Skip to main content

Problem Statement of SAVI Beyond the First Hop
draft-bi-savi-problem-13

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Jun Bi , Bingyang Liu
Last updated 2017-11-13 (Latest revision 2017-05-09)
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

IETF Source Address Validation Improvements (SAVI) working group is chartered for source address validation within the first hop from end hosts, i.e., preventing a node from spoofing the IP source address of another node in the same IP link. However, since SAVI requires the edge routers or switches to be upgraded, the deployment of SAVI will need a long time. During this transition period, some source address validation techniques beyond the first hop (SAVI-BF) may be needed to complement SAVI and protect the networks from spoofing based attacks. In this document, we first propose three desired features of the SAVI-BF techniques. Then we analyze the problems of the current SAVI-BF technique, ingress filtering. Finally, we discuss the directions that we can explore to improve SAVI-BF.

Authors

Jun Bi
Bingyang Liu

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)