Re: [Dots] AD review of draft-ietf-dots-telemetry-16
mohamed.boucadair@orange.com Mon, 03 January 2022 16:22 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D9A93A08CE for <dots@ietfa.amsl.com>; Mon, 3 Jan 2022 08:22:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2-H3bfQWZ72o for <dots@ietfa.amsl.com>; Mon, 3 Jan 2022 08:22:22 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0B4F3A0867 for <dots@ietf.org>; Mon, 3 Jan 2022 08:22:16 -0800 (PST)
Received: from opfedar01.francetelecom.fr (unknown [xx.xx.xx.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by opfedar22.francetelecom.fr (ESMTP service) with ESMTPS id 4JSLcQ6tj5z30V5; Mon, 3 Jan 2022 17:22:14 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1641226935; bh=Kmew+cElFqUu2YOGDQfKkfStKJzvUd42an93HJO6S04=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=spkUx+veccNwqJAtN8TmXwnKMM8uDIvF+ppzdCW8sMEVNEUfuY/zbpjFgAFaociUb Btg8JPgzOCOBXo41xWRKVQfO3a4Of0SBn7h6oK2EWr3X7v0lOYDDM4xAPG0zWPdS4u FxNHybW//65JNh/c+9shrbKs2H1C+CsfZDNI1fSKGEpG5uKlzdueKgOXWreONZSe3a iaQpGOD+cxKC5kqK7dc2gFt9OqMOjPoN1QbBvwy4J3q9I76THbaOxVwrBR4VIYXzAJ 6RkQ3cQbPfxUHlJ+9ADANXV4m+vQUMWqrqPLkVqam9A/NVoOdUz3DWYZbCV6+N4IDm dZYijh58E8KGA==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by opfedar01.francetelecom.fr (ESMTP service) with ESMTPS id 4JSLcQ5qGKzBrMN; Mon, 3 Jan 2022 17:22:14 +0100 (CET)
From: mohamed.boucadair@orange.com
To: Benjamin Kaduk <kaduk@mit.edu>
CC: "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] AD review of draft-ietf-dots-telemetry-16
Thread-Index: AQHX/AFSOpcExwK+N0ifnw7xhdZO3axRbYJw
Content-Class:
Date: Mon, 03 Jan 2022 16:22:13 +0000
Message-ID: <7036_1641226934_61D322B6_7036_251_12_787AE7BB302AE849A7480A190F8B93303546C1F3@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <20211124224140.GH93060@kduck.mit.edu> <CAFpG3gfBSarzE7aPm6JM0h1LJHt=DwfKXnaRUGosU6_=VY150A@mail.gmail.com> <20211228154033.GU11486@mit.edu>
In-Reply-To: <20211228154033.GU11486@mit.edu>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Enabled=true; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SetDate=2022-01-03T16:18:33Z; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Method=Privileged; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_Name=unrestricted_parent.2; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_SiteId=90c7a20a-f34b-40bf-bc48-b9253b6f5d20; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ActionId=6e038553-35a3-4636-bb5f-75e6009cf7a6; MSIP_Label_07222825-62ea-40f3-96b5-5375c07996e2_ContentBits=0
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/5xbY_jhdbJkCbKHSIgu-Vj9uW-4>
Subject: Re: [Dots] AD review of draft-ietf-dots-telemetry-16
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jan 2022 16:22:30 -0000
Re-, Please find below some follow-up replies. Cheers, Med > -----Message d'origine----- > De : Dots <dots-bounces@ietf.org> De la part de Benjamin Kaduk > Envoyé : mardi 28 décembre 2021 16:41 > À : tirumal reddy <kondtir@gmail.com> > Cc : draft-ietf-dots-telemetry.all@ietf.org; dots@ietf.org > Objet : Re: [Dots] AD review of draft-ietf-dots-telemetry-16 > > Hi Tiru, > > Thanks for these (and thanks Med as well for the additional follow-up; I > don't think I have any replies to that part). > A few comments inline... > ... > > > > > > It looks like we have to use backslash continuation markers for > several of > > > the CoAP request target resources in the examples; do we want to > reference > > > RFC 8792 folding and use its specific note text about line wrapping? > > > > > > There are a few places where we say something like "the DOTS client > MUST > > > auto-scale so that the appropriate unit is used". (1) We don't > > > specifically > > > say what the goal of this automatic behavior is (I guess, use the > "largest > > > unit" that gives a value greater than one?), and (2) it seems that we > are > > > in > > > part relying on this behavior to ensure that the client only specifies > one > > > measure in a given unit class. That is, I didn't see anything else > that > > > would prevent a client from sending (say) both Mbps and Gbps values, > that > > > could of course be in conflict with each other -- if there's a > potential > > > for > > > conflict we'd need to say how to resolve the conflict. > > > > > > Relatedly, there seems to *also* be potential for conflict in that we > allow > > > both bit/second and Byte/second as unit-classes. What is to happen if > I > > > say > > > that something is both 2 bit/second and 2 Byte/second? > > Med's follow-up implies that we are to just treat that as "invalid > parameters". I'd prefer to be more explicit about that, e.g., with a > statement like "at most one of the bit/second and Byte/second unit-class > entries can be present; if such conflicting values are received the > combination is treated as specifying an illegal parameter and rejected > with > 4.00 (Bad Request)". [Med] Added this NEW text: "Supplying both bits per second and bytes per second unit-classes is allowed for a given telemetry data. However, receipt of conflicting values is treated as invalid parameters and rejected with 4.00 (Bad Request)." > > > > We have a lot of examples that use the same 'cuid' of > > > dz6pHjaADkaFTbjr0JGBpw, which is fine and representative of normal > > > operation. Do we want to curate the 'tsid' and 'tmid' values used by > that > > > client? I see some reuse, which I think is not prohibited (at least > for > > > 'tsid'), but may merit checking, and the values are not monotonically > > > increasing throughout the course of the document, which may or may not > be > > > desirable. > > Did you have any thoughts on this part? [Med] The reuse of some ids is normal as this is done to retrieve or to delete an entry. Made some changes to monotonically increase ids (https://tinyurl.com/dots-telemetry-latest). ... > > > > > > Section 6 > > > > > > Telemetry setup configuration is bound to a DOTS client domain. > DOTS > > > servers MUST NOT expect DOTS clients to send regular requests to > > > refresh the telemetry setup configuration. Any available telemetry > > > setup configuration has a validity timeout of the DOTS association > > > with a DOTS client domain. [...] > > > > > > The term "DOTS association" does not seem to have been used previously > > > (in RFC 9132 we discuss the "DOTS session" heavily, though). Also, I > > Are we planning to keep the "DOTS association" phrasing? [Med] Changed to: "Any available telemetry setup configuration is valid till the DOTS server ceases to service a DOTS client domain." > > > > don't remember any previous requirement to keep state on the server > for > > > the duration of anything scoped to the entire client *domain*, just > > > individual DOTS sessions. We do mention detecting > conflicts/overlapping > > > requests within the scope of a client domain, in RFC 9132, but as far > as > > > I can tell that only holds when all the DOTS sessions involved in the > > > conflict are still active. > > > > > > Perhaps related, this discussion (at least so far) is not clear to me > > > about what level of coordination/consistency is expected between > clients > > > in the same domain. I believe that stock DOTS works fine with no such > > > coordination amongst clients within a domain, so if we are introducing > such > > > a requirement we should say prominently that it's a change. > > > > > > > Yes, telemetry configuration is not specific to the client. For example, > > the pipe capacity is specific to the site. > > So what happens if there are two clients in a site and they are reporting > different values for pipe-capacity? [Med] This is covered in this part: A DOTS server may detect conflicts between requests conveying pipe and baseline information received from DOTS clients of the same DOTS client domain. 'conflict-information' is used to report the conflict to the DOTS client following similar conflict handling discussed in Section 4.4.1 of [RFC9132]. > > I think I'm just generally unsure what the expected division of work is > between multiple clients in a domain, so my questions involve a lot of > speculating and I don't have a good suggestion for changes to the text > yet. > > > > > > > > > Section 6.1.1 > > > > > > Upon receipt of such request, and assuming no error is encountered > by > > > processing the request, the DOTS server replies with a 2.05 > (Content) > > > response that conveys the current and telemetry parameters > acceptable > > > by the DOTS server. [...] > > > > > > > NEW: > > > > Upon receipt of such request, and assuming no error is encountered by > > > > processing the request, the DOTS server replies with a 2.05 (Content) > > > > response that conveys the telemetry parameters acceptable by the DOTS > > server > > > > and the current baseline information maintained by the DOTS server. > > > > > > > > > > (editorial) Something seems off, here (around "current and telemetry > > > parameters acceptable"). Is it returning current configuration, > acceptable > > > parameter values, or some combination thereof? > > > > > > | | +-- query-type* query-type > > > > > > Since this is a leaf-list of supported query types, should the list > name > > > include the word "supported" or similar? > > > > > > Section 6.1.2 > > > > > > The PUT request with a higher numeric 'tsid' value overrides the > DOTS > > > telemetry configuration data installed by a PUT request with a > lower > > > numeric 'tsid' value. To avoid maintaining a long list of 'tsid' > > > requests for requests carrying telemetry configuration data from a > > > DOTS client, the lower numeric 'tsid' MUST be automatically deleted > > > and no longer be available at the DOTS server. > > > > > > The way this is phrased with "the lower" and "higher" (vs "highest") > > > assumes > > > or implies that there is only one "lower" 'tsid' value, perhaps > leaving > > > some > > > ambiguity if there is actually more than one. We might make a > statement > > > about how there is only at most one active 'tsid' per 'cuid'+'cdid' at > a > > > time other than during a config change (if that's the intent), or > > > alternatively to qualify that the requirement to remove is only > incurred in > > > the event of a conflict (as is done for other types of config, later). > > > > > > > We can have multiple tsids for the same client for pipe/baseline > > information. This is why we have: > > > > Ok. Should we say something like "when telemetry configuration data is > received that has overlapping scope with existing telemetry configuration, > the PUT request with higher numeric 'tsid' value [...]"? > [Med] Actually, there is only one tsid in the context of 6.1.2. I don't think a change is needed to the OLD text. Of course, multiple tsids are allowed for pipe/baseline but that is covered in 6.2.1/6.3.1. Thank you. > The rest of this looks good; thanks again for all the updates. > > -Ben _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [Dots] AD review of draft-ietf-dots-telemetry-16 Benjamin Kaduk
- Re: [Dots] AD review of draft-ietf-dots-telemetry… tirumal reddy
- Re: [Dots] AD review of draft-ietf-dots-telemetry… Benjamin Kaduk
- Re: [Dots] AD review of draft-ietf-dots-telemetry… mohamed.boucadair