IETF Logo Mail Archive

Re: [Dots] DOTS Telemetry: Interop Clarification #1

mohamed.boucadair@orange.com Mon, 29 June 2020 12:20 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D36093A0E68 for <dots@ietfa.amsl.com>; Mon, 29 Jun 2020 05:20:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O0HPTbeX1nju for <dots@ietfa.amsl.com>; Mon, 29 Jun 2020 05:20:42 -0700 (PDT)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.66.39]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E5253A0E58 for <dots@ietf.org>; Mon, 29 Jun 2020 05:20:41 -0700 (PDT)
Received: from opfedar00.francetelecom.fr (unknown [xx.xx.xx.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by opfedar20.francetelecom.fr (ESMTP service) with ESMTPS id 49wRQv6hkXz8syR; Mon, 29 Jun 2020 14:20:39 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1593433239; bh=kvQWPa5jvCQm9j+c7vUjiZjy3rUQjycbdKT0nkY1ydo=; h=From:To:Subject:Date:Message-ID:Content-Type:MIME-Version; b=BCCPMe7GG8zt+ttTP+U6p5GRoV2RXTTQs7Ukz6Xi/rwPjRMtMGGhGUnidZVPwsUH0 e7cL4/GPivq5qfZ15uHpnLGIcYHdh1KarlDQQxwLaXwyWmHvn9E2sEgPePXUwIU3Gn eOhprv+TnYZq/g1koihZDgYi9JQIxuvFYOdyj5ytb+ez7rSTB3zZawEjUBxXdUx5Z9 ltV/k7NM/E9TgmbJGX9jW/u17RLKd+Y6pecbvnNQ+v35KfkUeZOPajesm4CVSDWLtv O1g+UfmrCxAUk28teDZpg/FUmwC3+p3PMTjgN0tib5kxw3ZsuU/hOkEYb2gyOh9a2J rxxFayFjtplbg==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by opfedar00.francetelecom.fr (ESMTP service) with ESMTPS id 49wRQv0xZczCqkK; Mon, 29 Jun 2020 14:20:39 +0200 (CEST)
From: mohamed.boucadair@orange.com
To: Jon Shallow <supjps-ietf@jpshallow.com>, kaname nishizuka <kaname@nttv6.jp>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] DOTS Telemetry: Interop Clarification #1
Thread-Index: AQH0NBewyz0cz3gVN6O99zZ2D4scewEFmq9oAkUV0A4B4ImsbALKkiyFqHP409CAAA4dAA==
Date: Mon, 29 Jun 2020 12:20:38 +0000
Message-ID: <27502_1593433239_5EF9DC97_27502_120_16_787AE7BB302AE849A7480A190F8B9330314E8CFE@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <25679_1593113350_5EF4FB06_25679_457_1_787AE7BB302AE849A7480A190F8B9330314E762D@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <084a01d64bb2$d63a86b0$82af9410$@jpshallow.com> <9226_1593412702_5EF98C5E_9226_29_1_787AE7BB302AE849A7480A190F8B9330314E8989@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <0ad501d64df5$74b89b30$5e29d190$@jpshallow.com> <16374_1593427492_5EF9C624_16374_188_1_787AE7BB302AE849A7480A190F8B9330314E8BF2@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <0b1401d64e0a$36c332d0$a4499870$@jpshallow.com>
In-Reply-To: <0b1401d64e0a$36c332d0$a4499870$@jpshallow.com>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: multipart/alternative; boundary="_000_787AE7BB302AE849A7480A190F8B9330314E8CFEOPEXCAUBMA2corp_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/mmnGkQP3JW6I3jBWHFhqJK5OvnI>
Subject: Re: [Dots] DOTS Telemetry: Interop Clarification #1
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jun 2020 12:20:44 -0000

Re-,

Please see inline.

Cheers,
Med

De : Jon Shallow [mailto:supjps-ietf@jpshallow.com]
Envoyé : lundi 29 juin 2020 13:41
À : BOUCADAIR Mohamed TGI/OLN; kaname nishizuka; dots@ietf.org
Objet : RE: [Dots] DOTS Telemetry: Interop Clarification #1

Hi Med,

I'm still confused - could be that we are talking cross purposes here.

See inline Jon>

Regards

Jon

From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of mohamed.boucadair@orange.com
Sent: 29 June 2020 11:45
To: Jon Shallow; kaname nishizuka; dots@ietf.org
Subject: Re: [Dots] DOTS Telemetry: Interop Clarification #1

Hi Jon,

It is the other way around: the server will filter out the data it will return to match the filters conveyed in GET.
Jon> That filtering I agree with.
[Med] OK.
  It just is what is the data source used for the server GET response.

So,

·         if we refer to your case (1), the PUT used for efficacy update does not interfere with the handling of GET to retrieve the server's status.
Jon> Figure 45 PUT includes
           "ietf-dots-telemetry:total-attack-traffic": [
             {
               "ietf-dots-telemetry:unit": "megabit-ps",
               "ietf-dots-telemetry:mid-percentile-g": "900"
             }
           ]
Jon>  What does the DOTS server respond with for a GET - the value "900 megabit-ps" or what the DOTS server (as told by DOTS mitigator etc.) thinks is actually happening - e.g. "11 gigabit-ps" because a lot of attack traffic is being dropped by the DOTS mitigators?  Just to be absolutely sure - the server is getting its status from multiple sources - which status does it report on in the GET.
[Med] The server will report the status it is seeing (reported from mitigators), not the one inferred from the efficacy update from the client. We are not changing the behavior we have in the base spec.


·         if we refer to your case (2), the PUT in Figure 36 sets the target (telemetry) scope. So for any telemetry-related GET, the server will only return data that is bound to the target as set in the PUT. These data is further filtered out based of any uri-query in the GET.
Jon> Figure 36 PUT goes beyond defining the target (alias-name in this case) and includes
           "attack-detail": [
             {
               "vendor-id": 1234,
               "attack-id": 77,
               "start-time": "1957811234",
               "attack-severity": "high"
             }
           ]
Jon> So what is returned in the GET for this target - this attack detail or the attack detail that the DOTS server is being told by the DOTS mitigators - which could include the same vendor-id + attack-id (but maybe with a different start time)?
[Med] Like above, the status that will be reported is the one from mitigators.

~Jon

Cheers,
Med

De : Jon Shallow [mailto:supjps-ietf@jpshallow.com]
Envoyé : lundi 29 juin 2020 11:13
À : BOUCADAIR Mohamed TGI/OLN; kaname nishizuka; dots@ietf.org
Objet : RE: [Dots] DOTS Telemetry: Interop Clarification #1

Hi Med,

So for absolute clarity, the DOTS server will return the values it has internally determined (from DOTS mitigator etc.), not those provided by the DOTS client using a PUT, as modified by the GET Query filters.

Regards

Jon

From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of mohamed.boucadair@orange.com
Sent: 29 June 2020 07:38
To: Jon Shallow; kaname nishizuka; dots@ietf.org
Subject: Re: [Dots] DOTS Telemetry: Interop Clarification #1

Hi Jon, all,

The server will return the data that match the filters included in the GET that triggered the response.

Cheers,
Med

De : Jon Shallow [mailto:supjps-ietf@jpshallow.com]
Envoyé : vendredi 26 juin 2020 14:11
À : BOUCADAIR Mohamed TGI/OLN; kaname nishizuka; dots@ietf.org
Objet : RE: [Dots] DOTS Telemetry: Interop Clarification #1

Hi Med,

I think that this refers several places.


1.       Efficacy updates.  E.g.  Figure 45: An Example of Mitigation Efficacy Update with Telemetry  Attributes. Here we do an efficacy update of what the client is seeing happen to a specific resource.  If the client now does a GET against the same resource - what is returned - the last efficacy update or the current state of mitigation as seen by the DOTS server?


2.       Also, Figure 36: PUT to Send Pre-or-Ongoing-Mitigation Telemetry allows the client to update the tmid with some information.  This includes an attack-detail.  When the client wants to see what is happening with this "tmid", it does a Figure 40: GET to Subscribe to Telemetry Asynchronous Notifications for a Specific 'tmid'.  Which attack-detail is returned - the one from the PUT or the ongoing situation?

Regards

Jon

From: Dots [mailto: dots-bounces@ietf.org] On Behalf Of mohamed.boucadair@orange.com
Sent: 25 June 2020 20:29
To: kaname nishizuka
Cc: dots@ietf.org
Subject: [Dots] DOTS Telemetry: Interop Clarification #1

Hi Kaname,

We discussed this issue in the interim:

==
Current Uri-Path can't distinguish telemetry resources posted by the client or created by the server.
-Those are totally different resources.
For example, Uri-Query won't be applicable to the telemetry resources posted by the client.
==

Can you please identify precisely which parts of the text need to be updated?

Thank you

Cheers,
Med



_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

v2.23.0 | Report a Bug | By Email