< draft-ietf-dots-use-cases-18.txt | draft-ietf-dots-use-cases-19.txt > | |||
---|---|---|---|---|
skipping to change at page 10, line 37 ¶ | skipping to change at page 10, line 37 ¶ | |||
using DOTS. The DDoS telemetry system implements a DOTS client while | using DOTS. The DDoS telemetry system implements a DOTS client while | |||
the orchestrator implements a DOTS server. | the orchestrator implements a DOTS server. | |||
The communication between a network administrator and the | The communication between a network administrator and the | |||
orchestrator is also performed using DOTS. The network administrator | orchestrator is also performed using DOTS. The network administrator | |||
uses a web interface which interacts with a DOTS client, while the | uses a web interface which interacts with a DOTS client, while the | |||
orchestrator implements a DOTS server. | orchestrator implements a DOTS server. | |||
The communication between the orchestrator and the DDoS Mitigation | The communication between the orchestrator and the DDoS Mitigation | |||
Systems is performed using DOTS. The orchestrator implements a DOTS | Systems is performed using DOTS. The orchestrator implements a DOTS | |||
client while the DDoS Mitigation Systems implement a DOTS server. | client and a DOTS server while the DDoS Mitigation Systems implement | |||
a client and a DOTS server. | ||||
The configuration aspects of each DDoS Mitigation System, as well as | The configuration aspects of each DDoS Mitigation System, as well as | |||
the instantiations of DDoS mitigation functions or network | the instantiations of DDoS mitigation functions or network | |||
configuration is not part of DOTS. Similarly, the discovery of | configuration is not part of DOTS. Similarly, the discovery of | |||
available DDoS mitigation functions is not part of DOTS; and as such | available DDoS mitigation functions is not part of DOTS; and as such | |||
is out of scope. | is out of scope. | |||
+----------+ | +----------+ | |||
| network |C (Enterprise Network) | | network |C (Enterprise Network) | |||
| adminis |<-+ | | adminis |<-+ | |||
| trator | | | | trator | | | |||
+----------+ | | +----------+ | | |||
| | | | |||
+----------+ | S+--------------+ +-----------+ | +----------+ | S+--------------+ +-----------+ | |||
|telemetry/| +->| |C S| DDoS |+ | |telemetry/| +->| |CS CS| DDoS |+ | |||
|monitoring|<--->| Orchestrator |<--->| mitigation|| | |monitoring|<--->| Orchestrator |<--->| mitigation|| | |||
|systems |C S| |<-+ | systems || | |systems |C S| |<-+ | systems || | |||
+----------+ +--------------+C | +-----------+| | +----------+ +--------------+CS| +-----------+| | |||
| +----------+ | | +----------+ | |||
-----------------------------------|----------------- | -----------------------------------|----------------- | |||
| | | | |||
| | | | |||
(Internet Transit Provider) | | (Internet Transit Provider) | | |||
| +-----------+ | | +-----------+ | |||
| S| DDoS |+ | |CS| DDoS |+ | |||
+->| mitigation|| | +->| mitigation|| | |||
| systems || | | systems || | |||
+-----------+| | +-----------+| | |||
* C is for DOTS client functionality +----------+ | * C is for DOTS client functionality +----------+ | |||
* S is for DOTS server functionality | * S is for DOTS server functionality | |||
Figure 4: DDoS Orchestration | Figure 4: DDoS Orchestration | |||
The DDoS telemetry systems monitor various network traffic and | The DDoS telemetry systems monitor various network traffic and | |||
perform some measurement tasks. | perform some measurement tasks. | |||
skipping to change at page 12, line 27 ¶ | skipping to change at page 12, line 27 ¶ | |||
severity. It may also coordinate the DDoS Mitigation performed by | severity. It may also coordinate the DDoS Mitigation performed by | |||
the DDoS Mitigation Service Provider with some other tasks such as | the DDoS Mitigation Service Provider with some other tasks such as | |||
for example, moving the target to another network so new sessions | for example, moving the target to another network so new sessions | |||
will not be impacted. The orchestrator requests a DDoS Mitigation to | will not be impacted. The orchestrator requests a DDoS Mitigation to | |||
the selected DDoS mitigation systems via its DOTS client, as | the selected DDoS mitigation systems via its DOTS client, as | |||
described in Section 3.1. | described in Section 3.1. | |||
The orchestrator DOTS client is notified that the DDoS Mitigation is | The orchestrator DOTS client is notified that the DDoS Mitigation is | |||
effective by the selected DDoS mitigation systems. The orchestrator | effective by the selected DDoS mitigation systems. The orchestrator | |||
DOTS servers returns back this information to the network | DOTS servers returns back this information to the network | |||
administrator. | administrator. When the DDoS attack become severe and the DDoS | |||
mitigation systems utilization rate reach its maximum capacity, its | ||||
DOTS client can request offloading mitigation with its blocked | ||||
traffic information to the orchestrator DOTS servers. Then the | ||||
orchestrator requests forwarding nodes such as routers to filter the | ||||
traffic. | ||||
Similarly, when the DDoS attack has stopped, the orchestrator DOTS | Similarly, when the DDoS attack has stopped, the orchestrator DOTS | |||
client are being notified and the orchestrator's DOTS servers | client are being notified and the orchestrator's DOTS servers | |||
indicate to the DDoS telemetry systems as well as to the network | indicate to the DDoS telemetry systems as well as to the network | |||
administrator the end of the DDoS Mitigation. | administrator the end of the DDoS Mitigation. | |||
4. Security Considerations | 4. Security Considerations | |||
The document does not describe any protocol. | The document does not describe any protocol. | |||
End of changes. 5 change blocks. | ||||
5 lines changed or deleted | 11 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |