Re: [i2rs] FW: New Version Notification for draft-krishnan-i2rs-large-flow-use-case-01.txt
Jeffrey Haas <jhaas@pfrc.org> Mon, 17 February 2014 22:44 UTC
Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: i2rs@ietfa.amsl.com
Delivered-To: i2rs@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A8461A03FC for <i2rs@ietfa.amsl.com>; Mon, 17 Feb 2014 14:44:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.116
X-Spam-Level:
X-Spam-Status: No, score=-2.116 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RP_MATCHES_RCVD=-0.548, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r2BPbNXTyae8 for <i2rs@ietfa.amsl.com>; Mon, 17 Feb 2014 14:43:59 -0800 (PST)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 43C2E1A0291 for <i2rs@ietf.org>; Mon, 17 Feb 2014 14:43:59 -0800 (PST)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 70B05C5B7; Mon, 17 Feb 2014 17:43:56 -0500 (EST)
Date: Mon, 17 Feb 2014 17:43:56 -0500
From: Jeffrey Haas <jhaas@pfrc.org>
To: ramki Krishnan <ramk@Brocade.com>
Message-ID: <20140217224356.GA445@pfrc>
References: <20140121013118.3737.29737.idtracker@ietfa.amsl.com> <C7634EB63EFD984A978DFB46EA5174F2C0013133D3@HQ1-EXCH01.corp.brocade.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <C7634EB63EFD984A978DFB46EA5174F2C0013133D3@HQ1-EXCH01.corp.brocade.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: http://mailarchive.ietf.org/arch/msg/i2rs/bLXkGaBEfzKMym8ROxDUxgkjN7s
Cc: "draft-krishnan-i2rs-large-flow-use-case@tools.ietf.org" <draft-krishnan-i2rs-large-flow-use-case@tools.ietf.org>, "i2rs@ietf.org" <i2rs@ietf.org>
Subject: Re: [i2rs] FW: New Version Notification for draft-krishnan-i2rs-large-flow-use-case-01.txt
X-BeenThere: i2rs@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Interface to The Internet Routing System \(IRS\)" <i2rs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i2rs>, <mailto:i2rs-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i2rs/>
List-Post: <mailto:i2rs@ietf.org>
List-Help: <mailto:i2rs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i2rs>, <mailto:i2rs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Feb 2014 22:44:01 -0000
Ramki, On Mon, Jan 20, 2014 at 09:43:24PM -0800, ramki Krishnan wrote: > Besides load balancing, we have added an additional use of case for DDoS attack mitigation in the latest draft. Looking forward to your comments. Below, please find some comments on -03: I'm having some difficulty reconciling the idea of typical DDoS traffic as being considered a "large flow". While your definition of a flow (section 1.3) leaves some latitude for which fields are used to identify a flow, that definition doesn't quite align with that in section 4.3.1 of draft-ietf-opsawg-large-flow-load-balancing. In particular, "a sequence of packets for which ordered delivery should be maintained". This may be intentional since the use cases are somewhat different, however I think it doesn't help the i2rs DDoS use case. In such a case, the flow is only long-lived in the sense that it is out of specification traffic for an extended period that is unwanted. In many cases, such traffic may only share the destination. This seems to stretch the definition a little bit. In section 2.1, you're intentionally setting aside involvement of an I2RS agent as being the entity that shares the communication of recognizing large flows. While I understand that existing mechanisms like IPFIX may be a better (initial) fit, why put it out of scope? For my own part, I believe that IPFIX collectors are likely participants in I2RS, long term. This would align with the second case where sampling collectors are used. In section 2.3.1, I believe there's also an implicit requirement that network elements be able to report if they are *capable* of permitting the programming of PBR entries to specific components. For example, if a LAG only carries a single IP address as an endpoint, sufficient information may not be available for layer 3 nexthop programming to distribute the traffic across the LAG and interaction with the load balancer at a deeper level may be required. There is also a typo: "a mechanism a programmable mechanism" I believe the intention of the section with this typo is that when traffic may be distributed over an ECMP path that the weights of the contributing nexthops for the ECMP path can be adjusted. If so, that's not clear in the way the text is currently written. Section 2.3.2.2 for MPLS Networks should probably include mention of the Entropy Label feature (RFC 6790). In section 3, another potential mitigation is I2RS initiating BGP Flowspec. -- Jeff
- [i2rs] FW: New Version Notification for draft-kri… ramki Krishnan
- Re: [i2rs] FW: New Version Notification for draft… Jeffrey Haas
- Re: [i2rs] FW: New Version Notification for draft… ramki Krishnan
- Re: [i2rs] FW: New Version Notification for draft… ramki Krishnan
- Re: [i2rs] FW: New Version Notification for draft… Jeffrey Haas
- Re: [i2rs] FW: New Version Notification for draft… ramki Krishnan