IETF Logo Mail Archive

Re: [Dots] Signal / Data / Alias / Filter Implementation

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Thu, 03 August 2017 08:06 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24980126CB6 for <dots@ietfa.amsl.com>; Thu, 3 Aug 2017 01:06:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K9mMu5F80SwK for <dots@ietfa.amsl.com>; Thu, 3 Aug 2017 01:06:33 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB23B132320 for <dots@ietf.org>; Thu, 3 Aug 2017 01:06:32 -0700 (PDT)
Received: from DNVEXAPP1N05.corpzone.internalzone.com (unknown [10.44.48.89]) by DNVWSMAILOUT1.mcafee.com with smtp id 0fc8_ff43_5ff66d70_4e2b_4b87_a05a_44c40650b73f; Thu, 03 Aug 2017 03:06:20 -0500
Received: from DNVEXUSR1N12.corpzone.internalzone.com (10.44.48.85) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 3 Aug 2017 02:06:20 -0600
Received: from DNVEXUSR1N12.corpzone.internalzone.com (10.44.48.85) by DNVEXUSR1N12.corpzone.internalzone.com (10.44.48.85) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 3 Aug 2017 02:06:19 -0600
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXUSR1N12.corpzone.internalzone.com (10.44.48.85) with Microsoft SMTP Server (TLS) id 15.0.1263.5 via Frontend Transport; Thu, 3 Aug 2017 02:06:19 -0600
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (10.44.176.241) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 3 Aug 2017 02:06:18 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.onmicrosoft.com; s=selector1-mcafee-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=/QmTcwY78Znuzxxm815+n8TLMvRpCTRnYfVMZC/Xnic=; b=uDcD+e74O8iGpv59vL4/5HWBZ9VIuZBxlEV2f0r8Ixj4PpFxqp0f4GsgR7mfY9M4uekkDkRzkH/5fdg9KWX5LufSFRAhjNxvWVEWIUpwmh6UOU7Vpp3SsyIUbQdmLzQeYysgjuvWOtx+NBLP6PEtrNCkwLIgzNZX6PQXGmywQc4=
Received: from DM5PR16MB1788.namprd16.prod.outlook.com (10.172.44.144) by DM5PR16MB1786.namprd16.prod.outlook.com (10.172.44.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1304.22; Thu, 3 Aug 2017 08:06:17 +0000
Received: from DM5PR16MB1788.namprd16.prod.outlook.com ([10.172.44.144]) by DM5PR16MB1788.namprd16.prod.outlook.com ([10.172.44.144]) with mapi id 15.01.1304.023; Thu, 3 Aug 2017 08:06:17 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: kaname nishizuka <kaname@nttv6.jp>, "Dobbins, Roland" <rdobbins@arbor.net>, Jon Shallow <supjps-ietf@jpshallow.com>
CC: "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] Signal / Data / Alias / Filter Implementation
Thread-Index: AdMLd/i8iwFwzTfWQ/S7HayGj5igcAABJg8AAAm7eQAABmLPgAAW0FyAAAWLLfA=
Date: Thu, 03 Aug 2017 08:06:17 +0000
Message-ID: <DM5PR16MB17887F73606FE7D920125FC2EAB10@DM5PR16MB1788.namprd16.prod.outlook.com>
References: <035401d30b77$fb3a1da0$f1ae58e0$@jpshallow.com> <628E4313-95D3-42F5-9DDB-00C7B4EBB4D6@arbor.net> <039001d30ba3$7f4290c0$7dc7b240$@jpshallow.com> <B8BBF80E-5A5B-473D-A0B2-B6EFEC21DEBF@arbor.net> <4a158137-5c92-974e-3e4d-6c46fb3e5a52@nttv6.jp>
In-Reply-To: <4a158137-5c92-974e-3e4d-6c46fb3e5a52@nttv6.jp>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR16MB1786; 7:68oxI2xhJgd5Qdu/4EoJNHcbnInBFuMIafrrmMjHJeIYYDpMN5cwLeyjUpJGkdaPSAbx7VuEHb49jbzAYOmOe931oxJXzJPdRyXEOSVPlBdm19YRdarjfpPmQIvM0/t+w27f/wT2jMVULYuxEI48l4bX5dLAh6r8DWB6hEVcyb99fkvxk05bmGEeTEo3QDjR8lgxXD8F7UfJGH1IxQ4SVPZzqLORnpac22nJeUqFrhGYO4kcBysCtDndAULYHt1l/T2DMZBj91Q7SYsNKo1s3adj5ZahiktfCeOvgaSuTOUA70uNjyhjY6/0CLofcLiUqwR0kuJU1kbYECoCIKqUexejCUszfwhoEmodrK8Nm0Oa2dT7ZDK2yoveIL54AkqLawSlWyh9to9AOhLnldqG9NRadeOD+NGNycpHj54Rhetdajc7i8rSHgLHOwUGxkEBnkY4zl0C6IAGSEb4r2C0eVZ1pTvwpaMoO7vBsmWjxA/r8EKBM4Zn/AAofyqSJsPjb3l4m573soSNAFan5XntLAQWP41qW/s595FGSGN8PMZ/qw+w1sAVlIdWhAdn9AuZ9lam6Ti6BoHGWqCR6JpxM/fr67XYE0mqYwCX1PFGt0+66m1m5MToav6737XsTPOIXJDAgOI36Qfha8Ww2Z1SQ0EtyppPeNqym07kd2Ev5AhszNm5HBWH0XEN+sb+rsBW7wo2NcSbpFpH9+psrBPMTeKkyCypo3q+v3Khov/ErBNw4vRkKQWLDJ9vKs8yJa61kQBXUX/AD70ge9l14BNK615b8k0lUkf6GlnLonZYyHE=
x-ms-office365-filtering-correlation-id: 5cbc2049-cb7e-4e8e-107d-08d4da46849a
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM5PR16MB1786;
x-ms-traffictypediagnostic: DM5PR16MB1786:
x-exchange-antispam-report-test: UriScan:(158342451672863)(278428928389397)(21748063052155);
x-microsoft-antispam-prvs: <DM5PR16MB1786EA9404FCFB3EB4FB83E4EAB10@DM5PR16MB1786.namprd16.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(100000703101)(100105400095)(3002001)(6041248)(20161123562025)(20161123564025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM5PR16MB1786; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM5PR16MB1786;
x-forefront-prvs: 03883BD916
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39840400002)(39450400003)(39400400002)(39410400002)(24454002)(32952001)(51914003)(377454003)(199003)(189002)(606006)(25786009)(97736004)(6306002)(53546010)(7696004)(4326008)(76176999)(50986999)(54356999)(7736002)(3660700001)(189998001)(6116002)(102836003)(2900100001)(790700001)(77096006)(106356001)(105586002)(229853002)(80792005)(86362001)(3846002)(6506006)(54896002)(14454004)(66066001)(6246003)(38730400002)(5660300001)(3280700002)(236005)(53936002)(2950100002)(966005)(6436002)(55016002)(72206003)(478600001)(68736007)(8676002)(8936002)(74316002)(9686003)(99286003)(81156014)(81166006)(101416001)(2906002)(93886004)(33656002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR16MB1786; H:DM5PR16MB1788.namprd16.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR16MB17887F73606FE7D920125FC2EAB10DM5PR16MB1788namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Aug 2017 08:06:17.2243 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR16MB1786
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6085> : inlines <6005> : streams <1756959> : uri <2475390>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/n6RnOH8_n5i59PfM1B3Wo_hWLKo>
Subject: Re: [Dots] Signal / Data / Alias / Filter Implementation
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Aug 2017 08:06:35 -0000

draft-ietf-dots-data-channel-02 extends the base ACL model defined in draft-ietf-netmod-acl-model to support filtering based on fragments. Filtering rules based on ICMP type and code is supported in latest revision of draft-ietf-netmod-acl-model.
I don’t see a need to update the DOTS data channel draft.

-Tiru

From: Dots [mailto:dots-bounces@ietf.org] On Behalf Of kaname nishizuka
Sent: Thursday, August 3, 2017 10:51 AM
To: Dobbins, Roland <rdobbins@arbor.net>; Jon Shallow <supjps-ietf@jpshallow.com>
Cc: dots@ietf.org
Subject: Re: [Dots] Signal / Data / Alias / Filter Implementation

Hi Jon,

I'm implementing the DOTS protocol based on current specifications.
The DOTS protocol can handle source-* information in a mitigation signal request.
For example, the DOTS server can enable BGP Flowspec from 5-tuple information derived from mitigation request message from DOTS client, that is actually we are planning to add to our software.
Destination information is used to validate whether the mitigation-scope is really the property of the DOTS client's organization or not.
So, if the request is only including source-* information, how to validate the request is another problem because it can cause unintended side effect to other customers/services (but could be implementation specific)

* How do we handle specific ICMP types  in a mitigation signal request?

Tiru wrote:
> Thanks for the review. Fixed comments 1 and 2 in my local copy. To support filtering rules based on ICMP type and code, and filtering based on fragments, the base ACL model defined in https://tools.ietf.org/html/draft-ietf-netmod-acl-model-06 needs to be extended in this draft using augmentation (see https://tools.ietf.org/html/rfc6020#section-4.2.8).
> I will extend the ACL YANG model in the next revision.

And the latest version of draft-ietf-netmod-acl-model (-11) includes ICMP-ACL (type, code,,)
I think we should update the draft.

* How do we handle fragmentation in a mitigation signal request?
fragmentation can be represented as port=0. Is this a sufficient representation?

thanks,
Kaname


On 2017/08/03 3:27, Dobbins, Roland wrote:

On Aug 2, 2017, at 22:25, Jon Shallow <supjps-ietf@jpshallow.com<mailto:supjps-ietf@jpshallow.com>> wrote:
In draft-ietf-dots-use-cases-07
3.1.6.  End-customer operating a CPE network infrastructure device with
       an integrated DOTS client

3.1.6 from idraft-ietf-dots-use-cases-07 in full:



3.1.6.  End-customer operating a CPE network infrastructure device with

        an integrated DOTS client



   Similar to the above use-case featuring applications or services with

   built-in DDoS attack detection/classification and DOTS client

   capabilities, in this scenario, an end-customer network

   infrastructure CPE device such as a router, layer-3 switch, firewall,

   or load-balance incorporates both the functionality required to

   detect and classify incoming DDoS attacks as well as DOTS client

   functionality.



   The subsequent DOTS communications dialogue and resultant DDoS

   mitigation initiation and termination activities take place in the

   same manner as the use-cases described above.

-----------------------------------

Roland Dobbins <rdobbins@arbor.net<mailto:rdobbins@arbor.net>>




_______________________________________________

Dots mailing list

Dots@ietf.org<mailto:Dots@ietf.org>

https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email