Technical Summary
This document specifies the DOTS signal channel Call Home, which
enables a DOTS server to initiate a secure connection to a DOTS
client, and to receive the attack traffic information from the DOTS
client. The DOTS server in turn uses the attack traffic information
to identify the compromised devices launching the outgoing DDoS
attack and takes appropriate mitigation action(s).
The DOTS signal channel Call Home is not specific to the home
networks; the solution targets any deployment which requires to block
DDoS attack traffic closer to the source(s) of a DDoS attack.
Working Group Summary
WG support for the adoption was strong.
The draft was well discussed and has been reviewed by many WG members.
Document Quality
The document authors are also co-authors of core DOTS documents (signal channel, data channel etc.)
They have good understanding of DOTS architecture so this document should fit well into that architecture.
There are at least two implementations of the draft.
The IANA ports expert did not see sufficient reason to allocate another port for this usage, but the WG
has found flaws in all alternate proposals raised to date. It is also noted that NETCONF and RESTCONF
call home have their own dedicated port numbers, and the situation here is somewhat analogous.
Personnel
Valery Smyslov (shepherd)
Benjamin Kaduk (AD)