| draft-ietf-dots-requirements-06.txt | draft-ietf-dots-requirements-07.txt | |||
|---|---|---|---|---|
| DOTS A. Mortensen | DOTS A. Mortensen | |||
| Internet-Draft Arbor Networks | Internet-Draft Arbor Networks | |||
| Intended status: Informational R. Moskowitz | Intended status: Informational R. Moskowitz | |||
| Expires: January 4, 2018 HTT Consulting | Expires: May 3, 2018 Huawei | |||
| T. Reddy | T. Reddy | |||
| McAfee, Inc. | McAfee, Inc. | |||
| July 03, 2017 | October 30, 2017 | |||
| Distributed Denial of Service (DDoS) Open Threat Signaling Requirements | Distributed Denial of Service (DDoS) Open Threat Signaling Requirements | |||
| draft-ietf-dots-requirements-06 | draft-ietf-dots-requirements-07 | |||
| Abstract | Abstract | |||
| This document defines the requirements for the Distributed Denial of | This document defines the requirements for the Distributed Denial of | |||
| Service (DDoS) Open Threat Signaling (DOTS) protocols coordinating | Service (DDoS) Open Threat Signaling (DOTS) protocols coordinating | |||
| attack response against DDoS attacks. | attack response against DDoS attacks. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 4, 2018. | This Internet-Draft will expire on May 3, 2018. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 1.1. Context and Motivation . . . . . . . . . . . . . . . . . 2 | 1.1. Context and Motivation . . . . . . . . . . . . . . . . . 2 | |||
| 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 5 | 2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 2.1. General Requirements . . . . . . . . . . . . . . . . . . 7 | 2.1. General Requirements . . . . . . . . . . . . . . . . . . 7 | |||
| 2.2. Signal Channel Requirements . . . . . . . . . . . . . . . 7 | 2.2. Signal Channel Requirements . . . . . . . . . . . . . . . 8 | |||
| 2.3. Data Channel Requirements . . . . . . . . . . . . . . . . 11 | 2.3. Data Channel Requirements . . . . . . . . . . . . . . . . 12 | |||
| 2.4. Security requirements . . . . . . . . . . . . . . . . . . 13 | 2.4. Security requirements . . . . . . . . . . . . . . . . . . 13 | |||
| 2.5. Data Model Requirements . . . . . . . . . . . . . . . . . 14 | 2.5. Data Model Requirements . . . . . . . . . . . . . . . . . 15 | |||
| 3. Congestion Control Considerations . . . . . . . . . . . . . . 15 | 3. Congestion Control Considerations . . . . . . . . . . . . . . 16 | |||
| 3.1. Signal Channel . . . . . . . . . . . . . . . . . . . . . 15 | 3.1. Signal Channel . . . . . . . . . . . . . . . . . . . . . 16 | |||
| 3.2. Data Channel . . . . . . . . . . . . . . . . . . . . . . 15 | 3.2. Data Channel . . . . . . . . . . . . . . . . . . . . . . 16 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 15 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 16 | |||
| 5. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 16 | 5. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 16 | 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 7. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 16 | 7. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 7.1. 04 revision . . . . . . . . . . . . . . . . . . . . . . . 16 | 7.1. 04 revision . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 7.2. 03 revision . . . . . . . . . . . . . . . . . . . . . . . 17 | 7.2. 03 revision . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 7.3. 02 revision . . . . . . . . . . . . . . . . . . . . . . . 17 | 7.3. 02 revision . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 7.4. 01 revision . . . . . . . . . . . . . . . . . . . . . . . 17 | 7.4. 01 revision . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 7.5. 00 revision . . . . . . . . . . . . . . . . . . . . . . . 18 | 7.5. 00 revision . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 7.6. Initial revision . . . . . . . . . . . . . . . . . . . . 18 | 7.6. Initial revision . . . . . . . . . . . . . . . . . . . . 19 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 18 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 19 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 19 | 8.2. Informative References . . . . . . . . . . . . . . . . . 20 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 20 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 | |||
| 1. Introduction | 1. Introduction | |||
| 1.1. Context and Motivation | 1.1. Context and Motivation | |||
| Distributed Denial of Service (DDoS) attacks continue to plague | Distributed Denial of Service (DDoS) attacks continue to plague | |||
| network operators around the globe, from Tier-1 service providers on | network operators around the globe, from Tier-1 service providers on | |||
| down to enterprises and small businesses. Attack scale and frequency | down to enterprises and small businesses. Attack scale and frequency | |||
| similarly have continued to increase, in part as a result of software | similarly have continued to increase, in part as a result of software | |||
| vulnerabilities leading to reflection and amplification attacks. | vulnerabilities leading to reflection and amplification attacks. | |||
| skipping to change at page 3, line 9 ¶ | skipping to change at page 3, line 9 ¶ | |||
| agencies. | agencies. | |||
| The greater impact of contemporary DDoS attacks has led to increased | The greater impact of contemporary DDoS attacks has led to increased | |||
| focus on coordinated attack response. Many institutions and | focus on coordinated attack response. Many institutions and | |||
| enterprises lack the resources or expertise to operate on-premises | enterprises lack the resources or expertise to operate on-premises | |||
| attack mitigation solutions themselves, or simply find themselves | attack mitigation solutions themselves, or simply find themselves | |||
| constrained by local bandwidth limitations. To address such gaps, | constrained by local bandwidth limitations. To address such gaps, | |||
| security service providers have begun to offer on-demand traffic | security service providers have begun to offer on-demand traffic | |||
| scrubbing services, which aim to separate the DDoS traffic from | scrubbing services, which aim to separate the DDoS traffic from | |||
| legitimate traffic and forward only the latter. Today each such | legitimate traffic and forward only the latter. Today each such | |||
| service offers its own interface for subscribers to request attack | service offers a proprietary invocation interface for subscribers to | |||
| mitigation, tying subscribers to proprietary signaling | request attack mitigation, tying subscribers to proprietary signaling | |||
| implementations while also limiting the subset of network elements | implementations while also limiting the subset of network elements | |||
| capable of participating in the attack response. As a result of | capable of participating in the attack mitigation. As a result of | |||
| signaling interface incompatibility, attack responses may be | signaling interface incompatibility, attack responses may be | |||
| fragmentary or otherwise incomplete, leaving key players in the | fragmentary or otherwise incomplete, leaving key players in the | |||
| attack path unable to assist in the defense. | attack path unable to assist in the defense. | |||
| The lack of a common method to coordinate a real-time response among | The lack of a common method to coordinate a real-time response among | |||
| involved actors and network domains inhibits the speed and | involved actors and network domains inhibits the speed and | |||
| effectiveness of DDoS attack mitigation. This document describes the | effectiveness of DDoS attack mitigation. This document describes the | |||
| required characteristics of a protocol enabling requests for DDoS | required characteristics of protocols enabling requests for DDoS | |||
| attack mitigation, reducing attack impact and leading to more | attack mitigation, reducing attack impact and leading to more | |||
| efficient defensive strategies. | efficient defensive strategies. | |||
| DOTS communicates the need for defensive action in anticipation of or | DDoS Open Threat Signaling (DOTS) communicates the need for defensive | |||
| in response to an attack, but does not dictate the form any defensive | action in anticipation of or in response to an attack, but does not | |||
| action takes. DOTS supplements calls for help with pertinent details | dictate the form any defensive action takes. DOTS supplements calls | |||
| about the detected attack, allowing entities participating in DOTS to | for help with pertinent details about the detected attack, allowing | |||
| form ad hoc, adaptive alliances against DDoS attacks as described in | entities participating in DOTS to form ad hoc, adaptive alliances | |||
| the DOTS use cases [I-D.ietf-dots-use-cases]. The requirements in | against DDoS attacks as described in the DOTS use cases | |||
| this document are derived from those use cases and | [I-D.ietf-dots-use-cases]. The requirements in this document are | |||
| [I-D.ietf-dots-architecture]. | derived from those use cases and [I-D.ietf-dots-architecture]. | |||
| 1.2. Terminology | 1.2. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| This document adopts the following terms: | This document adopts the following terms: | |||
| DDoS: A distributed denial-of-service attack, in which traffic | DDoS: A distributed denial-of-service attack, in which traffic | |||
| originating from multiple sources are directed at a target on a | originating from multiple sources are directed at a target on a | |||
| network. DDoS attacks are intended to cause a negative impact on | network. DDoS attacks are intended to cause a negative impact on | |||
| the availability of servers, services, applications, and/or other | the availability of servers, services, applications, and/or other | |||
| functionality of an attack target. Denial-of-service | functionality of an attack target. Denial-of-service | |||
| considerations are discussed in detail in [RFC4732]. | considerations are discussed in detail in [RFC4732]. | |||
| DDoS attack target: A network connected entity with a finite set of | DDoS attack target: A network connected entity with a finite set of | |||
| resources, such as network bandwidth, memory or CPU, that is the | resources, such as network bandwidth, memory or CPU, that is the | |||
| focus of a DDoS attack. Potential targets include network | focus of a DDoS attack. Potential targets include (but not | |||
| elements, network links, servers, and services. | limited to) network elements, network links, servers, and | |||
| services. | ||||
| DDoS attack telemetry: Collected measurements and behavioral | DDoS attack telemetry: Collected measurements and behavioral | |||
| characteristics defining the nature of a DDoS attack. | characteristics defining the nature of a DDoS attack. | |||
| Countermeasure: An action or set of actions taken to recognize and | Countermeasure: An action or set of actions taken to recognize and | |||
| filter out DDoS attack traffic while passing legitimate traffic to | filter out DDoS attack traffic while passing legitimate traffic to | |||
| the attack target. | the attack target. | |||
| Mitigation: A set of countermeasures enforced against traffic | Mitigation: A set of countermeasures enforced against traffic | |||
| destined for the target or targets of a detected or reported DDoS | destined for the target or targets of a detected or reported DDoS | |||
| attack, where countermeasure enforcement is managed by an entity | attack, where countermeasure enforcement is managed by an entity | |||
| in the network path between attack sources and the attack target. | in the network path between attack sources and the attack target. | |||
| Mitigation methodology is out of scope for this document. | Mitigation methodology is out of scope for this document. | |||
| Mitigator: An entity, typically a network element, capable of | Mitigator: An entity, typically a network element, capable of | |||
| performing mitigation of a detected or reported DDoS attack. For | performing mitigation of a detected or reported DDoS attack. For | |||
| the purposes of this document, this entity is a black box capable | the purposes of this document, this entity is a black box capable | |||
| of mitigation, making no assumptions about availability or design | of mitigation, making no assumptions about availability or design | |||
| of countermeasures, nor about the programmable interface between | of countermeasures, nor about the programmable interface(s) | |||
| this entity and other network elements. The mitigator and DOTS | between this entity and other network elements. The mitigator and | |||
| server are assumed to belong to the same administrative entity. | invoked DOTS server are assumed to belong to the same | |||
| administrative entity. | ||||
| DOTS client: A DOTS-aware software module responsible for requesting | DOTS client: A DOTS-aware software module responsible for requesting | |||
| attack response coordination with other DOTS-aware elements. | attack response coordination with other DOTS-aware elements. | |||
| DOTS server: A DOTS-aware software module handling and responding to | DOTS server: A DOTS-aware software module handling and responding to | |||
| messages from DOTS clients. The DOTS server SHOULD enable | messages from DOTS clients. The DOTS server enables mitigation on | |||
| mitigation on behalf of the DOTS client, if requested, by | behalf of the DOTS client, if requested, by communicating the DOTS | |||
| communicating the DOTS client's request to the mitigator and | client's request to the mitigator and returning selected mitigator | |||
| returning selected mitigator feedback to the requesting DOTS | feedback to the requesting DOTS client. A DOTS server may also be | |||
| client. A DOTS server MAY also be a mitigator. | colocated with a mitigator. | |||
| DOTS agent: Any DOTS-aware software module capable of participating | DOTS agent: Any DOTS-aware software module capable of participating | |||
| in a DOTS signal or data channel. | in a DOTS signal or data channel. It can be a DOTS client, DOTS | |||
| server, or, as a logical agent, a DOTS gateway. | ||||
| DOTS gateway: A logical DOTS agent resulting from the logical | DOTS gateway: A DOTS-aware software module resulting from the | |||
| concatenation of a DOTS server and a DOTS client, analogous to a | logical concatenation of a DOTS server and a DOTS client, | |||
| SIP Back-to-Back User Agent (B2BUA) [RFC3261]. DOTS gateways are | analogous to a Session Initiation Protocol (SIP) [RFC3261] Back- | |||
| discussed in detail in [I-D.ietf-dots-architecture]. | to-Back User Agent (B2BUA) [RFC7092]. Client-side DOTS gateways | |||
| are DOTS gateways that are in the DOTS client's domain, while | ||||
| server-side DOTS gateways denote DOTS gateways that are in the | ||||
| DOTS server's domain. DOTS gateways are discussed in detail in | ||||
| [I-D.ietf-dots-architecture]. | ||||
| Signal channel: A bidirectional, mutually authenticated | Signal channel: A bidirectional, mutually authenticated | |||
| communication channel between DOTS agents characterized by | communication channel between two DOTS agents characterized by | |||
| resilience even in conditions leading to severe packet loss, such | resilience even in conditions leading to severe packet loss, such | |||
| as a volumetric DDoS attack causing network congestion. | as a volumetric DDoS attack causing network congestion. | |||
| DOTS signal: A concise authenticated status/control message | DOTS signal: A concise authenticated status/control message | |||
| transmitted between DOTS agents, used to indicate client's need | transmitted between DOTS agents, used to indicate client's need | |||
| for mitigation, as well as to convey the status of any requested | for mitigation, as well as to convey the status of any requested | |||
| mitigation. | mitigation. | |||
| Heartbeat: A message transmitted between DOTS agents over the signal | Heartbeat: A message transmitted between DOTS agents over the signal | |||
| channel, used as a keep-alive and to measure peer health. | channel, used as a keep-alive and to measure peer health. | |||
| Client signal: A message sent from a DOTS client to a DOTS server | Data channel: A secure communication layer between two DOTS agents | |||
| over the signal channel, indicating the DOTS client's need for | used for infrequent bulk exchange of data not easily or | |||
| mitigation, as well as the scope of any requested mitigation, | appropriately communicated through the signal channel under attack | |||
| optionally including additional attack details to supplement | conditions. | |||
| server-initiated mitigation. | ||||
| Server signal: A message sent from a DOTS server to a DOTS client | ||||
| over the signal channel. Note that a server signal is not a | ||||
| response to client signal, but a DOTS server-initiated status | ||||
| message sent to DOTS clients with which the server has established | ||||
| signal channels. | ||||
| Data channel: A secure communication layer between DOTS clients and | ||||
| DOTS servers used for infrequent bulk exchange of data not easily | ||||
| or appropriately communicated through the signal channel under | ||||
| attack conditions. | ||||
| Filter: A policy matching a network traffic flow or set of flows and | Filter: A specification of a matching network traffic flow or set of | |||
| rate-limiting or discarding matching traffic. | flows. The filter will typically have a policy associated with | |||
| it, e.g., rate-limiting or discarding matching traffic. | ||||
| Blacklist: A filter list of addresses, prefixes and/or other | Blacklist: A filter list of addresses, prefixes, and/or other | |||
| identifiers indicating sources from which traffic should be | identifiers indicating sources from which traffic should be | |||
| blocked, regardless of traffic content. | blocked, regardless of traffic content. | |||
| Whitelist: A list of addresses, prefixes and/or other identifiers | Whitelist: A list of addresses, prefixes, and/or other identifiers | |||
| from indicating sources from which traffic should always be | indicating sources from which traffic should always be allowed, | |||
| allowed, regardless of contradictory data gleaned in a detected | regardless of contradictory data gleaned in a detected attack. | |||
| attack. | ||||
| Multi-homed DOTS client: A DOTS client exchanging messages with | Multi-homed DOTS client: A DOTS client exchanging messages with | |||
| multiple DOTS servers, each in a separate administrative domain. | multiple DOTS servers, each in a separate administrative domain. | |||
| 2. Requirements | 2. Requirements | |||
| This section describes the required features and characteristics of | This section describes the required features and characteristics of | |||
| the DOTS protocol. | the DOTS protocol. | |||
| DOTS is an advisory protocol. An active DDoS attack against the | DOTS is an advisory protocol. An active DDoS attack against the | |||
| entity controlling the DOTS client need not be present before | entity controlling the DOTS client need not be present before | |||
| establishing a communication channel between DOTS agents. Indeed, | establishing a communication channel between DOTS agents. Indeed, | |||
| establishing a relationship with peer DOTS agents during normal | establishing a relationship with peer DOTS agents during normal | |||
| network conditions provides the foundation for more rapid attack | network conditions provides the foundation for more rapid attack | |||
| response against future attacks, as all interactions setting up DOTS, | response against future attacks, as all interactions setting up DOTS, | |||
| including any business or service level agreements, are already | including any business or service level agreements, are already | |||
| complete. | complete. Peer DOTS agents are provisioned to a DOTS client using a | |||
| variety of manual or dynamic methods. | ||||
| The DOTS protocol must at a minimum make it possible for a DOTS | The DOTS protocol must at a minimum make it possible for a DOTS | |||
| client to request a mitigator's aid mounting a defense, coordinated | client to request a mitigator's aid mounting a defense, coordinated | |||
| by a DOTS server, against a suspected attack, signaling within or | by a DOTS server, against a suspected attack, signaling within or | |||
| between domains as requested by local operators. DOTS clients should | between domains as requested by local operators. DOTS clients should | |||
| similarly be able to withdraw aid requests. DOTS requires no | similarly be able to withdraw aid requests. DOTS requires no | |||
| justification from DOTS clients for requests for help, nor do DOTS | justification from DOTS clients for requests for help, nor do DOTS | |||
| clients need to justify withdrawing help requests: the decision is | clients need to justify withdrawing help requests: the decision is | |||
| local to the DOTS clients' domain. | local to the DOTS clients' domain. Multi-homed DOTS clients must be | |||
| able to select the appropriate DOTS server(s) to which a mitigation | ||||
| request is to be sent. Further multi-homing considerations are out | ||||
| of scope. | ||||
| Regular feedback between DOTS clients and DOTS server supplement the | Regular feedback between DOTS clients and DOTS servers supplement the | |||
| defensive alliance by maintaining a common understanding of DOTS | defensive alliance by maintaining a common understanding of the DOTS | |||
| agent health and activity. Bidirectional communication between DOTS | agents' health and activity. Bidirectional communication between | |||
| clients and DOTS servers is therefore critical. | DOTS clients and DOTS servers is therefore critical. | |||
| DOTS protocol implementations face competing operational goals when | DOTS protocol implementations face competing operational goals when | |||
| maintaining this bidirectional communication stream. On the one | maintaining this bidirectional communication stream. On the one | |||
| hand, the protocol must be resilient under extremely hostile network | hand, the protocol must be resilient under extremely hostile network | |||
| conditions, providing continued contact between DOTS agents even as | conditions, providing continued contact between DOTS agents even as | |||
| attack traffic saturates the link. Such resiliency may be developed | attack traffic saturates the link. Such resiliency may be developed | |||
| several ways, but characteristics such as small message size, | several ways, but characteristics such as small message size, | |||
| asynchronous, redundant message delivery and minimal connection | asynchronous, redundant message delivery and minimal connection | |||
| overhead (when possible given local network policy) will tend to | overhead (when possible given local network policy) will tend to | |||
| contribute to the robustness demanded by a viable DOTS protocol. | contribute to the robustness demanded by a viable DOTS protocol. | |||
| Operators of peer DOTS-enabled domains may enable quality- or class- | Operators of peer DOTS-enabled domains may enable quality- or class- | |||
| of-service traffic tagging to increase the probability of successful | of-service traffic tagging to increase the probability of successful | |||
| DOTS signal delivery, but DOTS requires no such policies be in place. | DOTS signal delivery, but DOTS does not require such policies be in | |||
| The DOTS solution indeed must be viable especially in their absence. | place. The DOTS solution indeed must be viable especially in their | |||
| absence. | ||||
| On the other hand, DOTS must include protections ensuring message | On the other hand, DOTS must include protections ensuring message | |||
| confidentiality, integrity and authenticity to keep the protocol from | confidentiality, integrity and authenticity to keep the protocol from | |||
| becoming another vector for the very attacks it's meant to help fight | becoming another vector for the very attacks it's meant to help fight | |||
| off. DOTS clients must be able to authenticate DOTS servers, and | off. DOTS clients must be able to authenticate DOTS servers, and | |||
| vice versa, to avoid exposing new attack surfaces when deploying | vice versa, to avoid exposing new attack surfaces when deploying | |||
| DOTS; specifically, to prevent DDoS mitigation in response to DOTS | DOTS; specifically, to prevent DDoS mitigation in response to DOTS | |||
| signaling from becoming a new form of attack. In order to provide | signaling from becoming a new form of attack. In order to provide | |||
| this level of proteection, DOTS agents must have a way to negotiate | this level of protection, DOTS agents must have a way to negotiate | |||
| and agree upon the terms of protocol security. Attacks against the | and agree upon the terms of protocol security. Attacks against the | |||
| transport protocol should not offer a means of attack against the | transport protocol should not offer a means of attack against the | |||
| message confidentiality, integrity and authenticity. | message confidentiality, integrity and authenticity. | |||
| The DOTS server and client must also have some common method of | The DOTS server and client must also have some common method of | |||
| defining the scope of any mitigation performed by the mitigator, as | defining the scope of any mitigation performed by the mitigator, as | |||
| well as making adjustments to other commonly configurable features, | well as making adjustments to other commonly configurable features, | |||
| such as listen ports, exchanging black- and white-lists, and so on. | such as listen port numbers, exchanging black- and white-lists, and | |||
| so on. | ||||
| Finally, DOTS should be sufficiently extensible to meet future needs | Finally, DOTS should be sufficiently extensible to meet future needs | |||
| in coordinated attack defense, although this consideration is | in coordinated attack defense, although this consideration is | |||
| necessarily superseded by the other operational requirements. | necessarily superseded by the other operational requirements. | |||
| 2.1. General Requirements | 2.1. General Requirements | |||
| GEN-001 Extensibility: Protocols and data models developed as part | GEN-001 Extensibility: Protocols and data models developed as part | |||
| of DOTS MUST be extensible in order to keep DOTS adaptable to | of DOTS MUST be extensible in order to keep DOTS adaptable to | |||
| operational and proprietary DDoS defenses. Future extensions MUST | operational and proprietary DDoS defenses. Future extensions MUST | |||
| be backward compatible. DOTS protocols MUST use a version number | be backward compatible. DOTS protocols MUST use a version number | |||
| system to distinguish protocol revisions. Implementations of | system to distinguish protocol revisions. Implementations of | |||
| older protocol versions SHOULD ignore information added to DOTS | older protocol versions SHOULD ignore information added to DOTS | |||
| messages as part of newer protocol versions. | messages as part of newer protocol versions. | |||
| GEN-002 Resilience and Robustness: The signaling protocol MUST be | GEN-002 Resilience and Robustness: The signaling protocol MUST be | |||
| designed to maximize the probability of signal delivery even under | designed to maximize the probability of signal delivery even under | |||
| the severely constrained network conditions imposed by particular | the severely constrained network conditions imposed by particular | |||
| attack traffic. The protocol MUST be resilient, that is, continue | attack traffic. The protocol MUST be resilient, that is, continue | |||
| operating despite message loss and out-of-order or redundant | operating despite message loss and out-of-order or redundant | |||
| message delivery. In support signaling protocol robustness, DOTS | message delivery. In support of signaling protocol robustness, | |||
| signals SHOULD be conveyed over a transport not susceptible to | DOTS signals SHOULD be conveyed over a transport not susceptible | |||
| Head of Line Blocking. | to Head of Line Blocking. | |||
| GEN-003 Bidirectionality: To support peer health detection, to | GEN-003 Bidirectionality: To support peer health detection, to | |||
| maintain an open signal channel, and to increase the probability | maintain an open signal channel, and to increase the probability | |||
| of signal delivery during attack, the signal channel MUST be | of signal delivery during attack, the signal channel MUST be | |||
| bidirectional, with client and server transmitting signals to each | bidirectional, with client and server transmitting signals to each | |||
| other at regular intervals, regardless of any client request for | other at regular intervals, regardless of any client request for | |||
| mitigation. Unidirectional messages MUST be supported within the | mitigation. Unidirectional messages MUST be supported within the | |||
| bidirectional signal channel to allow for unsolicited message | bidirectional signal channel to allow for unsolicited message | |||
| delivery, enabling asynchronous notifications between agents. | delivery, enabling asynchronous notifications between agents. | |||
| skipping to change at page 8, line 22 ¶ | skipping to change at page 8, line 30 ¶ | |||
| transport- or message-level security. | transport- or message-level security. | |||
| DOTS agents SHOULD attempt to learn the PMTU through mechanisms | DOTS agents SHOULD attempt to learn the PMTU through mechanisms | |||
| such as Path MTU Discovery [RFC1191] or Packetization Layer Path | such as Path MTU Discovery [RFC1191] or Packetization Layer Path | |||
| MTU Discovery [RFC4821]. If the PMTU cannot be discovered, DOTS | MTU Discovery [RFC4821]. If the PMTU cannot be discovered, DOTS | |||
| agents SHOULD assume a PMTU of 1280 bytes. If IPv4 support on | agents SHOULD assume a PMTU of 1280 bytes. If IPv4 support on | |||
| legacy or otherwise unusual networks is a consideration and PMTU | legacy or otherwise unusual networks is a consideration and PMTU | |||
| is unknown, DOTS implementations MAY rely on a PMTU of 576 bytes, | is unknown, DOTS implementations MAY rely on a PMTU of 576 bytes, | |||
| as discussed in [RFC0791] and [RFC1122]. | as discussed in [RFC0791] and [RFC1122]. | |||
| SIG-003 Channel Health Monitoring: Peer DOTS agents MUST regularly | SIG-003 Channel Health Monitoring: DOTS agents MUST support exchange | |||
| send heartbeats to each other after mutual authentication in order | of heartbeat messages over the signal channel to monitor channel | |||
| to keep the DOTS signal channel active. A signal channel MUST be | health. Peer DOTS agents SHOULD regularly send heartbeats to each | |||
| other while a mitigation request is active. The heartbeat | ||||
| interval during active mitigation is not specified, but SHOULD be | ||||
| frequent enough to maintain any on-path NAT bindings during | ||||
| mitigation. | ||||
| To support scenarios in which loss of heartbeat is used to trigger | ||||
| mitigation, and to keep the channel active, DOTS clients MAY | ||||
| solicit heartbeat exchanges after successful mutual | ||||
| authentication. When DOTS agents are exchanging heartbeats and no | ||||
| mitigation request is active, either agent MAY request changes to | ||||
| the heartbeat rate. For example, a DOTS server might want to | ||||
| delay or cease heartbeat exchanges when an active DOTS client has | ||||
| not requested mitigation, in order to control load. | ||||
| Following mutual authentication, a signal channel MUST be | ||||
| considered active until a DOTS agent explicitly ends the session, | considered active until a DOTS agent explicitly ends the session, | |||
| or either DOTS agent fails to receive heartbeats from the other | or either DOTS agent fails to receive heartbeats from the other | |||
| after a mutually agreed upon timeout period has elapsed. | after a mutually agreed upon timeout period has elapsed. Because | |||
| heartbeat loss is much more likely during volumetric attack, DOTS | ||||
| agents SHOULD avoid signal channel termination when mitigation is | ||||
| active and heartbeats are not received by either DOTS agent for an | ||||
| extended period. In such circumstances, DOTS clients MAY attempt | ||||
| to reestablish the signal channel. DOTS servers SHOULD monitor | ||||
| the attack, using feedback from the mitigator and other available | ||||
| sources, and MAY use the absence of attack traffic and lack of | ||||
| client heartbeats as an indication the signal channel is defunct. | ||||
| SIG-004 Channel Redirection: In order to increase DOTS operational | SIG-004 Channel Redirection: In order to increase DOTS operational | |||
| flexibility and scalability, DOTS servers SHOULD be able to | flexibility and scalability, DOTS servers SHOULD be able to | |||
| redirect DOTS clients to another DOTS server at any time. DOTS | redirect DOTS clients to another DOTS server at any time. DOTS | |||
| clients MUST NOT assume the redirection target DOTS server shares | clients MUST NOT assume the redirection target DOTS server shares | |||
| security state with the redirecting DOTS server. DOTS clients MAY | security state with the redirecting DOTS server. DOTS clients MAY | |||
| attempt abbreviated security negotiation methods supported by the | attempt abbreviated security negotiation methods supported by the | |||
| protocol, such as DTLS session resumption, but MUST be prepared to | protocol, such as DTLS session resumption, but MUST be prepared to | |||
| negotiate new security state with the redirection target DOTS | negotiate new security state with the redirection target DOTS | |||
| server. | server. | |||
| skipping to change at page 9, line 37 ¶ | skipping to change at page 10, line 18 ¶ | |||
| DOTS client's request to stop mitigation. | DOTS client's request to stop mitigation. | |||
| To protect against route or DNS flapping caused by a client | To protect against route or DNS flapping caused by a client | |||
| rapidly toggling mitigation, and to dampen the effect of | rapidly toggling mitigation, and to dampen the effect of | |||
| oscillating attacks, DOTS servers MAY allow mitigation to continue | oscillating attacks, DOTS servers MAY allow mitigation to continue | |||
| for a limited period after acknowledging a DOTS client's | for a limited period after acknowledging a DOTS client's | |||
| withdrawal of a mitigation request. During this period, DOTS | withdrawal of a mitigation request. During this period, DOTS | |||
| server status messages SHOULD indicate that mitigation is active | server status messages SHOULD indicate that mitigation is active | |||
| but terminating. | but terminating. | |||
| The active-but-terminating period is initially 30 seconds. If the | The initial active-but-terminating period is implementation- | |||
| client requests mitigation again before that 30 second window | specific, but SHOULD be sufficiently long to absorb latency | |||
| elapses, the DOTS server MAY exponentially increase the active- | incurred by route propagation. If the client requests mitigation | |||
| but-terminating period up to a maximum of 240 seconds (4 minutes). | again before the initial active-but-terminating period elapses, | |||
| the DOTS server MAY exponentially increase the active-but- | ||||
| terminating period up to a maximum of 300 seconds (5 minutes). | ||||
| After the active-but-terminating period elapses, the DOTS server | After the active-but-terminating period elapses, the DOTS server | |||
| MUST treat the mitigation as terminated, as the DOTS client is no | MUST treat the mitigation as terminated, as the DOTS client is no | |||
| longer responsible for the mitigation. For example, if there is a | longer responsible for the mitigation. For example, if there is a | |||
| financial relationship between the DOTS client and server domains, | financial relationship between the DOTS client and server domains, | |||
| the DOTS client ceases incurring cost at this point. | the DOTS client ceases incurring cost at this point. | |||
| SIG-006 Mitigation Lifetime: DOTS servers MUST support mitigation | SIG-006 Mitigation Lifetime: DOTS servers MUST support mitigation | |||
| lifetimes, and MUST terminate a mitigation when the lifetime | lifetimes, and MUST terminate a mitigation when the lifetime | |||
| elapses. DOTS servers also MUST support renewal of mitigation | elapses. DOTS servers also MUST support renewal of mitigation | |||
| lifetimes in mitigation requests from DOTS clients, allowing | lifetimes in mitigation requests from DOTS clients, allowing | |||
| skipping to change at page 10, line 19 ¶ | skipping to change at page 10, line 51 ¶ | |||
| DOTS clients SHOULD include a mitigation lifetime in all | DOTS clients SHOULD include a mitigation lifetime in all | |||
| mitigation requests. If a DOTS client does not include a | mitigation requests. If a DOTS client does not include a | |||
| mitigation lifetime in requests for help sent to the DOTS server, | mitigation lifetime in requests for help sent to the DOTS server, | |||
| the DOTS server will use a reasonable default as defined by the | the DOTS server will use a reasonable default as defined by the | |||
| protocol. | protocol. | |||
| DOTS servers SHOULD support indefinite mitigation lifetimes, | DOTS servers SHOULD support indefinite mitigation lifetimes, | |||
| enabling architectures in which the mitigator is always in the | enabling architectures in which the mitigator is always in the | |||
| traffic path to the resources for which the DOTS client is | traffic path to the resources for which the DOTS client is | |||
| requesting protection. DOTS servers MAY refuse mitigations with | requesting protection. DOTS clients MUST be prepared to not be | |||
| indefinite lifetimes, for policy reasons. The reasons themselves | granted mitigations with indefinite lifetimes. DOTS servers MAY | |||
| are out of scope for this document, but MUST be included in the | refuse mitigations with indefinite lifetimes, for policy reasons. | |||
| mitigation rejection message from the server, per SIG-005. | The reasons themselves are out of scope. If the DOTS server does | |||
| not grant a mitigation request with an indefinite mitigation | ||||
| lifetime, it MUST set the lifetime to a value that is configured | ||||
| locally. That value MUST be returned in a reply to the requesting | ||||
| DOTS client. | ||||
| SIG-007 Mitigation Scope: DOTS clients MUST indicate desired | SIG-007 Mitigation Scope: DOTS clients MUST indicate desired | |||
| mitigation scope. The scope type will vary depending on the | mitigation scope. The scope type will vary depending on the | |||
| resources requiring mitigation. All DOTS agent implementations | resources requiring mitigation. All DOTS agent implementations | |||
| MUST support the following required scope types: | MUST support the following required scope types: | |||
| * IPv4 addresses in dotted quad format | * IPv4 addresses in dotted quad format | |||
| * IPv4 prefixes in CIDR notation [RFC4632] | * IPv4 prefixes in CIDR notation [RFC4632] | |||
| skipping to change at page 10, line 44 ¶ | skipping to change at page 11, line 31 ¶ | |||
| * IPv6 prefixes [RFC4291][RFC5952] | * IPv6 prefixes [RFC4291][RFC5952] | |||
| * Domain names [RFC1035] | * Domain names [RFC1035] | |||
| The following mitigation scope types are OPTIONAL: | The following mitigation scope types are OPTIONAL: | |||
| * Uniform Resource Identifiers [RFC3986] | * Uniform Resource Identifiers [RFC3986] | |||
| DOTS agents MUST support mitigation scope aliases, allowing DOTS | DOTS agents MUST support mitigation scope aliases, allowing DOTS | |||
| client and server to refer to collections of protected resources | clients and servers to refer to collections of protected resources | |||
| by an opaque identifier created through the data channel, direct | by an opaque identifier created through the data channel, direct | |||
| configuration, or other means. Domain name and URI mitigation | configuration, or other means. Domain name and URI mitigation | |||
| scopes may be thought of as a form of scope alias, in which the | scopes may be thought of as a form of scope alias, in which the | |||
| addresses to which the domain name or URI resolve represent the | addresses to which the domain name or URI resolve represent the | |||
| full scope of the mitigation. | full scope of the mitigation. | |||
| If there is additional information available narrowing the scope | If there is additional information available narrowing the scope | |||
| of any requested attack response, such as targeted port range, | of any requested attack response, such as targeted port range, | |||
| protocol, or service, DOTS clients SHOULD include that information | protocol, or service, DOTS clients SHOULD include that information | |||
| in client signals. DOTS clients MAY also include additional | in client signals. DOTS clients MAY also include additional | |||
| attack details. Such supplemental information is OPTIONAL, and | attack details. Such supplemental information is OPTIONAL, and | |||
| DOTS servers MAY ignore it when enabling countermeasures on the | DOTS servers MAY ignore it when enabling countermeasures on the | |||
| mitigator. | mitigator. | |||
| As an active attack evolves, clients MUST be able to adjust as | As an active attack evolves, clients MUST be able to adjust as | |||
| necessary the scope of requested mitigation by refining the scope | necessary the scope of requested mitigation by refining the scope | |||
| of resources requiring mitigation. | of resources requiring mitigation. | |||
| The DOTS client may obtain the mitigation scope through direct | ||||
| provisioning or through implementation-specific methods of | ||||
| discovery. DOTS clients MUST support at least one mechanism to | ||||
| obtain mitigiation scope. | ||||
| SIG-008 Mitigation Efficacy: When a mitigation request by a DOTS | SIG-008 Mitigation Efficacy: When a mitigation request by a DOTS | |||
| client is active, DOTS clients SHOULD transmit a metric of | client is active, DOTS clients SHOULD transmit a metric of | |||
| perceived mitigation efficacy to the DOTS server. DOTS servers | perceived mitigation efficacy to the DOTS server. DOTS servers | |||
| MAY use the efficacy metric to adjust countermeasures activated on | MAY use the efficacy metric to adjust countermeasures activated on | |||
| a mitigator on behalf of a DOTS client. | a mitigator on behalf of a DOTS client. | |||
| SIG-009 Conflict Detection and Notification: Multiple DOTS clients | SIG-009 Conflict Detection and Notification: Multiple DOTS clients | |||
| controlled by a single administrative entity may send conflicting | controlled by a single administrative entity may send conflicting | |||
| mitigation requests for pool of protected resources , as a result | mitigation requests for pools of protected resources as a result | |||
| of misconfiguration, operator error, or compromised DOTS clients. | of misconfiguration, operator error, or compromised DOTS clients. | |||
| DOTS servers attempting to honor conflicting requests may flap | DOTS servers in the same administrative domain attempting to honor | |||
| network route or DNS information, degrading the networks | conflicting requests may flap network route or DNS information, | |||
| attempting to participate in attack response with the DOTS | degrading the networks attempting to participate in attack | |||
| clients. DOTS servers SHALL detect such conflicting requests, and | response with the DOTS clients. DOTS servers in a single | |||
| administrative domain SHALL detect such conflicting requests, and | ||||
| SHALL notify the DOTS clients in conflict. The notification | SHALL notify the DOTS clients in conflict. The notification | |||
| SHOULD indicate the nature and scope of the conflict, for example, | SHOULD indicate the nature and scope of the conflict, for example, | |||
| the overlapping prefix range in a conflicting mitigation request. | the overlapping prefix range in a conflicting mitigation request. | |||
| SIG-010: Network Address Translator Traversal: DOTS clients may be | SIG-010: Network Address Translator Traversal: DOTS clients may be | |||
| deployed behind a Network Address Translator (NAT), and need to | deployed behind a Network Address Translator (NAT), and need to | |||
| communicate with DOTS servers through the NAT. DOTS protocols | communicate with DOTS servers through the NAT. DOTS protocols | |||
| MUST therefore be capable of traversing NATs. | MUST therefore be capable of traversing NATs. | |||
| If UDP is used as the transport for the DOTS signal channel, all | If UDP is used as the transport for the DOTS signal channel, all | |||
| considerations in "Middlebox Traversal Guidelines" in [RFC5405] | considerations in "Middlebox Traversal Guidelines" in [RFC8085] | |||
| apply to DOTS. Regardless of transport, DOTS protocols MUST | apply to DOTS. Regardless of transport, DOTS protocols MUST | |||
| follow established best common practices (BCPs) for NAT traversal. | follow established best common practices (BCPs) for NAT traversal. | |||
| 2.3. Data Channel Requirements | 2.3. Data Channel Requirements | |||
| The data channel is intended to be used for bulk data exchanges | The data channel is intended to be used for bulk data exchanges | |||
| between DOTS agents. Unlike the signal channel, which must operate | between DOTS agents. Unlike the signal channel, which must operate | |||
| nominally even when confronted with signal degradation due to packet | nominally even when confronted with signal degradation due to packet | |||
| loss, the data channel is not expected to be constructed to deal with | loss, the data channel is not expected to be constructed to deal with | |||
| attack conditions. As the primary function of the data channel is | attack conditions. As the primary function of the data channel is | |||
| skipping to change at page 14, line 17 ¶ | skipping to change at page 15, line 10 ¶ | |||
| Likewise, DOTS servers MUST refuse to allow creation, modification | Likewise, DOTS servers MUST refuse to allow creation, modification | |||
| or deletion of scope aliases and black-/white-lists when the DOTS | or deletion of scope aliases and black-/white-lists when the DOTS | |||
| client is unauthorized. | client is unauthorized. | |||
| The modes of authorization are implementation-specific. | The modes of authorization are implementation-specific. | |||
| 2.5. Data Model Requirements | 2.5. Data Model Requirements | |||
| The value of DOTS is in standardizing a mechanism to permit elements, | The value of DOTS is in standardizing a mechanism to permit elements, | |||
| networks or domains under or under threat of DDoS attack to request | networks or domains under threat of DDoS attack to request aid | |||
| aid mitigating the effects of any such attack. A well-structured | mitigating the effects of any such attack. A well-structured DOTS | |||
| DOTS data model is therefore critical to the development of a | data model is therefore critical to the development of a successful | |||
| successful DOTS protocol. | DOTS protocol. | |||
| DM-001: Structure: The data model structure for the DOTS protocol | DM-001: Structure: The data model structure for the DOTS protocol | |||
| may be described by a single module, or be divided into related | may be described by a single module, or be divided into related | |||
| collections of hierarchical modules and sub-modules. If the data | collections of hierarchical modules and sub-modules. If the data | |||
| model structure is split across modules, those distinct modules | model structure is split across modules, those distinct modules | |||
| MUST allow references to describe the overall data model's | MUST allow references to describe the overall data model's | |||
| structural dependencies. | structural dependencies. | |||
| DM-002: Versioning: To ensure interoperability between DOTS protocol | DM-002: Versioning: To ensure interoperability between DOTS protocol | |||
| implementations, data models MUST be versioned. The version | implementations, data models MUST be versioned. The version | |||
| skipping to change at page 18, line 30 ¶ | skipping to change at page 19, line 24 ¶ | |||
| 7.6. Initial revision | 7.6. Initial revision | |||
| 2015-09-24 Andrew Mortensen | 2015-09-24 Andrew Mortensen | |||
| 8. References | 8. References | |||
| 8.1. Normative References | 8.1. Normative References | |||
| [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, | [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, | |||
| DOI 10.17487/RFC0768, August 1980, | DOI 10.17487/RFC0768, August 1980, | |||
| <http://www.rfc-editor.org/info/rfc768>. | <https://www.rfc-editor.org/info/rfc768>. | |||
| [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, | [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, | |||
| DOI 10.17487/RFC0791, September 1981, | DOI 10.17487/RFC0791, September 1981, | |||
| <http://www.rfc-editor.org/info/rfc791>. | <https://www.rfc-editor.org/info/rfc791>. | |||
| [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, | [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, | |||
| RFC 793, DOI 10.17487/RFC0793, September 1981, | RFC 793, DOI 10.17487/RFC0793, September 1981, | |||
| <http://www.rfc-editor.org/info/rfc793>. | <https://www.rfc-editor.org/info/rfc793>. | |||
| [RFC1035] Mockapetris, P., "Domain names - implementation and | [RFC1035] Mockapetris, P., "Domain names - implementation and | |||
| specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, | specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, | |||
| November 1987, <http://www.rfc-editor.org/info/rfc1035>. | November 1987, <https://www.rfc-editor.org/info/rfc1035>. | |||
| [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - | [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - | |||
| Communication Layers", STD 3, RFC 1122, | Communication Layers", STD 3, RFC 1122, | |||
| DOI 10.17487/RFC1122, October 1989, | DOI 10.17487/RFC1122, October 1989, | |||
| <http://www.rfc-editor.org/info/rfc1122>. | <https://www.rfc-editor.org/info/rfc1122>. | |||
| [RFC1191] Mogul, J. and S. Deering, "Path MTU discovery", RFC 1191, | [RFC1191] Mogul, J. and S. Deering, "Path MTU discovery", RFC 1191, | |||
| DOI 10.17487/RFC1191, November 1990, | DOI 10.17487/RFC1191, November 1990, | |||
| <http://www.rfc-editor.org/info/rfc1191>. | <https://www.rfc-editor.org/info/rfc1191>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <http://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | |||
| Resource Identifier (URI): Generic Syntax", STD 66, | Resource Identifier (URI): Generic Syntax", STD 66, | |||
| RFC 3986, DOI 10.17487/RFC3986, January 2005, | RFC 3986, DOI 10.17487/RFC3986, January 2005, | |||
| <http://www.rfc-editor.org/info/rfc3986>. | <https://www.rfc-editor.org/info/rfc3986>. | |||
| [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing | [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing | |||
| Architecture", RFC 4291, DOI 10.17487/RFC4291, February | Architecture", RFC 4291, DOI 10.17487/RFC4291, February | |||
| 2006, <http://www.rfc-editor.org/info/rfc4291>. | 2006, <https://www.rfc-editor.org/info/rfc4291>. | |||
| [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing | [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing | |||
| (CIDR): The Internet Address Assignment and Aggregation | (CIDR): The Internet Address Assignment and Aggregation | |||
| Plan", BCP 122, RFC 4632, DOI 10.17487/RFC4632, August | Plan", BCP 122, RFC 4632, DOI 10.17487/RFC4632, August | |||
| 2006, <http://www.rfc-editor.org/info/rfc4632>. | 2006, <https://www.rfc-editor.org/info/rfc4632>. | |||
| [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU | [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU | |||
| Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007, | Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007, | |||
| <http://www.rfc-editor.org/info/rfc4821>. | <https://www.rfc-editor.org/info/rfc4821>. | |||
| [RFC5405] Eggert, L. and G. Fairhurst, "Unicast UDP Usage Guidelines | [RFC5405] Eggert, L. and G. Fairhurst, "Unicast UDP Usage Guidelines | |||
| for Application Designers", RFC 5405, | for Application Designers", RFC 5405, | |||
| DOI 10.17487/RFC5405, November 2008, | DOI 10.17487/RFC5405, November 2008, | |||
| <http://www.rfc-editor.org/info/rfc5405>. | <https://www.rfc-editor.org/info/rfc5405>. | |||
| [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage | ||||
| Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, | ||||
| March 2017, <https://www.rfc-editor.org/info/rfc8085>. | ||||
| [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 | [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 | |||
| Address Text Representation", RFC 5952, | Address Text Representation", RFC 5952, | |||
| DOI 10.17487/RFC5952, August 2010, | DOI 10.17487/RFC5952, August 2010, | |||
| <http://www.rfc-editor.org/info/rfc5952>. | <https://www.rfc-editor.org/info/rfc5952>. | |||
| 8.2. Informative References | 8.2. Informative References | |||
| [I-D.ietf-dots-architecture] | [I-D.ietf-dots-architecture] | |||
| Mortensen, A., Andreasen, F., Reddy, T., | Mortensen, A., Andreasen, F., Reddy, T., | |||
| christopher_gray3@cable.comcast.com, c., Compton, R., and | christopher_gray3@cable.comcast.com, c., Compton, R., and | |||
| N. Teague, "Distributed-Denial-of-Service Open Threat | N. Teague, "Distributed-Denial-of-Service Open Threat | |||
| Signaling (DOTS) Architecture", draft-ietf-dots- | Signaling (DOTS) Architecture", draft-ietf-dots- | |||
| architecture-03 (work in progress), June 2017. | architecture-04 (work in progress), July 2017. | |||
| [I-D.ietf-dots-use-cases] | [I-D.ietf-dots-use-cases] | |||
| Dobbins, R., Fouant, S., Migault, D., Moskowitz, R., | Dobbins, R., Migault, D., Fouant, S., Moskowitz, R., | |||
| Teague, N., Xia, L., and K. Nishizuka, "Use cases for DDoS | Teague, N., Xia, L., and K. Nishizuka, "Use cases for DDoS | |||
| Open Threat Signaling (DDoS) Open Threat Signaling", | Open Threat Signaling", draft-ietf-dots-use-cases-07 (work | |||
| draft-ietf-dots-use-cases-05 (work in progress), May 2017. | in progress), July 2017. | |||
| [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, | [RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, | |||
| A., Peterson, J., Sparks, R., Handley, M., and E. | A., Peterson, J., Sparks, R., Handley, M., and E. | |||
| Schooler, "SIP: Session Initiation Protocol", RFC 3261, | Schooler, "SIP: Session Initiation Protocol", RFC 3261, | |||
| DOI 10.17487/RFC3261, June 2002, | DOI 10.17487/RFC3261, June 2002, | |||
| <http://www.rfc-editor.org/info/rfc3261>. | <https://www.rfc-editor.org/info/rfc3261>. | |||
| [RFC7092] Kaplan, H. and V. Pascual, "A Taxonomy of Session | ||||
| Initiation Protocol (SIP) Back-to-Back User Agents", | ||||
| RFC 7092, DOI 10.17487/RFC7092, December 2013, | ||||
| <https://www.rfc-editor.org/info/rfc7092>. | ||||
| [RFC4732] Handley, M., Ed., Rescorla, E., Ed., and IAB, "Internet | [RFC4732] Handley, M., Ed., Rescorla, E., Ed., and IAB, "Internet | |||
| Denial-of-Service Considerations", RFC 4732, | Denial-of-Service Considerations", RFC 4732, | |||
| DOI 10.17487/RFC4732, December 2006, | DOI 10.17487/RFC4732, December 2006, | |||
| <http://www.rfc-editor.org/info/rfc4732>. | <https://www.rfc-editor.org/info/rfc4732>. | |||
| Authors' Addresses | Authors' Addresses | |||
| Andrew Mortensen | Andrew Mortensen | |||
| Arbor Networks | Arbor Networks | |||
| 2727 S. State St | 2727 S. State St | |||
| Ann Arbor, MI 48104 | Ann Arbor, MI 48104 | |||
| United States | United States | |||
| Email: amortensen@arbor.net | Email: amortensen@arbor.net | |||
| Robert Moskowitz | Robert Moskowitz | |||
| HTT Consulting | Huawei | |||
| Oak Park, MI 42837 | Oak Park, MI 42837 | |||
| United States | United States | |||
| Email: rgm@htt-consult.com | Email: rgm@htt-consult.com | |||
| Tirumaleswar Reddy | Tirumaleswar Reddy | |||
| McAfee, Inc. | McAfee, Inc. | |||
| Embassy Golf Link Business Park | Embassy Golf Link Business Park | |||
| Bangalore, Karnataka 560071 | Bangalore, Karnataka 560071 | |||
| India | India | |||
| End of changes. 58 change blocks. | ||||
| 133 lines changed or deleted | 178 lines changed or added | |||
This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||