dots server s discovery
play

DOTS Server(s) Discovery - PowerPoint PPT Presentation

Jan 15, 2023 •148 likes •306 views

DOTS Server(s) Discovery https://tools.ietf.org/html/draft-boucadair-dots-server-discovery Prague, July 2017 M. Boucadair (Orange) T. Reddy (McAfee) P. Patil (Cisco) 1 Context & Motivation A DOTS client needs to learn the IP

  1. DOTS Server(s) Discovery https://tools.ietf.org/html/draft-boucadair-dots-server-discovery Prague, July 2017 M. Boucadair (Orange) T. Reddy (McAfee) P. Patil (Cisco) 1

  2. Context & Motivation • A DOTS client needs to learn the IP reachability information to contact its DOTS server(s) – Idem for a DOTS gateway • The DOTS architecture does not specify how such information is provided to DOTS clients • This document is filling this void 2

  3. DOTS Single Discovery is Unlikely The Network Provider is also the Use Case Requires a CPE DDoS Mitigation Provider End-customer with single or multiple upstream transit Yes Yes provider(s) offering DDoS mitigation services End-customer with an overlay DDoS mitigation Yes No managed security service provider (MSSP) End-customer operating an application or service with Yes Yes/No an integrated DOTS client End-customer operating a CPE network infrastructure Yes Yes device with an integrated DOTS client Suppression of outbound DDoS traffic originating from Yes Yes a consumer broadband access network DDoS Orchestration No N/A 3

  4. DOTS Single Discovery is Unlikely The Network The use of anycast may simplify the Provider is also the Use Case Requires a CPE operations to discover a DOTS DDoS Mitigation gateway, if the end-customer network Provider is single-homed. End-customer with single or multiple upstream transit Yes Yes provider(s) offering DDoS mitigation services End-customer with an overlay DDoS mitigation Yes No managed security service provider (MSSP) End-customer operating an application or service with Yes Yes/No an integrated DOTS client End-customer operating a CPE network infrastructure Yes Yes device with an integrated DOTS client Suppression of outbound DDoS traffic originating from Yes Yes a consumer broadband access network DDoS Orchestration No N/A 4

  5. DOTS Single Discovery is Unlikely The Network The use of anycast may simplify the Provider is also the Use Case Requires a CPE operations to discover a DOTS DDoS Mitigation gateway, if the end-customer network Provider The use of anycast is not is single-homed. appropriate for these use End-customer with single or multiple upstream transit cases, in particular. Yes Yes provider(s) offering DDoS mitigation services It is safe to assume that for such deployments, the End-customer with an overlay DDoS mitigation DOTS server(s) domain Yes No managed security service provider (MSSP) name is provided during the service subscription End-customer operating an application or service with Yes Yes/No (i.e., manual/local an integrated DOTS client configuration ) End-customer operating a CPE network infrastructure Yes Yes device with an integrated DOTS client Suppression of outbound DDoS traffic originating from Yes Yes a consumer broadband access network DDoS Orchestration No N/A 5

  6. DOTS Single Discovery is Unlikely The Network The use of anycast may simplify the Provider is also the Use Case Requires a CPE operations to discover a DOTS DDoS Mitigation gateway, if the end-customer network Provider The use of anycast is not is single-homed. appropriate for these use End-customer with single or multiple upstream transit cases, in particular. Yes Yes provider(s) offering DDoS mitigation services It is safe to assume that for such deployments, the End-customer with an overlay DDoS mitigation DOTS server(s) domain Yes No managed security service provider (MSSP) name is provided during the service subscription End-customer operating an application or service with Yes Yes/No (i.e., manual/local an integrated DOTS client configuration ) End-customer operating a CPE network infrastructure Yes Yes device with an integrated DOTS client Suppression of outbound DDoS traffic originating from Yes Yes a consumer broadband access network DDoS Orchestration No N/A Leverage on existing features that do not require specific feature on the node embedding the DOTS client will ease DOTS deployments ( S-NAPTR ) 6

  7. DOTS Single Discovery is Unlikely The Network The use of anycast may simplify the Provider is also the Use Case Requires a CPE operations to discover a DOTS DDoS Mitigation gateway, if the end-customer network Provider The use of anycast is not is single-homed. appropriate for these use End-customer with single or multiple upstream transit cases, in particular. Yes Yes provider(s) offering DDoS mitigation services It is safe to assume that for such deployments, the End-customer with an overlay DDoS mitigation DOTS server(s) domain Yes No managed security service provider (MSSP) name is provided during the service subscription End-customer operating an application or service with Yes Yes/No (i.e., manual/local an integrated DOTS client configuration ) End-customer operating a CPE network infrastructure Yes Yes device with an integrated DOTS client Suppression of outbound DDoS traffic originating from Yes Yes a consumer broadband access network DDoS Orchestration No N/A Leverage on existing features that do not require specific feature on the node embedding the DOTS client will ease DOTS deployments ( S-NAPTR ) It is intuitive to leverage on existing mechanisms such as DHCP to provision the CPE acting as a DOTS client with the DOTS server(s). 7

  8. DOTS Single Discovery is Unlikely Resolving a DOTS server domain name offered by the upstream transit provider provisioned to a DOTS client into IP address(es) require the use of the appropriate DNS resolvers; otherwise, resolving those names will fail (hence, DHCP) The Network The use of anycast may simplify the Provider is also the Use Case Requires a CPE operations to discover a DOTS DDoS Mitigation gateway, if the enterprise network is Provider The use of anycast is not single-homed. appropriate for these use End-customer with single or multiple upstream transit cases, in particular. Yes Yes provider(s) offering DDoS mitigation services It is safe to assume that for such deployments, the End-customer with an overlay DDoS mitigation DOTS server(s) domain Yes No managed security service provider (MSSP) name is provided during the service subscription End-customer operating an application or service with Yes Yes/No (i.e., manual/local an integrated DOTS client configuration ) End-customer operating a CPE network infrastructure Yes Yes device with an integrated DOTS client Suppression of outbound DDoS traffic originating from Yes Yes a consumer broadband access network DDoS Orchestration No N/A Leverage on existing features that do not require specific feature on the node embedding the DOTS client will ease DOTS It is intuitive to leverage on existing mechanisms such as DHCP to provision deployments ( S-NAPTR ) the CPE acting as a DOTS client with the DOTS server(s). The use of protocols such as DHCP does allow to associate provisioned DOTS server domain names with a list of DNS servers to be used for name 8 resolution

  9. Unified Discovery Mechanism For DOTS • DOTS clients MUST follow these steps to build a DOTS server(s) list to contact: 1. Use any local explicit configuration: local, manual, or DHCP-based DOTS configuration 2. Proceed with service resolution of DOTS names 3. Run DNS-SD/mDNS 4. Use DOTS anycast address(es) • An implementation may choose to perform all the above steps in parallel for discovery or choose to follow any desired order and stop the discovery procedure if a mechanism succeeds 9

  10. More in the draft • Specify "DOTS" application service tag and "signal.udp ”, "signal.tcp “, and "data.tcp" as application protocol tags • Describe the procedure for S-NAPTR lookup, DNS-SD and mDNS • Request DOTS IPv4/IPv6 anycast addresses • Specify DOTS DHCP options 10

  11. What is Next? • The floor is yours to comment about the proposed approach and/or to ask questions • Consider adoption of the draft 11

  12. Backup 12

  13. Discovery: Service Resolution example.net. IN NAPTR 100 10 "" DOTS:signal.udp "" signal.example.net. IN NAPTR 200 10 "" DOTS:signal.tcp "" signal.example.net. IN NAPTR 300 10 "" DOTS:data.tcp "" data.example.net. signal.example.net. IN NAPTR 100 10 S DOTS:signal.udp "" _dots._signal._udp.example.net. IN NAPTR 200 10 S DOTS:signal.tcp "" _dots._signal._tcp.example.net. data.example.net. IN NAPTR 100 10 S DOTS:data.tcp "" _dots._data._tcp.example.net. _dots._signal._udp.example.net. IN SRV 0 0 5000 a.example.net. _dots._signal._tcp.example.net. IN SRV 0 0 5001 a.example.net. _dots._data._tcp.example.net. IN SRV 0 0 5002 a.example.net. a.example.net. IN AAAA 2001:db8::1 13 13

  14. mDNS DOTS server DOTS client PTR query _dots._signal._udp.local PTR reply SRV query SRV reply AAAA/A query reply 14 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Discovery mechanisms Retrieving the domain name DHCP IP

Discovery mechanisms Retrieving the domain name DHCP IP

TURN Server Auto Discovery dra5-pa8l-tram-turn-serv-disc-01 Prashanth Pa)l, Tiru Reddy, Dan Wing IETF-90 TURN Server Auto Discovery

356 views • 12 slides
OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF

OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF

* OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF 95, Buenos Aires April 2016 1 Document Status Current draft addresses WGLC feedback See

423 views • 8 slides
Quantum Dots Quantum dots are extremely small semiconductor structures, usually ranging from 2-

Quantum Dots Quantum dots are extremely small semiconductor structures, usually ranging from 2-

Page 1 Quantum Dots Quantum dots are extremely small semiconductor structures, usually ranging from 2- 10 nanometers (10-50 atoms) in diameter. At these small sizes materials behave differently, giving quantum dots unprecedented tunability and

532 views • 21 slides
Understanding Others Understanding Others From Dots to Robots From Dots to Robots Ayse P.

Understanding Others Understanding Others From Dots to Robots From Dots to Robots Ayse P.

Understanding Others Understanding Others From Dots to Robots From Dots to Robots Ayse P. SAYGIN . University of California San Diego http://apsaygin.googlepages.com Understanding Others Understanding Others Theory 3 rd person

1.34k views • 75 slides
Understanding Others Understanding Others From Dots to Robots From Dots to Robots Ayse P.

Understanding Others Understanding Others From Dots to Robots From Dots to Robots Ayse P.

Understanding Others Understanding Others From Dots to Robots From Dots to Robots Ayse P. SAYGIN, PhD . University of California San Diego Department of Cognitive Science Cognitive Neuroscience and Neuropsychology Lab

986 views • 76 slides
DOTS LINES & SHAPES Shuyi, Kaie, Yuting DOTS Definition, Properties, Examples Definition

DOTS LINES & SHAPES Shuyi, Kaie, Yuting DOTS Definition, Properties, Examples Definition

DOTS LINES & SHAPES Shuyi, Kaie, Yuting DOTS Definition, Properties, Examples Definition Properties of Dots Point of focused attention that comes in different sizes, shapes and colors Doesnt always need to be perfectly

590 views • 36 slides
QUANTUM DOTS Presented by Abhisek Banerjee Bishan Mukherjee Somaditya Indu Suman Roy 1 What

QUANTUM DOTS Presented by Abhisek Banerjee Bishan Mukherjee Somaditya Indu Suman Roy 1 What

QUANTUM DOTS Presented by Abhisek Banerjee Bishan Mukherjee Somaditya Indu Suman Roy 1 What are Quantum Dots? Bohr exciton radius and quantum Confinement Why Quantum Dots? Uniqueness of Q Dots Various Fabrication

878 views • 33 slides
Other Results QUANTUM DOTS AND OPTICAL CAVITIES PHOTONS, COUPLED QUANTUM DOTS AND QUBITS TWO

Other Results QUANTUM DOTS AND OPTICAL CAVITIES PHOTONS, COUPLED QUANTUM DOTS AND QUBITS TWO

Other Results QUANTUM DOTS AND OPTICAL CAVITIES PHOTONS, COUPLED QUANTUM DOTS AND QUBITS TWO EXCITONS IN QD WITH COHERENT FIELD From the following article: Wiring up quantum systems R. J. Schoelkopf & S. M. Girvin Nature 451, 664-669(7

734 views • 57 slides
Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different

Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different

Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different network architecture than client/server Each peer is both a client and a server Appropriate for applications that dont require a

353 views • 11 slides
CAMI - Exploding Dots 6.28.18 BMCC F306 An interesting machine... The 12 Machine: Lets

CAMI - Exploding Dots 6.28.18 BMCC F306 An interesting machine... The 12 Machine: Lets

CAMI - Exploding Dots 6.28.18 BMCC F306 An interesting machine... The 12 Machine: Lets try another... With 3 dots With 15 dots With... Exploding Dot Machines make Machine Codes The 12 Machine code for six dots:

270 views • 15 slides
Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server

Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server

E LIOM Tierless Web programming from the ground up Gabriel R ADANNE Jrme V OUILLON Vincent B ALAT Vasilis P APAVASILEIOU Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server DOM 2 2 / 22 1

778 views • 42 slides
Topic II.2: Connecting the Dots Discrete Topics in Data Mining Universitt des Saarlandes,

Topic II.2: Connecting the Dots Discrete Topics in Data Mining Universitt des Saarlandes,

Topic II.2: Connecting the Dots Discrete Topics in Data Mining Universitt des Saarlandes, Saarbrcken Winter Semester 2012/13 T II.2- 1 T II.2: Connecting the Dots 1. Connecting the Dots 1.1. Intuition & Motivation 1.2. Coherence of

929 views • 41 slides
Server Server Server Server Server Datacenter Network (e.g., Ethernet, InfiniBand,

Server Server Server Server Server Datacenter Network (e.g., Ethernet, InfiniBand,

Chanwoo Chung , Jinhyung Koo, Junsu Im, Arvind , and Sungjin Lee DGIST and MIT NVRAMOS 19 2019.10.24 DATA -INTENSIVE COMPUTING SYSTEMS LAB ORATORY Computation Application Application Application Application Application

597 views • 48 slides
4/3/2014 Function, Literacy, and the Common Core Connecting the Dots The dots The Sensory

4/3/2014 Function, Literacy, and the Common Core Connecting the Dots The dots The Sensory

4/3/2014 Function, Literacy, and the Common Core Connecting the Dots The dots The Sensory System The Common Core Curriculum Valuing Literacy The Sensory System Vision Hearing, Vestibular Touch, Proprioception Smell and Taste And THE

269 views • 4 slides
Connecting the Dots: Connecting the Dots: Black Lives Matter, Connecting the Dots: COVID-19,

Connecting the Dots: Connecting the Dots: Black Lives Matter, Connecting the Dots: COVID-19,

Connecting the Dots: Connecting the Dots: Black Lives Matter, Connecting the Dots: COVID-19, Energy Policy, COVID-19, and COVID-19, Energy Policy, Energy Policy and the Role of States and the Role of States Professor Shalanda H. Baker

497 views • 31 slides
Inter-Domain DOTS Use Cases draft-nishizuka-dots-inter-domain-usecases-00 Kaname Nishizuka, NTT

Inter-Domain DOTS Use Cases draft-nishizuka-dots-inter-domain-usecases-00 Kaname Nishizuka, NTT

Inter-Domain DOTS Use Cases draft-nishizuka-dots-inter-domain-usecases-00 Kaname Nishizuka, NTT Communications Nov. 2015 IETF94@yokohama Draft Overview Motivation The volume of DDoS attack will exceed available anti- DDoS capability by

802 views • 10 slides
Heterogeneous multiprocessor compositional real-time scheduling Jo ao Pedro Craveiro Jos e

Heterogeneous multiprocessor compositional real-time scheduling Jo ao Pedro Craveiro Jos e

Motivation Related work Problem Preliminary intuitions Open questions Heterogeneous multiprocessor compositional real-time scheduling Jo ao Pedro Craveiro Jos e Rufino Universidade de Lisboa, Faculdade de Ci encias, LaSIGE Lisbon,

330 views • 18 slides
Outline Software Software Design Design Enrico Bini Enrico Bini Design Design problem

Outline Software Software Design Design Enrico Bini Enrico Bini Design Design problem

Component- Component- Based Based Outline Software Software Design Design Enrico Bini Enrico Bini Design Design problem problem Component-Based Software Design Model of VM Model of VM Hierarchical Real-Time Scheduling lecture

221 views • 3 slides
Resistance and Resistivity Resistance depends on the geometry of the resistor its length

Resistance and Resistivity Resistance depends on the geometry of the resistor its length

Resistance and Resistivity Resistance depends on the geometry of the resistor its length and cross-sectional area R is proportional to length R is inversely proportional to area. r l R A Resistivity r depends on material

259 views • 9 slides
0 in 0 0 on 0 First results results on in comparison comparison

0 in 0 0 on 0 First results results on in comparison comparison

the decay Spin- -exotic exotic search search in in the decay channel channel: : Spin 0 in 0 0 on 0 First results results on in comparison comparison First final + to +

642 views • 49 slides
CS184c: Computer Architecture [Parallel and Multithreaded] Day 5: April 17, 2001 Network

CS184c: Computer Architecture [Parallel and Multithreaded] Day 5: April 17, 2001 Network

CS184c: Computer Architecture [Parallel and Multithreaded] Day 5: April 17, 2001 Network Interface Dataflow Intro CALTECH cs184c Spring2001 -- DeHon Admin CALTECH cs184c Spring2001 -- DeHon 1 Projects Get idea this week Plan on

489 views • 31 slides
Efficient Many-Core Systems Florian Schmaus, Stefan Reif 2016-11-08 Moores Law (Computer

Efficient Many-Core Systems Florian Schmaus, Stefan Reif 2016-11-08 Moores Law (Computer

Efficient Many-Core Systems Florian Schmaus, Stefan Reif 2016-11-08 Moores Law (Computer History Musem, Mountain View, CA) Moores Law Moores Law The number of transistors incorporated in a chip will approximately double every 24

466 views • 27 slides
Analytical Modeling of Parallel Programs (Chapter 5) Alexandre David B2-206 Topic Overview

Analytical Modeling of Parallel Programs (Chapter 5) Alexandre David B2-206 Topic Overview

Analytical Modeling of Parallel Programs (Chapter 5) Alexandre David B2-206 Topic Overview Sources of overhead in parallel programs. Performance metrics for parallel systems. Effect of granularity on performance. Scalability of

536 views • 39 slides
Chapter 17: Parallel Databases Introduction I/O Parallelism Interquery Parallelism

Chapter 17: Parallel Databases Introduction I/O Parallelism Interquery Parallelism

' $ Chapter 17: Parallel Databases Introduction I/O Parallelism Interquery Parallelism Intraquery Parallelism Intraoperation Parallelism Interoperation Parallelism Design of Parallel Systems & % Database Systems

341 views • 21 slides

More recommend