to a DNS server.
> The first direction is definitely an interesting and potentially
> useful direction but we haven't got the man power to work on that.
> Right now we are using ALTO information to change the order of A
> records returned by a DNS server. The current proof-of-concept is to
> update the sort list option [1] based on ALTO cost map. Another
> approach in this direction is to change the preferences of A records
> of the same host name on the client side but we also haven't really
> started yet.
>
>
> To put the integration into a context, you may refer to the footprint
> paper (NSDI'16). The idea is to control user traffic through DNS
> remapping. However, I'm looking more in the case where the application
> is not in the same administrative domain as the underlying network
> provider, and the ALTO maps are constructed based on my NAI'21 paper
> instead of from the ISP.
>
>
> [1] http://www.ipamworldwide.com/ipam/sortlist.html
>
> Here at Benocs, we are also working with DNS information that is
> correlated with network traffic flows to obtain a
> multi-dimensional traffic information. In fact, we are
> implementing a PoC environment for the development of practical
> use cases. This PoC is able to read DNS traffic, network traffic
> flows, BGP information and then making correlations (real-time or
> batch processing).
>
> This sounds very interesting. Like Qin's comment, I would be very
> interested to hear more about the use cases and how you make the
> correlations.
>
> In some point, could be interesting to find some kind of
> interception about what you/we are currently dealing in terms of
> technical and/or scientific challenges.
>
> Certainly.
>
> On 04.05.22 14:12, Jordi Ros Giralt wrote:
>
> Thank you very much Jensen for taking meeting minutes yesterday.
>
> For those who could not attend our call yesterday (and for our
> bookkeeping), here you will find them:
> https://github.com/ietf-wg-alto/wg-materials/blob/main/meetings-ietf-alto/ietf-alto-2022.md
>
> Going forward, you will also find minutes for the OpenALTO
> meetings being held weekly too (Mon, Wed and Thu) here:
> https://github.com/ietf-wg-alto/wg-materials/blob/main/meetings-ietf-alto/ietf-openalto-2022.md.
> As you know, everyone is invited to attend these other
> meetings that focus on the implementation of the Standard, see
> the meeting coordinates in this previous link for days and
> zoom link.
>
> This action resolves ticket
> https://github.com/ietf-wg-alto/wg-materials/issues/23
>
> Thanks,
>
> Jordi on behalf of ALTO WG
>
> _______________________________________________
>
> alto mailing list
>
> alto@ietf.org
>
> https://www.ietf.org/mailman/listinfo/alto
>
> --
>
> Best regards,
>
> Dr.-Ing. Danny Lachos
>
> BENOCS GMBH
>
> www.benocs.com <http://www.benocs.com>
>
> [0]
> https://github.com/ietf-wg-alto/wg-materials/blob/main/meetings-ietf-alto/ietf-openalto-2022.md
>
--
Best regards,
Dr.-Ing. Danny Lachos
BENOCS GMBH
www.benocs.com
- [alto] 5/3/2022 Meeting Minutes Jordi Ros Giralt
- Re: [alto] 5/3/2022 Meeting Minutes Qin Wu
- Re: [alto] 5/3/2022 Meeting Minutes kaigao
- Re: [alto] 5/3/2022 Meeting Minutes Qin Wu
- Re: [alto] 5/3/2022 Meeting Minutes Danny Lachos