Re: [Dots] Improve controllability and predictability of keepalives
"Valery Smyslov" <smyslov.ietf@gmail.com> Wed, 20 November 2019 07:14 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07551120843 for <dots@ietfa.amsl.com>; Tue, 19 Nov 2019 23:14:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VICuHpRa-HLg for <dots@ietfa.amsl.com>; Tue, 19 Nov 2019 23:14:27 -0800 (PST)
Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com [IPv6:2607:f8b0:4864:20::102f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFE3012083B for <dots@ietf.org>; Tue, 19 Nov 2019 23:14:27 -0800 (PST)
Received: by mail-pj1-x102f.google.com with SMTP id w8so3745392pjh.11 for <dots@ietf.org>; Tue, 19 Nov 2019 23:14:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:references:in-reply-to:subject:date:message-id :mime-version:content-transfer-encoding:thread-index :content-language; bh=Vm1VVXXSla3Dk/xLDFEjZ1uIgnypctHkNphnvXmoaUE=; b=SOB3ccHsTIGBNZpCWfgCiAHCQf92CdckHyeD3coGoV6eSETBZdblBYRbsm5NDeR1hc YNxaZkI/ggf76gZVWOERq0cgxuKHkOXrZJlFje/ybzLVx8wwkiC/D/MyMDaZZR31oy3z jWNBO+iAYqfx/3ytvJuUiT7JIbLxOTEIyXRDP/KW0KMc6Manyqes+DbKxzvbAjeHLyhK xMSsqMBTnCVJZc2I/O9NIAkX/QUezXO1ngh5KRoSM5BWpMqF9Jn+nvz1bD6SIFPmN23B Li+VhIydIyxnqmm1Wf+4rH1Mdf+ToSSPo6UQP7mZimymqMI5B1cNGJlpSQIjSXqdAd+d 3uGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=Vm1VVXXSla3Dk/xLDFEjZ1uIgnypctHkNphnvXmoaUE=; b=btBNtSGkw5+B50lKhbc1bOnhNnNnXDp8QbiZdWu6rAYWHfeIDbjU7+4ixvJ+eGiqCo qHUSjCytRaE5sR+gNMyAl4XZOVxftcf0nlxXEUghb8BsBmvzWo8p9QWReWai6F2Ry4Ib b+/xsbvTjbZY4lHjROphjKutsYYwONh/zwgIKAehBgpq54CE2EAiVsMmEwvacnV4HMM9 OyTJ6EMOwUBou7jdvuGw783kk381U+IWjVSHFn9UparVCYkIhTYgPrgMh5Y0lDFbfkk4 S6PE9xC8ei7yenHLdwpW2UMbjIaOFozequlkHO4JGnYJs+c8IOrguN+aUsml9l/HgZ7w OHwA==
X-Gm-Message-State: APjAAAWJT01+3tYDRcY4QT2ORzz+r2colz/7bsn92yDYIbyQjbj4irAr He0RUFPVRYcSl0UMQss4rpk=
X-Google-Smtp-Source: APXvYqwrAny/YK1mrvHFCWPnXg6NBIxhKtl2XxAkgpGXC8nD8vsKBRZbdKNFXR1r36RvYm2rAwlXIQ==
X-Received: by 2002:a17:90a:4d8f:: with SMTP id m15mr2262889pjh.71.1574234067137; Tue, 19 Nov 2019 23:14:27 -0800 (PST)
Received: from svannotebook ([2001:67c:370:128:4178:fd98:6553:ab5c]) by smtp.gmail.com with ESMTPSA id h22sm124207pgn.78.2019.11.19.23.14.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 19 Nov 2019 23:14:26 -0800 (PST)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Carsten Bormann' <cabo@tzi.org>, mohamed.boucadair@orange.com
Cc: dots@ietf.org
References: <787AE7BB302AE849A7480A190F8B9330313624A5@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <18CFEB6A-81B8-44A4-B749-DB1689E0B442@tzi.org> <787AE7BB302AE849A7480A190F8B933031362BF5@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <787AE7BB302AE849A7480A190F8B9330313D3421@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <8E353427-9380-44CF-B151-63DB0106BFCA@tzi.org> <787AE7BB302AE849A7480A190F8B9330313D89A8@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <BA7D4C74-73BF-4B7A-B211-01B20993E251@tzi.org> <787AE7BB302AE849A7480A190F8B9330313DAD87@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <0BA3CB18-4B5D-4EC8-8FD1-29EB3AF4D556@tzi.org>
In-Reply-To: <0BA3CB18-4B5D-4EC8-8FD1-29EB3AF4D556@tzi.org>
Date: Wed, 20 Nov 2019 10:14:24 +0300
Message-ID: <04cd01d59f72$247dccd0$6d796670$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIXJOzvn3dYVWTeGBcCCuWDuiWx2wLj5trtAjzT8xUDJvXgVgJoQV/BAd5++hoB8NKz5AKuALAoAZH4iNKmeqA/YA==
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/Z4gaXEQI8XeIN34b_15SnhyzmZE>
Subject: Re: [Dots] Improve controllability and predictability of keepalives
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2019 07:14:30 -0000
Thank you, Carsten! Regards, Valery. > Thank you. > > I think my concerns are addressed. > > Grüße, Carsten > > > > On Nov 20, 2019, at 14:50, <mohamed.boucadair@orange.com> > <mohamed.boucadair@orange.com> wrote: > > > > Hi Carsten, > > > > Please see inline. > > > > Cheers, > > Med > > > >> -----Message d'origine----- > >> De : Carsten Bormann [mailto:cabo@tzi.org] Envoyé : mercredi 20 > >> novembre 2019 07:20 À : BOUCADAIR Mohamed TGI/OLN Cc : > dots@ietf.org > >> Objet : Re: Improve controllability and predictability of keepalives > >> > >>>> Thank you. > >>>> I still have a few questions, but I think this looks very good. > >>>> > >>>> 4.4 says: > >>>> Mitigation requests MUST NOT be delayed > >>>> because of other congestion control checks. > >>>> What might those be? > >>> > >>> [Med] A too low probing rate for example as indicated in the > >>> sentence > >> right after that excerpt. There is a risk that mitigation requests > >> are delayed (or that heartbeats are not sent which may lead to > >> session liveness checks). > >>> > >>> > >>>> (You don’t want to be in a situation where you send a ton of > >>>> mitigation requests that are mostly dropped at the tail of a > >>>> queue.) > >>>> > >>> > >>> [Med] Yes, we don't that. The authoritative rule is as follows: > >>> > >>> Requests marked by the DOTS client as Non-confirmable messages are > >>> sent at regular intervals until a response is received from the DOTS > >>> server. If the DOTS client cannot maintain an RTT estimate, it MUST > >>> NOT send more than one Non-confirmable request every 3 seconds, and > >>> SHOULD use an even less aggressive rate whenever possible (case 2 in > >>> Section 3.1.3 of [RFC8085]). > >> > >> And if it can? > > > > [Med] It does the following: > > > > DOTS agents MUST NOT send more than one UDP datagram per round-trip > > time (RTT) to the peer DOTS agent on average ... > > > >> > >>> > >>> > >>>> Before Figure 27, it says: > >>>> > >>>> The PUT request used for DOTS heartbeat MUST NOT have a > >>>> 'cuid', 'cdid,' or 'mid' Uri-Path. Such PUT requests MUST NOT > >>>> be > >>>> > >>>> relayed by DOTS gateways. > >>>> > >>>> Why? (And what should the DOTS gateways do instead?) > >>> > >>> [Med] Session loss detect and recovery is local to an agent and its > >> immediate peer. Heartbeats are thus not relayed. > >> > >> Ah, I was confused. > >> Where is “DOTS gateway” defined? > > > > [Med] It is defined in draft-ietf-dots-architecture-14#section-2.2.3: > > > > ===== > > Traditional client/server relationships may be expanded by chaining > > DOTS sessions. This chaining is enabled through "logical > > concatenation" of a DOTS server and a DOTS client. > > > > A DOTS gateway may be deployed client-side, server-side or both. The > > gateway may terminate multiple discrete client connections and may > > aggregate these into a single or multiple DOTS sessions. > > > > The DOTS gateway will appear as a server to its downstream agents and > > as a client to its upstream agents, a functional concatenation of the > > DOTS client and server roles, as depicted in Figure 4: > > > > +-------------+ > > | | D | | > > +----+ | | O | | +----+ > > | c1 |----------| s1 | T | c2 |---------| s2 | > > +----+ | | S | | +----+ > > | | G | | > > +-------------+ ====== > > > >> I’m assuming this is not like a CoAP Proxy? > >> It would need to expose the equivalent to /hb. > > > > [Med] Yes, nevertheless the client does not need to assess the end-to-end > connection, but only the one it uses to place its mitigation requests (it is not > even aware about the existence of the ultimate server). Likewise, the server > domain (includes both gw and server) does only need to assess if it can reach > out a client to trigger. > > > >> > >>> We can update as follows: > >>> > >>> "This procedure occurs between a DOTS agent and its immediate peer > >>> DOTS > >> agent. As such, this GET request MUST NOT be relayed by a DOTS > >> gateway. The PUT request used for DOTS heartbeat MUST NOT have a > >> ‘cuid', 'cdid,' or 'mid' Uri-Path." > >> > >> This doesn’t quite address the above, though. > >> > >> Grüße, Carsten > > _______________________________________________ > Dots mailing list > Dots@ietf.org > https://www.ietf.org/mailman/listinfo/dots
- [Dots] Improve controllability and predictability… mohamed.boucadair
- Re: [Dots] Improve controllability and predictabi… Carsten Bormann
- Re: [Dots] Improve controllability and predictabi… mohamed.boucadair
- Re: [Dots] Improve controllability and predictabi… mohamed.boucadair
- Re: [Dots] Improve controllability and predictabi… Carsten Bormann
- Re: [Dots] Improve controllability and predictabi… Carsten Bormann
- Re: [Dots] Improve controllability and predictabi… mohamed.boucadair
- Re: [Dots] Improve controllability and predictabi… Carsten Bormann
- Re: [Dots] Improve controllability and predictabi… mohamed.boucadair
- Re: [Dots] Improve controllability and predictabi… Carsten Bormann
- Re: [Dots] Improve controllability and predictabi… mohamed.boucadair
- Re: [Dots] Improve controllability and predictabi… Valery Smyslov