I-D Action: draft-bi-savi-problem-00.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A New Internet-Draft is available from the on-line Internet-Drafts directories.

	Title           : Problem Statement of SAVI Beyond the First Hop
	Author(s)       : Jun Bi
                          Bingyang Liu
	Filename        : draft-bi-savi-problem-00.txt
	Pages           : 17
	Date            : 2012-01-29

   IETF Source Address Validation Improvements (SAVI) working group is
   chartered for source address validation within the first hop from the
   end hosts, i.e. preventing a node from spoofing the IP source address
   of another node in the same IP link.  Despite the drafts that are
   being actively standardized, the process of deployment on the
   Internet will take a long time, because the edge of the Internet is
   too huge.  Therefore some source address validation mechanisms
   implemented beyond the first hop (SAVI-BF) are needed to suppress
   source address spoofing inside the network.  So far, Ingress
   Filtering [BCP38]/[BCP84] is the best current practice for SAVI-BF.
   However Ingress Filtering may drop legitimate packets (false
   positive) or fail to recognize spoofing packets (false negative) in
   case of asymmetric routing, which is not rare under SAVI-BF scenario.

   This document states the problems of Ingress Filtering under SAVI-BF
   scenario.  Then we discuss how to better utilize the routing
   information to better enforce SAVI-BF, in the case of link-state and
   distance-vector routing protocols respectively.  Challenges to
   SAVI-BF, such as equal-cost multi-path routing (ECMP), static-routing
   and local routing policy, fast reroute and inter-domain route
   aggregation are discussed.  We also observe that the incentive for
   Internet Service Providers (ISP) to deploy SAVI-BF differs from
   intra-domain scenario to inter-domain scenario, and incenting ISPs to
   deploy inter-domain SAVI is quite challenging.  Finally we discuss
   the philosophy in designing a SAVI-BF mechanism.


A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-bi-savi-problem-00.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-bi-savi-problem-00.txt

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux