IETF Logo Mail Archive

[Dots] Shepherd review of draft-ietf-dots-telemetry-use-cases

Valery Smyslov <valery@smyslov.net> Thu, 31 March 2022 13:54 UTC

Return-Path: <valery@smyslov.net>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BE393A17D3; Thu, 31 Mar 2022 06:54:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.109
X-Spam-Level:
X-Spam-Status: No, score=-7.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=smyslov.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7g1GEC7znl9t; Thu, 31 Mar 2022 06:54:43 -0700 (PDT)
Received: from direct.host-care.com (direct.host-care.com [198.136.54.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26E1C3A17C2; Thu, 31 Mar 2022 06:54:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=smyslov.net ; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID :Date:Subject:Cc:To:From:Sender:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=tWHDhCWuwNR/q4lxe1yU34DIX9sCLXIC4EsbY7yr1mw=; b=q5SjwlcXXFqsyrC2zKoi4JhHAN J7VdV8abrPkYBsQm7dZ39y3rhxAx6b/k6U0QpIqUI2HZWIco5HIAXOYV/jHjMIhS7ZifQd+UQTNQH irDN5w1st46oQAIX+o9f4833zCY5dzYDb51KmQlPurFT3Uabo7+SL1XrMafMFU6YArXpZkYXDj93L 0cxYtcBwpZU6ROx/ZasoAghYVSO14r+lvwSI6gu9T4DP+O3sJAaYfER4N8zUPJa5TvDbm0eTECLKA YzbhqrYeRM2Q/XF0P2th86T5/7Yk2314ueGTxwfXlUrXdXCXqN2XVtyvNtqZu6BFDtV4gZFiWyN/T yBc9u0MA==;
Received: from [93.188.44.204] (port=54088 helo=buildpc) by direct.host-care.com with esmtpsa (TLS1.2) tls TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <valery@smyslov.net>) id 1nZvG4-0002qu-0G; Thu, 31 Mar 2022 09:54:40 -0400
From: Valery Smyslov <valery@smyslov.net>
To: draft-ietf-dots-telemetry-use-cases@ietf.org
Cc: dots@ietf.org, dots-chairs@ietf.org
Date: Thu, 31 Mar 2022 16:54:40 +0300
Message-ID: <19f101d84506$df98e810$9ecab830$@smyslov.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdhFA729hdJ0x8z6Ra+I3MLXidhL7A==
Content-Language: ru
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - direct.host-care.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - smyslov.net
X-Get-Message-Sender-Via: direct.host-care.com: authenticated_id: valery@smyslov.net
X-Authenticated-Sender: direct.host-care.com: valery@smyslov.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/bj-bSZ3gytJfZjeB5xhjkacH7cU>
Subject: [Dots] Shepherd review of draft-ietf-dots-telemetry-use-cases
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Mar 2022 13:54:50 -0000

Hi,

I reviewed the document and found some nits (mostly grammar and typos).

1. Abstract.

The expansion of DOTS is "DDoS Open Threat Signaling". In the abstract it is expanded as "Denial-of-service Open Threat Signaling".

2. Figure 1, Figure 3, Figure 5, Figure 7, Figure 16, Figure 18.

All contain the same typo:

s/S is for DOTS client functionality/S is for DOTS server functionality

3. Section 3.1.1.

IPFIX, BGP, SNMP aren't expanded on first use.

4. Section 3.1.1.

   After that, the orchestrator
   orders the forwarding nodes to redirect as much of the top talker's traffic...

Shouldn't it be top-talkers' ?

5. Figure 7.

s/BGP Flow spec/BGP Flowspec 

6. Section 3.1.5.

s/It may also necessary/It may also be necessary

7. Section 3.1.5.

s/The forwarding nodes  send traffic statistics ... to the orchestrator the using "vendor-id" and "attack-id" telemetry attributes/
The forwarding nodes  send traffic statistics ... to the orchestrator by using "vendor-id" and "attack-id" telemetry attributes

8. Section 3.2.

s/Figure 15 provides ...  from the orchestrator to the network ./Figure 15 provides ...  from the orchestrator to the network.

9. Section 3.2.

s/Then, the DDoS mitigation systems reports the status of DDoS countermeasures to the orchestrator sending "attack-detail" telemetry
attributes./
Then, the DDoS mitigation systems reports the status of DDoS countermeasures to the orchestrator by sending "attack-detail"
telemetry attributes.

10. Section 3.2.

s/After  that, the orchestrator integrates the reports ... and send it to a network administrator .../
After  that, the orchestrator integrates the reports ... and sends them to a network administrator ...

(two places)

11. Section 3.3.1.

   On the other hand, DDoS detection based on the
   DMSes is a more accurate method for detecting attack traffic better
   than flow monitoring.

I have trouble parsing this text. Probably:

  On the other hand, DDoS detection based on the
   DMSes is a more accurate method for detecting attack traffic 
   than flow monitoring.

12. Section 3.3.1.

s/The aim of this use case is to increases flow collector's detection .../The aim of this use case is to increase flow collector's
detection ...

13. Section 3.3.1.

s/statisticsto/statistics to

14. Section 4.

s/a DDoS attacks/DDoS attacks

Regards,
Valery.

v2.23.0 | Report a Bug | By Email