Re: [Dots] WGLC for draft-dots-use-cases-19

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Wed, 07 August 2019 06:35 UTC

Return-Path: <tirumaleswarreddy_konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAC581200E3 for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 23:35:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8xpNK-9cwQgU for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 23:35:28 -0700 (PDT)
Received: from us-smtp-delivery-140.mimecast.com (us-smtp-delivery-140.mimecast.com [63.128.21.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B18B2120024 for <dots@ietf.org>; Tue, 6 Aug 2019 23:35:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=mimecast20190606; t=1565159727; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qzUpEwdgRhxD74IDiLDA6KP9uZTbszSgksgWQqhKfj0=; b=j+MZ6Dj5SUj3beoKKMQSuDhHAdZ652vackz9APlZ/+IrOqZTUN4yqiAtsnvf/NH0PAbIhQ bQ7qc45/dTXhgyN9QGG3ULiK+TL3TfzOO7n5BQL2K1vuUcKI+tGs+pyiG4IyMLyfJRgiAY gnnAVI8TyRI8xs32HQNa7d8Xk4eTSv0=
Received: from MIVWSMAILOUT1.mcafee.com (mivwsmailout1.mcafee.com [161.69.47.167]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-230-hcNzerr8Ojq8lde0AHP0RA-1; Wed, 07 Aug 2019 02:35:26 -0400
Received: from DNVEXAPP1N06.corpzone.internalzone.com (DNVEXAPP1N06.corpzone.internalzone.com [10.44.48.90]) by MIVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 6365_0882_bea0ed84_869a_434c_9ba6_6d548828b202; Wed, 07 Aug 2019 02:36:07 -0400
Received: from DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 7 Aug 2019 00:35:12 -0600
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Wed, 7 Aug 2019 00:35:06 -0600
Received: from NAM05-DM3-obe.outbound.protection.outlook.com (10.44.176.243) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 7 Aug 2019 00:35:03 -0600
Received: from DM5PR16MB1705.namprd16.prod.outlook.com (10.172.44.147) by DM5PR16MB1449.namprd16.prod.outlook.com (10.173.215.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.14; Wed, 7 Aug 2019 06:35:03 +0000
Received: from DM5PR16MB1705.namprd16.prod.outlook.com ([fe80::532:f001:84e1:55ba]) by DM5PR16MB1705.namprd16.prod.outlook.com ([fe80::532:f001:84e1:55ba%10]) with mapi id 15.20.2136.018; Wed, 7 Aug 2019 06:35:03 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "Valery Smyslov" <valery@smyslov.net>, "dots@ietf.org" <dots@ietf.org>
CC: "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>
Thread-Topic: [Dots] WGLC for draft-dots-use-cases-19
Thread-Index: AdVMHvzhmt/V33ByRr+d368GCi1ExgABDh/gAAA/2oAAAmsFAAAApBygAAFk76AAAGXy8AAALP6QAAB9ubAAA9IiYAABiL4AAABR/TAAAPXKAAAAowWgAABjpEAAJBX+4A==
Date: Wed, 7 Aug 2019 06:35:03 +0000
Message-ID: <DM5PR16MB1705C92B4A4C6E0EE0F3BBD9EAD40@DM5PR16MB1705.namprd16.prod.outlook.com>
References: <00b001d54c1f$d57799e0$8066cda0$@smyslov.net> <DM5PR16MB17050571BAD70FACA597FA6CEAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDB17@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB170555606E26709FC5C54AA4EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDBC8@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB17050DF869BABA8B3670DC85EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDC3B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB1705E573DE3E7482115B9FE0EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDC6C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB170551C20908654A0F6428D7EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDDC9@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB1705CBD6DF992D7FB9178B29EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDE6B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB17055591ECA5EC49A2947A3EEAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDF39@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B9330312FDF39@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.3.0.17
dlp-reaction: no-action
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 02c76c98-8020-4653-ee3e-08d71b016147
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM5PR16MB1449;
x-ms-traffictypediagnostic: DM5PR16MB1449:
x-microsoft-antispam-prvs: <DM5PR16MB144995C2A17C36DBD6401962EAD40@DM5PR16MB1449.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01221E3973
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(39860400002)(346002)(366004)(376002)(396003)(13464003)(199004)(189003)(31014005)(32952001)(6116002)(3846002)(25786009)(6436002)(53546011)(6506007)(99286004)(229853002)(26005)(478600001)(2906002)(68736007)(486006)(9686003)(53936002)(476003)(11346002)(86362001)(76176011)(14454004)(102836004)(6246003)(446003)(55016002)(4326008)(74316002)(186003)(76116006)(66476007)(66556008)(64756008)(66946007)(66446008)(7696005)(81166006)(81156014)(8676002)(8936002)(5024004)(14444005)(256004)(5660300002)(52536014)(305945005)(7736002)(66066001)(33656002)(110136005)(2501003)(66574012)(71190400001)(71200400001)(80792005)(316002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR16MB1449; H:DM5PR16MB1705.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: acu4G4eyTDnX4Fjh8drj4f/XEzVDuavHj+x3G7NolCizYCCWlm8cv4SLwsjcHmSrLhJFmIGVUzzXPaEowCyM2YZcYzxgOd8PvmIuNwPWk7oDDyR57DNDCAMZsOly4qD8l7POnDMUqLNitjTGOJyZPsFSSxJ8BM/UZaELOXNs0hM11ut1AO2HkMRlfXbd7UPPGqmAA941m7gL5690uvEhU0A68nyYeuheIKtjbKTVSMlhJLZI2fNyuPUWv/tSfOHfmQt/FOUCSCq1FbWp8NsnhwY8Ho3kr6SbopDIXlcMb2+rMqty/nWD8BRHWdw4a1A+otsZD75RHaQFXMxcu6mAQ5gCAIUfKn9gh0YvfK9N44UMvuBB8dTu6dF9av1rzFSQbUifah0+3qCVhQgF32+2DEnLTM6eqD6RGoaLZdl/7cg=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 02c76c98-8020-4653-ee3e-08d71b016147
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Aug 2019 06:35:03.4706 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TirumaleswarReddy_Konda@McAfee.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR16MB1449
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0.1
X-NAI-Spam-Version: 2.3.0.9418 : core <6606> : inlines <7132> : streams <1829597> : uri <2879608>
X-MC-Unique: hcNzerr8Ojq8lde0AHP0RA-1
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/BJWHV7Jj-OPdESvHs46-eEIlVT4>
Subject: Re: [Dots] WGLC for draft-dots-use-cases-19
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2019 06:35:32 -0000

> -----Original Message-----
> From: mohamed.boucadair@orange.com
> <mohamed.boucadair@orange.com>;
> Sent: Tuesday, August 6, 2019 7:06 PM
> To: Konda, Tirumaleswar Reddy
> <TirumaleswarReddy_Konda@McAfee.com>;; Valery Smyslov
> <valery@smyslov.net>;; dots@ietf.org
> Cc: Xialiang (Frank, Network Standard & Patent Dept)
> <frank.xialiang@huawei.com>;
> Subject: RE: [Dots] WGLC for draft-dots-use-cases-19
> 
> This email originated from outside of the organization. Do not click links or
> open attachments unless you recognize the sender and know the content is
> safe.
> 
> Re-,
> 
> Please see inline.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Konda, Tirumaleswar Reddy
> > [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > Envoyé : mardi 6 août 2019 15:08
> > À : BOUCADAIR Mohamed TGI/OLN; Valery Smyslov; dots@ietf.org Cc :
> > Xialiang (Frank, Network Standard & Patent Dept) Objet : RE: [Dots]
> > WGLC for draft-dots-use-cases-19
> >
> ...
> > > > > [Med] The recursive case is not covered in the current text. I
> > > > > don't
> > > > think we
> > > > > need to elaborate on this further.
> > > >
> > > > I don't understand why recursive case should be excluded in the
> > > > current text ?
> > >
> > > [Med] Because the use-case draft does not cover this: It only covers
> > > the
> > case
> > > of an orchestrator talking to local routers.
> >
> > My question is why shouldn't the use case draft cover this ?
> 
> [Med] Isn't this captured with the following?
> 
>    o  DDoS Mitigation System (DMS): A system that performs DDoS
>       mitigation.  The DDoS Mitigation System may be composed by a
>       cluster of hardware and/or software resources, but could also
>       involve an orchestrator that may take decisions such as
>       outsourcing partial or more of the mitigation to another DDoS
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> ^^
>       Mitigation System.
> 
> And
> 
>    Another typical scenario for this use case is the relation between
>    DDoS Mitigation Service Providers forming an overlay of DMS.  When a
>    DDoS Mitigation Service Provider mitigating a DDoS attack reaches it
>    resources capacities, it may choose to delegate the DDoS Mitigation to
>    another DDoS Mitigation Service Provider.

I missed above text, Thanks.

> 
> >
> > >
> > > >
> > > > >
> > > > >  However If orchestrator is enforcing
> > > > > > filtering rules on routers, it should create the black-list
> > > > > > rules based on the non-spoofed attacker IP address and not use
> > > > > > the spoofed victim IP addresses.
> > > > > >
> > > > >
> > > > > [Med] Agree. Whether the check is done at the orchestrator or by
> > > > > the
> > > > DMS,
> > > > > is not a new concern. The DMS has to proceed with these checks,
> > anyway.
> > > > I
> > > > > fail to see what is NEW and SPECIFIC to the offload scenario.
> > > >
> > > > In this case the check has to be done by orchestrator when
> > > > enforcing black-list rules not to penalize the spoofed victim IP
> > > > addresses and should be discussed in the new use case.
> > >
> > > [Med] This requirement has to be followed by the DMS, anyway. This
> > > is
> > not a
> > > new issue, Tiru.
> >
> > No, sending attack information to the DOTS server is not covered in
> > any of the WG documents.
> >
> 
> [Med] The text is about "additional hints". This is all what DOTS is about :-)

Yes, but the NEW text is discussing conveying attack information for the first time and it needs more details.

> 
> > >
> > >  I don't see any other use case in
> > > > the specification discussing offload scenario with propagating the
> > > > attack information and I recommend updating the text discussing
> > > > the above scenarios.
> > >
> > > [Med] We don't have a similar text for the DMS case because
> > > mitigation
> > is
> > > out of scope. I'm expecting to follow the some rationale for the
> > offload.
> >
> > If mitigation is out of scope, remove the following line:
> > Then the orchestrator can take further actions like requesting
> > forwarding nodes such as routers to filter the traffic.
> 
> [Med] This sentence is similar to saying the "DMS starts mitigation" but with
> more contextualized information for a network orchestrator. The sentence
> uses "can", "like" which is fine for illustration purposes. As a reader, I prefer
> to leave it.

I suggest to add more details discussed in the thread. Anyways, will leave it to you and the authors to decide, and I am not objecting to progressing the draft 
without the proposed update.

Cheers,
-Tiru