Markdown Version | Session Recording

Session Date/Time: 11 Nov 2022 09:30

savnet

Summary

The second meeting of the savnet working group focused on reviewing updated drafts related to the problem statement, gap analysis, and requirements for both intra-domain and inter-domain source address validation. Discussions covered incentives for deployment, reflection attack mitigation, architectural considerations for source address validation, and performance analysis of data plane implementations.

Key Discussion Points

• Intra-domain vs. Inter-domain Focus: Clarification needed on whether documents and proposals accurately reflect the charter's focus on both intra-domain and inter-domain aspects of source address validation. Some participants felt the inter-domain aspect was overly emphasized in certain documents.
• Incentives for Deployment: Discussion around the incentives (or lack thereof) for network operators to deploy source address validation. Initial removal of "misaligned incentives" from the intra-domain draft was questioned, with the counterargument that commercial incentives related to network capacity and customer satisfaction exist. Reflection attack mitigation and protection from spoofed traffic are also key drivers.
• Reflection Attack Mitigation: Detailed discussions on the ability of existing mechanisms like efp uRPF to mitigate reflection attacks. Arguments were presented that efp uRPF is not always effective, leading to the need for new mechanisms like savnet. Over-emphasis on reflection amplification vs. direct path spoofing attacks was raised.
• Defining Requirements: A need for more specific and quantifiable requirements was articulated. For example, the term "much overhead" needs to be defined with concrete values.
• Charter Scope: Reminder of the charter's restriction against extending existing mechanisms but allowing the use of them as part of a larger solution. This caused discussion on how new solutions might use existing technologies.
• Sav Table Architecture: Presentation of a source address validation table architecture, which was designed as a supporting document. The discussion highlighted the importance of this to assist in designing new or improving existing isoa mechanisms, provide guidance to operators in implementing subnet.
• Real-world Deployment: Doubts were cast on the comparison between existing EF View ipf and the 7net when many believe efp RPF had not been deployed.

Decisions and Action Items

• Adoption Call for Problem Statement Draft: After the meeting, a decision will be made on the mailing list to adopt one or both of the problem statement drafts.
• Share Links to Measurement Data: Sriram to share links to data showing a reduction in DDoS attacks due to the deployment of urpf etc.

Next Steps

• Continue discussion and refinement of the intra-domain and inter-domain problem statement and requirement drafts.
• Further development of the savnet architecture and potential solutions, considering the use of existing mechanisms where appropriate.
• Address the identified gaps in existing mechanisms to enhance security and mitigate reflection attacks effectively.