IETF Logo Mail Archive

Re: [Dots] Comments and feedbacks on draft-reddy-dots-signal-channel-07 and draft-reddy-dots-data-channel-03 .

"Mortensen, Andrew" <amortensen@arbor.net> Wed, 15 February 2017 16:24 UTC

Return-Path: <amortensen@arbor.net>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0563D1298C1 for <dots@ietfa.amsl.com>; Wed, 15 Feb 2017 08:24:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=thescout.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9rnA7TptT4eo for <dots@ietfa.amsl.com>; Wed, 15 Feb 2017 08:24:41 -0800 (PST)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0096.outbound.protection.outlook.com [104.47.38.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 659FD1294FE for <dots@ietf.org>; Wed, 15 Feb 2017 08:18:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thescout.onmicrosoft.com; s=selector1-arbor-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=oizHa7P0Yx0BemGSxyQWYD6y75zkTr5PGcDkrt6lSUY=; b=ef6hB9me3vLrgB3zQP6I+IEbdXhE7HgPcmd40Nd0MtTEm3kSdKHLL0k1S5dLnIDtKIM+tEa3QYJjSr8WvCi8Pm8bIjEx08NpHjYCGjnrjernbGb04ntYCZ8mS9MrIMGecIoYi7hJue5SEk+7x64zYUggiiqmuxoyIOCTzY8PUTY=
Received: from MWHPR0101MB3118.prod.exchangelabs.com (10.174.167.145) by MWHPR0101MB3117.prod.exchangelabs.com (10.174.166.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.16; Wed, 15 Feb 2017 16:17:49 +0000
Received: from MWHPR0101MB3118.prod.exchangelabs.com ([10.174.167.145]) by MWHPR0101MB3118.prod.exchangelabs.com ([10.174.167.145]) with mapi id 15.01.0888.030; Wed, 15 Feb 2017 16:17:50 +0000
From: "Mortensen, Andrew" <amortensen@arbor.net>
To: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
Thread-Topic: [Dots] Comments and feedbacks on draft-reddy-dots-signal-channel-07 and draft-reddy-dots-data-channel-03 .
Thread-Index: AdKCER/slEaaT/pbTQCa8ffUgEh/YgEvK4mgADZPhAA=
Date: Wed, 15 Feb 2017 16:17:50 +0000
Message-ID: <6601F335-76C8-4DDA-8DAA-A88A9F7F2E3B@arbor.net>
References: <E58182C4A35A8E498E553AD3D33FA001011717E1DF@ILMB1.corp.radware.com> <331a77a5ec074db69cf2bc2715a7645e@XCH-RCD-017.cisco.com>
In-Reply-To: <331a77a5ec074db69cf2bc2715a7645e@XCH-RCD-017.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=amortensen@arbor.net;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [216.130.192.4]
x-ms-office365-filtering-correlation-id: 1a5324c5-4e3f-42c6-1e03-08d455be2fe8
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001); SRVR:MWHPR0101MB3117;
x-microsoft-exchange-diagnostics: 1; MWHPR0101MB3117; 7:wLc4PrTVrJ5HQBMg56FkU3gLNiu7RtuDAXAehPQcVQ0wEJ8C4as5jTBazGe9fzAFnIC1XVCQF3LvKHtsY4sGSYKTRy5LX1wWGcOwkk/CYV4ScNQA3rTt+4XBaaFXzXQlQX1sghwo+3r2ayvIVg9zXQ2rWW5X4BGMrHRCc6YIqB82KIousxpI9vhm08rTkFmlqcosegKeAmMd9VoXsdphaWkY0E+/TK6slO8YWjLZxoyeZutpfoCnF0EG3EVY8/qxzFClsB6yuSpFkS5Wl2Ldhz1SDCfd+Lzs4tihit6DdnXVG8LUSehs4eWdCV4ZwCeg1SZFWGNthaoY8zgCfjuP0XvVRQJmrymak6le47S4NN3T/47QcXQBwNynqQtjiRo47YIMxkl8813ziFy1ZD+Qqazv1a7zcn2prqCVPwVKiB1ZV10zktRnYEtaj/vxchJX+Pn/gBB618TGOOpISJy4p6s6lrsOHFV4I/YxFCGcu7iXhMftnn7YECLERlpj92KzIAcXXJMkWtjoLJzDHMCPyw==
x-microsoft-antispam-prvs: <MWHPR0101MB3117918FFC23FB551A95866AD15B0@MWHPR0101MB3117.prod.exchangelabs.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(95692535739014);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6041248)(20161123555025)(20161123562025)(20161123564025)(20161123558025)(20161123560025)(6072148); SRVR:MWHPR0101MB3117; BCL:0; PCL:0; RULEID:; SRVR:MWHPR0101MB3117;
x-forefront-prvs: 021975AE46
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(39450400003)(51914003)(24454002)(199003)(189002)(377454003)(50986999)(92566002)(54356999)(76176999)(2900100001)(6246003)(54906002)(8676002)(66066001)(3846002)(81166006)(8936002)(81156014)(2906002)(99286003)(36756003)(6116002)(102836003)(110136004)(101416001)(86362001)(38730400002)(229853002)(53936002)(6512007)(5660300001)(83716003)(6436002)(25786008)(3660700001)(33656002)(82746002)(230783001)(106356001)(54896002)(97736004)(4326007)(122556002)(6916009)(3280700002)(6506006)(2950100002)(68736007)(77096006)(236005)(6486002)(7736002)(189998001)(389900002)(105586002)(132733001)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR0101MB3117; H:MWHPR0101MB3118.prod.exchangelabs.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: arbor.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_6601F33576C84DDA8DAAA88A9F7F2E3Barbornet_"
MIME-Version: 1.0
X-OriginatorOrg: arbor.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Feb 2017 16:17:50.0880 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 54f11205-d4aa-4809-bd36-0b542199c5b2
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR0101MB3117
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/uENVbQeATjEWSI-PBvtDCr6Uad8>
Cc: David Aviv <DavidA@Radware.com>, dots <dots@ietf.org>, Ehud Doron <EhudD@Radware.com>
Subject: Re: [Dots] Comments and feedbacks on draft-reddy-dots-signal-channel-07 and draft-reddy-dots-data-channel-03 .
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Feb 2017 16:24:43 -0000

On Feb 14, 2017, at 9:53 AM, Tirumaleswar Reddy (tireddy) <tireddy@cisco.com<mailto:tireddy@cisco.com>> wrote:

Hi Ehud,

Thanks for the detailed review, Please see inline (I will respond to data channel comments in a separate mail)

From: Dots [mailto:dots-bounces@ietf.org] On Behalf Of Ehud Doron
 … snip...
6.       Page 14 figure 5: The mitigation request attributes are right but not enough. Need to add more telemetry info about the actual attack that it is required to mitigate, need to consider attributes in draft-doron-dots-telemetry-00 as part of the discussion in the WG.

[TR] Yes, I plan to update the draft with telemetry info based on outcome of draft-doron-dots-telemetry-00.

I understand need for and support the effort to ensure telemetry between DOTS agents, but I’m skeptical about the suggestion that the right place for it is in the signal channel. The signal channel requirements are restrictive by design (sub-MTU message size, expectation of packet loss, etc.), suggesting incompatibility with the proposed telemetry attributes in draft-doron-dots-telemetry-00. Among other things, that draft proposes CEF for attack details and the inclusion of a list of authenticated sources. Tiru’s signal channel draft suggests assuming an MTU of no more than 1280 bytes if the PMTU is not known, and concludes that a maximum datagram size of 576 bytes with a DOTS payload size of 500 bytes is best to ensure the signal channel will not be fragmented.

All of that is to say I disagree with the suggestion that the signal channel should be the primary vehicle for telemetry. Feedback, yes; unscoped telemetry, no. How do we determine if there’s enough telemetry? How much telemetry does vendor A require to function as a DOTS server or client? How much telemetry loss can either agent (and vendor implementation) withstand?

In contrast, the data channel seems like the ideal place for the sort of telemetry described in draft-doron-dots-telemetry-00. There are no restrictive size or packet loss handling requirements, and RESTCONF supports event streams that would seem to fit the need quite well.

andrew

v2.23.0 | Report a Bug | By Email