Re: [Dots] Signal / Data / Alias / Filter Implementation
"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Thu, 03 August 2017 08:06 UTC
Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24980126CB6 for <dots@ietfa.amsl.com>; Thu, 3 Aug 2017 01:06:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K9mMu5F80SwK for <dots@ietfa.amsl.com>; Thu, 3 Aug 2017 01:06:33 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB23B132320 for <dots@ietf.org>; Thu, 3 Aug 2017 01:06:32 -0700 (PDT)
Received: from DNVEXAPP1N05.corpzone.internalzone.com (unknown [10.44.48.89]) by DNVWSMAILOUT1.mcafee.com with smtp id 0fc8_ff43_5ff66d70_4e2b_4b87_a05a_44c40650b73f; Thu, 03 Aug 2017 03:06:20 -0500
Received: from DNVEXUSR1N12.corpzone.internalzone.com (10.44.48.85) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 3 Aug 2017 02:06:20 -0600
Received: from DNVEXUSR1N12.corpzone.internalzone.com (10.44.48.85) by DNVEXUSR1N12.corpzone.internalzone.com (10.44.48.85) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 3 Aug 2017 02:06:19 -0600
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXUSR1N12.corpzone.internalzone.com (10.44.48.85) with Microsoft SMTP Server (TLS) id 15.0.1263.5 via Frontend Transport; Thu, 3 Aug 2017 02:06:19 -0600
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (10.44.176.241) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Thu, 3 Aug 2017 02:06:18 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.onmicrosoft.com; s=selector1-mcafee-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=/QmTcwY78Znuzxxm815+n8TLMvRpCTRnYfVMZC/Xnic=; b=uDcD+e74O8iGpv59vL4/5HWBZ9VIuZBxlEV2f0r8Ixj4PpFxqp0f4GsgR7mfY9M4uekkDkRzkH/5fdg9KWX5LufSFRAhjNxvWVEWIUpwmh6UOU7Vpp3SsyIUbQdmLzQeYysgjuvWOtx+NBLP6PEtrNCkwLIgzNZX6PQXGmywQc4=
Received: from DM5PR16MB1788.namprd16.prod.outlook.com (10.172.44.144) by DM5PR16MB1786.namprd16.prod.outlook.com (10.172.44.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1304.22; Thu, 3 Aug 2017 08:06:17 +0000
Received: from DM5PR16MB1788.namprd16.prod.outlook.com ([10.172.44.144]) by DM5PR16MB1788.namprd16.prod.outlook.com ([10.172.44.144]) with mapi id 15.01.1304.023; Thu, 3 Aug 2017 08:06:17 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: kaname nishizuka <kaname@nttv6.jp>, "Dobbins, Roland" <rdobbins@arbor.net>, Jon Shallow <supjps-ietf@jpshallow.com>
CC: "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] Signal / Data / Alias / Filter Implementation
Thread-Index: AdMLd/i8iwFwzTfWQ/S7HayGj5igcAABJg8AAAm7eQAABmLPgAAW0FyAAAWLLfA=
Date: Thu, 03 Aug 2017 08:06:17 +0000
Message-ID: <DM5PR16MB17887F73606FE7D920125FC2EAB10@DM5PR16MB1788.namprd16.prod.outlook.com>
References: <035401d30b77$fb3a1da0$f1ae58e0$@jpshallow.com> <628E4313-95D3-42F5-9DDB-00C7B4EBB4D6@arbor.net> <039001d30ba3$7f4290c0$7dc7b240$@jpshallow.com> <B8BBF80E-5A5B-473D-A0B2-B6EFEC21DEBF@arbor.net> <4a158137-5c92-974e-3e4d-6c46fb3e5a52@nttv6.jp>
In-Reply-To: <4a158137-5c92-974e-3e4d-6c46fb3e5a52@nttv6.jp>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR16MB1786; 7:68oxI2xhJgd5Qdu/4EoJNHcbnInBFuMIafrrmMjHJeIYYDpMN5cwLeyjUpJGkdaPSAbx7VuEHb49jbzAYOmOe931oxJXzJPdRyXEOSVPlBdm19YRdarjfpPmQIvM0/t+w27f/wT2jMVULYuxEI48l4bX5dLAh6r8DWB6hEVcyb99fkvxk05bmGEeTEo3QDjR8lgxXD8F7UfJGH1IxQ4SVPZzqLORnpac22nJeUqFrhGYO4kcBysCtDndAULYHt1l/T2DMZBj91Q7SYsNKo1s3adj5ZahiktfCeOvgaSuTOUA70uNjyhjY6/0CLofcLiUqwR0kuJU1kbYECoCIKqUexejCUszfwhoEmodrK8Nm0Oa2dT7ZDK2yoveIL54AkqLawSlWyh9to9AOhLnldqG9NRadeOD+NGNycpHj54Rhetdajc7i8rSHgLHOwUGxkEBnkY4zl0C6IAGSEb4r2C0eVZ1pTvwpaMoO7vBsmWjxA/r8EKBM4Zn/AAofyqSJsPjb3l4m573soSNAFan5XntLAQWP41qW/s595FGSGN8PMZ/qw+w1sAVlIdWhAdn9AuZ9lam6Ti6BoHGWqCR6JpxM/fr67XYE0mqYwCX1PFGt0+66m1m5MToav6737XsTPOIXJDAgOI36Qfha8Ww2Z1SQ0EtyppPeNqym07kd2Ev5AhszNm5HBWH0XEN+sb+rsBW7wo2NcSbpFpH9+psrBPMTeKkyCypo3q+v3Khov/ErBNw4vRkKQWLDJ9vKs8yJa61kQBXUX/AD70ge9l14BNK615b8k0lUkf6GlnLonZYyHE=
x-ms-office365-filtering-correlation-id: 5cbc2049-cb7e-4e8e-107d-08d4da46849a
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DM5PR16MB1786;
x-ms-traffictypediagnostic: DM5PR16MB1786:
x-exchange-antispam-report-test: UriScan:(158342451672863)(278428928389397)(21748063052155);
x-microsoft-antispam-prvs: <DM5PR16MB1786EA9404FCFB3EB4FB83E4EAB10@DM5PR16MB1786.namprd16.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(100000703101)(100105400095)(3002001)(6041248)(20161123562025)(20161123564025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM5PR16MB1786; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM5PR16MB1786;
x-forefront-prvs: 03883BD916
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39840400002)(39450400003)(39400400002)(39410400002)(24454002)(32952001)(51914003)(377454003)(199003)(189002)(606006)(25786009)(97736004)(6306002)(53546010)(7696004)(4326008)(76176999)(50986999)(54356999)(7736002)(3660700001)(189998001)(6116002)(102836003)(2900100001)(790700001)(77096006)(106356001)(105586002)(229853002)(80792005)(86362001)(3846002)(6506006)(54896002)(14454004)(66066001)(6246003)(38730400002)(5660300001)(3280700002)(236005)(53936002)(2950100002)(966005)(6436002)(55016002)(72206003)(478600001)(68736007)(8676002)(8936002)(74316002)(9686003)(99286003)(81156014)(81166006)(101416001)(2906002)(93886004)(33656002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR16MB1786; H:DM5PR16MB1788.namprd16.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR16MB17887F73606FE7D920125FC2EAB10DM5PR16MB1788namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Aug 2017 08:06:17.2243 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR16MB1786
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6085> : inlines <6005> : streams <1756959> : uri <2475390>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/n6RnOH8_n5i59PfM1B3Wo_hWLKo>
Subject: Re: [Dots] Signal / Data / Alias / Filter Implementation
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Aug 2017 08:06:35 -0000
draft-ietf-dots-data-channel-02 extends the base ACL model defined in draft-ietf-netmod-acl-model to support filtering based on fragments. Filtering rules based on ICMP type and code is supported in latest revision of draft-ietf-netmod-acl-model. I don’t see a need to update the DOTS data channel draft. -Tiru From: Dots [mailto:dots-bounces@ietf.org] On Behalf Of kaname nishizuka Sent: Thursday, August 3, 2017 10:51 AM To: Dobbins, Roland <rdobbins@arbor.net>; Jon Shallow <supjps-ietf@jpshallow.com> Cc: dots@ietf.org Subject: Re: [Dots] Signal / Data / Alias / Filter Implementation Hi Jon, I'm implementing the DOTS protocol based on current specifications. The DOTS protocol can handle source-* information in a mitigation signal request. For example, the DOTS server can enable BGP Flowspec from 5-tuple information derived from mitigation request message from DOTS client, that is actually we are planning to add to our software. Destination information is used to validate whether the mitigation-scope is really the property of the DOTS client's organization or not. So, if the request is only including source-* information, how to validate the request is another problem because it can cause unintended side effect to other customers/services (but could be implementation specific) * How do we handle specific ICMP types in a mitigation signal request? Tiru wrote: > Thanks for the review. Fixed comments 1 and 2 in my local copy. To support filtering rules based on ICMP type and code, and filtering based on fragments, the base ACL model defined in https://tools.ietf.org/html/draft-ietf-netmod-acl-model-06 needs to be extended in this draft using augmentation (see https://tools.ietf.org/html/rfc6020#section-4.2.8). > I will extend the ACL YANG model in the next revision. And the latest version of draft-ietf-netmod-acl-model (-11) includes ICMP-ACL (type, code,,) I think we should update the draft. * How do we handle fragmentation in a mitigation signal request? fragmentation can be represented as port=0. Is this a sufficient representation? thanks, Kaname On 2017/08/03 3:27, Dobbins, Roland wrote: On Aug 2, 2017, at 22:25, Jon Shallow <supjps-ietf@jpshallow.com<mailto:supjps-ietf@jpshallow.com>> wrote: In draft-ietf-dots-use-cases-07 3.1.6. End-customer operating a CPE network infrastructure device with an integrated DOTS client 3.1.6 from idraft-ietf-dots-use-cases-07 in full: 3.1.6. End-customer operating a CPE network infrastructure device with an integrated DOTS client Similar to the above use-case featuring applications or services with built-in DDoS attack detection/classification and DOTS client capabilities, in this scenario, an end-customer network infrastructure CPE device such as a router, layer-3 switch, firewall, or load-balance incorporates both the functionality required to detect and classify incoming DDoS attacks as well as DOTS client functionality. The subsequent DOTS communications dialogue and resultant DDoS mitigation initiation and termination activities take place in the same manner as the use-cases described above. ----------------------------------- Roland Dobbins <rdobbins@arbor.net<mailto:rdobbins@arbor.net>> _______________________________________________ Dots mailing list Dots@ietf.org<mailto:Dots@ietf.org> https://www.ietf.org/mailman/listinfo/dots
- [Dots] Signal / Data / Alias / Filter Implementat… Jon Shallow
- Re: [Dots] Signal / Data / Alias / Filter Impleme… Roland Dobbins
- Re: [Dots] Signal / Data / Alias / Filter Impleme… Jon Shallow
- Re: [Dots] Signal / Data / Alias / Filter Impleme… Dobbins, Roland
- Re: [Dots] Signal / Data / Alias / Filter Impleme… kaname nishizuka
- Re: [Dots] Signal / Data / Alias / Filter Impleme… Jon Shallow
- Re: [Dots] Signal / Data / Alias / Filter Impleme… Konda, Tirumaleswar Reddy
- Re: [Dots] Signal / Data / Alias / Filter Impleme… Roland Dobbins
- Re: [Dots] Signal / Data / Alias / Filter Impleme… Roland Dobbins
- Re: [Dots] Signal / Data / Alias / Filter Impleme… Konda, Tirumaleswar Reddy
- Re: [Dots] Signal / Data / Alias / Filter Impleme… Jon Shallow
- Re: [Dots] Signal / Data / Alias / Filter Impleme… Konda, Tirumaleswar Reddy
- Re: [Dots] Signal / Data / Alias / Filter Impleme… Jon Shallow
- Re: [Dots] Signal / Data / Alias / Filter Impleme… Konda, Tirumaleswar Reddy
- Re: [Dots] Signal / Data / Alias / Filter Impleme… Jon Shallow
- Re: [Dots] Signal / Data / Alias / Filter Impleme… kaname nishizuka
- Re: [Dots] Signal / Data / Alias / Filter Impleme… kaname nishizuka
- Re: [Dots] Signal / Data / Alias / Filter Impleme… kaname nishizuka
- Re: [Dots] Signal / Data / Alias / Filter Impleme… Roland Dobbins
- Re: [Dots] Signal / Data / Alias / Filter Impleme… Jon Shallow
- Re: [Dots] Signal / Data / Alias / Filter Impleme… Konda, Tirumaleswar Reddy