Skip to main content

Soure Address Validation: Gap Analysis
draft-li-opsec-sav-gap-analysis-02

Document Type Expired Internet-Draft (individual)
Authors Dan Li , Jianping Wu , Yunan Gu , Lancheng Qin , Tao Lin
Last updated 2022-01-05 (Latest revision 2021-07-04)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

This document identifies scenarios where existing IP spoofing approaches for detection and mitigation don't perform perfectly. Exsiting SAV (source address validation) approaches, either Ingress ACL filtering [RFC2827], unicast Reverse Path Forwarding (uRPF) [RFC3704], Feasible Path uRPF [RFC 3704], or Enhanced Feasible-Path uRPF [RFC8704] has limitations regarding eihter automated implemetation objective or detection accuracy objective (0% false positive and 0% false negative). This document provides the gap analysis of the exsting SAV approaches, and also provides solution discussions.

Authors

Dan Li
Jianping Wu
Yunan Gu
Lancheng Qin
Tao Lin

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)