IETF Logo Mail Archive

Re: [Dots] Tsvart last call review of draft-ietf-dots-signal-channel-31

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Mon, 08 April 2019 08:40 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F3B91202AB; Mon, 8 Apr 2019 01:40:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iUKEfr_tRLj7; Mon, 8 Apr 2019 01:40:07 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A0281202C9; Mon, 8 Apr 2019 01:40:06 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1554712507; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-antispam-prvs: x-forefront-prvs:x-forefront-antispam-report: received-spf:x-ms-exchange-senderadcheck:x-microsoft-antispam-message-info: Content-Type:MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=S bbaRE3hzzLStVaTk6pF4QlGdbpH6V8hS4U2y/FJJO k=; b=QF0BVE9dE1uXkMFZLufJjZ+cTzWW2Tb0pqap1+HI4ud8 SKUPdRc5y4bofP62QfF/ysVGaznIIE29VbqlfOZB4eS/dKOzez L3P2heWceGt5fBIvvs0TOYKDVmUg3oCl8ocahrcZbgsOKvB53F SUsz5PSLpKPT7Nn52dvBYIJho3Y=
Received: from DNVEXAPP1N04.corpzone.internalzone.com (unknown [10.44.48.88]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 286f_7963_c63e352a_26d3_49c3_972d_8f0c11a8464a; Mon, 08 Apr 2019 02:35:06 -0600
Received: from DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 8 Apr 2019 02:39:43 -0600
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Mon, 8 Apr 2019 02:39:43 -0600
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (10.44.176.241) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 8 Apr 2019 02:39:42 -0600
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2952.namprd16.prod.outlook.com (20.178.235.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.13; Mon, 8 Apr 2019 08:39:40 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::4873:7200:9e57:9e62]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::4873:7200:9e57:9e62%4]) with mapi id 15.20.1771.014; Mon, 8 Apr 2019 08:39:40 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
CC: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-dots-signal-channel.all@ietf.org" <draft-ietf-dots-signal-channel.all@ietf.org>, "dots@ietf.org" <dots@ietf.org>, "tsv-art@ietf.org" <tsv-art@ietf.org>, Yoshifumi Nishida <nishida@wide.ad.jp>
Thread-Topic: [Dots] Tsvart last call review of draft-ietf-dots-signal-channel-31
Thread-Index: AQHU6eeRbgxgi7muZUeZRYmL0MXooqYsNbsAgADTwkCABNJCAIAABDqQ
Date: Mon, 08 Apr 2019 08:39:40 +0000
Message-ID: <BYAPR16MB2790E24D2D28A0C2AA981C0CEA2C0@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <155402239346.12345.7871170827596594079@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302EA5053A@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAO249yf92bfdZCyfcQaHMt41SKO6CAQXOYEW2H++ZYQoXqKvpQ@mail.gmail.com> <787AE7BB302AE849A7480A190F8B93302EA51A15@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAO249yeRK7RJ59jcmpXkwFX5_RniwGoBCcno3tNsCcFCJiRhsA@mail.gmail.com> <BYAPR16MB27904373EA2F32A9805B239AEA510@BYAPR16MB2790.namprd16.prod.outlook.com> <CAO249yfhgvv3L9GxBQfYs-boeBecG+GhQSx90igDAuhA866WhA@mail.gmail.com>
In-Reply-To: <CAO249yfhgvv3L9GxBQfYs-boeBecG+GhQSx90igDAuhA866WhA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d811df4b-e963-48ae-5c3b-08d6bbfdbdce
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600139)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:BYAPR16MB2952;
x-ms-traffictypediagnostic: BYAPR16MB2952:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <BYAPR16MB295221E214176F88E361AAA4EA2C0@BYAPR16MB2952.namprd16.prod.outlook.com>
x-forefront-prvs: 0001227049
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39850400004)(376002)(396003)(346002)(366004)(136003)(32952001)(51914003)(189003)(199004)(256004)(106356001)(5024004)(6306002)(97736004)(54896002)(14444005)(72206003)(9686003)(52536014)(55016002)(5660300002)(74316002)(53936002)(7736002)(71190400001)(14454004)(9326002)(229853002)(71200400001)(236005)(86362001)(790700001)(6116002)(7696005)(68736007)(26005)(6246003)(54906003)(99286004)(186003)(446003)(105586002)(6436002)(76176011)(25786009)(80792005)(6916009)(8676002)(3846002)(93886005)(66066001)(476003)(11346002)(102836004)(4326008)(81156014)(8936002)(316002)(478600001)(486006)(33656002)(81166006)(53546011)(6506007)(2906002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2952; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: bVK9bCmKY1MxvGDnjK+2o1q/ZAphqz7Pc4gNzp7aZLUzaMKVIUYnnXdOKeFajFJttkXyMaLbYdrrg3dkipptOnsqq6FzARKHh5g4q1R+TRqyhVTXba6fAmZz7KwrQGmP0NwC0ss3SYpqv+jje9ATbOdOnx6k/7mMhrgdWoayshAVFFegcDEwDAu7YRNTFypmoACK4ICxidj5ytxWPQo83xY8SEbDYfsOcD8GMK8u6nLTZJnIPeDdSyiSXibshAhQSyzlcgr1et+JgrsymsheEvy04xpbc7EY9Gd7yhmA34nMBqARPiCQZzu+dQPXm2J9hj1XH8z1iWQTAYp/LNBf76jRT++g5t83BO7ZJm0kkZCMS5JpU+N1T04lpxlXTyRIerZSiqF9m6+Xt4nyE5bPNkiE3ua2QtZd57nkd3dcrk8=
Content-Type: multipart/alternative; boundary="_000_BYAPR16MB2790E24D2D28A0C2AA981C0CEA2C0BYAPR16MB2790namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: d811df4b-e963-48ae-5c3b-08d6bbfdbdce
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2019 08:39:40.3110 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2952
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6519> : inlines <7048> : streams <1818047> : uri <2828198>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/zlGm8ozmOn7LSCmRHsKNXW9Y1U4>
Subject: Re: [Dots] Tsvart last call review of draft-ietf-dots-signal-channel-31
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2019 08:40:09 -0000

Hi Yoshi,

Please see inline [TR2]

From: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>
Sent: Monday, April 8, 2019 12:24 PM
To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>
Cc: Yoshifumi Nishida <nishida@sfc.wide.ad.jp>; mohamed.boucadair@orange.com; ietf@ietf.org; draft-ietf-dots-signal-channel.all@ietf.org; dots@ietf.org; tsv-art@ietf.org; Yoshifumi Nishida <nishida@wide.ad.jp>
Subject: Re: [Dots] Tsvart last call review of draft-ietf-dots-signal-channel-31


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.


________________________________
Hi Tiru,

On Thu, Apr 4, 2019 at 10:46 PM Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@mcafee.com<mailto:TirumaleswarReddy_Konda@mcafee.com>> wrote:
Hmm. let's say the results of the happy eyeballs was TCP over IPv4 (just like the figure 4) and the client cache the info.
After certain period of time, the client will do happy eyeball again because other better connections might be available . But, in this case, how the cached info will be used?

[TR] The cache expires after a specific time period. If the cache has not expired, the client uses the information from the cache. If cache has expired, the client performs happy eyeball again.

It seems that an implementation that doesn't cache the info at all and does happy eyeballs at every 10 hours won't be allowed in this draft.

[TR] No, but if the subsequent attempt is within few seconds after the first attempt of happy eyeball, it would trash the network. The endpoint may have to re-establish the (D)TLS session within few seconds for several reasons (e.g. TLS session got terminated, DOTS server rebooted NAT rebooted etc.).

Thanks for the explanation. The logic makes sense to me.
I think it would be good to articulate this a bit more in the draft.
For example, the figure 4 example explains the probing period, but doesn't mention about the cache period.

[TR2]
Sure, we can update the text as follows:

Note that the DOTS client after successfully establishing a connection MUST cache information regarding the outcome of each
connection attempt and the cached information should be flushed when its age exceeds a system-defined maximum on the order of few minutes (e.g. 2 minutes).
If the DOTS client has to re-establish the connection with the DOTS server within few seconds after the Happy Eyeballs mechanism is complete,
  caching avoids trashing the network in the presence of DDoS attack traffic.

-Tiru

Thanks,
--
Yoshi

v2.23.0 | Report a Bug | By Email