Re: [Dots] draft-ietf-dots-telemetry: URI-Query
mohamed.boucadair@orange.com Mon, 06 April 2020 09:50 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE5843A0D02 for <dots@ietfa.amsl.com>; Mon, 6 Apr 2020 02:50:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ZyVd1ve4be3 for <dots@ietfa.amsl.com>; Mon, 6 Apr 2020 02:50:38 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1ED583A0D05 for <dots@ietf.org>; Mon, 6 Apr 2020 02:50:38 -0700 (PDT)
Received: from opfednr02.francetelecom.fr (unknown [xx.xx.xx.66]) by opfednr25.francetelecom.fr (ESMTP service) with ESMTP id 48wm4Q23SNzCqtv; Mon, 6 Apr 2020 11:50:30 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1586166630; bh=9WJB0MEKo5PrrzxPHkiiFNKZqxC5AZqghulgw+EW5FQ=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=xFVwJRLsT741Vl+6Ao+FJytgfqNQkoysJySez/z8NGpzKys2sIgzeWKU84QYhPpLK vwWPSH8maEQsdzjWP4g8qhXfbF08TNpBa1Gh9/r2x7r+1UzbVzCLut6IRCCPnsN4pA 4KqNdx95B8j8YtZvqF6AYcZLIULXpg3yZldhfajyCjit4RSrbXQkQB+0Pv66W6swh4 UBycTq0WUcK3Fx86JjPRLc4BlFg7zyJBV3JRX3zplJPiPoDWEb2jR78FULeBy3okxP yUg1xJmQafvPkhbSHuT+ER+lJZKRV2dpDBpVb6Yw3Bfagzm797FUnZOqi8qSAfLgQO WANqyNoOI+8lA==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.51]) by opfednr02.francetelecom.fr (ESMTP service) with ESMTP id 48wm4Q1HvVz8sYw; Mon, 6 Apr 2020 11:50:30 +0200 (CEST)
From: mohamed.boucadair@orange.com
To: Jon Shallow <supjps-ietf@jpshallow.com>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] draft-ietf-dots-telemetry: URI-Query
Thread-Index: AQIwK25rW36R5rWx96QHgnlpzaSOc6e2UTAAgAFGi8A=
Date: Mon, 06 Apr 2020 09:50:29 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B93303148EC0C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <787AE7BB302AE849A7480A190F8B93303148E648@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <148e01d60b57$18a0f3f0$49e2dbd0$@jpshallow.com>
In-Reply-To: <148e01d60b57$18a0f3f0$49e2dbd0$@jpshallow.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.245]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/dpfcN4uv5Hn280Xh0J80px73Ij8>
Subject: Re: [Dots] draft-ietf-dots-telemetry: URI-Query
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Apr 2020 09:50:41 -0000
Hi Jon,
We do already use Uri-Query options to filter the GET data for /mitigate. We can enhance that feature to further filter out data for reasons that are specific to a DOTS client (e.g., focus on a specific alias). We might consider requests such as this one:
Header: GET (Code=0.01)
Uri-Path: ".well-known"
Uri-Path: "dots"
Uri-Path: "mitigate"
Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw"
Uri-Path: "mid=12332"
Uri-Query: "target-alias=https1"
Observe: 0
Nevertheless, I don't think it makes sense to send a GET with targets that supersede the one of a /mid.
If an agent is interested to receive asynchronous notifications for targets not covered by a mitigation, this should be done with /tm (that can be filtered using the Uri-queries as an attack progresses).
Cheers,
Med
> -----Message d'origine-----
> De : Jon Shallow [mailto:supjps-ietf@jpshallow.com]
> Envoyé : dimanche 5 avril 2020 16:33
> À : BOUCADAIR Mohamed TGI/OLN; dots@ietf.org
> Objet : RE: [Dots] draft-ietf-dots-telemetry: URI-Query
>
> Hi Med,
>
> I initially thought of using Queries for the /mitigate case - as a
> DOTS client my IP is getting hammered so I put in a PUT /mitigate with
> just a target-prefix for my IP. Then I can focus in on detail by
> doing a GET /mitigation with Queries to filter down the potential
> abundance of data flowing back with the telemetry extensions.
> Likewise, if I did a PUT /mitigate with both target-prefix and target-
> port but am also interested with what is happening on other ports I
> could do a GET /mitigate with Queries which supersede what the PUT
> /mitigate specified.
>
> Yes, this can all be done with a PUT /tm and a vanilla GET /tm - but
> then I would need to be sending both a PUT and GET - increasing
> traffic - if I wanted to look at different scenarios and then add in a
> DELETE to the mix to keep down the number of tmids. A big burst of
> analysis could consume many tmids, and then we need to consider what
> happens when there is a wraparound of the tmid counter. Here, a
> simple PUT to initiate telemetry recording followed by GETs with
> different Queries may give flexibility needed.
>
> From the DOTS server perspective, at the CoAP level, each different
> tmid for a cuid is a different resource which is potentially
> observable (and so needs to be unique). Rapidly changing resources
> adds in unnecessary overhead.
>
> Regards
>
> Jon
>
> > -----Original Message-----
> > From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of
> mohamed.boucadair@orange.com
> > Sent: 05 April 2020 08:58
> > To: Jon Shallow; dots@ietf.org
> > Subject: [Dots] draft-ietf-dots-telemetry: URI-Query
> >
> > Hi Jon,
> >
> > For /tm, a client that is interested to receive notifications for a
> particular target
> > (@, port, protocol, etc.) can maintain only a tmid with that target
> using a PUT
> > request. What is the benefit if the dots client sends a PUT /tm for
> an IP prefix,
> > but then sends a GET to target the notifications bound to a specific
> protocol?
> >
> > Cheers,
> > Med
> >
> > > -----Message d'origine-----
> > > De : Jon Shallow [mailto:supjps-ietf@jpshallow.com]
> > > Envoyé : vendredi 3 avril 2020 16:17
> > > À : BOUCADAIR Mohamed TGI/OLN; dots@ietf.org
> > > Objet : RE: [Dots] /mitigate RE: New Version Notification for
> draft-
> > > ietf-dots-telemetry-05.txt
> > >
> > >
> > > Jon> What about the use of Uri-Queries to filter on what is
> returned
> > > for a GET?
> > > >
> >
> > _______________________________________________
> > Dots mailing list
> > Dots@ietf.org
> > https://www.ietf.org/mailman/listinfo/dots
- [Dots] draft-ietf-dots-telemetry: URI-Query mohamed.boucadair
- Re: [Dots] draft-ietf-dots-telemetry: URI-Query Jon Shallow
- Re: [Dots] draft-ietf-dots-telemetry: URI-Query mohamed.boucadair
- Re: [Dots] draft-ietf-dots-telemetry: URI-Query Jon Shallow
- Re: [Dots] draft-ietf-dots-telemetry: URI-Query mohamed.boucadair
- Re: [Dots] draft-ietf-dots-telemetry: URI-Query Jon Shallow
- Re: [Dots] draft-ietf-dots-telemetry: URI-Query mohamed.boucadair
- Re: [Dots] draft-ietf-dots-telemetry: URI-Query Jon Shallow