Re: [Dots] Fwd: New Version Notification for draft-reddy-dots-telemetry-00.txt

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Wed, 24 July 2019 12:44 UTC

Return-Path: <tirumaleswarreddy_konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29DF01200C4 for <dots@ietfa.amsl.com>; Wed, 24 Jul 2019 05:44:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.399
X-Spam-Level:
X-Spam-Status: No, score=-2.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0uDr1y_KJKru for <dots@ietfa.amsl.com>; Wed, 24 Jul 2019 05:44:53 -0700 (PDT)
Received: from us-smtp-delivery-210.mimecast.com (us-smtp-delivery-210.mimecast.com [216.205.24.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52CCF12000F for <dots@ietf.org>; Wed, 24 Jul 2019 05:44:53 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1563971607; h=ARC-Seal: ARC-Message-Signature:ARC-Authentication-Results: From:To:CC:Subject:Thread-Topic:Thread-Index: Date:Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-ms-exchange-senderadcheck: x-microsoft-antispam-message-info:Content-Type: Content-Transfer-Encoding:MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-CrossTenant-userprincipalname: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Level: X-NAI-Spam-Threshold:X-NAI-Spam-Score:X-NAI-Spam-Version; bh=G/zzp1dJB8K8xjIgT+h2Fsf/UvD0bimJrX2s2T igtVM=; b=WDRNAe5z4oEz+q54di4NEQ2gNm+i0fACgqlMt0Cj z/7IDQVKqQUmBZ2iN7NzR0775zYwCnyudi0YnaxGn1dTshRjlJ ecKDEFoflkf2+4hpqKpBvrV8j0hBjlbtFhtNoiar6x2djgns53 F01YpCA0QZRoXd5/tJ3s8jB4z8RRzNk=
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-39-cOflEz6aP_-HJY0F5fpHag-1; Wed, 24 Jul 2019 08:44:47 -0400
Received: from DNVEXAPP1N06.corpzone.internalzone.com (unknown [10.44.48.90]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 7d30_0ddd_a5e1e407_a406_4c6d_a92b_4d283f867ff2; Wed, 24 Jul 2019 06:33:26 -0600
Received: from DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 24 Jul 2019 06:44:44 -0600
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Wed, 24 Jul 2019 06:44:44 -0600
Received: from NAM05-BY2-obe.outbound.protection.outlook.com (10.44.176.241) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 24 Jul 2019 06:44:34 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PZ695A5j46Ly/ZLgVInaUi8LSufeK5LEC/2TFBZTXV08+VqFkcH5W1x0ZdYMa13B3j+CTw0i5XwlyVGT1DSNA0BAyb3tqyFLo2awZr+o3itDjMtnTJ/2SUebCsl8hfeR3NuMiEAcbQ3TP+fY46Sc70QKbw34nr3X+R1ZDX6YzW8LFRKPG+UXLICR0L/3exEUAcmNhwzCrbQY4H9+rC/th9KJPxLkYWLhSXLIVM/5SxLbm+48fIdv9S8PQbpTshXyXSL/DX1jDHSpdJlkci6FEHigENNyl1QTknrDiJJTncPJXFNnX4L7d5P51+gFg7M77vaJL/IAlzCfx7CadXj1Vw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G/zzp1dJB8K8xjIgT+h2Fsf/UvD0bimJrX2s2TigtVM=; b=db6FEGFojvHCyOQUHPqk/gxyWbClDniN60ivcE4SCpGQ5suD1zV9+RBhxBQa3ix64XGv5rlV5iRZmUI4W8VYNNa1OymLGVQZ40uym2qg9odj3B9F+gIofvkjXzxmUv0FpkuJGZzpIn2fhNz2B2T/cR8bOE/eBuW6DvzYtFKM5Zjw/8dOJXNLqrSuFMtrdd+B5+KMiYOGTlRhMAIggI0AANKKgElv9SEMXnl2o9MfknOh0X4lxaQigFst4Z2biDKcifMnf8N57cV9Jvv6Z4whtDpCNAg8Ivfj6Wk8SA159DGpTxLIt/qpB0BMcOXTxYzK1ABFyEpnx13qIGc51CmYGA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=mcafee.com;dmarc=pass action=none header.from=mcafee.com;dkim=pass header.d=mcafee.com;arc=none
Received: from DM5PR16MB1705.namprd16.prod.outlook.com (10.172.44.147) by DM5PR16MB1641.namprd16.prod.outlook.com (10.174.177.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.10; Wed, 24 Jul 2019 12:44:32 +0000
Received: from DM5PR16MB1705.namprd16.prod.outlook.com ([fe80::6c22:21e:7528:3dc5]) by DM5PR16MB1705.namprd16.prod.outlook.com ([fe80::6c22:21e:7528:3dc5%6]) with mapi id 15.20.2115.005; Wed, 24 Jul 2019 12:44:32 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, H Y <yuuhei.hayashi@gmail.com>, tirumal reddy <kondtir@gmail.com>
CC: "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] Fwd: New Version Notification for draft-reddy-dots-telemetry-00.txt
Thread-Index: AQHVMzSMCPbrTboVdUKfxcuyXDvZxqbYNT+AgAGVHKCAAAbagIAAAf6Q
Date: Wed, 24 Jul 2019 12:44:32 +0000
Message-ID: <DM5PR16MB17050D182A4BE8C3B7EFDC3EEAC60@DM5PR16MB1705.namprd16.prod.outlook.com>
References: <156233245922.21720.2303446065970922340.idtracker@ietfa.amsl.com> <CAFpG3gcgpJRyLSoLkOMuUWY8pZrBPDCCz6-sc8A=1KW3GMpm+g@mail.gmail.com> <CAA8pjUPY+GDGxNhqDCWsh-6aGnYoOL+A5pGaE=2BaE5j8rY41g@mail.gmail.com> <DM5PR16MB17051F8C7697FE7DAF88AEC4EAC60@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312E739F@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B9330312E739F@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.3.0.16
dlp-reaction: no-action
x-originating-ip: [185.221.69.46]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4cebe003-f7f0-4554-b5b3-08d71034ad45
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM5PR16MB1641;
x-ms-traffictypediagnostic: DM5PR16MB1641:
x-ms-exchange-purlcount: 7
x-microsoft-antispam-prvs: <DM5PR16MB16418946C63A3A70A02E456EEAC60@DM5PR16MB1641.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0108A997B2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(346002)(396003)(39860400002)(376002)(366004)(51914003)(52314003)(13464003)(189003)(199004)(32952001)(53754006)(53936002)(2906002)(11346002)(66574012)(66066001)(446003)(25786009)(33656002)(6436002)(5660300002)(486006)(80792005)(7736002)(74316002)(4326008)(305945005)(6246003)(26005)(476003)(102836004)(53546011)(6506007)(81156014)(8676002)(71200400001)(64756008)(66946007)(6116002)(110136005)(316002)(8936002)(68736007)(81166006)(9686003)(66556008)(66476007)(6306002)(76116006)(86362001)(66446008)(55016002)(186003)(478600001)(256004)(71190400001)(76176011)(15650500001)(966005)(14444005)(229853002)(14454004)(5024004)(7696005)(2501003)(99286004)(52536014)(3846002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR16MB1641; H:DM5PR16MB1705.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: qA8eI5JDKn+7zK8ADRDHjO3lZR1QWnKr0/xWXRmb3LpAgJIHmVjbjiU4O77gQRpql+HCLnZvpkK4GAdLkZNZ42UubqAQYpH9oHzDCoelToOcx9CvQW7CMeXs7bcT4J9gur81dbkfVevlU3y06GsKYX0fP/45NKeiAb3QIvXzBuFc9+5bCZjwZ8POSXJcbj58jKpbliQna5tAm5lhIJ+0+cRHGFJPKNY+juZaQ11wQyCgJ/2V9vOpIg9wk2zk0+xHK2mwvJkYF5zCeHItCwDZCU0kuGhmHOozVYSHmMhGccykvyib4cD9tW/Hn6MxHbK+NGDw6u4u4tyY4U7du1/uc/jI/krlygK3jNFmPkWqbhTgeoSh1JFXtKvgq4Md8UxuRw3tlpMu2JlXefS3LQsXponNRTUHDrxo0MVQ3SnxWsY=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 4cebe003-f7f0-4554-b5b3-08d71034ad45
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jul 2019 12:44:32.5723 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TirumaleswarReddy_Konda@McAfee.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR16MB1641
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0.2
X-NAI-Spam-Version: 2.3.0.9418 : core <6597> : inlines <7125> : streams <1828284> : uri <2871864>
X-MC-Unique: cOflEz6aP_-HJY0F5fpHag-1
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/cO5xBWMWptcD9372tOspFfO3um8>
Subject: Re: [Dots] Fwd: New Version Notification for draft-reddy-dots-telemetry-00.txt
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 12:44:56 -0000

> -----Original Message-----
> From: mohamed.boucadair@orange.com
> <mohamed.boucadair@orange.com>;
> Sent: Wednesday, July 24, 2019 6:02 PM
> To: Konda, Tirumaleswar Reddy
> <TirumaleswarReddy_Konda@McAfee.com>;; H Y
> <yuuhei.hayashi@gmail.com>;; tirumal reddy <kondtir@gmail.com>;
> Cc: dots@ietf.org
> Subject: RE: [Dots] Fwd: New Version Notification for draft-reddy-dots-
> telemetry-00.txt
> 
> This email originated from outside of the organization. Do not click links or
> open attachments unless you recognize the sender and know the content is
> safe.
> 
> Hi Tiru,
> 
> That’s true...but fragmentation is a general issue each time we need to
> supply more telemetry information in the signal channel. As already noted in
> the draft, we will need to figure out when it is better to provide some
> telemetry information using data channel.

Yes, normal traffic baseline attributes can be conveyed in the DOTS data channel and traffic from top talkers can also be blocked/rate-limited using the DOTS data channel during peace time. 

> 
> BTW, "top talker" can already be supplied using source-prefix attribute.
> Whether top-talker needs to be defined as a separated attribute, but
> structured as a list of source-prefixes is a design details (if the WG agrees to
> include it in the telemetry information).

Source-prefix is already a list/array.

> 
> Anyway, let's continue collecting candidate telemetry information and then
> make a selection in a second phase.

Sure.

Cheers,
-Tiru

> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Dots [mailto:dots-bounces@ietf.org] De la part de Konda,
> > Tirumaleswar Reddy Envoyé : mercredi 24 juillet 2019 14:18 À : H Y;
> > tirumal reddy Cc : dots@ietf.org Objet : Re: [Dots] Fwd: New Version
> > Notification for draft-reddy-dots- telemetry-00.txt
> >
> > Hi Yuhei,
> >
> > Thanks for the support. The problem is fragmentation of the DOTS
> > telemetry message, DOTS Telemetry is sent over the DOTS signal channel
> > using UDP and the message size cannot exceed PMTU.
> >
> > Cheers,
> > -Tiru
> >
> > > -----Original Message-----
> > > From: Dots <dots-bounces@ietf.org>; On Behalf Of H Y
> > > Sent: Tuesday, July 23, 2019 5:28 PM
> > > To: tirumal reddy <kondtir@gmail.com>;
> > > Cc: dots@ietf.org
> > > Subject: Re: [Dots] Fwd: New Version Notification for
> > > draft-reddy-dots- telemetry-00.txt
> > >
> > > This email originated from outside of the organization. Do not click
> > links or
> > > open attachments unless you recognize the sender and know the
> > > content is safe.
> > >
> > > Hi Tiru,
> > >
> > > I read the draft and I also support this draft.
> > > Sending detail information about attack traffic helps my dms offload
> > scenario
> > > because the orchestrator can decide what to do based on the detail
> > > information.
> > >
> > > IMO, "top talker" attribute defined in my previous draft is also
> > feasible to
> > > send and effective to mitigate attack correctly.
> > > https://datatracker.ietf.org/doc/draft-h-dots-mitigation-offload-
> > expansion/
> > > What do you think about including the top talker attribute to the
> > telemetry?
> > >
> > > Thanks,
> > > Yuhei
> > >
> > > 2019年7月5日(金) 9:21 tirumal reddy <kondtir@gmail.com>;:
> > > >
> > > > Hi all,
> > > >
> > > > https://tools.ietf.org/html/draft-reddy-dots-telemetry-00 aims to
> > enrich
> > > DOTS protocols with various telemetry attributes allowing optimal
> > > DDoS attack mitigation. This document specifies the normal traffic
> > > baseline
> > and
> > > attack traffic telemetry attributes a DOTS client can convey to its
> > > DOTS
> > server
> > > in the mitigation request, the mitigation status telemetry
> > > attributes a
> > DOTS
> > > server can communicate to a DOTS client, and the mitigation efficacy
> > > telemetry attributes a DOTS client can communicate to a DOTS server.
> > The
> > > telemetry attributes can assist the mitigator to choose the DDoS
> > mitigation
> > > techniques and perform optimal DDoS attack mitigation.
> > > >
> > > > Comments, suggestions, and questions are more than welcome.
> > > >
> > > > Cheers,
> > > > -Tiru
> > > >
> > > > ---------- Forwarded message ---------
> > > > From: <internet-drafts@ietf.org>;
> > > > Date: Fri, 5 Jul 2019 at 18:44
> > > > Subject: New Version Notification for
> > > > draft-reddy-dots-telemetry-00.txt
> > > > To: Tirumaleswar Reddy <kondtir@gmail.com>;, Ehud Doron
> > > > <ehudd@radware.com>;, Mohamed Boucadair
> > > <mohamed.boucadair@orange.com>;
> > > >
> > > >
> > > >
> > > > A new version of I-D, draft-reddy-dots-telemetry-00.txt has been
> > > > successfully submitted by Tirumaleswar Reddy and posted to the
> > > > IETF repository.
> > > >
> > > > Name:           draft-reddy-dots-telemetry
> > > > Revision:       00
> > > > Title:          Distributed Denial-of-Service Open Threat Signaling
> > (DOTS)
> > > Telemetry
> > > > Document date:  2019-07-05
> > > > Group:          Individual Submission
> > > > Pages:          13
> > > > URL:            https://www.ietf.org/internet-drafts/draft-reddy-dots-
> > > telemetry-00.txt
> > > > Status:         https://datatracker.ietf.org/doc/draft-reddy-dots-
> > telemetry/
> > > > Htmlized:       https://tools.ietf.org/html/draft-reddy-dots-
> > telemetry-00
> > > > Htmlized:       https://datatracker.ietf.org/doc/html/draft-reddy-
> > dots-
> > > telemetry
> > > >
> > > >
> > > > Abstract:
> > > >    This document aims to enrich DOTS signal channel protocol with
> > > >    various telemetry attributes allowing optimal DDoS attack
> > mitigation.
> > > >    This document specifies the normal traffic baseline and attack
> > > >    traffic telemetry attributes a DOTS client can convey to its DOTS
> > > >    server in the mitigation request, the mitigation status telemetry
> > > >    attributes a DOTS server can communicate to a DOTS client, and the
> > > >    mitigation efficacy telemetry attributes a DOTS client can
> > > >    communicate to a DOTS server.  The telemetry attributes can assist
> > > >    the mitigator to choose the DDoS mitigation techniques and perform
> > > >    optimal DDoS attack mitigation.
> > > >
> > > >
> > > >
> > > >
> > > > Please note that it may take a couple of minutes from the time of
> > > > submission until the htmlized version and diff are available at
> > tools.ietf.org.
> > > >
> > > > The IETF Secretariat
> > > >
> > > > _______________________________________________
> > > > Dots mailing list
> > > > Dots@ietf.org
> > > > https://www.ietf.org/mailman/listinfo/dots
> > >
> > >
> > >
> > > --
> > > ----------------------------------
> > > Yuuhei HAYASHI
> > > 08065300884
> > > yuuhei.hayashi@gmail.com
> > > iehuuy_0220@docomo.ne.jp
> > > ----------------------------------
> > >
> > > _______________________________________________
> > > Dots mailing list
> > > Dots@ietf.org
> > > https://www.ietf.org/mailman/listinfo/dots
> > _______________________________________________
> > Dots mailing list
> > Dots@ietf.org
> > https://www.ietf.org/mailman/listinfo/dots