IETF Logo Mail Archive

Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04

H Y <yuuhei.hayashi@gmail.com> Thu, 17 February 2022 00:01 UTC

Return-Path: <yuuhei.hayashi@gmail.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A3B63A0AFF; Wed, 16 Feb 2022 16:01:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0bOFWCgvaTdH; Wed, 16 Feb 2022 16:00:58 -0800 (PST)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 596563A0B29; Wed, 16 Feb 2022 16:00:58 -0800 (PST)
Received: by mail-ed1-x52f.google.com with SMTP id t21so6666785edd.3; Wed, 16 Feb 2022 16:00:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=p09YHAiE/JLVXM/fa6vhka7ftNd/yyu5dJJ3Ps9FhvI=; b=LemsEuaMJS+6pamjmRPMFngE52o5Q4juZQpGmlSxbAJqUs0zC2LHb+3fzcEtG4HYu/ ehAjzbj2q7Kaj3XpReVG5kOqc2soyBjjYA5iO5ij1Olb05+pw0NO6aSLOKpcLv/iiSXA nG8b1YjxRjZ22xdXSRNCcO/CzDP0W1bArEQV70u9LqxSzKGg4Nd16Rz7waucjUOihOt6 riTk+/X4IBHRXRpuQHe7uR6FH7IarYFYWTBys4YV/XR1q76/PDF3e8xmz+kzLJ/udJpX y4lpVjVoo5sUVe7wNv0Ephq0ldR/XU7jplMe+3t5koN2TLvqdrjv+KI2nINxlzYXdi2Z medQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=p09YHAiE/JLVXM/fa6vhka7ftNd/yyu5dJJ3Ps9FhvI=; b=s0MZr+80junoLR2Swm2aiB1KAtEPNLMQ8DOz6GcOVwE8rPKIrbI+cIApk95ALASPtp XaSkbvxDYvZHaXB0pIbZwHs46XvBY1iiymcaVgduoYiLLsY5KvsCYgF46UBqY/6+QIXB jpF6H8DsNHPQOMBmLpsYOLRYsIYTzloeSycyEvuzRSDRVudIQYHoMge+l1xvXAfxzZUl 3w3fENqQpYBqqjePeQIPp9sqTnP3z5yTEPeeBkh3aM/m1O3KL+LhSnI3mX7PYjh2t3C3 G/TYpHYC1qvguxJ9dyZjvq8vREoTRxqeQbDhvI3Vkir0vvJ6uNowdI07RJRGPZiAHwzN Xr3w==
X-Gm-Message-State: AOAM53039bkAUp0d8ukhty5Hdnc1KfBoF1sZjibra/Zjw5bviA89MVvJ yOkYzUimIdbr+BBIhCdmx4Pku7jMheaGgmc+b/0=
X-Google-Smtp-Source: ABdhPJwB1fbFrwLXpeGyZe/4Ih89jOgp/1gQCww/LN+9tCDnsrxJmmOtuIde5yT2gDg8M7D5+EKm5I4DaF0b4Ku8V34=
X-Received: by 2002:aa7:c0d0:0:b0:410:d576:8808 with SMTP id j16-20020aa7c0d0000000b00410d5768808mr201383edp.340.1645056055989; Wed, 16 Feb 2022 16:00:55 -0800 (PST)
MIME-Version: 1.0
References: <181601d81da8$0cee3a80$26caaf80$@smyslov.net> <23921_1644415165_6203C8BD_23921_233_1_787AE7BB302AE849A7480A190F8B93303548ECDA@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAA8pjUPRUXSOwf-1EBA4BsDb7aYw792n59FUJFvzPYCKqNTcUg@mail.gmail.com> <CAA8pjUOrYQnJrzwcAhzmp5FMBDm__u4UomCYFDLDD7G09zNPnA@mail.gmail.com> <17353_1644562189_6206070D_17353_218_1_787AE7BB302AE849A7480A190F8B93303549155E@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAA8pjUMeu0apgO6BZ0h2gq7x+KsOg0GOSH_SnznkRh1hNNuGgQ@mail.gmail.com> <CAA8pjUOV=KLgmFxqeSA5dASrT2msWyu4T9Mvi3tzqruR-uEFvQ@mail.gmail.com> <202202151526305133704@chinamobile.com> <28467_1644930140_620BA45B_28467_168_17_787AE7BB302AE849A7480A190F8B933035494261@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <202202161723559475581@chinamobile.com>
In-Reply-To: <202202161723559475581@chinamobile.com>
From: H Y <yuuhei.hayashi@gmail.com>
Date: Thu, 17 Feb 2022 09:00:45 +0900
Message-ID: <CAA8pjUOQJ=21gMvTizmiNcxZ1hzsShWNMkdzRqUr6xQZn9Y77w@mail.gmail.com>
To: Meiling Chen <chenmeiling@chinamobile.com>, "mohamed.boucadair" <mohamed.boucadair@orange.com>
Cc: dots <dots@ietf.org>, dots-chairs <dots-chairs@ietf.org>, Valery Smyslov <valery@smyslov.net>, "draft-ietf-dots-telemetry-use-cases@ietf.org" <draft-ietf-dots-telemetry-use-cases@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/1TIS6HdoHbQLo4tkNq8uehXmdJo>
Subject: Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Feb 2022 00:01:05 -0000

Hi Med, Meiling,

>Med
Thank you for reviewing it carefully.

>>It seems that the same “start-time” is used in many example. Please check that to see if more realistic examples (with distinct time starts) can be considered.
OK. I will consider it.

>>The draft has some notes, e.g., “[Note: An example of total ..”. I understand that some examples are under preparation.
I'm preparing it for 08.

>>The latest version removed some attributes such as “src_ip”, but I still see “dst-ip”. You can clarify the meaning/type of this attribute.
OK. I will clarify it.

>Meiling
Thank you for updating the draft.

>>3.1.2. Optimal DMS Selection for Mitigation
>>The selected algorithm can be based on different implementations, for example, the available capacity of the DMSes is required to be greater than the peak value, then calculate the average value and select the DMS whose available capacity is closest to the average traffic flow.
I can't understand how the average value can be calculated based on
"low-percentile-g", "mid-percentile-g", "high-percentile-g", "peak-g"
and "current-g".  In addition, I can't understand why it is effective
to select the DMS whose available capacity is closest to the average
traffic flow.

How about the simple description like below?
-------
For example, the simple algorithm of the selection is to choose a DMS
whose available capacity is greater than the "peak-g".
-------

>>3.1.3. Best-path Selection for Redirection
>> For example, The orchestrator know the bandwidth of each link, under the condition that the link is reachable according to the destination address, then based on the traffic limitation and the total traffic should not  exceed the limit of each link segment.

How about the simple description like below?
-------
For example, the simple algorithm of the selection is to choose a path
whose available capacity is greater than the "peak-g".
-------

>>3.1.4. Short but Extreme Volumetric Attack Mitigation
>>Network management system as DOTs client pass the total pipe capacity to administrative system as DOTs server. Consistent with the draft-ietf-dots-telemetry section 7.2.
Can you write an example of the message body?

Thanks,
Yuhei

2022年2月16日(水) 18:24 Meiling Chen <chenmeiling@chinamobile.com>:
>
> Hi Med,
> Thank you, the remaining yuuhei will be updated on Friday.
>
> Best,
> Meiling
>
>
> From: mohamed.boucadair@orange.com
> Date: 2022-02-15 21:02
> To: Meiling Chen; H Y; dots
> CC: dots-chairs; Valery Smyslov; draft-ietf-dots-telemetry-use-cases@ietf.org
> Subject: RE: Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
>
> Hi Meiling, all,
>
>
>
> Thank you for these updates.
>
>
>
> It seems that the same “start-time” is used in many example. Please check that to see if more realistic examples (with distinct time starts) can be considered.
>
>
>
> The draft has some notes, e.g., “[Note: An example of total ..”. I understand that some examples are under preparation.
>
>
>
> The latest version removed some attributes such as “src_ip”, but I still see “dst-ip”. You can clarify the meaning/type of this attribute.
>
>
>
> Thank you.
>
>
>
> Cheers,
>
> Med
>
>
>
> De : Meiling Chen <chenmeiling@chinamobile.com>
> Envoyé : mardi 15 février 2022 08:27
> À : H Y <yuuhei.hayashi@gmail.com>; BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>; dots <dots@ietf.org>
> Cc : dots-chairs <dots-chairs@ietf.org>; Valery Smyslov <valery@smyslov.net>; draft-ietf-dots-telemetry-use-cases@ietf.org
> Objet : Re: Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
>
>
>
> Hi all,
>
> Thank you for Med's comments, I have updated the draft to 07.
>
>
>
> Name: draft-ietf-dots-telemetry-use-cases
>
> Revision: 07
>
> Title: Use Cases for DDoS Open Threat Signaling (DOTS) Telemetry
>
> Document date: 2022-02-15
>
> Group: dots
>
> Pages: 27
>
> URL: https://www.ietf.org/archive/id/draft-ietf-dots-telemetry-use-cases-07.txt
>
> Status: https://datatracker.ietf.org/doc/draft-ietf-dots-telemetry-use-cases/
>
> Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-dots-telemetry-use-cases
>
> Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-dots-telemetry-use-cases-07
>
>
>
> From: H Y
>
> Date: 2022-02-11 16:00
>
> To: Mohamed Boucadair; dots@ietf.org
>
> CC: dots-chairs@ietf.org; Valery Smyslov; draft-ietf-dots-telemetry-use-cases@ietf.org
>
> Subject: Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
>
> Hi Med, All,
>
>
>
> I updated the draft and submitted it as 06.
>
>
>
> >You may consider removing them but add some text to recall the attack mapping over the data channel.
>
> I removed the "attack-description" in signal channel but add some
>
> mapping in data channel.
>
>
>
> Thanks,
>
> Yuhei
>
>
>
> 2022年2月11日(金) 16:40 H Y <yuuhei.hayashi@gmail.com>:
>
> >
>
> > Hi Med,
>
> >
>
> > I got it. I misunderstood the way to use "attack-description".
>
> >
>
> > >You may consider removing them but add some text to recall the attack mapping over the data channel.
>
> > I will remove the "attack-description".
>
> >
>
> > Thanks,
>
> > Yuhei
>
> >
>
> > 2022年2月11日(金) 15:49 <mohamed.boucadair@orange.com>:
>
> > >
>
> > > Hi Yuhei,
>
> > >
>
> > > One quick comment about:
>
> > >
>
> > > ==
>
> > >             "attack-description": "DNS amplification Attack: This attack is a type of reflection attack in which attackers spoofes a target's IP address. The attackers abuses vulnerbilities in DNS servers to turn small queries into larger payloads."
>
> > > ==
>
> > >
>
> > > and
>
> > >
>
> > > ==
>
> > >             "attack-description":"NTP amplification Attack: This attack is a type of reflection attack in which attackers spoofes a target's IP address. The attackers abuses vulnerbilities in NTP servers to turn small queries into larger payloads."
>
> > > ==
>
> > >
>
> > > Please note that the telemetry spec says the following:
>
> > >
>
> > >    When conveying attack details in DOTS telemetry messages (Sections
>
> > >    8.2, 8.3, and 9), DOTS agents MUST NOT include the 'attack-
>
> > >    description' attribute unless the corresponding attack mapping
>
> > >    details were not previously shared with the peer DOTS agent.
>
> > >
>
> > > So, the text should explain why "attack-description" attributes are present in the example.
>
> > >
>
> > > You may consider removing them but add some text to recall the attack mapping over the data channel.
>
> > >
>
> > > Thank you.
>
> > >
>
> > > Cheers,
>
> > > Med
>
> > >
>
> > > > -----Message d'origine-----
>
> > > > De : Dots <dots-bounces@ietf.org> De la part de H Y
>
> > > > Envoyé : vendredi 11 février 2022 05:16
>
> > > > À : dots@ietf.org
>
> > > > Cc : dots-chairs@ietf.org; Valery Smyslov <valery@smyslov.net>;
>
> > > > BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>; draft-ietf-
>
> > > > dots-telemetry-use-cases@ietf.org
>
> > > > Objet : Re: [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
>
> > > >
>
> > > > Hi all,
>
> > > >
>
> > > > We modified some nits and upload as 05. We will add some description to
>
> > > > clarify our use cases.
>
> > > >
>
> > > > Comments are welcome.
>
> > > >
>
> > > > Thanks,
>
> > > > Yuhei
>
> > > >
>
> > > > 2022年2月9日(水) 23:34 H Y <yuuhei.hayashi@gmail.com>:
>
> > > > >
>
> > > > > Hi Med,
>
> > > > >
>
> > > > > Thank you for your comments and suggestions.
>
> > > > >
>
> > > > > I will revise the draft in a few days.
>
> > > > >
>
> > > > > Thanks,
>
> > > > > Yuhei
>
> > > > >
>
> > > > > 2022年2月9日(水) 22:59 <mohamed.boucadair@orange.com>:
>
> > > > > >
>
> > > > > > Hi Valery, all,
>
> > > > > >
>
> > > > > > I support advancing this document, but I think a revised version is
>
> > > > needed.
>
> > > > > >
>
> > > > > > FWIW, some comments and suggestions can be found at:
>
> > > > > > * pdf:
>
> > > > > > https://raw.githubusercontent.com/boucadair/IETF-Drafts-Reviews/mast
>
> > > > > > er/draft-ietf-dots-telemetry-use-cases-04-rev%20Med.pdf
>
> > > > > > * doc:
>
> > > > > > https://github.com/boucadair/IETF-Drafts-Reviews/raw/master/draft-ie
>
> > > > > > tf-dots-telemetry-use-cases-04-rev%20Med.doc
>
> > > > > >
>
> > > > > > Cheers,
>
> > > > > > Med
>
> > > > > >
>
> > > > > > > -----Message d'origine-----
>
> > > > > > > De : Dots <dots-bounces@ietf.org> De la part de Valery Smyslov
>
> > > > > > > Envoyé : mercredi 9 février 2022 12:28 À : dots@ietf.org Cc :
>
> > > > > > > dots-chairs@ietf.org; draft-ietf-dots-telemetry-use-cases@ietf.org
>
> > > > > > > Objet : [Dots] WGLC for draft-ietf-dots-telemetry-use-cases-04
>
> > > > > > >
>
> > > > > > > Hi,
>
> > > > > > >
>
> > > > > > > this message starts a two-week working group last call for
>
> > > > > > > draft-ietf- dots-telemetry-use-cases-04.
>
> > > > > > > The WGLC will end on Thursday, February 24. Please, review the
>
> > > > > > > draft and send your comments to the mailing list.
>
> > > > > > >
>
> > > > > > > Regards,
>
> > > > > > > Frank & Valery.
>
> > > > > > >
>
> > > > > > > _______________________________________________
>
> > > > > > > Dots mailing list
>
> > > > > > > Dots@ietf.org
>
> > > > > > > https://www.ietf.org/mailman/listinfo/dots
>
> > > > > >
>
> > > > > > ____________________________________________________________________
>
> > > > > > _____________________________________________________
>
> > > > > >
>
> > > > > > Ce message et ses pieces jointes peuvent contenir des informations
>
> > > > > > confidentielles ou privilegiees et ne doivent donc pas etre
>
> > > > > > diffuses, exploites ou copies sans autorisation. Si vous avez recu
>
> > > > > > ce message par erreur, veuillez le signaler a l'expediteur et le
>
> > > > detruire ainsi que les pieces jointes. Les messages electroniques etant
>
> > > > susceptibles d'alteration, Orange decline toute responsabilite si ce
>
> > > > message a ete altere, deforme ou falsifie. Merci.
>
> > > > > >
>
> > > > > > This message and its attachments may contain confidential or
>
> > > > > > privileged information that may be protected by law; they should not
>
> > > > be distributed, used or copied without authorisation.
>
> > > > > > If you have received this email in error, please notify the sender
>
> > > > and delete this message and its attachments.
>
> > > > > > As emails may be altered, Orange is not liable for messages that
>
> > > > have been modified, changed or falsified.
>
> > > > > > Thank you.
>
> > > > > >
>
> > > > >
>
> > > > >
>
> > > > > --
>
> > > > > ----------------------------------
>
> > > > > Yuuhei HAYASHI
>
> > > > > 08065300884
>
> > > > > yuuhei.hayashi@gmail.com
>
> > > > > iehuuy_0220@docomo.ne.jp
>
> > > > > ----------------------------------
>
> > > >
>
> > > >
>
> > > >
>
> > > > --
>
> > > > ----------------------------------
>
> > > > Yuuhei HAYASHI
>
> > > > 08065300884
>
> > > > yuuhei.hayashi@gmail.com
>
> > > > iehuuy_0220@docomo.ne.jp
>
> > > > ----------------------------------
>
> > >
>
> > > _________________________________________________________________________________________________________________________
>
> > >
>
> > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
>
> > > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
>
> > > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
>
> > > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> > >
>
> > > This message and its attachments may contain confidential or privileged information that may be protected by law;
>
> > > they should not be distributed, used or copied without authorisation.
>
> > > If you have received this email in error, please notify the sender and delete this message and its attachments.
>
> > > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
>
> > > Thank you.
>
> > >
>
> >
>
> >
>
> > --
>
> > ----------------------------------
>
> > Yuuhei HAYASHI
>
> > 08065300884
>
> > yuuhei.hayashi@gmail.com
>
> > iehuuy_0220@docomo.ne.jp
>
> > ----------------------------------
>
>
>
>
>
>
>
> --
>
> ----------------------------------
>
> Yuuhei HAYASHI
>
> 08065300884
>
> yuuhei.hayashi@gmail.com
>
> iehuuy_0220@docomo.ne.jp
>
> ----------------------------------
>
>
>
>
>
> _______________________________________________
>
> Dots mailing list
>
> Dots@ietf.org
>
> https://www.ietf.org/mailman/listinfo/dots
>
> _________________________________________________________________________________________________________________________
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.



-- 
----------------------------------
Yuuhei HAYASHI
08065300884
yuuhei.hayashi@gmail.com
iehuuy_0220@docomo.ne.jp
----------------------------------

v2.23.0 | Report a Bug | By Email