< draft-ietf-dots-use-cases-18.txt | draft-ietf-dots-use-cases-19.txt > | |||
---|---|---|---|---|
skipping to change at page 1, line 20 ¶ | skipping to change at page 1, line 20 ¶ | |||
HTT Consulting | HTT Consulting | |||
N. Teague | N. Teague | |||
Iron Mountain Data Centers | Iron Mountain Data Centers | |||
L. Xia | L. Xia | |||
Huawei | Huawei | |||
K. Nishizuka | K. Nishizuka | |||
NTT Communications | NTT Communications | |||
July 08, 2019 | July 08, 2019 | |||
Use cases for DDoS Open Threat Signaling | Use cases for DDoS Open Threat Signaling | |||
draft-ietf-dots-use-cases-18 | draft-ietf-dots-use-cases-19 | |||
Abstract | Abstract | |||
The DDoS Open Threat Signaling (DOTS) effort is intended to provide | The DDoS Open Threat Signaling (DOTS) effort is intended to provide | |||
protocols to facilitate interoperability across disparate DDoS | protocols to facilitate interoperability across disparate DDoS | |||
mitigation solutions. This document presents sample use cases which | mitigation solutions. This document presents sample use cases which | |||
describe the interactions expected between the DOTS components as | describe the interactions expected between the DOTS components as | |||
well as DOTS messaging exchanges. These use cases are meant to | well as DOTS messaging exchanges. These use cases are meant to | |||
identify the interacting DOTS components, how they collaborate, and | identify the interacting DOTS components, how they collaborate, and | |||
what are the typical information to be exchanged. | what are the typical information to be exchanged. | |||
skipping to change at page 12, line 34 ¶ | skipping to change at page 12, line 34 ¶ | |||
The orchestrator DOTS client is notified that the DDoS Mitigation is | The orchestrator DOTS client is notified that the DDoS Mitigation is | |||
effective by the selected DDoS mitigation systems. The orchestrator | effective by the selected DDoS mitigation systems. The orchestrator | |||
DOTS servers returns back this information to the network | DOTS servers returns back this information to the network | |||
administrator. | administrator. | |||
Similarly, when the DDoS attack has stopped, the orchestrator DOTS | Similarly, when the DDoS attack has stopped, the orchestrator DOTS | |||
client are being notified and the orchestrator's DOTS servers | client are being notified and the orchestrator's DOTS servers | |||
indicate to the DDoS telemetry systems as well as to the network | indicate to the DDoS telemetry systems as well as to the network | |||
administrator the end of the DDoS Mitigation. | administrator the end of the DDoS Mitigation. | |||
In addition to the above DDoS Orchestration, the selected DDoS | ||||
mitigation systems can return back a mitigation request to the | ||||
orchestrator as an offloading. When the DDoS attack becomes severe | ||||
and the DDoS mitigation system's utilization rate reaches its maximum | ||||
capacity, the DDoS mitigation system can send mitigation requests | ||||
with additional hints such as its blocked traffic information to the | ||||
orchestrator. Then the orchestrator can take further actions like | ||||
requesting forwarding nodes such as routers to filter the traffic. | ||||
In this case, the DDoS mitigation system implements a DOTS client | ||||
while the orchestrator implements a DOTS server. | ||||
4. Security Considerations | 4. Security Considerations | |||
The document does not describe any protocol. | The document does not describe any protocol. | |||
DOTS is at risk from three primary attacks: DOTS agent impersonation, | DOTS is at risk from three primary attacks: DOTS agent impersonation, | |||
traffic injection, and signaling blocking. | traffic injection, and signaling blocking. | |||
Impersonation and traffic injection mitigation can be mitigated | Impersonation and traffic injection mitigation can be mitigated | |||
through current secure communications best practices. Preconfigured | through current secure communications best practices. Preconfigured | |||
mitigation steps to take on the loss of keepalive traffic can | mitigation steps to take on the loss of keepalive traffic can | |||
skipping to change at page 13, line 19 ¶ | skipping to change at page 13, line 29 ¶ | |||
6. Acknowledgments | 6. Acknowledgments | |||
The authors would like to thank among others Tirumaleswar Reddy; | The authors would like to thank among others Tirumaleswar Reddy; | |||
Andrew Mortensen; Mohamed Boucadair; Artyom Gavrichenkov; Jon Shallow | Andrew Mortensen; Mohamed Boucadair; Artyom Gavrichenkov; Jon Shallow | |||
the DOTS WG chairs, Roman Danyliw and Tobias Gondrom as well as the | the DOTS WG chairs, Roman Danyliw and Tobias Gondrom as well as the | |||
Security AD Benjamin Kaduk for their valuable feedback. | Security AD Benjamin Kaduk for their valuable feedback. | |||
7. Informative References | 7. Informative References | |||
[I-D.ietf-dots-multihoming] | [I-D.ietf-dots-multihoming] | |||
Boucadair, M. and R. K, "Multi-homing Deployment | Boucadair, M., K, R., and W. Pan, "Multi-homing Deployment | |||
Considerations for Distributed-Denial-of-Service Open | Considerations for Distributed-Denial-of-Service Open | |||
Threat Signaling (DOTS)", draft-ietf-dots-multihoming-01 | Threat Signaling (DOTS)", draft-ietf-dots-multihoming-02 | |||
(work in progress), January 2019. | (work in progress), July 2019. | |||
[RFC8612] Mortensen, A., Reddy, T., and R. Moskowitz, "DDoS Open | [RFC8612] Mortensen, A., Reddy, T., and R. Moskowitz, "DDoS Open | |||
Threat Signaling (DOTS) Requirements", RFC 8612, | Threat Signaling (DOTS) Requirements", RFC 8612, | |||
DOI 10.17487/RFC8612, May 2019, | DOI 10.17487/RFC8612, May 2019, | |||
<https://www.rfc-editor.org/info/rfc8612>. | <https://www.rfc-editor.org/info/rfc8612>. | |||
Authors' Addresses | Authors' Addresses | |||
Roland Dobbins | Roland Dobbins | |||
Arbor Networks | Arbor Networks | |||
End of changes. 4 change blocks. | ||||
4 lines changed or deleted | 15 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |