Skip to main content

Last Call Review of draft-ietf-dots-telemetry-use-cases-11
review-ietf-dots-telemetry-use-cases-11-artart-lc-turner-2022-09-20-00

Request Review of draft-ietf-dots-telemetry-use-cases
Requested revision No specific revision (document currently at 16)
Type Last Call Review
Team ART Area Review Team (artart)
Deadline 2022-09-20
Requested 2022-09-06
Authors Yuhei Hayashi , Meiling Chen , Li Su
I-D last updated 2022-09-20
Completed reviews Secdir Last Call review of -12 by Phillip Hallam-Baker (diff)
Rtgdir Last Call review of -12 by Donald E. Eastlake 3rd (diff)
Artart Last Call review of -11 by Sean Turner (diff)
Genart Last Call review of -11 by Peter E. Yee (diff)
Assignment Reviewer Sean Turner
State Completed
Request Last Call review on draft-ietf-dots-telemetry-use-cases by ART Area Review Team Assigned
Posted at https://mailarchive.ietf.org/arch/msg/art/-CwsAktUoV2TyNUvt-pBVX7uQeY
Reviewed revision 11 (document currently at 16)
Result Ready w/nits
Completed 2022-09-20
review-ietf-dots-telemetry-use-cases-11-artart-lc-turner-2022-09-20-00
Hi! All but the (0) issue are editorial issues, and the JSON parsing issues
ought to be easy to fix:

0) JSON parsing issues:

0.1) s3.1.5: I think maybe instead of this:

  "attack-description":
    "attack-description": "DNS amplification Attack: \
    ...

use this:

  "attack-description": "DNS amplification Attack: \
     ...

0.2) s3.2.2: Error: Duplicate key 'mid-percentile-g'

1) Can you provide some additional background on the term "label" as it is used
in this document; appears to be related to ML. See Un/Supervised Machine
Learning definitions.

2) s3.1: I think maybe some .md/.xml for the bullets got messed up:

  In particular,
  the following telemetry parameters are used: * 'measurement-interval'
  to define the period during which percentiles are computed. *
  'measurement-sample' to define the time distribution for measuring
  values that are used to compute percentiles.

3) s3.1.1, 1st para: Not sure you need the 1 Tps example, in 5 years that might
seem low. Also maybe tweak the sentence a bit:

  Some transit providers have to mitigate very large-scale DDoS attacks
  with their own previously deployed DDoS Mitigation Systems (DMSes) that
  lack sufficient resources.

4) s3.1.1, 2nd para (friendly editorial suggestion):

s/The aim of this use case is to enable transit/This use case enables transit

5) Figure 1: Would it be clearer for the target(s) in the figure to be:

[ Target(s)]

6) s3.1.1, 4th para: The word "using" is kind of dangling:

s/The forwarding nodes send traffic statistics to the flow collectors
  using, e.g., IP Flow Information Export (IPFIX) [RFC7011].
/The forwarding nodes send traffic statistics to the flow collectors,
 e.g., using IP Flow Information Export (IPFIX) [RFC7011].

7) s3.1.1, 4th para: Maybe:

 After that, the orchestrator
 orders the forwarding nodes to redirect as much of the top-talker's
 traffic to the DMS as possible by dissemination of Flow
 Specifications relying upon tools, such as Border Gateway Protocol
 Dissemination of Flow Specification Rules (BGP Flowspec) [RFC8955].

NEW:

 After that, the orchestrator
 orders the forwarding nodes to redirect as much of the top-talker's
 traffic to the DMS as possible by dissemination of Flow
 Specifications using tools such as Border Gateway Protocol
 Dissemination of Flow Specification Rules (BGP Flowspec) [RFC8955].

8) s3.1.2, 1st para: Is this:

   Transit providers can deploy their DMSes in clusters.  Then, they can
   select the DMS to be used to mitigate a DDoS attack under attack
   time.

trying to say this:

   Transit providers can deploy their DMSes in clusters.  Then, they can
   select the DMS to be used to mitigate a DDoS attack while under attack.

9) s3.1.2, 2nd para:

s/The aim of this use case is to enable transit/This use case enables transit

10) Figure 3: Why are there two [Target] elements in the figure?

11) s3.1.2, 3rd para: The word "using" is kind of dangling:

s/The forwarding nodes send traffic statistics to the flow collectors
  using, e.g., IP Flow Information Export (IPFIX) [RFC7011].
/The forwarding nodes send traffic statistics to the flow collectors,
 e.g., using IP Flow Information Export (IPFIX) [RFC7011].

12) s3.1.3, 2nd para:

s/The aim of this use case is to enable transit/This use case enables transit

13) Figure 5: I think you need one more space before the line with the nodes to
make the DOTS box a box :):

               --->C| Forwarding |  --->C| Forwarding |--->
 e.g., BGP Flowspec |   node     |       |   node     |
^ add a space
     (Redirect) --->|            |       |            |  DDoS Attack

14) s3.1.3, 3rd para:

OLD:

 After that, the orchestrator orders the
 appropriate forwarding nodes to redirect the attack traffic to the
 optimal DMS by dissemination of Flow Specifications relying upon
 tools, such as BGP Flowspec.

NEW:

 After that, the orchestrator orders the
 appropriate forwarding nodes to redirect the attack traffic to the
 optimal DMS by dissemination of Flow Specifications using tools
 such as Border Gateway Protocol Dissemination of Flow Specification
 Rules (BGP Flowspec) [RFC8955].

15) s3.1.4, 1st para:

s/internet/Internet

s/The feature of the attack is that start from zero and go to maximum
/These attacks start from zero and go to maximum

s/It is
difficult for them to mitigate an attack by DMS by redirecting attack
flows because it may cause route flapping in the network.
/It is
difficult for the transit providers to mitigate an attack with their
DMSes by redirecting attack flows because it may cause route flapping
in the network.

16) s3.1.4, 2nd para:

s/The aim of this use case is to enable transit/This use case enables transit

17) s3.1.4, 3rd para: Maybe:

 After that, the administrative system orders relevant forwarding
 nodes to carry out rate-limit all traffic destined to the target
 based on the pipe capability by the dissemination of the Flow
 Specifications relying upon tools, such as BGP Flowspec.

NEW:

 After that, the administrative system orders relevant forwarding
 nodes to carry out rate-limit all traffic destined to the target
 based on the pipe capability by the dissemination of the Flow
 Specifications using tools such as Border Gateway Protocol
 Dissemination of Flow Specification Rules (BGP Flowspec) [RFC8955].

18) s3.1.5, 1st para: Provide reference for DNS Water Torture Attacks.

19) s3.1.5, 2nd para:

s/The aim of this use case is to enable transit/This use case enables transit

20) s3.1.5, 5th para:

s/Specifications, e.g.  [RFC8955]
/Specifications using tools such as Border Gateway Protocol
Dissemination of Flow Specification Rules (BGP Flowspec) [RFC8955].

s/such as BGP
/such as BGP [RFC4271].

21) s3.2:

s/The aim of this use case is to share the/This use case enables sharing of

22) s3.3.1, 1st para: s/internet/Internet

23) s3.3.1, 2nd para:

s/The aim of this use case is to enable transit/This use case enables transit

24) s3.3.2, 1st para:

s/The aim of this use case is to carry out/This use case supports