Download presentation
Presentation is loading. Please wait.
Published byBertram Morton Modified over 9 years ago
1
Source Address Validation Architecture (SAVA) Requirements of CNGI-CERENT2 Jianping Wu CERNET/Tsinghua University IETF 68 Prague March 2007
2
Outline CNGI-CERNET2 CNGI-CERNET2's SAVA requirements Deployment steps Lessons learned
3
CNGI-CERNET2 The 2nd generation of China Education and Research Network A nationwide native IPv6 network, part of CNGI (China Next Generation Internet) project Launched in Dec 2004. –25 core nodes in 20 major cities. –~200 universities (stub access networks) –IPv6 Core routers and switches from Juniper, Cisco, Huawei, and Bitway
4
CNGI Backbones
5
CNGI-CERNET2 Backbones
6
CERNET2's SAVA requirements(1) Regulatory Compliance Governments may require network operators to vouch for the source of each packet that they carry Protection of the legitimate owner of a spoofed source address Security Requirement Spoofed source addresses are used in some types of DoS attacks
7
CERNET2's SAVA requirements(2) Accounting Requirements –Facilitate the measurement of end-to-end network usage such as normal telephony. Application Requirements –Spoofed addresses and spoofed application identifiers lead to application problems such as spam E-mail. –The performance of end-to-end applications such as VoIP using SIP needs to be improved.
8
Deployment Steps Step1: Tsinghua University SAVA Testbed Step2: Prototypes implemented and 7 SAVA test AS deployed on CNGI- CERNET2. The observed results are so far good. Step3: SAVA will be deployed in CNGI backbone, including China Telecom, China Netcom, China Mobile, China Unicom, etc.
9
Lessons Learned BCP 38 limitation –Full deployment –Asymmetric routing environment –Not very incentive to network operators Basic Design Principle of SAVA –Focus on IPv6 –Performance –Scaling –Multi-fence solution –Incrementally deployable –Incomplete deployment still has benefits –Loose coupling of components
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.