**Session Date/Time:** 04 Nov 2024 09:30

# savnet

## Summary

The savnet working group meeting covered a range of topics related to source address validation (SAV) within and between network domains. Discussions included updates on the intradomain and interdomain architectures, specific solution proposals, and measurement methodologies. A key focus was converging different intradomain and interdomain SAV solution proposals, particularly considering challenges like incremental deployment, asymmetric routing, and the integration of technologies like SRv6. Several presentations highlighted practical implementations and test results, prompting discussions around real-world applicability and the handling of dynamic network changes.

## Key Discussion Points

*   **Intradomain SAV Architecture:** Discussions on whether to deploy SAV on edge routers or inner routers, focusing on deployment overhead, redundant validation, and incremental benefits. Clear articulation of trade-offs during incremental deployments was emphasized.
*   **Source Prefix Advertisement (SPA)-based SAV:** Proposed solution for intradomain SAV, deploying SAV at the edge using prefix allow/blocklists. Advantages included proximity to the source, feasibility, and incremental deployment benefits.
*   **SAV Implementation in a Carrier Network:** Presentation on a carrier's SAV implementation using allow/blocklists on access, intermediate, and border interfaces. Discussions centered on dealing with fast reroute (FRR) and topology changes. Concerns were raised about the value of intermediate router checks if all interfaces within the internet are allowed.
*   **Interdomain SAV Architecture:** Updates on the interdomain SAV architecture document, addressing comments related to data source prioritization and SAF-specific data communication. Security implications of sharing SAF-specific information between ASes were discussed.
*   **Bar-Sahue: BGP ASPA ROA based Source Address Validation:** Proposal leverages BGP ASPA and ROA data to generate SAV tables and address hidden prefixes. Discussed recommendations for network operators concerning the use of no-export and DSR scenarios.
*   **Bacombe: Interdomain SAV:** Presentation on Bacombe, an interdomain SAV solution using blocklists on interfaces facing custom ASes to avoid improper blocking in no-export and DSR scenarios.
*   **BGP Operations for Interdomain SAV:** Proposal for a BGP policy-based solution utilizing Secure Domain Identification (SDI) for interdomain SAV. The relationship to scenarios proposed in the interdomain SAV problem statement was questioned.
*   **Network Controller Based SAV Enhancement:** Presentation of a network controller-based solution for enhancing SAV capabilities, particularly in partial deployment scenarios. It was questioned how this proposal would address the problems in the PS document.
*   **SRv6 and SAV:** Questions were raised about the interaction between SAV and SRv6, particularly regarding how to configure access nodes with allow/block lists and verify source addresses for dynamically designated paths. It was noted that when checking SRV6 packet source addresses, the tunnel address needs to be considered, not the subscriber or external source address.
*   **Remote Measurement of Outbound SAV Deployment:** Presentation of a methodology for remotely measuring outbound IP spoofing using destination NAT to elicit spoofed packets, followed by analysis of the resulting packet behavior.
*   **SISP Object for Automated SAV Peering:** Presenting automatic peering for remote AS exchange for source validation information.

## Decisions and Action Items

*   **Intradomain Architecture Draft:** Addressed the comments by the chair regarding incremental deployment. It must clearly spell out what the trade-offs are.
*   **Carrier SAV implementation:** Take FRR questions to the mailing list.

## Next Steps

*   Continue discussion on the mailing list for unanswered questions and concerns.
*   Authors to revise drafts based on feedback received during the meeting.
*   Consider how SRv6 tunnel addresses are handled in the scope of SAV.
*   For centralized framework document, end some solutions to the draft