Re: [Dots] Telemetry draft: Vendor Specific data reduction
Jon Shallow <supjps-ietf@jpshallow.com> Tue, 28 April 2020 08:29 UTC
Return-Path: <supjps-ietf@jpshallow.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB02A3A0F6F for <dots@ietfa.amsl.com>; Tue, 28 Apr 2020 01:29:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 84HMTVXgJbSh for <dots@ietfa.amsl.com>; Tue, 28 Apr 2020 01:29:28 -0700 (PDT)
Received: from mail.jpshallow.com (mail.jpshallow.com [217.40.240.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04E933A0F68 for <dots@ietf.org>; Tue, 28 Apr 2020 01:29:25 -0700 (PDT)
Received: from mail2.jpshallow.com ([192.168.0.3] helo=N01332) by mail.jpshallow.com with esmtp (Exim 4.92.3) (envelope-from <jon.shallow@jpshallow.com>) id 1jTLcF-0004qN-Q0 for ietf-supjps-dots@ietf.org; Tue, 28 Apr 2020 09:29:20 +0100
From: Jon Shallow <supjps-ietf@jpshallow.com>
To: dots@ietf.org
References: <020a01d61954$64b50320$2e1f0960$@jpshallow.com>
In-Reply-To: <020a01d61954$64b50320$2e1f0960$@jpshallow.com>
Date: Tue, 28 Apr 2020 09:29:27 +0100
Message-ID: <00a301d61d37$219f1990$64dd4cb0$@jpshallow.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_00A4_01D61D3F.83638190"
X-Mailer: Microsoft Outlook 14.0
Content-Language: en-gb
Thread-Index: AQHtT51ggH6aH9X9eXlnZao+3cestKhfzPjg
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/JvFlfd5MtfTDs_P6b-l5I8xoOHE>
Subject: Re: [Dots] Telemetry draft: Vendor Specific data reduction
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Apr 2020 08:29:30 -0000
Hi All, Any thoughts on this data reduction? While it is possible for a Vendor to come up with their own augmented YANG to cover their vendor specifics, it gets problematic when 2 or more Vendor specifics need to be understood by a client or a server. Having a "/vendor-mapping" operation path means that vendor mapping of "attack-id" and "attack-name" can easily be exchanged. If "attack-id" is an integer instead of a string, then "attack-id" could become a Vendor specific set of enums (they do not need to start from 1) based on "id". Regards Jon From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of Jon Shallow Sent: 23 April 2020 10:49 To: dots@ietf.org Subject: [Dots] Telemetry draft: Vendor Specific data reduction Hi All, When passing telemetry attack information back and forth, there are some ways that we need to consider on data reduction, thus reducing the likelihood of having to do Block transfers. My understanding is that there is a one-to-one relationship between "attack-id" and "attack-name". My first suggestion is that the client is able to upload to a server, and the server can download on request, a vendor's mapping of "attack-id" to "attack-name" for the specific vendor "id". Then, whenever there is telemetry information "id" + "attack-id" need to be provided, but much space can be saved by not having to also include "attack-name". Second suggestion is that "attack-id" is an integer instead of a string to again save on space in the telemetry data. Regards Jon
- [Dots] Telemetry draft: Vendor Specific data redu… Jon Shallow
- Re: [Dots] Telemetry draft: Vendor Specific data … Jon Shallow
- Re: [Dots] Telemetry draft: Vendor Specific data … mohamed.boucadair
- Re: [Dots] Telemetry draft: Vendor Specific data … Jon Shallow
- Re: [Dots] Telemetry draft: Vendor Specific data … mohamed.boucadair
- Re: [Dots] Telemetry draft: Vendor Specific data … Jon Shallow
- Re: [Dots] Telemetry draft: Vendor Specific data … mohamed.boucadair
- Re: [Dots] Telemetry draft: Vendor Specific data … Jon Shallow
- Re: [Dots] Telemetry draft: Vendor Specific data … mohamed.boucadair
- Re: [Dots] Telemetry draft: Vendor Specific data … Jon Shallow
- Re: [Dots] Telemetry draft: Vendor Specific data … mohamed.boucadair
- Re: [Dots] Telemetry draft: Vendor Specific data … Jon Shallow
- Re: [Dots] Telemetry draft: Vendor Specific data … mohamed.boucadair