Abstract

SAVI (Source Address Validation Improvement) is an excellent mechanism for anti-IP-spoofing, which was advocated by IETF but only focused on single-stack or simple network scenarios right now. To the best of our knowledge, existing studies have not paid attention to the IPv4/IPv6 transition scenarios. However, since IPv4/IPv6 transition schemes are plenty and various, one solution cannot meet all requirements of them. In this draft, we present a SAVI-based general framework for IP source address validation and traceback in the IPv4/IPv6 transition scenarios, which achieve this by extracting out essential and mutual properties from these schemes, and forming sub-solutions for each property. When one transition scheme is composed from various properties, its IP source address validation and traceback solution is directly comprised by the corresponding sub-solutions. Thus, the most exciting advantage of this framework is that it is a once-and-for-all solution no matter how transition schemes change.

Authors

Hui Deng (xuke@mail.tsinghua.edu.cn)
Guangwu Hu (huguangwu@gmail.com)
Jun Bi (junbi@tsinghua.edu.cn)
Mingwei Xu (xmw@csnet1.cs.tsinghua.edu.cn)
Fan Shi (shifan@ctbri.com.cn)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)