Re: [savnet] WG Review: Source Address Validation in Intra-domain and Inter-domain Networks (savnet)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Aijun,

Your statement is way too broad and general. 

The protection should apply to all prefixes and not to "some". 

The foundation of SAVNET is to block forwarding unless allowed and to do it in many network locations. That to me is a main blocker to proceed with such an idea any further if this work is to see any production deployment(s). 

Best,
R.

On Mon, Jun 6, 2022 at 5:35 AM Aijun Wang <wangaijun@xxxxxxxxxxxxxxx> wrote:
Hi, Robert:

I think the routing optimization mechanisms that you mentioned can also apply to SAVNET mechanisms, for example, some important source addresses can be pre-installed at the interlink  ports/fallback path, which can work together with the redundant underlay routing information, to get the fast fallback based on local failure detection time.
Anyway, such considerations belongs to the solutions scope and I think we can investigate it deeply later. 

According to the proposed SAVNET charters, the proposed WG should first determine the “Problems Statements, Use Cases and Requirements” and then the “SAVNET Architecture Documents”. The last is the “ Definition of routing protocol-independent operation and management
    mechanisms to operate and manage SAV-related configurations.”

There certainly exists other solutions to mitigate your concerns, but I think we should first focus on the previous steps.

Aijun Wang
China Telecom

On Jun 4, 2022, at 18:15, Robert Raszuk <robert@xxxxxxxxxx> wrote:


Aijun,

[WAJ] SAVNET can utilize the ECMP path in the network. Upon the event of network failures, the SAVNET messages should  be triggered again to update its SAVNET table to let the traffic pass the fallback path, done as that the convergence of IGP protocol, which I think can solve your concerns.

Here we touch the most important thing I am concerned about. 

Building networks which depend on protocol convergence in the event of failure is worst possible choice. 

We have learned that lesson many years ago and solved it by precomputing and pre installing repair paths based on redundant routing information. Connectivity restoration here only depends on local failure (full or partial) detection time. Some new designs can go even further and predict the failures too before they even happen. 

It would be a huge disservice to any network to go back to medieval times to wait for convergence upon network failure. 

No thank you !

Best,
R.

 
--
savnet mailing list
savnet@xxxxxxxx
https://www.ietf.org/mailman/listinfo/savnet
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux