Browse Prior Art Database

A Source Address Validation Architecture (SAVA) Testbed and Deployment Experience (RFC5210)

IP.com Disclosure Number: IPCOM000172045D
Original Publication Date: 2008-Jun-01
Included in the Prior Art Database: 2008-Jun-26
Document File: 26 page(s) / 58K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Wu: AUTHOR [+6]

Abstract

Because the Internet forwards packets according to the IP destination address, packet forwarding typically takes place without inspection of the source address and malicious attacks have been launched using spoofed source addresses. In an effort to enhance the Internet with IP source address validation, a prototype implementation of the IP Source Address Validation Architecture (SAVA) was created and an evaluation was conducted on an IPv6 network. This document reports on the prototype implementation and the test results, as well as the lessons and insights gained from experimentation.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 5% of the total text.

Network Working Group                                              J. Wu Request for Comments: 5210                                         J. Bi Category: Experimental                                             X. Li                                                                   G. Ren                                                                    K. Xu                                                      Tsinghua University                                                              M. Williams                                                         Juniper Networks                                                                June 2008

         A Source Address Validation Architecture (SAVA) Testbed                        and Deployment Experience

Status of This Memo

   This memo defines an Experimental Protocol for the Internet    community.  It does not specify an Internet standard of any kind.    Discussion and suggestions for improvement are requested.    Distribution of this memo is unlimited.

Abstract

   Because the Internet forwards packets according to the IP destination    address, packet forwarding typically takes place without inspection    of the source address and malicious attacks have been launched using    spoofed source addresses.  In an effort to enhance the Internet with    IP source address validation, a prototype implementation of the IP    Source Address Validation Architecture (SAVA) was created and an    evaluation was conducted on an IPv6 network.  This document reports    on the prototype implementation and the test results, as well as the    lessons and insights gained from experimentation.

Wu, et al.                    Experimental                      [Page 1]
 RFC 5210                      SAVA Testbed                     June 2008

 Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3

   2.  A Prototype SAVA Implementation  . . . . . . . . . . . . . . .  4

     2.1.  Solution Overview  . . . . . . . . . . . . . . . . . . . .  4

     2.2.  IP Source Address Validation in the Access Network . . . .  6

     2.3.  IP Source Address Validation at Intra-AS/Ingress Point . .  9

     2.4.  IP Source Address Validation in the Inter-AS Case

        ...