In this freshly uploaded new version,
https://tools.ietf.org/html/draft-sriram-opsec-urpf-improvements-02
https://tools.ietf.org/rfcdiff?url2=draft-sriram-opsec-urpf-improvements-02.txt
the following changes are worth noting:
1. Jeff Haas has been added as a co-author.
(The original authors had several very helpful discussion with Jeff and
received very useful inputs from him, particularly regarding implementation
considerations.)
2. At the OPSEC WG meeting in July in Prague, the we had a lively discussion
regarding
a challenging scenario in which the original proposal would not work.
This scenario is described in Section 3.3.
3. Adding further flexibility to the proposed method has the potential
to overcome this challenge. Section 3.4 describes this added flexibility
and the new revised algorithm.
4. Implementation considerations, including an analysis of the
FIB memory size requirements, are presented in more detail in Section 3.5.
Thanks to many in the OPSEC and GROW WGs for discussions and constructive
criticism.
Sriram
-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Monday, October 30, 2017 5:37 PM
To: Sriram, Kotikalapudi (Fed) <[email protected]>; Montgomery,
Douglas (Fed) <[email protected]>; Jeffrey Haas <[email protected]>
Subject: New Version Notification for
draft-sriram-opsec-urpf-improvements-02.txt
A new version of I-D, draft-sriram-opsec-urpf-improvements-02.txt
has been successfully submitted by Kotikalapudi Sriram and posted to the IETF
repository.
Name: draft-sriram-opsec-urpf-improvements
Revision: 02
Title: Enhanced Feasible-Path Unicast Reverse Path Filtering
Document date: 2017-10-30
Group: Individual Submission
Pages: 14
https://tools.ietf.org/html/draft-sriram-opsec-urpf-improvements-02
https://tools.ietf.org/rfcdiff?url2=draft-sriram-opsec-urpf-improvements-02.txt
Abstract:
This document identifies a need for improvement of the unicast
Reverse Path Filtering techniques (uRPF) [BCP84] for source address
validation (SAV) [BCP38]. The strict uRPF is inflexible about
directionality, the loose uRPF is oblivious to directionality, and
the current feasible-path uRPF attempts to strike a balance between
the two [BCP84]. However, as shown in this draft, the existing
feasible-path uRPF still has short comings. This document proposes
an enhanced feasible-path uRPF technique, which aims to be more
flexible (in a meaningful way) about directionality than the
feasible-path uRPF. It can potentially alleviate ISPs' concerns
about the possibility of disrupting service for their customers, and
encourage greater deployment of uRPF techniques.
_______________________________________________
OPSEC mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/opsec
