Re: [savnet] WG Review: Source Address Validation in Intra-domain and Inter-domain Networks (savnet)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi, Robert:

Aijun Wang
China Telecom

On Jun 4, 2022, at 05:23, Robert Raszuk <robert@xxxxxxxxxx> wrote:


Joel,

While working groups can do all sorts of things, the expected results of
this work would be a new or extended mechanisms for routers to tell
other routers what address prefixes they will be using as source address
for packets they will be forwarding.

+

> For the primary work of this WG, what we are concerned with is providing 
> the prefix information to use in that validation step. 

I am still concerned with the scope of this effort. 

IP reachability advertisement is nothing else then indicating what src addresses belong to a given site or ISP. 

From what I have understood  so far, the objective of this WG was to further trim that IP prefix to indicate a more granular IP address or even ports. 

[WAJ] No. Here the “source addresses” refers to that the SAVNET table can be used to validate the incoming interfaces(ports) of the packet via its source address, not advertising the granular source address, and even the TCP or UDP ports.


Therefore aside from privacy issues or exposing addresses and active ports for easy attacks I am still very concerned about cutting the ability to fallback to any other end to end routing path in the event of failures or even brownouts. 

I have seen responses - Oh we will support backup and multipath. But this does not satisfy my concern as those will be still far less limited to what is available today - which is any node as long as it has reachability or default route can forward packets towards destination. 

[WAJ] SAVNET can utilize the ECMP path in the network. Upon the event of network failures, the SAVNET messages should  be triggered again to update its SAVNET table to let the traffic pass the fallback path, done as that the convergence of IGP protocol, which I think can solve your concerns.


Thx,
R.
 
--
savnet mailing list
savnet@xxxxxxxx
https://www.ietf.org/mailman/listinfo/savnet
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux