IETF Logo Mail Archive

Re: [Dots] several comments on draft-ietf-dots-architecture-06:

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Mon, 16 July 2018 07:41 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB7741294D7; Mon, 16 Jul 2018 00:41:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.309
X-Spam-Level:
X-Spam-Status: No, score=-4.309 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ExozGH7lHJHb; Mon, 16 Jul 2018 00:41:20 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2A3D130DD4; Mon, 16 Jul 2018 00:41:19 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1531726876; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-microsoft-exchange-diagnostics: x-ms-exchange-antispam-srfa-diagnostics:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-microsoft-antispam-prvs:x-exchange-antispam-report-test: x-ms-exchange-senderadcheck:x-exchange-antispam-report-cfa-test: x-forefront-prvs:x-forefront-antispam-report: received-spf:x-microsoft-antispam-message-info: spamdiagnosticoutput:spamdiagnosticmetadata: Content-Type:MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=6 T4ouBpCb13/bdlM1fdFSsVjrfMd4cwxJAmKwLJ25h M=; b=KYb9m165JjJ15wqJUq00d+88riYGaa768+30BG5qK9f+ vENRqK1D1/yzbDMEcu7Jw2uqpTTfQ2GPrFJsLa3kv7maDTdGjd 2P29jvo5VmFhOHd4NpzGzgJNT/Eba4g1KHJYaUSzaQIWUtvZyf kBgToIVtwcAwiWA+bp6ei/vY03s=
Received: from DNVEXAPP1N05.corpzone.internalzone.com (unknown [10.44.48.89]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 40e3_c14b_87e327e5_8674_4f53_94c4_fd30b5154393; Mon, 16 Jul 2018 02:41:16 -0500
Received: from DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 16 Jul 2018 01:40:24 -0600
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1347.2 via Frontend Transport; Mon, 16 Jul 2018 01:40:24 -0600
Received: from NAM05-DM3-obe.outbound.protection.outlook.com (10.44.176.242) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 16 Jul 2018 01:40:22 -0600
Received: from BN6PR16MB1425.namprd16.prod.outlook.com (10.172.207.19) by BN6PR16MB0098.namprd16.prod.outlook.com (10.172.112.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.952.18; Mon, 16 Jul 2018 07:40:21 +0000
Received: from BN6PR16MB1425.namprd16.prod.outlook.com ([fe80::ede9:2a31:940:db6c]) by BN6PR16MB1425.namprd16.prod.outlook.com ([fe80::ede9:2a31:940:db6c%9]) with mapi id 15.20.0952.021; Mon, 16 Jul 2018 07:40:21 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "Xialiang (Frank, Network Integration Technology Research Dept)" <frank.xialiang@huawei.com>, "draft-ietf-dots-architecture.all@ietf.org" <draft-ietf-dots-architecture.all@ietf.org>
CC: "dots@ietf.org" <dots@ietf.org>
Thread-Topic: several comments on draft-ietf-dots-architecture-06:
Thread-Index: AdQY9faFKNrvNpoNS8mebZHrIJkKUwD3ia+g
Date: Mon, 16 Jul 2018 07:40:21 +0000
Message-ID: <BN6PR16MB142540F3CEB6E889F9016B05EA5D0@BN6PR16MB1425.namprd16.prod.outlook.com>
References: <C02846B1344F344EB4FAA6FA7AF481F12BE33CF3@DGGEML522-MBX.china.huawei.com>
In-Reply-To: <C02846B1344F344EB4FAA6FA7AF481F12BE33CF3@DGGEML522-MBX.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.0.300.84
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR16MB0098; 7:7bq+UJEZOqxxiTFkaA0660cwQrTrvkcsA5OPqcsDBTrttD8y6POWnnoRmBvrQOhBpFmdvrCheu0EsA9T1t+JddzAo7VrrNhwcCyT+81n8mP++8xvDZgnyXmB4C/bPvg6VaomlzxV0+6W0L/4eCP6e96jPxbomP1DoRgtkqgXmXeUi1TJmGJtVpLb2RBwiXH03InxtaDcQ8NoAW1bP4ADHJSospHJJ0Ff7L38vugNpigZ2OHzNDJd78hy4M7zOXkl
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: e3a4a386-0d89-4f4a-8660-08d5eaef6291
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(2017052603328)(7153060)(7193020); SRVR:BN6PR16MB0098;
x-ms-traffictypediagnostic: BN6PR16MB0098:
x-microsoft-antispam-prvs: <BN6PR16MB0098D8F8F95F31A3153260E1EA5D0@BN6PR16MB0098.namprd16.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(3231311)(944501410)(52105095)(149027)(150027)(6041310)(20161123560045)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(6072148)(201708071742011)(7699016); SRVR:BN6PR16MB0098; BCL:0; PCL:0; RULEID:; SRVR:BN6PR16MB0098;
x-forefront-prvs: 073515755F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(396003)(366004)(376002)(39850400004)(346002)(189003)(199004)(32952001)(51914003)(14444005)(2900100001)(446003)(80792005)(26005)(229853002)(6246003)(105586002)(53936002)(99286004)(790700001)(11346002)(68736007)(3846002)(6116002)(110136005)(5024004)(316002)(186003)(5660300001)(476003)(256004)(66066001)(6306002)(9686003)(486006)(478600001)(53546011)(76176011)(33656002)(54896002)(6506007)(8936002)(74316002)(2906002)(25786009)(7696005)(8676002)(72206003)(9326002)(4326008)(7736002)(102836004)(14454004)(81156014)(2501003)(5250100002)(81166006)(6436002)(97736004)(106356001)(86362001)(55016002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR16MB0098; H:BN6PR16MB1425.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: gwQjzoJ2Kph3RBqiKinBFUhWxMuprekUsbln6mdPYLwhv8qmdmFSNObgfjb7kN559aKfo+v3MJDBi4wTAznm3PfA/e/ttMkLhfutjbhSCHgSfODb+wYn2PYt1bH5bFOptGPCLNHFua29xlHCw2BWwiXQv2lwd85t1W5Ve9bAMAd5uC6aawFuW7rxG0KM7bHd4MAAj/UzoNJZN5qEeRo2UnodrKu92+UWJOAmPL6waJk53rSTSiGLeHrytgUuB7IIg1yLcxsxhzyd75zSnn/Gv2P7hh+F7np3MLQ5oPDEOyjb9vcgi1/p+DKsi3w+Pn7wQLaHNowfy+XHnS/rhrhKK8C4QP4tH9vS136QbGq94dA=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BN6PR16MB142540F3CEB6E889F9016B05EA5D0BN6PR16MB1425namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: e3a4a386-0d89-4f4a-8660-08d5eaef6291
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jul 2018 07:40:21.3174 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR16MB0098
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6329> : inlines <6748> : streams <1792691> : uri <2674306>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/pZMWWe3rnVZnqWncu80EKCS_aUg>
Subject: Re: [Dots] several comments on draft-ietf-dots-architecture-06:
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jul 2018 07:41:23 -0000

Hi Frank,

Thanks for the review. Please see inline [TR]

From: Dots [mailto:dots-bounces@ietf.org] On Behalf Of Xialiang (Frank, Network Integration Technology Research Dept)
Sent: Wednesday, July 11, 2018 3:03 PM
To: draft-ietf-dots-architecture.all@ietf.org
Cc: dots@ietf.org
Subject: [Dots] several comments on draft-ietf-dots-architecture-06:


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.


________________________________
Hi draft authors,
I have several comments of this draft as below for your consideration:

1.       Section 1.2, / “so that only authorized clients can invoke the DOTS service” / “so that only authorized clients/servers can invoke/honor the DOTS service”;

[TR] DOTS client is both authenticated and authorized to invoke the DOTS service but the DOTS server is only authenticated by the DOTS client. I don’t see the need to add “server” and “honor” in the above line.



2.       Section 2.2.2, / If a DOTS server refuses a DOTS client’s request for mitigation, the DOTS server SHOULD include the refusal reason in the server signal sent to the client / If a DOTS server refuses a DOTS client’s request for mitigation, the DOTS server MUST include the refusal reason in the server signal sent to the client;

[TR] Agreed, we will update draft.



3.       Section 3.2.3, / "End-customer with a single upstream transit provider offering DDoS mitigation services" described in [I-D.ietf-dots-use-cases] /  "Upstream DDoS Mitigation by an Upstream Internet Transit Provider" described in [I-D.ietf-dots-use-cases];

[TR] Okay, will fix.



4.       Section 3.2.3, you say “For example, the recursing domain’s mitigator should incorporate into mitigation status messages available metrics such as dropped packet or byte counts from the recursed mitigation.”, but this is not described in current DOTS signal channel draft. What’s your opinion about whether we should add the specified content into the signal channel draft?


[TR] DOTS client is conveyed the mitigation metrics (e.g. bytes-dropped, bps-dropped etc.) by the DOTS server. The DOTS client is opaque to the recursion of the originating mitigation request to the secondary DOTS server, hence the signal channel draft does not discuss recursive signaling but explains conveying the mitigation metrics to the DOTS client in Section 4.4.2.


5.       Section 3.3.3, by reviewing the DOTS signal channel draft, my take is a signal session (sid) can carry multiple mitigation-scope requesting conversations (cuid + mid + cdid (optional)), is it right? If so, by saying “a DOTS operator may configure the DOTS session to trigger mitigation when the DOTS server ceases receiving DOTS client signals (or vice versa) beyond the miss count or period permitted by the protocol.”, which mitigation conversation do you mean to trigger, or all of them over the same signal session?

[TR] If the DOTS server creases receiving DOTS client signal, mitigation will be triggered for all the mitigation requests signaled over the same DOTS signal channel session.



Cheers,

-Tiru

Thanks!

B.R.
Frank

v2.23.0 | Report a Bug | By Email