< draft-ietf-dots-telemetry-04.txt   draft-ietf-dots-telemetry-05.txt >
DOTS M. Boucadair, Ed. DOTS M. Boucadair, Ed.
Internet-Draft Orange Internet-Draft Orange
Intended status: Standards Track T. Reddy, Ed. Intended status: Standards Track T. Reddy, Ed.
Expires: September 20, 2020 McAfee Expires: September 28, 2020 McAfee
E. Doron E. Doron
Radware Ltd. Radware Ltd.
M. Chen M. Chen
CMCC CMCC
March 19, 2020 March 27, 2020
Distributed Denial-of-Service Open Threat Signaling (DOTS) Telemetry Distributed Denial-of-Service Open Threat Signaling (DOTS) Telemetry
draft-ietf-dots-telemetry-04 draft-ietf-dots-telemetry-05
Abstract Abstract
This document aims to enrich DOTS signal channel protocol with This document aims to enrich DOTS signal channel protocol with
various telemetry attributes allowing optimal DDoS attack mitigation. various telemetry attributes allowing optimal DDoS attack mitigation.
This document specifies the normal traffic baseline and attack It specifies the normal traffic baseline and attack traffic telemetry
traffic telemetry attributes a DOTS client can convey to its DOTS attributes a DOTS client can convey to its DOTS server in the
server in the mitigation request, the mitigation status telemetry mitigation request, the mitigation status telemetry attributes a DOTS
attributes a DOTS server can communicate to a DOTS client, and the server can communicate to a DOTS client, and the mitigation efficacy
mitigation efficacy telemetry attributes a DOTS client can telemetry attributes a DOTS client can communicate to a DOTS server.
communicate to a DOTS server. The telemetry attributes can assist The telemetry attributes can assist the mitigator to choose the DDoS
the mitigator to choose the DDoS mitigation techniques and perform mitigation techniques and perform optimal DDoS attack mitigation.
optimal DDoS attack mitigation.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 20, 2020. This Internet-Draft will expire on September 28, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. DOTS Telemetry: Overview and Purpose . . . . . . . . . . . . 6 3. DOTS Telemetry: Overview and Purpose . . . . . . . . . . . . 5
4. Generic Considerations . . . . . . . . . . . . . . . . . . . 9 4. Generic Considerations . . . . . . . . . . . . . . . . . . . 9
4.1. DOTS Client Identification . . . . . . . . . . . . . . . 9 4.1. DOTS Client Identification . . . . . . . . . . . . . . . 9
4.2. DOTS Gateways . . . . . . . . . . . . . . . . . . . . . . 9 4.2. DOTS Gateways . . . . . . . . . . . . . . . . . . . . . . 9
4.3. Empty URI Paths . . . . . . . . . . . . . . . . . . . . . 9 4.3. Empty URI Paths . . . . . . . . . . . . . . . . . . . . . 9
4.4. Controlling Configuration Data . . . . . . . . . . . . . 9 4.4. Controlling Configuration Data . . . . . . . . . . . . . 9
4.5. Block-wise Transfer . . . . . . . . . . . . . . . . . . . 10 4.5. Block-wise Transfer . . . . . . . . . . . . . . . . . . . 9
4.6. DOTS Multi-homing Considerations . . . . . . . . . . . . 10 4.6. DOTS Multi-homing Considerations . . . . . . . . . . . . 10
4.7. YANG Considerations . . . . . . . . . . . . . . . . . . . 10 4.7. YANG Considerations . . . . . . . . . . . . . . . . . . . 10
4.8. A Note About Examples . . . . . . . . . . . . . . . . . . 11 4.8. A Note About Examples . . . . . . . . . . . . . . . . . . 11
5. Telemetry Operation Paths . . . . . . . . . . . . . . . . . . 11 5. Telemetry Operation Paths . . . . . . . . . . . . . . . . . . 11
6. DOTS Telemetry Setup Configuration . . . . . . . . . . . . . 12 6. DOTS Telemetry Setup Configuration . . . . . . . . . . . . . 12
6.1. Telemetry Configuration . . . . . . . . . . . . . . . . . 12 6.1. Telemetry Configuration . . . . . . . . . . . . . . . . . 12
6.1.1. Retrieve Current DOTS Telemetry Configuration . . . . 12 6.1.1. Retrieve Current DOTS Telemetry Configuration . . . . 12
6.1.2. Convey DOTS Telemetry Configuration . . . . . . . . . 15 6.1.2. Convey DOTS Telemetry Configuration . . . . . . . . . 15
6.1.3. Retrieve Installed DOTS Telemetry Configuration . . . 18 6.1.3. Retrieve Installed DOTS Telemetry Configuration . . . 18
6.1.4. Delete DOTS Telemetry Configuration . . . . . . . . . 18 6.1.4. Delete DOTS Telemetry Configuration . . . . . . . . . 18
6.2. Total Pipe Capacity . . . . . . . . . . . . . . . . . . . 19 6.2. Total Pipe Capacity . . . . . . . . . . . . . . . . . . . 19
6.2.1. Convey DOTS Client Domain Pipe Capacity . . . . . . . 20 6.2.1. Convey DOTS Client Domain Pipe Capacity . . . . . . . 20
6.2.2. Retrieve Installed DOTS Client Domain Pipe Capacity . 25 6.2.2. Retrieve Installed DOTS Client Domain Pipe Capacity . 25
6.2.3. Delete Installed DOTS Client Domain Pipe Capacity . . 25 6.2.3. Delete Installed DOTS Client Domain Pipe Capacity . . 25
6.3. Telemetry Baseline . . . . . . . . . . . . . . . . . . . 26 6.3. Telemetry Baseline . . . . . . . . . . . . . . . . . . . 26
6.3.1. Convey DOTS Client Domain Baseline Information . . . 28 6.3.1. Convey DOTS Client Domain Baseline Information . . . 28
6.3.2. Retrieve Installed Normal Traffic Baseline . . . . . 29 6.3.2. Retrieve Installed Normal Traffic Baseline . . . . . 29
6.3.3. Delete Installed Normal Traffic Baseline . . . . . . 29 6.3.3. Delete Installed Normal Traffic Baseline . . . . . . 29
6.4. Reset Installed Telemetry Setup . . . . . . . . . . . . . 29 6.4. Reset Installed Telemetry Setup . . . . . . . . . . . . . 30
6.5. Conflict with Other DOTS Clients of the Same Domain . . . 30 6.5. Conflict with Other DOTS Clients of the Same Domain . . . 30
7. DOTS Pre-or-Ongoing Mitigation Telemetry . . . . . . . . . . 30 7. DOTS Pre-or-Ongoing Mitigation Telemetry . . . . . . . . . . 30
7.1. Pre-or-Ongoing-Mitigation DOTS Telemetry Attributes . . . 32 7.1. Pre-or-Ongoing-Mitigation DOTS Telemetry Attributes . . . 32
7.1.1. Target . . . . . . . . . . . . . . . . . . . . . . . 32 7.1.1. Target . . . . . . . . . . . . . . . . . . . . . . . 32
7.1.2. Total Traffic . . . . . . . . . . . . . . . . . . . . 33 7.1.2. Total Traffic . . . . . . . . . . . . . . . . . . . . 33
7.1.3. Total Attack Traffic . . . . . . . . . . . . . . . . 34 7.1.3. Total Attack Traffic . . . . . . . . . . . . . . . . 34
7.1.4. Total Attack Connections . . . . . . . . . . . . . . 35 7.1.4. Total Attack Connections . . . . . . . . . . . . . . 35
7.1.5. Attack Details . . . . . . . . . . . . . . . . . . . 37 7.1.5. Attack Details . . . . . . . . . . . . . . . . . . . 37
7.2. From DOTS Clients to DOTS Servers . . . . . . . . . . . . 39 7.2. From DOTS Clients to DOTS Servers . . . . . . . . . . . . 39
7.3. From DOTS Servers to DOTS Clients . . . . . . . . . . . . 40 7.3. From DOTS Servers to DOTS Clients . . . . . . . . . . . . 40
8. DOTS Telemetry Mitigation Status Update . . . . . . . . . . . 43 8. DOTS Telemetry Mitigation Status Update . . . . . . . . . . . 43
8.1. DOTS Clients to Servers Mitigation Efficacy DOTS 8.1. DOTS Clients to Servers Mitigation Efficacy DOTS
Telemetry Attributes . . . . . . . . . . . . . . . . . . 43 Telemetry Attributes . . . . . . . . . . . . . . . . . . 43
8.2. DOTS Servers to Clients Mitigation Status DOTS Telemetry 8.2. DOTS Servers to Clients Mitigation Status DOTS Telemetry
Attributes . . . . . . . . . . . . . . . . . . . . . . . 45 Attributes . . . . . . . . . . . . . . . . . . . . . . . 45
9. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 48 9. YANG Module . . . . . . . . . . . . . . . . . . . . . . . . . 48
10. YANG/JSON Mapping Parameters to CBOR . . . . . . . . . . . . 71 10. YANG/JSON Mapping Parameters to CBOR . . . . . . . . . . . . 72
11. IANA Considerationsr . . . . . . . . . . . . . . . . . . . . 75 11. IANA Considerationsr . . . . . . . . . . . . . . . . . . . . 75
11.1. DOTS Signal Channel CBOR Key Values . . . . . . . . . . 75 11.1. DOTS Signal Channel CBOR Key Values . . . . . . . . . . 75
11.2. DOTS Signal Channel Conflict Cause Codes . . . . . . . . 78 11.2. DOTS Signal Channel Conflict Cause Codes . . . . . . . . 79
11.3. DOTS Signal Telemetry YANG Module . . . . . . . . . . . 78 11.3. DOTS Signal Telemetry YANG Module . . . . . . . . . . . 79
12. Security Considerations . . . . . . . . . . . . . . . . . . . 79 12. Security Considerations . . . . . . . . . . . . . . . . . . . 79
13. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 79 13. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 80
14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 79 14. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 80
15. References . . . . . . . . . . . . . . . . . . . . . . . . . 79 15. References . . . . . . . . . . . . . . . . . . . . . . . . . 80
15.1. Normative References . . . . . . . . . . . . . . . . . . 79 15.1. Normative References . . . . . . . . . . . . . . . . . . 80
15.2. Informative References . . . . . . . . . . . . . . . . . 81 15.2. Informative References . . . . . . . . . . . . . . . . . 81
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 81 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 82
1. Introduction 1. Introduction
Distributed Denial of Service (DDoS) attacks have become more vicious Distributed Denial of Service (DDoS) attacks have become more vicious
and sophisticated in almost all aspects of their maneuvers and and sophisticated in almost all aspects of their maneuvers and
malevolent intentions. IT organizations and service providers are malevolent intentions. IT organizations and service providers are
facing DDoS attacks that fall into two broad categories: Network/ facing DDoS attacks that fall into two broad categories: Network/
Transport layer attacks and Application layer attacks: Transport layer attacks and Application layer attacks:
o Network/Transport layer attacks target the victim's o Network/Transport layer attacks target the victim's
infrastructure. These attacks are not necessarily aimed at taking infrastructure. These attacks are not necessarily aimed at taking
down the actual delivered services, but rather to eliminate down the actual delivered services, but rather to eliminate
various network elements (routers, switches, firewalls, transit various network elements (routers, switches, firewalls, transit
links, and so on) from serving legitimate user traffic. links, and so on) from serving legitimate user traffic.
The main method of such attacks is to send a large volume or high The main method of such attacks is to send a large volume or high
PPS of traffic toward the victim's infrastructure. Typically, packet per second (PPS) of traffic toward the victim's
attack volumes may vary from a few 100 Mbps/PPS to 100s of Gbps or infrastructure. Typically, attack volumes may vary from a few 100
even Tbps. Attacks are commonly carried out leveraging botnets Mbps/PPS to 100s of Gbps or even Tbps. Attacks are commonly
and attack reflectors for amplification attacks such as NTP carried out leveraging botnets and attack reflectors for
(Network Time Protocol), DNS (Domain Name System), SNMP (Simple amplification attacks such as NTP (Network Time Protocol), DNS
Network Management Protocol), or SSDP (Simple Service Discovery (Domain Name System), SNMP (Simple Network Management Protocol),
Protoco). or SSDP (Simple Service Discovery Protoco).
o Application layer attacks target various applications. Typical o Application layer attacks target various applications. Typical
examples include attacks against HTTP/HTTPS, DNS, SIP (Session examples include attacks against HTTP/HTTPS, DNS, SIP (Session
Initiation Protocol), or SMTP (Simple Mail Transfer Protocol). Initiation Protocol), or SMTP (Simple Mail Transfer Protocol).
However, all valid applications with their port numbers open at However, all valid applications with their port numbers open at
network edges can be attractive attack targets. network edges can be attractive attack targets.
Application layer attacks are considered more complex and hard to Application layer attacks are considered more complex and hard to
categorize, therefore harder to detect and mitigate efficiently. categorize, therefore harder to detect and mitigate efficiently.
To compound the problem, attackers also leverage multi-vectored To compound the problem, attackers also leverage multi-vectored
attacks. These attacks are assembled from dynamic attack vectors attacks. These attacks are assembled from dynamic attack vectors
(Network/Application) and tactics. As such, multiple attack vectors (Network/Application) and tactics. As such, multiple attack vectors
formed by multiple attack types and volumes are launched formed by multiple attack types and volumes are launched
skipping to change at page 15, line 5 skipping to change at page 14, line 51
| +--:(pipe) | +--:(pipe)
| ... | ...
| +--:(baseline) | +--:(baseline)
| ... | ...
+--:(telemetry) {dots-telemetry}? +--:(telemetry) {dots-telemetry}?
+--rw pre-or-ongoing-mitigation* [cuid tmid] +--rw pre-or-ongoing-mitigation* [cuid tmid]
... ...
Figure 3: Telemetry Configuration Tree Structure Figure 3: Telemetry Configuration Tree Structure
When both 'min-config-values' and 'max-config-values' attributes are
present, the values carried in 'max-config-values' attributes MUST be
greater or equal to their counterpart in 'min-config-values'
attributes.
6.1.2. Convey DOTS Telemetry Configuration 6.1.2. Convey DOTS Telemetry Configuration
PUT request is used to convey the configuration parameters for the PUT request is used to convey the configuration parameters for the
telemetry data (e.g., low, mid, or high percentile values). For telemetry data (e.g., low, mid, or high percentile values). For
example, a DOTS client may contact its DOTS server to change the example, a DOTS client may contact its DOTS server to change the
default percentile values used as baseline for telemetry data. default percentile values used as baseline for telemetry data.
Figure 3 lists the attributes that can be set by a DOTS client in Figure 3 lists the attributes that can be set by a DOTS client in
such PUT request. An example of a DOTS client that modifies all such PUT request. An example of a DOTS client that modifies all
percentile reference values is shown in Figure 4. percentile reference values is shown in Figure 4.
skipping to change at page 15, line 28 skipping to change at page 15, line 30
Uri-Path: "tm-setup" Uri-Path: "tm-setup"
Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw" Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw"
Uri-Path: "tsid=123" Uri-Path: "tsid=123"
Content-Format: "application/dots+cbor" Content-Format: "application/dots+cbor"
{ {
"ietf-dots-telemetry:telemetry-setup": { "ietf-dots-telemetry:telemetry-setup": {
"telemetry": [ "telemetry": [
{ {
"current-config": { "current-config": {
"low-percentile": 5.00, "low-percentile": "5.00",
"mid-percentile": 65.00, "mid-percentile": "65.00",
"high-percentile": 95.00 "high-percentile": "95.00"
} }
} }
] ]
} }
} }
Figure 4: PUT to Convey the DOTS Telemetry Configuration Figure 4: PUT to Convey the DOTS Telemetry Configuration
'cuid' is a mandatory Uri-Path parameter for PUT requests. 'cuid' is a mandatory Uri-Path parameter for PUT requests.
skipping to change at page 17, line 20 skipping to change at page 17, line 21
Uri-Path: "tm-setup" Uri-Path: "tm-setup"
Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw" Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw"
Uri-Path: "tsid=569" Uri-Path: "tsid=569"
Content-Format: "application/dots+cbor" Content-Format: "application/dots+cbor"
{ {
"ietf-dots-telemetry:telemetry-setup": { "ietf-dots-telemetry:telemetry-setup": {
"telemetry": [ "telemetry": [
{ {
"current-config": { "current-config": {
"low-percentile": 0.00, "low-percentile": "0.00",
"mid-percentile": 0.00, "mid-percentile": "0.00",
"high-percentile": 95.00 "high-percentile": "95.00"
} }
} }
] ]
} }
} }
Figure 5: PUT to Disable Low- and Mid-Percentiles Figure 5: PUT to Disable Low- and Mid-Percentiles
DOTS clients can also configure the unit(s) to be used for traffic- DOTS clients can also configure the unit type(s) to be used for
related telemetry data. Typically, the supported units are: packets traffic-related telemetry data. Typically, the supported unit types
per second (PPS) or kilo packets per second (Kpps) and Bits per are: packets per second, bits per second, and bytes per second.
Second (BPS), and kilobytes per second or megabytes per second or
gigabytes per second.
DOTS clients that are interested to receive pre- or onoing mitigation DOTS clients that are interested to receive pre- or onoing mitigation
telemetry (pre-or-ongoing-mitigation) information from a DOTS server telemetry (pre-or-ongoing-mitigation) information from a DOTS server
(Section 8.2) MUST set 'server-originated-telemetry' to 'true'. If (Section 8.2) MUST set 'server-originated-telemetry' to 'true'. If
'server-originated-telemetry' is not present in a PUT request, this 'server-originated-telemetry' is not present in a PUT request, this
is equivalent to receiving a request with 'server-originated- is equivalent to receiving a request with 'server-originated-
telemetry'' set to 'false'. An example of a request to enable pre- telemetry'' set to 'false'. An example of a request to enable pre-
or-ongoing-mitigation telemetry from DOTS servers is shown in or-ongoing-mitigation telemetry from DOTS servers is shown in
Figure 6. Figure 6.
skipping to change at page 20, line 10 skipping to change at page 20, line 10
+--rw pre-or-ongoing-mitigation* [cuid tmid] +--rw pre-or-ongoing-mitigation* [cuid tmid]
... ...
Figure 9: Pipe Tree Structure Figure 9: Pipe Tree Structure
A DOTS client domain pipe is defined as a list of limits of A DOTS client domain pipe is defined as a list of limits of
(incoming) traffic volume (total-pipe-capacity") that can be (incoming) traffic volume (total-pipe-capacity") that can be
forwarded over ingress interconnection links of a DOTS client domain. forwarded over ingress interconnection links of a DOTS client domain.
Each of these links is identified with a "link-id" [RFC8345]. Each of these links is identified with a "link-id" [RFC8345].
This limit can be expressed in packets per second (PPS) or kilo The unit used by a DOTS client when conveying pipe information is
packets per second (Kpps) and Bits per Second (BPS), and in kilobytes captured in 'unit' attribute.
per second or megabytes per second or gigabytes per second. The unit
used by a DOTS client when conveying pipe information is captured in
'unit' attribute.
6.2.1. Convey DOTS Client Domain Pipe Capacity 6.2.1. Convey DOTS Client Domain Pipe Capacity
Similar considerations to those specified in Section 6.1.2 are Similar considerations to those specified in Section 6.1.2 are
followed with one exception: followed with one exception:
The relative order of two PUT requests carrying DOTS client domain The relative order of two PUT requests carrying DOTS client domain
pipe attributes from a DOTS client is determined by comparing pipe attributes from a DOTS client is determined by comparing
their respective 'tsid' values. If such two requests have their respective 'tsid' values. If such two requests have
overlapping "link-id" and "unit", the PUT request with higher overlapping "link-id" and "unit", the PUT request with higher
skipping to change at page 21, line 20 skipping to change at page 21, line 20
Uri-Path: "tsid=457" Uri-Path: "tsid=457"
Content-Format: "application/dots+cbor" Content-Format: "application/dots+cbor"
{ {
"ietf-dots-telemetry:telemetry-setup": { "ietf-dots-telemetry:telemetry-setup": {
"telemetry": [ "telemetry": [
{ {
"total-pipe-capacity": [ "total-pipe-capacity": [
{ {
"link-id": "link1", "link-id": "link1",
"capacity": 500, "capacity": "500",
"unit": "megabytes-ps" "unit": "megabit-ps"
} }
] ]
} }
] ]
} }
} }
Figure 11: Example of a PUT Request to Convey Pipe Information Figure 11: Example of a PUT Request to Convey Pipe Information
(Single Homed) (Single Homed)
skipping to change at page 22, line 20 skipping to change at page 22, line 20
Uri-Path: "tsid=896" Uri-Path: "tsid=896"
Content-Format: "application/dots+cbor" Content-Format: "application/dots+cbor"
{ {
"ietf-dots-telemetry:telemetry-setup": { "ietf-dots-telemetry:telemetry-setup": {
"telemetry": [ "telemetry": [
{ {
"total-pipe-capacity": [ "total-pipe-capacity": [
{ {
"link-id": "aggregate", "link-id": "aggregate",
"capacity": 700, "capacity": "700",
"unit": "megabytes-ps" "unit": "megabit-ps"
} }
] ]
} }
] ]
} }
} }
Figure 13: Example of a PUT Request to Convey Pipe Information Figure 13: Example of a PUT Request to Convey Pipe Information
(Aggregated Link) (Aggregated Link)
skipping to change at page 23, line 35 skipping to change at page 23, line 35
Uri-Path: "tsid=458" Uri-Path: "tsid=458"
Content-Format: "application/dots+cbor" Content-Format: "application/dots+cbor"
{ {
"ietf-dots-telemetry:telemetry-setup": { "ietf-dots-telemetry:telemetry-setup": {
"telemetry": [ "telemetry": [
{ {
"total-pipe-capacity": [ "total-pipe-capacity": [
{ {
"link-id": "link1", "link-id": "link1",
"capacity": 500, "capacity": "500",
"unit": "megabytes-ps" "unit": "megabit-ps"
}, },
{ {
"link-id": "link2", "link-id": "link2",
"capacity": 500, "capacity": "500",
"unit": "megabytes-ps" "unit": "megabit-ps"
} }
] ]
} }
] ]
} }
} }
Figure 15: Example of a PUT Request to Convey Pipe Information Figure 15: Example of a PUT Request to Convey Pipe Information
(Multi-Homed) (Multi-Homed)
skipping to change at page 25, line 20 skipping to change at page 25, line 20
Uri-Path: "tsid=459" Uri-Path: "tsid=459"
Content-Format: "application/dots+cbor" Content-Format: "application/dots+cbor"
{ {
"ietf-dots-telemetry:telemetry-setup": { "ietf-dots-telemetry:telemetry-setup": {
"telemetry": [ "telemetry": [
{ {
"total-pipe-capacity": [ "total-pipe-capacity": [
{ {
"link-id": "link1", "link-id": "link1",
"capacity": 0, "capacity": "0",
"unit": "megabytes-ps" "unit": "megabit-ps"
}, },
{ {
"link-id": "link2", "link-id": "link2",
"capacity": 500, "capacity": "500",
"unit": "megabytes-ps" "unit": "megabit-ps"
} }
] ]
} }
] ]
} }
} }
Figure 17: Example of a PUT Request to Convey Pipe Information Figure 17: Example of a PUT Request to Convey Pipe Information
(Multi-Homed) (Multi-Homed)
skipping to change at page 29, line 15 skipping to change at page 29, line 15
Header: PUT (Code=0.03) Header: PUT (Code=0.03)
Uri-Path: ".well-known" Uri-Path: ".well-known"
Uri-Path: "dots" Uri-Path: "dots"
Uri-Path: "tm-setup" Uri-Path: "tm-setup"
Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw" Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw"
Uri-Path: "tsid=126" Uri-Path: "tsid=126"
Content-Format: "application/dots+cbor" Content-Format: "application/dots+cbor"
{ {
"ietf-dots-telemetry:telemetry": { "ietf-dots-telemetry:telemetry": {
"baseline": { {
"id": 1, "ietf-dots-telemetry:telemetry-setup": {
"target-prefix": [ "telemetry": [
"2001:db8:6401::1/128", {
"2001:db8:6401::2/128" "baseline": {
], "id": 1,
"total-traffic-normal-baseline": { "target-prefix": [
"unit": "megabytes-ps", "2001:db8:6401::1/128",
"protocol": 6, "2001:db8:6401::2/128"
"peak-g": "50" ],
} "total-traffic-normal-baseline": {
} "unit": "megabit-ps",
"protocol": 6,
"peak-g": "50"
}
}
}
]
} }
} }
Figure 19: PUT to Convey the DOTS Traffic Baseline Figure 19: PUT to Convey the DOTS Traffic Baseline
6.3.2. Retrieve Installed Normal Traffic Baseline 6.3.2. Retrieve Installed Normal Traffic Baseline
A GET request with 'tsid' Uri-Path parameter is used to retrieve a A GET request with 'tsid' Uri-Path parameter is used to retrieve a
specific installed DOTS client domain baseline traffic information. specific installed DOTS client domain baseline traffic information.
The same procedure as defined in (Section 6.1.3) is followed. The same procedure as defined in (Section 6.1.3) is followed.
skipping to change at page 31, line 37 skipping to change at page 31, line 40
|DOTS client| |DOTS server| |DOTS client| |DOTS server|
+-----------+ +-----------+ +-----------+ +-----------+
| | | |
|<=============== Telemetry (target-prefix)=============| |<=============== Telemetry (target-prefix)=============|
| | | |
|=========Mitigation Request (target-prefix)===========>| |=========Mitigation Request (target-prefix)===========>|
| | | |
Figure 22: Example of Request Correlation using Target Prefix Figure 22: Example of Request Correlation using Target Prefix
DOTS agents MUST NOT sent pre-or-ongoing-mitigation telemetry DOTS agents MUST NOT send pre-or-ongoing-mitigation telemetry
messages to the same peer more frequently than once every 'telemetry- messages to the same peer more frequently than once every 'telemetry-
notify-interval' (Section 6.1). notify-interval' (Section 6.1).
DOTS pre-or-ongoing-mitigation telemetry request and response DOTS pre-or-ongoing-mitigation telemetry request and response
messages MUST be marked as Non-Confirmable messages. messages MUST be marked as Non-Confirmable messages.
augment /ietf-signal:dots-signal/ietf-signal:message-type: augment /ietf-signal:dots-signal/ietf-signal:message-type:
+--:(telemetry-setup) {dots-telemetry}? +--:(telemetry-setup) {dots-telemetry}?
| +--rw telemetry* [cuid tsid] | +--rw telemetry* [cuid tsid]
| ... | ...
skipping to change at page 39, line 35 skipping to change at page 39, line 35
"ietf-dots-telemetry:telemetry": { "ietf-dots-telemetry:telemetry": {
"pre-or-ongoing-mitigation": { "pre-or-ongoing-mitigation": {
"target": { "target": {
{ {
"target-prefix": [ "target-prefix": [
"2001:db8::1/128" "2001:db8::1/128"
] ]
"total-attack-traffic": [ "total-attack-traffic": [
{ {
"protocol": 17, "protocol": 17,
"unit": "megabytes-ps", "unit": "megabit-ps",
"mid-percentile-g": "900" "mid-percentile-g": "900"
} }
], ],
"attack-detail": { "attack-detail": {
"start-time": "1957811234", "start-time": "1957811234",
"attack-severity": "emergency" "attack-severity": "emergency"
} }
} }
} }
} }
skipping to change at page 43, line 17 skipping to change at page 43, line 17
"pre-or-ongoing-mitigation": { "pre-or-ongoing-mitigation": {
"target": { "target": {
{ {
"tmid": 123, "tmid": 123,
"target-prefix": [ "target-prefix": [
"2001:db8::1/128" "2001:db8::1/128"
] ]
"total-attack-traffic": [ "total-attack-traffic": [
{ {
"protocol": 17, "protocol": 17,
"unit": "megabytes-ps", "unit": "megabit-ps",
"mid-percentile-g": "900" "mid-percentile-g": "900"
} }
], ],
"attack-detail": { "attack-detail": {
"start-time": "1957818434", "start-time": "1957818434",
"attack-severity": "emergency" "attack-severity": "emergency"
} }
} }
} }
} }
skipping to change at page 45, line 24 skipping to change at page 45, line 24
{ {
"ietf-dots-signal-channel:mitigation-scope": { "ietf-dots-signal-channel:mitigation-scope": {
"scope": [ "scope": [
{ {
"alias-name": [ "alias-name": [
"myserver" "myserver"
], ],
"attack-status": "under-attack", "attack-status": "under-attack",
"ietf-dots-telemetry:total-attack-traffic": [ "ietf-dots-telemetry:total-attack-traffic": [
{ {
"ietf-dots-telemetry:unit": "megabytes-ps", "ietf-dots-telemetry:unit": "megabit-ps",
"ietf-dots-telemetry:mid-percentile-g": "900" "ietf-dots-telemetry:mid-percentile-g": "900"
} }
] ]
} }
] ]
} }
} }
Figure 35: An Example of Mitigation Efficacy Update with Telemetry Figure 35: An Example of Mitigation Efficacy Update with Telemetry
Attributes Attributes
skipping to change at page 48, line 22 skipping to change at page 48, line 22
"myserver" "myserver"
], ],
"lifetime": 1600, "lifetime": 1600,
"status": "attack-successfully-mitigated", "status": "attack-successfully-mitigated",
"bytes-dropped": "134334555", "bytes-dropped": "134334555",
"bps-dropped": "43344", "bps-dropped": "43344",
"pkts-dropped": "333334444", "pkts-dropped": "333334444",
"pps-dropped": "432432", "pps-dropped": "432432",
"ietf-dots-telemetry:total-attack-traffic": [ "ietf-dots-telemetry:total-attack-traffic": [
{ {
"ietf-dots-telemetry:unit": "megabytes-ps", "ietf-dots-telemetry:unit": "megabit-ps",
"ietf-dots-telemetry:mid-percentile-g": "900" "ietf-dots-telemetry:mid-percentile-g": "900"
} }
], ],
"ietf-dots-telemetry::attack-detail": { "ietf-dots-telemetry::attack-detail": {
"ietf-dots-telemetry:source-count": { "ietf-dots-telemetry:source-count": {
"ietf-dots-telemetry:peak-g": "10000" "ietf-dots-telemetry:peak-g": "10000"
} }
} }
} }
] ]
} }
} }
Figure 36: Response Body of a Mitigation Status With Telemetry Figure 36: Response Body of a Mitigation Status With Telemetry
Attributes Attributes
9. YANG Module 9. YANG Module
This module uses types defined in [RFC6991] and [RFC8345]. This module uses types defined in [RFC6991] and [RFC8345].
<CODE BEGINS> file "ietf-dots-telemetry@2020-03-08.yang" <CODE BEGINS> file "ietf-dots-telemetry@2020-03-27.yang"
module ietf-dots-telemetry { module ietf-dots-telemetry {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-dots-telemetry"; namespace "urn:ietf:params:xml:ns:yang:ietf-dots-telemetry";
prefix dots-telemetry; prefix dots-telemetry;
import ietf-dots-signal-channel { import ietf-dots-signal-channel {
prefix ietf-signal; prefix ietf-signal;
reference reference
"RFC SSSS: Distributed Denial-of-Service Open Threat "RFC SSSS: Distributed Denial-of-Service Open Threat
Signaling (DOTS) Signal Channel Specification"; Signaling (DOTS) Signal Channel Specification";
skipping to change at page 50, line 10 skipping to change at page 50, line 10
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision 2020-03-08 { revision 2020-03-27 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: Distributed Denial-of-Service Open Threat "RFC XXXX: Distributed Denial-of-Service Open Threat
Signaling (DOTS) Telemetry"; Signaling (DOTS) Telemetry";
} }
feature dots-telemetry { feature dots-telemetry {
description description
"This feature means that the DOTS signal channel is able "This feature means that the DOTS signal channel is able
skipping to change at page 50, line 47 skipping to change at page 50, line 47
enum alert { enum alert {
value 3; value 3;
description description
"This is an alert."; "This is an alert.";
} }
} }
description description
"Enumeration for attack severity."; "Enumeration for attack severity.";
} }
typedef unit-type {
type enumeration {
enum packet-ps {
value 1;
description
"Packets per second (PPS).";
}
enum bit-ps {
value 3;
description
"Bit per Second (BPS).";
}
enum byte-ps {
value 4;
description
"Kilobyte per second.";
}
}
description
"Enumeration to indicate which unit type is used.";
}
typedef unit { typedef unit {
type enumeration { type enumeration {
enum pps { enum packet-ps {
value 1; value 1;
description description
"Packets per second (PPS)."; "Packets per second (PPS).";
} }
enum kilo-pps { enum kilopacket-ps {
value 2; value 2;
description description
"Kilo packets per second (Kpps)."; "Kilo packets per second (Kpps).";
} }
enum bps { enum bit-ps {
value 3; value 3;
description description
"Bit per Second (BPS)."; "Bit per Second (BPS).";
} }
enum kilobyte-ps { enum byte-ps {
value 4; value 4;
description description
"Kilobyte per second."; "Kilobyte per second.";
} }
enum megabit-ps { enum kilobyte-ps {
value 5; value 5;
description description
"Kilobyte per second.";
}
enum megabit-ps {
value 6;
description
"Megabit per second."; "Megabit per second.";
} }
enum megabyte-ps { enum megabyte-ps {
value 6; value 7;
description description
"Megabyte per second."; "Megabyte per second.";
} }
enum gigabit-ps { enum gigabit-ps {
value 7; value 8;
description description
"Gigabit per second."; "Gigabit per second.";
} }
enum gigabyte-ps { enum gigabyte-ps {
value 8; value 9;
description description
"Gigabyte per second."; "Gigabyte per second.";
} }
enum terabit-ps { enum terabit-ps {
value 9; value 10;
description description
"Terabit per second."; "Terabit per second.";
} }
enum terabyte-ps { enum terabyte-ps {
value 10; value 11;
description description
"Terabyte per second."; "Terabyte per second.";
} }
} }
description description
"Enumeration to indicate which unit is used."; "Enumeration to indicate which unit is used.";
} }
typedef interval { typedef interval {
type enumeration { type enumeration {
skipping to change at page 55, line 28 skipping to change at page 56, line 7
grouping unit-config { grouping unit-config {
description description
"Generic grouping for unit configuration."; "Generic grouping for unit configuration.";
list unit-config { list unit-config {
key "unit"; key "unit";
description description
"Controls which units are allowed when sharing telemetry "Controls which units are allowed when sharing telemetry
data."; data.";
leaf unit { leaf unit {
type unit; type unit-type;
description description
"The traffic can be measured in packets per "Can be pps, bit/ps, or byte/ps";
second (PPS) or kilo packets per second (Kpps) and Bits per
Second (BPS), and kilobytes per second or megabytes per second
or gigabytes per second.";
} }
leaf unit-status { leaf unit-status {
type boolean; type boolean;
description description
"Enable/disable the use of the measurement unit."; "Enable/disable the use of the measurement unit.";
} }
} }
} }
grouping traffic-unit { grouping traffic-unit {
description description
"Grouping of traffic as a function of measurement unit."; "Grouping of traffic as a function of measurement unit.";
leaf unit { leaf unit {
type unit; type unit;
description description
"The traffic can be measured in packets per "The traffic can be measured using unit types: packets
second (PPS) or kilo packets per second (Kpps) and Bits per per second (PPS), Bits per Second (BPS), and/or
Second (BPS), and kilobytes per second or megabytes per second bytes per second. DOTS agents auto-scale to the appropriate
or gigabytes per second."; units (e.g., megabit-ps, kilobit-ps).";
} }
uses percentile; uses percentile;
} }
grouping traffic-unit-protocol { grouping traffic-unit-protocol {
description description
"Grouping of traffic of a given transport protocol as "Grouping of traffic of a given transport protocol as
a function of measurement unit."; a function of measurement unit.";
leaf unit { leaf unit {
type unit; type unit;
description description
"The traffic can be measured in packets per "The traffic can be measured using unit types: packets
second (PPS) or kilo packets per second (Kpps) and Bits per per second (PPS), Bits per Second (BPS), and/or
Second (BPS), and kilobytes per second or megabytes per second bytes per second. DOTS agents auto-scale to the appropriate
or gigabytes per second."; units (e.g., megabit-ps, kilobit-ps).";
} }
leaf protocol { leaf protocol {
type uint8; type uint8;
description description
"The transport protocol. "The transport protocol.
Values are taken from the IANA Protocol Numbers registry: Values are taken from the IANA Protocol Numbers registry:
<https://www.iana.org/assignments/protocol-numbers/>. <https://www.iana.org/assignments/protocol-numbers/>.
For example, this field contains 6 for TCP, For example, this field contains 6 for TCP,
17 for UDP, 33 for DCCP, or 132 for SCTP."; 17 for UDP, 33 for DCCP, or 132 for SCTP.";
skipping to change at page 60, line 7 skipping to change at page 60, line 31
description description
"The transport protocol. "The transport protocol.
Values are taken from the IANA Protocol Numbers registry: Values are taken from the IANA Protocol Numbers registry:
<https://www.iana.org/assignments/protocol-numbers/>."; <https://www.iana.org/assignments/protocol-numbers/>.";
} }
uses connection; uses connection;
} }
list high-percentile-l { list high-percentile-l {
key "protocol"; key "protocol";
description description
"Highg percentile of attack connections."; "High percentile of attack connections.";
leaf protocol { leaf protocol {
type uint8; type uint8;
description description
"The transport protocol. "The transport protocol.
Values are taken from the IANA Protocol Numbers registry: Values are taken from the IANA Protocol Numbers registry:
<https://www.iana.org/assignments/protocol-numbers/>."; <https://www.iana.org/assignments/protocol-numbers/>.";
} }
uses connection; uses connection;
} }
list peak-l { list peak-l {
skipping to change at page 68, line 31 skipping to change at page 69, line 8
description description
"Indicates whether the DOTS server can be instructed "Indicates whether the DOTS server can be instructed
to send pre-or-ongoing-mitigation telemetry. If set to FALSE to send pre-or-ongoing-mitigation telemetry. If set to FALSE
or the attribute is not present, this is an indication or the attribute is not present, this is an indication
that the server does not support this capability."; that the server does not support this capability.";
} }
leaf telemetry-notify-interval { leaf telemetry-notify-interval {
type uint32 { type uint32 {
range "1 .. 3600"; range "1 .. 3600";
} }
must '. >= ../../min-config-values/telemetry-notify-interval' {
error-message
"The value must be greater than or equal
to the telemetry-notify-interval in the min-config-values";
}
units "seconds"; units "seconds";
description description
"Minimum number of seconds between successive "Minimum number of seconds between successive
telemetry notifications."; telemetry notifications.";
} }
} }
container min-config-values { container min-config-values {
config false; config false;
description description
"Minimum acceptable configuration values."; "Minimum acceptable configuration values.";
skipping to change at page 69, line 22 skipping to change at page 70, line 4
description description
"Total pipe capacity of a DOTS client domain"; "Total pipe capacity of a DOTS client domain";
list total-pipe-capacity { list total-pipe-capacity {
key "link-id unit"; key "link-id unit";
description description
"Total pipe capacity of a DOTS client domain."; "Total pipe capacity of a DOTS client domain.";
leaf link-id { leaf link-id {
type nt:link-id; type nt:link-id;
description description
"Identifier of an interconnection link."; "Identifier of an interconnection link.";
} }
leaf capacity { leaf capacity {
type uint64; type uint64;
mandatory true; mandatory true;
description description
"Pipe capacity."; "Pipe capacity.";
} }
leaf unit { leaf unit {
type unit; type unit;
description description
"The traffic can be measured in packets per "The traffic can be measured using unit types: packets
second (PPS) or kilo packets per second (Kpps) and Bits per per second (PPS), Bits per Second (BPS), and/or
Second (BPS), and kilobytes per second or megabytes per second bytes per second. DOTS agents auto-scale to the
or gigabytes per second."; appropriate units (e.g., megabit-ps, kilobit-ps).";
} }
} }
} }
case baseline { case baseline {
description description
"Traffic baseline information"; "Traffic baseline information";
list baseline { list baseline {
key "id"; key "id";
description description
"Traffic baseline information"; "Traffic baseline information";
skipping to change at page 71, line 18 skipping to change at page 72, line 4
description description
"Reference a list of associated mitigation requests."; "Reference a list of associated mitigation requests.";
} }
} }
uses pre-or-ongoing-mitigation; uses pre-or-ongoing-mitigation;
} }
} }
} }
} }
<CODE ENDS> <CODE ENDS>
10. YANG/JSON Mapping Parameters to CBOR 10. YANG/JSON Mapping Parameters to CBOR
All DOTS telemetry parameters in the payload of the DOTS signal All DOTS telemetry parameters in the payload of the DOTS signal
channel MUST be mapped to CBOR types as shown in the following table: channel MUST be mapped to CBOR types as shown in the following table:
o Implementers may use the values in: https://github.com/boucadair/ o Implementers may use the values in: https://github.com/boucadair/
draft-dots-telemetry/blob/master/mapping-table.txt draft-dots-telemetry/blob/master/mapping-table.txt
+----------------------+-------------+------+---------------+--------+ +----------------------+-------------+------+---------------+--------+
| Parameter Name | YANG | CBOR | CBOR Major | JSON | | Parameter Name | YANG | CBOR | CBOR Major | JSON |
| | Type | Key | Type & | Type | | | Type | Key | Type & | Type |
| | | | Information | | | | | | Information | |
+----------------------+-------------+------+---------------+--------+ +----------------------+-------------+------+---------------+--------+
| tsid | uint32 |TBA1 | 0 unsigned | Number | | tsid | uint32 |TBA1 | 0 unsigned | Number |
| telemetry-config | container |TBA2 | 5 map | Object | | telemetry | container |TBA2 | 5 map | Object |
| low-percentile | decimal64 |TBA3 | 6 tag 4 | | | low-percentile | decimal64 |TBA3 | 6 tag 4 | |
| | | | [-2, integer]| String | | | | | [-2, integer]| String |
| mid-percentile | decimal64 |TBA4 | 6 tag 4 | | | mid-percentile | decimal64 |TBA4 | 6 tag 4 | |
| | | | [-2, integer]| String | | | | | [-2, integer]| String |
| high-percentile | decimal64 |TBA5 | 6 tag 4 | | | high-percentile | decimal64 |TBA5 | 6 tag 4 | |
| | | | [-2, integer]| String | | | | | [-2, integer]| String |
| unit-config | list |TBA6 | 4 array | Array | | unit-config | list |TBA6 | 4 array | Array |
| unit | enumeration |TBA7 | 0 unsigned | String | | unit | enumeration |TBA7 | 0 unsigned | String |
| unit-status | boolean |TBA8 | 7 bits 20 | False | | unit-status | boolean |TBA8 | 7 bits 20 | False |
| | | | 7 bits 21 | True | | | | | 7 bits 21 | True |
| total-pipe-capability| list |TBA9 | 4 array | Array | | total-pipe-capability| list |TBA9 | 4 array | Array |
| pipe | uint64 |TBA10 | 0 unsigned | String | | link-id | string |TBA10 | 3 text string | String |
| pre-or-ongoing- | list |TBA11 | 4 array | Array | | pre-or-ongoing- | list |TBA11 | 4 array | Array |
| mitigation | | | | | | mitigation | | | | |
| total-traffic- | | | | | | total-traffic- | | | | |
| normal-baseline | list |TBA12 | 4 array | Array | | normal-baseline | list |TBA12 | 4 array | Array |
| low-percentile-g | yang:gauge64|TBA13 | 0 unsigned | String | | low-percentile-g | yang:gauge64|TBA13 | 0 unsigned | String |
| mid-percentile-g | yang:gauge64|TBA14 | 0 unsigned | String | | mid-percentile-g | yang:gauge64|TBA14 | 0 unsigned | String |
| high-percentile-g | yang:gauge64|TBA15 | 0 unsigned | String | | high-percentile-g | yang:gauge64|TBA15 | 0 unsigned | String |
| peak-g | yang:gauge64|TBA16 | 0 unsigned | String | | peak-g | yang:gauge64|TBA16 | 0 unsigned | String |
| total-attack-traffic | list |TBA17 | 4 array | Array | | total-attack-traffic | list |TBA17 | 4 array | Array |
| total-traffic | list |TBA18 | 4 array | Array | | total-traffic | list |TBA18 | 4 array | Array |
skipping to change at page 73, line 17 skipping to change at page 73, line 50
| source-prefix | inet: |TBA60 | 3 text string | String | | source-prefix | inet: |TBA60 | 3 text string | String |
| | ip-prefix | | | | | | ip-prefix | | | |
| mid-list | leaf-list |TBA61 | 4 array | Array | | mid-list | leaf-list |TBA61 | 4 array | Array |
| | uint32 | | 0 unsigned | Number | | | uint32 | | 0 unsigned | Number |
| source-port-range | list |TBA62 | 4 array | Array | | source-port-range | list |TBA62 | 4 array | Array |
| source-icmp-type- | list |TBA63 | 4 array | Array | | source-icmp-type- | list |TBA63 | 4 array | Array |
| range | | | | | | range | | | | |
| lower-type | uint8 |TBA64 | 0 unsigned | Number | | lower-type | uint8 |TBA64 | 0 unsigned | Number |
| upper-type | uint8 |TBA65 | 0 unsigned | Number | | upper-type | uint8 |TBA65 | 0 unsigned | Number |
| target | container |TBA66 | 5 map | Object | | target | container |TBA66 | 5 map | Object |
| capacity | uint64 |TBA67 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| telemetry | container |TBA67 | 5 map | Object | | telemetry-setup | container |TBA70 | 5 map | Object |
| ietf-dots-telemetry: | | | | |
| telemetry-setup | container |TBA68 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| total-traffic | list |TBA69 | 4 array | Array | | total-traffic | list |TBA71 | 4 array | Array |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| unit | enumeration |TBA70 | 0 unsigned | String | | unit | enumeration |TBA72 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| low-percentile-g | yang:gauge64|TBA71 | 0 unsigned | String | | low-percentile-g | yang:gauge64|TBA73 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| mid-percentile-g | yang:gauge64|TBA72 | 0 unsigned | String | | mid-percentile-g | yang:gauge64|TBA74 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| high-percentile-g | yang:gauge64|TBA73 | 0 unsigned | String | | high-percentile-g | yang:gauge64|TBA75 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| peak-g | yang:gauge64|TBA74 | 0 unsigned | String | | peak-g | yang:gauge64|TBA76 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| total-attack-traffic | list |TBA75 | 4 array | Array | | total-attack-traffic | list |TBA77 | 4 array | Array |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| total-attack- | | | | | | total-attack- | | | | |
| connection | container |TBA76 | 5 map | Object | | connection | container |TBA78 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| low-percentile-c | container |TBA77 | 5 map | Object | | low-percentile-c | container |TBA79 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| mid-percentile-c | container |TBA78 | 5 map | Object | | mid-percentile-c | container |TBA80 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| high-percentile-c | container |TBA79 | 5 map | Object | | high-percentile-c | container |TBA81 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| peak-c | container |TBA80 | 5 map | Object | | peak-c | container |TBA82 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| connection | uint64 |TBA81 | 0 unsigned | String | | connection | uint64 |TBA83 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| embryonic | uint64 |TBA82 | 0 unsigned | String | | embryonic | uint64 |TBA84 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| connection-ps | uint64 |TBA83 | 0 unsigned | String | | connection-ps | uint64 |TBA85 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| request-ps | uint64 |TBA84 | 0 unsigned | String | | request-ps | uint64 |TBA86 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| partial-request-ps | uint64 |TBA85 | 0 unsigned | String | | partial-request-ps | uint64 |TBA87 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| attack-detail | container |TBA86 | 5 map | Object | | attack-detail | container |TBA88 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| id | uint32 |TBA87 | 0 unsigned | Number | | id | uint32 |TBA89 | 0 unsigned | Number |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| attack-id | string |TBA88 | 3 text string | String | | attack-id | string |TBA90 | 3 text string | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| attack-name | string |TBA89 | 3 text string | String | | attack-name | string |TBA91 | 3 text string | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| attack-severity | enumeration |TBA90 | 0 unsigned | String | | attack-severity | enumeration |TBA92 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| start-time | uint64 |TBA91 | 0 unsigned | String | | start-time | uint64 |TBA93 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| end-time | uint64 |TBA92 | 0 unsigned | String | | end-time | uint64 |TBA94 | 0 unsigned | String |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| source-count | container |TBA93 | 5 map | Object | | source-count | container |TBA95 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| top-talker | container |TBA94 | 5 map | Object | | top-talker | container |TBA96 | 5 map | Object |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| spoofed-status | boolean |TBA95 | 7 bits 20 | False | | spoofed-status | boolean |TBA97 | 7 bits 20 | False |
| | | | 7 bits 21 | True | | | | | 7 bits 21 | True |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| talker | list |TBA96 | 4 array | Array | | talker | list |TBA98 | 4 array | Array |
| ietf-dots-telemetry: | inet: |TBA97 | 3 text string | String | | ietf-dots-telemetry: | inet: |TBA99 | 3 text string | String |
| source-prefix | ip-prefix | | | | | source-prefix | ip-prefix | | | |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| source-port-range | list |TBA98 | 4 array | Array | | source-port-range | list |TBA100| 4 array | Array |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| lower-port | inet: | | | | | lower-port | inet: | | | |
| | port-number|TBA99 | 0 unsigned | Number | | | port-number|TBA101| 0 unsigned | Number |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| upper-port | inet: | | | | | upper-port | inet: | | | |
| | port-number|TBA100| 0 unsigned | Number | | | port-number|TBA102| 0 unsigned | Number |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| source-icmp-type- | list |TBA101| 4 array | Array | | source-icmp-type- | list |TBA103| 4 array | Array |
| range | | | | | | range | | | | |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| lower-type | uint8 |TBA102| 0 unsigned | Number | | lower-type | uint8 |TBA104| 0 unsigned | Number |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| upper-type | uint8 |TBA103| 0 unsigned | Number | | upper-type | uint8 |TBA105| 0 unsigned | Number |
| ietf-dots-telemetry: | | | | |
| telemetry | container |TBA106| 5 map | Object |
+----------------------+-------------+------+---------------+--------+ +----------------------+-------------+------+---------------+--------+
11. IANA Considerationsr 11. IANA Considerationsr
11.1. DOTS Signal Channel CBOR Key Values 11.1. DOTS Signal Channel CBOR Key Values
This specification registers the DOTS telemetry attributes in the This specification registers the DOTS telemetry attributes in the
IANA "DOTS Signal Channel CBOR Key Values" registry available at IANA "DOTS Signal Channel CBOR Key Values" registry available at
https://www.iana.org/assignments/dots/dots.xhtml#dots-signal-channel- https://www.iana.org/assignments/dots/dots.xhtml#dots-signal-channel-
cbor-key-values. cbor-key-values.
skipping to change at page 75, line 27 skipping to change at page 76, line 11
o Note to the RFC Editor: (1) CBOR keys are assigned from the o Note to the RFC Editor: (1) CBOR keys are assigned from the
32768-49151 range. (2) Please assign the following suggested 32768-49151 range. (2) Please assign the following suggested
values. values.
+----------------------+-------+-------+------------+---------------+ +----------------------+-------+-------+------------+---------------+
| Parameter Name | CBOR | CBOR | Change | Specification | | Parameter Name | CBOR | CBOR | Change | Specification |
| | Key | Major | Controller | Document(s) | | | Key | Major | Controller | Document(s) |
| | Value | Type | | | | | Value | Type | | |
+----------------------+-------+-------+------------+---------------+ +----------------------+-------+-------+------------+---------------+
| tsid | TBA1 | 0 | IESG | [RFCXXXX] | | tsid | TBA1 | 0 | IESG | [RFCXXXX] |
| telemetry-config | TBA2 | 5 | IESG | [RFCXXXX] | | telemetry | TBA2 | 5 | IESG | [RFCXXXX] |
| low-percentile | TBA3 | 6tag4 | IESG | [RFCXXXX] | | low-percentile | TBA3 | 6tag4 | IESG | [RFCXXXX] |
| mid-percentile | TBA4 | 6tag4 | IESG | [RFCXXXX] | | mid-percentile | TBA4 | 6tag4 | IESG | [RFCXXXX] |
| high-percentile | TBA5 | 6tag4 | IESG | [RFCXXXX] | | high-percentile | TBA5 | 6tag4 | IESG | [RFCXXXX] |
| unit-config | TBA6 | 4 | IESG | [RFCXXXX] | | unit-config | TBA6 | 4 | IESG | [RFCXXXX] |
| unit | TBA7 | 0 | IESG | [RFCXXXX] | | unit | TBA7 | 0 | IESG | [RFCXXXX] |
| unit-status | TBA8 | 7 | IESG | [RFCXXXX] | | unit-status | TBA8 | 7 | IESG | [RFCXXXX] |
| total-pipe-capability| TBA9 | 4 | IESG | [RFCXXXX] | | total-pipe-capability| TBA9 | 4 | IESG | [RFCXXXX] |
| pipe | TBA10 | 0 | IESG | [RFCXXXX] | | link-id | TBA10 | 3 | IESG | [RFCXXXX] |
| pre-or-ongoing- | TBA11 | 4 | IESG | [RFCXXXX] | | pre-or-ongoing- | TBA11 | 4 | IESG | [RFCXXXX] |
| mitigation | | | | | | mitigation | | | | |
| total-traffic- | TBA12 | 4 | IESG | [RFCXXXX] | | total-traffic- | TBA12 | 4 | IESG | [RFCXXXX] |
| normal-baseline | | | | | | normal-baseline | | | | |
| low-percentile-g | TBA13 | 0 | IESG | [RFCXXXX] | | low-percentile-g | TBA13 | 0 | IESG | [RFCXXXX] |
| mid-percentile-g | TBA14 | 0 | IESG | [RFCXXXX] | | mid-percentile-g | TBA14 | 0 | IESG | [RFCXXXX] |
| high-percentile-g | TBA15 | 0 | IESG | [RFCXXXX] | | high-percentile-g | TBA15 | 0 | IESG | [RFCXXXX] |
| peak-g | TBA16 | 0 | IESG | [RFCXXXX] | | peak-g | TBA16 | 0 | IESG | [RFCXXXX] |
| total-attack-traffic | TBA17 | 4 | IESG | [RFCXXXX] | | total-attack-traffic | TBA17 | 4 | IESG | [RFCXXXX] |
| total-traffic | TBA18 | 4 | IESG | [RFCXXXX] | | total-traffic | TBA18 | 4 | IESG | [RFCXXXX] |
skipping to change at page 76, line 50 skipping to change at page 77, line 34
| measurement-interval | TBA57 | 0 | IESG | [RFCXXXX] | | measurement-interval | TBA57 | 0 | IESG | [RFCXXXX] |
| measurement-sample | TBA58 | 0 | IESG | [RFCXXXX] | | measurement-sample | TBA58 | 0 | IESG | [RFCXXXX] |
| talker | TBA59 | 0 | IESG | [RFCXXXX] | | talker | TBA59 | 0 | IESG | [RFCXXXX] |
| source-prefix | TBA60 | 0 | IESG | [RFCXXXX] | | source-prefix | TBA60 | 0 | IESG | [RFCXXXX] |
| mid-list | TBA61 | 4 | IESG | [RFCXXXX] | | mid-list | TBA61 | 4 | IESG | [RFCXXXX] |
| source-port-range | TBA62 | 4 | IESG | [RFCXXXX] | | source-port-range | TBA62 | 4 | IESG | [RFCXXXX] |
| source-icmp-type- | TBA63 | 4 | IESG | [RFCXXXX] | | source-icmp-type- | TBA63 | 4 | IESG | [RFCXXXX] |
| lower-type | TBA64 | 0 | IESG | [RFCXXXX] | | lower-type | TBA64 | 0 | IESG | [RFCXXXX] |
| upper-type | TBA65 | 0 | IESG | [RFCXXXX] | | upper-type | TBA65 | 0 | IESG | [RFCXXXX] |
| target | TBA66 | 5 | IESG | [RFCXXXX] | | target | TBA66 | 5 | IESG | [RFCXXXX] |
| ietf-dots-telemetry: | TBA67 | 5 | IESG | [RFCXXXX] | | capacity | TBA67 | 0 | IESG | [RFCXXXX] |
| telemetry | | | | | | ietf-dots-telemetry: | TBA70 | 5 | IESG | [RFCXXXX] |
| ietf-dots-telemetry: | TBA68 | 5 | IESG | [RFCXXXX] |
| telemetry-setup | | | | | | telemetry-setup | | | | |
| ietf-dots-telemetry: | TBA69 | 0 | IESG | [RFCXXXX] |
| total-traffic | | | | |
| ietf-dots-telemetry: | TBA70 | 0 | IESG | [RFCXXXX] |
| unit | | | | |
| ietf-dots-telemetry: | TBA71 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA71 | 0 | IESG | [RFCXXXX] |
| low-percentile-g | | | | | | total-traffic | | | | |
| ietf-dots-telemetry: | TBA72 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA72 | 0 | IESG | [RFCXXXX] |
| mid-percentile-g | | | | | | unit | | | | |
| ietf-dots-telemetry: | TBA73 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA73 | 0 | IESG | [RFCXXXX] |
| high-percentile-g | | | | | | low-percentile-g | | | | |
| ietf-dots-telemetry: | TBA74 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA74 | 0 | IESG | [RFCXXXX] |
| peak-g | | | | | | mid-percentile-g | | | | |
| ietf-dots-telemetry: | TBA75 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA75 | 0 | IESG | [RFCXXXX] |
| total-attack-traffic | | | | | | high-percentile-g | | | | |
| ietf-dots-telemetry: | TBA76 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA76 | 0 | IESG | [RFCXXXX] |
| peak-g | | | | |
| ietf-dots-telemetry: | TBA77 | 0 | IESG | [RFCXXXX] |
| total-attack-traffic | | | | |
| ietf-dots-telemetry: | TBA78 | 0 | IESG | [RFCXXXX] |
| total-attack- | | | | | | total-attack- | | | | |
| connection | | | | | | connection | | | | |
| ietf-dots-telemetry: | TBA77 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA79 | 0 | IESG | [RFCXXXX] |
| low-percentile-c | | | | | | low-percentile-c | | | | |
| ietf-dots-telemetry: | TBA78 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA80 | 0 | IESG | [RFCXXXX] |
| mid-percentile-c | | | | | | mid-percentile-c | | | | |
| ietf-dots-telemetry: | TBA79 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA71 | 0 | IESG | [RFCXXXX] |
| high-percentile-c | | | | | | high-percentile-c | | | | |
| ietf-dots-telemetry: | TBA80 | 0 | IESG | [RFCXXXX] |
| peak-c | | | | |
| ietf-dots-telemetry: | TBA81 | 0 | IESG | [RFCXXXX] |
| connection | | | | |
| ietf-dots-telemetry: | TBA82 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA82 | 0 | IESG | [RFCXXXX] |
| embryonic | | | | | | peak-c | | | | |
| ietf-dots-telemetry: | TBA83 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA83 | 0 | IESG | [RFCXXXX] |
| connection-ps | | | | | | connection | | | | |
| ietf-dots-telemetry: | TBA84 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA84 | 0 | IESG | [RFCXXXX] |
| request-ps | | | | | | embryonic | | | | |
| ietf-dots-telemetry: | TBA85 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA85 | 0 | IESG | [RFCXXXX] |
| partial-request-ps | | | | | | connection-ps | | | | |
| ietf-dots-telemetry: | TBA86 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA86 | 0 | IESG | [RFCXXXX] |
| attack-detail | | | | | | request-ps | | | | |
| ietf-dots-telemetry: | TBA87 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA87 | 0 | IESG | [RFCXXXX] |
| id | | | | | | partial-request-ps | | | | |
| ietf-dots-telemetry: | TBA88 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA88 | 0 | IESG | [RFCXXXX] |
| attack-id | | | | | | attack-detail | | | | |
| ietf-dots-telemetry: | TBA89 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA89 | 0 | IESG | [RFCXXXX] |
| attack-name | | | | | | id | | | | |
| ietf-dots-telemetry: | TBA90 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA90 | 0 | IESG | [RFCXXXX] |
| attack-severity | | | | | | attack-id | | | | |
| ietf-dots-telemetry: | TBA91 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA91 | 0 | IESG | [RFCXXXX] |
| start-time | | | | | | attack-name | | | | |
| ietf-dots-telemetry: | TBA92 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA92 | 0 | IESG | [RFCXXXX] |
| end-time | | | | | | attack-severity | | | | |
| ietf-dots-telemetry: | TBA93 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA93 | 0 | IESG | [RFCXXXX] |
| source-count | | | | | | start-time | | | | |
| ietf-dots-telemetry: | TBA94 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA94 | 0 | IESG | [RFCXXXX] |
| top-talker | | | | | | end-time | | | | |
| ietf-dots-telemetry: | TBA95 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA95 | 0 | IESG | [RFCXXXX] |
| spoofed-status | | | | | | source-count | | | | |
| ietf-dots-telemetry: | TBA96 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA96 | 0 | IESG | [RFCXXXX] |
| talker | | | | | | top-talker | | | | |
| ietf-dots-telemetry: | TBA97 | 0 | IESG | [RFCXXXX] | | ietf-dots-telemetry: | TBA97 | 0 | IESG | [RFCXXXX] |
| spoofed-status | | | | |
| ietf-dots-telemetry: | TBA98 | 0 | IESG | [RFCXXXX] |
| talker | | | | |
| ietf-dots-telemetry: | TBA99 | 0 | IESG | [RFCXXXX] |
| source-prefix | | | | | | source-prefix | | | | |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| source-port-range | TBA98 | 4 | IESG | [RFCXXXX] | | source-port-range | TBA100| 4 | IESG | [RFCXXXX] |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| lower-port | TBA99 | 0 | IESG | [RFCXXXX] | | lower-port | TBA101| 0 | IESG | [RFCXXXX] |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| upper-port | TBA100| 0 | IESG | [RFCXXXX] | | upper-port | TBA102| 0 | IESG | [RFCXXXX] |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| source-icmp-type- | TBA101| 4 | IESG | [RFCXXXX] | | source-icmp-type- | TBA103| 4 | IESG | [RFCXXXX] |
| range | | | | | | range | | | | |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| lower-type | TBA102| 0 | IESG | [RFCXXXX] | | lower-type | TBA104| 0 | IESG | [RFCXXXX] |
| ietf-dots-telemetry: | | | | | | ietf-dots-telemetry: | | | | |
| upper-type | TBA103| 0 | IESG | [RFCXXXX] | | upper-type | TBA105| 0 | IESG | [RFCXXXX] |
| ietf-dots-telemetry: | TBA106| 5 | IESG | [RFCXXXX] |
| telemetry | | | | |
+----------------------+-------+-------+------------+---------------+ +----------------------+-------+-------+------------+---------------+
11.2. DOTS Signal Channel Conflict Cause Codes 11.2. DOTS Signal Channel Conflict Cause Codes
This specification requests IANA to assign a new code from the "DOTS This specification requests IANA to assign a new code from the "DOTS
Signal Channel Conflict Cause Codes" registry available at Signal Channel Conflict Cause Codes" registry available at
https://www.iana.org/assignments/dots/dots.xhtml#dots-signal-channel- https://www.iana.org/assignments/dots/dots.xhtml#dots-signal-channel-
conflict-cause-codes. conflict-cause-codes.
Code Label Description Reference Code Label Description Reference
 End of changes. 130 change blocks. 
189 lines changed or deleted 228 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/