[Dots] 答复: several comments on draft-ietf-dots-architecture-06:

["Xialiang (Frank, Network Integration Technology Research Dept)" <frank.xialiang@huawei.com>]

+1

发件人: Konda, Tirumaleswar Reddy [mailto:TirumaleswarReddy_Konda@McAfee.com]
发送时间: 2018年9月3日 17:55
收件人: Mortensen, Andrew <amortensen@arbor.net>
抄送: Xialiang (Frank, Network Integration Technology Research Dept) <frank.xialiang@huawei.com>; draft-ietf-dots-architecture.all@ietf.org; dots@ietf.org
主题: RE: several comments on draft-ietf-dots-architecture-06:

Update looks good to me.

-Tiru

From: Mortensen, Andrew <amortensen@arbor.net<mailto:amortensen@arbor.net>>
Sent: Friday, July 20, 2018 6:04 PM
To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com<mailto:TirumaleswarReddy_Konda@McAfee.com>>
Cc: Xialiang (Frank, Network Integration Technology Research Dept) <frank.xialiang@huawei.com<mailto:frank.xialiang@huawei.com>>; draft-ietf-dots-architecture.all@ietf.org<mailto:draft-ietf-dots-architecture.all@ietf.org>; dots@ietf.org<mailto:dots@ietf.org>
Subject: Re: several comments on draft-ietf-dots-architecture-06:


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.


________________________________
I’ve got a pull request to incorporate some minor changes to address issues 2, 3 and 5 below:

<https://github.com/dotswg/dots-architecture/pull/29>

Unless there are objections, I’ll merge and submit a new draft revision. The remaining barrier to initiating WGLC will then be the updated NAT considerations.

andrew


On Jul 16, 2018, at 3:40 AM, Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com<mailto:TirumaleswarReddy_Konda@McAfee.com>> wrote:

[EXTERNAL EMAIL]
Hi Frank,

Thanks for the review. Please see inline [TR]

From: Dots [mailto:dots-bounces@ietf.org] On Behalf Of Xialiang (Frank, Network Integration Technology Research Dept)
Sent: Wednesday, July 11, 2018 3:03 PM
To: draft-ietf-dots-architecture.all@ietf.org<mailto:draft-ietf-dots-architecture.all@ietf.org>
Cc: dots@ietf.org<mailto:dots@ietf.org>
Subject: [Dots] several comments on draft-ietf-dots-architecture-06:

CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.

________________________________
Hi draft authors,
I have several comments of this draft as below for your consideration:
1.       Section 1.2, / “so that only authorized clients can invoke the DOTS service” / “so that only authorized clients/servers can invoke/honor the DOTS service”;

[TR] DOTS client is both authenticated and authorized to invoke the DOTS service but the DOTS server is only authenticated by the DOTS client. I don’t see the need to add “server” and “honor” in the above line.

2.       Section 2.2.2, / If a DOTS server refuses a DOTS client’s request for mitigation, the DOTS server SHOULD include the refusal reason in the server signal sent to the client / If a DOTS server refuses a DOTS client’s request for mitigation, the DOTS server MUST include the refusal reason in the server signal sent to the client;

[TR] Agreed, we will update draft.

3.       Section 3.2.3, / "End-customer with a single upstream transit provider offering DDoS mitigation services" described in [I-D.ietf-dots-use-cases] /  "Upstream DDoS Mitigation by an Upstream Internet Transit Provider" described in [I-D.ietf-dots-use-cases];

[TR] Okay, will fix.

4.       Section 3.2.3, you say “For example, the recursing domain’s mitigator should incorporate into mitigation status messages available metrics such as dropped packet or byte counts from the recursed mitigation.”, but this is not described in current DOTS signal channel draft. What’s your opinion about whether we should add the specified content into the signal channel draft?


[TR] DOTS client is conveyed the mitigation metrics (e.g. bytes-dropped, bps-dropped etc.) by the DOTS server. The DOTS client is opaque to the recursion of the originating mitigation request to the secondary DOTS server, hence the signal channel draft does not discuss recursive signaling but explains conveying the mitigation metrics to the DOTS client in Section 4.4.2.

5.       Section 3.3.3, by reviewing the DOTS signal channel draft, my take is a signal session (sid) can carry multiple mitigation-scope requesting conversations (cuid + mid + cdid (optional)), is it right? If so, by saying “a DOTS operator may configure the DOTS session to trigger mitigation when the DOTS server ceases receiving DOTS client signals (or vice versa) beyond the miss count or period permitted by the protocol.”, which mitigation conversation do you mean to trigger, or all of them over the same signal session?

[TR] If the DOTS server creases receiving DOTS client signal, mitigation will be triggered for all the mitigation requests signaled over the same DOTS signal channel session.

Cheers,
-Tiru

Thanks!

B.R.
Frank