IETF Logo Mail Archive

[Idr] 答复: New Version Notification for draft-liang-idr-bgp-flowspec-time-00.txt

Youjianjie <youjianjie@huawei.com> Fri, 23 October 2015 07:10 UTC

Return-Path: <youjianjie@huawei.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15B941B2DE7 for <idr@ietfa.amsl.com>; Fri, 23 Oct 2015 00:10:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.91
X-Spam-Level:
X-Spam-Status: No, score=-3.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rFemmYB6N06z for <idr@ietfa.amsl.com>; Fri, 23 Oct 2015 00:10:36 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18D261B2DE6 for <idr@ietf.org>; Fri, 23 Oct 2015 00:10:34 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml405-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CCX76854; Fri, 23 Oct 2015 07:10:33 +0000 (GMT)
Received: from nkgeml405-hub.china.huawei.com (10.98.56.36) by lhreml405-hub.china.huawei.com (10.201.5.242) with Microsoft SMTP Server (TLS) id 14.3.235.1; Fri, 23 Oct 2015 08:10:32 +0100
Received: from NKGEML509-MBS.china.huawei.com ([169.254.2.4]) by nkgeml405-hub.china.huawei.com ([10.98.56.36]) with mapi id 14.03.0235.001; Fri, 23 Oct 2015 15:10:27 +0800
From: Youjianjie <youjianjie@huawei.com>
To: Gunter Van De Velde <guntervandeveldecc@icloud.com>, Robert Raszuk <robert@raszuk.net>
Thread-Topic: [Idr] New Version Notification for draft-liang-idr-bgp-flowspec-time-00.txt
Thread-Index: AQHRCkAtxqAXHE5ijUa50tGg9c/2Xp5x+cMAgAC6WQCABfJ+EA==
Date: Fri, 23 Oct 2015 07:10:25 +0000
Message-ID: <F6C28B32DA084644BB6C8D0BD65B669D1FABC4@nkgeml509-mbs.china.huawei.com>
References: <0fb08854-77ad-41fd-bc8e-49621e1e013f@me.com> <CA+b+ERkuW4npZasCJ8ctExJ81E=2PjMPSvpzKjUKsuT5evJfOw@mail.gmail.com> <F42272F9-0836-41A6-B131-19EF705EDCB5@icloud.com>
In-Reply-To: <F42272F9-0836-41A6-B131-19EF705EDCB5@icloud.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.136.79.106]
Content-Type: multipart/alternative; boundary="_000_F6C28B32DA084644BB6C8D0BD65B669D1FABC4nkgeml509mbschina_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <http://mailarchive.ietf.org/arch/msg/idr/xor67fzSppVhRCL_e4J8F1mMjTU>
Cc: idr wg <idr@ietf.org>
Subject: [Idr] 答复: New Version Notification for draft-liang-idr-bgp-flowspec-time-00.txt
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Oct 2015 07:10:40 -0000

Hi Gunter,

Yes, it could potentially be used for any type NLRI if having use cases and requirements for them. We haven’t analyzed those yet.

Thanks,
Jianjie

发件人: Gunter Van De Velde [mailto:guntervandeveldecc@icloud.com]
发送时间: 2015年10月20日 3:50
收件人: Robert Raszuk
抄送: Youjianjie; idr wg
主题: Re: [Idr] New Version Notification for draft-liang-idr-bgp-flowspec-time-00.txt

If the purpose is to communicate timing properties attached a NLRI, then why limit it to ‘just’ flow spec AF? it could potentially be used for any type NLRI.

To understand the potential, could you share the list of those proposals that were not rolled out due to a micro-second BGP signalled timing requirements?

I am trying to understand if for those BGP signalling would make sense or if there would be better options.

G/



On 19 Oct 2015, at 10:43, Robert Raszuk <robert@raszuk.net<mailto:robert@raszuk.net>> wrote:

Hi Gunter,

You are right if we would limit flowspec to only DDoS mitigation tool.

Apparently number of other use cases popped up since flowspec was first defined.

So while as Thomas already mentioned we could/should discuss choice of encoding I am quite sympathetic to the idea proposed by Jianjie.

Along the same lines today in general we have dropped number of proposals which if not rolled out in the same time would create loops. Perhaps there is light in the end of the tunnel to be also able to activate specific control plane or forwarding behavior at specific time set or for specific time set.

Best,
r.


On Mon, Oct 19, 2015 at 9:31 AM, Gunter Van De Velde <guntervandeveldecc@icloud.com<mailto:guntervandeveldecc@icloud.com>> wrote:
Hi Youjianjie,

I would expect a flow spec rule to be valid for consumption from the moment its originated from a flow spec controller until it is withdrawn by the controller. In the text proposed you relate to different forwarding delays for a router to receive the flow spec rule and hence justifies a need for new community to specify 'valid-time' for the flow spec route. This seems as a pretty light reason for such a complex proposed logical machine.

Be well,
G/

Sent from iCloud

On Oct 19, 2015, at 04:08 AM, Youjianjie <youjianjie@huawei.com<mailto:youjianjie@huawei.com>> wrote:
Dear all,

This document proposes a new BGP path attribute called "Flow Extended Attribute", which carries expected valid period information for a FlowSpec rule.
Could you please review? Your comments are welcome.

Thanks,
Jianjie

-----邮件原件-----
发件人: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> [mailto:internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>]
发送时间: 2015年10月19日 9:58
收件人: Liangqiandeng; Zhuangshunwan; Youjianjie; Zhuangshunwan; Youjianjie; Liangqiandeng
主题: New Version Notification for draft-liang-idr-bgp-flowspec-time-00.txt


A new version of I-D, draft-liang-idr-bgp-flowspec-time-00.txt
has been successfully submitted by Jianjie You and posted to the IETF repository.

Name:                draft-liang-idr-bgp-flowspec-time
Revision:    00
Title:                BGP FlowSpec with Time Constraints
Document date:        2015-10-18
Group:                Individual Submission
Pages:      9
URL: https://www.ietf.org/internet-drafts/draft-liang-idr-bgp-flowspec-time-00.txt
Status: https://datatracker.ietf.org/doc/draft-liang-idr-bgp-flowspec-time/
Htmlized: https://tools.ietf.org/html/draft-liang-idr-bgp-flowspec-time-00


Abstract:
The BGP flow specification (FlowSpec) is an additional tool to
mitigate the effects of Distributed Denial of Service (DDoS) attacks.
Since DDoS attacks are dynamic, filtering of a flow may only be
necessary for some specified time, and be undesirable at other times.
This document proposes a new BGP path attribute called "Flow Extended
Attribute", which carries expected valid period information for a
FlowSpec rule. So network administrators can control certain types
of traffic in a specified period.





Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org/>.

The IETF Secretariat

_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr

_______________________________________________
Idr mailing list
Idr@ietf.org<mailto:Idr@ietf.org>
https://www.ietf.org/mailman/listinfo/idr

v2.23.0 | Report a Bug | By Email