Soure Address Validation: Gap Analysis
draft-li-opsec-sav-gap-analysis-02
| Document | Type | Expired Internet-Draft (individual) | |
|---|---|---|---|
| Authors | Dan Li , Jianping Wu , Yunan Gu , Lancheng Qin , Tao Lin | ||
| Last updated | 2022-01-05 (Latest revision 2021-07-04) | ||
| Stream | (None) | ||
| Formats |
Expired & archived
plain text
xml
htmlized
pdfized
bibtex
|
||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
https://www.ietf.org/archive/id/draft-li-opsec-sav-gap-analysis-02.txt
Abstract
This document identifies scenarios where existing IP spoofing approaches for detection and mitigation don't perform perfectly. Exsiting SAV (source address validation) approaches, either Ingress ACL filtering [RFC2827], unicast Reverse Path Forwarding (uRPF) [RFC3704], Feasible Path uRPF [RFC 3704], or Enhanced Feasible-Path uRPF [RFC8704] has limitations regarding eihter automated implemetation objective or detection accuracy objective (0% false positive and 0% false negative). This document provides the gap analysis of the exsting SAV approaches, and also provides solution discussions.
Authors
Dan Li
Jianping Wu
Yunan Gu
Lancheng Qin
Tao Lin
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)