IETF Logo Mail Archive

[I2nsf] questions about draft-hares-i2nsf-ssls

Linda Dunbar <linda.dunbar@huawei.com> Thu, 13 July 2017 22:23 UTC

Return-Path: <linda.dunbar@huawei.com>
X-Original-To: i2nsf@ietfa.amsl.com
Delivered-To: i2nsf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAD1212EC40 for <i2nsf@ietfa.amsl.com>; Thu, 13 Jul 2017 15:23:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sHrjTNFxxwsk for <i2nsf@ietfa.amsl.com>; Thu, 13 Jul 2017 15:23:41 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 582DD127869 for <i2nsf@ietf.org>; Thu, 13 Jul 2017 15:23:40 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml702-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DRB47976; Thu, 13 Jul 2017 22:23:38 +0000 (GMT)
Received: from SJCEML703-CHM.china.huawei.com (10.208.112.39) by lhreml702-cah.china.huawei.com (10.201.108.43) with Microsoft SMTP Server (TLS) id 14.3.301.0; Thu, 13 Jul 2017 23:23:37 +0100
Received: from SJCEML702-CHM.china.huawei.com ([169.254.4.142]) by SJCEML703-CHM.china.huawei.com ([169.254.5.136]) with mapi id 14.03.0301.000; Thu, 13 Jul 2017 15:23:35 -0700
From: Linda Dunbar <linda.dunbar@huawei.com>
To: "shares@ndzh.com" <shares@ndzh.com>, "rgm@htt-consult.com" <rgm@htt-consult.com>, "i2nsf@ietf.org" <i2nsf@ietf.org>
Thread-Topic: questions about draft-hares-i2nsf-ssls
Thread-Index: AdL8JJB57pKtT0OpQS2lUFe6QPO3iw==
Date: Thu, 13 Jul 2017 22:23:34 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F6593FC563@SJCEML702-CHM.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.192.11.171]
Content-Type: multipart/alternative; boundary="_000_4A95BA014132FF49AE685FAB4B9F17F6593FC563SJCEML702CHMchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090204.5967F2EA.00A5, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.142, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 852b61cb5de9105675003f3d4feda5b7
Archived-At: <https://mailarchive.ietf.org/arch/msg/i2nsf/ddDe5hGrMBdLl2yaJrmrPnPoR6Y>
Subject: [I2nsf] questions about draft-hares-i2nsf-ssls
X-BeenThere: i2nsf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "*I2NSF: Interface to Network Security Functions mailing list*" <i2nsf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i2nsf/>
List-Post: <mailto:i2nsf@ietf.org>
List-Help: <mailto:i2nsf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2nsf>, <mailto:i2nsf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jul 2017 22:23:43 -0000

Sue and Robert,

When you say "..DDoS attack to I2NSF agent", do you mean the entity (such as the Admin) that issues policies to the Controller is under DDoS attack?
Each I2NSF agent and I2NSF client needs to provide application level
support for management traffic during periods of DDoS and network
security attacks to deal with congestion (burst and/or continuous),
high error rates and packet loss due to the attacks, and the
inability to utilize a transport protocol (E.g. TCP) due to a
specific protocol attack.


Are the SSLs in your draft refer to the SSL between I2NSF client and agent?

When you say APIs to application, who is issuing the APIs and who is receiving the APIs?

Thank you very much.

Linda Dunbar

v2.23.0 | Report a Bug | By Email