IETF Logo Mail Archive

Re: [Dots] several comments on draft-ietf-dots-architecture-06:

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Mon, 03 September 2018 09:55 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 901511252B7; Mon, 3 Sep 2018 02:55:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level:
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IMOoC9S-96tf; Mon, 3 Sep 2018 02:55:39 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0929124D68; Mon, 3 Sep 2018 02:55:35 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1535968537; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-microsoft-exchange-diagnostics: x-ms-exchange-antispam-srfa-diagnostics:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-microsoft-antispam-prvs:x-exchange-antispam-report-test: x-ms-exchange-senderadcheck:x-exchange-antispam-report-cfa-test: x-forefront-prvs:x-forefront-antispam-report: received-spf:x-microsoft-antispam-message-info: spamdiagnosticoutput:spamdiagnosticmetadata: Content-Type:MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=W 4ods02Zz92leURQPcMc8ll9xaDLc8O336gVtgR9BJ Q=; b=GkA5jyhvKSVmTNok+7kJXvgT9fDSWdbwC4jeSr3cGb5O bg3dV3QRkZN2JGAFCvLiZJTnKJ7B9Gche9aIVV9m5VWr/7OVjT Vg+HrUgDyP2mcMfHtmUUKvpwGeVp4T4s82UyARsjBXp8YKDgD3 6K10OQzWo4i3B6pE08ZTdhao/UY=
Received: from DNVEXAPP1N05.corpzone.internalzone.com (unknown [10.44.48.89]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 0eef_6c72_26526e9e_3c27_4c79_b0e0_dadfcea426f8; Mon, 03 Sep 2018 04:55:37 -0500
Received: from DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 3 Sep 2018 03:54:56 -0600
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1347.2 via Frontend Transport; Mon, 3 Sep 2018 03:54:56 -0600
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (10.44.176.240) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 3 Sep 2018 03:54:56 -0600
Received: from BN6PR16MB1425.namprd16.prod.outlook.com (10.172.207.19) by BN6PR16MB1378.namprd16.prod.outlook.com (10.172.207.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1101.15; Mon, 3 Sep 2018 09:54:54 +0000
Received: from BN6PR16MB1425.namprd16.prod.outlook.com ([fe80::a14e:458f:4a71:ef35]) by BN6PR16MB1425.namprd16.prod.outlook.com ([fe80::a14e:458f:4a71:ef35%6]) with mapi id 15.20.1101.016; Mon, 3 Sep 2018 09:54:54 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "Mortensen, Andrew" <amortensen@arbor.net>
CC: "Xialiang (Frank, Network Integration Technology Research Dept)" <frank.xialiang@huawei.com>, "draft-ietf-dots-architecture.all@ietf.org" <draft-ietf-dots-architecture.all@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: several comments on draft-ietf-dots-architecture-06:
Thread-Index: AdQY9faFKNrvNpoNS8mebZHrIJkKUwD3ia+gANR3n4AI0J/a8A==
Date: Mon, 03 Sep 2018 09:54:54 +0000
Message-ID: <BN6PR16MB1425A7381FBAC5FACDF1FF02EA0C0@BN6PR16MB1425.namprd16.prod.outlook.com>
References: <C02846B1344F344EB4FAA6FA7AF481F12BE33CF3@DGGEML522-MBX.china.huawei.com> <BN6PR16MB142540F3CEB6E889F9016B05EA5D0@BN6PR16MB1425.namprd16.prod.outlook.com> <25825426-17EB-4A11-BE07-72E24A71000C@arbor.net>
In-Reply-To: <25825426-17EB-4A11-BE07-72E24A71000C@arbor.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.0.500.52
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR16MB1378; 6:YHawNrWSOyRnKklxtF0MsRfbQlQ1rz3OBiHBvJwy/lHSmhfurV2dAIm/npwqtw4IksBEJWy2N2jAH+svZ0cI51uwUIzzo5AX7KSq5N/wK/VcJ/2+CPnDo3LLYODT4pJzEaHYdpJaYHa+6hRE6UzkNZLfG7E/uhfhGSkO6Cx1Eanq6GKzVfCq1f/u6rEEgk5b7x1OXBTJVbz/FoBc/C0qVQyl/NK0lAHHpkDL/cXvfNSrOFNjHqVa2m064OtJI09FgR8Oe4HmmGghYvyTZVi8pCzTKYHps35Lv9+LRh8NPirqOSNyTQybLs5QrQhE8roxp1U4OAi2UFO74KXikiOCMyDSyLwHPt7hLjjhrZLtco8/AWkPSPjBztBvSLdNdxLf+nBmyWwJRyQhqyTMN1rC4kHfqsqK15PwUWJD0ZkVXgVkj2MoV9ywGPIgQyJBcnopFAF9dldfloWnjxxqbZt2OQ==; 5:z2Qino7y0SJGD7wm/qGq90Cx3mlQbcDobm1Rf37nEEP34xdN28Rn2B7HqyCb2biqYng9phDmGUEeh1kdd0hZYZB/j0shYHqd2oRDIOPgp9tNr4WHMesUUYVZFp1EEqNPEc5ngRu5qTo7KiDjENfJNiQhn6iVHsSzLq+vU+zyt5s=; 7:CYZ/Z0eV1+8EaCg7W4km0aXzBL6rdPbR7pQ78s4RSPpwfLT1olSUy8OEFof8pMmwMZ9dVdlQzjUFUe+Ass7D+mnQatCYOnZhT5HbFCKJiAZ4PtskZhrnV0AnSN3hAwF3BC3Bfxwx76HPXtqetwFskdcQn99v2ovyKOhwbyjddoSzUb/0dChs/4iT4gqqUnXP0m23julSk82FKqH0XcJ5uo+1LemvYyVcF1/R7pfA9+/dCw4FOP2C2uRtint2ufP9
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: e4db6e9a-0e70-4c17-724f-08d611834cb2
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:BN6PR16MB1378;
x-ms-traffictypediagnostic: BN6PR16MB1378:
x-microsoft-antispam-prvs: <BN6PR16MB13788374AAFC9A9390A5F61DEA0C0@BN6PR16MB1378.namprd16.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(166708455590820)(50582790962513)(269456686620040)(21748063052155)(123452027830198);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231311)(944501410)(52105095)(10201501046)(3002001)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123562045)(20161123558120)(20161123564045)(201708071742011)(7699016); SRVR:BN6PR16MB1378; BCL:0; PCL:0; RULEID:; SRVR:BN6PR16MB1378;
x-forefront-prvs: 0784C803FD
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(136003)(346002)(39860400002)(366004)(396003)(189003)(199004)(51914003)(32952001)(476003)(11346002)(486006)(80792005)(8936002)(72206003)(54906003)(316002)(7696005)(2900100001)(5660300001)(99286004)(5250100002)(6436002)(6246003)(76176011)(86362001)(446003)(53936002)(6916009)(229853002)(26005)(102836004)(54896002)(6306002)(186003)(14454004)(2906002)(9686003)(236005)(33656002)(53546011)(790700001)(6116002)(3846002)(6506007)(97736004)(55016002)(4326008)(14444005)(256004)(5024004)(74316002)(606006)(106356001)(105586002)(25786009)(19609705001)(7736002)(478600001)(68736007)(81166006)(81156014)(8676002)(66066001)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR16MB1378; H:BN6PR16MB1425.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: DLUn+pXQw+CMoZYT81UixROzDcn8Njn/kPiQra1hrX5lTIuve4+j5KyP8s4I3+D8aogFkonTzi3wvbJWkHDNU7M0ZcPp5b37cYAoqRqdUthKL7fhVDRmL8ZL5rYYfA9aS0+Zno7P+tMd78YtbvwTi3Q6z46ymHgrP8JMEAveKMdrB2I6kCI98MLcYK0/hO2rhMxmV95mYMtI6UcWC2H1mMbcifIEo5kIFAtUMAb0gsliB1QbeA4a7o1aOqFsPLIbzCRJ8lYqNbLpHxrzhPHydY4wUL+HaCjeo64FajrCtpDkW69io8ktFyf4RsSWgrkt8JC3tsEcKMfoNE5a2oU0vmew+GXOCX0U5bFRlNQGK4Y=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BN6PR16MB1425A7381FBAC5FACDF1FF02EA0C0BN6PR16MB1425namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: e4db6e9a-0e70-4c17-724f-08d611834cb2
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Sep 2018 09:54:54.3248 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR16MB1378
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6364> : inlines <6845> : streams <1797365> : uri <2702012>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/5OoYsfzS9wcC3wmWsdUB1rI0CoY>
Subject: Re: [Dots] several comments on draft-ietf-dots-architecture-06:
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Sep 2018 09:55:42 -0000

Update looks good to me.

-Tiru

From: Mortensen, Andrew <amortensen@arbor.net>
Sent: Friday, July 20, 2018 6:04 PM
To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>
Cc: Xialiang (Frank, Network Integration Technology Research Dept) <frank.xialiang@huawei.com>; draft-ietf-dots-architecture.all@ietf.org; dots@ietf.org
Subject: Re: several comments on draft-ietf-dots-architecture-06:


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.


________________________________
I’ve got a pull request to incorporate some minor changes to address issues 2, 3 and 5 below:

<https://github.com/dotswg/dots-architecture/pull/29>

Unless there are objections, I’ll merge and submit a new draft revision. The remaining barrier to initiating WGLC will then be the updated NAT considerations.

andrew


On Jul 16, 2018, at 3:40 AM, Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com<mailto:TirumaleswarReddy_Konda@McAfee.com>> wrote:

[EXTERNAL EMAIL]
Hi Frank,

Thanks for the review. Please see inline [TR]

From: Dots [mailto:dots-bounces@ietf.org] On Behalf Of Xialiang (Frank, Network Integration Technology Research Dept)
Sent: Wednesday, July 11, 2018 3:03 PM
To: draft-ietf-dots-architecture.all@ietf.org<mailto:draft-ietf-dots-architecture.all@ietf.org>
Cc: dots@ietf.org<mailto:dots@ietf.org>
Subject: [Dots] several comments on draft-ietf-dots-architecture-06:

CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.

________________________________
Hi draft authors,
I have several comments of this draft as below for your consideration:
1.       Section 1.2, / “so that only authorized clients can invoke the DOTS service” / “so that only authorized clients/servers can invoke/honor the DOTS service”;

[TR] DOTS client is both authenticated and authorized to invoke the DOTS service but the DOTS server is only authenticated by the DOTS client. I don’t see the need to add “server” and “honor” in the above line.

2.       Section 2.2.2, / If a DOTS server refuses a DOTS client’s request for mitigation, the DOTS server SHOULD include the refusal reason in the server signal sent to the client / If a DOTS server refuses a DOTS client’s request for mitigation, the DOTS server MUST include the refusal reason in the server signal sent to the client;

[TR] Agreed, we will update draft.

3.       Section 3.2.3, / "End-customer with a single upstream transit provider offering DDoS mitigation services" described in [I-D.ietf-dots-use-cases] /  "Upstream DDoS Mitigation by an Upstream Internet Transit Provider" described in [I-D.ietf-dots-use-cases];

[TR] Okay, will fix.

4.       Section 3.2.3, you say “For example, the recursing domain’s mitigator should incorporate into mitigation status messages available metrics such as dropped packet or byte counts from the recursed mitigation.”, but this is not described in current DOTS signal channel draft. What’s your opinion about whether we should add the specified content into the signal channel draft?


[TR] DOTS client is conveyed the mitigation metrics (e.g. bytes-dropped, bps-dropped etc.) by the DOTS server. The DOTS client is opaque to the recursion of the originating mitigation request to the secondary DOTS server, hence the signal channel draft does not discuss recursive signaling but explains conveying the mitigation metrics to the DOTS client in Section 4.4.2.

5.       Section 3.3.3, by reviewing the DOTS signal channel draft, my take is a signal session (sid) can carry multiple mitigation-scope requesting conversations (cuid + mid + cdid (optional)), is it right? If so, by saying “a DOTS operator may configure the DOTS session to trigger mitigation when the DOTS server ceases receiving DOTS client signals (or vice versa) beyond the miss count or period permitted by the protocol.”, which mitigation conversation do you mean to trigger, or all of them over the same signal session?

[TR] If the DOTS server creases receiving DOTS client signal, mitigation will be triggered for all the mitigation requests signaled over the same DOTS signal channel session.

Cheers,
-Tiru

Thanks!

B.R.
Frank

v2.23.0 | Report a Bug | By Email