Re: [Dots] WGLC for draft-dots-use-cases-19

H Y <yuuhei.hayashi@gmail.com> Thu, 15 August 2019 12:25 UTC

Return-Path: <yuuhei.hayashi@gmail.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3144912004A for <dots@ietfa.amsl.com>; Thu, 15 Aug 2019 05:25:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id otdYbzQL1HLo for <dots@ietfa.amsl.com>; Thu, 15 Aug 2019 05:25:20 -0700 (PDT)
Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F77B120043 for <dots@ietf.org>; Thu, 15 Aug 2019 05:25:20 -0700 (PDT)
Received: by mail-lj1-x22b.google.com with SMTP id u15so2080307ljl.3 for <dots@ietf.org>; Thu, 15 Aug 2019 05:25:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=vGwEzpoZ1NZp2PTw0lf5cUcxNJeOQATgiPxI1Z3lKEo=; b=CN2dJ8x5m0M4bi5pa2RDAIVMktUYsLnWCwMKud+L45IeSWeaIqKHzM/hOYghrOiQSi Y+kwRAoJuXdm0Xw79t1qG1vkTCfGrAp/yGd9+W5GQyf/HHtq3f8m1zY9+DgysWgMuhkM 5u4/oeNGb2sVlgux4kHu5+09UaMO5QBo8JRXbmX2hKKAqSagx1gYS63mXedwrgJC4HJO uK+GlF17ta0U0jvjOdT8mZeN1cGwoz2rsrhM8pqZximo7Vet/5TZtIqvlHBhKZGK0wWA r9d2BfW6q3KjieRD6JHV93BbU0upX5naIMsACLm//RwmlTHBOVFQPpMFPPl4+RAC3+VN FKBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=vGwEzpoZ1NZp2PTw0lf5cUcxNJeOQATgiPxI1Z3lKEo=; b=gqL+tFl2xUttzgLss4WhhtPiZQoQC9TVEyr4TFNWER37MmRK9xsBg7hs9Qb2PPrjyR VbqNcm+8zBzvcufClEXXwex593p+hjk6bbIIr7d/ZVArc+NaDRQzPZ6KutwUvkam4aF6 Bq+wUxprpiXR1FlYoNLeQRP9GxfVBHiLJj6k3KFl3xLS9/aAFV91zI9dQhvT91hZfb4z ueheO7Upzefqm5LHGjTp6If1Q6AGxb2i3WMBQNAnoXQam0PWLCicKqZe7Bx3suHd5WR2 TbrgSjDq7J7fTbTq53TzaE567sgZy15MZMoqASp6svxszR+t5YZbUGZiOpOXhuwihiOG jN+Q==
X-Gm-Message-State: APjAAAXtSk4KW4caXIm5jXN5XLIFjRxQtDT2IxX4cSnA8xfUY/1/XX+5 5Bm3YrqOnnJ/w22EAxzyZ/XG1VD5Xuf1uDuKjbQ=
X-Google-Smtp-Source: APXvYqzXIK5AyqWjXRhk1IrqJaMkPAnzkgDRMGha6RHoRhCyJtS4rdV5c2xL6O2/XfrPEVCyGehpcwsPVjWFdzQ13KQ=
X-Received: by 2002:a2e:8559:: with SMTP id u25mr2532051ljj.224.1565871917996; Thu, 15 Aug 2019 05:25:17 -0700 (PDT)
MIME-Version: 1.0
References: <00b001d54c1f$d57799e0$8066cda0$@smyslov.net> <DM5PR16MB17050571BAD70FACA597FA6CEAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDB17@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB170555606E26709FC5C54AA4EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDBC8@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB17050DF869BABA8B3670DC85EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDC3B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB1705E573DE3E7482115B9FE0EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDC6C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB170551C20908654A0F6428D7EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDDC9@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB1705CBD6DF992D7FB9178B29EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDE6B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB17055591ECA5EC49A2947A3EEAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDF39@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB1705C92B4A4C6E0EE0F3BBD9EAD40@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FF7C4@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B9330312FF7C4@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
From: H Y <yuuhei.hayashi@gmail.com>
Date: Thu, 15 Aug 2019 21:25:04 +0900
Message-ID: <CAA8pjUPYqHT3pQ3vD0Q6OpH0MWNm8bgwL+VB4cRTFfnUFdN0Qw@mail.gmail.com>
To: Mohamed Boucadair <mohamed.boucadair@orange.com>, "dots@ietf.org" <dots@ietf.org>
Cc: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@mcafee.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/k3pKa6b7gB9OcGWuCQT1NQpm0Mw>
Subject: Re: [Dots] WGLC for draft-dots-use-cases-19
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Aug 2019 12:25:23 -0000

Hi,

> OK. I prepared a proposal at: https://github.com/dotswg/dots-use-cases/pull/11/files
Thank you for the proposal. I agree with it too.

Thanks,
Yuhei

2019年8月8日(木) 16:14 <mohamed.boucadair@orange.com>;:
>
> Hi Tiru,
>
> OK. I prepared a proposal at: https://github.com/dotswg/dots-use-cases/pull/11/files
>
> Cheers,
> Med
>
> > -----Message d'origine-----
> > De : Konda, Tirumaleswar Reddy [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > Envoyé : mercredi 7 août 2019 08:35
> > À : BOUCADAIR Mohamed TGI/OLN; Valery Smyslov; dots@ietf.org
> > Cc : Xialiang (Frank, Network Standard & Patent Dept)
> > Objet : RE: [Dots] WGLC for draft-dots-use-cases-19
> >
> > > -----Original Message-----
> > > From: mohamed.boucadair@orange.com
> > > <mohamed.boucadair@orange.com>;
> > > Sent: Tuesday, August 6, 2019 7:06 PM
> > > To: Konda, Tirumaleswar Reddy
> > > <TirumaleswarReddy_Konda@McAfee.com>;; Valery Smyslov
> > > <valery@smyslov.net>;; dots@ietf.org
> > > Cc: Xialiang (Frank, Network Standard & Patent Dept)
> > > <frank.xialiang@huawei.com>;
> > > Subject: RE: [Dots] WGLC for draft-dots-use-cases-19
> > >
> > > This email originated from outside of the organization. Do not click
> > links or
> > > open attachments unless you recognize the sender and know the content is
> > > safe.
> > >
> > > Re-,
> > >
> > > Please see inline.
> > >
> > > Cheers,
> > > Med
> > >
> > > > -----Message d'origine-----
> > > > De : Konda, Tirumaleswar Reddy
> > > > [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > > > Envoyé : mardi 6 août 2019 15:08
> > > > À : BOUCADAIR Mohamed TGI/OLN; Valery Smyslov; dots@ietf.org Cc :
> > > > Xialiang (Frank, Network Standard & Patent Dept) Objet : RE: [Dots]
> > > > WGLC for draft-dots-use-cases-19
> > > >
> > > ...
> > > > > > > [Med] The recursive case is not covered in the current text. I
> > > > > > > don't
> > > > > > think we
> > > > > > > need to elaborate on this further.
> > > > > >
> > > > > > I don't understand why recursive case should be excluded in the
> > > > > > current text ?
> > > > >
> > > > > [Med] Because the use-case draft does not cover this: It only covers
> > > > > the
> > > > case
> > > > > of an orchestrator talking to local routers.
> > > >
> > > > My question is why shouldn't the use case draft cover this ?
> > >
> > > [Med] Isn't this captured with the following?
> > >
> > >    o  DDoS Mitigation System (DMS): A system that performs DDoS
> > >       mitigation.  The DDoS Mitigation System may be composed by a
> > >       cluster of hardware and/or software resources, but could also
> > >       involve an orchestrator that may take decisions such as
> > >       outsourcing partial or more of the mitigation to another DDoS
> > >
> > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > > ^^
> > >       Mitigation System.
> > >
> > > And
> > >
> > >    Another typical scenario for this use case is the relation between
> > >    DDoS Mitigation Service Providers forming an overlay of DMS.  When a
> > >    DDoS Mitigation Service Provider mitigating a DDoS attack reaches it
> > >    resources capacities, it may choose to delegate the DDoS Mitigation
> > to
> > >    another DDoS Mitigation Service Provider.
> >
> > I missed above text, Thanks.
> >
> > >
> > > >
> > > > >
> > > > > >
> > > > > > >
> > > > > > >  However If orchestrator is enforcing
> > > > > > > > filtering rules on routers, it should create the black-list
> > > > > > > > rules based on the non-spoofed attacker IP address and not use
> > > > > > > > the spoofed victim IP addresses.
> > > > > > > >
> > > > > > >
> > > > > > > [Med] Agree. Whether the check is done at the orchestrator or by
> > > > > > > the
> > > > > > DMS,
> > > > > > > is not a new concern. The DMS has to proceed with these checks,
> > > > anyway.
> > > > > > I
> > > > > > > fail to see what is NEW and SPECIFIC to the offload scenario.
> > > > > >
> > > > > > In this case the check has to be done by orchestrator when
> > > > > > enforcing black-list rules not to penalize the spoofed victim IP
> > > > > > addresses and should be discussed in the new use case.
> > > > >
> > > > > [Med] This requirement has to be followed by the DMS, anyway. This
> > > > > is
> > > > not a
> > > > > new issue, Tiru.
> > > >
> > > > No, sending attack information to the DOTS server is not covered in
> > > > any of the WG documents.
> > > >
> > >
> > > [Med] The text is about "additional hints". This is all what DOTS is
> > about :-)
> >
> > Yes, but the NEW text is discussing conveying attack information for the
> > first time and it needs more details.
> >
> > >
> > > > >
> > > > >  I don't see any other use case in
> > > > > > the specification discussing offload scenario with propagating the
> > > > > > attack information and I recommend updating the text discussing
> > > > > > the above scenarios.
> > > > >
> > > > > [Med] We don't have a similar text for the DMS case because
> > > > > mitigation
> > > > is
> > > > > out of scope. I'm expecting to follow the some rationale for the
> > > > offload.
> > > >
> > > > If mitigation is out of scope, remove the following line:
> > > > Then the orchestrator can take further actions like requesting
> > > > forwarding nodes such as routers to filter the traffic.
> > >
> > > [Med] This sentence is similar to saying the "DMS starts mitigation" but
> > with
> > > more contextualized information for a network orchestrator. The sentence
> > > uses "can", "like" which is fine for illustration purposes. As a reader,
> > I prefer
> > > to leave it.
> >
> > I suggest to add more details discussed in the thread. Anyways, will leave
> > it to you and the authors to decide, and I am not objecting to progressing
> > the draft
> > without the proposed update.
> >
> > Cheers,
> > -Tiru
> _______________________________________________
> Dots mailing list
> Dots@ietf.org
> https://www.ietf.org/mailman/listinfo/dots



-- 
----------------------------------
Yuuhei HAYASHI
08065300884
yuuhei.hayashi@gmail.com
iehuuy_0220@docomo.ne.jp
----------------------------------