[Sidrops] Fw: New Version Notification for draft-li-sidrops-bicone-sav-01.txt
Lancheng Qin <qlc19@mails.tsinghua.edu.cn> Fri, 21 June 2024 09:09 UTC
Return-Path: <qlc19@mails.tsinghua.edu.cn>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8D9AC151552 for <sidrops@ietfa.amsl.com>; Fri, 21 Jun 2024 02:09:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.696
X-Spam-Level:
X-Spam-Status: No, score=-6.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=mails.tsinghua.edu.cn
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qTIMkwzpaCre for <sidrops@ietfa.amsl.com>; Fri, 21 Jun 2024 02:08:58 -0700 (PDT)
Received: from azure-sdnproxy.icoremail.net (azure-sdnproxy.icoremail.net [207.46.229.174]) by ietfa.amsl.com (Postfix) with ESMTP id 5A5CFC15199B for <sidrops@ietf.org>; Fri, 21 Jun 2024 02:08:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mails.tsinghua.edu.cn; s=dkim; h=Received:Date:From:To:Cc: Subject:In-Reply-To:References:Content-Transfer-Encoding: Content-Type:MIME-Version:Message-ID; bh=7xG6XEfzoBOsmHqYGhrx2X9 BGKAfn4fzRpYLn8rwk2s=; b=m7ASBBdlFa0xWBSy+T1RsZT6YN0tLbe5PkjhefQ sTePjMyGaRa5JFbZfphZs43nnY90UZYFPVOJRpu9soMWxa0yb7NYvk26K4eQ8zxi tayNmaqw5OMcFrWy6RRpJdfLGHu/uZRKEdJCEvXePCj4xaPivxkiWLB74rpy0VD4 laeE=
Received: from qlc19$mails.tsinghua.edu.cn ( [58.206.196.24] ) by ajax-webmail-web5 (Coremail) ; Fri, 21 Jun 2024 17:08:51 +0800 (GMT+08:00)
X-Originating-IP: [58.206.196.24]
Date: Fri, 21 Jun 2024 17:08:51 +0800
X-CM-HeaderCharset: UTF-8
From: Lancheng Qin <qlc19@mails.tsinghua.edu.cn>
To: sidrops <sidrops@ietf.org>
X-Priority: 3
X-Mailer: Coremail Webmail Server Version 2023.2-cmXT5 build 20230915(bf90896b) Copyright (c) 2002-2024 www.mailtech.cn mispb-4df55a87-4b50-4a66-85a0-70f79cb6c8b5-tsinghua.edu.cn
In-Reply-To: <795e9486.85356.1903a0a454d.Coremail.qlc19@mails.tsinghua.edu.cn>
References: <171832597371.23094.6948148676643048811@ietfa.amsl.com> <64da4090.7b383.190143a1c75.Coremail.qlc19@mails.tsinghua.edu.cn> <000201dac2c7$47d71790$d78546b0$@tsinghua.org.cn> <24a43a59.823b9.19035cb7b55.Coremail.qlc19@mails.tsinghua.edu.cn> <f254cea.786f4.19039e54805.Coremail.tengsy21@mails.tsinghua.edu.cn> <795e9486.85356.1903a0a454d.Coremail.qlc19@mails.tsinghua.edu.cn>
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="UTF-8"
MIME-Version: 1.0
Message-ID: <7edb5ce1.85370.1903a0e4306.Coremail.qlc19@mails.tsinghua.edu.cn>
X-Coremail-Locale: zh_CN
X-CM-TRANSID: zAQGZQCHyCsjQ3VmJpsuDA--.4903W
X-CM-SenderInfo: 5tofimo6pdxz3vow2x5qjk3toohg3hdfq/1tbiAQYPD2Z1BuY5NAA Cs7
X-Coremail-Antispam: 1Ur529EdanIXcx71UUUUU7IcSsGvfJ3iIAIbVAYjsxI4VWxJw CS07vEb4IE77IF4wCS07vE1I0E4x80FVAKz4kxMIAIbVAFxVCaYxvI4VCIwcAKzIAtYxBI daVFxhVjvjDU=
Message-ID-Hash: GYLZRENUQ7EOZSCV7K7HGQCLFG6WSSMN
X-Message-ID-Hash: GYLZRENUQ7EOZSCV7K7HGQCLFG6WSSMN
X-MailFrom: qlc19@mails.tsinghua.edu.cn
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-sidrops.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tengsy21@mails.tsinghua.edu.cn
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Sidrops] Fw: New Version Notification for draft-li-sidrops-bicone-sav-01.txt
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/HJTJuLizvmjzSWZNAKFtjq1kxF0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Owner: <mailto:sidrops-owner@ietf.org>
List-Post: <mailto:sidrops@ietf.org>
List-Subscribe: <mailto:sidrops-join@ietf.org>
List-Unsubscribe: <mailto:sidrops-leave@ietf.org>
Forwarding discussion of this draft on another mailing list to this mailing list. Thank you. Best Regards, Lancheng > -----原始邮件----- > 发件人: "Lancheng Qin" <qlc19@mails.tsinghua.edu.cn> > 发送时间:2024-06-21 17:04:30 (星期五) > 收件人: "Siyuan Teng" <tengsy21@mails.tsinghua.edu.cn> > 抄送: savnet@ietf.org > 主题: [savnet] Re: 答复: Fw: New Version Notification for draft-li-sidrops-bicone-sav-01.txt > > Yes. The router can generate both allowlist and blocklist in control plane, and use only one (according to the recommendations in Section 7) in data plane to save storage overhead. > > Best, > Lancheng > > > > -----原始邮件----- > > 发件人: "Siyuan Teng" <tengsy21@mails.tsinghua.edu.cn> > > 发送时间:2024-06-21 16:24:05 (星期五) > > 收件人: "Lancheng Qin" <qlc19@mails.tsinghua.edu.cn> > > 抄送: "Aijun Wang" <wangaijun@tsinghua.org.cn>, savnet@ietf.org > > 主题: [savnet] Re: 答复: Fw: New Version Notification for draft-li-sidrops-bicone-sav-01.txt > > > > Hi Lancheng, > > > > In Section 6.3, Bicone SAV uses the allowlist to remove some prefixes from the blocklist. In Section 7, it suggests that an AS can choose to use the allowlist filter or the blocklist filter. > > > > Does it mean that Bicone SAV would generate both allowlist and blocklist but adopt only one? > > > > Siyuan > > > > > > > -----原始邮件----- > > > 发件人: "Lancheng Qin" <qlc19@mails.tsinghua.edu.cn> > > > 发送时间:2024-06-20 21:17:26 (星期四) > > > 收件人: "Aijun Wang" <wangaijun@tsinghua.org.cn> > > > 抄送: savnet@ietf.org > > > 主题: [savnet] Re: 答复: Fw: New Version Notification for draft-li-sidrops-bicone-sav-01.txt > > > > > > Hi Aijun, > > > > > > > This draft aims to solve the inter-domain SAVNET problem. Inclusion of "inter-domain" and "SAVNET" would assist the reader to get the key aim of your proposal and also can put it into the SAVNET repository automatically. > > > > > > [Lancheng]: For the same reason (i.e., SAVNET solution documents are not included in the Charter or Milestones for SAVNET WG), we submit this document to SIDROPS WG. > > > > > > > The key idea of your proposal is how to generate and apply the blocklist. Will the allowlist and blocklist existing on one router simultaneously? In section 7 of your document "summary of recommendations", the operator should make some judgement for the accuracy of the allowlist/blocklist, which will be challenged to the operator and can't be updated automatically, it seems the safest way is to use always the allowlist and blocklist at the same time? > > > > > > [Lancheng]: In the previous version, this draft proposed to use both allowlist and blocklist on one interface. However, in IETF 119, we received comments that this would greatly increase storage overhead and computational complexity. Therefore, this new version proposes to use only one in data plane. As mentioned in Section 7, blocklist can be used by default if the network operator is unsure whether using allowlist will lead to improper block. Even though, network operators can also flexibly choose whether to use an allowlist or a blocklist according to their needs. For example, if the network is more concerned about avoiding improper block, it can use a blocklist. If the network is more concerned about blocking as much spoofing traffic as possible, it can use an allowlist. > > > > > > Thank you. > > > > > > Best, > > > Lancheng > > > > > > > > > > -----原始邮件----- > > > > 发件人: "Aijun Wang" <wangaijun@tsinghua.org.cn> > > > > 发送时间:2024-06-20 12:06:51 (星期四) > > > > 收件人: "'Lancheng Qin'" <qlc19@mails.tsinghua.edu.cn>, savnet@ietf.org > > > > 主题: [savnet] 答复: Fw: New Version Notification for draft-li-sidrops-bicone-sav-01.txt > > > > > > > > Hi, Lancheng: > > > > > > > > Similar comments for this draft: > > > > 1) This draft aims to solve the inter-domain SAVNET problem. Inclusion of "inter-domain" and "SAVNET" would assist the reader to get the key aim of your proposal and also can put it into the SAVNET repository automatically. > > > > 2) The key idea of your proposal is how to generate and apply the blocklist. Will the allowlist and blocklist existing on one router simultaneously? In section 7 of your document "summary of recommendations", the operator should make some judgement for the accuracy of the allowlist/blocklist, which will be challenged to the operator and can't be updated automatically, it seems the safest way is to use always the allowlist and blocklist at the same time? > > > > > > > > > > > > Best Regards. > > > > > > > > Aijun Wang > > > > > > > > > > > > -----邮件原件----- > > > > 发件人: forwardingalgorithm@ietf.org [mailto:forwardingalgorithm@ietf.org] 代表 Lancheng Qin > > > > 发送时间: 2024年6月14日 8:51 > > > > 收件人: savnet@ietf.org > > > > 主题: [savnet] Fw: New Version Notification for draft-li-sidrops-bicone-sav-01.txt > > > > > > > > Hi all, > > > > > > > > We have revised draft-li-sidrops-bicone-sav according to comments received in IETF 119. > > > > > > > > Here is a summary of main updates: > > > > > > > > (1) We add a new Section 4 to introduce two goals of Bicone SAV. > > > > > > > > (2) We add a new Section 5 to introduce some existing methods that can generate allowlist SAV filters. > > > > > > > > (3) In Section 6.3, we describe how to deal with the overlap between provider cone and customer cone. > > > > > > > > (4) We add a new Section 7 to provide a summary of recommendations. > > > > > > > > > > > > Your comments and suggestions are welcome. Thank you! > > > > > > > > Best Regards, > > > > Lancheng > > > > > > > > > > > > > -----原始邮件----- > > > > > 发件人: internet-drafts@ietf.org > > > > > 发送时间:2024-06-14 08:46:13 (星期五) > > > > > 收件人: "Dan Li" <tolidan@tsinghua.edu.cn>, "Lancheng Qin" > > > > > <qlc19@mails.tsinghua.edu.cn>, "Li Chen" <lichen@zgclab.edu.cn>, > > > > > "Libin Liu" <liulb@zgclab.edu.cn> > > > > > 主题: New Version Notification for draft-li-sidrops-bicone-sav-01.txt > > > > > > > > > > A new version of Internet-Draft draft-li-sidrops-bicone-sav-01.txt has > > > > > been successfully submitted by Lancheng Qin and posted to the IETF > > > > > repository. > > > > > > > > > > Name: draft-li-sidrops-bicone-sav > > > > > Revision: 01 > > > > > Title: Bicone Source Address Validation > > > > > Date: 2024-06-14 > > > > > Group: Individual Submission > > > > > Pages: 10 > > > > > URL: https://www.ietf.org/archive/id/draft-li-sidrops-bicone-sav-01.txt > > > > > Status: https://datatracker.ietf.org/doc/draft-li-sidrops-bicone-sav/ > > > > > HTML: https://www.ietf.org/archive/id/draft-li-sidrops-bicone-sav-01.html > > > > > HTMLized: https://datatracker.ietf.org/doc/html/draft-li-sidrops-bicone-sav > > > > > Diff: https://author-tools.ietf.org/iddiff?url2=draft-li-sidrops-bicone-sav-01 > > > > > > > > > > Abstract: > > > > > > > > > > The primary design goal of source address validation (SAV) is > > > > > avoiding improper block (i.e., blocking legitimate traffic) while > > > > > maintaining directionality, especially in partial deployment > > > > > scenarios (see [I-D.ietf-savnet-inter-domain-problem-statement] and > > > > > [RFC8704]). Existing advanced SAV solutions typically generate > > > > > ingress SAV allowlist filters by using information related to > > > > > customer cone. This document analyzes potential improper block > > > > > problems of solely using allowlist filters. To minimize improper > > > > > block, this document proposes Bicone SAV, which enhances the SAV > > > > > technology by additionally using blocklist filters generated based on > > > > > information related to provider cone. > > > > > > > > > > > > > > > > > > > > The IETF Secretariat > > > > > > > > > -- > > > > savnet mailing list -- savnet@ietf.org > > > > To unsubscribe send an email to savnet-leave@ietf.org > > > > > > > > -- > > > > savnet mailing list -- savnet@ietf.org > > > > To unsubscribe send an email to savnet-leave@ietf.org > > > -- > > > savnet mailing list -- savnet@ietf.org > > > To unsubscribe send an email to savnet-leave@ietf.org > > -- > > savnet mailing list -- savnet@ietf.org > > To unsubscribe send an email to savnet-leave@ietf.org > -- > savnet mailing list -- savnet@ietf.org > To unsubscribe send an email to savnet-leave@ietf.org