Re: [Dots] draft-h-dots-mitigation-offload-expansion-00: Reasons why we want to standardize between DMS and orchestrator using DOTS
Yuhei Hayashi <hayashi.yuhei@lab.ntt.co.jp> Wed, 12 December 2018 10:12 UTC
Return-Path: <hayashi.yuhei@lab.ntt.co.jp>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69FC412777C for <dots@ietfa.amsl.com>; Wed, 12 Dec 2018 02:12:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SRK3w-X-BExD for <dots@ietfa.amsl.com>; Wed, 12 Dec 2018 02:12:28 -0800 (PST)
Received: from tama500.ecl.ntt.co.jp (tama500.ecl.ntt.co.jp [129.60.39.148]) by ietfa.amsl.com (Postfix) with ESMTP id 46C0812F18C for <dots@ietf.org>; Wed, 12 Dec 2018 02:12:27 -0800 (PST)
Received: from vc2.ecl.ntt.co.jp (vc2.ecl.ntt.co.jp [129.60.86.154]) by tama500.ecl.ntt.co.jp (8.13.8/8.13.8) with ESMTP id wBCACR9V003091 for <dots@ietf.org>; Wed, 12 Dec 2018 19:12:27 +0900
Received: from vc2.ecl.ntt.co.jp (localhost [127.0.0.1]) by vc2.ecl.ntt.co.jp (Postfix) with ESMTP id 74AAE638D99 for <dots@ietf.org>; Wed, 12 Dec 2018 19:12:27 +0900 (JST)
Received: from jcms-pop21.ecl.ntt.co.jp (jcms-pop21.ecl.ntt.co.jp [129.60.87.134]) by vc2.ecl.ntt.co.jp (Postfix) with ESMTP id 69766638D91 for <dots@ietf.org>; Wed, 12 Dec 2018 19:12:27 +0900 (JST)
Received: from [IPv6:::1] (unknown [129.60.13.46]) by jcms-pop21.ecl.ntt.co.jp (Postfix) with ESMTPSA id 65347400A71 for <dots@ietf.org>; Wed, 12 Dec 2018 19:12:27 +0900 (JST)
References: <60792ae9-9e70-bfda-cd2c-a1112c7dbb29@lab.ntt.co.jp> <BN6PR16MB14259B2A1F59C56414853489EAA90@BN6PR16MB1425.namprd16.prod.outlook.com> <71e1c3d0-16a2-c7d2-3ed8-aa4ab303e9f3@lab.ntt.co.jp> <BN6PR16MB14257571D49FBD871E784300EAA50@BN6PR16MB1425.namprd16.prod.outlook.com>
From: Yuhei Hayashi <hayashi.yuhei@lab.ntt.co.jp>
Message-ID: <5c0baa90-1cc2-2fb2-5542-29f37ce9bf32@lab.ntt.co.jp>
Date: Wed, 12 Dec 2018 19:11:13 +0900
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1
MIME-Version: 1.0
In-Reply-To: <BN6PR16MB14257571D49FBD871E784300EAA50@BN6PR16MB1425.namprd16.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-CC-Mail-RelayStamp: 1
To: "dots@ietf.org" <dots@ietf.org>
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/Z82bcZ8XhfNsQWTKbzFl64l6hAE>
Subject: Re: [Dots] draft-h-dots-mitigation-offload-expansion-00: Reasons why we want to standardize between DMS and orchestrator using DOTS
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Dec 2018 10:12:31 -0000
Hi Tiru, >> If the DOTS data channel is capable of doing the job, Why do you see the need to extend the signal channel protocol ? Through this discussion, I get the feeling that it's not necessary to expand signal channel if the data channel can do the job about intra-domain DDoS offload usecase. I will check whether the data channel can do the job or not through test of the usecase. >>>From a protocol perspective, do you see any differences b/w "intra-domain" and "inter-domain" DDoS offload use cases ? >> The new use cases is interesting to signal the attacker information when the mitigation is in progress, and the link b/w the DMS and Orchestrator won't be congested, so DOTS data channel can be used >> to convey the drop-listed filtering rules. So far, I consider inter-domain DDoS offload usecase like as below. - Downstream NW has in-line DMS and upstream NW has Orchestrator. - When downstream NW is attacked and the DMS is saturated, the downstream NW sends offload request with target and attacker information to the Orchestrator in upstream NW via link b/w the downstream NW and the upstream NW. - In upstream NW, orchestrator orders routers to block the attack traffic using the target and attacker information. Based on IETF 103 hackathon report, all of the data-channel communications fail in attack-time. So I think DOTS data channel can't be used to convey attacker information about the usecase. https://datatracker.ietf.org/meeting/103/materials/slides-103-dots-interop-report-from-ietf-103-hackathon-00 Thanks, Yuhei On 2018/12/10 21:58, Konda, Tirumaleswar Reddy wrote: >> -----Original Message----- >> From: Dots <dots-bounces@ietf.org> On Behalf Of Yuhei Hayashi >> Sent: Monday, December 10, 2018 5:27 PM >> To: dots@ietf.org >> Subject: Re: [Dots] draft-h-dots-mitigation-offload-expansion-00: Reasons why >> we want to standardize between DMS and orchestrator using DOTS >> >> This email originated from outside of the organization. Do not click links or >> open attachments unless you recognize the sender and know the content is safe. >> >> Hi Tiru, >> >> Thank you for advising! >> I will consider to use not only expanded signal channel but also data channel to >> the intra-domain DDoS offload usecase. > > If the DOTS data channel is capable of doing the job, Why do you see the need to extend the signal channel protocol ? > >> >> I'm considering to add "inter-domain" DDoS offload usecase to my draft. > >>From a protocol perspective, do you see any differences b/w "intra-domain" and "inter-domain" DDoS offload use cases ? > >> I will also consider which channel,expanded signal channel or data channel, is >> suitable to send attacker information under attack situation. > > The new use cases is interesting to signal the attacker information when the mitigation is in progress, and the link b/w the DMS and Orchestrator won't be congested, so DOTS data channel can be used > to convey the drop-listed filtering rules. > > Cheers, > -Tiru > >> >> Thanks, >> Yuhei >> >> On 2018/12/06 23:20, Konda, Tirumaleswar Reddy wrote: >>>> -----Original Message----- >>>> From: Dots <dots-bounces@ietf.org> On Behalf Of Yuhei Hayashi >>>> Sent: Thursday, November 29, 2018 2:15 PM >>>> To: dots@ietf.org >>>> Subject: [Dots] draft-h-dots-mitigation-offload-expansion-00: Reasons >>>> why we want to standardize between DMS and orchestrator using DOTS >>>> >>>> This email originated from outside of the organization. Do not click >>>> links or open attachments unless you recognize the sender and know the >> content is safe. >>>> >>>> Hi Tiru, Flemming, >>>> >>>> Thank you for asking question for my draft >>>> "draft-h-dots-mitigation-offload- expansion-00" in IETF103. >>>> >>>> I'm sorry I'm late for answering the question. >>>> These questions are similar so I will answer the question in this one thread. >>>>> Q: (Tiru Reddy) Why the DMS must use DOTS to talk to the orchestrator? >>>>> Q: (Flemming Andreasen) Is it worthwhile to standardize the >>>>> communication >>>> between the DMS with the orchestrator? >>>> https://datatracker.ietf.org/meeting/103/materials/minutes-103-dots-0 >>>> 0 >>>> >>>> We want to use various and latest DMS in DDoS Orchestration usecase >>>> because DDoS attacks evolve day by day. >>>> >>>> However, syslog format varies from DMS to DMS. >>>> There is no standardized IF or API between DMS and Orchestrator, so >>>> we have to develop IF module on orchestrator for adapting the DMS to the >> orchestrator. >>>> I think it is obstacle to use various DMS in DDoS Orchestration usecase. >>>> >>>> We are paying attention to DOTS, which is being debated the most as a >>>> standard for signaling related to DDoS. >>> >>> The list of top attackers could be huge, DOTS signal channel is supposed to >> have small message sizes. >>> DOTS data channel can be used to managing filters. Why not use DOTS data >> channel to block the traffic from the top N attackers to the target ? >>> >>> Cheers, >>> -Tiru >>> >>>> >>>> Thanks, >>>> Yuhei >>>> >>>> ----------------------------------------- >>>> Nippon Telegraph and Telephone Corporation >>>> Network Service Systems Laboratories >>>> Transport Service Platform Innovation Project >>>> Transport Service Systems Development Project >>>> Yuhei Hayashi >>>> 0422-59-3485 >>>> hayashi.yuhei@lab.ntt.co.jp >>>> >>>> _______________________________________________ >>>> Dots mailing list >>>> Dots@ietf.org >>>> https://www.ietf.org/mailman/listinfo/dots >>> >> ----------------------------------------- >> Nippon Telegraph and Telephone Corporation >> Network Service Systems Laboratories >> Transport Service Platform Innovation Project >> Transport Service Systems Development Project >> Yuhei Hayashi >> 0422-59-3485 >> hayashi.yuhei@lab.ntt.co.jp >> >> _______________________________________________ >> Dots mailing list >> Dots@ietf.org >> https://www.ietf.org/mailman/listinfo/dots > > _______________________________________________ > Dots mailing list > Dots@ietf.org > https://www.ietf.org/mailman/listinfo/dots > ----------------------------------------- Nippon Telegraph and Telephone Corporation Network Service Systems Laboratories Transport Service Platform Innovation Project Transport Service Systems Development Project Yuhei Hayashi 0422-59-3485 hayashi.yuhei@lab.ntt.co.jp
- [Dots] draft-h-dots-mitigation-offload-expansion-… Yuhei Hayashi
- Re: [Dots] draft-h-dots-mitigation-offload-expans… Konda, Tirumaleswar Reddy
- Re: [Dots] draft-h-dots-mitigation-offload-expans… Yuhei Hayashi
- Re: [Dots] draft-h-dots-mitigation-offload-expans… Konda, Tirumaleswar Reddy
- Re: [Dots] draft-h-dots-mitigation-offload-expans… Yuhei Hayashi
- Re: [Dots] draft-h-dots-mitigation-offload-expans… Konda, Tirumaleswar Reddy