IETF Logo Mail Archive

[Dots] DOTS Telemetry

Ehud Doron <EhudD@Radware.com> Thu, 16 February 2017 14:44 UTC

Return-Path: <EhudD@Radware.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C96B7129638 for <dots@ietfa.amsl.com>; Thu, 16 Feb 2017 06:44:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vzbhEzs7XzPJ for <dots@ietfa.amsl.com>; Thu, 16 Feb 2017 06:43:58 -0800 (PST)
Received: from mailout1.radware.com (mailout1.radwarecloud.com [192.115.180.130]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A31D129468 for <dots@ietf.org>; Thu, 16 Feb 2017 06:43:58 -0800 (PST)
Received: from ILMB1.corp.radware.com ([169.254.1.237]) by ILCAS2.corp.radware.com ([176.200.120.122]) with mapi id 14.03.0319.002; Thu, 16 Feb 2017 16:43:55 +0200
From: Ehud Doron <EhudD@Radware.com>
To: 'dots' <dots@ietf.org>
Thread-Topic: DOTS Telemetry
Thread-Index: AdKIYTXgs9jnVMU+R1WnPYyVGJhdZA==
Date: Thu, 16 Feb 2017 14:43:55 +0000
Message-ID: <E58182C4A35A8E498E553AD3D33FA001011718C22B@ILMB1.corp.radware.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [176.200.121.207]
x-tm-as-product-ver: SMEX-11.0.0.4179-8.100.1062-22888.006
x-tm-as-result: No--16.323500-0.000000-31
x-tm-as-user-approved-sender: Yes
x-tm-as-user-blocked-sender: No
Content-Type: multipart/alternative; boundary="_000_E58182C4A35A8E498E553AD3D33FA001011718C22BILMB1corpradw_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/8hz_EcsysVg57l3Wt_defasAwdc>
Subject: [Dots] DOTS Telemetry
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2017 14:44:02 -0000

All

Following the WG last F2F meeting in Seoul, we would like to elaborate the discussion about the DOTS Telemetry, mainly its general aspects and directives.

Up to now, we have two declarations for DOTS Telemetry:

1.       The DOTS Requirement draft draft-ietf-dots-requirements-03d defines : "DDoS attack telemetry:  Collected behavioral characteristics defining the nature of a DDoS attack. " .

2.       The DOTS Telemetry draft draft-doron-dots-telemetry-00  defines  ""DOTS Telemetry" is defined as the collection of attributes characterizing the actual attacks that have been detected and mitigated. The DOTS Telemetry is an optional set of attributes that can be signaled in the various DOTS protocol messages. The DOTS Telemetry can be optionally sent from the DOTS Client to Server and vice versa.

We are now figuring out the general view on the DOTS Telemetry theme and have mapped two main categorizes of telemetry we believe are most relevant to DOTS:


1.       Telemetry for Visibility - The main objectives of this category is to allow SOC / NOC teams, on both DOTS Client and Server side, to gain visibility on the overall service provided by facilitating the DOTS signaling. As perceptible examples, we can suggest the Mitigation Status requirement (OP-004 from DOTS Requirement draft), attack details, attack BW and PPS, packet / bytes drops and so on.



2.       Telemetry for Mitigation - The main objective of this category is to allow mitigation facilities to improve their detection and mitigation performance. As perceptible examples, we can suggest the Mitigation Efficacy requirement (OP-007 from DOTS Requirement draft), traffic baseline in certain levels and so on.

As part of the WG effort to define the DOTS baseline features (the DOTS MVPs), we would like to get the WG feedbacks about the abovementioned telemetry categories and also about other possible suggested telemetry categories. We encourage group members from both vendors and service providers to bring-in their valuable feedbacks and needs on this matter. It is preferable for us to get feedbacks on the suggested categories as a whole, rather than on a specific telemetry attribute within a specific category.

The main objective is allowing us to be able to direct, and focus, our work on draft-doron-dots-telemetry-00  according the WG directives and needs.

Kindly, we will appreciate any kind of feedbacks,

DOTS Telemetry draft authors

v2.23.0 | Report a Bug | By Email