Re: [Dots] Fwd: New Version Notification for draft-reddy-dots-telemetry-00.txt
<mohamed.boucadair@orange.com> Fri, 02 August 2019 11:55 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A83B120096 for <dots@ietfa.amsl.com>; Fri, 2 Aug 2019 04:55:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLnyj0jqLumX for <dots@ietfa.amsl.com>; Fri, 2 Aug 2019 04:55:42 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8772C120033 for <dots@ietf.org>; Fri, 2 Aug 2019 04:55:42 -0700 (PDT)
Received: from opfednr03.francetelecom.fr (unknown [xx.xx.xx.67]) by opfednr24.francetelecom.fr (ESMTP service) with ESMTP id 460QbJ4Wttz1yYK; Fri, 2 Aug 2019 13:55:40 +0200 (CEST)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.95]) by opfednr03.francetelecom.fr (ESMTP service) with ESMTP id 460QbJ3lZLzDqB8; Fri, 2 Aug 2019 13:55:40 +0200 (CEST)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM24.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.03.0468.000; Fri, 2 Aug 2019 13:55:40 +0200
From: mohamed.boucadair@orange.com
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>, H Y <yuuhei.hayashi@gmail.com>
CC: tirumal reddy <kondtir@gmail.com>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] Fwd: New Version Notification for draft-reddy-dots-telemetry-00.txt
Thread-Index: AQHVMzOPnOaVrHF+zEGZ3qoxuOmz7qbYNT+AgAGVHKCAAAbagIAAAf6QgAAE3gCAAAhfgP///5jQgA27AICAAD/vgIAAEHlw
Date: Fri, 02 Aug 2019 11:55:39 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B9330312FBBF3@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <156233245922.21720.2303446065970922340.idtracker@ietfa.amsl.com> <CAFpG3gcgpJRyLSoLkOMuUWY8pZrBPDCCz6-sc8A=1KW3GMpm+g@mail.gmail.com> <CAA8pjUPY+GDGxNhqDCWsh-6aGnYoOL+A5pGaE=2BaE5j8rY41g@mail.gmail.com> <DM5PR16MB17051F8C7697FE7DAF88AEC4EAC60@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312E739F@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB17050D182A4BE8C3B7EFDC3EEAC60@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312E73FA@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAA8pjUPe8rf6m2xy2S+JzhTN+xMm_9f3+OaBAsAnY7aV43g11A@mail.gmail.com> <DM5PR16MB17055E4630A2413CB7D212DBEAC60@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FB914@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB170543EFE7B366D14F8EE015EAD90@DM5PR16MB1705.namprd16.prod.outlook.com>
In-Reply-To: <DM5PR16MB170543EFE7B366D14F8EE015EAD90@DM5PR16MB1705.namprd16.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/ZgQRV4wBAqm-ZsvQRH-S3gyj9SE>
Subject: Re: [Dots] Fwd: New Version Notification for draft-reddy-dots-telemetry-00.txt
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Aug 2019 11:55:46 -0000
Re-, Fully agree. This is why I was referring to "a local knowledge of an attack". We may record such "warnings" in the telemetry I-D. Cheers, Med > -----Message d'origine----- > De : Konda, Tirumaleswar Reddy [mailto:TirumaleswarReddy_Konda@McAfee.com] > Envoyé : vendredi 2 août 2019 13:11 > À : BOUCADAIR Mohamed TGI/OLN; H Y > Cc : tirumal reddy; dots@ietf.org > Objet : RE: [Dots] Fwd: New Version Notification for draft-reddy-dots- > telemetry-00.txt > > > -----Original Message----- > > From: mohamed.boucadair@orange.com > > <mohamed.boucadair@orange.com> > > Sent: Friday, August 2, 2019 12:36 PM > > To: Konda, Tirumaleswar Reddy > > <TirumaleswarReddy_Konda@McAfee.com>; H Y > > <yuuhei.hayashi@gmail.com> > > Cc: tirumal reddy <kondtir@gmail.com>; dots@ietf.org > > Subject: RE: [Dots] Fwd: New Version Notification for draft-reddy-dots- > > telemetry-00.txt > > > > This email originated from outside of the organization. Do not click > links or > > open attachments unless you recognize the sender and know the content is > > safe. > > > > Hi Tiru, > > > > These questions are valid ones when it comes to decide which mitigation > > actions to apply. Nevertheless, the source information is part of the > > characterization of an attack at given time. This does not mean that we > > necessarily rely on it to mitigate, but this is not excluded either. > > The use of this top-talkers attribute and it's use to black-list traffic > (or mitigation) needs to be clearly articulated. It can potentially > adversely impact the mitigated resource service > to spoofed top-taker IP addresses. > > -Tiru > > > > > The source information can be included in the notification use case > already > > described by Kaname in this thread, or if the mitigator is enforcing > policies > > based on the source information (because of a local knowledge of an > attack) > > but reaches a limit, it can delegate the policy to a L3 orchestrator > (Yuhei case). > > > > Cheers, > > Med > > > > > -----Message d'origine----- > > > De : Konda, Tirumaleswar Reddy > > > [mailto:TirumaleswarReddy_Konda@McAfee.com] > > > Envoyé : mercredi 24 juillet 2019 15:35 À : H Y; BOUCADAIR Mohamed > > > TGI/OLN Cc : tirumal reddy; dots@ietf.org Objet : RE: [Dots] Fwd: New > > > Version Notification for draft-reddy-dots- telemetry-00.txt > > > > > > Hi Yuhei, > > > > > > What is stopping the attacker to frequently change the IP address > > > (especially with IPv6) ? > > > What kind of attack traffic is generated by the top talkers and what > > > happens if the top talkers are spoofed IP addresses (e.g. > > > amplification > > > attack) ? > > > > > > Cheers, > > > -Tiru > > > > > > > -----Original Message----- > > > > From: H Y <yuuhei.hayashi@gmail.com> > > > > Sent: Wednesday, July 24, 2019 6:57 PM > > > > To: Mohamed Boucadair <mohamed.boucadair@orange.com> > > > > Cc: Konda, Tirumaleswar Reddy > > <TirumaleswarReddy_Konda@McAfee.com>; > > > > tirumal reddy <kondtir@gmail.com>; dots@ietf.org > > > > Subject: Re: [Dots] Fwd: New Version Notification for > > > > draft-reddy-dots- telemetry-00.txt > > > > > > > > > > > > > > > > Hi Med, > > > > > > > > > [Med] Yes. My point is if one has to return a list of top-talkers > > > > > in > > > terms of > > > > pps, another list of top-talkers in terms of second_criteria, or > > > > other information relying on source-prefix dedicated attributes will > > > > be needed because this cannot be inferred from the current > > > > source-prefix > > > attribute. > > > > [hayashi] +1. This top-talker information is helpful for the > > > orchestrator to > > > > decide which attack traffic should be blocked preferentially in > network. > > > The > > > > criteria information is also needed. > > > > > > > > Thanks, > > > > Yuhei > > > > > > > > 2019年7月24日(水) 8:56 <mohamed.boucadair@orange.com>: > > > > > > > > > > Re-, > > > > > > > > > > Please see inline. > > > > > > > > > > Cheers, > > > > > Med > > > > > > > > > > > -----Message d'origine----- > > > > > > De : Konda, Tirumaleswar Reddy > > > > > > [mailto:TirumaleswarReddy_Konda@McAfee.com] > > > > > > Envoyé : mercredi 24 juillet 2019 14:45 À : BOUCADAIR Mohamed > > > > > > TGI/OLN; H Y; tirumal reddy Cc : dots@ietf.org Objet : RE: > > > > > > [Dots] > > > > > > Fwd: New Version Notification for draft-reddy-dots- > > > > > > telemetry-00.txt > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: mohamed.boucadair@orange.com > > > > <mohamed.boucadair@orange.com> > > > > > > > Sent: Wednesday, July 24, 2019 6:02 PM > > > > > > > To: Konda, Tirumaleswar Reddy > > > > > > > <TirumaleswarReddy_Konda@McAfee.com>; H Y > > > > > > > <yuuhei.hayashi@gmail.com>; tirumal reddy <kondtir@gmail.com> > > > > > > > Cc: dots@ietf.org > > > > > > > Subject: RE: [Dots] Fwd: New Version Notification for > > > > > > > draft-reddy-dots- telemetry-00.txt > > > > > > > > > > > > > > This email originated from outside of the organization. Do not > > > > > > > click > > > > > > links or > > > > > > > open attachments unless you recognize the sender and know the > > > > > > > content is safe. > > > > > > > > > > > > > > Hi Tiru, > > > > > > > > > > > > > > That’s true...but fragmentation is a general issue each time > > > > > > > we need to supply more telemetry information in the signal > channel. > > > > > > > As already > > > > > > noted in > > > > > > > the draft, we will need to figure out when it is better to > > > > > > > provide some telemetry information using data channel. > > > > > > > > > > > > Yes, normal traffic baseline attributes can be conveyed in the > > > > > > DOTS data channel and traffic from top talkers can also be > > > > > > blocked/rate-limited using the DOTS data channel during peace > time. > > > > > > > > > > > > > > > > > > > > BTW, "top talker" can already be supplied using source-prefix > > > attribute. > > > > > > > Whether top-talker needs to be defined as a separated > > > > > > > attribute, but structured as a list of source-prefixes is a > > > > > > > design details (if the WG > > > > > > agrees to > > > > > > > include it in the telemetry information). > > > > > > > > > > > > Source-prefix is already a list/array. > > > > > > > > > > [Med] Yes. My point is if one has to return a list of top-talkers > > > > > in > > > terms of > > > > pps, another list of top-talkers in terms of second_criteria, or > > > > other information relying on source-prefix dedicated attributes will > > > > be needed because this cannot be inferred from the current > > > > source-prefix > > > attribute. > > > > > > > > > > > > > > > > > > > > > > > > > Anyway, let's continue collecting candidate telemetry > > > > > > > information and > > > > > > then > > > > > > > make a selection in a second phase. > > > > > > > > > > > > Sure. > > > > > > > > > > > > Cheers, > > > > > > -Tiru > > > > > > > > > > > > > > > > > > > > Cheers, > > > > > > > Med > > > > > > > > > > > > > > > -----Message d'origine----- > > > > > > > > De : Dots [mailto:dots-bounces@ietf.org] De la part de > > > > > > > > Konda, Tirumaleswar Reddy Envoyé : mercredi 24 juillet 2019 > > > > > > > > 14:18 À : H Y; tirumal reddy Cc : dots@ietf.org Objet : Re: > > > > > > > > [Dots] Fwd: New Version Notification for draft-reddy-dots- > > > > > > > > telemetry-00.txt > > > > > > > > > > > > > > > > Hi Yuhei, > > > > > > > > > > > > > > > > Thanks for the support. The problem is fragmentation of the > > > > > > > > DOTS telemetry message, DOTS Telemetry is sent over the DOTS > > > > > > > > signal channel using UDP and the message size cannot exceed > > PMTU. > > > > > > > > > > > > > > > > Cheers, > > > > > > > > -Tiru > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > > From: Dots <dots-bounces@ietf.org> On Behalf Of H Y > > > > > > > > > Sent: Tuesday, July 23, 2019 5:28 PM > > > > > > > > > To: tirumal reddy <kondtir@gmail.com> > > > > > > > > > Cc: dots@ietf.org > > > > > > > > > Subject: Re: [Dots] Fwd: New Version Notification for > > > > > > > > > draft-reddy-dots- telemetry-00.txt > > > > > > > > > > > > > > > > > > This email originated from outside of the organization. Do > > > > > > > > > not click > > > > > > > > links or > > > > > > > > > open attachments unless you recognize the sender and know > > > > > > > > > the content is safe. > > > > > > > > > > > > > > > > > > Hi Tiru, > > > > > > > > > > > > > > > > > > I read the draft and I also support this draft. > > > > > > > > > Sending detail information about attack traffic helps my > > > > > > > > > dms offload > > > > > > > > scenario > > > > > > > > > because the orchestrator can decide what to do based on > > > > > > > > > the detail information. > > > > > > > > > > > > > > > > > > IMO, "top talker" attribute defined in my previous draft > > > > > > > > > is also > > > > > > > > feasible to > > > > > > > > > send and effective to mitigate attack correctly. > > > > > > > > > https://datatracker.ietf.org/doc/draft-h-dots-mitigation-o > > > > > > > > > fflo > > > > > > > > > ad- > > > > > > > > expansion/ > > > > > > > > > What do you think about including the top talker attribute > > > > > > > > > to the > > > > > > > > telemetry? > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > Yuhei > > > > > > > > > > > > > > > > > > 2019年7月5日(金) 9:21 tirumal reddy <kondtir@gmail.com>: > > > > > > > > > > > > > > > > > > > > Hi all, > > > > > > > > > > > > > > > > > > > > https://tools.ietf.org/html/draft-reddy-dots-telemetry-0 > > > > > > > > > > 0 > > > > > > > > > > aims to > > > > > > > > enrich > > > > > > > > > DOTS protocols with various telemetry attributes allowing > > > > > > > > > optimal DDoS attack mitigation. This document specifies > > > > > > > > > the normal traffic baseline > > > > > > > > and > > > > > > > > > attack traffic telemetry attributes a DOTS client can > > > > > > > > > convey to its DOTS > > > > > > > > server > > > > > > > > > in the mitigation request, the mitigation status telemetry > > > > > > > > > attributes a > > > > > > > > DOTS > > > > > > > > > server can communicate to a DOTS client, and the > > > > > > > > > mitigation efficacy telemetry attributes a DOTS client can > > > > > > > > > communicate to > > > a > > > > DOTS server. > > > > > > > > The > > > > > > > > > telemetry attributes can assist the mitigator to choose > > > > > > > > > the DDoS > > > > > > > > mitigation > > > > > > > > > techniques and perform optimal DDoS attack mitigation. > > > > > > > > > > > > > > > > > > > > Comments, suggestions, and questions are more than > > welcome. > > > > > > > > > > > > > > > > > > > > Cheers, > > > > > > > > > > -Tiru > > > > > > > > > > > > > > > > > > > > ---------- Forwarded message --------- > > > > > > > > > > From: <internet-drafts@ietf.org> > > > > > > > > > > Date: Fri, 5 Jul 2019 at 18:44 > > > > > > > > > > Subject: New Version Notification for > > > > > > > > > > draft-reddy-dots-telemetry-00.txt > > > > > > > > > > To: Tirumaleswar Reddy <kondtir@gmail.com>, Ehud Doron > > > > > > > > > > <ehudd@radware.com>, Mohamed Boucadair > > > > > > > > > <mohamed.boucadair@orange.com> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > A new version of I-D, draft-reddy-dots-telemetry-00.txt > > > > > > > > > > has been successfully submitted by Tirumaleswar Reddy > > > > > > > > > > and posted to the IETF repository. > > > > > > > > > > > > > > > > > > > > Name: draft-reddy-dots-telemetry > > > > > > > > > > Revision: 00 > > > > > > > > > > Title: Distributed Denial-of-Service Open > Threat > > > > > > Signaling > > > > > > > > (DOTS) > > > > > > > > > Telemetry > > > > > > > > > > Document date: 2019-07-05 > > > > > > > > > > Group: Individual Submission > > > > > > > > > > Pages: 13 > > > > > > > > > > URL: https://www.ietf.org/internet- > drafts/draft- > > > reddy- > > > > > > dots- > > > > > > > > > telemetry-00.txt > > > > > > > > > > Status: https://datatracker.ietf.org/doc/draft- > > > reddy-dots- > > > > > > > > telemetry/ > > > > > > > > > > Htmlized: https://tools.ietf.org/html/draft-reddy- > > > dots- > > > > > > > > telemetry-00 > > > > > > > > > > Htmlized: > https://datatracker.ietf.org/doc/html/draft- > > > reddy- > > > > > > > > dots- > > > > > > > > > telemetry > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Abstract: > > > > > > > > > > This document aims to enrich DOTS signal channel > > > > > > > > > > protocol > > > with > > > > > > > > > > various telemetry attributes allowing optimal DDoS > > > > > > > > > > attack > > > > > > > > mitigation. > > > > > > > > > > This document specifies the normal traffic baseline > > > > > > > > > > and > > > attack > > > > > > > > > > traffic telemetry attributes a DOTS client can convey > > > > > > > > > > to its > > > > > > DOTS > > > > > > > > > > server in the mitigation request, the mitigation > > > > > > > > > > status > > > > > > telemetry > > > > > > > > > > attributes a DOTS server can communicate to a DOTS > > > > > > > > > > client, and > > > > > > the > > > > > > > > > > mitigation efficacy telemetry attributes a DOTS > > > > > > > > > > client > > > can > > > > > > > > > > communicate to a DOTS server. The telemetry > > > > > > > > > > attributes can > > > > > > assist > > > > > > > > > > the mitigator to choose the DDoS mitigation > > > > > > > > > > techniques and > > > > > > perform > > > > > > > > > > optimal DDoS attack mitigation. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Please note that it may take a couple of minutes from > > > > > > > > > > the time of submission until the htmlized version and > > > > > > > > > > diff are available at > > > > > > > > tools.ietf.org. > > > > > > > > > > > > > > > > > > > > The IETF Secretariat > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > > > Dots mailing list > > > > > > > > > > Dots@ietf.org > > > > > > > > > > https://www.ietf.org/mailman/listinfo/dots > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > ---------------------------------- > > > > > > > > > Yuuhei HAYASHI > > > > > > > > > 08065300884 > > > > > > > > > yuuhei.hayashi@gmail.com > > > > > > > > > iehuuy_0220@docomo.ne.jp > > > > > > > > > ---------------------------------- > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > > Dots mailing list > > > > > > > > > Dots@ietf.org > > > > > > > > > https://www.ietf.org/mailman/listinfo/dots > > > > > > > > _______________________________________________ > > > > > > > > Dots mailing list > > > > > > > > Dots@ietf.org > > > > > > > > https://www.ietf.org/mailman/listinfo/dots > > > > > > > > > > > > > > > > -- > > > > ---------------------------------- > > > > Yuuhei HAYASHI > > > > 08065300884 > > > > yuuhei.hayashi@gmail.com > > > > iehuuy_0220@docomo.ne.jp > > > > ----------------------------------
- [Dots] Fwd: New Version Notification for draft-re… tirumal reddy
- Re: [Dots] Fwd: New Version Notification for draf… kaname nishizuka
- Re: [Dots] Fwd: New Version Notification for draf… Konda, Tirumaleswar Reddy
- Re: [Dots] Fwd: New Version Notification for draf… kaname nishizuka
- Re: [Dots] Fwd: New Version Notification for draf… Konda, Tirumaleswar Reddy
- Re: [Dots] Fwd: New Version Notification for draf… Jon Shallow
- Re: [Dots] Fwd: New Version Notification for draf… Meiling Chen
- Re: [Dots] Fwd: New Version Notification for draf… H Y
- Re: [Dots] Fwd: New Version Notification for draf… kaname nishizuka
- Re: [Dots] Fwd: New Version Notification for draf… kaname nishizuka
- Re: [Dots] Fwd: New Version Notification for draf… Konda, Tirumaleswar Reddy
- Re: [Dots] Fwd: New Version Notification for draf… Konda, Tirumaleswar Reddy
- Re: [Dots] Fwd: New Version Notification for draf… mohamed.boucadair
- Re: [Dots] Fwd: New Version Notification for draf… mohamed.boucadair
- Re: [Dots] Fwd: New Version Notification for draf… Konda, Tirumaleswar Reddy
- Re: [Dots] Fwd: New Version Notification for draf… mohamed.boucadair
- Re: [Dots] Fwd: New Version Notification for draf… kaname nishizuka
- Re: [Dots] Fwd: New Version Notification for draf… H Y
- Re: [Dots] Fwd: New Version Notification for draf… Konda, Tirumaleswar Reddy
- Re: [Dots] Fwd: New Version Notification for draf… H Y
- Re: [Dots] Fwd: New Version Notification for draf… Konda, Tirumaleswar Reddy
- Re: [Dots] Fwd: New Version Notification for draf… mohamed.boucadair
- Re: [Dots] Fwd: New Version Notification for draf… Konda, Tirumaleswar Reddy
- Re: [Dots] Fwd: New Version Notification for draf… mohamed.boucadair