Re: [Dots] WGLC for draft-dots-use-cases-19

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Tue, 06 August 2019 13:08 UTC

Return-Path: <tirumaleswarreddy_konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7356112018E for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 06:08:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nf0Vhg5kV_Yc for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 06:08:05 -0700 (PDT)
Received: from us-smtp-delivery-140.mimecast.com (us-smtp-delivery-140.mimecast.com [63.128.21.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72DBA120182 for <dots@ietf.org>; Tue, 6 Aug 2019 06:08:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=mimecast20190606; t=1565096884; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WtennSg7JHmxUqVw+fLxxhC0lwvP50g3uBkUnz20j60=; b=TosJndT8gBnfyYPakS0sshrEX7cOI7Pj4f9oF39nKAVZ96eOLzJcha2OAzO/xArKfI8IY/ lCy+Ce/xYoPNwsRjfD5UM0h0tJv1sMZxxAKzeC1rFrt4XPnNya9otBs/bRn/1AGFQ8lNOj YyKdVAMAI0tWVLn9K7w6ptEnFAKjw8c=
Received: from MIVWSMAILOUT1.mcafee.com (mivwsmailout1.mcafee.com [161.69.47.167]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-238-b9Xgp4OJM-uql4mVTyaFiQ-1; Tue, 06 Aug 2019 09:08:03 -0400
Received: from DNVEXAPP1N05.corpzone.internalzone.com (DNVEXAPP1N05.corpzone.internalzone.com [10.44.48.89]) by MIVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 7ec2_1cc0_32e1ed55_e725_4fc8_a47e_08aa13e77ea9; Tue, 06 Aug 2019 09:08:44 -0400
Received: from DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 6 Aug 2019 07:07:42 -0600
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Tue, 6 Aug 2019 07:07:42 -0600
Received: from NAM04-CO1-obe.outbound.protection.outlook.com (10.44.176.241) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 6 Aug 2019 07:07:39 -0600
Received: from DM5PR16MB1705.namprd16.prod.outlook.com (10.172.44.147) by DM5PR16MB1482.namprd16.prod.outlook.com (10.173.211.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.17; Tue, 6 Aug 2019 13:07:39 +0000
Received: from DM5PR16MB1705.namprd16.prod.outlook.com ([fe80::532:f001:84e1:55ba]) by DM5PR16MB1705.namprd16.prod.outlook.com ([fe80::532:f001:84e1:55ba%10]) with mapi id 15.20.2136.018; Tue, 6 Aug 2019 13:07:39 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "Valery Smyslov" <valery@smyslov.net>, "dots@ietf.org" <dots@ietf.org>
CC: "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>
Thread-Topic: [Dots] WGLC for draft-dots-use-cases-19
Thread-Index: AdVMHvzhmt/V33ByRr+d368GCi1ExgABDh/gAAA/2oAAAmsFAAAApBygAAFk76AAAGXy8AAALP6QAAB9ubAAA9IiYAABiL4AAABR/TAAAPXKAAAAowWg
Date: Tue, 6 Aug 2019 13:07:39 +0000
Message-ID: <DM5PR16MB17055591ECA5EC49A2947A3EEAD50@DM5PR16MB1705.namprd16.prod.outlook.com>
References: <00b001d54c1f$d57799e0$8066cda0$@smyslov.net> <DM5PR16MB17050571BAD70FACA597FA6CEAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDB17@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB170555606E26709FC5C54AA4EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDBC8@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB17050DF869BABA8B3670DC85EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDC3B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB1705E573DE3E7482115B9FE0EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDC6C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB170551C20908654A0F6428D7EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDDC9@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB1705CBD6DF992D7FB9178B29EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDE6B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B9330312FDE6B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.3.0.17
dlp-reaction: no-action
x-originating-ip: [49.37.202.60]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 47029dda-bf74-43ba-b7be-08d71a6f0f29
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM5PR16MB1482;
x-ms-traffictypediagnostic: DM5PR16MB1482:
x-microsoft-antispam-prvs: <DM5PR16MB1482BB3B3C0FDC4A257EC42EEAD50@DM5PR16MB1482.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0121F24F22
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(136003)(376002)(346002)(396003)(366004)(31014005)(199004)(189003)(32952001)(13464003)(186003)(6436002)(229853002)(86362001)(53936002)(33656002)(81166006)(81156014)(9686003)(8936002)(55016002)(11346002)(52536014)(6246003)(446003)(8676002)(80792005)(26005)(476003)(478600001)(66066001)(30864003)(2501003)(14454004)(102836004)(305945005)(5024004)(14444005)(71200400001)(71190400001)(256004)(76176011)(74316002)(7736002)(7696005)(6116002)(66476007)(2906002)(3846002)(64756008)(316002)(6506007)(66446008)(66946007)(5660300002)(66556008)(4326008)(25786009)(99286004)(66574012)(76116006)(53546011)(486006)(110136005)(68736007)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR16MB1482; H:DM5PR16MB1705.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: GaTld2JbfK7OTsm5XKLGOiJr1PgBnWJU/a5J8RYvTzSlGhDD/weOFS92OTNt44U6kS4jzl+ZfWGwxr7gnPr0DgUOYooTB9kMy/d+riilg1GeOA1DZYwBpuT+6H8zfeFvTu9X9BUAx8bIEo/+3cbIWSGXTdiuuTBm0qAMbRX4bYbpt+8yrG2iVwNszWfSBYONxjP3Xqq2TFVIeJZecQc9wb+WkCsEnMqoS8AiwEqpt3bFQZwkK2OEmJ2gXyv+ydCOS3W5P0CVpwwLDOAoOPYwqnnc1X75tklEx+X6vQWInf5TWCtAwk+7fUVu+yjy4Tg0y60+epLkorCGVLskJQKXH6HsEMlI/X/l4+lJOTmM/U6n0sllg3X0dkLvdEXm7foP4pEdzlA2tIJi0qgLFoB7J4Ts01dvk8HIo2O5JfXgidU=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 47029dda-bf74-43ba-b7be-08d71a6f0f29
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2019 13:07:39.2359 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TirumaleswarReddy_Konda@McAfee.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR16MB1482
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0.1
X-NAI-Spam-Version: 2.3.0.9418 : core <6605> : inlines <7131> : streams <1829528> : uri <2879157>
X-MC-Unique: b9Xgp4OJM-uql4mVTyaFiQ-1
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/IV7mMeucVKEuJzIsiayfeyjoGho>
Subject: Re: [Dots] WGLC for draft-dots-use-cases-19
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Aug 2019 13:08:08 -0000

> -----Original Message-----
> From: mohamed.boucadair@orange.com
> <mohamed.boucadair@orange.com>;
> Sent: Tuesday, August 6, 2019 6:23 PM
> To: Konda, Tirumaleswar Reddy
> <TirumaleswarReddy_Konda@McAfee.com>;; Valery Smyslov
> <valery@smyslov.net>;; dots@ietf.org
> Cc: Xialiang (Frank, Network Standard & Patent Dept)
> <frank.xialiang@huawei.com>;
> Subject: RE: [Dots] WGLC for draft-dots-use-cases-19
> 
> This email originated from outside of the organization. Do not click links or
> open attachments unless you recognize the sender and know the content is
> safe.
> 
> Re-,
> 
> Please see inline.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Konda, Tirumaleswar Reddy
> > [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > Envoyé : mardi 6 août 2019 14:31
> > À : BOUCADAIR Mohamed TGI/OLN; Valery Smyslov; dots@ietf.org Cc :
> > Xialiang (Frank, Network Standard & Patent Dept) Objet : RE: [Dots]
> > WGLC for draft-dots-use-cases-19
> >
> > > -----Original Message-----
> > > From: mohamed.boucadair@orange.com
> > > <mohamed.boucadair@orange.com>;
> > > Sent: Tuesday, August 6, 2019 5:46 PM
> > > To: Konda, Tirumaleswar Reddy
> > > <TirumaleswarReddy_Konda@McAfee.com>;; Valery Smyslov
> > > <valery@smyslov.net>;; dots@ietf.org
> > > Cc: Xialiang (Frank, Network Standard & Patent Dept)
> > > <frank.xialiang@huawei.com>;
> > > Subject: RE: [Dots] WGLC for draft-dots-use-cases-19
> > >
> > >
> > >
> > > Re-,
> > >
> > > Please see inline.
> > >
> > > Cheers,
> > > Med
> > >
> > > > -----Message d'origine-----
> > > > De : Konda, Tirumaleswar Reddy
> > > > [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > > > Envoyé : mardi 6 août 2019 13:52
> > > > À : BOUCADAIR Mohamed TGI/OLN; Valery Smyslov; dots@ietf.org Cc :
> > > > Xialiang (Frank, Network Standard & Patent Dept) Objet : RE:
> > > > [Dots] WGLC for draft-dots-use-cases-19
> > > >
> > > > > -----Original Message-----
> > > > > From: mohamed.boucadair@orange.com
> > > > > <mohamed.boucadair@orange.com>;
> > > > > Sent: Tuesday, August 6, 2019 3:15 PM
> > > > > To: Konda, Tirumaleswar Reddy
> > > > > <TirumaleswarReddy_Konda@McAfee.com>;; Valery Smyslov
> > > > > <valery@smyslov.net>;; dots@ietf.org
> > > > > Cc: Xialiang (Frank, Network Standard & Patent Dept)
> > > > > <frank.xialiang@huawei.com>;
> > > > > Subject: RE: [Dots] WGLC for draft-dots-use-cases-19
> > > > >
> > > > >
> > > > >
> > > > > Re-,
> > > > >
> > > > > Please see inline.
> > > > >
> > > > > Cheers,
> > > > > Med
> > > > >
> > > > > > -----Message d'origine-----
> > > > > > De : Konda, Tirumaleswar Reddy
> > > > > > [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > > > > > Envoyé : mardi 6 août 2019 11:29 À : BOUCADAIR Mohamed
> > > > > > TGI/OLN; Valery Smyslov; dots@ietf.org Cc :
> > > > > > Xialiang (Frank, Network Standard & Patent Dept) Objet : RE:
> > > > > > [Dots] WGLC for draft-dots-use-cases-19
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: mohamed.boucadair@orange.com
> > > > > > > <mohamed.boucadair@orange.com>;
> > > > > > > Sent: Tuesday, August 6, 2019 2:50 PM
> > > > > > > To: Konda, Tirumaleswar Reddy
> > > > > > > <TirumaleswarReddy_Konda@McAfee.com>;; Valery Smyslov
> > > > > > > <valery@smyslov.net>;; dots@ietf.org
> > > > > > > Cc: Xialiang (Frank, Network Standard & Patent Dept)
> > > > > > > <frank.xialiang@huawei.com>;
> > > > > > > Subject: RE: [Dots] WGLC for draft-dots-use-cases-19
> > > > > > >
> > > > > > > This email originated from outside of the organization. Do
> > > > > > > not click
> > > > > > links or
> > > > > > > open attachments unless you recognize the sender and know
> > > > > > > the content is safe.
> > > > > > >
> > > > > > > Re-,
> > > > > > >
> > > > > > > Please see inline.
> > > > > > >
> > > > > > > Cheers,
> > > > > > > Med
> > > > > > >
> > > > > > > > -----Message d'origine----- De : Konda, Tirumaleswar Reddy
> > > > > > > > [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > > > > > > > Envoyé : mardi 6 août 2019 11:15 À : BOUCADAIR Mohamed
> > > > > > > > TGI/OLN; Valery Smyslov; dots@ietf.org Cc :
> > > > > > > > Xialiang (Frank, Network Standard & Patent Dept) Objet : RE:
> > > > > > > > [Dots] WGLC for draft-dots-use-cases-19
> > > > > > > >
> > > > > > > > > -----Original Message-----
> > > > > > > > > From: mohamed.boucadair@orange.com
> > > > > > > > > <mohamed.boucadair@orange.com>;
> > > > > > > > > Sent: Tuesday, August 6, 2019 2:00 PM
> > > > > > > > > To: Konda, Tirumaleswar Reddy
> > > > > > > > > <TirumaleswarReddy_Konda@McAfee.com>;; Valery Smyslov
> > > > > > > > > <valery@smyslov.net>;; dots@ietf.org
> > > > > > > > > Cc: Xialiang (Frank, Network Standard & Patent Dept)
> > > > > > > > > <frank.xialiang@huawei.com>;
> > > > > > > > > Subject: RE: [Dots] WGLC for draft-dots-use-cases-19
> > > > > > > > >
> > > > > > > > > This email originated from outside of the organization.
> > > > > > > > > Do not click
> > > > > > > > links or
> > > > > > > > > open attachments unless you recognize the sender and
> > > > > > > > > know the content is safe.
> > > > > > > > >
> > > > > > > > > Re-,
> > > > > > > > >
> > > > > > > > > Please see inline.
> > > > > > > > >
> > > > > > > > > Cheers,
> > > > > > > > > Med
> > > > > > > > >
> > > > > > > > > > -----Message d'origine----- De : Konda, Tirumaleswar
> > > > > > > > > > Reddy [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > > > > > > > > > Envoyé : mardi 6 août 2019 10:14 À : BOUCADAIR Mohamed
> > > > > > > > > > TGI/OLN; Valery Smyslov; dots@ietf.org Cc :
> > > > > > > > > > Xialiang (Frank, Network Standard & Patent Dept) Objet :
> > RE:
> > > > > > > > > > [Dots] WGLC for draft-dots-use-cases-19
> > > > > > > > > >
> > > > > > > > > > Hi Med,
> > > > > > > > > >
> > > > > > > > > > No, the orchestrator is not ignoring the mitigation hints.
> > > > > > > > >
> > > > > > > > > [Med] Why? The text is clear the orchestrator acts as
> > > > > > > > > DOTS
> > > > server.
> > > > > > > > > As
> > > > > > > > such, it
> > > > > > > > > can ignore/accept hints.
> > > > > > > > >
> > > > > > > > >  It is sending
> > > > > > > > > > filtering rules to block or rate-limit traffic to
> > > > > > > > > > routers (last but one line in the new paragraph).
> > > > > > > > >
> > > > > > > > > [Med] Yes. That filtering rule is that would be applied
> > > > > > > > > by the DMS if it
> > > > > > > > has
> > > > > > > > > sufficient resources.
> > > > > > > > >
> > > > > > > > >  The adverse impact is legitimate users whose
> > > > > > > > > > IP addresses were spoofed cannot access the services
> > > > > > > > > > of the target server.
> > > > > > > > >
> > > > > > > > > [Med] This is a check at the DMS side. This check
> > > > > > > > > applies independently
> > > > > > > > of **
> > > > > > > > > where ** the filters are applied. This is not specific
> > > > > > > > > to this NEW
> > > > > > text.
> > > > > > > >
> > > > > > > > If the orchestrator is sending filtering rules to block
> > > > > > > > traffic, checks are required to ensure spoofed IP address
> > > > > > > > are not conveyed by
> > > > > > the
> > > > > > > DMS.
> > > > > > >
> > > > > > > [Med] Yes, but the current text describes the case where the
> > > > > > > DMS
> > > > > > supplies
> > > > > > > "its blocked traffic information":
> > > > > > >
> > > > > > >   the DDoS mitigation system can send mitigation requests
> > > > > > >   with additional hints such as its blocked traffic
> > > > > > > information to
> > > > the
> > > > > > >                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^
> > > > > > >   orchestrator.
> > > > > > >
> > > > > > > So, the DMS has already done that check.
> > > > > >
> > > > > > The blocked traffic information will include attack traffic
> > > > > > from both spoofed and attacker IP addresses.
> > > > > >
> > > > >
> > > > > [Med] If you are saying that there is an issue if the DMS does
> > > > > not
> > > > check, you
> > > > > are right. But, again, this is not specific to the NEW text.
> > > > > This is a
> > > > general
> > > > > problem (that is outside DOTS, BTW).
> > > >
> > > > No, DMS will anyway check and try not block legitimate traffic
> > > > from users whose IP addresses have been spoofed.
> > > >
> > >
> > > [Med] What I'm saying is that the DMS will then follow the same
> > > logic
> > when
> > > providing the hints to the orchestrator.
> >
> > No, the hints should include both spoofed and non-spoofed IP addresses
> > used to attack the target.
> >
> 
> [Med] Why? A DMS may decide to offload only filtering rules its checked.
> 
> Even if we assume that the check is at the orchestrator side, this is not a new
> threat vector.
> 
> > >
> > > > >
> > > > >
> > > > > > >
> > > > > > >  If
> > > > > > > > the orchestrator delegates the mitigation to a separate
> > > > > > > > domain (recursive signaling), the attack information
> > > > > > > > provided by DMS can include spoofed IP addresses (so the
> > > > > > > > new mitigator in the separate domain learns the attack
> > > > > > > > traffic is coming from spoofed IP
> > > > addresses).
> > > > > > >
> > > > > > > [Med] This is not specific to this case, but applies each
> > > > > > > time there is
> > > > > > recursive
> > > > > > > signaling.
> > > > > >
> > > > > > My comment is to using the attack information of spoofed IP
> > > > > > addresses to filter traffic would penalize legitimate users,
> > > > > > and the text is not clear me. I suggest adding a line for
> > > > > > clarity, DMS may supply both spoofed and attacker IP addresses
> > > > > > in the attack information to the orchestrator. The
> > > > > > orchestrator will only use the non-spoofed IP addresses to
> > > > > > enforce filtering rules on
> > routers.
> > > > >
> > > > > [Med] I was assuming this is already done by the DMS to generate
> > > > > "its blocked traffic information", but if you prefer the text to
> > > > > be explicit,
> > > > it will
> > > > > need to be generic:
> > > > >
> > > > > the check is not specific to the NEW text but applies also in
> > > > > the
> > > > general DMS
> > > > > case (without offloading).
> > > >
> > > > When DMS generates the attack traffic information it should
> > > > include both spoofed and attacker IP addresses (tagged with
> > > > whether the IP address is spoofed or not).
> > >
> > > [Med] Why it should not check?
> >
> > It checks and includes both type of IP addresses.
> 
> [Med] Why it has to include both if it has done the check?
> 
> >
> > >
> > > If the orchestrator is delegating the mitigation to a
> > > > separate domain, it can propagate the attack information so the
> > > > mitigator in the separate domain has knowledge that the attacker
> > > > is using spoofed IP addresses and the mitigator can optionally use
> > > > the attack information to determine the mitigation strategy.
> > >
> > > [Med] The recursive case is not covered in the current text. I don't
> > think we
> > > need to elaborate on this further.
> >
> > I don't understand why recursive case should be excluded in the
> > current text ?
> 
> [Med] Because the use-case draft does not cover this: It only covers the case
> of an orchestrator talking to local routers.

My question is why shouldn't the use case draft cover this ?

> 
> >
> > >
> > >  However If orchestrator is enforcing
> > > > filtering rules on routers, it should create the black-list rules
> > > > based on the non-spoofed attacker IP address and not use the
> > > > spoofed victim IP addresses.
> > > >
> > >
> > > [Med] Agree. Whether the check is done at the orchestrator or by the
> > DMS,
> > > is not a new concern. The DMS has to proceed with these checks, anyway.
> > I
> > > fail to see what is NEW and SPECIFIC to the offload scenario.
> >
> > In this case the check has to be done by orchestrator when enforcing
> > black-list rules not to penalize the spoofed victim IP addresses and
> > should be discussed in the new use case.
> 
> [Med] This requirement has to be followed by the DMS, anyway. This is not a
> new issue, Tiru.

No, sending attack information to the DOTS server is not covered in any of the WG documents.

> 
>  I don't see any other use case in
> > the specification discussing offload scenario with propagating the
> > attack information and I recommend updating the text discussing the
> > above scenarios.
> 
> [Med] We don't have a similar text for the DMS case because mitigation is
> out of scope. I'm expecting to follow the some rationale for the offload.

If mitigation is out of scope, remove the following line:
Then the orchestrator can take further actions like requesting forwarding nodes such as routers to filter the traffic.

-Tiru

> 
> >
> > Cheers,
> > -Tiru