< draft-ietf-dots-telemetry-22.txt   draft-ietf-dots-telemetry-23.txt >
DOTS M. Boucadair, Ed. DOTS M. Boucadair, Ed.
Internet-Draft Orange Internet-Draft Orange
Intended status: Standards Track T. Reddy.K, Ed. Intended status: Standards Track T. Reddy.K, Ed.
Expires: 7 August 2022 Akamai Expires: 8 August 2022 Akamai
E. Doron E. Doron
Radware Ltd. Radware Ltd.
M. Chen M. Chen
CMCC CMCC
J. Shallow J. Shallow
3 February 2022 4 February 2022
Distributed Denial-of-Service Open Threat Signaling (DOTS) Telemetry Distributed Denial-of-Service Open Threat Signaling (DOTS) Telemetry
draft-ietf-dots-telemetry-22 draft-ietf-dots-telemetry-23
Abstract Abstract
This document aims to enrich the DOTS signal channel protocol with This document aims to enrich the DOTS signal channel protocol with
various telemetry attributes, allowing for optimal Distributed various telemetry attributes, allowing for optimal Distributed
Denial-of-Service (DDoS) attack mitigation. It specifies the normal Denial-of-Service (DDoS) attack mitigation. It specifies the normal
traffic baseline and attack traffic telemetry attributes a DOTS traffic baseline and attack traffic telemetry attributes a DOTS
client can convey to its DOTS server in the mitigation request, the client can convey to its DOTS server in the mitigation request, the
mitigation status telemetry attributes a DOTS server can communicate mitigation status telemetry attributes a DOTS server can communicate
to a DOTS client, and the mitigation efficacy telemetry attributes a to a DOTS client, and the mitigation efficacy telemetry attributes a
skipping to change at page 1, line 49 skipping to change at page 1, line 49
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 7 August 2022. This Internet-Draft will expire on 8 August 2022.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 50, line 32 skipping to change at page 50, line 32
registered in the IANA's "Private Enterprise Numbers" registry registered in the IANA's "Private Enterprise Numbers" registry
[Private-Enterprise-Numbers]. [Private-Enterprise-Numbers].
attack-id: Unique identifier assigned for the attack by a vendor. attack-id: Unique identifier assigned for the attack by a vendor.
This parameter MUST be present independent of whether 'attack- This parameter MUST be present independent of whether 'attack-
description' is included or not. description' is included or not.
description-lang: Indicates the language tag that is used for the description-lang: Indicates the language tag that is used for the
text that is included in the 'attack-description' attribute. The text that is included in the 'attack-description' attribute. The
attribute is encoded following the rules in Section 2.1 of attribute is encoded following the rules in Section 2.1 of
[RFC5646]. [RFC5646]. The default language tag is "en-US".
attack-description: Textual representation of the attack attack-description: Textual representation of the attack
description. Natural Language Processing techniques (e.g., word description. Natural Language Processing techniques (e.g., word
embedding) might provide some utility in mapping the attack embedding) might provide some utility in mapping the attack
description to an attack type. Textual representation of attack description to an attack type. Textual representation of attack
solves two problems: (a) avoids the need to create mapping tables solves two problems: (a) avoids the need to create mapping tables
manually between vendors and (b) avoids the need to standardize manually between vendors and (b) avoids the need to standardize
attack types which keep evolving. attack types which keep evolving.
attack-severity: Attack severity level. This attribute takes one of attack-severity: Attack severity level. This attribute takes one of
skipping to change at page 72, line 19 skipping to change at page 72, line 19
As indicated in Section 9 of [RFC9132], an additional plain text As indicated in Section 9 of [RFC9132], an additional plain text
diagnostic payload (Section 5.5.2 of [RFC7252]) to help diagnostic payload (Section 5.5.2 of [RFC7252]) to help
troubleshooting is returned in the body of the response. troubleshooting is returned in the body of the response.
11. YANG Modules 11. YANG Modules
11.1. DOTS Signal Channel Telemetry YANG Module 11.1. DOTS Signal Channel Telemetry YANG Module
This module uses types defined in [RFC6991] and [RFC8345]. This module uses types defined in [RFC6991] and [RFC8345].
<CODE BEGINS> file "ietf-dots-telemetry@2021-11-29.yang" <CODE BEGINS> file "ietf-dots-telemetry@2022-02-04.yang"
module ietf-dots-telemetry { module ietf-dots-telemetry {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-dots-telemetry"; namespace "urn:ietf:params:xml:ns:yang:ietf-dots-telemetry";
prefix dots-telemetry; prefix dots-telemetry;
import ietf-dots-signal-channel { import ietf-dots-signal-channel {
prefix dots-signal; prefix dots-signal;
reference reference
"RFC 9132: Distributed Denial-of-Service Open Threat Signaling "RFC 9132: Distributed Denial-of-Service Open Threat Signaling
(DOTS) Signal Channel Specification"; (DOTS) Signal Channel Specification";
skipping to change at page 73, line 41 skipping to change at page 73, line 41
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to without modification, is permitted pursuant to, and subject to
the license terms contained in, the Revised BSD License set the license terms contained in, the Revised BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(https://trustee.ietf.org/license-info). (https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision 2021-11-29 { revision 2022-02-04 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: Distributed Denial-of-Service Open Threat "RFC XXXX: Distributed Denial-of-Service Open Threat
Signaling (DOTS) Telemetry"; Signaling (DOTS) Telemetry";
} }
typedef attack-severity { typedef attack-severity {
type enumeration { type enumeration {
enum none { enum none {
skipping to change at page 90, line 23 skipping to change at page 90, line 23
reference reference
"IANA: Private Enterprise Numbers"; "IANA: Private Enterprise Numbers";
} }
leaf attack-id { leaf attack-id {
type uint32; type uint32;
description description
"Unique identifier assigned by the vendor for the attack."; "Unique identifier assigned by the vendor for the attack.";
} }
leaf description-lang { leaf description-lang {
type string { type string {
pattern '^(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3})' pattern '(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3})'
+ '{,2})?|[A-Za-z]{4}|[A-Za-z]{5,8})(-[A-Za-z]{4})?' + '{,2})?|[A-Za-z]{4}|[A-Za-z]{5,8})(-[A-Za-z]{4})?'
+ '(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}' + '(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}'
+ '|([0-9][A-Za-z0-9]{3})))*(-[0-9A-WY-Za-wy-z]' + '|([0-9][A-Za-z0-9]{3})))*(-[0-9A-WY-Za-wy-z]'
+ '(-([A-Za-z0-9]{2,8}))+)*(-[Xx](-([A-Za-z0-9]' + '(-([A-Za-z0-9]{2,8}))+)*(-[Xx](-([A-Za-z0-9]'
+ '{1,8}))+)?|[Xx](-([A-Za-z0-9]{1,8}))+|' + '{1,8}))+)?|[Xx](-([A-Za-z0-9]{1,8}))+|'
+ '(([Ee][Nn]-[Gg][Bb]-[Oo][Ee][Dd]|[Ii]-' + '(([Ee][Nn]-[Gg][Bb]-[Oo][Ee][Dd]|[Ii]-'
+ '[Aa][Mm][Ii]|[Ii]-[Bb][Nn][Nn]|[Ii]-' + '[Aa][Mm][Ii]|[Ii]-[Bb][Nn][Nn]|[Ii]-'
+ '[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-' + '[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-'
+ '[Ee][Nn][Oo][Cc][Hh][Ii][Aa][Nn]' + '[Ee][Nn][Oo][Cc][Hh][Ii][Aa][Nn]'
+ '|[Ii]-[Hh][Aa][Kk]|' + '|[Ii]-[Hh][Aa][Kk]|'
skipping to change at page 90, line 47 skipping to change at page 90, line 47
+ '[Ii]-[Tt][Aa][Oo]|[Ii]-[Tt][Aa][Yy]|' + '[Ii]-[Tt][Aa][Oo]|[Ii]-[Tt][Aa][Yy]|'
+ '[Ii]-[Tt][Ss][Uu]|[Ss][Gg][Nn]-[Bb][Ee]-[Ff][Rr]|' + '[Ii]-[Tt][Ss][Uu]|[Ss][Gg][Nn]-[Bb][Ee]-[Ff][Rr]|'
+ '[Ss][Gg][Nn]-[Bb][Ee]-[Nn][Ll]|[Ss][Gg][Nn]-' + '[Ss][Gg][Nn]-[Bb][Ee]-[Nn][Ll]|[Ss][Gg][Nn]-'
+ '[Cc][Hh]-[Dd][Ee])|([Aa][Rr][Tt]-' + '[Cc][Hh]-[Dd][Ee])|([Aa][Rr][Tt]-'
+ '[Ll][Oo][Jj][Bb][Aa][Nn]|[Cc][Ee][Ll]-' + '[Ll][Oo][Jj][Bb][Aa][Nn]|[Cc][Ee][Ll]-'
+ '[Gg][Aa][Uu][Ll][Ii][Ss][Hh]|' + '[Gg][Aa][Uu][Ll][Ii][Ss][Hh]|'
+ '[Nn][Oo]-[Bb][Oo][Kk]|[Nn][Oo]-' + '[Nn][Oo]-[Bb][Oo][Kk]|[Nn][Oo]-'
+ '[Nn][Yy][Nn]|[Zz][Hh]-[Gg][Uu][Oo][Yy][Uu]|' + '[Nn][Yy][Nn]|[Zz][Hh]-[Gg][Uu][Oo][Yy][Uu]|'
+ '[Zz][Hh]-[Hh][Aa][Kk][Kk][Aa]|[Zz][Hh]-' + '[Zz][Hh]-[Hh][Aa][Kk][Kk][Aa]|[Zz][Hh]-'
+ '[Mm][Ii][Nn]|[Zz][Hh]-[Mm][Ii][Nn]-' + '[Mm][Ii][Nn]|[Zz][Hh]-[Mm][Ii][Nn]-'
+ '[Nn][Aa][Nn]|[Zz][Hh]-[Xx][Ii][Aa][Nn][Gg])))$'; + '[Nn][Aa][Nn]|[Zz][Hh]-[Xx][Ii][Aa][Nn][Gg])))';
} }
default "en-US";
description description
"Indicates the language tag that is used for "Indicates the language tag that is used for
'attack-description'."; 'attack-description'.";
reference reference
"RFC 5646: Tags for Identifying Languages, Section 2.1"; "RFC 5646: Tags for Identifying Languages, Section 2.1";
} }
leaf attack-description { leaf attack-description {
type string; type string;
description description
"Textual representation of attack description. Natural "Textual representation of attack description. Natural
Language Processing techniques (e.g., word embedding) Language Processing techniques (e.g., word embedding)
might provide some utility in mapping the attack might provide some utility in mapping the attack
description to an attack type."; description to an attack type.";
skipping to change at page 99, line 51 skipping to change at page 100, line 4
from the DOTS server."; from the DOTS server.";
} }
leaf telemetry-notify-interval { leaf telemetry-notify-interval {
type uint16 { type uint16 {
range "1 .. 3600"; range "1 .. 3600";
} }
units "seconds"; units "seconds";
description description
"Minimum number of seconds between successive "Minimum number of seconds between successive
telemetry notifications."; telemetry notifications.";
}
}
} }
} }
case pipe { case pipe {
description description
"Total pipe capacity of a DOTS client domain."; "Total pipe capacity of a DOTS client domain.";
list total-pipe-capacity { list total-pipe-capacity {
key "link-id unit"; key "link-id unit";
description description
"Total pipe capacity of a DOTS client domain."; "Total pipe capacity of a DOTS client domain.";
leaf link-id { leaf link-id {
skipping to change at page 102, line 24 skipping to change at page 102, line 25
uses pre-or-ongoing-mitigation; uses pre-or-ongoing-mitigation;
} }
} }
} }
} }
} }
<CODE ENDS> <CODE ENDS>
11.2. Vendor Attack Mapping Details YANG Module 11.2. Vendor Attack Mapping Details YANG Module
<CODE BEGINS> file "ietf-dots-mapping@2020-06-26.yang" <CODE BEGINS> file "ietf-dots-mapping@2022-02-04.yang"
module ietf-dots-mapping { module ietf-dots-mapping {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-dots-mapping"; namespace "urn:ietf:params:xml:ns:yang:ietf-dots-mapping";
prefix dots-mapping; prefix dots-mapping;
import ietf-dots-data-channel { import ietf-dots-data-channel {
prefix data-channel; prefix data-channel;
reference reference
"RFC 8783: Distributed Denial-of-Service Open Threat "RFC 8783: Distributed Denial-of-Service Open Threat
Signaling (DOTS) Data Channel Specification"; Signaling (DOTS) Data Channel Specification";
skipping to change at page 103, line 18 skipping to change at page 103, line 19
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to without modification, is permitted pursuant to, and subject to
the license terms contained in, the Revised BSD License set the license terms contained in, the Revised BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(https://trustee.ietf.org/license-info). (https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see This version of this YANG module is part of RFC XXXX; see
the RFC itself for full legal notices."; the RFC itself for full legal notices.";
revision 2020-06-26 { revision 2022-02-04 {
description description
"Initial revision."; "Initial revision.";
reference reference
"RFC XXXX: Distributed Denial-of-Service Open Threat "RFC XXXX: Distributed Denial-of-Service Open Threat
Signaling (DOTS) Telemetry"; Signaling (DOTS) Telemetry";
} }
feature dots-telemetry { feature dots-telemetry {
description description
"This feature indicates that DOTS telemetry data can be "This feature indicates that DOTS telemetry data can be
skipping to change at page 104, line 6 skipping to change at page 104, line 8
reference reference
"IANA: Private Enterprise Numbers"; "IANA: Private Enterprise Numbers";
} }
leaf vendor-name { leaf vendor-name {
type string; type string;
description description
"The name of the vendor (e.g., company A)."; "The name of the vendor (e.g., company A).";
} }
leaf description-lang { leaf description-lang {
type string { type string {
pattern '^(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3})' pattern '(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3})'
+ '{,2})?|[A-Za-z]{4}|[A-Za-z]{5,8})(-[A-Za-z]{4})?' + '{,2})?|[A-Za-z]{4}|[A-Za-z]{5,8})(-[A-Za-z]{4})?'
+ '(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}' + '(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}'
+ '|([0-9][A-Za-z0-9]{3})))*(-[0-9A-WY-Za-wy-z]' + '|([0-9][A-Za-z0-9]{3})))*(-[0-9A-WY-Za-wy-z]'
+ '(-([A-Za-z0-9]{2,8}))+)*(-[Xx](-([A-Za-z0-9]' + '(-([A-Za-z0-9]{2,8}))+)*(-[Xx](-([A-Za-z0-9]'
+ '{1,8}))+)?|[Xx](-([A-Za-z0-9]{1,8}))+|' + '{1,8}))+)?|[Xx](-([A-Za-z0-9]{1,8}))+|'
+ '(([Ee][Nn]-[Gg][Bb]-[Oo][Ee][Dd]|[Ii]-' + '(([Ee][Nn]-[Gg][Bb]-[Oo][Ee][Dd]|[Ii]-'
+ '[Aa][Mm][Ii]|[Ii]-[Bb][Nn][Nn]|[Ii]-' + '[Aa][Mm][Ii]|[Ii]-[Bb][Nn][Nn]|[Ii]-'
+ '[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-' + '[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-'
+ '[Ee][Nn][Oo][Cc][Hh][Ii][Aa][Nn]' + '[Ee][Nn][Oo][Cc][Hh][Ii][Aa][Nn]'
+ '|[Ii]-[Hh][Aa][Kk]|' + '|[Ii]-[Hh][Aa][Kk]|'
skipping to change at page 104, line 30 skipping to change at page 104, line 32
+ '[Ii]-[Tt][Aa][Oo]|[Ii]-[Tt][Aa][Yy]|' + '[Ii]-[Tt][Aa][Oo]|[Ii]-[Tt][Aa][Yy]|'
+ '[Ii]-[Tt][Ss][Uu]|[Ss][Gg][Nn]-[Bb][Ee]-[Ff][Rr]|' + '[Ii]-[Tt][Ss][Uu]|[Ss][Gg][Nn]-[Bb][Ee]-[Ff][Rr]|'
+ '[Ss][Gg][Nn]-[Bb][Ee]-[Nn][Ll]|[Ss][Gg][Nn]-' + '[Ss][Gg][Nn]-[Bb][Ee]-[Nn][Ll]|[Ss][Gg][Nn]-'
+ '[Cc][Hh]-[Dd][Ee])|([Aa][Rr][Tt]-' + '[Cc][Hh]-[Dd][Ee])|([Aa][Rr][Tt]-'
+ '[Ll][Oo][Jj][Bb][Aa][Nn]|[Cc][Ee][Ll]-' + '[Ll][Oo][Jj][Bb][Aa][Nn]|[Cc][Ee][Ll]-'
+ '[Gg][Aa][Uu][Ll][Ii][Ss][Hh]|' + '[Gg][Aa][Uu][Ll][Ii][Ss][Hh]|'
+ '[Nn][Oo]-[Bb][Oo][Kk]|[Nn][Oo]-' + '[Nn][Oo]-[Bb][Oo][Kk]|[Nn][Oo]-'
+ '[Nn][Yy][Nn]|[Zz][Hh]-[Gg][Uu][Oo][Yy][Uu]|' + '[Nn][Yy][Nn]|[Zz][Hh]-[Gg][Uu][Oo][Yy][Uu]|'
+ '[Zz][Hh]-[Hh][Aa][Kk][Kk][Aa]|[Zz][Hh]-' + '[Zz][Hh]-[Hh][Aa][Kk][Kk][Aa]|[Zz][Hh]-'
+ '[Mm][Ii][Nn]|[Zz][Hh]-[Mm][Ii][Nn]-' + '[Mm][Ii][Nn]|[Zz][Hh]-[Mm][Ii][Nn]-'
+ '[Nn][Aa][Nn]|[Zz][Hh]-[Xx][Ii][Aa][Nn][Gg])))$'; + '[Nn][Aa][Nn]|[Zz][Hh]-[Xx][Ii][Aa][Nn][Gg])))';
} }
default "en-US";
description description
"Indicates the language tag that is used for "Indicates the language tag that is used for
'attack-description'."; 'attack-description'.";
reference reference
"RFC 5646: Tags for Identifying Languages, Section 2.1"; "RFC 5646: Tags for Identifying Languages, Section 2.1";
} }
leaf last-updated { leaf last-updated {
type uint64; type uint64;
mandatory true; mandatory true;
description description
 End of changes. 18 change blocks. 
15 lines changed or deleted 16 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/