SAVI Requirements and Solutions for ISP IPv6 Access Network
draft-shi-savi-access-06
The information below is for an old version of the document.
Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Expired".
|
|
---|---|---|---|
Authors | Fan Shi , DENG Hui , Liang Zhu , Guangwu Hu | ||
Last updated | 2014-11-10 | ||
RFC stream | (None) | ||
Formats | |||
Additional resources | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | I-D Exists | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
draft-shi-savi-access-06
Shi, et al. Expires May 10, 2015 [Page 11] Internet-Draft SAVI Access Nov 2014 +--------+ +-----------+ | AAA |--| PDSN | +--------+ +------|----+ +--------+ +------|----+ |AN-AAA |--| WAG | +--------+ +-----------+ // // UDP tunnel || || +--||---+ | BRAS | +-------+ | (DHCPv6) | +--------+ | SAVI | | device| | | +--------+ | | +-------+ |LAPTOP | +-------+ Figure 10: SAVI solution for Scenario 5 5. Conclusions For ISPs, SAVI can defend against many security attacks effectively which are based on IP address spoofing. There are various scenarios of ISPs'IPv6 Access Network. As each scenario uses a different address assignment method and protocol, there are a variety of requirements to validate the source address for ISPs' IPv6 access network. Though SAVI cannot support all protocols and methods right now, due to expansibility of SAVI, the mechanism can satisfy various demands with a small improvement. This document presents five typical scenarios of ISPs'IPv6 access network, and proposes tentative SAVI solutions. Moreover, for functional verification, we conducted an experiment on China Telecom's access network using the network devices of HuaWei(officially huawei technologies Co Ltd.) in Hunan province. The experimental results show that source addresses can be validated Shi, et al. Expires May 10, 2015 [Page 12] Internet-Draft SAVI Access Nov 2014 effectively as we expected in most access scenarios. Next, we will deploy more SAVI devices on a large-scale network in order to form a complete architecture. 6. References 6.1. Normative References [RFC 2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [draft-ietf-savi-threat-scope] McPherson, D., Baker, F., and J. Halpern, "SAVI Threat Scope", draft-ietf-savi- threat-scope-05, April 2011. [I-D.ietf-savi-dhcp] Wu, J., Yao, G., Bi, J., and F. Baker, "SAVI Solution for DHCP", draft-ietf-savi- dhcp-10 (work in progress), July 2011. [I-D.ietf-savi-fcfs] Nordmark, E., Bagnulo, M., and E. Levy- Abegnoli, "FCFSSAVI: First-Come First-Serve Source-Address Validation for Locally Assigned IPv6 Addresses", draft-ietf-savi- fcfs-09(work in progress), April 2011. [I-D.ietf-savi-send] Bagnulo, M. and A. Garcia-Martinez, "SEND- based Source-Address Validation Implementation", draft-ietf-savi-send-06 (work in progress), October 2011. [I-D.ietf-savi-framework] Wu, J., Bi, J., Bagnulo, M., Baker, F., and C. Vogt, "Source Address Validation Improvement Framework",draft-ietf-savi- framework-05 (work in progress), July 2011. Shi, et al. Expires May 10, 2015 [Page 13] Internet-Draft SAVI Access Nov 2014 7. Acknowledgments This document was prepared using 2-Word-v2.0.template.dot. Authors' Addresses Fan Shi China Telecom Beijing Research Institute, China Telecom Beijing, 100035 China Email: shifan@ctbri.com.cn Ke Xu Tsinghua University Department of Computer Science, Tsinghua University Beijing, 100084 China Email: xuke@mail.tsinghua.edu.cn Liang Zhu Tsinghua University Department of Computer Science, Tsinghua University Beijing, 100084 China Email: tshbruce@gmail.com Guangwu Hu Tsinghua University Department of Computer Science, Tsinghua University Beijing, 100084 China Email: hgw09@mails.tsinghua.edu.cn Yang Bo Huawei Technology Switch Communication Telepresence Product Dept, Huawei Techonolgy Beijing, 100085 China Email: boyang.bo@huawei.com Shi, et al. Expires May 10, 2015 [Page 14]