Re: [Dots] I-D Action: draft-ietf-dots-telemetry-01.txt

"Jon Shallow" <supjps-ietf@jpshallow.com> Wed, 05 February 2020 20:24 UTC

Return-Path: <supjps-ietf@jpshallow.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20D53120289 for <dots@ietfa.amsl.com>; Wed, 5 Feb 2020 12:24:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zSfg3Klzgkm7 for <dots@ietfa.amsl.com>; Wed, 5 Feb 2020 12:24:22 -0800 (PST)
Received: from mail.jpshallow.com (mail.jpshallow.com [217.40.240.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED523120805 for <dots@ietf.org>; Wed, 5 Feb 2020 12:24:21 -0800 (PST)
Received: from mail2.jpshallow.com ([192.168.0.3] helo=N01332) by mail.jpshallow.com with esmtp (Exim 4.92.3) (envelope-from <jon.shallow@jpshallow.com>) id 1izRDb-0005LR-W0; Wed, 05 Feb 2020 20:24:16 +0000
From: Jon Shallow <supjps-ietf@jpshallow.com>
To: "'Konda, Tirumaleswar Reddy'" <TirumaleswarReddy_Konda@mcafee.com>, mohamed.boucadair@orange.com, dots@ietf.org
References: <158048229416.21195.16114328651657501634@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93303141473A@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <787AE7BB302AE849A7480A190F8B933031414F55@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CY4PR1601MB125427847C0E00EC33BD4520EA020@CY4PR1601MB1254.namprd16.prod.outlook.com>
In-Reply-To: <CY4PR1601MB125427847C0E00EC33BD4520EA020@CY4PR1601MB1254.namprd16.prod.outlook.com>
Date: Wed, 05 Feb 2020 20:24:08 -0000
Message-ID: <0a3001d5dc62$37f49820$a7ddc860$@jpshallow.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHr206TCH7qdtBwuLa4j7/r9QPmPgFoCT98AYq79nABByZIcqfBOr1w
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/7ED-XfDZOkJ5n56O9Ap-33kCCgA>
Subject: Re: [Dots] I-D Action: draft-ietf-dots-telemetry-01.txt
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2020 20:24:28 -0000

See inline

Regards

Jon

> -----Original Message-----
> From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of Konda,
> Tirumaleswar Reddy
> Sent: 05 February 2020 06:59
> To: mohamed.boucadair@orange.com; Jon Shallow (supjps-
> ietf@jpshallow.com); dots@ietf.org
> Subject: Re: [Dots] I-D Action: draft-ietf-dots-telemetry-01.txt
> 
> > -----Original Message-----
> > From: Dots <dots-bounces@ietf.org> On Behalf Of
> > mohamed.boucadair@orange.com
> > Sent: Monday, February 3, 2020 3:07 PM
> > To: Jon Shallow (supjps-ietf@jpshallow.com) <supjps-
> ietf@jpshallow.com>;
> > dots@ietf.org
> > Subject: Re: [Dots] I-D Action: draft-ietf-dots-telemetry-01.txt
> >
> > CAUTION: External email. Do not click links or open attachments unless
> you
> > recognize the sender and know the content is safe.
> >
> > Hi all,
> >
> > FYI, a review from Jon is available at:
https://github.com/boucadair/draft-
> > dots-telemetry/raw/master/DOTS%20Telemetry%2001-rev%20Jon-
> > res%20Med.docx
> >
> > -02 will integrate almost all comments from  Jon. Please find below some
> > points we would like to hear more from the working group:
> >
> > (1) key value range for telemetry: Jon raised this point "These keys
> requires 3
> > bytes - and telemetry information is going to be difficult to fit into a
> packet.  I
> > appreciate that comprehension-required Is for numbers less than 0x8000 -
> > perhaps the comprehension-required range is reduced and also has a
> section
> > higher up so the total of 0x8000 still stands so less bytes can be used
> here."
> >
> >    +----------------------+-------+-------+------------+---------------+
> >    | Parameter Name       | CBOR  | CBOR  | Change     | Specification |
> >    |                      | Key   | Major | Controller | Document(s)   |
> >    |                      | Value | Type  |            |               |
> >    +----------------------+-------+-------+------------+---------------+
> >    | ietf-dots-signal-cha | 32776 |   5   |    IESG    |   [RFCXXXX]   |
> >    | nnel:telemetry       |       |       |            |               |
> >
> > Med: This is a major one. We need to assess the gain, but it is possible
in
> > theory to update our assignment policies and reassign, e.g., 128-255
range
> to
> > be comprehension-optional (specific for telemetry). This would mean that
> > the telemetry spec will be tagged as updating the base signal channel
> spec.
> > We need more discussion.
> 
> Why not change the DOTS telemetry attributes to comprehension-required
> ?
> If the server does not understand the DOTS telemetry attributes, it will
> respond with 4.00 error response, and the client can re-send the request
> without the DOTS telemetry attributes.

Jon> Telemetry is also gated by a different sets of Path-URIs.  However,
source-prefix attribute comes from draft-ietf-dots-signal-call-home and also
occupies 3 bytes - do we change the source-prefix CBOR Key type to
comprehension-required?

> 
> Cheers,
> -Tiru
> 
> >
> > (2) server-initiated-telemetry: "Having server-initiated-telemetry under
> > max-config-values, but not min-config-values makes no sense to me.  I
> think
> > it should be under telemetry-config at the level of current-config and
> > possibly removed from current-config as well."
> >
> > Med:
> >
> > A. It is in the max container because setting that value to "false"
under
> that
> > container has a special meaning: the server does not support sending
pre-
> > mitigation telemetry. We can put it under min as well but do we have a
> case
> > where setting it to "true" has a meaning?
> > B. I do agree that 'server-initiated-telemetry' can be removed from the
> > current configuration because the same functionality is achieved using a
> > GET+Observe but we left it there for the moment as we need to work
> > further the details for subscribing to pre-mitigation from the servers.
> >
> > (3) "vendor-id is missing from the cbor table":
> >
> > Med: This was done on purpose to try to optimize the number of CBOR key
> > values + encourage attributes reuse. E.g., We replaced "telemetry-id",
> > "baseline-id", and "vendor-id" with a single "id" (as we only use those
for
> the
> > moment in the message body) but the YANG module includes the
> meaning
> > of each "id" in the definition clause. We may need to revise this if we
> > conclude that, e.g., "telemetry-id" (tmid) has to be defined as
Path-URI.

Jon>  Hmm - need to think through tmid + Path-URI.
~jon

> >
> > Cheers,
> > Med
> >
> > > -----Message d'origine-----
> > > De : Dots [mailto:dots-bounces@ietf.org] De la part de
> > > mohamed.boucadair@orange.com Envoyé : vendredi 31 janvier 2020
> 16:18
> > À
> > > : dots@ietf.org Objet : Re: [Dots] I-D Action:
> > > draft-ietf-dots-telemetry-01.txt
> > >
> > > Hi all,
> > >
> > > We prepared with Tiru a major revision of the telemetry draft. A diff
> > > is provided below to track the changes. We will now focus on sections
> > > 7 and 8.
> > >
> > > Please review and share comments.
> > >
> > > Cheers,
> > > Med
> > >
> > > > -----Message d'origine-----
> > > > De : Dots [mailto:dots-bounces@ietf.org] De la part de internet-
> > > > drafts@ietf.org Envoyé : vendredi 31 janvier 2020 15:52 À :
> > > > i-d-announce@ietf.org Cc : dots@ietf.org Objet : [Dots] I-D Action:
> > > > draft-ietf-dots-telemetry-01.txt
> > > >
> > > >
> > > > A New Internet-Draft is available from the on-line Internet-Drafts
> > > > directories.
> > > > This draft is a work item of the DDoS Open Threat Signaling WG of
> > > the
> > > > IETF.
> > > >
> > > >         Title           : Distributed Denial-of-Service Open Threat
> > > > Signaling (DOTS) Telemetry
> > > >         Authors         : Mohamed Boucadair
> > > >                           Tirumaleswar Reddy
> > > >                           Ehud Doron
> > > >                           Meiling Chen
> > > > 	Filename        : draft-ietf-dots-telemetry-01.txt
> > > > 	Pages           : 70
> > > > 	Date            : 2020-01-31
> > > >
> > > > Abstract:
> > > >    This document aims to enrich DOTS signal channel protocol with
> > > >    various telemetry attributes allowing optimal DDoS attack
> > > > mitigation.
> > > >    This document specifies the normal traffic baseline and attack
> > > >    traffic telemetry attributes a DOTS client can convey to its DOTS
> > > >    server in the mitigation request, the mitigation status telemetry
> > > >    attributes a DOTS server can communicate to a DOTS client, and
> > > the
> > > >    mitigation efficacy telemetry attributes a DOTS client can
> > > >    communicate to a DOTS server.  The telemetry attributes can
> > > assist
> > > >    the mitigator to choose the DDoS mitigation techniques and
> > > perform
> > > >    optimal DDoS attack mitigation.
> > > >
> > > >
> > > > The IETF datatracker status page for this draft is:
> > > > https://datatracker.ietf.org/doc/draft-ietf-dots-telemetry/
> > > >
> > > > There are also htmlized versions available at:
> > > > https://tools.ietf.org/html/draft-ietf-dots-telemetry-01
> > > > https://datatracker.ietf.org/doc/html/draft-ietf-dots-telemetry-01
> > > >
> > > > A diff from the previous version is available at:
> > > > https://www.ietf.org/rfcdiff?url2=draft-ietf-dots-telemetry-01
> > > >
> > > >
> > > > Please note that it may take a couple of minutes from the time of
> > > > submission until the htmlized version and diff are available at
> > > > tools.ietf.org.
> > > >
> > > > Internet-Drafts are also available by anonymous FTP at:
> > > > ftp://ftp.ietf.org/internet-drafts/
> > > >
> > > > _______________________________________________
> > > > Dots mailing list
> > > > Dots@ietf.org
> > > > https://www.ietf.org/mailman/listinfo/dots
> > >
> > > _______________________________________________
> > > Dots mailing list
> > > Dots@ietf.org
> > > https://www.ietf.org/mailman/listinfo/dots
> >
> > _______________________________________________
> > Dots mailing list
> > Dots@ietf.org
> > https://www.ietf.org/mailman/listinfo/dots
> 
> _______________________________________________
> Dots mailing list
> Dots@ietf.org
> https://www.ietf.org/mailman/listinfo/dots