IETF Logo Mail Archive

[Last-Call] Artart last call review of draft-ietf-dots-telemetry-use-cases-11

Sean Turner via Datatracker <noreply@ietf.org> Wed, 21 September 2022 01:30 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: last-call@ietf.org
Delivered-To: last-call@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B374C14CE3A; Tue, 20 Sep 2022 18:30:21 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Sean Turner via Datatracker <noreply@ietf.org>
To: art@ietf.org
Cc: dots@ietf.org, draft-ietf-dots-telemetry-use-cases.all@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 8.16.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <166372382149.12048.15710097866385991335@ietfa.amsl.com>
Reply-To: Sean Turner <sean+ietf@sn3rd.com>
Date: Tue, 20 Sep 2022 18:30:21 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/8YqnF00zO5bFUXnC_XIlYfdXgDg>
Subject: [Last-Call] Artart last call review of draft-ietf-dots-telemetry-use-cases-11
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Sep 2022 01:30:21 -0000

Reviewer: Sean Turner
Review result: Ready with Nits

Hi! All but the (0) issue are editorial issues, and the JSON parsing issues
ought to be easy to fix:

0) JSON parsing issues:

0.1) s3.1.5: I think maybe instead of this:

  "attack-description":
    "attack-description": "DNS amplification Attack: \
    ...

use this:

  "attack-description": "DNS amplification Attack: \
     ...

0.2) s3.2.2: Error: Duplicate key 'mid-percentile-g'

1) Can you provide some additional background on the term "label" as it is used
in this document; appears to be related to ML. See Un/Supervised Machine
Learning definitions.

2) s3.1: I think maybe some .md/.xml for the bullets got messed up:

  In particular,
  the following telemetry parameters are used: * 'measurement-interval'
  to define the period during which percentiles are computed. *
  'measurement-sample' to define the time distribution for measuring
  values that are used to compute percentiles.

3) s3.1.1, 1st para: Not sure you need the 1 Tps example, in 5 years that might
seem low. Also maybe tweak the sentence a bit:

  Some transit providers have to mitigate very large-scale DDoS attacks
  with their own previously deployed DDoS Mitigation Systems (DMSes) that
  lack sufficient resources.

4) s3.1.1, 2nd para (friendly editorial suggestion):

s/The aim of this use case is to enable transit/This use case enables transit

5) Figure 1: Would it be clearer for the target(s) in the figure to be:

[ Target(s)]

6) s3.1.1, 4th para: The word "using" is kind of dangling:

s/The forwarding nodes send traffic statistics to the flow collectors
  using, e.g., IP Flow Information Export (IPFIX) [RFC7011].
/The forwarding nodes send traffic statistics to the flow collectors,
 e.g., using IP Flow Information Export (IPFIX) [RFC7011].

7) s3.1.1, 4th para: Maybe:

 After that, the orchestrator
 orders the forwarding nodes to redirect as much of the top-talker's
 traffic to the DMS as possible by dissemination of Flow
 Specifications relying upon tools, such as Border Gateway Protocol
 Dissemination of Flow Specification Rules (BGP Flowspec) [RFC8955].

NEW:

 After that, the orchestrator
 orders the forwarding nodes to redirect as much of the top-talker's
 traffic to the DMS as possible by dissemination of Flow
 Specifications using tools such as Border Gateway Protocol
 Dissemination of Flow Specification Rules (BGP Flowspec) [RFC8955].

8) s3.1.2, 1st para: Is this:

   Transit providers can deploy their DMSes in clusters.  Then, they can
   select the DMS to be used to mitigate a DDoS attack under attack
   time.

trying to say this:

   Transit providers can deploy their DMSes in clusters.  Then, they can
   select the DMS to be used to mitigate a DDoS attack while under attack.

9) s3.1.2, 2nd para:

s/The aim of this use case is to enable transit/This use case enables transit

10) Figure 3: Why are there two [Target] elements in the figure?

11) s3.1.2, 3rd para: The word "using" is kind of dangling:

s/The forwarding nodes send traffic statistics to the flow collectors
  using, e.g., IP Flow Information Export (IPFIX) [RFC7011].
/The forwarding nodes send traffic statistics to the flow collectors,
 e.g., using IP Flow Information Export (IPFIX) [RFC7011].

12) s3.1.3, 2nd para:

s/The aim of this use case is to enable transit/This use case enables transit

13) Figure 5: I think you need one more space before the line with the nodes to
make the DOTS box a box :):

               --->C| Forwarding |  --->C| Forwarding |--->
 e.g., BGP Flowspec |   node     |       |   node     |
^ add a space
     (Redirect) --->|            |       |            |  DDoS Attack

14) s3.1.3, 3rd para:

OLD:

 After that, the orchestrator orders the
 appropriate forwarding nodes to redirect the attack traffic to the
 optimal DMS by dissemination of Flow Specifications relying upon
 tools, such as BGP Flowspec.

NEW:

 After that, the orchestrator orders the
 appropriate forwarding nodes to redirect the attack traffic to the
 optimal DMS by dissemination of Flow Specifications using tools
 such as Border Gateway Protocol Dissemination of Flow Specification
 Rules (BGP Flowspec) [RFC8955].

15) s3.1.4, 1st para:

s/internet/Internet

s/The feature of the attack is that start from zero and go to maximum
/These attacks start from zero and go to maximum

s/It is
difficult for them to mitigate an attack by DMS by redirecting attack
flows because it may cause route flapping in the network.
/It is
difficult for the transit providers to mitigate an attack with their
DMSes by redirecting attack flows because it may cause route flapping
in the network.

16) s3.1.4, 2nd para:

s/The aim of this use case is to enable transit/This use case enables transit

17) s3.1.4, 3rd para: Maybe:

 After that, the administrative system orders relevant forwarding
 nodes to carry out rate-limit all traffic destined to the target
 based on the pipe capability by the dissemination of the Flow
 Specifications relying upon tools, such as BGP Flowspec.

NEW:

 After that, the administrative system orders relevant forwarding
 nodes to carry out rate-limit all traffic destined to the target
 based on the pipe capability by the dissemination of the Flow
 Specifications using tools such as Border Gateway Protocol
 Dissemination of Flow Specification Rules (BGP Flowspec) [RFC8955].

18) s3.1.5, 1st para: Provide reference for DNS Water Torture Attacks.

19) s3.1.5, 2nd para:

s/The aim of this use case is to enable transit/This use case enables transit

20) s3.1.5, 5th para:

s/Specifications, e.g.  [RFC8955]
/Specifications using tools such as Border Gateway Protocol
Dissemination of Flow Specification Rules (BGP Flowspec) [RFC8955].

s/such as BGP
/such as BGP [RFC4271].

21) s3.2:

s/The aim of this use case is to share the/This use case enables sharing of

22) s3.3.1, 1st para: s/internet/Internet

23) s3.3.1, 2nd para:

s/The aim of this use case is to enable transit/This use case enables transit

24) s3.3.2, 1st para:

s/The aim of this use case is to carry out/This use case supports

v2.23.0 | Report a Bug | By Email