Re: [Dots] Hi, authors, 3 questions on draft-hayashi-dots-dms-offload-usecase-01:

H Y <yuuhei.hayashi@gmail.com> Wed, 24 July 2019 09:53 UTC

Return-Path: <yuuhei.hayashi@gmail.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 428561200D7 for <dots@ietfa.amsl.com>; Wed, 24 Jul 2019 02:53:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sFq-3DOKWrjs for <dots@ietfa.amsl.com>; Wed, 24 Jul 2019 02:53:39 -0700 (PDT)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B9CF120041 for <dots@ietf.org>; Wed, 24 Jul 2019 02:53:38 -0700 (PDT)
Received: by mail-lj1-x234.google.com with SMTP id d24so43874287ljg.8 for <dots@ietf.org>; Wed, 24 Jul 2019 02:53:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-transfer-encoding; bh=lQTAmV7vOtS2yxKfoSDznrRZDaNA8lAgDk+EhSzgVP8=; b=cTX8J/XlhrkuxwFpNiOKTXrDDLRpTKjpvbnjb3inRAUNvZc5iVRbQObB5TkkIhGFeZ wSvnPD0lJ3yuDXVUqhevaSuckcnuhWfmNjJRe7WvHBwpNT0XaGUqwkEw53Y8h22bKWfr 6KQiOSrS1gvYuUYbYeZmCHq+RrozxlhkeSKtRDqbGqeG1C53JxRYRM8QxNSupPo4so61 RpVo+YvnJyl4RT3JT2wdpZZzapqQ7WBVEsk8+OgJFTuZG9py98n4KrxcckiLQ1hkhnVr LXjKgYOP9lRfSkRPH/Sq8mCjWn2Hpdsbb1czWpRMcbAEZxTmeLANqHK+DupDKQ5w5PsZ I5YA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-transfer-encoding; bh=lQTAmV7vOtS2yxKfoSDznrRZDaNA8lAgDk+EhSzgVP8=; b=t8g3zCirrGNpApiNYDUw9fpUH6xw9uViJ1o7cS1AeTLnhodJaVtdeBg+SWJ1NJdext wWleFXgefJlmI5QzZjbKizm+SbRiNLk1wiMmdwfIRYYjG+zR9xm49laB9OWvhiZnmyt6 AMK9zheDCt8EMySL2eXPTi/rvvTtb8NTYcW2YzbJeUYeIg4GRmpMs9qKzst3f1YRpYTb JFXX9wNEix6mPs7NxbOykxLJ0zSt0ndFTmAScbgEs67WmdZOrMdLFsGeLztjjuExXnq+ oMWUamsd86HMPryWql6ZeHQkCU1XsubtWn0FL2hJ5DawQh6XAz63KsjZfuJlkBSaVM7C YdtA==
X-Gm-Message-State: APjAAAUYg2f4kTS3a4sfHhIGVmeN2j9Hp3aHliDC4OrRu5XrozfJj4J6 KIF124gIvOVz+iLpE4vfBNAFuqiONBcBFCdZ+RaaoEuDQ3NBNg==
X-Google-Smtp-Source: APXvYqy5Y8XTg2Sh3kkIKoBmv6CCcbd9Ngn+CEuBoVGpHJ8GCw6XIwcHgXzu58ZWX2J0QY6hudSTumHRbylLxzjMxwk=
X-Received: by 2002:a2e:8449:: with SMTP id u9mr25127934ljh.104.1563962016320; Wed, 24 Jul 2019 02:53:36 -0700 (PDT)
MIME-Version: 1.0
References: <C02846B1344F344EB4FAA6FA7AF481F13E7C878E@dggemm511-mbx.china.huawei.com> <CAA8pjUM9M1Ur5LDjFay0nH1e8=uc5+BeBW9PrD4k3GcqZOJG+w@mail.gmail.com> <787AE7BB302AE849A7480A190F8B93302EACACC9@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <C02846B1344F344EB4FAA6FA7AF481F13E7C88D4@dggemm511-mbx.china.huawei.com> <787AE7BB302AE849A7480A190F8B93302EACADB4@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <30E95A901DB42F44BA42D69DB20DFA6A69FAD716@nkgeml513-mbx.china.huawei.com> <CAA8pjUO+RYjnbP7cJywVfNihEOV7m+rJS3vbEStJamaOwu9+1g@mail.gmail.com> <2019072411480846560114@chinamobile.com>
In-Reply-To: <2019072411480846560114@chinamobile.com>
From: H Y <yuuhei.hayashi@gmail.com>
Date: Wed, 24 Jul 2019 05:58:15 -0400
Message-ID: <CAA8pjUPYXTfLuOzV32GnphKhHjAyBqkJbg7W0NkXgz3cRbw8bA@mail.gmail.com>
To: Meiling Chen <chenmeiling@chinamobile.com>, dots <dots@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/kONDrjpGkgCx3zJOfR3PkJ8UIlM>
Subject: Re: [Dots] Hi, authors, 3 questions on draft-hayashi-dots-dms-offload-usecase-01:
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 09:53:42 -0000

Hi Meiling,

Thank you for reading my draft.
Please see inline.

> what's your mean of ACL name, can you give an example?
[hayashi] The example is written in  5.2.3. Data Channel and Signal
Channel Controlling Filtering. The strategy is that the DOTS client
registers ACL against well-known attack to DOTS server in peace time,
and the DOTS client under attack activates the ACL using
control-filtering based on a detection result of DMS.

> if the ACL strategy installed, you have to consider the process of uninstall.
[hayashi] Thank you for comments. I will consider it.

> we also think attack type is really important, so we want to unify the attack type and this will benefit for mitigation coroperation.
[hayashi] If the orchestrator just has to filter attack at routers to
offload DMS after receiving mitigation request from the DMS, attack
type is not needed. However, if the orchestrator has to carry out
optimized action based on attack type, the attack type is important
attribute.
For example...
- Filtering attack traffic at router against L3-L4 attack.
- Steering attack traffic to security appliance against L7 attack.
I would like to discuss it.

Thanks,
Yuhei




2019年7月23日(火) 23:48 Meiling Chen <chenmeiling@chinamobile.com>;:
>
> Hi yuuhei,
> I have read your latest draft draft-hayashi-dots-dms-offload-00, I have a question:
> In the figure 3, In-band case:
>
> Attack Time                       | Attack Time      |
>   |             | Method : Signal Channel           | Method : Signal  |
>   |             |          Control Filtering        |          Channel |
>   |             | Info : ACL name                   | Control Filtering|
>   |             |                                   | Info : ACL name
>
> what's your mean of ACL name, can you give an example?
> if the ACL strategy installed, you have to consider the process of uninstall.
>
> during your draft of section 5, you said
>
> What type of information can
>    be conveyed by DMS relays on attack type detected by the DMS:
>
> we also think attack type is really important, so we want to unify the attack type and this will benefit for mitigation coroperation.
>
> Best Regards.
> Meiling Chen.
>
> From: H Y
> Date: 2019-07-21 16:02
> To: dots@ietf.org
> CC: draft-hayashi-dots-dms-offload-usecase.authors@ietf.org; neshi-nwsec-p-ml@hco.ntt.co.jp
> Subject: Re: [Dots] Hi, authors, 3 questions on draft-hayashi-dots-dms-offload-usecase-01:
> Hi all,
>
> We updated the draft based on comments.
> I replaced the previous draft.
>
> >Frank, William
> Thank you for reviewing my draft!
>
> > Med
> Thank you for revising my draft!
>
> A new version of I-D, draft-hayashi-dots-dms-offload-00.txt
> has been successfully submitted by Yuhei Hayashi and posted to the
> IETF repository.
>
> Name:           draft-hayashi-dots-dms-offload
> Revision:       00
> Title:          DDoS Mitigation Offload: DOTS Applicability and
> Deployment Considerations
> Document date:  2019-07-20
> Group:          Individual Submission
> Pages:          20
> URL:
> https://www.ietf.org/internet-drafts/draft-hayashi-dots-dms-offload-00.txt
> Status:         https://datatracker.ietf.org/doc/draft-hayashi-dots-dms-offload/
> Htmlized:       https://tools.ietf.org/html/draft-hayashi-dots-dms-offload-00
> Htmlized:
> https://datatracker.ietf.org/doc/html/draft-hayashi-dots-dms-offload
>
>
> Abstract:
>    This document describes a deployment scenario to assess the
>    applicability of DOTS protocols together with a discussion on DOTS
>    deployment considerations of such scenario.  This scenario assumes
>    that a DMS (DDoS Mitigation System) whose utilization rate is high
>    sends its blocked traffic information to an orchestrator using DOTS
>    protocols, then the orchestrator requests forwarding nodes such as
>    routers to filter the traffic.  Doing so enables service providers to
>    mitigate the DDoS attack traffic automatically while ensuring
>    interoperability and distributed filter enforcement.
>
>
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
> 2019年7月12日(金) 2:41 Panwei (William) <william.panwei@huawei.com>;:
> >
> > Hi Med,
> >
> > > [Med] The text may not be clear. It should be fixed: the intent is to use the
> > > src-* attributes defined in the call-home, not the call-home functionality.
> >
> > This is also my confusion when I read the draft, it's good to be fixed.
> >
> > Regards & Thanks!
> > 潘伟 Wei Pan
> > 华为技术有限公司 Huawei Technologies Co., Ltd.
> >
> > > -----Original Message-----
> > > From: Dots [mailto:dots-bounces@ietf.org] On Behalf Of
> > > mohamed.boucadair@orange.com
> > > Sent: Friday, July 12, 2019 2:28 PM
> > > To: Xialiang (Frank, Network Standard & Patent Dept)
> > > <frank.xialiang@huawei.com>;; H Y <yuuhei.hayashi@gmail.com>;
> > > Cc: draft-hayashi-dots-dms-offload-usecase.authors@ietf.org; Valery
> > > Smyslov <valery@smyslov.net>;; dots@ietf.org; neshi-nwsec-p-
> > > ml@hco.ntt.co.jp
> > > Subject: Re: [Dots] Hi, authors, 3 questions on draft-hayashi-dots-dms-
> > > offload-usecase-01:
> > >
> > > Re-,
> > >
> > > Please see inline.
> > >
> > > Cheers,
> > > Med
> > >
> > > > -----Message d'origine-----
> > > > De : Xialiang (Frank, Network Standard & Patent Dept)
> > > > [mailto:frank.xialiang@huawei.com]
> > > > Envoyé : vendredi 12 juillet 2019 08:20 À : BOUCADAIR Mohamed
> > > TGI/OLN;
> > > > H Y Cc : draft-hayashi-dots-dms-offload-usecase.authors@ietf.org;
> > > > Valery Smyslov; dots@ietf.org; neshi-nwsec-p-ml@hco.ntt.co.jp Objet :
> > > > 答复: [Dots] Hi, authors, 3 questions on draft-hayashi-dots-dms-
> > > > offload-usecase-01:
> > > >
> > > > Hi Med,
> > > > I understand your intention more now.
> > > > As the chairs, we prefer to hear more to help us consider how to deal
> > > > with this draft.
> > > >
> > > > See inline:
> > > >
> > > > Thank you!
> > > >
> > > > B.R.
> > > > Frank
> > > >
> > > > -----邮件原件-----
> > > > 发件人: mohamed.boucadair@orange.com
> > > > [mailto:mohamed.boucadair@orange.com]
> > > > 发送时间: 2019年7月12日 13:38
> > > > 收件人: H Y <yuuhei.hayashi@gmail.com>;; Xialiang (Frank, Network
> > > Standard
> > > > & Patent Dept) <frank.xialiang@huawei.com>;
> > > > 抄送: draft-hayashi-dots-dms-offload-usecase.authors@ietf.org; Valery
> > > > Smyslov <valery@smyslov.net>;; dots@ietf.org; neshi-nwsec-p-
> > > > ml@hco.ntt.co.jp
> > > > 主题: RE: [Dots] Hi, authors, 3 questions on draft-hayashi-dots-dms-
> > > > offload-usecase-01:
> > > >
> > > > Franck,
> > > >
> > > > An important contribution from this draft is to assess to what extent
> > > > current DOTS specs can be applied in a particular deployment context
> > > > and there is no void, while the use case draft was done to drive the
> > > > specification.
> > > >
> > > > There is IMO a need for an effort to socialize DOTS and exemplify how
> > > > it can be used in various deployment contexts. This draft is a
> > > > contribution in that aim.
> > > >
> > > > BTW, I'm not sure to understand this comment:
> > > >
> > > > > And be careful using signal channel call home for your use case,
> > > > > since
> > > > it is a special mechanism for near source attack mitigation with DOTS
> > > > server create TLS connection with DOTS client, which I don’t think
> > > > it’s very suitable for your case.
> > > >
> > > > The intent is to use the src-* signal channel extensions. I don't see
> > > > any issue in doing that.
> > > >
> > > > [Frank]: I mean DOTS signal channel is ok for this use case, no need
> > > > to use call home signal channel. And the call home signal channel's
> > > > interaction way is not appropriate for this case too.
> > > >
> > >
> > >
> > > > Thank you.
> > > >
> > > > Cheers,
> > > > Med
> > > >
> > > > > -----Message d'origine-----
> > > > > De : H Y [mailto:yuuhei.hayashi@gmail.com] Envoyé : vendredi 12
> > > > > juillet 2019 07:00 À : Xialiang (Frank, Network Standard & Patent
> > > > > Dept) Cc : draft-hayashi-dots-dms-offload-usecase.authors@ietf.org;
> > > > > Valery Smyslov; dots@ietf.org; neshi-nwsec-p-ml@hco.ntt.co.jp Objet :
> > > > > Re: [Dots] Hi, authors, 3 questions on draft-hayashi-dots-dms-
> > > > > offload-usecase-01:
> > > > >
> > > > > Hi Frank,
> > > > >
> > > > > Thank you for reviewing my draft :-) Please see inline.
> > > > >
> > > > > > 1.  I see your proposed offload use case as an variant of DOTS
> > > > > Orchestration use case (section 3.3 of draft-ietf-dots-use-cases-18).
> > > > > [hayashi]Yes, that's right.
> > > > >
> > > > > > If so, what is your propose for this part of content? Do you want
> > > > > > to
> > > > > improve the existing DOTS use cases WG draft with your addition?
> > > > > [hayashi]Yes, I want to add our use case to improve the DOTS
> > > > > orchestration use cases.
> > > > > About the DOTS orchestration use case in current use cases WG draft,
> > > > > DMS doesn't have DOTS client function.
> > > > > IMO, it's effective that DMSs send blocked information to an
> > > > > orchestrator via standardized IF and the orchestrator carries out
> > > > > some action in the network.
> > > > >
> > > > > At IETF 104, I proposed to add our use case to improve the DOTS
> > > > > orchestration use cases, however, I could not do it because the use
> > > > > case WG draft now is in Publication Requested status.
> > > > > Some people gave me the advice to include DOTS deployment
> > > > > consideration to my draft, so I update my draft based on the
> > > comments.
> > > > >
> > > > > Please see IETF104 minute
> > > > > https://datatracker.ietf.org/doc/minutes-104-
> > > > > dots/
> > > > >
> > > > > > 2.      Right now, DOTS protocol defines sending DOTS request via
> > > > signal
> > > > > channel, do you propose to send it via data channel in some situation?
> > > > > If so, I personally disagree with it, since we originally define
> > > > > signal channel and data channel for different functionalities &
> > > > > messages, we can not send any DOTS messages over wrong channel,
> > > like:
> > > > > DOTS request via data channel.
> > > > > [hayashi] After I submitted
> > > > > draft-h-dots-mitigation-offload-expansion-00,  some people gave me
> > > > > comments not to use signal channel but to use data channel via
> > > > > out-of band because link b/w the DMS and Orchestrator won't be
> > > > > congested under attack time.
> > > > >
> > > > > Please see the mail thread [Dots]
> > > > > draft-h-dots-mitigation-offload-expansion-00: Reasons why we want
> > > to
> > > > > standardize between DMS and orchestrator using DOTS
> > > > >
> > > > > Current data channel has the capability to send filtering rules
> > > > > immediately, so I think it can be used to send blocked information
> > > > > from DMS to Orchestrator.
> > > > > If the signal channel has the capability to convey the attacker's
> > > > > information, the signal channel can be also used to send it to form
> > > > > DMS to Orchestrator.
> > > > >
> > > > > > 3.      In addition to extended offload use case content, I do not see
> > > > > any new protocol, message or attribute extension comparing to the
> > > > > existing defined DOTS protocols, the left content are just some
> > > > > examples about how you use the existing DOTS protocol for your
> > > > > offload use case. So, what do you want DOTS WG to do for this draft,
> > > > > since there
> > > > are no new thing here?
> > > > > [hayashi] This draft requires that ...
> > > > > - It's effective that DMS have DOTS client function in DOTS
> > > > > orchestration use case.
> > > > > - It's effective that signal channel has the capability to send src
> > > > > information.
> > > > > For example, it's useful and feasible to send src port information
> > > > > via the DOTS signal channel to request mitigation against reflection
> > > > > attack.
> > > > >
> > > > > > And be careful using signal channel call home for your use case,
> > > > > > since
> > > > > it is a special mechanism for near source attack mitigation with
> > > > > DOTS server create TLS connection with DOTS client, which I don’t
> > > > > think it’s very suitable for your case.
> > > > > Thank you for giving me comments. Could I define another signal
> > > > > channel expansion to send src information via signal channel?
> > > > >
> > > > > Thanks,
> > > > > Yuhei
> > > > >
> > > > > 2019年7月12日(金) 12:10 Xialiang (Frank, Network Standard &
> > > Patent Dept)
> > > > > <frank.xialiang@huawei.com>;:
> > > > > >
> > > > > > Hi authors,
> > > > > >
> > > > > > I have reviewed this new version and have 3 questions as below:
> > > > > >
> > > > > > 1.      I see your proposed offload use case as an variant of DOTS
> > > > > Orchestration use case (section 3.3 of draft-ietf-dots-use-cases-18).
> > > > > If so, what is your propose for this part of content? Do you want to
> > > > > improve the existing DOTS use cases WG draft with your addition?
> > > > > >
> > > > > > 2.      Right now, DOTS protocol defines sending DOTS request via
> > > > signal
> > > > > channel, do you propose to send it via data channel in some situation?
> > > > > If so, I personally disagree with it, since we originally define
> > > > > signal channel and data channel for different functionalities &
> > > > > messages, we can not send any DOTS messages over wrong channel,
> > > like:
> > > > > DOTS request via data channel.
> > > > > >
> > > > > > 3.      In addition to extended offload use case content, I do not see
> > > > > any new protocol, message or attribute extension comparing to the
> > > > > existing defined DOTS protocols, the left content are just some
> > > > > examples about how you use the existing DOTS protocol for your
> > > > > offload use case. So, what do you want DOTS WG to do for this draft,
> > > > > since there
> > > > are no new thing here?
> > > > > And be careful using signal channel call home for your use case,
> > > > > since it is a special mechanism for near source attack mitigation
> > > > > with DOTS server create TLS connection with DOTS client, which I
> > > > > don’t think it’s very suitable for your case.
> > > > > >
> > > > > >
> > > > > >
> > > > > > Thanks!
> > > > > >
> > > > > >
> > > > > >
> > > > > > B.R.
> > > > > >
> > > > > > Frank
> > > > > >
> > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > Dots mailing list
> > > > > > Dots@ietf.org
> > > > > > https://www.ietf.org/mailman/listinfo/dots
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > ----------------------------------
> > > > > Yuuhei HAYASHI
> > > > > 08065300884
> > > > > yuuhei.hayashi@gmail.com
> > > > > iehuuy_0220@docomo.ne.jp
> > > > > ----------------------------------
> > > _______________________________________________
> > > Dots mailing list
> > > Dots@ietf.org
> > > https://www.ietf.org/mailman/listinfo/dots
>
>
>
> --
> ----------------------------------
> Yuuhei HAYASHI
> 08065300884
> yuuhei.hayashi@gmail.com
> iehuuy_0220@docomo.ne.jp
> ----------------------------------
>
> _______________________________________________
> Dots mailing list
> Dots@ietf.org
> https://www.ietf.org/mailman/listinfo/dots



-- 
----------------------------------
Yuuhei HAYASHI
08065300884
yuuhei.hayashi@gmail.com
iehuuy_0220@docomo.ne.jp
----------------------------------