A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Problem Statement of SAVI Beyond the First Hop
Author(s) : Jun Bi
Bingyang Liu
Filename : draft-bi-savi-problem-02.txt
Pages : 9
Date : 2012-01-30
IETF Source Address Validation Improvements (SAVI) working group is
chartered for source address validation within the first hop from the
end hosts, i.e. preventing a node from spoofing the IP source address
of another node in the same IP link. For source address validation
beyond the first hop (SAVI-BF), Ingress Filtering [BCP38]/[BCP84] is
the best current practice. However Ingress Filtering may drop
legitimate packets (false positive) or fail to recognize spoofing
packets (false negative) in case of asymmetric routing, which is not
rare under SAVI-BF scenario.
This document states the possible scenarios in which Ingress
Filtering may have problems (false positive or false negative). We
claim that the reason of the problems is that the routers are lack of
sufficient routing information to predict the incoming direction of a
packet, since source address validation beyond the first hop should
act consistently with the behavior of the routing system. We also
discuss the availability of the needed routing information under
different routing environments.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-bi-savi-problem-02.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-bi-savi-problem-02.txt
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
