SAVI Requirements and Solutions for ISP IPv6 Access Network
draft-shi-savi-access-06

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Expired".
Authors Fan Shi , DENG Hui , Liang Zhu , Guangwu Hu
Last updated 2014-11-10
RFC stream (None)
Formats
txt htmlized pdf bibtex bibxml
Additional resources
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date (None)
Responsible AD (None)
Send notices to (None)
Email authors IPR References Referenced by Nits Search email archive
draft-shi-savi-access-06 
Shi, et al.             Expires May 10, 2015                 [Page 11]
Internet-Draft               SAVI Access                      Nov 2014

                            +--------+  +-----------+
                            |   AAA  |--|    PDSN   |
                            +--------+  +------|----+
                            +--------+  +------|----+
                            |AN-AAA  |--|    WAG    |
                            +--------+  +-----------+
                                      //
                                     // UDP tunnel
                                     ||
                                     ||
                                  +--||---+
                                  | BRAS  |
                                  +-------+
                                     |
                                    (DHCPv6)
                                     |
                                 +--------+
                                 |  SAVI  |
                                 |  device|
                                 |        |
                                 +--------+
                                     |
                                     |
                                 +-------+
                                 |LAPTOP |
                                 +-------+

                  Figure 10: SAVI solution for Scenario 5

5. Conclusions

   For ISPs, SAVI can defend against many security attacks effectively
   which are based on IP address spoofing. There are various scenarios
   of ISPs'IPv6 Access Network. As each scenario uses a different
   address assignment method and protocol, there are a variety of
   requirements to validate the source address for ISPs' IPv6 access
   network. Though SAVI cannot support all protocols and methods right
   now, due to expansibility of SAVI, the mechanism can satisfy various
   demands with a small improvement. This document presents five typical
   scenarios of ISPs'IPv6 access network, and proposes tentative SAVI
   solutions.

   Moreover, for functional verification, we conducted an experiment on
   China Telecom's access network using the network devices of
   HuaWei(officially huawei technologies Co Ltd.) in Hunan province. The
   experimental results show that source addresses can be validated

Shi, et al.             Expires May 10, 2015                 [Page 12]
Internet-Draft               SAVI Access                      Nov 2014

   effectively as we expected in most access scenarios. Next, we will
   deploy more SAVI devices on a large-scale network in order to form a
   complete architecture.

6. References

6.1. Normative References

   [RFC 2119]                Bradner, S., "Key words for use in RFCs to
                             Indicate Requirement Levels", BCP 14, RFC
                             2119, March 1997.

   [draft-ietf-savi-threat-scope]

                             McPherson, D., Baker, F., and J. Halpern,
                            "SAVI Threat Scope", draft-ietf-savi-
                            threat-scope-05, April 2011.

   [I-D.ietf-savi-dhcp]      Wu, J., Yao, G., Bi, J., and F. Baker,
                            "SAVI Solution for DHCP", draft-ietf-savi-
                            dhcp-10 (work in progress), July 2011.

   [I-D.ietf-savi-fcfs]      Nordmark, E., Bagnulo, M., and E. Levy-
                            Abegnoli, "FCFSSAVI: First-Come First-Serve
                            Source-Address Validation for Locally
                            Assigned IPv6 Addresses", draft-ietf-savi-
                            fcfs-09(work in progress), April 2011.

   [I-D.ietf-savi-send]     Bagnulo, M. and A. Garcia-Martinez, "SEND-
                            based Source-Address Validation
                            Implementation", draft-ietf-savi-send-06
                            (work in progress), October 2011.

   [I-D.ietf-savi-framework] Wu, J., Bi, J., Bagnulo, M., Baker, F., and
                            C. Vogt, "Source Address Validation
                            Improvement Framework",draft-ietf-savi-
                            framework-05 (work in progress), July 2011.

Shi, et al.             Expires May 10, 2015                 [Page 13]
Internet-Draft               SAVI Access                      Nov 2014

7. Acknowledgments

   This document was prepared using 2-Word-v2.0.template.dot.

Authors' Addresses

      Fan Shi
      China Telecom
      Beijing Research Institute, China Telecom
      Beijing, 100035
      China
      Email: shifan@ctbri.com.cn

      Ke Xu
      Tsinghua University
      Department of Computer Science, Tsinghua University
      Beijing, 100084
      China
      Email: xuke@mail.tsinghua.edu.cn

      Liang Zhu
      Tsinghua University
      Department of Computer Science, Tsinghua University
      Beijing, 100084
      China
      Email: tshbruce@gmail.com

      Guangwu Hu
      Tsinghua University
      Department of Computer Science, Tsinghua University
      Beijing, 100084
      China
      Email: hgw09@mails.tsinghua.edu.cn

      Yang Bo
      Huawei Technology
      Switch Communication Telepresence Product Dept, Huawei Techonolgy
      Beijing, 100085
      China
      Email: boyang.bo@huawei.com

Shi, et al.             Expires May 10, 2015                 [Page 14]