Re: [Dots] WGLC for draft-dots-use-cases-19

<mohamed.boucadair@orange.com> Tue, 06 August 2019 13:35 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8E661201A1 for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 06:35:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SWQg5t1UjFsV for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 06:35:47 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.39]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EA0B12019C for <dots@ietf.org>; Tue, 6 Aug 2019 06:35:47 -0700 (PDT)
Received: from opfedar05.francetelecom.fr (unknown [xx.xx.xx.7]) by opfedar26.francetelecom.fr (ESMTP service) with ESMTP id 462wcx4GgMzFpwr; Tue, 6 Aug 2019 15:35:45 +0200 (CEST)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.107]) by opfedar05.francetelecom.fr (ESMTP service) with ESMTP id 462wcx2rfLz2xC0; Tue, 6 Aug 2019 15:35:45 +0200 (CEST)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM8F.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.03.0468.000; Tue, 6 Aug 2019 15:35:45 +0200
From: <mohamed.boucadair@orange.com>
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>, "Valery Smyslov" <valery@smyslov.net>, "dots@ietf.org" <dots@ietf.org>
CC: "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>
Thread-Topic: [Dots] WGLC for draft-dots-use-cases-19
Thread-Index: AdVMHvzhmt/V33ByRr+d368GCi1ExgABDh/gAAA/2oAAAmsFAAAApBygAAFk76AAAGXy8AAALP6QAAB9ubAAA9IiYAABiL4AAABR/TAAAPXKAAAAowWgAABjpEA=
Date: Tue, 6 Aug 2019 13:35:44 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B9330312FDF39@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <00b001d54c1f$d57799e0$8066cda0$@smyslov.net> <DM5PR16MB17050571BAD70FACA597FA6CEAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDB17@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB170555606E26709FC5C54AA4EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDBC8@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB17050DF869BABA8B3670DC85EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDC3B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB1705E573DE3E7482115B9FE0EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDC6C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB170551C20908654A0F6428D7EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDDC9@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB1705CBD6DF992D7FB9178B29EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDE6B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB17055591ECA5EC49A2947A3EEAD50@DM5PR16MB1705.namprd16.prod.outlook.com>
In-Reply-To: <DM5PR16MB17055591ECA5EC49A2947A3EEAD50@DM5PR16MB1705.namprd16.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/ZYAf_1CpyyM2bGyC0yPFON1V76E>
Subject: Re: [Dots] WGLC for draft-dots-use-cases-19
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Aug 2019 13:35:49 -0000

Re-,

Please see inline.

Cheers,
Med

> -----Message d'origine-----
> De : Konda, Tirumaleswar Reddy [mailto:TirumaleswarReddy_Konda@McAfee.com]
> Envoyé : mardi 6 août 2019 15:08
> À : BOUCADAIR Mohamed TGI/OLN; Valery Smyslov; dots@ietf.org
> Cc : Xialiang (Frank, Network Standard & Patent Dept)
> Objet : RE: [Dots] WGLC for draft-dots-use-cases-19
> 
...
> > > > [Med] The recursive case is not covered in the current text. I don't
> > > think we
> > > > need to elaborate on this further.
> > >
> > > I don't understand why recursive case should be excluded in the
> > > current text ?
> >
> > [Med] Because the use-case draft does not cover this: It only covers the
> case
> > of an orchestrator talking to local routers.
> 
> My question is why shouldn't the use case draft cover this ?

[Med] Isn't this captured with the following? 

   o  DDoS Mitigation System (DMS): A system that performs DDoS
      mitigation.  The DDoS Mitigation System may be composed by a
      cluster of hardware and/or software resources, but could also
      involve an orchestrator that may take decisions such as
      outsourcing partial or more of the mitigation to another DDoS
      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      Mitigation System.

And 

   Another typical scenario for this use case is the relation between
   DDoS Mitigation Service Providers forming an overlay of DMS.  When a
   DDoS Mitigation Service Provider mitigating a DDoS attack reaches it
   resources capacities, it may choose to delegate the DDoS Mitigation to
   another DDoS Mitigation Service Provider. 

> 
> >
> > >
> > > >
> > > >  However If orchestrator is enforcing
> > > > > filtering rules on routers, it should create the black-list rules
> > > > > based on the non-spoofed attacker IP address and not use the
> > > > > spoofed victim IP addresses.
> > > > >
> > > >
> > > > [Med] Agree. Whether the check is done at the orchestrator or by the
> > > DMS,
> > > > is not a new concern. The DMS has to proceed with these checks,
> anyway.
> > > I
> > > > fail to see what is NEW and SPECIFIC to the offload scenario.
> > >
> > > In this case the check has to be done by orchestrator when enforcing
> > > black-list rules not to penalize the spoofed victim IP addresses and
> > > should be discussed in the new use case.
> >
> > [Med] This requirement has to be followed by the DMS, anyway. This is
> not a
> > new issue, Tiru.
> 
> No, sending attack information to the DOTS server is not covered in any of
> the WG documents.
> 

[Med] The text is about "additional hints". This is all what DOTS is about :-)

> >
> >  I don't see any other use case in
> > > the specification discussing offload scenario with propagating the
> > > attack information and I recommend updating the text discussing the
> > > above scenarios.
> >
> > [Med] We don't have a similar text for the DMS case because mitigation
> is
> > out of scope. I'm expecting to follow the some rationale for the
> offload.
> 
> If mitigation is out of scope, remove the following line:
> Then the orchestrator can take further actions like requesting forwarding
> nodes such as routers to filter the traffic.

[Med] This sentence is similar to saying the "DMS starts mitigation" but with more contextualized information for a network orchestrator. The sentence uses "can", "like" which is fine for illustration purposes. As a reader, I prefer to leave it.