SAVI working group meeting at IETF 82
Tuesday, November 15, 2011, 17:10 - 18:10
Chairs: Jean-Michel Combes

o Introduction and Administrativa (Jean-Michel Combes)

- WG docs status:

Threats
IESG review, new version needed

Framework
IESG review, new version needed

FCFS SAVI
IESG review, new version needed

DHCP SAVI
AD review, new version needed

SEND SAVI
Shepherd review to do

MIX SAVI
WGLC to launch

- IESG issues raised during IESG review: 
Residential threats/limitations & privacy concerns
To take into account especially in solution docs

- Goal of meeting
No recharter decision but trigger ML discussions
If there's ML interest, SAVI WG will meet in Paris, else SAVI WG will close.


o Problem of RPF and possible approaches to enhance RPF (Jun Bi)

Should we do something beyond the local link?
Possible approaches are not the key part (problem is)

<Minutes taker note: see slides, most is written there>

The presentation analyses intra-AS and inter-AS scenarios from deployers standpoint.
intra AS : 10 years to change all L2 switches
inter AS : difficult

Fred Baker prefers to analyse per IGP type.

Current SAVI is about local link. that's the only practical anti spoofing.

RPF presentation (see slides)

RPF has some problems in some situations analyzed in the presentation.
1) False positive, in asymmetric routing, mostly in intra AS.
2) False negative, in spoofed flows come from the same direction as the original.
3) how to improve? Guidelines, IGP changes.

Intra-AS: 
Asymmetric flows discussion. False positive causes. Other difficulty with fast reroute.

Inter-AS:
Asymmetric flows are more common than in the intra-AS case.
Hot potato also causes asymmetric flows.
An AS that does not support RPF will hide RPF issues.

Enhancements:
- Intra-AS
- Inter-AS

Questions:

Eric Vyncke: 
Intra-AS, you need to apply RPF at the very edge (closest to the source)

Jun Bi: 
It won't help for a remote source

Joel Halpern: 
Very dubious that it can work

Lixia Zhang: 
Maybe a good consideration to sort out the different ASes. UCLA runs private ASes. Issues of MPLS.

Fred Baker: 
Intra vs. inter is irrelevant. 
The issue is whether you have all the info to calculate routes. Proof that there is a spanning tree in any graph. 1968: find a shorter path from every direction.
LS algorithm have complete information in every router. As soon as you lose info (BGP, BF) you can't make sure. That's the critical point. 
That leads to 2 path OSPF and ISIS will probably allow deterministic.

Hannes Gredler: 
From experience, 2 sorts of path, looping and not.
We can forward anywhere as long as no loop. This can happen without signalling. If fast re-route is deployed, this will fail.

Stewart Bryant: 
The above is very well known in fast re-route space. Know bibliography otherwise.

Jean-Michel Combes: 
I recommend one (or 2) drafts to initiate discussions on the ML.



o Requirements of SAVI solution for Telecom Scenario (Sun Qiong)
http://www.ccf-internet.edu.cn/download/draft-shi-savi-ISP-access-01.txt

No presenter



o Requirements of SAVI solution for IPv6 transition Scenario (Mingwei Xu)
http://training.zzuli.edu.cn/draft-xu-savi-transition-00.txt

<again see slides>
Spoofing getting more and more critical.
Long transition to v6 during which IPv4 should also be considered.

SAVI charter refers to IPv4 and IPv6. See scenario slides

Fred Baker: 
Trying to simplify, I think you're saying that SAVI DHCP drafts apply to both Addresses Families

Joel Halpern: 
There's more, if the host sends a tunneled packet you want the switch to look at both outer and inner address.

Jari Arkko: 
Are you checking for a match between the 2?

Mingwei Xu: 
If inner IPv4 address is spoofed it must be checked

Fred Baker: 
Seems you're again operating on information that you do not have.

Eric Vyncke: 
The decapsulating router has the info and it is the place to check RPF.

Jean-Michel Combes: 
Please submit the draft to the IETF secretariat



Jari Arkko (coming back on Jun Bi's presentation): 
Non-stater if not full information. And even though you might have FRR.
Plus transition periods, unless network is stable that fails at well.
So anything beyond RPF is impossible.

Jun Bi: 
FRR was a comment. PS draft may trigger solution.

Jari Arkko: 
theoritically, if you compute reachability and arm a timer and then see if there is a routing update within some time.

Lixia Zhang: 
Pragmatic issues. Our campus is not simple OSPF, we have private ASes, it is inter-AS.
We could talk theoritically, but pragmantically what is cost vs gain. Can't see the value in our campus.

John Scudder: 
I won't commit to impossible but you (Jari) didn't say anything that I think was not right.

*** END OF THE MEETING ***