< draft-chen-dots-attack-bandwidth-expansion-00.txt   draft-chen-dots-attack-bandwidth-expansion-01.txt >
DOTS M. Chen DOTS M. Chen
Internet-Draft Li. Su Internet-Draft Li. Su
Intended status: Informational CMCC Intended status: Informational Jin. Peng
Expires: September 10, 2019 March 9, 2019 Expires: September 12, 2019 CMCC
March 11, 2019
Using attack bandwidth in signal channel Using attack bandwidth in signal channel
draft-chen-dots-attack-bandwidth-expansion-00 draft-chen-dots-attack-bandwidth-expansion-01
Abstract Abstract
This document describes a DDoS Mitigation Request parameter used in This document describes a DDoS Mitigation Request parameter used in
the Signal Channel request, as an expansion of the signal channel for the Signal Channel request, as an expansion of the signal channel for
mitigating DDoS attack accurately with target-bandwidth. The mitigating DDoS attack accurately with target-bandwidth. The
proposed parameter will help to choose the mitigation method, to be proposed parameter will help to choose the appropriate mitigator or
mitigators for mitigation, When An attack occurs that is greater than
the maximum clean capability, this paramter can decide to be
blackhole directly or to be drainaged for clean. blackhole directly or to be drainaged for clean.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 10, 2019. This Internet-Draft will expire on September 12, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Mitigation Use Case . . . . . . . . . . . . . . . . . . . . . 3 3. Mitigation Use Case . . . . . . . . . . . . . . . . . . . . . 4
4. Request Mitigation expansion . . . . . . . . . . . . . . . . 5 3.1. directly discard attack flow . . . . . . . . . . . . . . 4
5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 3.2. Optimal device selection . . . . . . . . . . . . . . . . 5
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 3.3. Optimum path for disposal . . . . . . . . . . . . . . . . 5
7. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 7 4. Request Mitigation expansion . . . . . . . . . . . . . . . . 6
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 5. Security Considerations . . . . . . . . . . . . . . . . . . . 8
8.1. Normative References . . . . . . . . . . . . . . . . . . 7 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
8.2. Informative References . . . . . . . . . . . . . . . . . 7 7. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 8
8.1. Normative References . . . . . . . . . . . . . . . . . . 8
8.2. Informative References . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction 1. Introduction
Distributed Denial of Service (DDoS) is a type of resource-consuming Distributed Denial of Service (DDoS) is a type of resource-consuming
attack, which exploits a large number of attack resources and uses attack, which exploits a large number of attack resources and uses
standard protocols to attack target objects. DDoS attacks consume a standard protocols to attack target objects. DDoS attacks consume a
large amount of target object network resources or server resources large amount of target object network resources or server resources
(including computing power, storage capacity, etc.) of the target (including computing power, storage capacity, etc.) of the target
object, so that the target object cannot provide network services object, so that the target object cannot provide network services
normally. At present, DDoS attack is one of the most powerful and normally. At present, DDoS attack is one of the most powerful and
skipping to change at page 3, line 6 skipping to change at page 3, line 14
Currently, there are two selections to deal with ddos attacks on the Currently, there are two selections to deal with ddos attacks on the
link, one is blackhole, the other is flow clean. Blackhole means link, one is blackhole, the other is flow clean. Blackhole means
that all packets send to the attack target will be discarded by that all packets send to the attack target will be discarded by
routers on the path, this way can instantly reduce the link load, routers on the path, this way can instantly reduce the link load,
Other managed services on this link will not be affected, but for the Other managed services on this link will not be affected, but for the
attack target all the normal business messages will be severely attack target all the normal business messages will be severely
damaged, for example, if the attack target provide News and damaged, for example, if the attack target provide News and
information services and under ddos attack, all users will be information services and under ddos attack, all users will be
inaccessible if the attack target choose blackhole for mitigation. inaccessible if the attack target choose blackhole for mitigation.
Flow clean means that all the flow will be drainaged by routers to Flow clean means that all the flow will be drainaged by routers to
clean center, the clean center will recognize the attack flow from clean center, the clean center will recognize the attack flow from
normal business traffic, then reinjects normal business traffic to normal business traffic, then reinjects normal business traffic to
network link by routers after the operation of attack flow discard, network link by routers after the operation of attack flow discard,
in this way the attack target will not be effected. in this way the attack target will not be effected.
Currently, mitigator usually has the ability to cluster cleaning
equipment and manage a large number of cleaning equipment.
Increasing the attack-bandwidth is also very convenient for the
scheduling of cleaning equipment, so it can match to find the most
suitable cleaning equipment and improve the usage rate of cleaning
equipment. Mitigator can also be companies who provide flow cleaning
service, they rent the bandwidth from Upstream Service Provider
themselves, so they are very careful with their link bandwidth usage.
Another scenario is that the link of attack warning is inconsistent
with the link of actual traffic drainage, so increasing the parameter
of attack-bandwidth is conducive to selecting the BGP path of
drainage.
This document describes attack-bandwidth, as a parameter expansion This document describes attack-bandwidth, as a parameter expansion
used in the mitigation request. attack-bandwidth means the amount of used in the mitigation request. attack-bandwidth means the amount of
traffic under attack, this parameter can effectively reflect the traffic under attack, this parameter can effectively reflect the
degree of an attack, it will be more convenient for mitigator to degree of an attack, it will be more convenient for mitigator to
choose the method for disposition when carry target-bandwidth in the dispose attack flow when carry target-bandwidth in the mitigation
mitigation request. request.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in "OPTIONAL" in this document are to be interpreted as described in
[RFC2119] [RFC2119]
The readers should be familiar with the terms defined in The readers should be familiar with the terms defined in
[I-D.ietf-dots-requirements] [I-D.ietf-dots-use-cases] [I-D.ietf-dots-requirements] [I-D.ietf-dots-use-cases]
skipping to change at page 3, line 42 skipping to change at page 4, line 13
In addition, this document uses the terms defined below: In addition, this document uses the terms defined below:
Attack-bandwidth: the amount of traffic under attack, it is usually Attack-bandwidth: the amount of traffic under attack, it is usually
expressed numerically. expressed numerically.
Flow clean: one selection of Attack traffic deposition, the Flow clean: one selection of Attack traffic deposition, the
operation contains recognize, discard and reinage. operation contains recognize, discard and reinage.
3. Mitigation Use Case 3. Mitigation Use Case
3.1. directly discard attack flow
when attack target is under attack, it has to make corresponding when attack target is under attack, it has to make corresponding
disposal, there are two options for disposal, one is blackhole disposal, there are two options for disposal, one is blackhole
directly, in this way all the attack flow will be discarded by router directly, in this way all the attack flow will be discarded by router
upper path of attack target, this means that the attack target will upper path of attack target, this means that the attack target will
not receive any traffic during the attack, all the traffic forwards not receive any traffic during the attack, all the traffic forwards
attack target will be discarded, this has a huge impact on the work attack target will be discarded, this has a huge impact on the work
environment, especially the host that provide external service. environment, especially the host that provide external service.
The other way of the disposition is to drainage all the traffic flow The other way of the disposition is to drainage all the traffic flow
to clean center from router, then the clean center will use pattern to clean center from router, then the clean center will use pattern
skipping to change at page 5, line 8 skipping to change at page 5, line 32
flow to clean center. flow to clean center.
Therefore, it is an obvious requirement in the current network Therefore, it is an obvious requirement in the current network
environment. In the architecture of DOTS, Dots client send environment. In the architecture of DOTS, Dots client send
mitigation request to dots server, the parameters in the mitigation mitigation request to dots server, the parameters in the mitigation
request contains some message of attack target, but there have not request contains some message of attack target, but there have not
any messages of attack, if add attack-bandwidth to mitigation request any messages of attack, if add attack-bandwidth to mitigation request
as an expansion, it will be more effective and convenient for the as an expansion, it will be more effective and convenient for the
disposition of mitigator. disposition of mitigator.
3.2. Optimal device selection
Mitigator may owns a cleaning device cluster and can manage cleaning
devices.The capacity of each cleaning equipment is not the same,
usually each cleaning equipment utilization rate is not the same,
then the remaining cleaning capacity is not consistent.When the
attack flow is less than the ability of a cleaning equipment,
according to the attack-bandwidth can choose a suitable cleaning
equipment,that is conducive to the utilization of equipment;When the
attack flow is larger than the cleaning capacity of one cleaning
device, several cleaning devices can be optimally scheduled according
to the attack-bandwidth.
3.3. Optimum path for disposal
When mitigator is an attack flow cleaning service, they typically
deployed the mitigator in a distributed way because of the cost of
bandwidth usage with their own leased operator's link bandwidth, and
choosing the best traction path was the key to profitability.If the
parameter of attack-bandwidth is carried, then the generation of the
best drainage path is very meaningful.
When mitigator is at the upstream service operator level, they might
have multiple networks, with the attack alert using one network and
the flow drainage using another, and the link load is not the same,
then carrying the attack-bandwidth is very beneficial for choosing
the drainage path, mainly for link load balancing.
4. Request Mitigation expansion 4. Request Mitigation expansion
When a DOTS client requires mitigation for some reason, the DOTS When a DOTS client requires mitigation for some reason, the DOTS
client uses the CoAP PUT method to send a mitigation request to its client uses the CoAP PUT method to send a mitigation request to its
DOTS server(s). If a DOTS client is entitled to solicit the DOTS DOTS server(s). If a DOTS client is entitled to solicit the DOTS
service, the DOTS server enables mitigation on behalf of the DOTS service, the DOTS server enables mitigation on behalf of the DOTS
client by communicating the DOTS client's request to a mitigator client by communicating the DOTS client's request to a mitigator
(which may be colocated with the DOTS server) and relaying the (which may be colocated with the DOTS server) and relaying the
feedback of the thus-selected mitigator to the requesting DOTS feedback of the thus-selected mitigator to the requesting DOTS
client. client.
skipping to change at line 323 skipping to change at page 9, line 22
Email: chenmeiling@chinamobile.com Email: chenmeiling@chinamobile.com
Li Su Li Su
CMCC CMCC
32, Xuanwumen West 32, Xuanwumen West
BeiJing 100053 BeiJing 100053
China China
Email: suli@chinamobile.com Email: suli@chinamobile.com
Jin Peng
CMCC
32, Xuanwumen West
BeiJing 100053
China
Email: pengjin@chinamobile.com
 End of changes. 11 change blocks. 
17 lines changed or deleted 65 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/