IETF Logo Mail Archive

Re: [Dots] WGLC Signal: mid=123 then overlapping mid=122

<mohamed.boucadair@orange.com> Mon, 06 August 2018 08:20 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B66D129619 for <dots@ietfa.amsl.com>; Mon, 6 Aug 2018 01:20:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FwBjjXt1G6lU for <dots@ietfa.amsl.com>; Mon, 6 Aug 2018 01:20:30 -0700 (PDT)
Received: from orange.com (mta135.mail.business.static.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F705127598 for <dots@ietf.org>; Mon, 6 Aug 2018 01:20:30 -0700 (PDT)
Received: from opfednr06.francetelecom.fr (unknown [xx.xx.xx.70]) by opfednr26.francetelecom.fr (ESMTP service) with ESMTP id 41kVvc4PxSz129f; Mon, 6 Aug 2018 10:20:28 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown [xx.xx.31.33]) by opfednr06.francetelecom.fr (ESMTP service) with ESMTP id 41kVvc3P7YzDq8P; Mon, 6 Aug 2018 10:20:28 +0200 (CEST)
Received: from OPEXCLILMA3.corporate.adroot.infra.ftgroup ([fe80::60a9:abc3:86e6:2541]) by OPEXCLILM42.corporate.adroot.infra.ftgroup ([fe80::d5fd:9c7d:2ee3:39d9%19]) with mapi id 14.03.0399.000; Mon, 6 Aug 2018 10:20:28 +0200
From: mohamed.boucadair@orange.com
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>, Jon Shallow <supjps-ietf@jpshallow.com>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] WGLC Signal: mid=123 then overlapping mid=122
Thread-Index: AdQr6majIfwWOMkbRY6FrlC5ZlsRJAAGczgwAFWwpgAAAFvLMAAAPPHw
Date: Mon, 06 Aug 2018 08:20:28 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93302DF7074F@OPEXCLILMA3.corporate.adroot.infra.ftgroup>
References: <05de01d42bea$66b4bed0$341e3c70$@jpshallow.com> <BN6PR16MB1425F9B6326B79073BD73710EA200@BN6PR16MB1425.namprd16.prod.outlook.com> <070401d42d5a$f62651c0$e272f540$@jpshallow.com> <BN6PR16MB1425CAAC2CBB3632DE54BEFEEA200@BN6PR16MB1425.namprd16.prod.outlook.com>
In-Reply-To: <BN6PR16MB1425CAAC2CBB3632DE54BEFEEA200@BN6PR16MB1425.namprd16.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.168.234.6]
Content-Type: multipart/alternative; boundary="_000_787AE7BB302AE849A7480A190F8B93302DF7074FOPEXCLILMA3corp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/RfY-U3gAd2Z3LS0ai0JrkLpqXIY>
Subject: Re: [Dots] WGLC Signal: mid=123 then overlapping mid=122
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Aug 2018 08:20:32 -0000

Re-,

Trying to conclude on this one:

NEW:


   For example, if the DOTS server receives a mitigation request which

   overlaps with an existing mitigation with a higher numeric 'mid', the

   DOTS server rejects the request by returning 4.09 (Conflict) to the

   DOTS client.  The response includes enough information for a DOTS

   client to recognize the source of the conflict as described below:



   conflict-information:  Indicates that a mitigation request is

      conflicting with another mitigation request.  This optional

      attribute has the following structure:



      conflict-cause:  Indicates the cause of the conflict.  The

         following values are defined:



         1:  Overlapping targets. 'conflict-scope' provides more details

             about the conflicting target clauses.



      conflict-scope:  Indicates the conflict scope.  It may include a

         list of IP addresses, a list of prefixes, a list of port

         numbers, a list of target protocols, a list of FQDNs, a list of

         URIs, a list of alias-names, or a 'mid'.

(the YANG module will be updated accordingly).

Cheers,
Med

De : Dots [mailto:dots-bounces@ietf.org] De la part de Konda, Tirumaleswar Reddy
Envoyé : lundi 6 août 2018 10:11
À : Jon Shallow; dots@ietf.org
Objet : Re: [Dots] WGLC Signal: mid=123 then overlapping mid=122

Inline [TR1]

From: Jon Shallow <supjps-ietf@jpshallow.com>
Sent: Monday, August 6, 2018 1:26 PM
To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>; dots@ietf.org
Subject: RE: [Dots] WGLC Signal: mid=123 then overlapping mid=122


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.


________________________________
Hi Tiru,

Please see inline Jon>

Regards

Jon

From: Dots [mailto: dots-bounces@ietf.org<mailto:dots-bounces@ietf.org>] On Behalf Of Konda, Tirumaleswar Reddy
Sent: 06 August 2018 04:08
To: Jon Shallow; dots@ietf.org<mailto:dots@ietf.org>
Subject: Re: [Dots] WGLC Signal: mid=123 then overlapping mid=122

Hi Jon,

Please see inline [TR]

From: Dots <dots-bounces@ietf.org<mailto:dots-bounces@ietf.org>> On Behalf Of Jon Shallow
Sent: Saturday, August 4, 2018 5:28 PM
To: dots@ietf.org<mailto:dots@ietf.org>
Subject: [Dots] WGLC Signal: mid=123 then overlapping mid=122


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.


________________________________
Hi there,

What happens when we receive mid=123, followed by mid=122 that overlaps mid=123?

Do we put mid=122 into an active-but-terminating state?
- state 5 is not really correct here as per the description

[TR] In the previous threads we have already discussed to add new conflict-status for conflicting mitigation requests from the same DOTS client (e.g. conflict-status MSB set to 1 means conflict from different DOTS clients, MSB set to 0 means conflict from the same DOTS client).
Jon> I may have blinked, but do not recall this particular discussion about using MSB and therefor needs to get into the draft.  An alternative is to have a different variable for same/different DOTS client.

[TR1] Both options look okay, I like the MSB approach ☺

-Tiru

The mitigation request with mid=122 will be rejected with 4.09 conflict. I don’t get your comment, why put mid=122 into active-but-terminating state ?
Jon> This potential option of what to return was written before we focused in on the single case for active-but-terminating.

Do we return 4.09 conflict with an appropriate (perhaps new) conflict-status ?

[TR] Yes

- my preference, but this is not said anywhere I can find

[TR] we will update the draft.
Jon> Thanks

- should conflict-scope also include the ‘mid’ in the list (YANG)?

[TR] Yes, including mid can help troubleshooting.
Jon> Please include it in the draft.
~Jon

Do we return 4.00 (bad request)?

[TR] No.

-Tiru

- I do not really like this one as there is no indication as to why – especially of there was an out of sequence packet arrival at the DOTS server.

Regards

Jon

v2.23.0 | Report a Bug | By Email