Download presentation
Presentation is loading. Please wait.
1
SAVE: Source Address Validity Enforcement Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA USENIX Work-In Progress Session Washington DC, 08/17/2001 {lijun, sunshine, wangmq, reiher, lixia}@cs.ucla.edu
2
Our Approach Provide information to the routers what is valid range of addresses for each incoming link Filter out packets with source address not from valid range
3
Motivation Eliminate IP spoofing Enhance some other protocols: multicast, fair queuing
4
How is this different from ingress filtering? A C B from A
5
Why not augment routing protocol? A C B D F
6
A C B D F
7
Our Approach - More Detail Every router is associated with range of addresses he “takes care of” For every destination from his forwarding table router generates SAVE update This update is forwarded to destination and state is stored in intermediate routers associating addresses from update with incoming link Updates are generated periodically and whenever forwarding entry changes
8
Challenges Security Partial deployment Overhead (memory, bandwidth)
9
For More Info... http://fmg-www.cs.ucla.edu/adas
10
Storage Cost - single domain
11
Storage Cost - multiple domains
12
Triggered BW Cost - multiple domains
13
Periodic BW Cost - single domain
14
Periodic BW Cost - multiple domains
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.