Re: [Dots] WGLC for draft-dots-use-cases-19

<mohamed.boucadair@orange.com> Thu, 08 August 2019 07:14 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74DAD12010E for <dots@ietfa.amsl.com>; Thu, 8 Aug 2019 00:14:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dc6OhT7UL37d for <dots@ietfa.amsl.com>; Thu, 8 Aug 2019 00:14:13 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.36]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE35612010D for <dots@ietf.org>; Thu, 8 Aug 2019 00:14:12 -0700 (PDT)
Received: from opfednr01.francetelecom.fr (unknown [xx.xx.xx.65]) by opfednr25.francetelecom.fr (ESMTP service) with ESMTP id 46403l11dpzCrgl; Thu, 8 Aug 2019 09:14:11 +0200 (CEST)
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.23]) by opfednr01.francetelecom.fr (ESMTP service) with ESMTP id 46403l0TZ6zDq7B; Thu, 8 Aug 2019 09:14:11 +0200 (CEST)
Received: from OPEXCAUBMA2.corporate.adroot.infra.ftgroup ([fe80::e878:bd0:c89e:5b42]) by OPEXCAUBM41.corporate.adroot.infra.ftgroup ([::1]) with mapi id 14.03.0468.000; Thu, 8 Aug 2019 09:14:10 +0200
From: <mohamed.boucadair@orange.com>
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
CC: "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] WGLC for draft-dots-use-cases-19
Thread-Index: AdVMHvzhmt/V33ByRr+d368GCi1ExgABDh/gAAA/2oAAAmsFAAAApBygAAFk76AAAGXy8AAALP6QAAB9ubAAA9IiYAABiL4AAABR/TAAAPXKAAAAowWgAABjpEAAJBX+4AAz0QbA
Date: Thu, 8 Aug 2019 07:14:10 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B9330312FF7C4@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <00b001d54c1f$d57799e0$8066cda0$@smyslov.net> <DM5PR16MB17050571BAD70FACA597FA6CEAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDB17@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB170555606E26709FC5C54AA4EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDBC8@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB17050DF869BABA8B3670DC85EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDC3B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB1705E573DE3E7482115B9FE0EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDC6C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB170551C20908654A0F6428D7EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDDC9@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB1705CBD6DF992D7FB9178B29EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDE6B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB17055591ECA5EC49A2947A3EEAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDF39@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB1705C92B4A4C6E0EE0F3BBD9EAD40@DM5PR16MB1705.namprd16.prod.outlook.com>
In-Reply-To: <DM5PR16MB1705C92B4A4C6E0EE0F3BBD9EAD40@DM5PR16MB1705.namprd16.prod.outlook.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/dAxJ1Jt7m6Mm6hALS1ydR_wNJp8>
Subject: Re: [Dots] WGLC for draft-dots-use-cases-19
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Aug 2019 07:14:15 -0000

Hi Tiru, 

OK. I prepared a proposal at: https://github.com/dotswg/dots-use-cases/pull/11/files 

Cheers,
Med

> -----Message d'origine-----
> De : Konda, Tirumaleswar Reddy [mailto:TirumaleswarReddy_Konda@McAfee.com]
> Envoyé : mercredi 7 août 2019 08:35
> À : BOUCADAIR Mohamed TGI/OLN; Valery Smyslov; dots@ietf.org
> Cc : Xialiang (Frank, Network Standard & Patent Dept)
> Objet : RE: [Dots] WGLC for draft-dots-use-cases-19
> 
> > -----Original Message-----
> > From: mohamed.boucadair@orange.com
> > <mohamed.boucadair@orange.com>;
> > Sent: Tuesday, August 6, 2019 7:06 PM
> > To: Konda, Tirumaleswar Reddy
> > <TirumaleswarReddy_Konda@McAfee.com>;; Valery Smyslov
> > <valery@smyslov.net>;; dots@ietf.org
> > Cc: Xialiang (Frank, Network Standard & Patent Dept)
> > <frank.xialiang@huawei.com>;
> > Subject: RE: [Dots] WGLC for draft-dots-use-cases-19
> >
> > This email originated from outside of the organization. Do not click
> links or
> > open attachments unless you recognize the sender and know the content is
> > safe.
> >
> > Re-,
> >
> > Please see inline.
> >
> > Cheers,
> > Med
> >
> > > -----Message d'origine-----
> > > De : Konda, Tirumaleswar Reddy
> > > [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > > Envoyé : mardi 6 août 2019 15:08
> > > À : BOUCADAIR Mohamed TGI/OLN; Valery Smyslov; dots@ietf.org Cc :
> > > Xialiang (Frank, Network Standard & Patent Dept) Objet : RE: [Dots]
> > > WGLC for draft-dots-use-cases-19
> > >
> > ...
> > > > > > [Med] The recursive case is not covered in the current text. I
> > > > > > don't
> > > > > think we
> > > > > > need to elaborate on this further.
> > > > >
> > > > > I don't understand why recursive case should be excluded in the
> > > > > current text ?
> > > >
> > > > [Med] Because the use-case draft does not cover this: It only covers
> > > > the
> > > case
> > > > of an orchestrator talking to local routers.
> > >
> > > My question is why shouldn't the use case draft cover this ?
> >
> > [Med] Isn't this captured with the following?
> >
> >    o  DDoS Mitigation System (DMS): A system that performs DDoS
> >       mitigation.  The DDoS Mitigation System may be composed by a
> >       cluster of hardware and/or software resources, but could also
> >       involve an orchestrator that may take decisions such as
> >       outsourcing partial or more of the mitigation to another DDoS
> >
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > ^^
> >       Mitigation System.
> >
> > And
> >
> >    Another typical scenario for this use case is the relation between
> >    DDoS Mitigation Service Providers forming an overlay of DMS.  When a
> >    DDoS Mitigation Service Provider mitigating a DDoS attack reaches it
> >    resources capacities, it may choose to delegate the DDoS Mitigation
> to
> >    another DDoS Mitigation Service Provider.
> 
> I missed above text, Thanks.
> 
> >
> > >
> > > >
> > > > >
> > > > > >
> > > > > >  However If orchestrator is enforcing
> > > > > > > filtering rules on routers, it should create the black-list
> > > > > > > rules based on the non-spoofed attacker IP address and not use
> > > > > > > the spoofed victim IP addresses.
> > > > > > >
> > > > > >
> > > > > > [Med] Agree. Whether the check is done at the orchestrator or by
> > > > > > the
> > > > > DMS,
> > > > > > is not a new concern. The DMS has to proceed with these checks,
> > > anyway.
> > > > > I
> > > > > > fail to see what is NEW and SPECIFIC to the offload scenario.
> > > > >
> > > > > In this case the check has to be done by orchestrator when
> > > > > enforcing black-list rules not to penalize the spoofed victim IP
> > > > > addresses and should be discussed in the new use case.
> > > >
> > > > [Med] This requirement has to be followed by the DMS, anyway. This
> > > > is
> > > not a
> > > > new issue, Tiru.
> > >
> > > No, sending attack information to the DOTS server is not covered in
> > > any of the WG documents.
> > >
> >
> > [Med] The text is about "additional hints". This is all what DOTS is
> about :-)
> 
> Yes, but the NEW text is discussing conveying attack information for the
> first time and it needs more details.
> 
> >
> > > >
> > > >  I don't see any other use case in
> > > > > the specification discussing offload scenario with propagating the
> > > > > attack information and I recommend updating the text discussing
> > > > > the above scenarios.
> > > >
> > > > [Med] We don't have a similar text for the DMS case because
> > > > mitigation
> > > is
> > > > out of scope. I'm expecting to follow the some rationale for the
> > > offload.
> > >
> > > If mitigation is out of scope, remove the following line:
> > > Then the orchestrator can take further actions like requesting
> > > forwarding nodes such as routers to filter the traffic.
> >
> > [Med] This sentence is similar to saying the "DMS starts mitigation" but
> with
> > more contextualized information for a network orchestrator. The sentence
> > uses "can", "like" which is fine for illustration purposes. As a reader,
> I prefer
> > to leave it.
> 
> I suggest to add more details discussed in the thread. Anyways, will leave
> it to you and the authors to decide, and I am not objecting to progressing
> the draft
> without the proposed update.
> 
> Cheers,
> -Tiru