IETF Logo Mail Archive

Re: [Dots] draft-h-dots-mitigation-offload-expansion-00: Reasons why we want to standardize between DMS and orchestrator using DOTS

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Thu, 06 December 2018 14:21 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2C79130E3E for <dots@ietfa.amsl.com>; Thu, 6 Dec 2018 06:21:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.76
X-Spam-Level:
X-Spam-Status: No, score=-5.76 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yEBP5-5QMcBn for <dots@ietfa.amsl.com>; Thu, 6 Dec 2018 06:21:14 -0800 (PST)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FDDF130E7E for <dots@ietf.org>; Thu, 6 Dec 2018 06:21:14 -0800 (PST)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1544106092; h=From: To:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-microsoft-exchange-diagnostics: x-ms-exchange-antispam-srfa-diagnostics:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-microsoft-antispam-prvs:x-ms-exchange-senderadcheck: x-exchange-antispam-report-cfa-test:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-microsoft-antispam-message-info: spamdiagnosticoutput:spamdiagnosticmetadata: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=L uv6hRt4QGOafLt1ugZvLaD1tdsf46tXYPPOjAI9Zd g=; b=cnH7/PYDPuZoxUbZ278Wb+2w7G6dGYW5CEIzSQVBjlJV CYDqy+qUozfc+SmQmpqd5TM2SSV2V1DEpLUC8z/xriQ2KLpxzj J0MZw3c0nw7bjPoSdIgqvwPnT5J6vXNn9h8gxOvvozFmhZpdqS G3X90nPjZRtGu3Vr1DhXyVD9UVc=
Received: from DNVEXAPP1N04.corpzone.internalzone.com (DNVEXAPP1N04.corpzone.internalzone.com [10.44.48.88]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 7db8_fe03_56de57f4_6c47_4672_9490_abacfd68ccd2; Thu, 06 Dec 2018 08:21:31 -0600
Received: from DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Thu, 6 Dec 2018 07:20:53 -0700
Received: from DNVEX10N01.corpzone.internalzone.com (10.44.82.192) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1347.2 via Frontend Transport; Thu, 6 Dec 2018 07:20:53 -0700
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEX10N01.corpzone.internalzone.com (10.44.82.192) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 6 Dec 2018 07:20:53 -0700
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (10.44.176.241) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Thu, 6 Dec 2018 07:20:52 -0700
Received: from BN6PR16MB1425.namprd16.prod.outlook.com (10.172.207.19) by BN6PR16MB1633.namprd16.prod.outlook.com (10.172.27.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1382.22; Thu, 6 Dec 2018 14:20:52 +0000
Received: from BN6PR16MB1425.namprd16.prod.outlook.com ([fe80::b8de:7bb:cfa3:22ee]) by BN6PR16MB1425.namprd16.prod.outlook.com ([fe80::b8de:7bb:cfa3:22ee%8]) with mapi id 15.20.1404.021; Thu, 6 Dec 2018 14:20:52 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Yuhei Hayashi <hayashi.yuhei@lab.ntt.co.jp>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] draft-h-dots-mitigation-offload-expansion-00: Reasons why we want to standardize between DMS and orchestrator using DOTS
Thread-Index: AQHUh8AeLH0DTNnxvkmtfqLXZPLeuaVxzB6g
Date: Thu, 06 Dec 2018 14:20:52 +0000
Message-ID: <BN6PR16MB14259B2A1F59C56414853489EAA90@BN6PR16MB1425.namprd16.prod.outlook.com>
References: <60792ae9-9e70-bfda-cd2c-a1112c7dbb29@lab.ntt.co.jp>
In-Reply-To: <60792ae9-9e70-bfda-cd2c-a1112c7dbb29@lab.ntt.co.jp>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.1.0.61
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [122.167.172.10]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR16MB1633; 6:bUQdwEpnpcKv855EEr4GfDF4vp/bn1eco9WGC3i1dpz9Wd0WGXtHtk1HGfnkGAWbrb2AP99ULtLyeov3rUOhjiaZug9WQtLUAYL08DRFTRhUz8a0YvnIpT+AQbP9Chhw2wKoRipq6HBvMC+cjpeLtJdqVro01k1Bub8rpQ8UzJR9nmghzbQn5Hm1yXbKKiB+uEg8ojmty0DxrgjL8ARD2YrG+2fl5WyyF7JHMkuKlPDNyVhyAWnFe5kTXfJfmCgZF8y0lbeiDvs9V2sSQ2HshLPTWFkibRnZYUYMyI57DNuTR/IbbUEsPuoX7B5MhnboQtE/k48XdeWG/La16SOHOZcW48zlIEND2pQePKxRLMegoCtTyovyJUKi6SA8EQ/ZS/mHi/r7SZ5eZS09V3X5oTnJlLCP9ftqdVAmnwdoBwBV4wlCEfDR+z4OUeR21lBqOWRambRjqAXVAm/VXb7m4Q==; 5:JC4CiWXkoQmJD3kPA3T+XR7ce6LOB/DbVNR0Um0gtZbjPmTiB9yK0sdqucTAWIrZW8XuP3QfUr2Wz3hyUb8oz6qpcDVkNra5tDeXYaXW+NYu8bT6zWTw/m7NhwAZlicq1Kp+U2XgXRanpjGYnlv152YwGSaAiPGFK8kb4dH+uXY=; 7:UC4ZpKx00Uc9lp4XUjFvkjxd0t0HvbbLtT8DFeYFtIHjsujyvk5B+9Cj4hNR59FBvsIdRt2jBHcHk1HRdft/aIONpLhpb3Hiksg32fTvao2MIJP9jo+CiraoI7hKkwsMywO9+YeIGHidQSQNj8FOjQ==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: a95c87db-9bbe-4ac3-f273-08d65b86070f
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390098)(7020095)(4652040)(8989299)(5600074)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:BN6PR16MB1633;
x-ms-traffictypediagnostic: BN6PR16MB1633:
x-microsoft-antispam-prvs: <BN6PR16MB16331FBEF184F5C24A753D40EAA90@BN6PR16MB1633.namprd16.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231455)(999002)(944501520)(52105112)(148016)(149066)(150057)(6041310)(20161123562045)(20161123558120)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(201708071742011)(7699051)(76991095); SRVR:BN6PR16MB1633; BCL:0; PCL:0; RULEID:; SRVR:BN6PR16MB1633;
x-forefront-prvs: 087894CD3C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(136003)(39860400002)(366004)(396003)(199004)(189003)(13464003)(32952001)(99286004)(105586002)(55016002)(53936002)(14454004)(345774005)(6436002)(71200400001)(229853002)(966005)(33656002)(71190400001)(256004)(478600001)(9686003)(476003)(97736004)(80792005)(5024004)(72206003)(53546011)(25786009)(78486014)(11346002)(6246003)(5660300001)(6306002)(102836004)(86362001)(6506007)(8676002)(110136005)(26005)(186003)(66066001)(316002)(74316002)(7736002)(81166006)(8936002)(305945005)(2501003)(446003)(486006)(81156014)(68736007)(2906002)(6116002)(3846002)(7696005)(76176011)(106356001)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR16MB1633; H:BN6PR16MB1425.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: xsz4X0SbgcaXaOdpLcu2/4xr7gSM/wjv64CCD7RWaS4SkgBsFDNBt/elw/cTIfkJ4eA8WjTerIJwbFDLrogoJnWvDdvqnqPyYor0bYbG1G7aF6UeydrfD+/61jypWi4CKyTwX2cQwNKHrP0yJc6JnlTMO8B81gTmQ6vVraNjUJoJTX+UkSy0Vqmgd3sZeELhWhvmw7Hh25jsKxFRf3Qu7/SsU4YQ5gHbKCcRbQVGWcy5ki5FishSE7qSSHxF2XtoAqQUH9lr3M+xNmCxeMnbHgKmT2vRNPiDSeR62F9+YaSBRntukqV2YK6uk7QQrmnJdLPv8eVhWjnqzbWNQFcxHL1FNutPF+li2jRskDQUYmc=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: a95c87db-9bbe-4ac3-f273-08d65b86070f
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Dec 2018 14:20:52.0673 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR16MB1633
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6434> : inlines <6979> : streams <1806345> : uri <2761040>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/gRz0mkxCG3F0a4_E8Hhzu2GY01k>
Subject: Re: [Dots] draft-h-dots-mitigation-offload-expansion-00: Reasons why we want to standardize between DMS and orchestrator using DOTS
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2018 14:21:27 -0000

> -----Original Message-----
> From: Dots <dots-bounces@ietf.org> On Behalf Of Yuhei Hayashi
> Sent: Thursday, November 29, 2018 2:15 PM
> To: dots@ietf.org
> Subject: [Dots] draft-h-dots-mitigation-offload-expansion-00: Reasons why we
> want to standardize between DMS and orchestrator using DOTS
> 
> This email originated from outside of the organization. Do not click links or
> open attachments unless you recognize the sender and know the content is safe.
> 
> Hi Tiru, Flemming,
> 
> Thank you for asking question for my draft "draft-h-dots-mitigation-offload-
> expansion-00" in IETF103.
> 
> I'm sorry I'm late for answering the question.
> These questions are similar so I will answer the question in this one thread.
> > Q: (Tiru Reddy) Why the DMS must use DOTS to talk to the orchestrator?
> > Q: (Flemming Andreasen) Is it worthwhile to standardize the communication
> between the DMS with the orchestrator?
> https://datatracker.ietf.org/meeting/103/materials/minutes-103-dots-00
> 
> We want to use various and latest DMS in DDoS Orchestration usecase because
> DDoS attacks evolve day by day.
> 
> However, syslog format varies from DMS to DMS.
> There is no standardized IF or API between DMS and Orchestrator, so we have
> to develop IF module on orchestrator for adapting the DMS to the orchestrator.
> I think it is obstacle to use various DMS in DDoS Orchestration usecase.
> 
> We are paying attention to DOTS, which is being debated the most as a
> standard for signaling related to DDoS.

The list of top attackers could be huge, DOTS signal channel is supposed to have small message sizes.
DOTS data channel can be used to managing filters. Why not use DOTS data channel to block the traffic from the top N attackers to the target ?

Cheers,
-Tiru

> 
> Thanks,
> Yuhei
> 
> -----------------------------------------
> Nippon Telegraph and Telephone Corporation
>   Network Service Systems Laboratories
>    Transport Service Platform Innovation Project
>     Transport Service Systems Development Project
>      Yuhei Hayashi
> 0422-59-3485
> hayashi.yuhei@lab.ntt.co.jp
> 
> _______________________________________________
> Dots mailing list
> Dots@ietf.org
> https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email