Re: [Dots] draft-fu-dots-ipfix-extension revised into draft-fu-dots-ipfix-tcp-tracking
"Teague, Nik" <nteague@verisign.com> Mon, 13 March 2017 15:42 UTC
Return-Path: <nteague@verisign.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8ACFE12962E for <dots@ietfa.amsl.com>; Mon, 13 Mar 2017 08:42:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hgQ9shpXsjlz for <dots@ietfa.amsl.com>; Mon, 13 Mar 2017 08:42:29 -0700 (PDT)
Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E3F21293D8 for <dots@ietf.org>; Mon, 13 Mar 2017 08:42:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=2448; q=dns/txt; s=VRSN; t=1489419749; h=from:to:date:message-id:content-id: content-transfer-encoding:mime-version:subject; bh=25jKOIQDdRNHClSxJCWtM2oceZHVoWlaHM7OlRwVDMo=; b=ESNS2vmSq16M7dK0JXCxrMDoHnnTy/Egp1TIof45XCUQ+TMG6rgYg6Ev nvBiGx0XyHy7yUheqJR2tacqM53Zz7NIXmd67VLORRreXaX1HAQmSVOqh X7iLTIwVzdCvs3YueEIColiT6EHwGDdovNTdJAQP1y8g5wWshMBLdgOaK sT90s7/z8BkPlmd4jqAg9gsv5g1XbI2P5tdKMdvkdsBM78N5zqYseukxA 98GXZVcJHw/DMiVU5Y73235yzYH3r3Xpbqdc+/zKnSmo9BJiRhbqCVuEH T6fu1J3F5Vh3+YVOyNxgY0F7kCNmSfmmo0Kq0fr1k1+DdmHKJI3rzaTmH g==;
X-IronPort-AV: E=Sophos;i="5.36,159,1486425600"; d="scan'208";a="2086028"
IronPort-PHdr: 9a23:NaNhUBArOAbhst/1xvziUyQJP3N1i/DPJgcQr6AfoPdwSPX6rsbcNUDSrc9gkEXOFd2CrakV16yO6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fdbghMizexe69+IAmrpgjNq8cahpdvJLwswRXTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Qiqp4bt1RxD0iScHLz85/3/Risxsl6JQvRatqwViz4LIfI2ZMfxzdb7fc9wHX2pMRsZfWTJcDIOgYYUBDOQOPedEoIfyqFQDtge+ChKpBO/z1jNFnH370Ksn2OohCwHG2wkgEsoAvHrKstr6LqgSUf2rw6XQ0D7Nd/JW2TTz5IPVdR0hp+2MUqxqfsre1EkgCRjIjkuOpoz/PjOVzeUNs2ed7+Z6Se2vjGsnphh3rzOyxckskpHEip8Jxlze6Cl0wog4KcelREN7b9OoCoVcui6aOoduX88uX3tktDs4x7AIo5K3YSgHxIo9yxPQbfGMbpKG7Qj5VOmLJDd1nHdleLWiiBms6UWg0ej8VtWs0FZNsypFjsHAtnAT2BzX7ciKUuBy/l2n2TqS0wDS5eRELlo1larfLJ4h36IwmoYNvUjZAC/5hl/2jK6NdkUl9eio7f7rbanhpp+ZL4N0iwf+PboymsGnHOg0LhICU3WZ9OmyzrHv4E30TbtQgvEonaTUsIjWJcEBqa64Bw9V3Jwj6xG6Dzq+1tQYgWcII0hKeBKakYfkIE/OL+7iDfe+mFSskThrx/bcMrL9BZXNK2DPkK39crZl905c1A0zwMhC6JJTFrEBO+n+Wk7vu9zEAB81KQu0w/zoCN9lzIMRRXqPArOFMKPVqVKI4/ggI/OSZI8UvjbxMfkk5/7wgn8/ll8dfbSp3ZoMZXC4A/RpOUuYbmTtgtsbDWgKuQ8+H6TWjwjIYz5eYXmyQqN0phQyEpynC8aJDtSoiaaf3SH9DJ1bYG9GF1GkEWrhaIiFHfwLbXTWaoVtlSAffbmsV4Fn0guh/keux717NcLV9zEW85X5244myffUkER4yTF9ANmQlymrTmI+1jcOWzI/071yiVJw0FaY0Kd+xfdfEIoAtLtyTg4mOMuEnKRBANfoV1eEJ4/RRQ==
X-IPAS-Result: A2ERAwAvvcZY//WZrQpdHAEBBAEBCgEBFwEBBAEBCgEBhREHg1mKDpEwk0uCD4IOGoYIHIMAGAEBAQEBAQEBAQEBAoEQgjMiAYJABiMRVwEIDQ0CJgIEMBUSBAESuDmCJopRAQsmgQuFRIIECIJihFQXgm8ugjEFlgCGQQGjXZNDH4E9WBVSAYR7gUp1iEaBDQEBAQ
Received: from brn1wnexcas01.vcorp.ad.vrsn.com (brn1wnexcas01 [10.173.152.205]) by brn1lxmailout02.verisign.com (8.13.8/8.13.8) with ESMTP id v2DFgRIu026055 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 13 Mar 2017 11:42:27 -0400
Received: from BRN1WNEXMBX02.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas01.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0301.000; Mon, 13 Mar 2017 11:42:26 -0400
From: "Teague, Nik" <nteague@verisign.com>
To: "Zhenghui (Marvin)" <marvin.zhenghui@huawei.com>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [EXTERNAL] [Dots] draft-fu-dots-ipfix-extension revised into draft-fu-dots-ipfix-tcp-tracking
Thread-Index: AQHSnBBqY+6PFbkZ4kGkZomjdoO5aQ==
Date: Mon, 13 Mar 2017 15:42:26 +0000
Message-ID: <0ED35034-E1EC-4748-9153-BEBBBD2B0DAE@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.1f.0.170216
x-originating-ip: [10.173.152.4]
Content-Type: text/plain; charset="utf-8"
Content-ID: <5EB0CB23618B6F48B50CB7EC87134590@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/C4VhdNj4t-O8VWOixYTCLtmHNxg>
Subject: Re: [Dots] draft-fu-dots-ipfix-extension revised into draft-fu-dots-ipfix-tcp-tracking
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2017 15:42:30 -0000
Marvin hi, Some feedback on the mechanism… Many networks deploy architectures where separate perimeter routers connect to any number of providers. Traffic, as a result, is often asynchronous – i.e. the best path _out_ is not always the best path _in_ (for any number of reasons… bgp is policy based remember). Therefore, a device that handles inbound packets for a flow may not be the same one dealing with outbound. This means your IE’s may be rendered generally useless depending upon whether or not you, somehow, pin traffic to a path (which would probably be vulnerable then to exploitation). There have been a few implementations that try and stitch flows together (ibm’s qflows come to mind) but these are generally done at the collection/analysis layer vs locally on a router. Thanks, -Nik On 13/03/2017, 07:37, "Dots on behalf of Zhenghui (Marvin)" <dots-bounces@ietf.org on behalf of marvin.zhenghui@huawei.com> wrote: Hello DOTS WG, We have submitted a draft draft-fu-dots-ipfix-tcp-tracking-00, which is the succession of draft-fu-dots-ipfix-extension-01. The original draft has been reviewed internally. As a result, the IPFIX Information Elements inside the draft have been revised, and some of the IEs are removed. However, we’ve realized what our draft intends to do is not what currently DOTS WG is focusing on. So, we’d like to hear from the WG, is that some pointers can be given on the next step of the draft, or where we can continue the discussion of the issue that the draft addresses. We submitted this draft to DOTS because IPFIX WG had been closed, and DOTS was the best match we found. Thanks. Marvin Zhenghui Best Regards
- [Dots] draft-fu-dots-ipfix-extension revised into… Zhenghui (Marvin)
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Roland Dobbins
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Teague, Nik
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Roman Danyliw
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Zhenghui (Marvin)
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Zhenghui (Marvin)
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Zhenghui (Marvin)
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Roland Dobbins
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Roland Dobbins
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Zhenghui (Marvin)
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Roland Dobbins
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Zhenghui (Marvin)
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Roman Danyliw
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Zhenghui (Marvin)
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Dave Dolson
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Roland Dobbins
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Roland Dobbins
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Zhenghui (Marvin)
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Zhenghui (Marvin)
- Re: [Dots] draft-fu-dots-ipfix-extension revised … Roland Dobbins