RE: [savnet] WG Review: Source Address Validation in Intra-domain and Inter-domain Networks (savnet)

["Dan Li" <tolidan@xxxxxxxxxxxxxxx>]

Hi Robert,

 

The inaccuracy problem of uRPF indeed comes from the fact that “applied on a directly connected interfaces to the site”. If we rely on network operator to decide whether there will be inaccuracy problem in their scenarios when deploying uRPF, it is not deployment-friendly. And if the answer is no, network operator has to abandon it.

 

Can you describe more about your concern on “compromising network resilience”?

 

Best,

Dan

 

发件人: Robert Raszuk <robert@xxxxxxxxxx>
发送时间: 2022年6月4日 6:49
收件人: Dan Li <tolidan@xxxxxxxxxxxxxxx>
抄送: Joel Halpern <jmh@xxxxxxxxxxxxxxx>; Adrian Farrel <adrian@xxxxxxxxxxxx>; Alvaro Retana <aretana.ietf@xxxxxxxxx>; Stephen Farrell <stephen.farrell@xxxxxxxxx>; The IESG <iesg@xxxxxxxx>; IETF-Discussion <ietf@xxxxxxxx>; savnet@xxxxxxxx
主题: Re: [savnet] WG Review: Source Address Validation in Intra-domain and Inter-domain Networks (savnet)

 

Dan,

 

> As for the definition of “valid”, it is the same as uRPF.

 

I beg to differ on this. 

 

uRPF is applied on a directly connected interfaces to the site. 

 

The moment you depart from that very point - you are compromising network resilience. And that worries me the most in this effort to be launched. 

 

Many thx,

Robert

 

 

On Sat, Jun 4, 2022 at 12:44 AM Dan Li <tolidan@xxxxxxxxxxxxxxx> wrote:

Hi Robert,

 

As for the definition of “valid”, it is the same as uRPF. Specifically, if there exists a feasible “forwarding path” from the “source prefix” to the incoming interface of a router, then the router regard the incoming packet as having a “valid incoming interface”. The only difference between SAVNET and uRPF is how to check the “forwarding path”, which is also the reason why uRPF has inaccuracy problem.

 

Best,

Dan