Presentation is loading. Please wait.

Presentation is loading. Please wait.

Source Address Validation Architecture (SAVA) Requirements of CNGI-CERENT2 Jianping Wu CERNET/Tsinghua University IETF 68 Prague March 2007.

Published byBertram Morton Modified over 9 years ago

Similar presentations

Presentation on theme: "Source Address Validation Architecture (SAVA) Requirements of CNGI-CERENT2 Jianping Wu CERNET/Tsinghua University IETF 68 Prague March 2007."— Presentation transcript:

1 Source Address Validation Architecture (SAVA) Requirements of CNGI-CERENT2 Jianping Wu CERNET/Tsinghua University IETF 68 Prague March 2007

2 Outline CNGI-CERNET2 CNGI-CERNET2's SAVA requirements Deployment steps Lessons learned

3 CNGI-CERNET2 The 2nd generation of China Education and Research Network A nationwide native IPv6 network, part of CNGI (China Next Generation Internet) project Launched in Dec 2004. –25 core nodes in 20 major cities. –~200 universities (stub access networks) –IPv6 Core routers and switches from Juniper, Cisco, Huawei, and Bitway

4 CNGI Backbones

5 CNGI-CERNET2 Backbones

6 CERNET2's SAVA requirements(1) Regulatory Compliance Governments may require network operators to vouch for the source of each packet that they carry Protection of the legitimate owner of a spoofed source address Security Requirement Spoofed source addresses are used in some types of DoS attacks

7 CERNET2's SAVA requirements(2) Accounting Requirements –Facilitate the measurement of end-to-end network usage such as normal telephony. Application Requirements –Spoofed addresses and spoofed application identifiers lead to application problems such as spam E-mail. –The performance of end-to-end applications such as VoIP using SIP needs to be improved.

8 Deployment Steps Step1: Tsinghua University SAVA Testbed Step2: Prototypes implemented and 7 SAVA test AS deployed on CNGI- CERNET2. The observed results are so far good. Step3: SAVA will be deployed in CNGI backbone, including China Telecom, China Netcom, China Mobile, China Unicom, etc.

9 Lessons Learned BCP 38 limitation –Full deployment –Asymmetric routing environment –Not very incentive to network operators Basic Design Principle of SAVA –Focus on IPv6 –Performance –Scaling –Multi-fence solution –Incrementally deployable –Incomplete deployment still has benefits –Loose coupling of components

Download ppt "Source Address Validation Architecture (SAVA) Requirements of CNGI-CERENT2 Jianping Wu CERNET/Tsinghua University IETF 68 Prague March 2007."

Similar presentations

NG-Mylife Platform Network Research Center of Tsinghua Univ. CERNET Center Aug 30, 2007.

NG-Mylife Platform Network Research Center of Tsinghua Univ. CERNET Center Aug 30, 2007.
CNGI/CERNET2 Updates Jilong Wang, Tsinghua U. 2007-01-23.

CNGI/CERNET2 Updates Jilong Wang, Tsinghua U
IPv6 and CNGI in China Jianping WU July 6, 2004. Contents What is the next generation Internet we needed IPv6 and its development CERNET update Next Generation.

IPv6 and CNGI in China Jianping WU July 6, Contents What is the next generation Internet we needed IPv6 and its development CERNET update Next Generation.
1 IPv6 Development in China Xing Li 2003-10-31. 2 Outline l A brief history l Experience l CNGI project l CERNET2 design.

1 IPv6 Development in China Xing Li Outline l A brief history l Experience l CNGI project l CERNET2 design.
FI Research in China Jun Bi Tsinghua Univ./CERNET Beijing China.

FI Research in China Jun Bi Tsinghua Univ./CERNET Beijing China.
CNGI: China Next Generation Internet Jianping WU CERNET and Tsinghua Univ. Nov. 30, 2004.

CNGI: China Next Generation Internet Jianping WU CERNET and Tsinghua Univ. Nov. 30, 2004.
IPv6 Source Address Validation and IETF Efforts Jun Bi CERNET/Tsinghua University APAN 26 August, 2008.

IPv6 Source Address Validation and IETF Efforts Jun Bi CERNET/Tsinghua University APAN 26 August, 2008.
©2005 Check Point Software Technologies Ltd. Proprietary & Confidential IPv6 Security Topics TAU Security Forum February 2005 Yoni Appel IPv6 Project Manager.

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential IPv6 Security Topics TAU Security Forum February 2005 Yoni Appel IPv6 Project Manager.
IPv4 to IPv6 Migration strategies. What is IPv4  Second revision in development of internet protocol  First version to be widely implied.  Connection.

IPv4 to IPv6 Migration strategies. What is IPv4  Second revision in development of internet protocol  First version to be widely implied.  Connection.
1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.

1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.
NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China.

NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China.
IPv6: The Next Generation Internet Dipen Chauhan.

IPv6: The Next Generation Internet Dipen Chauhan.
An Assessment of Mobile Ad-Hoc Network (MANET) Issues Jerry Usery CS 526 May 12 th, 2008.

An Assessment of Mobile Ad-Hoc Network (MANET) Issues Jerry Usery CS 526 May 12 th, 2008.
CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)

CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
© 2003 By Default! A Free sample background from www.powerpointbackgrounds.com Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,
IPv6 Forum India An Update Hemanth Dattatreya President IPv6 Forum India.

IPv6 Forum India An Update Hemanth Dattatreya President IPv6 Forum India.
Next Generation Internet Development in China Jianping Wu Professor, Tsinghua University Director of CERNET Network Center August 21, 2002.

Next Generation Internet Development in China Jianping Wu Professor, Tsinghua University Director of CERNET Network Center August 21, 2002.
Lightweight 4over6 in access network draft-cui-softwire-b4-translated-ds-lite-01 China Telecom: Chongfeng Xie, Qiong Sun Tsinghua University: Yong Cui,

Lightweight 4over6 in access network draft-cui-softwire-b4-translated-ds-lite-01 China Telecom: Chongfeng Xie, Qiong Sun Tsinghua University: Yong Cui,
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-1 Integrating Internet Access with MPLS VPNs Implementing Internet Access as a Separate VPN.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-1 Integrating Internet Access with MPLS VPNs Implementing Internet Access as a Separate VPN.

Similar presentations

Ads by Google