Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAVE: Source Address Validity Enforcement Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA USENIX Work-In Progress Session Washington.

Similar presentations


Presentation on theme: "SAVE: Source Address Validity Enforcement Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA USENIX Work-In Progress Session Washington."— Presentation transcript:

1 SAVE: Source Address Validity Enforcement Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA USENIX Work-In Progress Session Washington DC, 08/17/2001 {lijun, sunshine, wangmq, reiher, lixia}@cs.ucla.edu

2 Our Approach  Provide information to the routers what is valid range of addresses for each incoming link  Filter out packets with source address not from valid range

3 Motivation  Eliminate IP spoofing  Enhance some other protocols: multicast, fair queuing

4 How is this different from ingress filtering? A C B from A

5 Why not augment routing protocol? A C B D F

6 A C B D F

7 Our Approach - More Detail  Every router is associated with range of addresses he “takes care of”  For every destination from his forwarding table router generates SAVE update  This update is forwarded to destination and state is stored in intermediate routers associating addresses from update with incoming link  Updates are generated periodically and whenever forwarding entry changes

8 Challenges  Security  Partial deployment  Overhead (memory, bandwidth)

9 For More Info... http://fmg-www.cs.ucla.edu/adas

10 Storage Cost - single domain

11 Storage Cost - multiple domains

12 Triggered BW Cost - multiple domains

13 Periodic BW Cost - single domain

14 Periodic BW Cost - multiple domains


Download ppt "SAVE: Source Address Validity Enforcement Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA USENIX Work-In Progress Session Washington."

Similar presentations


Ads by Google