Re: [Dots] (draft-ietf-dots-signal-filter-control) ACL Stats issue

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Thu, 25 April 2019 14:13 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D7691200C1 for <dots@ietfa.amsl.com>; Thu, 25 Apr 2019 07:13:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.698
X-Spam-Level:
X-Spam-Status: No, score=0.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, GB_SUMOF=5, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3EXCqMSLhdHx for <dots@ietfa.amsl.com>; Thu, 25 Apr 2019 07:13:29 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4122D1200A3 for <dots@ietf.org>; Thu, 25 Apr 2019 07:13:29 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1556201232; h=From: To:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-antispam-prvs: x-forefront-prvs:x-forefront-antispam-report: received-spf:x-ms-exchange-senderadcheck:x-microsoft-antispam-message-info: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=D bjmNJ0ch1K3A+R+GUnF0P5YqETwT3TWe0V+AL8EZy o=; b=U+6zqcMxLkf79a+/crnKBtCzw70Vy6XMhqjkqzGzeyDd 6Ho57aE6mbgmrvCI1ut8oKTAIhwl+/W/0f06tLIHExWsjELJwk C7i3jQFAN/sgbw9LSGKXk9EGD1rFkov9rDmmprx7jtnCZkAPP0 MNW8dv8u8MveIfcTU9QNhG0kJEQ=
Received: from DNVEXAPP1N06.corpzone.internalzone.com (unknown [10.44.48.90]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 4704_ca4c_e9818a31_df15_406c_94a4_9401a5be4de5; Thu, 25 Apr 2019 08:07:11 -0600
Received: from DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 25 Apr 2019 08:13:02 -0600
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Thu, 25 Apr 2019 08:13:02 -0600
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (10.44.176.242) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 25 Apr 2019 08:13:01 -0600
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2630.namprd16.prod.outlook.com (20.177.227.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1813.16; Thu, 25 Apr 2019 14:13:00 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::4873:7200:9e57:9e62]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::4873:7200:9e57:9e62%5]) with mapi id 15.20.1813.017; Thu, 25 Apr 2019 14:13:00 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, Jon Shallow <supjps-ietf@jpshallow.com>, 'kaname nishizuka' <kaname@nttv6.jp>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] (draft-ietf-dots-signal-filter-control) ACL Stats issue
Thread-Index: AdT6ZmI8uG0f606MQBW+/9uvcTWn6QA3ueOAAAD5v4AAAuISAAACLWCwAASh2bA=
Date: Thu, 25 Apr 2019 14:13:00 +0000
Message-ID: <BYAPR16MB27903D8D208FA3AC951FDEE4EA3D0@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <787AE7BB302AE849A7480A190F8B93302EA649B4@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <c3c9614f-908a-c132-cd35-6c627e341f2b@nttv6.jp> <012601d4fb49$3328c000$997a4000$@jpshallow.com> <BYAPR16MB279020119E24ADCB54B339E3EA3D0@BYAPR16MB2790.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B93302EA6591A@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B93302EA6591A@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [49.37.205.191]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1ab0085b-6fb6-414b-dbcc-08d6c9881fd1
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:BYAPR16MB2630;
x-ms-traffictypediagnostic: BYAPR16MB2630:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <BYAPR16MB2630DA51536FFC02D9A722F0EA3D0@BYAPR16MB2630.namprd16.prod.outlook.com>
x-forefront-prvs: 0018A2705B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(376002)(396003)(346002)(39860400002)(136003)(51444003)(32952001)(13464003)(189003)(199004)(53754006)(26005)(72206003)(66446008)(5660300002)(25786009)(76176011)(76116006)(93886005)(14454004)(486006)(966005)(73956011)(8676002)(3846002)(6506007)(102836004)(53546011)(110136005)(74316002)(478600001)(66066001)(2906002)(99286004)(66946007)(7736002)(9686003)(6306002)(52536014)(64756008)(6116002)(305945005)(81156014)(66556008)(81166006)(53936002)(2501003)(55016002)(6246003)(66476007)(14444005)(80792005)(86362001)(97736004)(6436002)(229853002)(316002)(8936002)(5024004)(11346002)(7696005)(186003)(446003)(476003)(71190400001)(71200400001)(256004)(33656002)(66574012)(68736007)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2630; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: BQd5NhEHvP/GSQbuCH/LlM/cWnu852ZCxOxIGWQh+Fbkr7852m4Zn4a1H9zn2QDbLq+qrqvt+SwIsJkmwTDVkJGoJm92Gb2MNWl809Qe6SfoBYxyMmNbFX8AyQaCpnfcl122M/8KqyrlfzhzuEHlWcbwFrdJaeR3e+q2RL2TSaDSbzTW7HQnrOj/IC8KW18eWarZoYXaVjiE+lnVr3OTgrDm4i7tZeOMtHwH6E9J2TuSTXzfJgIlF5wBYxdanl5ihOANa2viEmgA1EJxijaPzn1AuTq00xnASqkkFbP68nukPsgL4JB/bkfMix0tMN0ptKV7mqFfyouyAI51k0pocO2v0m6GxWEYjKXEcZTGAFnLyK/W725LpcgyZwGknypJIVTrNiZLQGp11iifVjvQoKrXg9ae5giwJwC75FC1Gfw=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 1ab0085b-6fb6-414b-dbcc-08d6c9881fd1
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Apr 2019 14:13:00.4795 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2630
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6533> : inlines <7059> : streams <1819691> : uri <2836924>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/SuRnx4QAmCI6UP_VeWYjzA196SU>
Subject: Re: [Dots] (draft-ietf-dots-signal-filter-control) ACL Stats issue
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Apr 2019 14:13:32 -0000

> -----Original Message-----
> From: mohamed.boucadair@orange.com
> <mohamed.boucadair@orange.com>
> Sent: Thursday, April 25, 2019 5:37 PM
> To: Konda, Tirumaleswar Reddy
> <TirumaleswarReddy_Konda@McAfee.com>om>; Jon Shallow <supjps-
> ietf@jpshallow.com>gt;; 'kaname nishizuka' <kaname@nttv6.jp>jp>;
> dots@ietf.org
> Subject: RE: [Dots] (draft-ietf-dots-signal-filter-control) ACL Stats issue
> 
> 
> 
> Tiru,
> 
> Even if we assume that ACL-specific stats can be communicated via the signal
> channel (which we don't have an agreement on it so far), this is not specific
> to the filter-control spec but the same reasoning would apply for all ACLs
> instructed by the DOTS client (not only those that are adjusted during attack
> times).

My point is, If the ACL is activated using the signal channel, since the ACL is part of the mitigation request, only the activated ACL stats needs to be conveyed in the mitigation status.  Other ACLs activated using data channel are not part of mitigation request, 
so no need to convey their stats using the signal channel.

-Tiru

> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Konda, Tirumaleswar Reddy
> > [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > Envoyé : jeudi 25 avril 2019 13:04
> > À : Jon Shallow; 'kaname nishizuka'; BOUCADAIR Mohamed TGI/OLN;
> > dots@ietf.org Objet : RE: [Dots]
> > (draft-ietf-dots-signal-filter-control) ACL Stats issue
> >
> > > -----Original Message-----
> > > From: Dots <dots-bounces@ietf.org> On Behalf Of Jon Shallow
> > > Sent: Thursday, April 25, 2019 2:58 PM
> > > To: 'kaname nishizuka' <kaname@nttv6.jp>jp>;
> > > mohamed.boucadair@orange.com; dots@ietf.org
> > > Subject: Re: [Dots] (draft-ietf-dots-signal-filter-control) ACL
> > > Stats issue
> > >
> > > This email originated from outside of the organization. Do not click
> > > links
> > or
> > > open attachments unless you recognize the sender and know the
> > > content is safe.
> > >
> > > Hi there,
> > >
> > > The advantage of separating out the counters for the different ACLs
> > > is that the DOTS client can then determine what is being effective or not.
> > However,
> > > if (signal) data is able to get from the DOTS server to the DOTS
> > > client,
> > then it
> > > is likely that the data channel will still be operable and can be
> > > used to
> > get
> > > these numbers so I still do not think that this should be over the
> > > signal channel.
> > >
> > > I think that that the GET response (or observe response) bytes-dropped
> etc.
> > > should be the total dropped - i.e. the sum of the ACls and what the
> > > DMS is otherwise doing as it refers to the mitigation request.
> >
> > If the DOTS server knows the traffic dropped by ACLs and the traffic
> > dropped by DMS, why can't it provide this statistics separately
> > instead of summing it.  If the incoming link is saturated, data
> > channel will not function  but signal channel (using UDP) will work
> > and there is a good possibility that one of the GET responses
> > periodically sent will reach the client (As you already know, DOTS signal
> channel is tolerant to high packet loss in one direction).
> >
> > -Tiru
> >
> > >
> > > Regards
> > >
> > > Jon
> > >
> > > > -----Original Message-----
> > > > From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of kaname
> > > > nishizuka
> > > > Sent: 25 April 2019 10:00
> > > > To: mohamed.boucadair@orange.com; dots@ietf.org
> > > > Subject: Re: [Dots] (draft-ietf-dots-signal-filter-control) ACL
> > > > Stats issue
> > > >
> > > > Hi Med, all,
> > > >
> > > > Regarding with the issue, I'm not convinced of the benefit to
> > > > return the activated ACL statistics over signal-channel.
> > > >
> > > > The idea of this draft is based on this situation (quoted from
> > > > Jon's
> > > > comment):
> > > > (It is) very unreliable when the inbound pipe is running full.  If
> > > > the pipe is not running full, then this information can be
> > > > obtained over the
> > data
> > > channel.
> > > >
> > > > ACL stats can be get over the data-channel. I don't see any reason
> > > > to reproduce the same function.
> > > >
> > > > Further more, I don't think the DOTS server should notify that
> > > > DOTS client with the change by including the corresponding acl-*
> > > > parameters in an asynchronous notification.
> > > > The basic behavior is already written in the draft:
> > > >     This specification does not require any modification to the efficacy
> > > >     update and the withdrawal procedures defined in
> > > >     [I-D.ietf-dots-signal-channel].  In particular, ACL-related clauses
> > > >     are not included in a PUT request used to send an efficacy update and
> > > >     DELETE requests.
> > > >
> > > > If so, the server need not to store any resource about acl-* per
> > > > mitigation request, which make the function of the
> > > > signal-filter-control
> > > simple enough.
> > > >
> > > > thanks,
> > > > Kaname
> > > >
> > > > On 2019/04/24 15:24, mohamed.boucadair@orange.com wrote:
> > > > > Hi all,
> > > > >
> > > > > We do have one pending issue to be resolved for this draft. The
> > > > > issue is
> > > > available at:
> > > > > https://github.com/boucadair/filter-control/issues/1
> > > > >
> > > > > We need your feedback on this.
> > > > >
> > > > > Cheers,
> > > > > Med
> > > > >
> > > > >> -----Message d'origine-----
> > > > >> De : Dots [mailto:dots-bounces@ietf.org] De la part de
> > > > >> internet- drafts@ietf.org Envoyé : mercredi 24 avril 2019 07:34 À :
> > > > >> i-d-announce@ietf.org Cc : dots@ietf.org Objet : [Dots] I-D Action:
> > > > >> draft-ietf-dots-signal-filter-control-00.txt
> > > > >>
> > > > >>
> > > > >> A New Internet-Draft is available from the on-line
> > > > >> Internet-Drafts directories.
> > > > >> This draft is a work item of the DDoS Open Threat Signaling WG
> > > > >> of the
> > > > IETF.
> > > > >>
> > > > >>          Title           : Controlling Filtering Rules Using
> > Distributed
> > > > >> Denial-of-Service Open Threat Signaling (DOTS) Signal Channel
> > > > >>          Authors         : Kaname Nishizuka
> > > > >>                            Mohamed Boucadair
> > > > >>                            Tirumaleswar Reddy
> > > > >>                            Takahiko Nagata
> > > > >> 	Filename        : draft-ietf-dots-signal-filter-control-00.txt
> > > > >> 	Pages           : 23
> > > > >> 	Date            : 2019-04-23
> > > > >>
> > > > >> Abstract:
> > > > >>     This document specifies an extension to the DOTS signal channel
> so
> > > > >>     that DOTS clients can control their filtering rules when an attack
> > > > >>     mitigation is active.
> > > > >>
> > > > >>     Particularly, this extension allows a DOTS client to
> > > > >> activate or
> > de-
> > > > >>     activate existing filtering rules during a DDoS attack.  The
> > > > >>     characterization of these filtering rules is supposed to be
> > conveyed
> > > > >>     by a DOTS client during an idle time by means of the DOTS data
> > > > >>     channel protocol.
> > > > >>
> > > > >> Editorial Note (To be removed by RFC Editor)
> > > > >>
> > > > >>     Please update these statements within the document with the
> RFC
> > > > >>     number to be assigned to this document:
> > > > >>
> > > > >>     o  "This version of this YANG module is part of RFC XXXX;"
> > > > >>
> > > > >>     o  "RFC XXXX: Controlling Filtering Rules Using Distributed
> > Denial-
> > > > >>        of-Service Open Threat Signaling (DOTS) Signal Channel";
> > > > >>
> > > > >>     o  reference: RFC XXXX
> > > > >>
> > > > >>     o  [RFCXXXX]
> > > > >>
> > > > >>     Please update these statements with the RFC number to be
> > > > >> assigned
> > > to
> > > > >>     the following documents:
> > > > >>
> > > > >>     o  "RFC SSSS: Distributed Denial-of-Service Open Threat Signaling
> > > > >>        (DOTS) Signal Channel Specification" (used to be
> > > > >>        [I-D.ietf-dots-signal-channel])
> > > > >>
> > > > >>     o  "RFC DDDD: Distributed Denial-of-Service Open Threat Signaling
> > > > >>        (DOTS) Data Channel Specification" (used to be
> > > > >>        [I-D.ietf-dots-data-channel])
> > > > >>
> > > > >>     Please update the "revision" date of the YANG module.
> > > > >>
> > > > >>
> > > > >> The IETF datatracker status page for this draft is:
> > > > >> https://datatracker.ietf.org/doc/draft-ietf-dots-signal-filter-
> > > > >> cont
> > > > >> rol/
> > > > >>
> > > > >> There are also htmlized versions available at:
> > > > >> https://tools.ietf.org/html/draft-ietf-dots-signal-filter-contr
> > > > >> ol-0
> > > > >> 0
> > > > >> https://datatracker.ietf.org/doc/html/draft-ietf-dots-signal-fi
> > > > >> lter
> > > > >> -control-
> > > > >> 00
> > > > >>
> > > > >>
> > > > >> Please note that it may take a couple of minutes from the time
> > > > >> of
> > > > submission
> > > > >> until the htmlized version and diff are available at tools.ietf.org.
> > > > >>
> > > > >> Internet-Drafts are also available by anonymous FTP at:
> > > > >> ftp://ftp.ietf.org/internet-drafts/
> > > > >>
> > > > >> _______________________________________________
> > > > >> Dots mailing list
> > > > >> Dots@ietf.org
> > > > >> https://www.ietf.org/mailman/listinfo/dots
> > > > > _______________________________________________
> > > > > Dots mailing list
> > > > > Dots@ietf.org
> > > > > https://www.ietf.org/mailman/listinfo/dots
> > > >
> > > > _______________________________________________
> > > > Dots mailing list
> > > > Dots@ietf.org
> > > > https://www.ietf.org/mailman/listinfo/dots
> > >
> > > _______________________________________________
> > > Dots mailing list
> > > Dots@ietf.org
> > > https://www.ietf.org/mailman/listinfo/dots