Re: [Dots] Fwd: New Version Notification for draft-reddy-dots-telemetry-00.txt

H Y <yuuhei.hayashi@gmail.com> Wed, 24 July 2019 13:22 UTC

Return-Path: <yuuhei.hayashi@gmail.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F00AE1201E6 for <dots@ietfa.amsl.com>; Wed, 24 Jul 2019 06:22:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8I9fXAkebvGr for <dots@ietfa.amsl.com>; Wed, 24 Jul 2019 06:22:01 -0700 (PDT)
Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA03A1201E0 for <dots@ietf.org>; Wed, 24 Jul 2019 06:22:00 -0700 (PDT)
Received: by mail-lf1-x12a.google.com with SMTP id b29so24707479lfq.1 for <dots@ietf.org>; Wed, 24 Jul 2019 06:22:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=hGxS06XgNGwSUFYDOoZZb2zYveJDRVWS9xBCkBMXx0Q=; b=ZcL0R14ctVV/FdvVzdtAYJCwKDHcRXAL7tkp9ba+m8dQPJ6b5LB5neOV1EBfwwelvS zT7/PSSCfY2g+djpew6MUxBwC4qF/qq6QByu+0OLMGm99K1ijFU5n9AX1EQiMWnEmIy9 TtinQ7NNBYRL1oVF9txcddntIk/dv7GPirKzMXMT9n93GlTG1HR2n6fHNl8a52ntntQ4 XfdDbVsJl7eJ61Q52SFMrojZ66t9Nbgz6GuoMhNTwejgKMzKHIfOxUxOtL8JanvwsTaN nB5DTW/IVu5+HJLpEBGO+wonr13DDTpNewsthWNJW+UGZNtB8YWwEDNi9qsJi7/M11ER Caug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=hGxS06XgNGwSUFYDOoZZb2zYveJDRVWS9xBCkBMXx0Q=; b=HsaoIOLMacrD9hzdJBjMJq2Qi3CZ9g2EFs6Sg1okuCGajpGJASBjpyUUO4vQfwFYmp o1H5QlpcWIvRRMsqFF5HZGqGhFMAaA8EIoKqQYLn8bW8BDTy1oqMip0G1RWnFjJuB9ZP APONFnc081yBDqiMaP0S01NpMEYhhB12Bvbe2duNJqrx+fP7RLmBZjbqMG3v8IPbpn9R xzUCQnkxIh1Ekp1I4E1Rl5kyp/hAfks3wXQLX9cxUQZPLSeRqffAjiocHBJHMzfTya3x OWreObbTgqCHVHnp23MhkaJhqSeU8cnS2XcqA9upJeCPrhMIymUTGNQPBQe5jLTq+um5 LWIQ==
X-Gm-Message-State: APjAAAX9RJyzOuYRQFYGPUKNIeuLZCgKoIrLBfexJmTzZzHi09OXtEUz 08RME1Ub35eKemDJNP/d3cl7UZ7cYRor2wgv3ZY=
X-Google-Smtp-Source: APXvYqzlyK01PxfSKwOj1G8jWfRSDIus6pVBSM1FkzP1D8TVREAGgioNT7HlcIlNnf71XELI6F3uIftlC5kjKVliV4Y=
X-Received: by 2002:ac2:596c:: with SMTP id h12mr3973864lfp.101.1563974519062; Wed, 24 Jul 2019 06:21:59 -0700 (PDT)
MIME-Version: 1.0
References: <156233245922.21720.2303446065970922340.idtracker@ietfa.amsl.com> <CAFpG3gcgpJRyLSoLkOMuUWY8pZrBPDCCz6-sc8A=1KW3GMpm+g@mail.gmail.com> <CAA8pjUPY+GDGxNhqDCWsh-6aGnYoOL+A5pGaE=2BaE5j8rY41g@mail.gmail.com> <DM5PR16MB17051F8C7697FE7DAF88AEC4EAC60@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312E739F@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB17050D182A4BE8C3B7EFDC3EEAC60@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312E73FA@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B9330312E73FA@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
From: H Y <yuuhei.hayashi@gmail.com>
Date: Wed, 24 Jul 2019 09:26:39 -0400
Message-ID: <CAA8pjUPe8rf6m2xy2S+JzhTN+xMm_9f3+OaBAsAnY7aV43g11A@mail.gmail.com>
To: Mohamed Boucadair <mohamed.boucadair@orange.com>
Cc: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@mcafee.com>, tirumal reddy <kondtir@gmail.com>, "dots@ietf.org" <dots@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/coxJQ_IZQRmd3BQjO1hm_PyscyY>
Subject: Re: [Dots] Fwd: New Version Notification for draft-reddy-dots-telemetry-00.txt
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 13:22:04 -0000

Hi Med,

> [Med] Yes. My point is if one has to return a list of top-talkers in terms of pps, another list of top-talkers in terms of second_criteria, or other information relying on source-prefix dedicated attributes will be needed because this cannot be inferred from the current source-prefix attribute.
[hayashi] +1. This top-talker information is helpful for the
orchestrator to decide which attack traffic should be blocked
preferentially in network. The criteria information is also needed.

Thanks,
Yuhei

2019年7月24日(水) 8:56 <mohamed.boucadair@orange.com>;:
>
> Re-,
>
> Please see inline.
>
> Cheers,
> Med
>
> > -----Message d'origine-----
> > De : Konda, Tirumaleswar Reddy [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > Envoyé : mercredi 24 juillet 2019 14:45
> > À : BOUCADAIR Mohamed TGI/OLN; H Y; tirumal reddy
> > Cc : dots@ietf.org
> > Objet : RE: [Dots] Fwd: New Version Notification for draft-reddy-dots-
> > telemetry-00.txt
> >
> > > -----Original Message-----
> > > From: mohamed.boucadair@orange.com
> > > <mohamed.boucadair@orange.com>;
> > > Sent: Wednesday, July 24, 2019 6:02 PM
> > > To: Konda, Tirumaleswar Reddy
> > > <TirumaleswarReddy_Konda@McAfee.com>;; H Y
> > > <yuuhei.hayashi@gmail.com>;; tirumal reddy <kondtir@gmail.com>;
> > > Cc: dots@ietf.org
> > > Subject: RE: [Dots] Fwd: New Version Notification for draft-reddy-dots-
> > > telemetry-00.txt
> > >
> > > This email originated from outside of the organization. Do not click
> > links or
> > > open attachments unless you recognize the sender and know the content is
> > > safe.
> > >
> > > Hi Tiru,
> > >
> > > That’s true...but fragmentation is a general issue each time we need to
> > > supply more telemetry information in the signal channel. As already
> > noted in
> > > the draft, we will need to figure out when it is better to provide some
> > > telemetry information using data channel.
> >
> > Yes, normal traffic baseline attributes can be conveyed in the DOTS data
> > channel and traffic from top talkers can also be blocked/rate-limited
> > using the DOTS data channel during peace time.
> >
> > >
> > > BTW, "top talker" can already be supplied using source-prefix attribute.
> > > Whether top-talker needs to be defined as a separated attribute, but
> > > structured as a list of source-prefixes is a design details (if the WG
> > agrees to
> > > include it in the telemetry information).
> >
> > Source-prefix is already a list/array.
>
> [Med] Yes. My point is if one has to return a list of top-talkers in terms of pps, another list of top-talkers in terms of second_criteria, or other information relying on source-prefix dedicated attributes will be needed because this cannot be inferred from the current source-prefix attribute.
>
> >
> > >
> > > Anyway, let's continue collecting candidate telemetry information and
> > then
> > > make a selection in a second phase.
> >
> > Sure.
> >
> > Cheers,
> > -Tiru
> >
> > >
> > > Cheers,
> > > Med
> > >
> > > > -----Message d'origine-----
> > > > De : Dots [mailto:dots-bounces@ietf.org] De la part de Konda,
> > > > Tirumaleswar Reddy Envoyé : mercredi 24 juillet 2019 14:18 À : H Y;
> > > > tirumal reddy Cc : dots@ietf.org Objet : Re: [Dots] Fwd: New Version
> > > > Notification for draft-reddy-dots- telemetry-00.txt
> > > >
> > > > Hi Yuhei,
> > > >
> > > > Thanks for the support. The problem is fragmentation of the DOTS
> > > > telemetry message, DOTS Telemetry is sent over the DOTS signal channel
> > > > using UDP and the message size cannot exceed PMTU.
> > > >
> > > > Cheers,
> > > > -Tiru
> > > >
> > > > > -----Original Message-----
> > > > > From: Dots <dots-bounces@ietf.org>; On Behalf Of H Y
> > > > > Sent: Tuesday, July 23, 2019 5:28 PM
> > > > > To: tirumal reddy <kondtir@gmail.com>;
> > > > > Cc: dots@ietf.org
> > > > > Subject: Re: [Dots] Fwd: New Version Notification for
> > > > > draft-reddy-dots- telemetry-00.txt
> > > > >
> > > > > This email originated from outside of the organization. Do not click
> > > > links or
> > > > > open attachments unless you recognize the sender and know the
> > > > > content is safe.
> > > > >
> > > > > Hi Tiru,
> > > > >
> > > > > I read the draft and I also support this draft.
> > > > > Sending detail information about attack traffic helps my dms offload
> > > > scenario
> > > > > because the orchestrator can decide what to do based on the detail
> > > > > information.
> > > > >
> > > > > IMO, "top talker" attribute defined in my previous draft is also
> > > > feasible to
> > > > > send and effective to mitigate attack correctly.
> > > > > https://datatracker.ietf.org/doc/draft-h-dots-mitigation-offload-
> > > > expansion/
> > > > > What do you think about including the top talker attribute to the
> > > > telemetry?
> > > > >
> > > > > Thanks,
> > > > > Yuhei
> > > > >
> > > > > 2019年7月5日(金) 9:21 tirumal reddy <kondtir@gmail.com>;:
> > > > > >
> > > > > > Hi all,
> > > > > >
> > > > > > https://tools.ietf.org/html/draft-reddy-dots-telemetry-00 aims to
> > > > enrich
> > > > > DOTS protocols with various telemetry attributes allowing optimal
> > > > > DDoS attack mitigation. This document specifies the normal traffic
> > > > > baseline
> > > > and
> > > > > attack traffic telemetry attributes a DOTS client can convey to its
> > > > > DOTS
> > > > server
> > > > > in the mitigation request, the mitigation status telemetry
> > > > > attributes a
> > > > DOTS
> > > > > server can communicate to a DOTS client, and the mitigation efficacy
> > > > > telemetry attributes a DOTS client can communicate to a DOTS server.
> > > > The
> > > > > telemetry attributes can assist the mitigator to choose the DDoS
> > > > mitigation
> > > > > techniques and perform optimal DDoS attack mitigation.
> > > > > >
> > > > > > Comments, suggestions, and questions are more than welcome.
> > > > > >
> > > > > > Cheers,
> > > > > > -Tiru
> > > > > >
> > > > > > ---------- Forwarded message ---------
> > > > > > From: <internet-drafts@ietf.org>;
> > > > > > Date: Fri, 5 Jul 2019 at 18:44
> > > > > > Subject: New Version Notification for
> > > > > > draft-reddy-dots-telemetry-00.txt
> > > > > > To: Tirumaleswar Reddy <kondtir@gmail.com>;, Ehud Doron
> > > > > > <ehudd@radware.com>;, Mohamed Boucadair
> > > > > <mohamed.boucadair@orange.com>;
> > > > > >
> > > > > >
> > > > > >
> > > > > > A new version of I-D, draft-reddy-dots-telemetry-00.txt has been
> > > > > > successfully submitted by Tirumaleswar Reddy and posted to the
> > > > > > IETF repository.
> > > > > >
> > > > > > Name:           draft-reddy-dots-telemetry
> > > > > > Revision:       00
> > > > > > Title:          Distributed Denial-of-Service Open Threat
> > Signaling
> > > > (DOTS)
> > > > > Telemetry
> > > > > > Document date:  2019-07-05
> > > > > > Group:          Individual Submission
> > > > > > Pages:          13
> > > > > > URL:            https://www.ietf.org/internet-drafts/draft-reddy-
> > dots-
> > > > > telemetry-00.txt
> > > > > > Status:         https://datatracker.ietf.org/doc/draft-reddy-dots-
> > > > telemetry/
> > > > > > Htmlized:       https://tools.ietf.org/html/draft-reddy-dots-
> > > > telemetry-00
> > > > > > Htmlized:       https://datatracker.ietf.org/doc/html/draft-reddy-
> > > > dots-
> > > > > telemetry
> > > > > >
> > > > > >
> > > > > > Abstract:
> > > > > >    This document aims to enrich DOTS signal channel protocol with
> > > > > >    various telemetry attributes allowing optimal DDoS attack
> > > > mitigation.
> > > > > >    This document specifies the normal traffic baseline and attack
> > > > > >    traffic telemetry attributes a DOTS client can convey to its
> > DOTS
> > > > > >    server in the mitigation request, the mitigation status
> > telemetry
> > > > > >    attributes a DOTS server can communicate to a DOTS client, and
> > the
> > > > > >    mitigation efficacy telemetry attributes a DOTS client can
> > > > > >    communicate to a DOTS server.  The telemetry attributes can
> > assist
> > > > > >    the mitigator to choose the DDoS mitigation techniques and
> > perform
> > > > > >    optimal DDoS attack mitigation.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > Please note that it may take a couple of minutes from the time of
> > > > > > submission until the htmlized version and diff are available at
> > > > tools.ietf.org.
> > > > > >
> > > > > > The IETF Secretariat
> > > > > >
> > > > > > _______________________________________________
> > > > > > Dots mailing list
> > > > > > Dots@ietf.org
> > > > > > https://www.ietf.org/mailman/listinfo/dots
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > ----------------------------------
> > > > > Yuuhei HAYASHI
> > > > > 08065300884
> > > > > yuuhei.hayashi@gmail.com
> > > > > iehuuy_0220@docomo.ne.jp
> > > > > ----------------------------------
> > > > >
> > > > > _______________________________________________
> > > > > Dots mailing list
> > > > > Dots@ietf.org
> > > > > https://www.ietf.org/mailman/listinfo/dots
> > > > _______________________________________________
> > > > Dots mailing list
> > > > Dots@ietf.org
> > > > https://www.ietf.org/mailman/listinfo/dots



-- 
----------------------------------
Yuuhei HAYASHI
08065300884
yuuhei.hayashi@gmail.com
iehuuy_0220@docomo.ne.jp
----------------------------------