[Dots] WGLC signal draft: Conflict information conflicts
"Jon Shallow" <supjps-ietf@jpshallow.com> Thu, 16 August 2018 07:23 UTC
Return-Path: <supjps-ietf@jpshallow.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEAB7130EC2 for <dots@ietfa.amsl.com>; Thu, 16 Aug 2018 00:23:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U9gIA6zVG90n for <dots@ietfa.amsl.com>; Thu, 16 Aug 2018 00:23:55 -0700 (PDT)
Received: from mail.jpshallow.com (mail.jpshallow.com [217.40.240.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F8CB1274D0 for <dots@ietf.org>; Thu, 16 Aug 2018 00:23:55 -0700 (PDT)
Received: from [127.0.0.1] (helo=N01332) by mail.jpshallow.com with esmtp (Exim 4.90_1) (envelope-from <jon.shallow@jpshallow.com>) id 1fqCdN-0003ME-FT for ietf-supjps-dots@ietf.org; Thu, 16 Aug 2018 08:23:53 +0100
From: Jon Shallow <supjps-ietf@jpshallow.com>
To: dots@ietf.org
Date: Thu, 16 Aug 2018 08:23:52 +0100
Message-ID: <019701d43532$15826110$40872330$@jpshallow.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0198_01D4353A.77480190"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdQ1MhVo+Ls9fJ86SFKNTBk529RlrQ==
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/Gpk0sAqWo8oPblyPO_4deG941Zk>
Subject: [Dots] WGLC signal draft: Conflict information conflicts
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Aug 2018 07:23:57 -0000
Hi there,
Issue A.
It is undefined as to how to tell the DOTS client that 4.09 conflict for a
"cuid" has occurred as in
4.1.1 Request Mitigation
DOTS servers MUST return 4.09 (Conflict) error code to a DOTS peer
to notify that the 'cuid' is already in-use by another DOTS
client. Upon receipt of that error code, a new 'cuid' MUST be
generated by the DOTS peer.
The DOTS client generates a new "cuid" for every 4.09 ???
I think we need a new conflict status
4: DOTS server has detected the presented 'cuid' is already in use
by another DOTS client. A new 'cuid' needs to be generated.
And text updated
DOTS servers MUST return 4.09 (Conflict) error code to a DOTS peer
to notify that the 'cuid' is already in-use by another DOTS
client, along with a conflict-status of 4. Upon receipt of that error
code and conflict-status, a new 'cuid' MUST be
generated by the DOTS peer.
Issue B.
We have confusion over the use of the word "different" for "different DOTS
client" - this was previously brought up but got lost on the way. The
following is (correctly) for the same client
For example, if the DOTS server receives a mitigation request which
overlaps with an existing mitigation with a higher numeric 'mid', the
DOTS server rejects the request by returning 4.09 (Conflict) to the
DOTS client. The response includes enough information for a DOTS
client to recognize the source of the conflict as described below:
Yet we later have (which really should be corrected)
If the request is conflicting with an existing mitigation request
from a different DOTS client, the DOTS server may return 2.01
(Created) or 4.09 (Conflict) to the requesting DOTS client. If the
DOTS server decides to maintain the new mitigation request, the DOTS
server returns 2.01 (Created) to the requesting DOTS client. If the
DOTS server decides to reject the new mitigation request, the DOTS
server returns 4.09 (Conflict) to the requesting DOTS client. For
both 2.01 (Created) and 4.09 (Conflict) responses, the response
includes enough information for a DOTS client to recognize the source
of the conflict as described below:
conflict-information: Indicates that a mitigation request is
conflicting with another mitigation request(s) from other DOTS
client(s). This optional attribute has the following structure:
conflict-status: Indicates the status of a conflicting mitigation
request. The following values are defined:
1: DOTS server has detected conflicting mitigation requests
from different DOTS clients. This mitigation request is
currently inactive until the conflicts are resolved.
Another mitigation request is active.
2: DOTS server has detected conflicting mitigation requests
from different DOTS clients. This mitigation request is
currently active.
3: DOTS server has detected conflicting mitigation requests
from different DOTS clients. All conflicting mitigation
requests are inactive.
Issue C.
'mid' is missing from the second definition of conflict-scope as in
conflict-scope: Indicates the conflict scope. It may include a
list of IP addresses, a list of prefixes, a list of port
numbers, a list of target protocols, a list of FQDNs, a list of
URIs, a list of alias-names, or references to conflicting ACLs.
Regards
Jon
- [Dots] WGLC signal draft: Conflict information co… Jon Shallow
- Re: [Dots] WGLC signal draft: Conflict informatio… mohamed.boucadair
- Re: [Dots] WGLC signal draft: Conflict informatio… Jon Shallow