IETF Logo Mail Archive

Re: [Dots] I-D Action: draft-ietf-dots-telemetry-01.txt

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Wed, 05 February 2020 06:59 UTC

Return-Path: <tirumaleswarreddy_konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86F751201DB for <dots@ietfa.amsl.com>; Tue, 4 Feb 2020 22:59:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ShYa8vNaqy9G for <dots@ietfa.amsl.com>; Tue, 4 Feb 2020 22:59:03 -0800 (PST)
Received: from us-smtp-delivery-140.mimecast.com (us-smtp-delivery-140.mimecast.com [216.205.24.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79E36120045 for <dots@ietf.org>; Tue, 4 Feb 2020 22:59:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=mimecast20190606; t=1580885942; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+JK1HhlRSu9VLSwTDESORZpYybfId8BcT4A7AYdQsOY=; b=Ih1weFVEqaQzzYgz2KWA1c2TmSeblIbA+VoAe4HHhQ9wVXYNSXZomYcyn+J+KVO090ZXm0 oG17Of4zQwH83eQdT8HKdQpNT/G1X+/xjF24JpOC6VTbBkq6IMceyzNfyAOGLidJPTaiMo bXSbQ5AAVfZfMSxCVNo0NoNJsnK9IxU=
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2175.outbound.protection.outlook.com [104.47.55.175]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-61-MJPAPjs5NwO7BXuId4O5vw-1; Wed, 05 Feb 2020 01:58:45 -0500
Received: from CY4PR1601MB1254.namprd16.prod.outlook.com (10.172.118.12) by CY4PR1601MB1110.namprd16.prod.outlook.com (10.172.116.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.32; Wed, 5 Feb 2020 06:58:43 +0000
Received: from CY4PR1601MB1254.namprd16.prod.outlook.com ([fe80::e851:20e8:57bd:fedd]) by CY4PR1601MB1254.namprd16.prod.outlook.com ([fe80::e851:20e8:57bd:fedd%12]) with mapi id 15.20.2686.034; Wed, 5 Feb 2020 06:58:43 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "Jon Shallow (supjps-ietf@jpshallow.com)" <supjps-ietf@jpshallow.com>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] I-D Action: draft-ietf-dots-telemetry-01.txt
Thread-Index: AQHV2EX1YQ9eUkWY2E+gQ7j9EgylIKgE4pYAgARXvICAAvfD0A==
Date: Wed, 05 Feb 2020 06:58:42 +0000
Message-ID: <CY4PR1601MB125427847C0E00EC33BD4520EA020@CY4PR1601MB1254.namprd16.prod.outlook.com>
References: <158048229416.21195.16114328651657501634@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93303141473A@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <787AE7BB302AE849A7480A190F8B933031414F55@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B933031414F55@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.4.0.45
dlp-reaction: no-action
x-originating-ip: [49.37.206.28]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 17c6e0fd-8581-4cff-3efc-08d7aa08d689
x-ms-traffictypediagnostic: CY4PR1601MB1110:
x-microsoft-antispam-prvs: <CY4PR1601MB11101C17C3EB7C3FC9C9B846EA020@CY4PR1601MB1110.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0304E36CA3
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(376002)(136003)(346002)(396003)(39860400002)(189003)(199004)(32952001)(2906002)(52536014)(86362001)(64756008)(66446008)(9686003)(66556008)(478600001)(966005)(55016002)(66476007)(8676002)(66574012)(6506007)(8936002)(81156014)(81166006)(66946007)(76116006)(5660300002)(53546011)(71200400001)(186003)(316002)(110136005)(33656002)(26005)(7696005)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR1601MB1110; H:CY4PR1601MB1254.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6MNfZ/RAt7dBb3DUpePPMPR3zkqT0NYEc7f3ySWERaisFZSGjgyomqcrKZRhNUHdPMQ1W5hIP+JbLIDiEO86S/Kf6L85SSlRMzyXleH1t8pgiBa4SqTcldnrFaj9qXvdCK+lFmNYfP8s4RK4cI/qrACkMCI8iTe1jsE24e8dhtSL98Y7PMqe4d24ttP/QXl9ZAqh13pdCUeWgWYEVANFswMOtTWLpOb274ixxAgJ5JfS9h0PXs7d5Bvy6A3pxf9St53oFD1QdjSR39yYunn6GFVYaLuIrqzIjgHU3xAMFv0mi1wYQfE8s56frE0NG/KSIzALCb0FykQ42tS8drOK0nYqToqALJiBM7EIjWWLgV2dHvRGzsyEh2DIAOcTKJKK65gsPgAszbf0M20xmSKMFmvVObdlMILB/ib+zWa0rYBFhOKdNkqbjlUw264yKmmRmZNGi/TMwEv4slU8czNCpCZEuoKkA81Xck0ceZygDWnfSIvAjSAqTh1ibleFwkWTYP4AGSCoLnzoYJEgvID/NS9H8RdZWV9I0UY8qjwzUlYBbIeIJDDWTdPIplS1hBevc1m/+i8PohBQjTkt4bir959B+PteQuA1ym+qSQ4WaN8=
x-ms-exchange-antispam-messagedata: wYxYWAEo4MEETFek+rIs+uTSoRapeyTWNzjmlCS5T5O5IvCm0ixLA4C98oIyCBduC0GLDUURRiC0KxsPCbb+vKwgB/Qr/feof6hQ80TNoKsdpuUZcOUfVLCstoGqYTYNUvYu9EwdHkE3EyQjwAblEQ==
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: mcafee.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 17c6e0fd-8581-4cff-3efc-08d7aa08d689
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Feb 2020 06:58:43.1094 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: nONIGqEaMCI18IijDDng0YecB+cD5s8fqmQjMasA8HALq1CabXV4+Xtx96GW4/val3F4o4vHb3lYDv+6kE71Di5uChkDArl+1p2nqRqEtT7K+cah7Cksf2kcrCBQ450D
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1601MB1110
X-MC-Unique: MJPAPjs5NwO7BXuId4O5vw-1
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: mcafee.com
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/GkssYwlHL7M83OFOIznM_KAxsVM>
Subject: Re: [Dots] I-D Action: draft-ietf-dots-telemetry-01.txt
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Feb 2020 06:59:10 -0000
X-List-Received-Date: Wed, 05 Feb 2020 06:59:10 -0000

> -----Original Message-----
> From: Dots <dots-bounces@ietf.org> On Behalf Of
> mohamed.boucadair@orange.com
> Sent: Monday, February 3, 2020 3:07 PM
> To: Jon Shallow (supjps-ietf@jpshallow.com) <supjps-ietf@jpshallow.com>;
> dots@ietf.org
> Subject: Re: [Dots] I-D Action: draft-ietf-dots-telemetry-01.txt
> 
> CAUTION: External email. Do not click links or open attachments unless you
> recognize the sender and know the content is safe.
> 
> Hi all,
> 
> FYI, a review from Jon is available at: https://github.com/boucadair/draft-
> dots-telemetry/raw/master/DOTS%20Telemetry%2001-rev%20Jon-
> res%20Med.docx
> 
> -02 will integrate almost all comments from  Jon. Please find below some
> points we would like to hear more from the working group:
> 
> (1) key value range for telemetry: Jon raised this point "These keys requires 3
> bytes - and telemetry information is going to be difficult to fit into a packet.  I
> appreciate that comprehension-required Is for numbers less than 0x8000 -
> perhaps the comprehension-required range is reduced and also has a section
> higher up so the total of 0x8000 still stands so less bytes can be used here."
> 
>    +----------------------+-------+-------+------------+---------------+
>    | Parameter Name       | CBOR  | CBOR  | Change     | Specification |
>    |                      | Key   | Major | Controller | Document(s)   |
>    |                      | Value | Type  |            |               |
>    +----------------------+-------+-------+------------+---------------+
>    | ietf-dots-signal-cha | 32776 |   5   |    IESG    |   [RFCXXXX]   |
>    | nnel:telemetry       |       |       |            |               |
> 
> Med: This is a major one. We need to assess the gain, but it is possible in
> theory to update our assignment policies and reassign, e.g., 128-255 range to
> be comprehension-optional (specific for telemetry). This would mean that
> the telemetry spec will be tagged as updating the base signal channel spec.
> We need more discussion.

Why not change the DOTS telemetry attributes to comprehension-required ?
If the server does not understand the DOTS telemetry attributes, it will respond with 4.00 error response, and the client can re-send the request without the DOTS telemetry attributes.

Cheers,
-Tiru

> 
> (2) server-initiated-telemetry: "Having server-initiated-telemetry under
> max-config-values, but not min-config-values makes no sense to me.  I think
> it should be under telemetry-config at the level of current-config and
> possibly removed from current-config as well."
> 
> Med:
> 
> A. It is in the max container because setting that value to "false" under that
> container has a special meaning: the server does not support sending pre-
> mitigation telemetry. We can put it under min as well but do we have a case
> where setting it to "true" has a meaning?
> B. I do agree that 'server-initiated-telemetry' can be removed from the
> current configuration because the same functionality is achieved using a
> GET+Observe but we left it there for the moment as we need to work
> further the details for subscribing to pre-mitigation from the servers.
> 
> (3) "vendor-id is missing from the cbor table":
> 
> Med: This was done on purpose to try to optimize the number of CBOR key
> values + encourage attributes reuse. E.g., We replaced "telemetry-id",
> "baseline-id", and "vendor-id" with a single "id" (as we only use those for the
> moment in the message body) but the YANG module includes the meaning
> of each "id" in the definition clause. We may need to revise this if we
> conclude that, e.g., "telemetry-id" (tmid) has to be defined as Path-URI.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Dots [mailto:dots-bounces@ietf.org] De la part de
> > mohamed.boucadair@orange.com Envoyé : vendredi 31 janvier 2020 16:18
> À
> > : dots@ietf.org Objet : Re: [Dots] I-D Action:
> > draft-ietf-dots-telemetry-01.txt
> >
> > Hi all,
> >
> > We prepared with Tiru a major revision of the telemetry draft. A diff
> > is provided below to track the changes. We will now focus on sections
> > 7 and 8.
> >
> > Please review and share comments.
> >
> > Cheers,
> > Med
> >
> > > -----Message d'origine-----
> > > De : Dots [mailto:dots-bounces@ietf.org] De la part de internet-
> > > drafts@ietf.org Envoyé : vendredi 31 janvier 2020 15:52 À :
> > > i-d-announce@ietf.org Cc : dots@ietf.org Objet : [Dots] I-D Action:
> > > draft-ietf-dots-telemetry-01.txt
> > >
> > >
> > > A New Internet-Draft is available from the on-line Internet-Drafts
> > > directories.
> > > This draft is a work item of the DDoS Open Threat Signaling WG of
> > the
> > > IETF.
> > >
> > >         Title           : Distributed Denial-of-Service Open Threat
> > > Signaling (DOTS) Telemetry
> > >         Authors         : Mohamed Boucadair
> > >                           Tirumaleswar Reddy
> > >                           Ehud Doron
> > >                           Meiling Chen
> > > 	Filename        : draft-ietf-dots-telemetry-01.txt
> > > 	Pages           : 70
> > > 	Date            : 2020-01-31
> > >
> > > Abstract:
> > >    This document aims to enrich DOTS signal channel protocol with
> > >    various telemetry attributes allowing optimal DDoS attack
> > > mitigation.
> > >    This document specifies the normal traffic baseline and attack
> > >    traffic telemetry attributes a DOTS client can convey to its DOTS
> > >    server in the mitigation request, the mitigation status telemetry
> > >    attributes a DOTS server can communicate to a DOTS client, and
> > the
> > >    mitigation efficacy telemetry attributes a DOTS client can
> > >    communicate to a DOTS server.  The telemetry attributes can
> > assist
> > >    the mitigator to choose the DDoS mitigation techniques and
> > perform
> > >    optimal DDoS attack mitigation.
> > >
> > >
> > > The IETF datatracker status page for this draft is:
> > > https://datatracker.ietf.org/doc/draft-ietf-dots-telemetry/
> > >
> > > There are also htmlized versions available at:
> > > https://tools.ietf.org/html/draft-ietf-dots-telemetry-01
> > > https://datatracker.ietf.org/doc/html/draft-ietf-dots-telemetry-01
> > >
> > > A diff from the previous version is available at:
> > > https://www.ietf.org/rfcdiff?url2=draft-ietf-dots-telemetry-01
> > >
> > >
> > > Please note that it may take a couple of minutes from the time of
> > > submission until the htmlized version and diff are available at
> > > tools.ietf.org.
> > >
> > > Internet-Drafts are also available by anonymous FTP at:
> > > ftp://ftp.ietf.org/internet-drafts/
> > >
> > > _______________________________________________
> > > Dots mailing list
> > > Dots@ietf.org
> > > https://www.ietf.org/mailman/listinfo/dots
> >
> > _______________________________________________
> > Dots mailing list
> > Dots@ietf.org
> > https://www.ietf.org/mailman/listinfo/dots
> 
> _______________________________________________
> Dots mailing list
> Dots@ietf.org
> https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email