[Dots] Availability of a DOTS public test server
"Jon Shallow" <supjps-ietf@jpshallow.com> Wed, 04 December 2019 14:54 UTC
Return-Path: <supjps-ietf@jpshallow.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3395B12012E for <dots@ietfa.amsl.com>; Wed, 4 Dec 2019 06:54:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RDpo2Vx5k9z1 for <dots@ietfa.amsl.com>; Wed, 4 Dec 2019 06:54:10 -0800 (PST)
Received: from mail.jpshallow.com (mail.jpshallow.com [217.40.240.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B118B12008C for <dots@ietf.org>; Wed, 4 Dec 2019 06:54:10 -0800 (PST)
Received: from mail2.jpshallow.com ([192.168.0.3] helo=N01332) by mail.jpshallow.com with esmtp (Exim 4.92.3) (envelope-from <jon.shallow@jpshallow.com>) id 1icW2Y-00069k-VA for ietf-supjps-dots@ietf.org; Wed, 04 Dec 2019 14:54:07 +0000
From: Jon Shallow <supjps-ietf@jpshallow.com>
To: dots@ietf.org
Date: Wed, 04 Dec 2019 14:54:08 -0000
Message-ID: <046101d5aab2$ae791890$0b6b49b0$@jpshallow.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0462_01D5AAB2.AE7A02F0"
X-Mailer: Microsoft Outlook 14.0
Content-Language: en-gb
Thread-Index: AdWqsqobFEkmC2CBRRGWOPZXqhLnrA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/CYXtFUBncdzktOqgUE2Bg2oM3ac>
Subject: [Dots] Availability of a DOTS public test server
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2019 14:54:13 -0000
Hi there, This is to confirm that I have a DOTS server that can be publically accessed for testing. The current versions of the drafts that are supported are:- draft-ietf-dots-signal-channel-39 draft-ietf-dots-data-channel-31 draft-ietf-core-hop-limit-07 draft-ietf-dots-signal-filter-control-02 draft-ietf-dots-signal-call-home-07 with the following caveats application/dots+cbor has not yet been defined, so currently using 60 (application/cbor) For signal-filter-control, CBOR Key 52 is used to not clash with signal-channel CBOR keys. The DOTS server (signal) is available at dotsserver.ddos-secure.net port 4646 (both UDP and TCP) The DOTS server (data) is available at dotsserver.ddos-secure.net port 443 (both UDP and TCP) (SNI required) The Call Home DOTS client is available at dotsserver.ddos-secure.net port 4647 (both UDP and TCP) To access using PKI, Certificates are the same as used by godots and are available from https://github.com/nttdots/go-dots/tree/master/certs. To access the DOTS server, you need to use client-cert.pem and client-key.pem To access the Call Home DOTS client, you need to use server-cert.pem and server-key.pem. Alternatively, using PSK, the Pre-Shared Key is 12345678 and the DOTS client Identity must be client.example.server.com . It is possible to set the configuration up as a DOTS gateway, but your DOTS server needs to be pre-configured so that traffic can be gatewayed to it, as well as use a different client key that has a different common name (but created from the same godots CA) so traffic can be differentiated from that using client-cert.pem which access the DOTS server only. The local DOTS server will accept mitigation requests for 1.1.1.69, 1.1.1.71, 1.1.2.0/24 and 2001:db8:6401::/96. Diagnostic messages should be self-explanatory as to what the (perceived) issue is. It is possible that there may be brief outages whenever the s/w is updated. Regards Jon
- [Dots] Availability of a DOTS public test server Jon Shallow
- Re: [Dots] Availability of a DOTS public test ser… Benjamin Kaduk
- [Dots] 答复: Availability of a DOTS public test ser… Xialiang (Frank, Network Standard & Patent Dept)