[Dots] 答复: Availability of a DOTS public test server
"Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com> Mon, 09 December 2019 01:34 UTC
Return-Path: <frank.xialiang@huawei.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C2251200CC for <dots@ietfa.amsl.com>; Sun, 8 Dec 2019 17:34:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4cXc03fhMt5b for <dots@ietfa.amsl.com>; Sun, 8 Dec 2019 17:34:34 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5BB212007C for <dots@ietf.org>; Sun, 8 Dec 2019 17:34:34 -0800 (PST)
Received: from LHREML710-CAH.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 743BB53E2E415A3818A3 for <dots@ietf.org>; Mon, 9 Dec 2019 01:34:33 +0000 (GMT)
Received: from lhreml715-chm.china.huawei.com (10.201.108.66) by LHREML710-CAH.china.huawei.com (10.201.108.33) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 9 Dec 2019 01:34:33 +0000
Received: from lhreml715-chm.china.huawei.com (10.201.108.66) by lhreml715-chm.china.huawei.com (10.201.108.66) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Mon, 9 Dec 2019 01:34:32 +0000
Received: from DGGEMM422-HUB.china.huawei.com (10.1.198.39) by lhreml715-chm.china.huawei.com (10.201.108.66) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.1.1713.5 via Frontend Transport; Mon, 9 Dec 2019 01:34:32 +0000
Received: from DGGEMM511-MBX.china.huawei.com ([169.254.1.2]) by dggemm422-hub.china.huawei.com ([10.1.198.39]) with mapi id 14.03.0439.000; Mon, 9 Dec 2019 09:34:28 +0800
From: "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>
To: Jon Shallow <supjps-ietf@jpshallow.com>, Benjamin Kaduk <kaduk@mit.edu>
CC: "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] Availability of a DOTS public test server
Thread-Index: AdWqsqobFEkmC2CBRRGWOPZXqhLnrADCZfmAAB0DohA=
Date: Mon, 09 Dec 2019 01:34:28 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F13EAB5F35@dggemm511-mbx.china.huawei.com>
References: <046101d5aab2$ae791890$0b6b49b0$@jpshallow.com> <20191208194015.GB13890@kduck.mit.edu>
In-Reply-To: <20191208194015.GB13890@kduck.mit.edu>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.138.33.46]
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/DfmGsB4JzZpC0zGk3sXU1M3I9kQ>
Subject: [Dots] 答复: Availability of a DOTS public test server
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2019 01:34:37 -0000
Hi Jon, Thanks for the valuable implementation work, which is really helpful for the whole spec design. B.R. Frank -----邮件原件----- 发件人: Dots [mailto:dots-bounces@ietf.org] 代表 Benjamin Kaduk 发送时间: 2019年12月9日 3:40 收件人: Jon Shallow <supjps-ietf@jpshallow.com> 抄送: dots@ietf.org 主题: Re: [Dots] Availability of a DOTS public test server Hi Jon, That is very cool to see -- thank you! -Ben On Wed, Dec 04, 2019 at 02:54:08PM -0000, Jon Shallow wrote: > Hi there, > > > > This is to confirm that I have a DOTS server that can be publically > accessed for testing. > > > > The current versions of the drafts that are supported are:- > > > > draft-ietf-dots-signal-channel-39 > > draft-ietf-dots-data-channel-31 > > draft-ietf-core-hop-limit-07 > > draft-ietf-dots-signal-filter-control-02 > > draft-ietf-dots-signal-call-home-07 > > > > with the following caveats > > > > application/dots+cbor has not yet been defined, so currently using 60 > (application/cbor) > > > > For signal-filter-control, CBOR Key 52 is used to not clash with > signal-channel CBOR keys. > > > > The DOTS server (signal) is available at dotsserver.ddos-secure.net > port > 4646 (both UDP and TCP) > > The DOTS server (data) is available at dotsserver.ddos-secure.net port > 443 (both UDP and TCP) (SNI required) > > The Call Home DOTS client is available at dotsserver.ddos-secure.net > port > 4647 (both UDP and TCP) > > > > To access using PKI, Certificates are the same as used by godots and > are available from https://github.com/nttdots/go-dots/tree/master/certs. > > To access the DOTS server, you need to use client-cert.pem and > client-key.pem > > To access the Call Home DOTS client, you need to use server-cert.pem > and server-key.pem. > > > > Alternatively, using PSK, the Pre-Shared Key is 12345678 and the DOTS > client Identity must be client.example.server.com . > > > > It is possible to set the configuration up as a DOTS gateway, but your > DOTS server needs to be pre-configured so that traffic can be > gatewayed to it, as well as use a different client key that has a > different common name (but created from the same godots CA) so traffic > can be differentiated from that using client-cert.pem which access the DOTS server only. > > > > The local DOTS server will accept mitigation requests for 1.1.1.69, > 1.1.1.71, 1.1.2.0/24 and 2001:db8:6401::/96. > > > > Diagnostic messages should be self-explanatory as to what the > (perceived) issue is. > > > > It is possible that there may be brief outages whenever the s/w is updated. > > > > Regards > > > > Jon > > _______________________________________________ > Dots mailing list > Dots@ietf.org > https://www.ietf.org/mailman/listinfo/dots _______________________________________________ Dots mailing list Dots@ietf.org https://www.ietf.org/mailman/listinfo/dots
- [Dots] Availability of a DOTS public test server Jon Shallow
- Re: [Dots] Availability of a DOTS public test ser… Benjamin Kaduk
- [Dots] 答复: Availability of a DOTS public test ser… Xialiang (Frank, Network Standard & Patent Dept)