| < draft-ietf-dots-use-cases-18.txt | draft-ietf-dots-use-cases-19.txt > | |||
|---|---|---|---|---|
| skipping to change at page 10, line 37 ¶ | skipping to change at page 10, line 37 ¶ | |||
| using DOTS. The DDoS telemetry system implements a DOTS client while | using DOTS. The DDoS telemetry system implements a DOTS client while | |||
| the orchestrator implements a DOTS server. | the orchestrator implements a DOTS server. | |||
| The communication between a network administrator and the | The communication between a network administrator and the | |||
| orchestrator is also performed using DOTS. The network administrator | orchestrator is also performed using DOTS. The network administrator | |||
| uses a web interface which interacts with a DOTS client, while the | uses a web interface which interacts with a DOTS client, while the | |||
| orchestrator implements a DOTS server. | orchestrator implements a DOTS server. | |||
| The communication between the orchestrator and the DDoS Mitigation | The communication between the orchestrator and the DDoS Mitigation | |||
| Systems is performed using DOTS. The orchestrator implements a DOTS | Systems is performed using DOTS. The orchestrator implements a DOTS | |||
| client while the DDoS Mitigation Systems implement a DOTS server. | client and a DOTS server while the DDoS Mitigation Systems implement | |||
| a client and a DOTS server. | ||||
| The configuration aspects of each DDoS Mitigation System, as well as | The configuration aspects of each DDoS Mitigation System, as well as | |||
| the instantiations of DDoS mitigation functions or network | the instantiations of DDoS mitigation functions or network | |||
| configuration is not part of DOTS. Similarly, the discovery of | configuration is not part of DOTS. Similarly, the discovery of | |||
| available DDoS mitigation functions is not part of DOTS; and as such | available DDoS mitigation functions is not part of DOTS; and as such | |||
| is out of scope. | is out of scope. | |||
| +----------+ | +----------+ | |||
| | network |C (Enterprise Network) | | network |C (Enterprise Network) | |||
| | adminis |<-+ | | adminis |<-+ | |||
| | trator | | | | trator | | | |||
| +----------+ | | +----------+ | | |||
| | | | | |||
| +----------+ | S+--------------+ +-----------+ | +----------+ | S+--------------+ +-----------+ | |||
| |telemetry/| +->| |C S| DDoS |+ | |telemetry/| +->| |CS CS| DDoS |+ | |||
| |monitoring|<--->| Orchestrator |<--->| mitigation|| | |monitoring|<--->| Orchestrator |<--->| mitigation|| | |||
| |systems |C S| |<-+ | systems || | |systems |C S| |<-+ | systems || | |||
| +----------+ +--------------+C | +-----------+| | +----------+ +--------------+CS| +-----------+| | |||
| | +----------+ | | +----------+ | |||
| -----------------------------------|----------------- | -----------------------------------|----------------- | |||
| | | | | |||
| | | | | |||
| (Internet Transit Provider) | | (Internet Transit Provider) | | |||
| | +-----------+ | | +-----------+ | |||
| | S| DDoS |+ | |CS| DDoS |+ | |||
| +->| mitigation|| | +->| mitigation|| | |||
| | systems || | | systems || | |||
| +-----------+| | +-----------+| | |||
| * C is for DOTS client functionality +----------+ | * C is for DOTS client functionality +----------+ | |||
| * S is for DOTS server functionality | * S is for DOTS server functionality | |||
| Figure 4: DDoS Orchestration | Figure 4: DDoS Orchestration | |||
| The DDoS telemetry systems monitor various network traffic and | The DDoS telemetry systems monitor various network traffic and | |||
| perform some measurement tasks. | perform some measurement tasks. | |||
| skipping to change at page 12, line 27 ¶ | skipping to change at page 12, line 27 ¶ | |||
| severity. It may also coordinate the DDoS Mitigation performed by | severity. It may also coordinate the DDoS Mitigation performed by | |||
| the DDoS Mitigation Service Provider with some other tasks such as | the DDoS Mitigation Service Provider with some other tasks such as | |||
| for example, moving the target to another network so new sessions | for example, moving the target to another network so new sessions | |||
| will not be impacted. The orchestrator requests a DDoS Mitigation to | will not be impacted. The orchestrator requests a DDoS Mitigation to | |||
| the selected DDoS mitigation systems via its DOTS client, as | the selected DDoS mitigation systems via its DOTS client, as | |||
| described in Section 3.1. | described in Section 3.1. | |||
| The orchestrator DOTS client is notified that the DDoS Mitigation is | The orchestrator DOTS client is notified that the DDoS Mitigation is | |||
| effective by the selected DDoS mitigation systems. The orchestrator | effective by the selected DDoS mitigation systems. The orchestrator | |||
| DOTS servers returns back this information to the network | DOTS servers returns back this information to the network | |||
| administrator. | administrator. When the DDoS attack become severe and the DDoS | |||
| mitigation systems utilization rate reach its maximum capacity, its | ||||
| DOTS client can request offloading mitigation with its blocked | ||||
| traffic information to the orchestrator DOTS servers. Then the | ||||
| orchestrator requests forwarding nodes such as routers to filter the | ||||
| traffic. | ||||
| Similarly, when the DDoS attack has stopped, the orchestrator DOTS | Similarly, when the DDoS attack has stopped, the orchestrator DOTS | |||
| client are being notified and the orchestrator's DOTS servers | client are being notified and the orchestrator's DOTS servers | |||
| indicate to the DDoS telemetry systems as well as to the network | indicate to the DDoS telemetry systems as well as to the network | |||
| administrator the end of the DDoS Mitigation. | administrator the end of the DDoS Mitigation. | |||
| 4. Security Considerations | 4. Security Considerations | |||
| The document does not describe any protocol. | The document does not describe any protocol. | |||
| End of changes. 5 change blocks. | ||||
| 5 lines changed or deleted | 11 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||