Source%20Address%20Validation%20Architecture%20(SAVA)%20Requirements%20of%20CNGI-CERENT2 - PowerPoint PPT Presentation

About This Presentation
Title:

Source%20Address%20Validation%20Architecture%20(SAVA)%20Requirements%20of%20CNGI-CERENT2

Description:

The 2nd generation of China Education and Research Network ... 25 core nodes in 20 major cities. ~200 universities (stub access networks) ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 10
Provided by: RG884
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: Source%20Address%20Validation%20Architecture%20(SAVA)%20Requirements%20of%20CNGI-CERENT2


1
Source Address Validation Architecture (SAVA)
Requirements of CNGI-CERENT2
  • Jianping Wu
  • CERNET/Tsinghua University
  • IETF 68 Prague
  • March 2007

2
Outline
  • CNGI-CERNET2
  • CNGI-CERNET2's SAVA requirements
  • Deployment steps
  • Lessons learned

3
CNGI-CERNET2
  • The 2nd generation of China Education and
    Research Network
  • A nationwide native IPv6 network, part of CNGI
    (China Next Generation Internet) project
  • Launched in Dec 2004.
  • 25 core nodes in 20 major cities.
  • 200 universities (stub access networks)
  • IPv6 Core routers and switches from Juniper,
    Cisco, Huawei, and Bitway

4
CNGI Backbones
5
CNGI-CERNET2 Backbones
6
CERNET2's SAVA requirements(1)
  • Regulatory Compliance
  • Governments may require network operators to
    vouch for the source of each packet that they
    carry
  • Protection of the legitimate owner of a spoofed
    source address
  • Security Requirement
  • Spoofed source addresses are used in some types
    of DoS attacks

7
CERNET2's SAVA requirements(2)
  • Accounting Requirements
  • Facilitate the measurement of end-to-end network
    usage such as normal telephony.
  • Application Requirements
  • Spoofed addresses and spoofed application
    identifiers lead to application problems such as
    spam E-mail.
  • The performance of end-to-end applications such
    as VoIP using SIP needs to be improved.

8
Deployment Steps
  • Step1 Tsinghua University SAVA Testbed
  • Step2 Prototypes implemented and 7 SAVA test AS
    deployed on CNGI-CERNET2. The observed results
    are so far good .
  • Step3 SAVA will be deployed in CNGI backbone,
    including China Telecom, China Netcom, China
    Mobile, China Unicom, etc.

9
Lessons Learned
  • BCP 38 limitation
  • Full deployment
  • Asymmetric routing environment
  • Not very incentive to network operators
  • Basic Design Principle of SAVA
  • Focus on IPv6
  • Performance
  • Scaling
  • Multi-fence solution
  • Incrementally deployable
  • Incomplete deployment still has benefits
  • Loose coupling of components
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Source%20Address%20Validation%20Architecture%20(SAVA)%20Requirements%20of%20CNGI-CERENT2" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!