IETF Logo Mail Archive

Re: [Sidrops] BAR-SAV: new draft on "Source Address Validation Using BGP Updates, ASPA, and ROA"

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Wed, 15 June 2022 12:48 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4BCCC15D86D; Wed, 15 Jun 2022 05:48:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.532
X-Spam-Level:
X-Spam-Status: No, score=-3.532 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.745, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.677, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fY0_NIlLMU5N; Wed, 15 Jun 2022 05:48:55 -0700 (PDT)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on20719.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d04::719]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CF28C14F718; Wed, 15 Jun 2022 05:48:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oVZUQma4VGG69um76EJTYoEUWmHb6hBMF9osRcs7B5hcDQNNED6o/DPuZCR3rkdEmpxfwAJJTsmmBJQ9why8qmV0y+PWQ23j0IKV/LYzU3M8VsoODPAO3NJV2OhEW3uvOAublD9mWrcveaFgoc9HiBtVWvDorGz1w/urwOAb/75mynx2SSTkX5PmXr6yjqZSzTCpNVxVPQC4Nc7LYOF9c6LSl1nxtiOXHc66Z0+rZy4xa7zIqiz9YW+kwSCKPM4ni8bTFaysIuAdiwHJRPIZ/SnspYv8uzqNKxacaAWlVktU0JJ9r2ODTfnb7ZVoSbj0GTLdPG+xlyeG9g3WBNBodw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IEmSNJ30VpZWvYkGkag9MKHUf3+z1UwjpyY+xvJCGIs=; b=LzcvurhJuRKIwK2kZoD/u+MjwJCtOiAIMFwBrOSewc2aqzjCmu5UXmij84/wuiJF2i6Zl+xomRykMaTcNMZVe/HHrIl4+/AtJsm5WQ9QKw+c53cvhzRI+9qea/U46n8/jIkaFEptM2VFIjUWa+YyxmVo8nA1RaCoXm/Gm12YiLu9iP5KWewUGsk0xopnoIBJt4KbhJ6WfQeudu/cmCGzwT4HhAjt1FXIhUh881a9rFVeyFnBCcpv2TNFldbuXZCqa70hr6rShKuA3XF8fFr3ZWQpTHQJxCUb0i9OXoLuwV2Cr9LNCZWPIGOGiZc2yg1nLnFsjYWU6eD6PizReQFhWw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IEmSNJ30VpZWvYkGkag9MKHUf3+z1UwjpyY+xvJCGIs=; b=QyVvNr2EfJAqrhgFbIptGdCXJFhINS5ta3ffbVjQiwObodjl7xYfrSmW8ZPyU6bODBw6lGOJmNIU2LCJw9v8DFtZ0iHXAS8vo/9fEkYdiOzdD6Jxtk2UjV9iEA8/g+/SlRgxuiGPhrNOa4/+ZPZWuOXMO8D8/er6B3Ibwti0T34=
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8) by SA1PR09MB8766.namprd09.prod.outlook.com (2603:10b6:806:17e::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5332.17; Wed, 15 Jun 2022 12:48:50 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::83d:b4f9:f4c0:bf86]) by SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::83d:b4f9:f4c0:bf86%6]) with mapi id 15.20.5332.020; Wed, 15 Jun 2022 12:48:50 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: "sidrops@ietf.org" <sidrops@ietf.org>, "savnet@ietf.org" <savnet@ietf.org>
Thread-Topic: BAR-SAV: new draft on "Source Address Validation Using BGP Updates, ASPA, and ROA"
Thread-Index: AdiAsPZViyhsgu18TmOaXQomPY84/AAAkmhQ
Date: Wed, 15 Jun 2022 12:48:50 +0000
Message-ID: <SA1PR09MB8142595DB2FAF3B81BEED0B484AD9@SA1PR09MB8142.namprd09.prod.outlook.com>
References: <SA1PR09MB81428822A52A72E622408E4484AD9@SA1PR09MB8142.namprd09.prod.outlook.com>
In-Reply-To: <SA1PR09MB81428822A52A72E622408E4484AD9@SA1PR09MB8142.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0ae19e3f-4280-4acb-af32-08da4ecd65a4
x-ms-traffictypediagnostic: SA1PR09MB8766:EE_
x-microsoft-antispam-prvs: <SA1PR09MB8766327C180FAE87EBB6F04A84AD9@SA1PR09MB8766.namprd09.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0GWXgif+p4dLCN/WVxLjK1w9v/hUfkKX2kU0fVbhQWCX4q65VzyGmFuy2SIY9lfho/5kJa1hdXTZU2NDzDDO2lAP7xi18U8I81dQ+rdi7kSFaWRaFcffH5q9254R2Xd5AxuT5QnYyHtP679advNOlqn+AWXNeG2eVTJRv6OU5C1XAkxcsltsaKK9EApjobQkFM3Z2V7ajqrZJqYNlEp3Jj7X/D+sUAHvm1xgGncpZ0Pj/PMVSl32cyZ/pEFmkXltfXlGtYgcOUiexaAPs0zvdmECqSLz4E9SjbLWGo0tBgg2gTpVr166AP2f3JmFiBQvEmUL3Jb7RiTZhitlWuQvP+0oWFWLlkSl24PdBHBGzsdiIq3qQ5gtxeGyadgcpqvvo3nC0/KTlHqqP1ZG3DKJN/Xb39hX45uREVrUYygHSHSLdRiG8976haq2jGnovco30SPQCnMyDumorioXBEKoTZ1Up7TJ1UkzxTyOWrdU9YXuDNpdtZ9P8S0FzKIVobk1pcZCfZ/DSos/SQMWMqw3BkJNHwqQtbA6FtP9N7nsghDULfqwh1iK9TLDzUwrlzmssIhKKxY/ebha7tqhokyf2p2Na5oDDQRKuCAN8bbwjPhL8V68KH9ahk4MtoYqwLeoSpFhlscfrjx0G1oe+VFDz5y7H513ZQZ9tD57kBIV5aGb/YrM+Wrb8XG9EiE+4DW2EC4HJqG/04gUeQoSCTtp5CZ7oPx4c+r672vbWFiGCSI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR09MB8142.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(366004)(71200400001)(316002)(5660300002)(2906002)(2940100002)(508600001)(8676002)(110136005)(86362001)(76116006)(186003)(83380400001)(66556008)(66446008)(66476007)(52536014)(66946007)(82960400001)(64756008)(4743002)(8936002)(55016003)(38100700002)(6506007)(99936003)(15650500001)(26005)(966005)(38070700005)(33656002)(53546011)(7696005)(9686003)(122000001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: R/4QK1nW7GDBFZLv17tDIWq29qJn7PUeMOKV7XDBhTsn1nSVaWPSDfo546XAq1yqmGGg99YZuePangWyGTU1CCfXx+Wh+jQkA5dYXbeaGh2fl9TzfN3dm3d8Tj4KIaZha+i50F/2orRLdxn0LwJTQcdbJdhN2rb0p10Q5Uwu1n1G7BZQvrU00ZjtoC10DdU1PSG8kl3iZj4SPS8Snq7RXXU/2NNgKUlOFSCA8stdnzQzvaJlbYtk6UJLxUZRuKkmtAFOdWXXlJuOuc18+xbAJshDN8VmuOeYYpVgAXePhwmeQiqK6z52rJcgMQ3rG3zgiGL+pUV020RwlALsdpx3Nsbr/OWTgl7TnM0MurFJc2hU1M9rAmGvODnGDHaZpBzeS3da5/apL/BmNRoqDVqiR5tR6ayuR8apqtzLN9BmWwS/AP+RCthYv0FMw3uFJs7ER3WeB59qtsTvCqFsRteaJveoLp2kSoxnfNn8w32zjTLx3Wg0s2YsA2ae+xIyxaqHkms/hT0ulH5XNYMgYtQfm4+vdUEsB/jGgSXncUrZy+1q1NztTMO1919Foc8uJPDPpKhYyddcdz5+CyLpESy16gCt37zIS5EKezvcUVv4HOthcyLQfUKHu53SyHvlMTmehrDlsw+g0JVgEKxmLVLyy1y10VHbPwJ304CN9LfTP4bRFjS5aP+53oJt8yT825QX+nviH86vCupbvxwRTmALln+0ifOIaggVGOEfPVwmfIGkIpEmYDD86DZalAqcAyznzI/Im4MtDP1rLS/3mJcYZ16W5OCnGAC83E0IBjSJlHsK6WKDD0ffcHIQJswLqGmvmMKre+Q05ImFA2m1kJCOCKG6HzKFrVkeMCuyEyWM4KVqApPUKehHGwYDh2WkS3sL1oG0XyvuD7IWjgVUMzs0EQnDk4wwAA9taly1/za6BZbULhYzkUELZFThqdIkNY7rGB+uV8VEIBa/KYZVKXXq4hrNHOJ836hW6lfpA2tL/3BM3JY6KXkVpbXLDCr+4vU1GF5q9u122pY1b1SPX1V6Bc3RoNjip+B4mU+spwKDWFCEIfJvDj+g17X+71UjeRfGLWb8ZTVnMZYoF3QkfYFsb48Dvd/rWV02+fmsUp8bQlGti/hcjEdvV8tmr90UStq5S12noDC6Rk86etrroPoUzDwlqLA+gvu8tCfBeM045V9ZFduwX+9Yyn+YpUey/+IHGBOHZaA1lSCT5TNMIG588CtNOHv8hO94woscMWOTveIgH1rYJ8d2PztiIJpdnS37nWUaZ9icDXRA0k+Gyjk3npqEmoGmIt8WrxtzKeY/Ryv5DaLAXNLIuWYmf087E+HPrRw/a912V1tck3WDSdWF+CQwnpm4BJgyk6ZNfdEqEiOWXtxtP76fscSBTzi/R8o8RvZrZOunyZuY+HllnRZKKqDaCIoNxh3wOk860uo8MKAciiThfH+KzcoIfFznB56uSGv6ouDalTrBsSt5Mrn9nMFucestVjegX0J4SbDAmAy8TfKdhxLEjk0Y9HtQ2VfPPHXNx+9HsB7NhSryCLDkQ0+uTGhTCypXRW9b1UMgia26DXcKS68YPGPdaQ3AqowdaN7GMD3UoaNf6vlStW5HnaehmZMQpUFFP27gEcesQytfyV7i89P8JDkEy9qwpYUUmL7FT+yKYzrIq/SpsB0KcvEgqO4x1tSKP/3qpIaucEV9pU3A21GI7059z8jnoi1Y8YASlsXbdil3Lmjtn2JfBQ==
Content-Type: multipart/mixed; boundary="_002_SA1PR09MB8142595DB2FAF3B81BEED0B484AD9SA1PR09MB8142namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0ae19e3f-4280-4acb-af32-08da4ecd65a4
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jun 2022 12:48:50.6275 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR09MB8766
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/nU3oUrspwFjp0KPbvgEUbNp5g4s>
Subject: Re: [Sidrops] BAR-SAV: new draft on "Source Address Validation Using BGP Updates, ASPA, and ROA"
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2022 12:48:59 -0000

A set of slides explaining the design principles of BAR-SAV with illustrations is available at:
https://github.com/ksriram25/IETF/blob/main/BAR-SAV.pdf 

Also, a pdf of the slides is attached here.

Sriram

-----Original Message-----
From: Sriram, Kotikalapudi (Fed) 
Sent: Wednesday, June 15, 2022 8:21 AM
To: sidrops@ietf.org; savnet@ietf.org
Subject: BAR-SAV: new draft on "Source Address Validation Using BGP Updates, ASPA, and ROA" 

We (authors) would like to invite comments on the following new draft submitted in the SIDROPS WG. Thank you.

Title:	      Source Address Validation Using BGP UPDATEs, ASPA, and ROA (BAR-SAV)
URL:            https://www.ietf.org/archive/id/draft-sriram-sidrops-bar-sav-00.txt   
Htmlized:       https://datatracker.ietf.org/doc/html/draft-sriram-sidrops-bar-sav 

Abstract:
   Designing an efficient source address validation (SAV) filter
   requires minimizing false positives (i.e., avoiding dropping
   legitimate traffic) while maintaining directionality (see RFC8704).
   This document advances the technology for SAV filter design through a
   method that makes use of BGP UPDATE messages, Autonomous System
   Provider Authorization (ASPA), and Route Origin Authorization (ROA).
   The proposed method's name is abbreviated as BAR-SAV.  BAR-SAV can be
   used by network operators to derive more robust SAV filters and thus
   improve network resilience.

Sriram, Igor, Doug

v2.23.0 | Report a Bug | By Email