IETF Logo Mail Archive

Re: [Dots] WGLC signal draft: Conflict information conflicts

"Jon Shallow" <supjps-ietf@jpshallow.com> Thu, 16 August 2018 08:05 UTC

Return-Path: <supjps-ietf@jpshallow.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B564F13104D for <dots@ietfa.amsl.com>; Thu, 16 Aug 2018 01:05:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QNBkfWuo0mbH for <dots@ietfa.amsl.com>; Thu, 16 Aug 2018 01:05:33 -0700 (PDT)
Received: from mail.jpshallow.com (mail.jpshallow.com [217.40.240.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01B8F130F6D for <dots@ietf.org>; Thu, 16 Aug 2018 01:05:32 -0700 (PDT)
Received: from [127.0.0.1] (helo=N01332) by mail.jpshallow.com with esmtp (Exim 4.90_1) (envelope-from <jon.shallow@jpshallow.com>) id 1fqDHe-0003Nl-BH; Thu, 16 Aug 2018 09:05:30 +0100
From: Jon Shallow <supjps-ietf@jpshallow.com>
To: mohamed.boucadair@orange.com, dots@ietf.org
References: <019701d43532$15826110$40872330$@jpshallow.com> <787AE7BB302AE849A7480A190F8B93302DFAAAA3@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302DFAAAA3@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
Date: Thu, 16 Aug 2018 09:05:29 +0100
Message-ID: <01b601d43537$e5be89d0$b13b9d70$@jpshallow.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_01B7_01D43540.4784EDA0"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQD2QQepuiCHo5SQHn0cuQkCWjKZGwIDwhgRpm3OUoA=
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/2I6mszBt4jwdifA8N2f2fJnswv0>
Subject: Re: [Dots] WGLC signal draft: Conflict information conflicts
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Aug 2018 08:05:47 -0000

Hi Med,

 

Humble apologies – not enough caffeine to get rid of word blindness!  You
are right, this is a non-issue.

 

Regards

 

Jon

 

From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of
mohamed.boucadair@orange.com
Sent: 16 August 2018 08:55
To: Jon Shallow; dots@ietf.org
Subject: Re: [Dots] WGLC signal draft: Conflict information conflicts

 

Hi Jon, 

 

Please see inline. 

 

Cheers,

Med

 

De : Dots [mailto:dots-bounces@ietf.org] De la part de Jon Shallow
Envoyé : jeudi 16 août 2018 09:24
À : dots@ietf.org
Objet : [Dots] WGLC signal draft: Conflict information conflicts

 

Hi there,

 

Issue A.

 

It is undefined as to how to tell the DOTS client that 4.09 conflict for a
“cuid” has occurred as in

 

4.1.1 Request Mitigation

      DOTS servers MUST return 4.09 (Conflict) error code to a DOTS peer

      to notify that the 'cuid' is already in-use by another DOTS

      client.  Upon receipt of that error code, a new 'cuid' MUST be

      generated by the DOTS peer.

 

The DOTS client generates a new “cuid” for every 4.09 ???

 

[Med] Isn’t this covered by this text?

 

         3:  CUID Collision.  This code is returned when a DOTS client

             uses a 'cuid' that is already used by another DOTS client.

             This code is an indication that the request has been

             rejected and a new request with a new 'cuid' is to be re-

             sent by the DOTS client.  

 

I think we need a new conflict status

 

         4:  DOTS server has detected the presented ‘cuid’ is already in use
by another DOTS client.  A new ‘cuid’ needs to be generated.

 

And text updated

 

      DOTS servers MUST return 4.09 (Conflict) error code to a DOTS peer

      to notify that the 'cuid' is already in-use by another DOTS

      client, along with a conflict-status of 4.  Upon receipt of that error
code and conflict-status, a new 'cuid' MUST be

      generated by the DOTS peer.

 

[Med] We do already have the following: 

 

“The response includes enough information for a DOTS
   client to recognize the source of the conflict as described below:”
 
which means that cuid collision will be included in such case.

 

Issue B.

 

We have confusion over the use of the word “different” for “different DOTS
client” – this was previously brought up but got lost on the way.  The
following is (correctly) for the same client

 

   For example, if the DOTS server receives a mitigation request which

   overlaps with an existing mitigation with a higher numeric 'mid', the

   DOTS server rejects the request by returning 4.09 (Conflict) to the

   DOTS client.  The response includes enough information for a DOTS

   client to recognize the source of the conflict as described below:

 

[Med] This text is about requests from the same client.

 

Yet we later have (which really should be corrected)

 

[Med] This is about conflicts involving multiple clients. What is the issue
with this text? 

 

   If the request is conflicting with an existing mitigation request

   from a different DOTS client, the DOTS server may return 2.01

   (Created) or 4.09 (Conflict) to the requesting DOTS client.  If the

   DOTS server decides to maintain the new mitigation request, the DOTS

   server returns 2.01 (Created) to the requesting DOTS client.  If the

   DOTS server decides to reject the new mitigation request, the DOTS

   server returns 4.09 (Conflict) to the requesting DOTS client.  For

   both 2.01 (Created) and 4.09 (Conflict) responses, the response

   includes enough information for a DOTS client to recognize the source

   of the conflict as described below:

 

   conflict-information:  Indicates that a mitigation request is

      conflicting with another mitigation request(s) from other DOTS

      client(s).  This optional attribute has the following structure:

 

      conflict-status:  Indicates the status of a conflicting mitigation

         request.  The following values are defined:

 

         1:  DOTS server has detected conflicting mitigation requests

             from different DOTS clients.  This mitigation request is

             currently inactive until the conflicts are resolved.

             Another mitigation request is active.

 

         2:  DOTS server has detected conflicting mitigation requests

             from different DOTS clients.  This mitigation request is

             currently active.

 

         3:  DOTS server has detected conflicting mitigation requests

             from different DOTS clients.  All conflicting mitigation

             requests are inactive.

 

Issue C.

 

‘mid’ is missing from the second definition of conflict-scope as in

 

      conflict-scope:  Indicates the conflict scope.  It may include a

         list of IP addresses, a list of prefixes, a list of port

         numbers, a list of target protocols, a list of FQDNs, a list of

         URIs, a list of alias-names, or references to conflicting ACLs.

 

[Med] It is not. mid is only required for conflicts which belong to the same
clients. When multiple clients are involved, mid is not needed. 

 

Regards

 

Jon

v2.23.0 | Report a Bug | By Email