Session Date/Time: 23 Jul 2024 16:30

savnet

Summary

The SAVNET working group meeting covered several key aspects of source address validation (SAV) including inter-domain and intra-domain architectures, benchmarking methodologies, deployment measurements, and potential solutions. Discussions revolved around improving validation accuracy, reducing operational overhead, and addressing security considerations within incremental deployment scenarios. Several drafts were presented and discussed, including updates to the inter-domain architecture document and proposals for new intra-domain solutions.

Key Discussion Points

Inter-domain Architecture: Updates focused on cell information base revisions, communication mechanisms, and meeting design requirements from the problem statement. The potential integration of controller-based solutions was discussed.
Benchmarking Methodology: A benchmarking methodology for evaluating SAV mechanisms was presented. Performance indicators such as proportion of improper blocks/permits, protocol convergence time, and data plane forwarding rate were discussed.
Othau Route: A method for remotely identifying O-South (outbound source address validation) deployment was presented. The methodology involves using transparent forwarders and analyzing response packets to detect the presence of SAV.
SPAR-based SAVNET: A new intra-domain solution called SPAR-based SAVNET, which uses SPAR messages for communicating self-specific information between routers, was proposed. Interface types and prefix list generation were key aspects.
IGP-based SPAR: An IGP-based method for implementing SPAR-based SAVNET was discussed. Approaches for carrying interface type and subnet tag information within IGP were presented, highlighting the potential use of administrative tags or defining new sub-TLVs.
Controller-based Solution: A network controller-based solution for enhancing SAV capabilities in intra-domain and inter-domain networks was presented. This centralized approach aims to improve accuracy, automation, and analysis in incremental deployment scenarios. Challenges related to special IP addresses (e.g., Anycast) were addressed.
SAVD in BGP: A mechanism for distributing source address validation (SAV) tables in BGP (SAVD) was introduced. It addresses the efficient distribution of SAV tables as an abstraction to forwarding elements, using BGP as the transport protocol. The concept of memberships to specific interfaces, groups of interfaces, peering ASs, or origin ASs were discussed.
BGP Flowspec: Introduced a use case of BGP flowspec to help install South rules on the traditional router, such as enhancing external saw rules to complete the source prefixes on the router for more accurate source prefixes filtering.
SISP object: The design of a Science of Net Peer Information Object (SISP) to aid in automatic peering was presented.

Decisions and Action Items

Inter-domain Architecture Draft: The working group adoption for the inter-domain architecture draft was requested.
Collaborate on Othau Route Measurement: It was agreed that researchers should independently validate the Othau route measurement results and provide feedback.
SPAR Generation Concerns: Concerns raised regarding the operators having to define every interface type and prefix attribute, the need to confirm manually, and an automatic way to be preferred were raised to team.
SAVD Deployment Trust: The need for a discussion within the working group about trust when distributing SAV information via the IGB was identified. It was noted that any subverted router inside of an IGP domain could inject bad data.
Discuss Solutions On The List: Discuss several concerns and proposed solutions that could enhance and enhance the overall solutions.

Next Steps

Further refinement of the drafts based on the feedback received.
Continued discussion on the mailing lists regarding the proposed solutions and identified issues.
Collaboration on testing and validating the proposed mechanisms.
More detailed follow-up to the test results from vendor.