Problem Statement, Gap Analysis, and Requirements for Intra-domain Source Address Validation
draft-ietf-savnet-intra-domain-problem-statement-25
Discuss
Yes
Jim Guichard
No Objection
(Paul Wouters)
Abstain
Note: This ballot was opened for revision 10 and is now closed.
Gunter Van de Velde
Discuss
Discuss
(2025-02-17 for -10)
Sent
# Gunter Van de Velde, RTG AD, comments for draft-ietf-savnet-intra-domain-problem-statement-10 # Big thanks to Linda Dunbar for the RTGDIR review! # I really appreciate the effort put into writing this document. That said, I found it a bit tricky to follow because some of the terminology feels underspecified. # Before jumping into a detailed, line-by-line review, I’d like to see the blocking DISCUSS observations addressed first. Looking forward to the updates # DISCUSS # ======= # I would like to see confirmation from Linda that the proposed changes resolved her RTGDIR concern # The most important DISCUSS observation is that this draft does not consider RFC8704 (Enhanced Feasible-RPF) which was developed to strike a balance between being full or oblivious to directionality of traffic. It is important to understand if or why this solution is not good enough, and understand if remaining functional gaps exist. # The text includes use cases where ASBRs are involved. These routers sit at the edge of a network, acting as the boundary between intra-domain and inter-domain connectivity. To properly define the problem and solution space in the context of SAV, it's important to have a clear and accurate description of what qualifies as intra-domain communication, especially when traffic crossing these boundary devices is concerned. This helps ensure the discussion stays well-framed and aligned with the intended scope. # similar with the observation above is that the understanding of what is exactly an "Intra-domain host network" and "intra-domain customer network" is underspecified or not accurately defined. The draft talks about VPN and makes me wonder about the relationship of VPN usage is with intra-domain SAV? Many thanks for this document and looking forward to a fresh revision to address the observed discuss items. Gunter Van de Velde RTG Area Director
Jim Guichard
Yes
Éric Vyncke
Abstain
Comment
(2025-02-20 for -11)
Sent
# Éric Vyncke, INT AD, comments for draft-ietf-savnet-intra-domain-problem-statement-11 CC @evyncke Thank you for the work put into this document. Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education), and some nits. I am balloting ABSTAIN because I have too many 'near DISCUSS' points. I am strongly supporting Gunter's DISCUSS about the lack of reference to RFC8704 (Enhanced Feasible-RPF), especially as we were the two OPSEC WG chairs ;-) Special thanks to Xueyan Song for the shepherd's write-up including the WG consensus *and* the justification of the intended status. But, I find `The Shepherd did not find any other working areas have identified the same issues addressed in this document` a little light. Please note that Wassim Haddad is the Internet directorate reviewer (at my request) and you may want to consider this int-dir review as well when it will be available (no need to wait for it though): https://datatracker.ietf.org/doc/draft-ietf-savnet-intra-domain-problem-statement/reviewrequest/21463/ I hope that this review helps to improve the document, Regards, -éric ## COMMENTS (non-blocking) ### Host vs. node "Host" is mainly used for plain node without forwarding capability and "node" is any node with or without forwarding capability. AFAIK, this document should rather use "node" than "host". ### Section 1 Like Erik Kline, I find the use of domain = AS a little limiting. s/a host must use the source IP address assigned to the host/a *node* must use *one* source IP address assigned to the *node*/ `access network SAV (i.e., IP address)` mainly applies to IPv4 only as it is typical in IPv6 network to assign one prefix for one client. Strongly suggest rewriting. s/This document focuses on the analysis of intra-domain SAV/This document focuses *only* on the analysis of intra-domain SAV/ Isn't this a solved problem: `blocking source-spoofed packets coming from other ASes using a source address of this AS` ? ### Section 2 What is the "INSIDE access list" in `If the source address of a packet is in the INSIDE access list` ? ### Section 3.1 I was about to raise a DISCUSS on this point as several routers are able to prevent spoofing based on snooped DHCP-PD prefix delegation. I fear this I-D has only IPv4 in mind :-( ### Section 3.1.1 As noted, this is only an issue with strict mode URPF. ### Section 5 This would be nice to have a link between requirements in this section and the issues of section 3. ### Section 5.1 The 2nd paragraph is not about requirements but more about solution space, suggest removing it. ### Section 5.2 I was also about to ballot a DISCUSS... this section is underspecified, e.g., it should include DHCP-PD snooping to get the delegated prefix in some cases (in addition to routing). Should PCE be mentioned ? ## NITS (non-blocking / cosmetic) ### Use of SVG graphics To make a much nicer HTML rendering, suggest using the aasvg too to generate SVG graphics. It is worth a try ;-)
Roman Danyliw
Abstain
Comment
(2025-02-17 for -11)
Sent
Thank you to Tim Evan for the GENART review. I am balloting ABSTAIN because I am challenged in understanding how the requirements portion of this document is to be interpreted given their normative guidance but extremely vague details. As written, I question if the current text is sufficient to guide the “design [of a] … new intra-domain SAV mechanism.” (per Section 5). I am equally confused by this statement in the shepherd review “This document provides a gap analysis and problem statement of existing SAV mechanisms. It's not related to protocol design.” If the requirements aren’t related to a protocol, who are they for? Why are they here? I acknowledge that the SAVNET charter calls for a “Problem Statement, Use Cases, and Requirements” document. It remains silent whether it should be published. Below are areas of clarity that would benefit the document: ** Section 1. The term “multi-fence architecture” is used a few times. Can this concept be explained more clearly. I thought this might be a term of art, but the few search engines I tried reference this document. Is this a “defense in depth” term? ** Section 1. Given numerous access networks managed by different operators throughout the world, it is difficult to require all access networks to deploy SAV . Perhaps a reference on the difficulty of implementing SAV on access networks would be helpful. ** Section 2. Editorial. Why is the Carrier Grade NAT text the only one that discusses limitations of the technology as a solution? Is there nothing to say about uRFP or ACLs? ** Section 3.1.2. For special business purposes, a host/customer network will originate data packets using a source address that is not distributed through intra-domain routing protocol. What is “special business purposes”? ** Section 4. This section is titled “Problem Statement” which I typically interpret as a statement of the problem to solve. However, the text seems to be discussing the inadequacy of existing solutions. ** Section 5.1 Improper permit SHOULD be reduced as much as possible so that data packets with spoofed source addresses can be effectively blocked. -- What is an “improper permit”? -- What does it mean to “reduce as much as possible” with an already non-mandatory “SHOULD”? How does one know one has satisfied “as much as possible”? When can one ignore this sentence since it is only a “SHOULD”? ** Section 5.1 When the network changes, the new mechanisms MUST efficiently update SAV rules to guarantee the accuracy of SAV. What is the definition of “efficient”? How will know it has been realized? Is the definition contextual? ** Section 5.3 The new intra-domain SAV mechanism SHOULD NOT assume pervasive adoption. When is it acceptable to assume there is pervasive adoption (since this text is written as a SHOULD not a MUST)? ** Section 5.3 In addition, it SHOULD outperform the current ones in the same incremental deployment scenario. What is the metric of performance what must be “outperformed”? ** Section 5.3. How is this section specifying a requirement if all of the text is describing behavior which is optional (i.e., only SHOULDs) ** Section 5.4 To this end, routers MUST NOT signal too much information How does an implementer use this requirement if “too much” is quantified or contextualized? ** Section 5.5 Necessary security tools SHOULD be considered in the new intra-domain SAV mechanism. -- What are “necessary security tools”? -- Why would be acceptable to ignore “necessary security tools” in the design (again because this is a SHOULD)?
Zaheduzzaman Sarker Former IESG member
Discuss
Discuss
[Treat as non-blocking comment]
(2025-02-20 for -11)
Sent
Thanks for working on this document. I have to agree with Roman's observation on the it is not clear on the protocol requirements. I would like to understand more. I would like to discuss - what are the particular protocol requirements imposed by 5.3 and 5.4? I could infer some requirements from other sections even though they are a obfuscated but the mentioned sections seems more like deployment/operation considerations rather protocol design requirements.
Erik Kline Former IESG member
No Objection
No Objection
(2025-02-10 for -10)
Sent
# Internet AD comments for draft-ietf-savnet-intra-domain-problem-statement-10 CC @ekline * comment syntax: - https://github.com/mnot/ietf-comments/blob/main/format.md * "Handling Ballot Positions": - https://ietf.org/about/groups/iesg/statements/handling-ballot-positions/ ## Comments ### S1 * "intra-domain SAV does not require collaboration between different Autonomous Systems (ASes)" Perhaps some slight rewording to emphasize Autonomous Systems in different administrative domains, since I believe it's possible for a single administrative domain to span multiple ASes.
Paul Wouters Former IESG member
No Objection
No Objection
(for -11)
Not sent
Murray Kucherawy Former IESG member
Abstain
Abstain
(2025-02-20 for -11)
Sent
I concur with the ARTART review (thanks to Robert Sparks) and Roman's observations that it's unclear that this should be published. I also concur with the observation that was made about the peculiarity of a problem statement document making normative assertions about something. (Note that I have not reviewed its apparent companion "-inter-" document.) These are things that should be confirmed with or reviewed prior to the document moving forward. I can't support its progress in its current form, but I won't obstruct progress either, hence I'm balloting ABSTAIN.