RE: [savnet] WG Review: Source Address Validation in Intra-domain and Inter-domain Networks (savnet)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Michael,

I reply to your email by CCing to IESG and IETF-discussion lists, otherwise people may not read it.

As for the benefit of the proposed solution over uRPF, I would also like to share the slides presented in the SAVNET BOF: https://datatracker.ietf.org/meeting/113/materials/slides-113-savnet-gap-analysis-01.

" I am at a loss to understand Stephen's privacy concerns." The same for me.

Best,
Dan

-----邮件原件-----
发件人: savnet-bounces@xxxxxxxx <savnet-bounces@xxxxxxxx> 代表 Michael Richardson
发送时间: 2022年6月4日 6:45
收件人: savnet@xxxxxxxx
主题: Re: [savnet] WG Review: Source Address Validation in Intra-domain and Inter-domain Networks (savnet)


Robert Raszuk asks:
> IMO the expectation that an operator who is not doing uRPF filtering 
> today on the edge will suddenly enable outcome of SAVnet WG (if ever 
> supported across their network elements) is pretty unrealistic.

Dan answers:
> The inaccuracy problem of uRPF indeed discourages some operators from 
> deploying it (or just using loose uRPF, which is not effective enough 
> for the filtering). We have given examples in the mailing list before. 
> I am wondering whether it is necessary to go back to these 
> discussions. If so, we can continue.

I haven't had a lot of conversations about uRPF filtering among operators, but when I have raised this issue,  my impression is that the inaccuracy problem was really an excuse for inaction rather than a real reason.
The challenge with BCP38 is a human resource allocation problem, not a technical problem.
But, maybe if we can automate something better, we can reduce the effort.

If we aren't going to get right down to the customer-adjacent routers, then I don't see how any new solution is going to be any more accurate.
In particular, if uRPF filtering was present in customer adjacent routers, then it would protect the customer from having eir address spoofed.

I am at a loss to understand Stephen's privacy concerns.
I'd like to understand more about what would be bad solutions.

--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide









[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux