IETF Logo Mail Archive

Re: [Idr] New Version Notification for draft-liang-idr-bgp-flowspec-time-00.txt

Gunter Van De Velde <guntervandeveldecc@icloud.com> Mon, 19 October 2015 19:50 UTC

Return-Path: <guntervandeveldecc@icloud.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B1DF1A8BB5 for <idr@ietfa.amsl.com>; Mon, 19 Oct 2015 12:50:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7MlNLKH_0f6W for <idr@ietfa.amsl.com>; Mon, 19 Oct 2015 12:50:21 -0700 (PDT)
Received: from st13p11im-asmtp004.me.com (st13p11im-asmtp004.me.com [17.164.40.219]) (using TLSv1.2 with cipher DHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D4C71A8AC2 for <idr@ietf.org>; Mon, 19 Oct 2015 12:50:21 -0700 (PDT)
Received: from [192.168.1.14] (1.77-131-109.adsl-dyn.isp.belgacom.be [109.131.77.1]) by st13p11im-asmtp004.me.com (Oracle Communications Messaging Server 7.0.5.35.0 64bit (built Mar 31 2015)) with ESMTPSA id <0NWH00149GFNQ340@st13p11im-asmtp004.me.com> for idr@ietf.org; Mon, 19 Oct 2015 19:50:14 +0000 (GMT)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2015-10-19_15:,, signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 kscore.is_bulkscore=0 kscore.compositescore=1 compositescore=0.9 suspectscore=3 phishscore=0 bulkscore=0 kscore.is_spamscore=0 rbsscore=0 spamscore=0 urlsuspectscore=0.9 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1510090000 definitions=main-1510190338
Content-type: multipart/alternative; boundary="Apple-Mail=_8C74F86F-2644-40BB-91AF-D215B9991E9B"
MIME-version: 1.0 (Mac OS X Mail 9.0 \(3094\))
From: Gunter Van De Velde <guntervandeveldecc@icloud.com>
In-reply-to: <CA+b+ERkuW4npZasCJ8ctExJ81E=2PjMPSvpzKjUKsuT5evJfOw@mail.gmail.com>
Date: Mon, 19 Oct 2015 21:50:10 +0200
Message-id: <F42272F9-0836-41A6-B131-19EF705EDCB5@icloud.com>
References: <0fb08854-77ad-41fd-bc8e-49621e1e013f@me.com> <CA+b+ERkuW4npZasCJ8ctExJ81E=2PjMPSvpzKjUKsuT5evJfOw@mail.gmail.com>
To: Robert Raszuk <robert@raszuk.net>
X-Mailer: Apple Mail (2.3094)
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/kgHFH0aaRiB_x11P1s7CjGHO4QY>
Cc: idr wg <idr@ietf.org>
Subject: Re: [Idr] New Version Notification for draft-liang-idr-bgp-flowspec-time-00.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Oct 2015 19:50:24 -0000

If the purpose is to communicate timing properties attached a NLRI, then why limit it to ‘just’ flow spec AF? it could potentially be used for any type NLRI.

To understand the potential, could you share the list of those proposals that were not rolled out due to a micro-second BGP signalled timing requirements?

I am trying to understand if for those BGP signalling would make sense or if there would be better options.

G/



> On 19 Oct 2015, at 10:43, Robert Raszuk <robert@raszuk.net> wrote:
> 
> Hi Gunter,
> 
> You are right if we would limit flowspec to only DDoS mitigation tool. 
> 
> Apparently number of other use cases popped up since flowspec was first defined.
> 
> So while as Thomas already mentioned we could/should discuss choice of encoding I am quite sympathetic to the idea proposed by Jianjie.
> 
> Along the same lines today in general we have dropped number of proposals which if not rolled out in the same time would create loops. Perhaps there is light in the end of the tunnel to be also able to activate specific control plane or forwarding behavior at specific time set or for specific time set. 
> 
> Best,
> r.
> 
> 
> On Mon, Oct 19, 2015 at 9:31 AM, Gunter Van De Velde <guntervandeveldecc@icloud.com <mailto:guntervandeveldecc@icloud.com>> wrote:
> Hi Youjianjie,
> 
> I would expect a flow spec rule to be valid for consumption from the moment its originated from a flow spec controller until it is withdrawn by the controller. In the text proposed you relate to different forwarding delays for a router to receive the flow spec rule and hence justifies a need for new community to specify 'valid-time' for the flow spec route. This seems as a pretty light reason for such a complex proposed logical machine.
> 
> Be well,
> G/
> Sent from iCloud
> 
> On Oct 19, 2015, at 04:08 AM, Youjianjie <youjianjie@huawei.com <mailto:youjianjie@huawei.com>> wrote:
> 
>> Dear all,
>> 
>> This document proposes a new BGP path attribute called "Flow Extended Attribute", which carries expected valid period information for a FlowSpec rule.
>> Could you please review? Your comments are welcome.
>> 
>> Thanks,
>> Jianjie
>> 
>> -----邮件原件-----
>> 发件人: internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> [mailto:internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>] 
>> 发送时间: 2015年10月19日 9:58
>> 收件人: Liangqiandeng; Zhuangshunwan; Youjianjie; Zhuangshunwan; Youjianjie; Liangqiandeng
>> 主题: New Version Notification for draft-liang-idr-bgp-flowspec-time-00.txt
>> 
>> 
>> A new version of I-D, draft-liang-idr-bgp-flowspec-time-00.txt
>> has been successfully submitted by Jianjie You and posted to the IETF repository.
>> 
>> Name:                draft-liang-idr-bgp-flowspec-time
>> Revision:    00
>> Title:                BGP FlowSpec with Time Constraints
>> Document date:        2015-10-18
>> Group:                Individual Submission
>> Pages:      9
>> URL: https://www.ietf.org/internet-drafts/draft-liang-idr-bgp-flowspec-time-00.txt <https://www.ietf.org/internet-drafts/draft-liang-idr-bgp-flowspec-time-00.txt>
>> Status: https://datatracker.ietf.org/doc/draft-liang-idr-bgp-flowspec-time/ <https://datatracker.ietf.org/doc/draft-liang-idr-bgp-flowspec-time/>
>> Htmlized: https://tools.ietf.org/html/draft-liang-idr-bgp-flowspec-time-00 <https://tools.ietf.org/html/draft-liang-idr-bgp-flowspec-time-00>
>> 
>> 
>> Abstract:
>> The BGP flow specification (FlowSpec) is an additional tool to
>> mitigate the effects of Distributed Denial of Service (DDoS) attacks.
>> Since DDoS attacks are dynamic, filtering of a flow may only be
>> necessary for some specified time, and be undesirable at other times.
>> This document proposes a new BGP path attribute called "Flow Extended
>> Attribute", which carries expected valid period information for a
>> FlowSpec rule. So network administrators can control certain types
>> of traffic in a specified period.
>> 
>> 
>> 
>> 
>> 
>> Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org <http://tools.ietf.org/>.
>> 
>> The IETF Secretariat
>> 
>> _______________________________________________
>> Idr mailing list
>> Idr@ietf.org <mailto:Idr@ietf.org>
>> https://www.ietf.org/mailman/listinfo/idr <https://www.ietf.org/mailman/listinfo/idr>
> 
> _______________________________________________
> Idr mailing list
> Idr@ietf.org <mailto:Idr@ietf.org>
> https://www.ietf.org/mailman/listinfo/idr <https://www.ietf.org/mailman/listinfo/idr>
> 
>

v2.23.0 | Report a Bug | By Email