A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Problem Statement of SAVI Beyond the First Hop
Author(s) : Jun Bi
Bingyang Liu
Filename : draft-bi-savi-problem-01.txt
Pages : 16
Date : 2012-01-29
IETF Source Address Validation Improvements (SAVI) working group is
chartered for source address validation within the first hop from the
end hosts, i.e. preventing a node from spoofing the IP source address
of another node in the same IP link. For source address validation
beyond the first hop (SAVI-BF), Ingress Filtering [BCP38]/[BCP84] is
the best current practice. However Ingress Filtering may drop
legitimate packets (false positive) or fail to recognize spoofing
packets (false negative) in case of asymmetric routing, which is not
rare under SAVI-BF scenario.
This document states the possible scenarios in which Ingress
Filtering may have problems (false positive or false negative), and
lists five causes of the problems. These fives causes, we believe,
are the challeges that need be conquered by SAVI-BF solutions
(including possible improved version of Ingress Filtering). We also
observe that the incentive for Internet Service Providers (ISP) to
deploy SAVI-BF differs from intra-domain scenario to inter-domain
scenario, and incenting ISPs to deploy inter-domain SAVI is more
challenging. Although not intend to provide any SAVI-BF solution in
this document, we discuss the philosophy in designing a SAVI-BF
mechanism.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-bi-savi-problem-01.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-bi-savi-problem-01.txt
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
