IETF Logo Mail Archive

Re: [Dots] [core] Large asynchronous notifications under DDoS: New BLOCK Option?

mohamed.boucadair@orange.com Fri, 29 May 2020 13:13 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E7863A083B for <dots@ietfa.amsl.com>; Fri, 29 May 2020 06:13:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4Ax7F6v2u6rH for <dots@ietfa.amsl.com>; Fri, 29 May 2020 06:13:07 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.41]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABF603A0838 for <dots@ietf.org>; Fri, 29 May 2020 06:13:06 -0700 (PDT)
Received: from opfedar01.francetelecom.fr (unknown [xx.xx.xx.2]) by opfedar26.francetelecom.fr (ESMTP service) with ESMTP id 49YQ3j19qtzFqFQ; Fri, 29 May 2020 15:13:05 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1590757985; bh=JeZyiWl6ucbUa+cAEIFAEB6oy/zy2qn0iJ0h57shT4A=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=gq1KWFT1To4nZOvorn1ZsFdVcRtDwpVuZuXOJiJXVFV6W3M4/UmCIENFX/ZP+fo7t bQQM3kZHauZgvPGcTwlAGaRb2T3rBdNXNw/UUt9Lz4isgPIN+JnTrjHphgmK1vloi+ L+hWrlE1E+/VWZZ1V5Chn1dtEpig36f+OUU5SUR0QEYJKw+NPQNF10F+cnYG3C3j1Q kg/cslhGfv9gF/7jbb+zuvWSjKMyv8+syY3sPE48cl+/x5exms7WvrzPlGgrbQ0mCL 5iuMSRDPTukHrA3iGgnB5bFM/6Z7zDj/PbSXJhi/kgNmpVO4JJQe9Ltf8iQjVKYADS DJhk99R2ULSnQ==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.29]) by opfedar01.francetelecom.fr (ESMTP service) with ESMTP id 49YQ3j07cKzBrLT; Fri, 29 May 2020 15:13:05 +0200 (CEST)
From: mohamed.boucadair@orange.com
To: "dots@ietf.org" <dots@ietf.org>
CC: "Jon Shallow (supjps-ietf@jpshallow.com)" <supjps-ietf@jpshallow.com>
Thread-Topic: [core] Large asynchronous notifications under DDoS: New BLOCK Option?
Thread-Index: AQHWNbriZqhi8cEsakucaMkYG0gq7A==
Date: Fri, 29 May 2020 13:13:03 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B9330314D48B4@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <787AE7BB302AE849A7480A190F8B933031490173@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B933031490173@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: multipart/alternative; boundary="_000_787AE7BB302AE849A7480A190F8B9330314D48B4OPEXCAUBMA2corp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/JX0F1YaxX32ZecDErpuzTQm6LS8>
Subject: Re: [Dots] [core] Large asynchronous notifications under DDoS: New BLOCK Option?
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 May 2020 13:13:08 -0000

Hi all,

Please find below an update about this DOTS telemetry issue:


·         A proposal to handle the issue was made: https://tools.ietf.org/html/draft-bosh-core-new-block-00.

·         The core wg dedicated an interim meeting to discuss the proposal (May, 13).

o   The slides presented in the meeting ca be seen here: https://datatracker.ietf.org/meeting/interim-2020-core-04/materials/slides-interim-2020-core-04-sessa-new-coap-block-wise-transfer-options-draft-bosh-core-new-block.

o   The minutes can be seen at: https://datatracker.ietf.org/doc/minutes-interim-2020-core-04-202005131600/.

·         An updated version to address the comments received from the core wg (and especially during the interim) is available at: https://tools.ietf.org/html/draft-bosh-core-new-block-01.

·         The current plan is to avoid adding a normative dependency to the telemetry spec.


We will report back to the WG as appropriate.

Cheers,
Jon & Med

De : core [mailto:core-bounces@ietf.org] De la part de mohamed.boucadair@orange.com
Envoyé : mardi 7 avril 2020 13:11
À : core@ietf.org
Cc : Jon Shallow (supjps-ietf@jpshallow.com); dots@ietf.org
Objet : [core] Large asynchronous notifications under DDoS: New BLOCK Option?

Hi all,

We are using Observe to receive notifications during attack events. These notifications are set as NON messages for reasons specific to DDoS conditions.

With DDoS telemetry information included (see draft-ietf-dots-telemetry), a notification may not fit one single message. The use of BLOCK2 is not convenient during attack times. A full description of the issue is described here: https://mailarchive.ietf.org/arch/msg/dots/Gbtf8bBWpxD9CWNBhS_TZtsWeP4/

We are considering some mechanisms to solve this issue. One of them is to define a new BLOCK option (similar to BLOCK2) that does not require the observer to send a GET to receive the next fragment. The server will send all the fragments. The observer will follow a SACK-like approach to request retransmission of missing fragments.

Please let us know whether you think this is a generic issue that should be solved at the CoAP or not. Suggestions are welcome.

Thank you.

Cheers,
Jon & Med

v2.23.0 | Report a Bug | By Email