< draft-ietf-dots-telemetry-03.txt   draft-ietf-dots-telemetry-04.txt >
DOTS M. Boucadair, Ed. DOTS M. Boucadair, Ed.
Internet-Draft Orange Internet-Draft Orange
Intended status: Standards Track T. Reddy, Ed. Intended status: Standards Track T. Reddy, Ed.
Expires: September 3, 2020 McAfee Expires: September 20, 2020 McAfee
E. Doron E. Doron
Radware Ltd. Radware Ltd.
M. Chen M. Chen
CMCC CMCC
March 2, 2020 March 19, 2020
Distributed Denial-of-Service Open Threat Signaling (DOTS) Telemetry Distributed Denial-of-Service Open Threat Signaling (DOTS) Telemetry
draft-ietf-dots-telemetry-03 draft-ietf-dots-telemetry-04
Abstract Abstract
This document aims to enrich DOTS signal channel protocol with This document aims to enrich DOTS signal channel protocol with
various telemetry attributes allowing optimal DDoS attack mitigation. various telemetry attributes allowing optimal DDoS attack mitigation.
This document specifies the normal traffic baseline and attack This document specifies the normal traffic baseline and attack
traffic telemetry attributes a DOTS client can convey to its DOTS traffic telemetry attributes a DOTS client can convey to its DOTS
server in the mitigation request, the mitigation status telemetry server in the mitigation request, the mitigation status telemetry
attributes a DOTS server can communicate to a DOTS client, and the attributes a DOTS server can communicate to a DOTS client, and the
mitigation efficacy telemetry attributes a DOTS client can mitigation efficacy telemetry attributes a DOTS client can
skipping to change at page 1, line 44 skipping to change at page 1, line 44
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 3, 2020. This Internet-Draft will expire on September 20, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 51 skipping to change at page 2, line 51
6.2. Total Pipe Capacity . . . . . . . . . . . . . . . . . . . 19 6.2. Total Pipe Capacity . . . . . . . . . . . . . . . . . . . 19
6.2.1. Convey DOTS Client Domain Pipe Capacity . . . . . . . 20 6.2.1. Convey DOTS Client Domain Pipe Capacity . . . . . . . 20
6.2.2. Retrieve Installed DOTS Client Domain Pipe Capacity . 25 6.2.2. Retrieve Installed DOTS Client Domain Pipe Capacity . 25
6.2.3. Delete Installed DOTS Client Domain Pipe Capacity . . 25 6.2.3. Delete Installed DOTS Client Domain Pipe Capacity . . 25
6.3. Telemetry Baseline . . . . . . . . . . . . . . . . . . . 26 6.3. Telemetry Baseline . . . . . . . . . . . . . . . . . . . 26
6.3.1. Convey DOTS Client Domain Baseline Information . . . 28 6.3.1. Convey DOTS Client Domain Baseline Information . . . 28
6.3.2. Retrieve Installed Normal Traffic Baseline . . . . . 29 6.3.2. Retrieve Installed Normal Traffic Baseline . . . . . 29
6.3.3. Delete Installed Normal Traffic Baseline . . . . . . 29 6.3.3. Delete Installed Normal Traffic Baseline . . . . . . 29
6.4. Reset Installed Telemetry Setup . . . . . . . . . . . . . 29 6.4. Reset Installed Telemetry Setup . . . . . . . . . . . . . 29
6.5. Conflict with Other DOTS Clients of the Same Domain . . . 30 6.5. Conflict with Other DOTS Clients of the Same Domain . . . 30
7. DOTS Pre-mitigation Telemetry . . . . . . . . . . . . . . . . 30 7. DOTS Pre-or-Ongoing Mitigation Telemetry . . . . . . . . . . 30
7.1. Pre-mitigation DOTS Telemetry Attributes . . . . . . . . 32 7.1. Pre-or-Ongoing-Mitigation DOTS Telemetry Attributes . . . 32
7.1.1. Target . . . . . . . . . . . . . . . . . . . . . . . 32 7.1.1. Target . . . . . . . . . . . . . . . . . . . . . . . 32
7.1.2. Total Traffic . . . . . . . . . . . . . . . . . . . . 33 7.1.2. Total Traffic . . . . . . . . . . . . . . . . . . . . 33
7.1.3. Total Attack Traffic . . . . . . . . . . . . . . . . 34 7.1.3. Total Attack Traffic . . . . . . . . . . . . . . . . 34
7.1.4. Total Attack Connections . . . . . . . . . . . . . . 35 7.1.4. Total Attack Connections . . . . . . . . . . . . . . 35
7.1.5. Attack Details . . . . . . . . . . . . . . . . . . . 37 7.1.5. Attack Details . . . . . . . . . . . . . . . . . . . 37
7.2. From DOTS Clients to DOTS Servers . . . . . . . . . . . . 39 7.2. From DOTS Clients to DOTS Servers . . . . . . . . . . . . 39
7.3. From DOTS Servers to DOTS Client . . . . . . . . . . . . 40 7.3. From DOTS Servers to DOTS Clients . . . . . . . . . . . . 40
8. DOTS Telemetry Mitigation Status Update . . . . . . . . . . . 43 8. DOTS Telemetry Mitigation Status Update . . . . . . . . . . . 43
8.1. DOTS Client to Server Mitigation Efficacy DOTS Telemetry 8.1. DOTS Clients to Servers Mitigation Efficacy DOTS
Attributes . . . . . . . . . . . . . . . . . . . . . . . 43 Telemetry Attributes . . . . . . . . . . . . . . . . . . 43
8.2. DOTS Server to Client Mitigation Status DOTS Telemetry 8.2. DOTS Servers to Clients Mitigation Status DOTS Telemetry
Attributes . . . . . . . . . . . . . . . . . . . . . . . 44 Attributes . . . . . . . . . . . . . . . . . . . . . . . 45
9. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 47 9. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 48
10. YANG/JSON Mapping Parameters to CBOR . . . . . . . . . . . . 68 10. YANG/JSON Mapping Parameters to CBOR . . . . . . . . . . . . 71
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 71 11. IANA Considerationsr . . . . . . . . . . . . . . . . . . . . 75
11.1. DOTS Signal Channel CBOR Key Values . . . . . . . . . . 71 11.1. DOTS Signal Channel CBOR Key Values . . . . . . . . . . 75
11.2. DOTS Signal Channel Conflict Cause Codes . . . . . . . . 75 11.2. DOTS Signal Channel Conflict Cause Codes . . . . . . . . 78
11.3. DOTS Signal Telemetry YANG Module . . . . . . . . . . . 75 11.3. DOTS Signal Telemetry YANG Module . . . . . . . . . . . 78
12. Security Considerations . . . . . . . . . . . . . . . . . . . 75 12. Security Considerations . . . . . . . . . . . . . . . . . . . 79
13. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 75 13. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 79
14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 76 14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 79
15. References . . . . . . . . . . . . . . . . . . . . . . . . . 76 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 79
15.1. Normative References . . . . . . . . . . . . . . . . . . 76 15.1. Normative References . . . . . . . . . . . . . . . . . . 79
15.2. Informative References . . . . . . . . . . . . . . . . . 77 15.2. Informative References . . . . . . . . . . . . . . . . . 81
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 81
1. Introduction 1. Introduction
Distributed Denial of Service (DDoS) attacks have become more vicious Distributed Denial of Service (DDoS) attacks have become more vicious
and sophisticated in almost all aspects of their maneuvers and and sophisticated in almost all aspects of their maneuvers and
malevolent intentions. IT organizations and service providers are malevolent intentions. IT organizations and service providers are
facing DDoS attacks that fall into two broad categories: Network/ facing DDoS attacks that fall into two broad categories: Network/
Transport layer attacks and Application layer attacks: Transport layer attacks and Application layer attacks:
o Network/Transport layer attacks target the victim's o Network/Transport layer attacks target the victim's
skipping to change at page 13, line 21 skipping to change at page 13, line 21
Figure 2: GET to Retrieve Current and Acceptable DOTS Telemetry Figure 2: GET to Retrieve Current and Acceptable DOTS Telemetry
Configuration Configuration
Upon receipt of such request, the DOTS server replies with a 2.05 Upon receipt of such request, the DOTS server replies with a 2.05
(Content) response that conveys the current and telemetry parameters (Content) response that conveys the current and telemetry parameters
acceptable by the DOTS server. The tree structure of the response acceptable by the DOTS server. The tree structure of the response
message body is provided in Figure 3. Note that the response also message body is provided in Figure 3. Note that the response also
includes any pipe (Section 6.2) and baseline information includes any pipe (Section 6.2) and baseline information
(Section 6.3) maintained by the DOTS server for this DOTS client. (Section 6.3) maintained by the DOTS server for this DOTS client.
DOTS servers that support the capability of sending pre-mitigation DOTS servers that support the capability of sending telemetry
telemetry information to DOTS clients (Section 8.2) sets 'server- information to DOTS clients prior or during a mitigation
originated-telemetry' under 'max-config-values' to 'true' ('false' is (Section 8.2) sets 'server-originated-telemetry' under 'max-config-
used otherwise). If 'server-originated-telemetry' is not present in values' to 'true' ('false' is used otherwise). If 'server-
a response, this is equivalent to receiving a request with 'server- originated-telemetry' is not present in a response, this is
originated-telemetry'' set to 'false'. equivalent to receiving a request with 'server-originated-telemetry''
set to 'false'.
augment /ietf-signal:dots-signal/ietf-signal:message-type: augment /ietf-signal:dots-signal/ietf-signal:message-type:
+--:(telemetry-setup) {dots-telemetry}? +--:(telemetry-setup) {dots-telemetry}?
| +--rw telemetry* [cuid tsid] | +--rw telemetry* [cuid tsid]
| ... | ...
| +--rw (setup-type)? | +--rw (setup-type)?
| +--:(telemetry-config) | +--:(telemetry-config)
| | +--rw current-config | | +--rw current-config
| | | +--rw measurement-interval? interval | | | +--rw measurement-interval? interval
| | | +--rw measurement-sample? sample | | | +--rw measurement-sample? sample
skipping to change at page 14, line 46 skipping to change at page 14, line 46
| | | +--ro telemetry-notify-interval? uint32 | | | +--ro telemetry-notify-interval? uint32
| | +--ro supported-units | | +--ro supported-units
| | +--ro unit-config* [unit] | | +--ro unit-config* [unit]
| | +--ro unit unit | | +--ro unit unit
| | +--ro unit-status? boolean | | +--ro unit-status? boolean
| +--:(pipe) | +--:(pipe)
| ... | ...
| +--:(baseline) | +--:(baseline)
| ... | ...
+--:(telemetry) {dots-telemetry}? +--:(telemetry) {dots-telemetry}?
+--rw pre-mitigation* [cuid tmid] +--rw pre-or-ongoing-mitigation* [cuid tmid]
... ...
Figure 3: Telemetry Configuration Tree Structure Figure 3: Telemetry Configuration Tree Structure
6.1.2. Convey DOTS Telemetry Configuration 6.1.2. Convey DOTS Telemetry Configuration
PUT request is used to convey the configuration parameters for the PUT request is used to convey the configuration parameters for the
telemetry data (e.g., low, mid, or high percentile values). For telemetry data (e.g., low, mid, or high percentile values). For
example, a DOTS client may contact its DOTS server to change the example, a DOTS client may contact its DOTS server to change the
default percentile values used as baseline for telemetry data. default percentile values used as baseline for telemetry data.
skipping to change at page 17, line 37 skipping to change at page 17, line 37
} }
Figure 5: PUT to Disable Low- and Mid-Percentiles Figure 5: PUT to Disable Low- and Mid-Percentiles
DOTS clients can also configure the unit(s) to be used for traffic- DOTS clients can also configure the unit(s) to be used for traffic-
related telemetry data. Typically, the supported units are: packets related telemetry data. Typically, the supported units are: packets
per second (PPS) or kilo packets per second (Kpps) and Bits per per second (PPS) or kilo packets per second (Kpps) and Bits per
Second (BPS), and kilobytes per second or megabytes per second or Second (BPS), and kilobytes per second or megabytes per second or
gigabytes per second. gigabytes per second.
DOTS clients that are interested to receive pre-mitigation telemetry DOTS clients that are interested to receive pre- or onoing mitigation
information from a DOTS server (Section 8.2) MUST set 'server- telemetry (pre-or-ongoing-mitigation) information from a DOTS server
originated-telemetry' to 'true'. If 'server-originated-telemetry' is (Section 8.2) MUST set 'server-originated-telemetry' to 'true'. If
not present in a PUT request, this is equivalent to receiving a 'server-originated-telemetry' is not present in a PUT request, this
request with 'server-originated-telemetry'' set to 'false'. An is equivalent to receiving a request with 'server-originated-
example of a request to enable pre-mitigation telemetry from DOTS telemetry'' set to 'false'. An example of a request to enable pre-
servers is shown in Figure 6. or-ongoing-mitigation telemetry from DOTS servers is shown in
Figure 6.
Header: PUT (Code=0.03) Header: PUT (Code=0.03)
Uri-Path: ".well-known" Uri-Path: ".well-known"
Uri-Path: "dots" Uri-Path: "dots"
Uri-Path: "tm-setup" Uri-Path: "tm-setup"
Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw" Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw"
Uri-Path: "tsid=569" Uri-Path: "tsid=569"
Content-Format: "application/dots+cbor" Content-Format: "application/dots+cbor"
{ {
skipping to change at page 18, line 25 skipping to change at page 18, line 25
"telemetry": [ "telemetry": [
{ {
"current-config": { "current-config": {
"server-originated-telemetry": true "server-originated-telemetry": true
} }
} }
] ]
} }
} }
Figure 6: PUT to Enable Pre-mitigation Telemetry from the DOTS server Figure 6: PUT to Enable Pre-or-ongoing-mitigation Telemetry from the
DOTS server
6.1.3. Retrieve Installed DOTS Telemetry Configuration 6.1.3. Retrieve Installed DOTS Telemetry Configuration
A DOTS client may issue a GET message with 'tsid' Uri-Path parameter A DOTS client may issue a GET message with 'tsid' Uri-Path parameter
to retrieve the current DOTS telemetry configuration. An example of to retrieve the current DOTS telemetry configuration. An example of
such request is depicted in Figure 7. such request is depicted in Figure 7.
Header: GET (Code=0.01) Header: GET (Code=0.01)
Uri-Path: ".well-known" Uri-Path: ".well-known"
Uri-Path: "dots" Uri-Path: "dots"
skipping to change at page 19, line 47 skipping to change at page 19, line 47
| +--:(telemetry-config) | +--:(telemetry-config)
| | ... | | ...
| +--:(pipe) | +--:(pipe)
| | +--rw total-pipe-capacity* [link-id unit] | | +--rw total-pipe-capacity* [link-id unit]
| | +--rw link-id nt:link-id | | +--rw link-id nt:link-id
| | +--rw capacity uint64 | | +--rw capacity uint64
| | +--rw unit unit | | +--rw unit unit
| +--:(baseline) | +--:(baseline)
| ... | ...
+--:(telemetry) {dots-telemetry}? +--:(telemetry) {dots-telemetry}?
+--rw pre-mitigation* [cuid tmid] +--rw pre-or-ongoing-mitigation* [cuid tmid]
... ...
Figure 9: Pipe Tree Structure Figure 9: Pipe Tree Structure
A DOTS client domain pipe is defined as a list of limits of A DOTS client domain pipe is defined as a list of limits of
(incoming) traffic volume (total-pipe-capacity") that can be (incoming) traffic volume (total-pipe-capacity") that can be
forwarded over ingress interconnection links of a DOTS client domain. forwarded over ingress interconnection links of a DOTS client domain.
Each of these links is identified with a "link-id" [RFC8345]. Each of these links is identified with a "link-id" [RFC8345].
This limit can be expressed in packets per second (PPS) or kilo This limit can be expressed in packets per second (PPS) or kilo
skipping to change at page 27, line 48 skipping to change at page 27, line 48
| +--rw connection-client? uint64 | +--rw connection-client? uint64
| +--rw embryonic? uint64 | +--rw embryonic? uint64
| +--rw embryonic-client? uint64 | +--rw embryonic-client? uint64
| +--rw connection-ps? uint64 | +--rw connection-ps? uint64
| +--rw connection-client-ps? uint64 | +--rw connection-client-ps? uint64
| +--rw request-ps? uint64 | +--rw request-ps? uint64
| +--rw request-client-ps? uint64 | +--rw request-client-ps? uint64
| +--rw partial-request-ps? uint64 | +--rw partial-request-ps? uint64
| +--rw partial-request-client-ps? uint64 | +--rw partial-request-client-ps? uint64
+--:(telemetry) {dots-telemetry}? +--:(telemetry) {dots-telemetry}?
+--rw pre-mitigation* [cuid tmid] +--rw pre-or-ongoing-mitigation* [cuid tmid]
... ...
Figure 18: Telemetry Baseline Tree Structure Figure 18: Telemetry Baseline Tree Structure
6.3.1. Convey DOTS Client Domain Baseline Information 6.3.1. Convey DOTS Client Domain Baseline Information
Similar considerations to those specified in Section 6.1.2 are Similar considerations to those specified in Section 6.1.2 are
followed with one exception: followed with one exception:
The relative order of two PUT requests carrying DOTS client domain The relative order of two PUT requests carrying DOTS client domain
skipping to change at page 30, line 29 skipping to change at page 30, line 29
client domain. 'conflict-information' is used to report the conflict client domain. 'conflict-information' is used to report the conflict
to the DOTS client following similar conflict handling discussed in to the DOTS client following similar conflict handling discussed in
Section 4.4.1 of [I-D.ietf-dots-signal-channel]. The conflict cause Section 4.4.1 of [I-D.ietf-dots-signal-channel]. The conflict cause
can be set to one of these values: can be set to one of these values:
1: Overlapping targets (already defined in 1: Overlapping targets (already defined in
[I-D.ietf-dots-signal-channel]). [I-D.ietf-dots-signal-channel]).
TBA: Overlapping pipe scope (see Section 11). TBA: Overlapping pipe scope (see Section 11).
7. DOTS Pre-mitigation Telemetry 7. DOTS Pre-or-Ongoing Mitigation Telemetry
There are two broad types of DDoS attacks, one is bandwidth consuming There are two broad types of DDoS attacks, one is bandwidth consuming
attack, the other is target resource consuming attack. This section attack, the other is target resource consuming attack. This section
outlines the set of DOTS telemetry attributes (Section 7.1) that outlines the set of DOTS telemetry attributes (Section 7.1) that
covers both the types of attacks. The ultimate objective of these covers both the types of attacks. The ultimate objective of these
attributes is to allow for the complete knowledge of attacks and the attributes is to allow for the complete knowledge of attacks and the
various particulars that can best characterize attacks. various particulars that can best characterize attacks.
The "ietf-dots-telemetry" YANG module (Section 9) augments the "ietf- The "ietf-dots-telemetry" YANG module (Section 9) augments the "ietf-
dots-signal" with a new message type called "telemetry". The tree dots-signal" with a new message type called "telemetry". The tree
structure of the "telemetry" message type is shown Figure 23. structure of the "telemetry" message type is shown Figure 23.
The pre-mitigation telemetry attributes are indicated by the path- The pre-or-ongoing-mitigation telemetry attributes are indicated by
suffix '/tm'. The '/tm' is appended to the path-prefix to form the the path-suffix '/tm'. The '/tm' is appended to the path-prefix to
URI used with a CoAP request to signal the DOTS telemetry. Pre- form the URI used with a CoAP request to signal the DOTS telemetry.
mitigation telemetry attributes specified in Section 7.1 can be Pre-or-ongoing-mitigation telemetry attributes specified in
signaled between DOTS agents. Section 7.1 can be signaled between DOTS agents.
Pre-mitigation telemetry attributes may be sent by a DOTS client or a Pre-or-ongoing-mitigation telemetry attributes may be sent by a DOTS
DOTS server. client or a DOTS server.
DOTS agents MUST bind pre-mitigation telemetry data with mitigation DOTS agents SHOULD bind pre-or-ongoing-mitigation telemetry data with
requests relying upon the target clause. In particular, a telemetry mitigation requests relying upon the target clause. In particular, a
PUT request sent after a mitigation request may include a reference telemetry PUT request sent after a mitigation request may include a
to that mitigation request ('mid-list') as shown in Figure 21. An reference to that mitigation request ('mid-list') as shown in
example illustrating requests correlation by means of 'target-prefix' Figure 21. An example illustrating requests correlation by means of
is shown in Figure 22. 'target-prefix' is shown in Figure 22.
When generating telemetry data to send to a peer, the DOTS agent must
auto-scale so that appropriate unit(s) are used.
+-----------+ +-----------+ +-----------+ +-----------+
|DOTS client| |DOTS server| |DOTS client| |DOTS server|
+-----------+ +-----------+ +-----------+ +-----------+
| | | |
|=========Mitigation Request (mid)=====================>| |=========Mitigation Request (mid)=====================>|
| | | |
|====Pre-mitigation Telemetry (mid-list{mid})==========>| |================ Telemetry (mid-list{mid})============>|
| | | |
Figure 21: Example of Request Correlation using 'mid' Figure 21: Example of Request Correlation using 'mid'
+-----------+ +-----------+ +-----------+ +-----------+
|DOTS client| |DOTS server| |DOTS client| |DOTS server|
+-----------+ +-----------+ +-----------+ +-----------+
| | | |
|<======Pre-mitigation Telemetry (target-prefix)========| |<=============== Telemetry (target-prefix)=============|
| | | |
|=========Mitigation Request (target-prefix)===========>| |=========Mitigation Request (target-prefix)===========>|
| | | |
Figure 22: Example of Request Correlation using Target Prefix Figure 22: Example of Request Correlation using Target Prefix
DOTS agents MUST NOT sent pre-mitigation telemetry messages to the DOTS agents MUST NOT sent pre-or-ongoing-mitigation telemetry
same peer more frequently than once every 'telemetry-notify-interval' messages to the same peer more frequently than once every 'telemetry-
(Section 6.1). notify-interval' (Section 6.1).
DOTS pre-mitigation telemetry request and response messages MUST be DOTS pre-or-ongoing-mitigation telemetry request and response
marked as Non-Confirmable messages. messages MUST be marked as Non-Confirmable messages.
augment /ietf-signal:dots-signal/ietf-signal:message-type: augment /ietf-signal:dots-signal/ietf-signal:message-type:
+--:(telemetry-setup) {dots-telemetry}? +--:(telemetry-setup) {dots-telemetry}?
| +--rw telemetry* [cuid tsid] | +--rw telemetry* [cuid tsid]
| ... | ...
+--:(telemetry) {dots-telemetry}? +--:(telemetry) {dots-telemetry}?
+--rw pre-mitigation* [cuid tmid] +--rw pre-or-ongoing-mitigation* [cuid tmid]
+--rw cuid string +--rw cuid string
+--rw cdid? string +--rw cdid? string
+--rw tmid uint32 +--rw tmid uint32
+--rw target +--rw target
| ... | ...
+--rw total-traffic* [unit protocol] +--rw total-traffic* [unit protocol]
| ... | ...
+--rw total-attack-traffic* [unit protocol] +--rw total-attack-traffic* [unit protocol]
| ... | ...
+--rw total-attack-connection +--rw total-attack-connection
| ... | ...
+--rw attack-detail +--rw attack-detail
... ...
Figure 23: Telemetry Message Type Tree Structure Figure 23: Telemetry Message Type Tree Structure
7.1. Pre-mitigation DOTS Telemetry Attributes 7.1. Pre-or-Ongoing-Mitigation DOTS Telemetry Attributes
The description and motivation behind each attribute are presented in The description and motivation behind each attribute are presented in
Section 3. DOTS telemetry attributes are optionally signaled and Section 3. DOTS telemetry attributes are optionally signaled and
therefore MUST NOT be treated as mandatory fields in the DOTS signal therefore MUST NOT be treated as mandatory fields in the DOTS signal
channel protocol. channel protocol.
7.1.1. Target 7.1.1. Target
A target resource (Figure 24) is identified using the attributes A target resource (Figure 24) is identified using the attributes
'target-prefix', 'target-port-range', 'target-protocol', 'target- 'target-prefix', 'target-port-range', 'target-protocol', 'target-
fqdn', 'target-uri', or 'alias-name' defined in the base DOTS signal fqdn', 'target-uri', or 'alias-name' defined in the base DOTS signal
channel protocol. channel protocol.
+--:(telemetry) {dots-telemetry}? +--:(telemetry) {dots-telemetry}?
+--rw pre-mitigation* [cuid tmid] +--rw pre-or-ongoing-mitigation* [cuid tmid]
+--rw cuid string +--rw cuid string
+--rw cdid? string +--rw cdid? string
+--rw tmid uint32 +--rw tmid uint32
+--rw target +--rw target
| +--rw target-prefix* inet:ip-prefix | +--rw target-prefix* inet:ip-prefix
| +--rw target-port-range* [lower-port] | +--rw target-port-range* [lower-port]
| | +--rw lower-port inet:port-number | | +--rw lower-port inet:port-number
| | +--rw upper-port? inet:port-number | | +--rw upper-port? inet:port-number
| +--rw target-protocol* uint8 | +--rw target-protocol* uint8
| +--rw target-fqdn* inet:domain-name | +--rw target-fqdn* inet:domain-name
skipping to change at page 33, line 32 skipping to change at page 33, line 32
+--rw total-attack-traffic* [unit protocol] +--rw total-attack-traffic* [unit protocol]
| ... | ...
+--rw total-attack-connection +--rw total-attack-connection
| ... | ...
+--rw attack-detail +--rw attack-detail
... ...
Figure 24: Target Tree Structure Figure 24: Target Tree Structure
At least one of the attributes 'target-prefix', 'target-fqdn', At least one of the attributes 'target-prefix', 'target-fqdn',
'target-uri', 'alias-name', or 'mid-lis' MUST be present in the 'target-uri', 'alias-name', or 'mid-list' MUST be present in the
attack details. target definition.
If the target is subjected to bandwidth consuming attack, the If the target is subjected to bandwidth consuming attack, the
attributes representing the percentile values of the 'attack-id' attributes representing the percentile values of the 'attack-id'
attack traffic are included. attack traffic are included.
If the target is subjected to resource consuming DDoS attacks, the If the target is subjected to resource consuming DDoS attacks, the
same attributes defined for Section 7.1.4 are applicable for same attributes defined for Section 7.1.4 are applicable for
representing the attack. representing the attack.
This is an optional sub-attribute. This is an optional sub-attribute.
7.1.2. Total Traffic 7.1.2. Total Traffic
This attribute (Figure 25) conveys the percentile values of total This attribute (Figure 25) conveys the percentile values of total
traffic observed during a DDoS attack. traffic observed during a DDoS attack.
The total traffic is represented for a target and is transport- The total traffic is represented for a target and is transport-
protocol specific. protocol specific.
+--:(telemetry) {dots-telemetry}? +--:(telemetry) {dots-telemetry}?
+--rw pre-mitigation* [cuid tmid] +--rw pre-or-ongoing-mitigation* [cuid tmid]
+--rw cuid string +--rw cuid string
+--rw cdid? string +--rw cdid? string
+--rw tmid uint32 +--rw tmid uint32
+--rw target +--rw target
| ... | ...
+--rw total-traffic* [unit protocol] +--rw total-traffic* [unit protocol]
| +--rw unit unit | +--rw unit unit
| +--rw protocol uint8 | +--rw protocol uint8
| +--rw low-percentile-g? yang:gauge64 | +--rw low-percentile-g? yang:gauge64
| +--rw mid-percentile-g? yang:gauge64 | +--rw mid-percentile-g? yang:gauge64
skipping to change at page 35, line 6 skipping to change at page 35, line 6
7.1.3. Total Attack Traffic 7.1.3. Total Attack Traffic
This attribute (Figure 26) conveys the total attack traffic This attribute (Figure 26) conveys the total attack traffic
identified by the DOTS client domain's DMS (or DDoS Detector). identified by the DOTS client domain's DMS (or DDoS Detector).
The total attack traffic is represented for a target and is The total attack traffic is represented for a target and is
transport-protocol specific. transport-protocol specific.
+--:(telemetry) {dots-telemetry}? +--:(telemetry) {dots-telemetry}?
+--rw pre-mitigation* [cuid tmid] +--rw pre-or-ongoing-mitigation* [cuid tmid]
+--rw cuid string +--rw cuid string
+--rw cdid? string +--rw cdid? string
+--rw tmid uint32 +--rw tmid uint32
+--rw target +--rw target
| ... | ...
+--rw total-traffic* [unit protocol] +--rw total-traffic* [unit protocol]
| ... | ...
+--rw total-attack-traffic* [unit protocol] +--rw total-attack-traffic* [unit protocol]
| +--rw unit unit | +--rw unit unit
| +--rw protocol uint8 | +--rw protocol uint8
skipping to change at page 36, line 6 skipping to change at page 36, line 6
connections. The following optional sub-attributes for the target connections. The following optional sub-attributes for the target
per transport-protocol are included to represent the attack per transport-protocol are included to represent the attack
characteristics: characteristics:
o The number of simultaneous attack connections to the target. o The number of simultaneous attack connections to the target.
o The number of simultaneous embryonic connections to the target. o The number of simultaneous embryonic connections to the target.
o The number of attack connections per second to the target. o The number of attack connections per second to the target.
o The number of attack requests to the target. o The number of attack requests to the target.
+--:(telemetry) {dots-telemetry}? +--:(telemetry) {dots-telemetry}?
+--rw pre-mitigation* [cuid tmid] +--rw pre-or-ongoing-mitigation* [cuid tmid]
+--rw cuid string +--rw cuid string
+--rw cdid? string +--rw cdid? string
+--rw tmid uint32 +--rw tmid uint32
+--rw target +--rw target
| ... | ...
+--rw total-traffic* [unit protocol] +--rw total-traffic* [unit protocol]
| ... | ...
+--rw total-attack-traffic* [unit protocol] +--rw total-attack-traffic* [unit protocol]
| ... | ...
+--rw total-attack-connection +--rw total-attack-connection
skipping to change at page 37, line 36 skipping to change at page 37, line 36
start-time: The time the attack started. The attack's start time is start-time: The time the attack started. The attack's start time is
expressed in seconds relative to 1970-01-01T00:00Z in UTC time expressed in seconds relative to 1970-01-01T00:00Z in UTC time
(Section 2.4.1 of [RFC7049]). The CBOR encoding is modified so (Section 2.4.1 of [RFC7049]). The CBOR encoding is modified so
that the leading tag 1 (epoch-based date/time) MUST be omitted. that the leading tag 1 (epoch-based date/time) MUST be omitted.
end-time: The time the attack-id attack ended. The attack end time end-time: The time the attack-id attack ended. The attack end time
is expressed in seconds relative to 1970-01-01T00:00Z in UTC time is expressed in seconds relative to 1970-01-01T00:00Z in UTC time
(Section 2.4.1 of [RFC7049]). The CBOR encoding is modified so (Section 2.4.1 of [RFC7049]). The CBOR encoding is modified so
that the leading tag 1 (epoch-based date/time) MUST be omitted. that the leading tag 1 (epoch-based date/time) MUST be omitted.
Source-count: A count of sources involved in the attack targeting source-count: A count of sources involved in the attack targeting
the victim. the victim.
Top-talkers: A list of top talkers among attack sources. The top top-talkers: A list of top talkers among attack sources. The top
talkers are represented using the 'source-prefix' defined in talkers are represented using the 'source-prefix'.
[I-D.ietf-dots-signal-call-home].
'spoofed-status' is used whether a top talker is a spoofed IP 'spoofed-status' is used whether a top talker is a spoofed IP
address (e.g., reflection attacks) or not. address (e.g., reflection attacks) or not.
If the target is subjected to bandwidth consuming attack, the If the target is subjected to bandwidth consuming attack, the
attack traffic from each of the top talkers is included ('total- attack traffic from each of the top talkers is included ('total-
attack-traffic', Section 7.1.3). attack-traffic', Section 7.1.3).
If the target is subjected to resource consuming DDoS attacks, the If the target is subjected to resource consuming DDoS attacks, the
same attributes defined for Section 7.1.4 are applicable for same attributes defined for Section 7.1.4 are applicable for
representing the attack per talker. representing the attack per talker.
+--:(telemetry) {dots-telemetry}? +--:(telemetry) {dots-telemetry}?
+--rw pre-mitigation* [cuid tmid] +--rw pre-or-ongoing-mitigation* [cuid tmid]
+--rw cuid string +--rw cuid string
+--rw cdid? string +--rw cdid? string
+--rw tmid uint32 +--rw tmid uint32
+--rw target +--rw target
| ... | ...
+--rw total-traffic* [unit protocol] +--rw total-traffic* [unit protocol]
| ... | ...
+--rw total-attack-traffic* [unit protocol] +--rw total-attack-traffic* [unit protocol]
| ... | ...
+--rw total-attack-connection +--rw total-attack-connection
skipping to change at page 38, line 34 skipping to change at page 38, line 34
+--rw end-time? uint64 +--rw end-time? uint64
+--rw source-count +--rw source-count
| +--rw low-percentile-g? yang:gauge64 | +--rw low-percentile-g? yang:gauge64
| +--rw mid-percentile-g? yang:gauge64 | +--rw mid-percentile-g? yang:gauge64
| +--rw high-percentile-g? yang:gauge64 | +--rw high-percentile-g? yang:gauge64
| +--rw peak-g? yang:gauge64 | +--rw peak-g? yang:gauge64
+--rw top-talker +--rw top-talker
+--rw talker* [source-prefix] +--rw talker* [source-prefix]
+--rw spoofed-status? boolean +--rw spoofed-status? boolean
+--rw source-prefix inet:ip-prefix +--rw source-prefix inet:ip-prefix
+--rw source-port-range* [lower-port]
| +--rw lower-port inet:port-number
| +--rw upper-port? inet:port-number
+--rw source-icmp-type-range* [lower-type]
| +--rw lower-type uint8
| +--rw upper-type? uint8
+--rw total-attack-traffic* [unit] +--rw total-attack-traffic* [unit]
| +--rw unit unit | +--rw unit unit
| +--rw low-percentile-g? yang:gauge64 | +--rw low-percentile-g? yang:gauge64
| +--rw mid-percentile-g? yang:gauge64 | +--rw mid-percentile-g? yang:gauge64
| +--rw high-percentile-g? yang:gauge64 | +--rw high-percentile-g? yang:gauge64
| +--rw peak-g? yang:gauge64 | +--rw peak-g? yang:gauge64
+--rw total-attack-connection +--rw total-attack-connection
+--rw low-percentile-l* [protocol] +--rw low-percentile-l* [protocol]
| ... | ...
+--rw mid-percentile-l* [protocol] +--rw mid-percentile-l* [protocol]
skipping to change at page 38, line 47 skipping to change at page 39, line 4
| +--rw mid-percentile-g? yang:gauge64 | +--rw mid-percentile-g? yang:gauge64
| +--rw high-percentile-g? yang:gauge64 | +--rw high-percentile-g? yang:gauge64
| +--rw peak-g? yang:gauge64 | +--rw peak-g? yang:gauge64
+--rw total-attack-connection +--rw total-attack-connection
+--rw low-percentile-l* [protocol] +--rw low-percentile-l* [protocol]
| ... | ...
+--rw mid-percentile-l* [protocol] +--rw mid-percentile-l* [protocol]
| ... | ...
+--rw high-percentile-l* [protocol] +--rw high-percentile-l* [protocol]
| ... | ...
+--rw peak-l* [protocol] +--rw peak-l* [protocol]
... ...
Figure 28: Attack Detail Tree Structure Figure 28: Attack Detail Tree Structure
7.2. From DOTS Clients to DOTS Servers 7.2. From DOTS Clients to DOTS Servers
DOTS clients uses PUT request to signal pre-mitigation telemetry to DOTS clients uses PUT request to signal pre-or-ongoing-mitigation
DOTS servers. An example of such request is shown in Figure 29. telemetry to DOTS servers. An example of such request is shown in
Figure 29.
Header: PUT (Code=0.03) Header: PUT (Code=0.03)
Uri-Path: ".well-known" Uri-Path: ".well-known"
Uri-Path: "dots" Uri-Path: "dots"
Uri-Path: "tm" Uri-Path: "tm"
Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw" Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw"
Uri-Path: "tmid=123" Uri-Path: "tmid=123"
Content-Format: "application/dots+cbor" Content-Format: "application/dots+cbor"
{ {
"ietf-dots-telemetry:telemetry": { "ietf-dots-telemetry:telemetry": {
"target": [ "pre-or-ongoing-mitigation": {
{ "target": {
"target-prefix": [ {
"2001:db8::1/128" "target-prefix": [
] "2001:db8::1/128"
"total-attack-traffic": [ ]
{ "total-attack-traffic": [
"protocol": 17, {
"unit": "megabytes-ps", "protocol": 17,
"mid-percentile-g": "900" "unit": "megabytes-ps",
"mid-percentile-g": "900"
}
],
"attack-detail": {
"start-time": "1957811234",
"attack-severity": "emergency"
} }
],
"attack-detail": {
"start-time": "1957811234",
"attack-severity": "emergency"
} }
} }
] }
} }
} }
Figure 29: PUT to Send Pre-Mitigation Telemetry Figure 29: PUT to Send Pre-or-Ongoing-Mitigation Telemetry
'cuid' is a mandatory Uri-Path parameter for PUT requests. 'cuid' is a mandatory Uri-Path parameter for PUT requests.
The following additional Uri-Path parameter is defined: The following additional Uri-Path parameter is defined:
tmid: Telemetry Identifier is an identifier for the DOTS pre- tmid: Telemetry Identifier is an identifier for the DOTS pre-or-
mitigation telemetry data represented as an integer. This ongoing-mitigation telemetry data represented as an integer.
identifier MUST be generated by DOTS clients. 'tsid' values MUST This identifier MUST be generated by DOTS clients. 'tsid' values
increase monotonically (when a new PUT is generated by a DOTS MUST increase monotonically (when a new PUT is generated by a
client to convey pre-mitigation telemetry). DOTS client to convey pre-or-ongoing-mitigation telemetry).
This is a mandatory attribute. This is a mandatory attribute.
At least 'target' attribute and another pre-mitigation attributes At least 'target' attribute and another pre-or-ongoing-mitigation
(Section 7.1) MUST be present in the PUT request. If only the attributes (Section 7.1) MUST be present in the PUT request. If only
'target' attribute is present, this request is handled as per the 'target' attribute is present, this request is handled as per
Section 7.3. Section 7.3.
The relative order of two PUT requests carrying DOTS pre-mitigation The relative order of two PUT requests carrying DOTS pre-or-ongoing-
telemetry from a DOTS client is determined by comparing their mitigation telemetry from a DOTS client is determined by comparing
respective 'tmid' values. If such two requests have overlapping their respective 'tmid' values. If such two requests have
'target', the PUT request with higher numeric 'tmid' value will overlapping 'target', the PUT request with higher numeric 'tmid'
override the request with a lower numeric 'tmid' value. The value will override the request with a lower numeric 'tmid' value.
overlapped lower numeric 'tmid' MUST be automatically deleted and no The overlapped lower numeric 'tmid' MUST be automatically deleted and
longer be available. no longer be available.
The DOTS server indicates the result of processing a PUT request The DOTS server indicates the result of processing a PUT request
using CoAP response codes. The response code 2.04 (Changed) is using CoAP response codes. The response code 2.04 (Changed) is
returned if the DOTS server has accepted the pre-mitigation returned if the DOTS server has accepted the pre-or-ongoing-
telemetry. The error response code 5.03 (Service Unavailable) is mitigation telemetry. The error response code 5.03 (Service
returned if the DOTS server has erred . 5.03 uses Max-Age option to Unavailable) is returned if the DOTS server has erred. 5.03 uses Max-
indicate the number of seconds after which to retry. Age option to indicate the number of seconds after which to retry.
7.3. From DOTS Servers to DOTS Client How long a DOTS server maintains a 'tmid' as active or logs the
enclosed telemetry information is implementation-specific. Note that
if a 'tmid' is still active, then logging details are updated by the
DOTS server as a function of the updates received from the peer DOTS
client.
The pre-mitigation (attack details, in particular) can also be A DOTS client that lost the state of its active 'tmids' or has to set
signaled from DOTS servers to DOTS clients. For example, the DOTS 'tmid' back to zero (e.g., crash or restart) MUST send a GET request
server co-located with a DDoS detector collects monitoring to the DOTS server to retrieve the list of active 'tmid'. The DOTS
client may then delete 'tmids' that should not be active anymore.
7.3. From DOTS Servers to DOTS Clients
The pre-or-ongoing-mitigation (attack details, in particular) can
also be signaled from DOTS servers to DOTS clients. For example, the
DOTS server co-located with a DDoS detector collects monitoring
information from the target network, identifies DDoS attack using information from the target network, identifies DDoS attack using
statistical analysis or deep learning techniques, and signals the statistical analysis or deep learning techniques, and signals the
attack details to the DOTS client. attack details to the DOTS client.
The DOTS client can use the attack details to decide whether to The DOTS client can use the attack details to decide whether to
trigger a DOTS mitigation request or not. Furthermore, the security trigger a DOTS mitigation request or not. Furthermore, the security
operation personnel at the DOTS client domain can use the attack operation personnel at the DOTS client domain can use the attack
details to determine the protection strategy and select the details to determine the protection strategy and select the
appropriate DOTS server for mitigating the attack. appropriate DOTS server for mitigating the attack.
In order to receive pre-mitigation telemetry notifications from a In order to receive pre-or-ongoing-mitigation telemetry notifications
DOTS server, a DOTS client MUST send a PUT (followed by a GET) with from a DOTS server, a DOTS client MUST send a PUT (followed by a GET)
the target filter. An example of such PUT request is shown in with the target filter. An example of such PUT request is shown in
Figure 30. In order to avoid maintaining a long list of such Figure 30. In order to avoid maintaining a long list of such
requests, it is RECOMMENDED that DOTS clients include all targets in requests, it is RECOMMENDED that DOTS clients include all targets in
the same request. DOTS servers may be instructed to restrict the the same request. DOTS servers may be instructed to restrict the
number of pre-mitigation requests per DOTS client domain. number of pre-or-ongoing-mitigation requests per DOTS client domain.
Header: PUT (Code=0.03) Header: PUT (Code=0.03)
Uri-Path: ".well-known" Uri-Path: ".well-known"
Uri-Path: "dots" Uri-Path: "dots"
Uri-Path: "tm" Uri-Path: "tm"
Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw" Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw"
Uri-Path: "tmid=123" Uri-Path: "tmid=123"
Content-Format: "application/dots+cbor" Content-Format: "application/dots+cbor"
{ {
"ietf-dots-telemetry:telemetry": { "ietf-dots-telemetry:telemetry": {
"target": { "pre-or-ongoing-mitigation": {
{ "target": {
"target-prefix": [ {
"2001:db8::/32" "target-prefix": [
] "2001:db8::/32"
]
}
} }
} }
} }
} }
Figure 30: PUT to Request Pre-Mitigation Telemetry Figure 30: PUT to Request Pre-or-Ongoing-Mitigation Telemetry
DOTS clients of the same domain can request to receive pre-mitigation DOTS clients of the same domain can request to receive pre-or-
telemetry bound to the same target. ongoing-mitigation telemetry bound to the same target.
The DOTS client conveys the Observe Option set to '0' in the GET The DOTS client conveys the Observe Option set to '0' in the GET
request to receive asynchronous notifications carrying pre-mitigation request to receive asynchronous notifications carrying pre-or-
telemetry data from the DOTS server. The GET request specify a ongoing-mitigation telemetry data from the DOTS server. The GET
'tmid' (Figure 31) or not (Figure 32). request specify a 'tmid' (Figure 31) or not (Figure 32).
Header: GET (Code=0.01) Header: GET (Code=0.01)
Uri-Path: ".well-known" Uri-Path: ".well-known"
Uri-Path: "dots" Uri-Path: "dots"
Uri-Path: "tm" Uri-Path: "tm"
Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw" Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw"
Uri-Path: "tmid=123" Uri-Path: "tmid=123"
Observe: 0 Observe: 0
Figure 31: GET to Subscribe to Telemetry Asynchronous Notifications Figure 31: GET to Subscribe to Telemetry Asynchronous Notifications
skipping to change at page 42, line 18 skipping to change at page 42, line 29
Uri-Path: "tm" Uri-Path: "tm"
Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw" Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw"
Observe: 0 Observe: 0
Figure 32: GET to Subscribe to Telemetry Asynchronous Notifications Figure 32: GET to Subscribe to Telemetry Asynchronous Notifications
for All 'tmids' for All 'tmids'
The DOTS server will send asynchronous notifications to the DOTS The DOTS server will send asynchronous notifications to the DOTS
client when an event if following similar considerations as in client when an event if following similar considerations as in
Section 4.4.2.1 of [I-D.ietf-dots-signal-channel]. An example of a Section 4.4.2.1 of [I-D.ietf-dots-signal-channel]. An example of a
pre-mitugation telemetry notification is shown in Figure 33. pre-or-ongoing-mitigation telemetry notification is shown in
Figure 33.
{ {
"ietf-dots-telemetry:telemetry": { "ietf-dots-telemetry:telemetry": {
"target": [ "pre-or-ongoing-mitigation": {
{ "target": {
"tmid": 123, {
"target-prefix": [ "tmid": 123,
"2001:db8::1/128" "target-prefix": [
] "2001:db8::1/128"
"total-attack-traffic": [ ]
{ "total-attack-traffic": [
"protocol": 17, {
"unit": "megabytes-ps", "protocol": 17,
"mid-percentile-g": "900" "unit": "megabytes-ps",
"mid-percentile-g": "900"
}
],
"attack-detail": {
"start-time": "1957818434",
"attack-severity": "emergency"
} }
],
"attack-detail": {
"start-time": "1957818434",
"attack-severity": "emergency"
} }
} }
] }
} }
} }
Figure 33: Message Body of a Pre-mitigation Telemetry Notification Figure 33: Message Body of a Pre-or-Ongoing-Mitigation Telemetry
from the DOTS Server Notification from the DOTS Server
A DOTS server may aggregate pre-mitigation data (e.g., 'top-talkers') A DOTS server may aggregate pre-or-ongoing-mitigation data (e.g.,
for all targets of a domain, or when justified, send specific 'top-talkers') for all targets of a domain, or when justified, send
information (e.g., 'top-talkers') per individual targets. specific information (e.g., 'top-talkers') per individual targets.
The DOTS client may log pre-mitigation telemetry data with an alert The DOTS client may log pre-or-ongoing-mitigation telemetry data with
to an administrator or a network controller. The DOTS client may an alert sent to an administrator or a network controller. The DOTS
send a mitigation request if the attack cannot be handled locally. client may send a mitigation request if the attack cannot be handled
locally.
8. DOTS Telemetry Mitigation Status Update 8. DOTS Telemetry Mitigation Status Update
8.1. DOTS Client to Server Mitigation Efficacy DOTS Telemetry 8.1. DOTS Clients to Servers Mitigation Efficacy DOTS Telemetry
Attributes Attributes
The mitigation efficacy telemetry attributes can be signaled from The mitigation efficacy telemetry attributes can be signaled from
DOTS clients to DOTS servers as part of the periodic mitigation DOTS clients to DOTS servers as part of the periodic mitigation
efficacy updates to the server (Section 5.3.4 of efficacy updates to the server (Section 5.3.4 of
[I-D.ietf-dots-signal-channel]). [I-D.ietf-dots-signal-channel]).
Total Attack Traffic: The overall attack traffic as observed from Total Attack Traffic: The overall attack traffic as observed from
the DOTS client perspective during an active mitigation. See the DOTS client perspective during an active mitigation. See
Figure 26. Figure 26.
skipping to change at page 44, line 36 skipping to change at page 45, line 36
} }
] ]
} }
] ]
} }
} }
Figure 35: An Example of Mitigation Efficacy Update with Telemetry Figure 35: An Example of Mitigation Efficacy Update with Telemetry
Attributes Attributes
8.2. DOTS Server to Client Mitigation Status DOTS Telemetry Attributes 8.2. DOTS Servers to Clients Mitigation Status DOTS Telemetry
Attributes
The mitigation status telemetry attributes can be signaled from the The mitigation status telemetry attributes can be signaled from the
DOTS server to the DOTS client as part of the periodic mitigation DOTS server to the DOTS client as part of the periodic mitigation
status update (Section 5.3.3 of [I-D.ietf-dots-signal-channel]). In status update (Section 5.3.3 of [I-D.ietf-dots-signal-channel]). In
particular, DOTS clients can receive asynchronous notifications of particular, DOTS clients can receive asynchronous notifications of
the attack details from DOTS servers using the Observe option defined the attack details from DOTS servers using the Observe option defined
in [RFC7641]. in [RFC7641].
In order to make use of this feature, DOTS clients MUST establish a In order to make use of this feature, DOTS clients MUST establish a
telemetry setup session with the DOTS server in 'idle' time and MUST telemetry setup session with the DOTS server in 'idle' time and MUST
skipping to change at page 46, line 11 skipping to change at page 47, line 11
+--rw end-time? uint64 +--rw end-time? uint64
+--rw source-count +--rw source-count
| +--rw low-percentile-g? yang:gauge64 | +--rw low-percentile-g? yang:gauge64
| +--rw mid-percentile-g? yang:gauge64 | +--rw mid-percentile-g? yang:gauge64
| +--rw high-percentile-g? yang:gauge64 | +--rw high-percentile-g? yang:gauge64
| +--rw peak-g? yang:gauge64 | +--rw peak-g? yang:gauge64
+--rw top-talker +--rw top-talker
+--rw talker* [source-prefix] +--rw talker* [source-prefix]
+--rw spoofed-status? boolean +--rw spoofed-status? boolean
+--rw source-prefix inet:ip-prefix +--rw source-prefix inet:ip-prefix
+--rw source-port-range* [lower-port]
| +--rw lower-port inet:port-number
| +--rw upper-port? inet:port-number
+--rw source-icmp-type-range* [lower-type]
| +--rw lower-type uint8
| +--rw upper-type? uint8
+--rw total-attack-traffic* [unit] +--rw total-attack-traffic* [unit]
| +--rw unit unit | +--rw unit unit
| +--rw low-percentile-g? yang:gauge64 | +--rw low-percentile-g? yang:gauge64
| +--rw mid-percentile-g? yang:gauge64 | +--rw mid-percentile-g? yang:gauge64
| +--rw high-percentile-g? yang:gauge64 | +--rw high-percentile-g? yang:gauge64
| +--rw peak-g? yang:gauge64 | +--rw peak-g? yang:gauge64
+--rw total-attack-connection +--rw total-attack-connection
+--rw low-percentile-c +--rw low-percentile-c
| +--rw connection? yang:gauge64 | +--rw connection? yang:gauge64
| +--rw embryonic? yang:gauge64 | +--rw embryonic? yang:gauge64
skipping to change at page 47, line 43 skipping to change at page 48, line 43
} }
} }
Figure 36: Response Body of a Mitigation Status With Telemetry Figure 36: Response Body of a Mitigation Status With Telemetry
Attributes Attributes
9. YANG Module 9. YANG Module
This module uses types defined in [RFC6991] and [RFC8345]. This module uses types defined in [RFC6991] and [RFC8345].
<CODE BEGINS> file "ietf-dots-telemetry@2020-02-21.yang" <CODE BEGINS> file "ietf-dots-telemetry@2020-03-08.yang"
module ietf-dots-telemetry { module ietf-dots-telemetry {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-dots-telemetry"; namespace "urn:ietf:params:xml:ns:yang:ietf-dots-telemetry";
prefix dots-telemetry; prefix dots-telemetry;
import ietf-dots-signal-channel { import ietf-dots-signal-channel {
prefix ietf-signal; prefix ietf-signal;
reference reference
"RFC SSSS: Distributed Denial-of-Service Open Threat "RFC SSSS: Distributed Denial-of-Service Open Threat
Signaling (DOTS) Signal Channel Specification"; Signaling (DOTS) Signal Channel Specification";
skipping to change at page 49, line 10 skipping to change at page 50, line 10
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision 2020-02-21 { revision 2020-03-08 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: Distributed Denial-of-Service Open Threat "RFC XXXX: Distributed Denial-of-Service Open Threat
Signaling (DOTS) Telemetry"; Signaling (DOTS) Telemetry";
} }
feature dots-telemetry { feature dots-telemetry {
description description
"This feature means that the DOTS signal channel is able "This feature means that the DOTS signal channel is able
skipping to change at page 60, line 50 skipping to change at page 61, line 50
leaf spoofed-status { leaf spoofed-status {
type boolean; type boolean;
description description
"Indicates whether this address is spoofed."; "Indicates whether this address is spoofed.";
} }
leaf source-prefix { leaf source-prefix {
type inet:ip-prefix; type inet:ip-prefix;
description description
"IPv4 or IPv6 prefix identifying the attacker(s)."; "IPv4 or IPv6 prefix identifying the attacker(s).";
} }
list source-port-range {
key "lower-port";
description
"Port range. When only lower-port is
present, it represents a single port number.";
leaf lower-port {
type inet:port-number;
mandatory true;
description
"Lower port number of the port range.";
}
leaf upper-port {
type inet:port-number;
must ". >= ../lower-port" {
error-message
"The upper port number must be greater than
or equal to lower port number.";
}
description
"Upper port number of the port range.";
}
}
list source-icmp-type-range {
key "lower-type";
description
"ICMP type range. When only lower-type is
present, it represents a single ICMP type.";
leaf lower-type {
type uint8;
mandatory true;
description
"Lower ICMP type of the ICMP type range.";
}
leaf upper-type {
type uint8;
must ". >= ../lower-type" {
error-message
"The upper ICMP type must be greater than
or equal to lower ICMP type.";
}
description
"Upper type of the ICMP type range.";
}
}
list total-attack-traffic { list total-attack-traffic {
key "unit"; key "unit";
description description
"Total attack traffic issued from this source."; "Total attack traffic issued from this source.";
uses traffic-unit; uses traffic-unit;
} }
container total-attack-connection { container total-attack-connection {
description description
"Total attack connections issued from this source."; "Total attack connections issued from this source.";
uses connection-percentile; uses connection-percentile;
skipping to change at page 61, line 33 skipping to change at page 63, line 29
leaf spoofed-status { leaf spoofed-status {
type boolean; type boolean;
description description
"Indicates whether this address is spoofed."; "Indicates whether this address is spoofed.";
} }
leaf source-prefix { leaf source-prefix {
type inet:ip-prefix; type inet:ip-prefix;
description description
"IPv4 or IPv6 prefix identifying the attacker(s)."; "IPv4 or IPv6 prefix identifying the attacker(s).";
} }
list source-port-range {
key "lower-port";
description
"Port range. When only lower-port is
present, it represents a single port number.";
leaf lower-port {
type inet:port-number;
mandatory true;
description
"Lower port number of the port range.";
}
leaf upper-port {
type inet:port-number;
must ". >= ../lower-port" {
error-message
"The upper port number must be greater than
or equal to lower port number.";
}
description
"Upper port number of the port range.";
}
}
list source-icmp-type-range {
key "lower-type";
description
"ICMP type range. When only lower-type is
present, it represents a single ICMP type.";
leaf lower-type {
type uint8;
mandatory true;
description
"Lower ICMP type of the ICMP type range.";
}
leaf upper-type {
type uint8;
must ". >= ../lower-type" {
error-message
"The upper ICMP type must be greater than
or equal to lower ICMP type.";
}
description
"Upper type of the ICMP type range.";
}
}
list total-attack-traffic { list total-attack-traffic {
key "unit"; key "unit";
description description
"Total attack traffic issued from this source."; "Total attack traffic issued from this source.";
uses traffic-unit; uses traffic-unit;
} }
container total-attack-connection { container total-attack-connection {
description description
"Total attack connections issued from this source."; "Total attack connections issued from this source.";
uses connection-protocol-percentile; uses connection-protocol-percentile;
skipping to change at page 62, line 12 skipping to change at page 65, line 4
uses ietf-data:target; uses ietf-data:target;
leaf-list alias-name { leaf-list alias-name {
type string; type string;
description description
"An alias name that points to a resource."; "An alias name that points to a resource.";
} }
list total-traffic-normal-baseline { list total-traffic-normal-baseline {
key "unit protocol"; key "unit protocol";
description description
"Total traffic normal baselines."; "Total traffic normal baselines.";
uses traffic-unit-protocol; uses traffic-unit-protocol;
} }
list total-connection-capacity { list total-connection-capacity {
key "protocol"; key "protocol";
description description
"Total connection capacity."; "Total connection capacity.";
leaf protocol { leaf protocol {
type uint8; type uint8;
description description
"The transport protocol. "The transport protocol.
Values are taken from the IANA Protocol Numbers registry: Values are taken from the IANA Protocol Numbers registry:
<https://www.iana.org/assignments/protocol-numbers/>."; <https://www.iana.org/assignments/protocol-numbers/>.";
} }
uses total-connection-capacity; uses total-connection-capacity;
} }
} }
grouping pre-mitigation { grouping pre-or-ongoing-mitigation {
description description
"Grouping for the telemetry data."; "Grouping for the telemetry data.";
list total-traffic { list total-traffic {
key "unit protocol"; key "unit protocol";
description description
"Total traffic."; "Total traffic.";
uses traffic-unit-protocol; uses traffic-unit-protocol;
} }
list total-attack-traffic { list total-attack-traffic {
key "unit protocol"; key "unit protocol";
skipping to change at page 65, line 9 skipping to change at page 67, line 49
"Uses to set low, mid, and high percentile values."; "Uses to set low, mid, and high percentile values.";
container current-config { container current-config {
description description
"Current configuration values."; "Current configuration values.";
uses percentile-config; uses percentile-config;
uses unit-config; uses unit-config;
leaf server-originated-telemetry { leaf server-originated-telemetry {
type boolean; type boolean;
description description
"Used by a DOTS client to enable/disable whether it "Used by a DOTS client to enable/disable whether it
accepts pre-mitigation telemetry from the DOTS accepts pre-or-ongoing-mitigation telemetry from
server."; the DOTS server.";
} }
leaf telemetry-notify-interval { leaf telemetry-notify-interval {
type uint32 { type uint32 {
range "1 .. 3600"; range "1 .. 3600";
} }
units "seconds"; units "seconds";
description description
"Minimum number of seconds between successive "Minimum number of seconds between successive
telemetry notifications."; telemetry notifications.";
} }
skipping to change at page 65, line 32 skipping to change at page 68, line 23
container max-config-values { container max-config-values {
config false; config false;
description description
"Maximum acceptable configuration values."; "Maximum acceptable configuration values.";
uses percentile-config; uses percentile-config;
// Check if this is right place for indciating this capability // Check if this is right place for indciating this capability
leaf server-originated-telemetry { leaf server-originated-telemetry {
type boolean; type boolean;
description description
"Indicates whether the DOTS server can be instructed "Indicates whether the DOTS server can be instructed
to send pre-mitigation telemetry. If set to FALSE to send pre-or-ongoing-mitigation telemetry. If set to FALSE
or the attribute is not present, this is an indication or the attribute is not present, this is an indication
that the server does not support this capability."; that the server does not support this capability.";
} }
leaf telemetry-notify-interval { leaf telemetry-notify-interval {
type uint32 { type uint32 {
range "1 .. 3600"; range "1 .. 3600";
} }
units "seconds"; units "seconds";
description description
"Minimum number of seconds between successive "Minimum number of seconds between successive
skipping to change at page 67, line 22 skipping to change at page 70, line 13
} }
uses baseline; uses baseline;
} }
} }
} }
} }
} }
case telemetry { case telemetry {
description description
"Indicates the message is about telemetry."; "Indicates the message is about telemetry.";
list pre-mitigation { list pre-or-ongoing-mitigation {
key "cuid tmid"; key "cuid tmid";
description description
"Pre-mitigation telemetry per DOTS client."; "Pre-or-ongoing-mitigation telemetry per DOTS client.";
leaf cuid { leaf cuid {
type string; type string;
description description
"A unique identifier that is "A unique identifier that is
generated by a DOTS client to prevent generated by a DOTS client to prevent
request collisions. It is expected that the request collisions. It is expected that the
cuid will remain consistent throughout the cuid will remain consistent throughout the
lifetime of the DOTS client."; lifetime of the DOTS client.";
} }
leaf cdid { leaf cdid {
skipping to change at page 68, line 21 skipping to change at page 71, line 12
type string; type string;
description description
"An alias name that points to a resource."; "An alias name that points to a resource.";
} }
leaf-list mid-list { leaf-list mid-list {
type uint32; type uint32;
description description
"Reference a list of associated mitigation requests."; "Reference a list of associated mitigation requests.";
} }
} }
uses pre-mitigation; uses pre-or-ongoing-mitigation;
} }
} }
} }
} }
<CODE ENDS> <CODE ENDS>
10. YANG/JSON Mapping Parameters to CBOR 10. YANG/JSON Mapping Parameters to CBOR
All DOTS telemetry parameters in the payload of the DOTS signal All DOTS telemetry parameters in the payload of the DOTS signal
channel MUST be mapped to CBOR types as shown in the following table: channel MUST be mapped to CBOR types as shown in the following table:
o Some of these attributes should be prepended with "ietf-dots-
telemetry:"
o Implementers may use the values in: https://github.com/boucadair/ o Implementers may use the values in: https://github.com/boucadair/
draft-dots-telemetry/blob/master/mapping-table.txt draft-dots-telemetry/blob/master/mapping-table.txt
+----------------------+-------------+------+---------------+--------+ +----------------------+-------------+------+---------------+--------+
| Parameter Name | YANG | CBOR | CBOR Major | JSON | | Parameter Name | YANG | CBOR | CBOR Major | JSON |
| | Type | Key | Type & | Type | | | Type | Key | Type & | Type |
| | | | Information | | | | | | Information | |
+----------------------+-------------+------+---------------+--------+ +----------------------+-------------+------+---------------+--------+
| ietf-dots-telemetry: | | | | | | tsid | uint32 |TBA1 | 0 unsigned | Number |
| telemetry | container |TBA1 | 5 map | Object | | telemetry-config | container |TBA2 | 5 map | Object |
| tsid | uint32 |TBA2 | 0 unsigned | Number | | low-percentile | decimal64 |TBA3 | 6 tag 4 | |
| telemetry-config | container |TBA3 | 5 map | Object |
| low-percentile | decimal64 |TBA4 | 6 tag 4 | |
| | | | [-2, integer]| String | | | | | [-2, integer]| String |
| mid-percentile | decimal64 |TBA5 | 6 tag 4 | | | mid-percentile | decimal64 |TBA4 | 6 tag 4 | |
| | | | [-2, integer]| String | | | | | [-2, integer]| String |
| high-percentile | decimal64 |TBA6 | 6 tag 4 | | | high-percentile | decimal64 |TBA5 | 6 tag 4 | |
| | | | [-2, integer]| String | | | | | [-2, integer]| String |
| unit-config | list |TBA7 | 4 array | Array | | unit-config | list |TBA6 | 4 array | Array |
| unit | enumeration |TBA8 | 0 unsigned | String | | unit | enumeration |TBA7 | 0 unsigned | String |
| unit-status | boolean |TBA9 | 7 bits 20 | False | | unit-status | boolean |TBA8 | 7 bits 20 | False |
| | | | 7 bits 21 | True | | | | | 7 bits 21 | True |
| total-pipe-capability| list |TBA10 | 4 array | Array | | total-pipe-capability| list |TBA9 | 4 array | Array |
| pipe | uint64 |TBA11 | 0 unsigned | String | | pipe | uint64 |TBA10 | 0 unsigned | String |
| pre-mitigation | list |TBA12 | 4 array | Array | | pre-or-ongoing- | list |TBA11 | 4 array | Array |
| ietf-dots-telemetry: | | | | | | mitigation | | | | |
| telemetry-setup | container |TBA13 | 5 map | Object |
| total-traffic- | | | | | | total-traffic- | | | | |
| normal-baseline | list |TBA14 | 4 array | Array | | normal-baseline | list |TBA12 | 4 array | Array |
| low-percentile-g | yang:gauge64|TBA15 | 0 unsigned | String | | low-percentile-g | yang:gauge64|TBA13 | 0 unsigned | String |
| mid-percentile-g | yang:gauge64|TBA16 | 0 unsigned | String | | mid-percentile-g | yang:gauge64|TBA14 | 0 unsigned | String |
| high-percentile-g | yang:gauge64|TBA17 | 0 unsigned | String | | high-percentile-g | yang:gauge64|TBA15 | 0 unsigned | String |
| peak-g | yang:gauge64|TBA18 | 0 unsigned | String | | peak-g | yang:gauge64|TBA16 | 0 unsigned | String |
| total-attack-traffic | list |TBA19 | 4 array | Array | | total-attack-traffic | list |TBA17 | 4 array | Array |
| total-traffic | list |TBA20 | 4 array | Array | | total-traffic | list |TBA18 | 4 array | Array |
| total-connection- | | | | | | total-connection- | | | | |
| capacity | list |TBA21 | 4 array | Array | | capacity | list |TBA19 | 4 array | Array |
| connection | uint64 |TBA22 | 0 unsigned | String | | connection | uint64 |TBA20 | 0 unsigned | String |
| connection-client | uint64 |TBA23 | 0 unsigned | String | | connection-client | uint64 |TBA21 | 0 unsigned | String |
| embryonic | uint64 |TBA24 | 0 unsigned | String | | embryonic | uint64 |TBA22 | 0 unsigned | String |
| embryonic-client | uint64 |TBA25 | 0 unsigned | String | | embryonic-client | uint64 |TBA23 | 0 unsigned | String |
| connection-ps | uint64 |TBA26 | 0 unsigned | String | | connection-ps | uint64 |TBA24 | 0 unsigned | String |
| connection-client-ps | uint64 |TBA27 | 0 unsigned | String | | connection-client-ps | uint64 |TBA25 | 0 unsigned | String |
| request-ps | uint64 |TBA28 | 0 unsigned | String | | request-ps | uint64 |TBA26 | 0 unsigned | String |
| request-client-ps | uint64 |TBA29 | 0 unsigned | String | | request-client-ps | uint64 |TBA27 | 0 unsigned | String |
| partial-request-ps | uint64 |TBA30 | 0 unsigned | String | | partial-request-ps | uint64 |TBA28 | 0 unsigned | String |
| partial-request- | | | | | | partial-request- | | | | |
| client-ps | uint64 |TBA31 | 0 unsigned | String | | client-ps | uint64 |TBA29 | 0 unsigned | String |
| total-attack- | | | | | | total-attack- | | | | |
| connection | container |TBA32 | 5 map | Object | | connection | container |TBA30 | 5 map | Object |
| low-percentile-l | list |TBA33 | 4 array | Array | | low-percentile-l | list |TBA31 | 4 array | Array |
| mid-percentile-l | list |TBA34 | 4 array | Array | | mid-percentile-l | list |TBA32 | 4 array | Array |
| high-percentile-l | list |TBA35 | 4 array | Array | | high-percentile-l | list |TBA33 | 4 array | Array |
| peak-l | list |TBA36 | 4 array | Array | | peak-l | list |TBA34 | 4 array | Array |
| attack-detail | container |TBA37 | 5 map | Object | | attack-detail | container |TBA35 | 5 map | Object |
| id | uint32 |TBA38 | 0 unsigned | Number | | id | uint32 |TBA36 | 0 unsigned | Number |
| attack-id | string |TBA39 | 3 text string | String | | attack-id | string |TBA37 | 3 text string | String |
| attack-name | string |TBA40 | 3 text string | String | | attack-name | string |TBA38 | 3 text string | String |
| attack-severity | enumeration |TBA41 | 0 unsigned | String | | attack-severity | enumeration |TBA39 | 0 unsigned | String |
| start-time | uint64 |TBA42 | 0 unsigned | String | | start-time | uint64 |TBA40 | 0 unsigned | String |
| end-time | uint64 |TBA43 | 0 unsigned | String | | end-time | uint64 |TBA41 | 0 unsigned | String |
| source-count | container |TBA44 | 5 map | Object | | source-count | container |TBA42 | 5 map | Object |
| top-talker | container |TBA45 | 5 map | Object | | top-talker | container |TBA43 | 5 map | Object |
| spoofed-status | boolean |TBA46 | 7 bits 20 | False | | spoofed-status | boolean |TBA44 | 7 bits 20 | False |
| | | | 7 bits 21 | True | | | | | 7 bits 21 | True |
| low-percentile-c | container |TBA47 | 5 map | Object | | low-percentile-c | container |TBA45 | 5 map | Object |
| mid-percentile-c | container |TBA48 | 5 map | Object | | mid-percentile-c | container |TBA46 | 5 map | Object |
| high-percentile-c | container |TBA49 | 5 map | Object | | high-percentile-c | container |TBA47 | 5 map | Object |
| peak-c | container |TBA50 | 5 map | Object | | peak-c | container |TBA48 | 5 map | Object |
| baseline | container |TBA51 | 5 map | Object | | baseline | container |TBA49 | 5 map | Object |
| current-config | container |TBA52 | 5 map | Object | | current-config | container |TBA50 | 5 map | Object |
| max-config-values | container |TBA53 | 5 map | Object | | max-config-values | container |TBA51 | 5 map | Object |
| min-config-values | container |TBA54 | 5 map | Object | | min-config-values | container |TBA52 | 5 map | Object |
| supported-units | container |TBA55 | 5 map | Object | | supported-units | container |TBA53 | 5 map | Object |
| server-originated- | boolean |TBA56 | 7 bits 20 | False | | server-originated- | boolean |TBA54 | 7 bits 20 | False |
| telemetry | | | 7 bits 21 | True | | telemetry | | | 7 bits 21 | True |
| telemetry-notify- | uint32 |TBA57 | 0 unsigned | Number | | telemetry-notify- | uint32 |TBA55 | 0 unsigned | Number |
| interval | | | | | | interval | | | | |
| tmid | uint32 |TBA58 | 0 unsigned | Number | | tmid | uint32 |TBA56 | 0 unsigned | Number |
| measurement-interval | identityref |TBA59 | 0 unsigned | String | | measurement-interval | identityref |TBA57 | 0 unsigned | String |
| measurement-sample | identityref |TBA60 | 0 unsigned | String | | measurement-sample | identityref |TBA58 | 0 unsigned | String |
| talker | list |TBA59 | 4 array | Array |
| source-prefix | inet: |TBA60 | 3 text string | String |
| | ip-prefix | | | |
| mid-list | leaf-list |TBA61 | 4 array | Array |
| | uint32 | | 0 unsigned | Number |
| source-port-range | list |TBA62 | 4 array | Array |
| source-icmp-type- | list |TBA63 | 4 array | Array |
| range | | | | |
| lower-type | uint8 |TBA64 | 0 unsigned | Number |
| upper-type | uint8 |TBA65 | 0 unsigned | Number |
| target | container |TBA66 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| total-traffic | list |TBA61 | 4 array | Array | | telemetry | container |TBA67 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| unit | enumeration |TBA62 | 0 unsigned | String | | telemetry-setup | container |TBA68 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| low-percentile-g | yang:gauge64|TBA63 | 0 unsigned | String | | total-traffic | list |TBA69 | 4 array | Array |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| mid-percentile-g | yang:gauge64|TBA64 | 0 unsigned | String | | unit | enumeration |TBA70 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| high-percentile-g | yang:gauge64|TBA65 | 0 unsigned | String | | low-percentile-g | yang:gauge64|TBA71 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| peak-g | yang:gauge64|TBA66 | 0 unsigned | String | | mid-percentile-g | yang:gauge64|TBA72 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| total-attack-traffic | list |TBA67 | 4 array | Array | | high-percentile-g | yang:gauge64|TBA73 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| total-attack- | | | | | | peak-g | yang:gauge64|TBA74 | 0 unsigned | String |
| connection | container |TBA68 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| low-percentile-c | container |TBA69 | 5 map | Object | | total-attack-traffic | list |TBA75 | 4 array | Array |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| mid-percentile-c | container |TBA70 | 5 map | Object | | total-attack- | | | | |
| connection | container |TBA76 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| high-percentile-c | container |TBA71 | 5 map | Object | | low-percentile-c | container |TBA77 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| peak-c | container |TBA72 | 5 map | Object | | mid-percentile-c | container |TBA78 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| connection | uint64 |TBA73 | 0 unsigned | String | | high-percentile-c | container |TBA79 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| embryonic | uint64 |TBA74 | 0 unsigned | String | | peak-c | container |TBA80 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| connection-ps | uint64 |TBA75 | 0 unsigned | String | | connection | uint64 |TBA81 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| request-ps | uint64 |TBA76 | 0 unsigned | String | | embryonic | uint64 |TBA82 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| partial-request-ps | uint64 |TBA77 | 0 unsigned | String | | connection-ps | uint64 |TBA83 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| attack-detail | container |TBA78 | 5 map | Object | | request-ps | uint64 |TBA84 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| id | uint32 |TBA79 | 0 unsigned | Number | | partial-request-ps | uint64 |TBA85 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| attack-id | string |TBA80 | 3 text string | String | | attack-detail | container |TBA86 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| attack-name | string |TBA81 | 3 text string | String | | id | uint32 |TBA87 | 0 unsigned | Number |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| attack-severity | enumeration |TBA82 | 0 unsigned | String | | attack-id | string |TBA88 | 3 text string | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| start-time | uint64 |TBA83 | 0 unsigned | String | | attack-name | string |TBA89 | 3 text string | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| end-time | uint64 |TBA84 | 0 unsigned | String | | attack-severity | enumeration |TBA90 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| source-count | container |TBA85 | 5 map | Object | | start-time | uint64 |TBA91 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| top-talker | container |TBA86 | 5 map | Object | | end-time | uint64 |TBA92 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| spoofed-status | boolean |TBA87 | 7 bits 20 | False | | source-count | container |TBA93 | 5 map | Object |
| ietf-dots-telemetry: | | | | |
| top-talker | container |TBA94 | 5 map | Object |
| ietf-dots-telemetry: | | | | |
| spoofed-status | boolean |TBA95 | 7 bits 20 | False |
| | | | 7 bits 21 | True | | | | | 7 bits 21 | True |
| talker | list |TBA88 | 4 array | Array |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| talker | list |TBA89 | 4 array | Array | | talker | list |TBA96 | 4 array | Array |
| source-prefix | inet: |TBA90 | 3 text string | String | | ietf-dots-telemetry: | inet: |TBA97 | 3 text string | String |
| | ip-prefix | | | |
| ietf-dots-telemetry: | inet: |TBA91 | 3 text string | String |
| source-prefix | ip-prefix | | | | | source-prefix | ip-prefix | | | |
| mid-list | leaf-list |TBA92 | 4 array | Array | | ietf-dots-telemetry: | | | | |
| | uint32 | | 0 unsigned | Number | | source-port-range | list |TBA98 | 4 array | Array |
| ietf-dots-telemetry: | | | | |
| lower-port | inet: | | | |
| | port-number|TBA99 | 0 unsigned | Number |
| ietf-dots-telemetry: | | | | |
| upper-port | inet: | | | |
| | port-number|TBA100| 0 unsigned | Number |
| ietf-dots-telemetry: | | | | |
| source-icmp-type- | list |TBA101| 4 array | Array |
| range | | | | |
| ietf-dots-telemetry: | | | | |
| lower-type | uint8 |TBA102| 0 unsigned | Number |
| ietf-dots-telemetry: | | | | |
| upper-type | uint8 |TBA103| 0 unsigned | Number |
+----------------------+-------------+------+---------------+--------+ +----------------------+-------------+------+---------------+--------+
11. IANA Considerations 11. IANA Considerationsr
11.1. DOTS Signal Channel CBOR Key Values 11.1. DOTS Signal Channel CBOR Key Values
This specification registers the DOTS telemetry attributes in the This specification registers the DOTS telemetry attributes in the
IANA "DOTS Signal Channel CBOR Key Values" registry available at IANA "DOTS Signal Channel CBOR Key Values" registry available at
https://www.iana.org/assignments/dots/dots.xhtml#dots-signal-channel- https://www.iana.org/assignments/dots/dots.xhtml#dots-signal-channel-
cbor-key-values. cbor-key-values.
The DOTS telemetry attributes defined in this specification are The DOTS telemetry attributes defined in this specification are
comprehension-optional parameters. comprehension-optional parameters.
o Note to the RFC Editor: (1) CBOR keys are assigned from the o Note to the RFC Editor: (1) CBOR keys are assigned from the
32768-49151 range. (2) Please assign the following suggested 32768-49151 range. (2) Please assign the following suggested
values. values.
+----------------------+-------+-------+------------+---------------+ +----------------------+-------+-------+------------+---------------+
| Parameter Name | CBOR | CBOR | Change | Specification | | Parameter Name | CBOR | CBOR | Change | Specification |
| | Key | Major | Controller | Document(s) | | | Key | Major | Controller | Document(s) |
| | Value | Type | | | | | Value | Type | | |
+----------------------+-------+-------+------------+---------------+ +----------------------+-------+-------+------------+---------------+
| ietf-dots-telemetry: | TBA1 | 5 | IESG | [RFCXXXX] | | tsid | TBA1 | 0 | IESG | [RFCXXXX] |
| telemetry | | | | | | telemetry-config | TBA2 | 5 | IESG | [RFCXXXX] |
| tsid | TBA2 | 0 | IESG | [RFCXXXX] | | low-percentile | TBA3 | 6tag4 | IESG | [RFCXXXX] |
| telemetry-config | TBA3 | 5 | IESG | [RFCXXXX] | | mid-percentile | TBA4 | 6tag4 | IESG | [RFCXXXX] |
| low-percentile | TBA4 | 6tag4 | IESG | [RFCXXXX] | | high-percentile | TBA5 | 6tag4 | IESG | [RFCXXXX] |
| mid-percentile | TBA5 | 6tag4 | IESG | [RFCXXXX] | | unit-config | TBA6 | 4 | IESG | [RFCXXXX] |
| high-percentile | TBA6 | 6tag4 | IESG | [RFCXXXX] | | unit | TBA7 | 0 | IESG | [RFCXXXX] |
| unit-config | TBA7 | 4 | IESG | [RFCXXXX] | | unit-status | TBA8 | 7 | IESG | [RFCXXXX] |
| unit | TBA8 | 0 | IESG | [RFCXXXX] | | total-pipe-capability| TBA9 | 4 | IESG | [RFCXXXX] |
| unit-status | TBA9 | 7 | IESG | [RFCXXXX] | | pipe | TBA10 | 0 | IESG | [RFCXXXX] |
| total-pipe-capability| TBA10 | 4 | IESG | [RFCXXXX] | | pre-or-ongoing- | TBA11 | 4 | IESG | [RFCXXXX] |
| pipe | TBA11 | 0 | IESG | [RFCXXXX] | | mitigation | | | | |
| pre-mitigation | TBA12 | 4 | IESG | [RFCXXXX] | | total-traffic- | TBA12 | 4 | IESG | [RFCXXXX] |
| ietf-dots-telemetry: | TBA13 | 5 | IESG | [RFCXXXX] |
| telemetry-setup | | | | |
| total-traffic- | TBA14 | 4 | IESG | [RFCXXXX] |
| normal-baseline | | | | | | normal-baseline | | | | |
| low-percentile-g | TBA15 | 0 | IESG | [RFCXXXX] | | low-percentile-g | TBA13 | 0 | IESG | [RFCXXXX] |
| mid-percentile-g | TBA16 | 0 | IESG | [RFCXXXX] | | mid-percentile-g | TBA14 | 0 | IESG | [RFCXXXX] |
| high-percentile-g | TBA17 | 0 | IESG | [RFCXXXX] | | high-percentile-g | TBA15 | 0 | IESG | [RFCXXXX] |
| peak-g | TBA18 | 0 | IESG | [RFCXXXX] | | peak-g | TBA16 | 0 | IESG | [RFCXXXX] |
| total-attack-traffic | TBA19 | 4 | IESG | [RFCXXXX] | | total-attack-traffic | TBA17 | 4 | IESG | [RFCXXXX] |
| total-traffic | TBA20 | 4 | IESG | [RFCXXXX] | | total-traffic | TBA18 | 4 | IESG | [RFCXXXX] |
| total-connection- | TBA21 | 4 | IESG | [RFCXXXX] | | total-connection- | TBA19 | 4 | IESG | [RFCXXXX] |
| capacity | | | | | | capacity | | | | |
| connection | TBA22 | 0 | IESG | [RFCXXXX] | | connection | TBA20 | 0 | IESG | [RFCXXXX] |
| connection-client | TBA23 | 0 | IESG | [RFCXXXX] | | connection-client | TBA21 | 0 | IESG | [RFCXXXX] |
| embryonic | TBA24 | 0 | IESG | [RFCXXXX] | | embryonic | TBA22 | 0 | IESG | [RFCXXXX] |
| embryonic-client | TBA25 | 0 | IESG | [RFCXXXX] | | embryonic-client | TBA23 | 0 | IESG | [RFCXXXX] |
| connection-ps | TBA26 | 0 | IESG | [RFCXXXX] | | connection-ps | TBA24 | 0 | IESG | [RFCXXXX] |
| connection-client-ps | TBA27 | 0 | IESG | [RFCXXXX] | | connection-client-ps | TBA25 | 0 | IESG | [RFCXXXX] |
| request-ps | TBA28 | 0 | IESG | [RFCXXXX] | | request-ps | TBA26 | 0 | IESG | [RFCXXXX] |
| request-client-ps | TBA29 | 0 | IESG | [RFCXXXX] | | request-client-ps | TBA27 | 0 | IESG | [RFCXXXX] |
| partial-request-ps | TBA30 | 0 | IESG | [RFCXXXX] | | partial-request-ps | TBA28 | 0 | IESG | [RFCXXXX] |
| partial-request- | TBA31 | 0 | IESG | [RFCXXXX] | | partial-request- | TBA29 | 0 | IESG | [RFCXXXX] |
| client-ps | | | | | | client-ps | | | | |
| total-attack- | TBA32 | 5 | IESG | [RFCXXXX] | | total-attack- | TBA30 | 5 | IESG | [RFCXXXX] |
| connection | | | | | | connection | | | | |
| low-percentile-l | TBA33 | 4 | IESG | [RFCXXXX] | | low-percentile-l | TBA31 | 4 | IESG | [RFCXXXX] |
| mid-percentile-l | TBA34 | 4 | IESG | [RFCXXXX] | | mid-percentile-l | TBA32 | 4 | IESG | [RFCXXXX] |
| high-percentile-l | TBA35 | 4 | IESG | [RFCXXXX] | | high-percentile-l | TBA33 | 4 | IESG | [RFCXXXX] |
| peak-l | TBA36 | 4 | IESG | [RFCXXXX] | | peak-l | TBA34 | 4 | IESG | [RFCXXXX] |
| attack-detail | TBA37 | 5 | IESG | [RFCXXXX] | | attack-detail | TBA35 | 5 | IESG | [RFCXXXX] |
| id | TBA38 | 0 | IESG | [RFCXXXX] | | id | TBA36 | 0 | IESG | [RFCXXXX] |
| attack-id | TBA39 | 3 | IESG | [RFCXXXX] | | attack-id | TBA37 | 3 | IESG | [RFCXXXX] |
| attack-name | TBA40 | 3 | IESG | [RFCXXXX] | | attack-name | TBA38 | 3 | IESG | [RFCXXXX] |
| attack-severity | TBA41 | 0 | IESG | [RFCXXXX] | | attack-severity | TBA39 | 0 | IESG | [RFCXXXX] |
| start-time | TBA42 | 0 | IESG | [RFCXXXX] | | start-time | TBA40 | 0 | IESG | [RFCXXXX] |
| end-time | TBA43 | 0 | IESG | [RFCXXXX] | | end-time | TBA41 | 0 | IESG | [RFCXXXX] |
| source-count | TBA44 | 5 | IESG | [RFCXXXX] | | source-count | TBA42 | 5 | IESG | [RFCXXXX] |
| top-talker | TBA45 | 5 | IESG | [RFCXXXX] | | top-talker | TBA43 | 5 | IESG | [RFCXXXX] |
| spoofed-status | TBA46 | 7 | IESG | [RFCXXXX] | | spoofed-status | TBA44 | 7 | IESG | [RFCXXXX] |
| low-percentile-c | TBA47 | 5 | IESG | [RFCXXXX] | | low-percentile-c | TBA45 | 5 | IESG | [RFCXXXX] |
| mid-percentile-c | TBA48 | 5 | IESG | [RFCXXXX] | | mid-percentile-c | TBA46 | 5 | IESG | [RFCXXXX] |
| high-percentile-c | TBA49 | 5 | IESG | [RFCXXXX] | | high-percentile-c | TBA47 | 5 | IESG | [RFCXXXX] |
| peak-c | TBA50 | 5 | IESG | [RFCXXXX] | | peak-c | TBA48 | 5 | IESG | [RFCXXXX] |
| ietf-dots-signal-cha | TBA51 | 5 | IESG | [RFCXXXX] | | ietf-dots-signal-cha | TBA49 | 5 | IESG | [RFCXXXX] |
| current-config | TBA52 | 5 | IESG | [RFCXXXX] | | current-config | TBA50 | 5 | IESG | [RFCXXXX] |
| max-config-value | TBA53 | 5 | IESG | [RFCXXXX] | | max-config-value | TBA51 | 5 | IESG | [RFCXXXX] |
| min-config-values | TBA54 | 5 | IESG | [RFCXXXX] | | min-config-values | TBA52 | 5 | IESG | [RFCXXXX] |
| supported-units | TBA55 | 5 | IESG | [RFCXXXX] | | supported-units | TBA55 | 5 | IESG | [RFCXXXX] |
| server-originated- | TBA56 | 7 | IESG | [RFCXXXX] | | server-originated- | TBA54 | 7 | IESG | [RFCXXXX] |
| telemetry | | | | | | telemetry | | | | |
| telemetry-notify- | TBA57 | 0 | IESG | [RFCXXXX] | | telemetry-notify- | TBA55 | 0 | IESG | [RFCXXXX] |
| interval | | | | | | interval | | | | |
| tmid | TBA58 | 0 | IESG | [RFCXXXX] | | tmid | TBA56 | 0 | IESG | [RFCXXXX] |
| measurement-interval | TBA59 | 0 | IESG | [RFCXXXX] | | measurement-interval | TBA57 | 0 | IESG | [RFCXXXX] |
| measurement-sample | TBA60 | 0 | IESG | [RFCXXXX] | | measurement-sample | TBA58 | 0 | IESG | [RFCXXXX] |
| ietf-dots-telemetry: | TBA61 | 0 | IESG | [RFCXXXX] | | talker | TBA59 | 0 | IESG | [RFCXXXX] |
| source-prefix | TBA60 | 0 | IESG | [RFCXXXX] |
| mid-list | TBA61 | 4 | IESG | [RFCXXXX] |
| source-port-range | TBA62 | 4 | IESG | [RFCXXXX] |
| source-icmp-type- | TBA63 | 4 | IESG | [RFCXXXX] |
| lower-type | TBA64 | 0 | IESG | [RFCXXXX] |
| upper-type | TBA65 | 0 | IESG | [RFCXXXX] |
| target | TBA66 | 5 | IESG | [RFCXXXX] |
| ietf-dots-telemetry: | TBA67 | 5 | IESG | [RFCXXXX] |
| telemetry | | | | |
| ietf-dots-telemetry: | TBA68 | 5 | IESG | [RFCXXXX] |
| telemetry-setup | | | | |
| ietf-dots-telemetry: | TBA69 | 0 | IESG | [RFCXXXX] |
| total-traffic | | | | | | total-traffic | | | | |
| ietf-dots-telemetry: | TBA62 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA70 | 0 | IESG | [RFCXXXX] |
| unit | | | | | | unit | | | | |
| ietf-dots-telemetry: | TBA63 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA71 | 0 | IESG | [RFCXXXX] |
| low-percentile-g | | | | | | low-percentile-g | | | | |
| ietf-dots-telemetry: | TBA64 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA72 | 0 | IESG | [RFCXXXX] |
| mid-percentile-g | | | | | | mid-percentile-g | | | | |
| ietf-dots-telemetry: | TBA65 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA73 | 0 | IESG | [RFCXXXX] |
| high-percentile-g | | | | | | high-percentile-g | | | | |
| ietf-dots-telemetry: | TBA66 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA74 | 0 | IESG | [RFCXXXX] |
| peak-g | | | | | | peak-g | | | | |
| ietf-dots-telemetry: | TBA67 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA75 | 0 | IESG | [RFCXXXX] |
| total-attack-traffic | | | | | | total-attack-traffic | | | | |
| ietf-dots-telemetry: | TBA68 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA76 | 0 | IESG | [RFCXXXX] |
| total-attack- | | | | | | total-attack- | | | | |
| connection | | | | | | connection | | | | |
| ietf-dots-telemetry: | TBA69 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA77 | 0 | IESG | [RFCXXXX] |
| low-percentile-c | | | | | | low-percentile-c | | | | |
| ietf-dots-telemetry: | TBA70 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA78 | 0 | IESG | [RFCXXXX] |
| mid-percentile-c | | | | | | mid-percentile-c | | | | |
| ietf-dots-telemetry: | TBA71 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA79 | 0 | IESG | [RFCXXXX] |
| high-percentile-c | | | | | | high-percentile-c | | | | |
| ietf-dots-telemetry: | TBA72 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA80 | 0 | IESG | [RFCXXXX] |
| peak-c | | | | | | peak-c | | | | |
| ietf-dots-telemetry: | TBA73 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA81 | 0 | IESG | [RFCXXXX] |
| connection | | | | | | connection | | | | |
| ietf-dots-telemetry: | TBA74 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA82 | 0 | IESG | [RFCXXXX] |
| embryonic | | | | | | embryonic | | | | |
| ietf-dots-telemetry: | TBA75 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA83 | 0 | IESG | [RFCXXXX] |
| connection-ps | | | | | | connection-ps | | | | |
| ietf-dots-telemetry: | TBA76 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA84 | 0 | IESG | [RFCXXXX] |
| request-ps | | | | | | request-ps | | | | |
| ietf-dots-telemetry: | TBA77 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA85 | 0 | IESG | [RFCXXXX] |
| partial-request-ps | | | | | | partial-request-ps | | | | |
| ietf-dots-telemetry: | TBA78 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA86 | 0 | IESG | [RFCXXXX] |
| attack-detail | | | | | | attack-detail | | | | |
| ietf-dots-telemetry: | TBA79 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA87 | 0 | IESG | [RFCXXXX] |
| id | | | | | | id | | | | |
| ietf-dots-telemetry: | TBA80 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA88 | 0 | IESG | [RFCXXXX] |
| attack-id | | | | | | attack-id | | | | |
| ietf-dots-telemetry: | TBA81 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA89 | 0 | IESG | [RFCXXXX] |
| attack-name | | | | | | attack-name | | | | |
| ietf-dots-telemetry: | TBA82 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA90 | 0 | IESG | [RFCXXXX] |
| attack-severity | | | | | | attack-severity | | | | |
| ietf-dots-telemetry: | TBA83 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA91 | 0 | IESG | [RFCXXXX] |
| start-time | | | | | | start-time | | | | |
| ietf-dots-telemetry: | TBA84 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA92 | 0 | IESG | [RFCXXXX] |
| end-time | | | | | | end-time | | | | |
| ietf-dots-telemetry: | TBA85 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA93 | 0 | IESG | [RFCXXXX] |
| source-count | | | | | | source-count | | | | |
| ietf-dots-telemetry: | TBA86 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA94 | 0 | IESG | [RFCXXXX] |
| top-talker | | | | | | top-talker | | | | |
| ietf-dots-telemetry: | TBA87 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA95 | 0 | IESG | [RFCXXXX] |
| spoofed-status | | | | | | spoofed-status | | | | |
| talker | TBA88 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA96 | 0 | IESG | [RFCXXXX] |
| ietf-dots-telemetry: | TBA89 | 0 | IESG | [RFCXXXX] |
| talker | | | | | | talker | | | | |
| source-prefix | TBA90 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA97 | 0 | IESG | [RFCXXXX] |
| ietf-dots-telemetry: | TBA91 | 0 | IESG | [RFCXXXX] |
| source-prefix | | | | | | source-prefix | | | | |
| mid-list | TBA92 | 4 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | | | | |
| source-port-range | TBA98 | 4 | IESG | [RFCXXXX] |
| ietf-dots-telemetry: | | | | |
| lower-port | TBA99 | 0 | IESG | [RFCXXXX] |
| ietf-dots-telemetry: | | | | |
| upper-port | TBA100| 0 | IESG | [RFCXXXX] |
| ietf-dots-telemetry: | | | | |
| source-icmp-type- | TBA101| 4 | IESG | [RFCXXXX] |
| range | | | | |
| ietf-dots-telemetry: | | | | |
| lower-type | TBA102| 0 | IESG | [RFCXXXX] |
| ietf-dots-telemetry: | | | | |
| upper-type | TBA103| 0 | IESG | [RFCXXXX] |
+----------------------+-------+-------+------------+---------------+ +----------------------+-------+-------+------------+---------------+
11.2. DOTS Signal Channel Conflict Cause Codes 11.2. DOTS Signal Channel Conflict Cause Codes
This specification requests IANA to assign a new code from the "DOTS This specification requests IANA to assign a new code from the "DOTS
Signal Channel Conflict Cause Codes" registry available at Signal Channel Conflict Cause Codes" registry available at
https://www.iana.org/assignments/dots/dots.xhtml#dots-signal-channel- https://www.iana.org/assignments/dots/dots.xhtml#dots-signal-channel-
conflict-cause-codes. conflict-cause-codes.
Code Label Description Reference Code Label Description Reference
skipping to change at page 76, line 32 skipping to change at page 80, line 8
[I-D.ietf-dots-data-channel] [I-D.ietf-dots-data-channel]
Boucadair, M. and T. Reddy.K, "Distributed Denial-of- Boucadair, M. and T. Reddy.K, "Distributed Denial-of-
Service Open Threat Signaling (DOTS) Data Channel Service Open Threat Signaling (DOTS) Data Channel
Specification", draft-ietf-dots-data-channel-31 (work in Specification", draft-ietf-dots-data-channel-31 (work in
progress), July 2019. progress), July 2019.
[I-D.ietf-dots-signal-call-home] [I-D.ietf-dots-signal-call-home]
Reddy.K, T., Boucadair, M., and J. Shallow, "Distributed Reddy.K, T., Boucadair, M., and J. Shallow, "Distributed
Denial-of-Service Open Threat Signaling (DOTS) Signal Denial-of-Service Open Threat Signaling (DOTS) Signal
Channel Call Home", draft-ietf-dots-signal-call-home-07 Channel Call Home", draft-ietf-dots-signal-call-home-08
(work in progress), November 2019. (work in progress), March 2020.
[I-D.ietf-dots-signal-channel] [I-D.ietf-dots-signal-channel]
Reddy.K, T., Boucadair, M., Patil, P., Mortensen, A., and Reddy.K, T., Boucadair, M., Patil, P., Mortensen, A., and
N. Teague, "Distributed Denial-of-Service Open Threat N. Teague, "Distributed Denial-of-Service Open Threat
Signaling (DOTS) Signal Channel Specification", draft- Signaling (DOTS) Signal Channel Specification", draft-
ietf-dots-signal-channel-41 (work in progress), January ietf-dots-signal-channel-41 (work in progress), January
2020. 2020.
[I-D.ietf-dots-signal-filter-control] [I-D.ietf-dots-signal-filter-control]
Nishizuka, K., Boucadair, M., Reddy.K, T., and T. Nagata, Nishizuka, K., Boucadair, M., Reddy.K, T., and T. Nagata,
"Controlling Filtering Rules Using Distributed Denial-of- "Controlling Filtering Rules Using Distributed Denial-of-
Service Open Threat Signaling (DOTS) Signal Channel", Service Open Threat Signaling (DOTS) Signal Channel",
draft-ietf-dots-signal-filter-control-02 (work in draft-ietf-dots-signal-filter-control-03 (work in
progress), September 2019. progress), March 2020.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
DOI 10.17487/RFC3688, January 2004, DOI 10.17487/RFC3688, January 2004,
<https://www.rfc-editor.org/info/rfc3688>. <https://www.rfc-editor.org/info/rfc3688>.
 End of changes. 154 change blocks. 
368 lines changed or deleted 534 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/