One document matched: draft-yang-savi-data-packet-triggered-binding-00.txt
SAVI J. Yang, H. Zhang, Y. Zhang
Internet Draft ICT
Intended status: Informational August 31, 2010
Expires: March 2011
SAVI Solution for Data Packet Triggered Binding Process
draft-yang-savi-data-packet-triggered-binding-00
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. This document may not be modified,
and derivative works of it may not be created, except to publish it
as an RFC and to translate it into languages other than English.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before
November 10, 2008. The person(s) controlling the copyright in some of
this material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts are draft documents valid for a
maximum of six months and may be updated, replaced, or obsoleted by
other documents at any time. It is inappropriate to use
Internet-Drafts as reference material or to cite them other than as
"work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on March 04, 2011.
Yang Expires March 04, 2011 [Page 1]
Internet-Draft data-packet-triggered-binding August 2010
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Abstract
This document specifies the procedure of data packet triggered
binding creation, which is suitable for DHCP assigned addresses,
stateless addresses and manually configured addresses. This procedure
can help minimize loss of legitimate packets as well as prevent the
use of forged or spoofed addresses.
Table of Contents
1. Introduction ................................................ 3
2. Conventions & Terminology ................................... 3
2.1. Conventions used in this document ...................... 3
2.2. Abbreviations and Terminology .......................... 3
3. Mechanism Overview .......................................... 4
4. Modified Data Structures .................................... 4
4.1. Filtering Table(FT) .................................... 4
4.2. Binding State Table(BST) ............................... 5
5. Binding States Description .................................. 5
6. Additional Anchor Attributes ................................ 5
7. Data Packet Triggered Binding Creation Process .............. 6
7.1. Send a Data Packet ..................................... 7
7.2. Source Address Check ................................... 7
7.3. Bound Address Reachability Detection ................... 7
7.4. Binding Address Reachability Detection ................. 8
7.5. Send SAVI Multicast Query Message ...................... 9
7.6. Query Address from FT .................................. 9
7.7. Bound Address Reachability Detection .................. 10
7.8. SAVI Query Reply ...................................... 10
7.9. Update BST and FT ..................................... 10
8. Arguments & Backup Approach in DHCP Network ................ 11
8.1. Arguments in DHCP Network ............................. 11
8.2. Backup Approach in DHCP Network........................ 12
Yang Expires March 04, 2011 [Page 2]
Internet-Draft data-packet-triggered-binding August 2010
9. Constants .................................................. 16
10. Security Considerations ................................... 16
11. IANA Considerations ....................................... 16
12. References ................................................ 16
12.1. Normative References ................................. 16
12.2. Informative References ............................... 16
1. Introduction
The existing drafts perform control packets snooping during the
course of address assignment to set up bindings between IP addresses
and corresponding anchors. But referring to [SAVI Analysis], there
are various circumstances which will cause a data packet's address
unbound at the first SAVI device of its forwarding path. Therefore,
when a SAVI device receives a data packet with unbound source
address, it SHOULD perform data triggered binding creation process,
instead of directly discarding the packet.
This document describes a procedure of data packet triggered binding
creation, which is suitable for DHCP assigned addresses, stateless
address and manually configured addresses. This procedure can help
minimize loss of legitimate packets as well as prevent the use of
forged or spoofed addresses. This solution provides a kind of
supplemental binding process for existing drafts ([SAVI DHCP] and
[SAVI Stateless]).
2. Conventions & Terminology
2.1. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
2.2. Abbreviations and Terminology
SAVI - Source Address Validation Improvement
DHCP - Dynamic Host Configuration Protocol
SLAAC - StateLess Address AutoConfiguration
ND - Neighbor Discovery Protocol
DAD - Duplicate Address Detection
NS - Neighbor Solicitation
NA - Neighbor Advertisement
Yang Expires March 04, 2011 [Page 3]
Internet-Draft data-packet-triggered-binding August 2010
ARP - Address Resolution Protocol
BST - Binding State Table
FT - Filtering Table
Control Packet - In this document, packets that may cause state
transit are classified into control packets,
including DHCPv4/v6 Request, DHCPv6 Confirm, DHCPv6
Solicitation with Rapid Commit option, DAD NS and
gratuitous ARP. Whenever a SAVI device receives a
control packet from its SAVI-Validation anchor, it
will start binding creation process for the source
address or target address of the packet.
Data Packet - All other packets are considered to be data packets
in this document. Every data packet received by the
SAVI-Validation anchor MUST be checked. If the
source address of the data packet matches an entry
of FT, this packet MUST be forward; if not, the data
packet triggered binding creation process SHOULD be
started.
3. Mechanism Overview
The mechanism specified in this document is designed to provide a
possible approach about how to deal with data packets with unbound
addresses. When the SAVI device receives a data packet with unbound
address from its SAVI-Validation anchor, it will perform Address
Reachability Detection to detect the address's activity, and
communicate with other SAVI devices in the same subnet to check the
address's binding status. If the detection and the check are
successful, the SAVI device will add an entry for the address in its
local FT.
4. Modified Data Structures
This section describes the possible two data structures used in this
mechanism. The two data structures follow the structures defined in
existing drafts, with a MAC address field added.
4.1. Filtering Table (FT)
Yang Expires March 04, 2011 [Page 4]
Internet-Draft data-packet-triggered-binding August 2010
+----------+---------+-------------+
| Anchor | Address | MAC Address |
+----------+---------+-------------+
| Anchor-1 | IP-1 | MAC-1 |
+----------+---------+-------------+
| Anchor-2 | IP-2 | MAC-2 |
+----------+---------+-------------+
Figure 1 Instance of Modified FT
This small modification is necessary and has the following goods:
* Validate IP addresses as well as MAC addresses
* Use MAC addresses besides switch ports as binding anchors
* Serve the Address Reachability Detection specified in section 7
4.2 Binding State Table (BST)
+----------+---------+-------------+-------+----------+------+
| Anchor | Address | MAC Address | State | Lifetime | Other|
+----------+---------+-------------+-------+----------+------+
| Anchor-1 | IP-1 | MAC-1 | Bound | 65535 | |
+----------+---------+-------------+-------+----------+------+
| Anchor-2 | IP-2 | MAC-2 | Bound | 10000 | |
+----------+---------+-------------+-------+----------+------+
Figure 2 Instance of Modified BST
5. Binding States Description
This section describes the binding states added in this mechanism.
Probe: When a SAVI device performs Address Reachability Detection for
a binding or bound address, the corresponding entry's State in local
BST MUST be set to Probe.
Add: When a SAVI device communicates with other SAVI devices in the
same subnet to check an address's binding status, the corresponding
entry's State in local BST MUST be set to Add.
6. Additional Anchor Attributes
This section specifies the anchor attribute added in this mechanism.
SAVI-AddBinding: If and only if an anchor with SAVI-Validation
attribute can have SAVI-AddBinding attribute. The SAVI device MUST
change the anchor's attribute from SAVI-Validation to
SAVI-AddBinding, when data packet triggered binding process is
performed on this anchor. An anchor with SAVI-AddBinding attribute
will discard any data packets with unbound addresses.
Yang Expires March 04, 2011 [Page 5]
Internet-Draft data-packet-triggered-binding August 2010
7. Data Packet Triggered Binding Creation Process
This section specifies the procedure of creating bindings for data
packets' unbound source addresses. The binding procedure specified
here is exclusively designed for anchor with SAVI-Validation
attribute.
Host-X Host-Z SAVI-X SAVI-Y Host-Y
| | | | |
| 1.Send a Data Packet | | |
|----------------------->| | |
| | | | |
| | 2.Source Address Check | |
| | | | |
+------------------------------+ | |
. | |3.Bound Address | . | |
. | | Reachability | . | |
. | | Detection | . | |
. | |<-------------->| . | |
+------------------------------+ | |
| 4.Binding Address | | |
| Reachability Detection | | |
|<-----------------------| 5.Send SAVI | |
| | | Multicast | |
| | | Query Message| |
| | |------------->| |
| | | | |
| | | 6.Query Address from FT |
| | | | |
| | | |7.Bound Address |
| | | | Reachability |
| | | | Detection |
| | | |<-------------->|
| | | 8.SAVI Query | |
| | | Reply | |
| | |<-------------| |
| | | | |
| | 9.Update BST and FT | |
| | | | |
Figure 3 Data Packet Trigger Binding Process
The Host-X is the host sending the data packet; the SAVI-X is the
SAVI device that Host-X connected to; the Host-Z is the host bound at
SAVI-X through anchor Anchor-Z; the SAVI-Y represents any SAVI
device except SAVI-X in the subnet; the Host-Y is the host bound at
SAVI-Y through anchor-Y.
Yang Expires March 04, 2011 [Page 6]
Internet-Draft data-packet-triggered-binding August 2010
7.1. Send a Data Packet
Host-X sends a data packet, and the packet is received by SAVI-X from
an SAVI-Validation anchor, which is marked Anchor-X. The source
address of this packet MAY be a legal address that Host-X got from
normal address assignment, or MAY be an illegal address for malicious
purpose.
7.2. Source Address Check
SAVI-X reads the data packet's source MAC address (MAC-X) and source
IP address (IP-X), and then queries local FT for IP-X and MAC-X:
- If IP-X is in FT, but the entry's MAC address is not MAC-X, then
the data packet MUST be discarded, and the binding creation process
is terminated here.
- If IP-X is in FT, and the entry's MAC address is MAC-X, and the
entry's anchor is Anchor-X, then the data packet MUST be forwarded,
and the binding creation process is terminated here.
- If IP-X is in FT, and the entry's MAC address is MAC-X, but the
entry's anchor is Anchor-Z, then the data packet SHOULD be
discarded and Anchor-X's attribute MUST be set to SAVI-AddBinding.
After that, go to subsection 7.3..
- If IP-X is not in FT, then the data packet SHOULD be discarded and
Anchor-X's attribute MUST be set to SAVI-AddBinding. After that, go
to subsection 7.4..
7.3. Bound Address Reachability Detection
This subsection is aimed to detect whether the bound address in FT is
still reachable through the port it was bound. The detecting entry in
FT is as Figure 4 shows:
+----------+---------+-------------+
| Anchor | Address | MAC Address |
+----------+---------+-------------+
| Anchor-Z | IP-X | MAC-X |
+----------+---------+-------------+
Figure 4 the Detecting Entry in FT of SAVI-X
SAVI-X sends an Echo Request Message towards Host-Z through Anchor-Z,
using IP-X as source IP address and MAC-X as source MAC address.
Then, SAVI-X waits for the reply.
The case that an Echo Reply Message is received from Anchor-Z implies
the bound address is still reachable. SAVI-X can get the fact that
Host-X is spoofing the source address of Host-Z. Therefore, SAVI-X
Yang Expires March 04, 2011 [Page 7]
Internet-Draft data-packet-triggered-binding August 2010
MUST set Anchor-X's attribute back to SAVI-Validation and terminate
the binding creation process here.
The case that no Echo Reply Message is received implies the bound
address is not reachable now. This situation is probably resulted by
the host's moving from Anchor-Z to Anchor-X, or by link topology
change. Then SAVI-X will perform the following subsections. Before
that, SAVI-X MUST delete the entry about IP-X in FT and update the
entry about IP-X in BST as Figure 5 shows:
+----------+---------+-------------+-------+---------------+-------+
| Anchor | Address | MAC Address | State | Lifetime | Other |
+----------+---------+-------------+-------+---------------+-------+
| Anchor-X | IP-X | MAC-X | Probe | MAX_PROBE_ |DHCP or|
| | | | | RESPONSE_TIME |NO_DHCP|
+----------+---------+-------------+-------+---------------+-------+
Figure 5 the Updated Entry about IP-X in BST of SAVI-X
The DHCP or NO_DHCP is kept to mark the address assignment method is
DHCP or not DHCP.
7.4. Binding Address Reachability Detection
This subsection is aimed to detect whether the source address of the
data packet received in subsection 7.1 is a communicational and
active address.
SAVI-X sends an Echo Request Message towards Host-X through Anchor-X,
using IP-X as source IP address and MAC-X as source MAC address.
Then, SAVI-X waits for the reply.
The case that no Echo Reply Message is received from Anchor-X implies
IP-X or MAC-X is inactive. SAVI-X can get the fact that Host-X is
using forged addresses. Therefore, SAVI-X MUST set Anchor-X's
attribute back to SAVI-Validation and terminate the binding creation
process here. In addition, the entry about IP-X in BST MUST be
deleted, if there is one.
The case that an Echo Reply Message is received implies IP-X and
MAC-X are active. SAVI-X needs to make a decision now.
- If this subsection is arrived after successfully performed
subsection 7.3., SAVI-X MUST update the entry about IP-X in BST as
Figure 6 shows, and insert an entry about IP-X into FT (as Figure 7
shows). Finally, SAVI-X MUST set Anchor-X's attribute back to
SAVI-Validation to finish the data packet triggered binding
creation process.
Yang Expires March 04, 2011 [Page 8]
Internet-Draft data-packet-triggered-binding August 2010
+----------+---------+-------------+-------+---------------+-------+
| Anchor | Address | MAC Address | State | Lifetime | Other |
+----------+---------+-------------+-------+---------------+-------+
| Anchor-X | IP-X | MAC-X | Bound | Lease time or |DHCP or|
| | | | |Prefix lifetime|NO_DHCP|
+----------+---------+-------------+-------+---------------+-------+
Figure 6 the Updated Entry about IP-X in BST of SAVI-X
+----------+---------+-------------+
| Anchor | Address | MAC Address |
+----------+---------+-------------+
| Anchor-X | IP-X | MAC-X |
+----------+---------+-------------+
Figure 7 the Inserted Entry about IP-X in FT of SAVI-X
- If this subsection is arrived from subsection 7.2. by skipping
subsection 7.3., SAVI-X MUST perform the following subsections.
Before that, an entry about IP-X MUST be inserted into BST (as
Figure 8 shows ):
+----------+---------+-------------+-------+------------+-------+
| Anchor | Address | MAC Address | State | Lifetime | Other |
+----------+---------+-------------+-------+------------+-------+
| Anchor-X | IP-X | MAC-X | Add | MAX_SAVI_ |DHCP or|
| | | | | QUERY_TIME |NO_DHCP|
+----------+---------+-------------+-------+------------+-------+
Figure 8 the Inserted Entry about IP-X in BST of SAVI-X
7.5. Send SAVI Multicast Query Message
SAVI-X sends a SAVI Multicast Query Message to the SAVI multicast
address, with querying address IP-X and MAC-X inside. The SAVI
multicast address is the address of the multicast group that every
SAVI device joined.
7.6. Query Address from FT
SAVI-Y receives the SAVI Multicast Query Message, gets the querying
address IP-X and MAC-X. Then SAVI-Y queries local FT for IP-X and
MAC-X:
- If IP-X is not in FT, SAVI-Y will do nothing and keep silent.
- If IP-X is in FT, but the entry's MAC address is not MAC-X, SAVI-Y
will send a SAVI-MReply-AddrError Message to SAVI-X, with IP-X
inside. Then go to subsection 7.9..
Yang Expires March 04, 2011 [Page 9]
Internet-Draft data-packet-triggered-binding August 2010
- If IP-X is in FT, and the entry's MAC address is MAC-X, SAVI-Y
will perform the next subsection.
7.7. Bound Address Reachability Detection
This subsection is aimed to detect whether the bound address in FT of
SAVI-Y is still reachable through the port it was bound. The
detecting entry in FT is as Figure 9 shows:
+----------+---------+-------------+
| Anchor | Address | MAC Address |
+----------+---------+-------------+
| Anchor-Y | IP-X | MAC-X |
+----------+---------+-------------+
Figure 9 the Detecting Entry in FT of SAVI-Y
SAVI-Y sends an Echo Request Message towards Host-Y through Anchor-Y,
using IP-X as source IP address and MAC-X as source MAC address.
7.8. SAVI Query Reply
If SAVI-Y receives an Echo Reply Message from Anchor-Y, SAVI-Y will
send a SAVI-MReply-Reachable Message to SAVI-X, with IP-X inside.
If SAVI-Y does not receive any Echo Reply Message, SAVI-Y will send a
SAVI-MReply-Unreachable Message to SAVI-X, with IP-X inside. SAVI-Y
will also delete the entry about IP-X in local FT and BST.
7.9. Update BST and FT
SAVI-X waits and collects the SAVI Reply Messages:
If SAVI-X receives a SAVI-MReply-AddrError Message, it can get the
fact that Host-X is spoofing the IP address of Host-Y. SAVI-X MUST
delete the entry about IP-X in local BST, and set Anchor-X's
attribute back to SAVI-Validation. The data packet triggered binding
creation process finishes.
If SAVI-X receives a SAVI-MReply-Reachable Message, it can get the
fact that Host-X is spoofing the IP address and MAC address of
Host-Y. SAVI-X MUST delete the entry about IP-X in local BST, and
set Anchor-X's attribute back to SAVI-Validation. The data packet
triggered binding creation process finishes.
If SAVI-X receives a SAVI-MReply-Unreachable Message, it can get the
fact that IP-X had been bound at another SAVI device. This situation
is probably resulted by the host's moving from SAVI-Y to SAVI-X, or
by link topology change. SAVI-X MUST update the entry about IP-X in
Yang Expires March 04, 2011 [Page 10]
Internet-Draft data-packet-triggered-binding August 2010
BST as Figure 10 shows and insert an entry about IP-X into FT (as
Figure 7 shows). SAVI-X MUST also set Anchor-X's attribute back to
SAVI-Validation. The data packet triggered binding creation process
finishes.
+----------+---------+-------------+-------+---------------+-------+
| Anchor | Address | MAC Address | State | Lifetime | Other |
+----------+---------+-------------+-------+---------------+-------+
| Anchor-X | IP-X | MAC-X | Bound | Lease time or |DHCP or|
| | | | |Prefix lifetime|NO_DHCP|
+----------+---------+-------------+-------+---------------+-------+
Figure 10 the Updated Entry about IP-X in BST of SAVI-X
If SAVI-X does not receive any SAVI Reply Message, it can get the
fact that IP-X has not appeared in the subnet before. This situation
is probably resulted by control packets loss or SAVI state loss or it
MAY be an invalid address. SAVI-X will perform different actions
according to the value of Other field in BST:
- If the Other in BST is DHCP, SAVI-X SHOULD delete the entry about
IP-X in local BST, and set Anchor-X's attribute back to
SAVI-Validation. The data packet triggered binding creation process
finishes.
- If the Other in BST is NO_DHCP, SAVI-X SHOULD update the entry
about IP-X in BST as Figure 10 shows and insert an entry about IP-X
into FT (as Figure 7 shows). SAVI-X MUST also set Anchor-X's
attribute back to SAVI-Validation. The data packet triggered
binding creation process finishes.
8. Arguments & Backup Approach in DHCP Network
8.1. Arguments in DHCP Network
Subsection 7.5.~7.9. described the mechanism of SAVI Multicast Query,
which is perfectly light and effective in both DHCP and SLAAC
network. However, there is a tiny shortcoming when implement it in
DHCP network.
In the procedure of SAVI Multicast Query, a SAVI device sends a SAVI
Multicast Query Message to all SAVI devices to query certain
addresses. Every SAVI device receiving the message will reply to the
message sender in case it finds the querying addresses in its local
FT. In this way, if the SAVI Multicast Query Message sender does not
get any reply, it will understand that the querying addresses have
not appeared in the subnet before. However, the exactly SAVI device
which has the record of the querying addresses may reboot or get off
the link. This extreme case can also cause the no-reply result
Yang Expires March 04, 2011 [Page 11]
Internet-Draft data-packet-triggered-binding August 2010
described above.
Ignoring the extreme case, SAVI Multicast Query mechanism regards the
set of recorded IP addresses in all SAVI devices' FTs as the set of
IP addresses that DHCP server has authorized. In other words, an IP
address is a forged address, if it has never appeared in any SAVI
devices' FTs. So, a SAVI device will delete the corresponding entry
in BST when it does not receive any SAVI Reply message during
subsection 7.9., which well reflects the rigorous feature of SAVI
Multicast Query mechanism. Obviously, this treatment is based on the
assumption that the extreme case would not happen. Once the extreme
case unfortunately happened, SAVI device would make false judgments.
8.2. Backup Approach in DHCP Network
The following part of this section designs a mechanism named SAVI
Center Query as a backup approach of SAVI Multicast Query in DHCP
network. SAVI Center Query mechanism needs a SAVI Center Server to
store the binding statuses of the whole subnet. SAVI Center Server
can implement on the DHCP server or DHCP Relay. In case the SAVI
devices reboot or get off the link, SAVI Center Server will still
provide reliable binding statuses about querying addresses. SAVI
Center Server holds a SAVI Info Table (SIT):
+---------+-------------+--------------+----------+
| Address | MAC Address | SAVI address | Anchor |
+---------+-------------+--------------+----------+
| IP-1 | MAC-1 | SAVI-1 | Anchor-1 |
+---------+-------------+--------------+----------+
| IP-2 | MAC-2 | SAVI-2 | Anchor-2 |
+---------+-------------+--------------+----------+
Figure 11 Instance of SIT
Every SAVI device in the subnet will report the new bound address
when it creates an entry in its local FT, and will report the new
deleted address when it removes an entry in its local FT. An address
is a forged address if it isn't recorded in SIT.
The following subsections specify the procedure of data packet
triggered binding creation based on SAVI Center Query.
Yang Expires March 04, 2011 [Page 12]
Internet-Draft data-packet-triggered-binding August 2010
Host-X Host-Z SAVI-X SAVI Center SAVI-Y Host-Y
| | | | | |
|1. Send a Data Packet| | | |
|-------------------->| | | |
| | 2.Source Address Check | | |
| | | | | |
+--------------------------+ | | |
. | |3.Bound Address| . | | |
. | | Reachability | . | | |
. | | Detection | . | | |
. | |<------------->| . | | |
+--------------------------+ | | |
| 4.Binding Address | | | |
| Reachability | | | |
| Detection | | | |
|<--------------------|5.Send SAVI | | |
| | |Center Query| | |
| | | Message | | |
| | |----------->| | |
| | | | | |
| | | 6. Query Address from | |
| | | SAVI Info Table | |
| | | | | |
| | | |7.SAVI Uncast| |
| | | | Query | |
| | | |------------>|8.Bound Address|
| | | | | Reachability |
| | | | | Detection |
| | | |9.SAVI Query |<------------->|
| | | | Reply | |
| | | 10.SAVI |<------------| |
| | |Center Reply| | |
| | |<-----------| | |
| | | | | |
| | 11. Update BST and FT | | |
| | | | | |
Figure 12 Data Packet Trigger Binding Process Based on SAVI Center Query
The Host-X is the host sends the data packet; the SAVI-X is the SAVI
device that Host-X connected to; the Host-Z is the host bound at
SAVI-X through anchor Anchor-Z; the SAVI-Y represents any SAVI
device except SAVI-X in the subnet; the Host-Y is the host bound at
SAVI-Y through anchor-Y; SAVI Center is the SAVI Center Server.
8.2.1. Send a Data Packet
Refer to subsection 7.1..
Yang Expires March 04, 2011 [Page 13]
Internet-Draft data-packet-triggered-binding August 2010
8.2.2. Source Address Check
Refer to subsection 7.2..
8.2.3. Bound Address Reachability Detection
Refer to subsection 7.3..
8.2.4. Binding Address Reachability Detection
Refer to subsection 7.4..
8.2.5. Send SAVI Center Query Message
SAVI-X sends SAVI Center Query Message to SAVI Center Server, with
querying address IP-X and MAC-X inside.
8.2.6. Query Address from SAVI Info Table
SAVI Center Server receives the SAVI Center Query Message, gets the
querying address IP-X and MAC-X. Then SAVI Center Server queries SIT
for IP-X and MAC-X:
- If IP-X is in SIT, but the entry's MAC address is not MAC-X, or
IP-X is not in SIT, SAVI Center Server will send a
SAVI-CReply-AddrError Message to SAVI-X, with IP-X and MAC-X
inside. Then go to subsection8.2.11..
- If SAVI Center Server finds an entry about IP-X as Figure 13 shows,
it will perform the following subsections.
+---------+-------------+--------------+----------+
| Address | MAC Address | SAVI address | Anchor |
+---------+-------------+--------------+----------+
| IP-X | MAC-X | SAVI-Y | Anchor-Y |
+---------+-------------+--------------+----------+
Figure 13 the Entry about IP-X in SIT
8.2.7. SAVI Uncast Query
SAVI Center Server sends a SAVI Uncast Query Message to SAVI-Y, with
IP-X, MAC-X and Anchor-Y inside.
8.2.8. Bound Address Reachability Detection
This subsection is aimed to detect whether the address bound at
SAVI-Y is still reachable through the port it was bound.
Yang Expires March 04, 2011 [Page 14]
Internet-Draft data-packet-triggered-binding August 2010
SAVI-Y receives the SAVI Uncast Query Message, reads the querying
address IP-X and MAC-X and querying port Anchor-Y. Then it sends an
Echo Request Message towards Host-Y through Anchor-Y, using IP-X as
source IP address and MAC-X as source MAC address.
8.2.9. SAVI Query Reply
If SAVI-Y receives an Echo Reply Message from Anchor-Y, SAVI-Y will
send a SAVI-CReply-Reachable Message to SAVI Center Server, with
IP-X inside. Besides, if there is not any entry about IP-X in its
local BST or FT, SAVI-Y will also add one there.
If SAVI-Y does not receive any Echo Reply Message, SAVI-Y will send a
SAVI-CReply-Unreachable Message to SAVI Center Server, with IP-X
inside. Besides, SAVI-Y will also delete the entries about IP-X in
local FT and BST, if there is any.
8.2.10. SAVI Center Reply
If SAVI Center Sever receives a SAVI-CReply-Reachable Message, it can
get the fact that Host-X is spoofing the IP address and MAC address
of Host-Y. Then, SAVI Center Server sends a SAVI-CReply-Prohibit
Message to SAVI-X.
If SAVI Center Server receives a SAVI-CReply-Unreachable Message, it
can get the fact that the original bound address is not reachable
through its anchor now. This situation is probably resulted by the
host's movement or by link topology change. SAVI Center Server MUST
delete the entry about IP-X in SIT, and then sends a
SAVI-CReply-Permit Message to SAVI-X.
If SAVI Center Server does not receive any reply from SAVI-Y, we can
guess that SAVI-Y is off the link now. SAVI Center Server MUST delete
the entry about IP-X in SIT, and then sends a SAVI-CReply-Permit
Message to SAVI-X.
8.2.11. Update BST and FT
SAVI-X waits and collects the SAVI Center Reply Messages:
If SAVI-X receives a SAVI-CReply-AddrError Message or a
SAVI-CReply-Prohibit Message, it will delete the entry about IP-X in
local BST, and set Anchor-X's attribute back to SAVI-Validation. The
data packet triggered binding creation process finishes.
If SAVI-X receives a SAVI-CReply-Permit Message, SAVI-X will update
the entry IP-X in BST as Figure 10 shows, and insert an entry about
IP-X into FT as Figure 7 shows, and set Anchor-X's attribute back to
SAVI-Validation. The data packet triggered binding creation process
Yang Expires March 04, 2011 [Page 15]
Internet-Draft data-packet-triggered-binding August 2010
finishes.
9. Constants
MAX_PROBE_RESPONSE_TIME: The time that a SAVI device waits for Echo
Reply Message during Address Reachability Detection.
MAX_SAVI_QUERY_TIME: The time that a SAVI device waits for reply
message from other SAVI devices or SAVI Center Server during SAVI
Multicast Query or SAVI Center Query.
10. Security Considerations
This solution needs some policies to ensure that all devices in the
protection perimeter and all SAVI devices in the subnet are legal and
honest. If the Backup Approach (SAVI Center Query) is implemented,
some strategies are needed to authenticate the identity of SAVI
Center and SAVI devices during their communication.
11. IANA Considerations
There is no IANA consideration currently.
12. References
12.1 Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs for use in RFCs
to Indicate Requirement Levels", BCP 14, RFC 2119,
March 1997.
12.2 Informative References
[SAVI Framework]
Vogt, CV., "Source Address Validation Improvement
Protocol Framework", , October 2009.
[SAVI Stateless]
Bi, J., Yao, G., Wu, J., and F. Baker, "SAVI Solution for
Stateless Address", draft-bi-savi-stateless-00 (work in
progress), April 2010.
[SAVI DHCP]
Bi, J., Wu, J., Yao, G., and F. Baker, "SAVI Solution for
DHCP", draft-ietf-savi-dhcp-05(work in progress),
July 2010.
Yang Expires March 04, 2011 [Page 16]
Internet-Draft data-packet-triggered-binding August 2010
[SAVI Analysis]
Marcelo, B., Joel M. H., "Analysis of data-triggered
binding creation in SAVI", draft-bagnulo-savi-analysis-02
(work in progress), March 2010.
Author's Addresses
Jingjing Yang
ICT
Email: yangjingjing@ict.ac.cn
Hanwen Zhang
ICT
Email: hwzhang@ict.ac.cn
Yujun Zhang
ICT
Email: zhmj@ict.ac.cn
Yang Expires March 04, 2011 [Page 17]
Internet-Draft data-packet-triggered-binding August 2010
| PAFTECH AB 2003-2026 | 2026-04-24 01:09:40 |