Session Date/Time: 27 Jul 2023 20:00

savnet

Summary

The savnet working group meeting focused on source address validation (SAV) architectures and related work. Discussions covered problem statements, architecture drafts (intra-domain and inter-domain), table size analysis, open-source implementation efforts, and YANG modeling. Key topics included the accuracy of SAV information, convergence issues, incremental deployment, security considerations, and the design of SAV-specific messages.

Key Discussion Points

Problem Statement Accuracy and Convergence: The working group discussed the need for accuracy in SAV mechanisms, focusing on minimizing false positives and false negatives. Convergence was also a key concern, specifically the potential for race conditions if SAV information and routing information converge at different rates. The group debated whether to prioritize allowing potentially invalid traffic during convergence or err on the side of dropping traffic, causing temporary black holes.
SAV Information Propagation: There was considerable discussion on how SAV information should be propagated, whether using existing routing protocols or a new SAV-specific protocol. There was debate on whether SAV should propagate the location of authorized sources or the actual forwarding path. The discussion raised questions about the size of SAV tables and how to minimize their impact on router resources.
Incremental Deployment: Participants emphasized the importance of supporting incremental and partial deployment of SAV mechanisms. The discussion considered how to use existing information (e.g., routing information, RPKI) when SAV-specific information is not yet available. The working group recognized the need to differentiate between incremental deployment of SAV protocol support and incremental deployment of acting on the SAV information.
Architecture Draft Updates: Presenters provided updates on intra-domain and inter-domain SAV architecture drafts, highlighting revisions based on previous IETF meeting feedback. These included clarifications on terminology, additions of management considerations, and expansions of security considerations sections.
Table Size Analysis: An analysis of SAV table size using real-world data was presented. It compared the size of forwarding information bases (FIBs) with SAV tables under different validation modes. The analysis suggested that interface-level SAV modes resulted in smaller tables than FIBs, while AS-level SAV modes could result in larger tables. The presentation then went on to discuss the impact that prefix aggregation has on table size.
Open Source Implementation: An update on the "Open Playground" (SAL OP) project, an open-source tool for building and emulating network topologies to test SAV mechanisms, was given. The relationship of this implementation with the broader goals of the working group was discussed.
YANG Model: An initial YANG model for SAV was presented, providing a framework for configuring and managing SAV subsystems. Participants acknowledged that the model was preliminary and would likely undergo significant changes as the working group's understanding of SAV requirements evolved.

Decisions and Action Items

Action Item: Jeff Haas will send a note to the list highlighting the need to expand on the existing discussion of convergence in the requirements documents.
Action Item: Authors of the architecture drafts will consider how to incorporate discussion of the incremental deployment of both the mechanisms to distribute SAV information and also of enforcement itself.
Action Item: Authors of the architecture drafts to include more detail about what the content of the messages being transmitted will be.

Next Steps

Continue discussion of the problem statement and architecture drafts on the mailing list.
Refine the architecture drafts based on feedback from the working group.
Further investigate and refine the SAV table size analysis, considering prefix aggregation and the impact of path hiding.
Continue development and evaluation of the Open Playground (SAL OP) project.
Advance the YANG model based on evolving SAV requirements.