Source Address Validation Architecture (SAVA) Requirements of CNGI-CERENT2 Jianping Wu CERNET/Tsinghua University IETF 68 Prague March 2007.

Slides:

Advertisements

Similar presentations

NG-Mylife Platform Network Research Center of Tsinghua Univ. CERNET Center Aug 30, 2007.

Advertisements

CNGI/CERNET2 Updates Jilong Wang, Tsinghua U

IPv6 and CNGI in China Jianping WU July 6, Contents What is the next generation Internet we needed IPv6 and its development CERNET update Next Generation.

1 IPv6 Development in China Xing Li Outline l A brief history l Experience l CNGI project l CERNET2 design.

FI Research in China Jun Bi Tsinghua Univ./CERNET Beijing China.

CNGI: China Next Generation Internet Jianping WU CERNET and Tsinghua Univ. Nov. 30, 2004.

IPv6 Source Address Validation and IETF Efforts Jun Bi CERNET/Tsinghua University APAN 26 August, 2008.

©2005 Check Point Software Technologies Ltd. Proprietary & Confidential IPv6 Security Topics TAU Security Forum February 2005 Yoni Appel IPv6 Project Manager.

IPv4 to IPv6 Migration strategies. What is IPv4  Second revision in development of internet protocol  First version to be widely implied.  Connection.

1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.

NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China.

IPv6: The Next Generation Internet Dipen Chauhan.

An Assessment of Mobile Ad-Hoc Network (MANET) Issues Jerry Usery CS 526 May 12 th, 2008.

CS 268: Active Networks Ion Stoica May 6, 2002 (* Based on David Wheterall presentation from SOSP ’99)

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

IPv6 Forum India An Update Hemanth Dattatreya President IPv6 Forum India.

Next Generation Internet Development in China Jianping Wu Professor, Tsinghua University Director of CERNET Network Center August 21, 2002.

Lightweight 4over6 in access network draft-cui-softwire-b4-translated-ds-lite-01 China Telecom: Chongfeng Xie, Qiong Sun Tsinghua University: Yong Cui,

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-1 Integrating Internet Access with MPLS VPNs Implementing Internet Access as a Separate VPN.

IETF 79 th Considerations for Stateless Translation (IVI/dIVI) in Large SP draft-sunq-v6ops-ivi-sp-01 Qiong Sun( China Telecom) Heyu Wang( China Telecom)

Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 MAP Value Proposition.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—1-1 MPLS Concepts Introducing Basic MPLS Concepts.

IPv6 Deployment Plan The Global IPv6 Summit 2001.

CNGI-CERNET2 Operation Oct 21, Outline 1.CNGI-CERNET2 updates 2.CPN Measurement 3.Research Project of NOC 4.Challenges.

1 NGN Issues - Numbering and Addressing Peter Darling ACIF NGN FOG No. 3.

Service Function Chaining Use Cases draft-liu-service-chaining-use-cases IETF 89 London, March 3, 2014 Will Liu, Hongyu Li, Oliver Huang, Huawei Technologies.

© 2003, Cisco Systems, Inc. All rights reserved _03_2003_c4 © 2003, Cisco Systems, Inc. All rights reserved _03_2003_c4.

WIDE -Widely Integrated Distributed Environment Internet Area, Transport Area, Operation & Management Area Director Jun Murai Present by Lee YoungSoo.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

Two Dimensional IP Routing Architecture draft-xu-rtgwg-twod-ip-routing-00 Mingwei Xu, Jianping Wu, Shu Yang CERNET Dan Wang Hong Kong Polytechnic University.

A SAVI Solution for DHCP Draf-ietf-savi-dhcp-06 J. Bi, J. Wu, G. Yao, F. Baker IETF79, Beijing Nov. 9, 2010.

1 November 2006 in Dagstuhl, Germany

July 13, 2010NSF IRNC Kickoff NREN’s in Asia Pacific Jianping Wu APAN Chair CERNET/Tsinghua University July 13 ， 2010.

Softwire Mesh Framework: Multicast Mingwei Xu Yong Cui CERNET, China Chris Metz, Cisco 68 th IETF Meeting, Prague March 2007.

Routing and Addressing: where we are today Prague, IETF 68 March 2007.

Network Address Translation Current problems with IP addresses:  Address depletion  Scaling in routing Solutions:  IPv6  CIDR  NAT.

CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.

Introduction to CNGI-6IX Tsinghua Univ./CERENET

Mobile IPv6 in 6NET: An Overview Chris Edwards, Lancaster University, UK.

McLean HIGHER COMPUTER NETWORKING Lesson 13 Denial of Service Attacks Description of the denial of service attack: effect: disruption or denial of.

RFC 3964 Security Considerations for 6to4 Speaker: Chungyi Wang Adviser: Quincy Wu Date:

MPLS Concepts Introducing Basic MPLS Concepts. Outline Overview What Are the Foundations of Traditional IP Routing? Basic MPLS Features Benefits of MPLS.

A Source Address Validation Architecture (SAVA) and IETF SAVI Working Group Jun Bi Tsinghua University/CERNET Oct 20, 2008.

Enhance Security of IP Network using New Architecture of Address Validation Xiaodong Duan China Mobile.

Panther Media for Large Scale Development Network Architecture.

IPv 邱文揚 Joseph 李家福 Frank. Introduction The scale of IPv4 Internet has become far larger than one could ever imagine when designing.

Softwire mesh MIB draft-cui-softwire-mesh-mib Peng Wu Tsinghua University.

1 IPv6 Development in China Xing Li Outline l A brief history l Experience l CNGI project l CERNET2 design.

1 China Next Generation Internet CNGI Project Jianping Wu Sept. 25, 2003.

Investigating the Prefix-level Characteristics A Case Study in an IPv6 Network Department of Computer Science and Information Engineering, National Cheng.

A Reset on Softwire Mesh Multicast Mingwei Xu Yong Cui CERNET, China Chris Metz, Cisco IETF76 Meeting, Hiroshima Nov 2009.

7 May 2002 Next Generation Abilene Internet2 Member Meeting Washington DC Internet2 Member Meeting Washington DC.

Analysis on binding distribution protocol and A proposed solution SAVI-CPS.

1 MPLS-TP Use Case and Design Considerations draft-fang-mpls-tp-use-cases-and-design-02.txt Luyuan Nabil

QI Fazhi ／ IHEP CC HEPiX IPv6 F2F Meeting IPv6 Network Status in IHEP/China QI Fazhi Computing Center, IHEP July 4, 2013.

Bearer Control for VoIP and VoMPLS Control Plane Francois Le Faucheur Bruce Thompson Cisco Systems, Inc. Angela Chiu AT&T March 30, 2000.

Deployable Filtering Architectures Against Denial-of-Service Attacks Department of Computer Science University College London Telephone: +44 (0)

SIP6 Platform Updates Based on CNGI-CERNET2 Network Research Center Tsinghua University.

© ITT Educational Services, Inc. All rights reserved. IS3120 Network Communications Infrastructure Unit 7 Layer 3 Networking, Campus Backbones, WANs, and.

th IETF NEMO WG 1 NEMO RO Problem Space Prepared for 55 th IETF By Pascal Thubert (Cisco), Ng Chan Wah & Takeshi Tanaka (Panasonic)

Softwire Mesh Framework: Multicast

© 2016 Global Market Insights, Inc. USA. All Rights Reserved Software Defined Networking Market to grow at 54% CAGR from 2017 to 2024:

Preventing Internet Denial-of-Service with Capabilities

CERNET2 IPv6-only Practice: Backbone, Servers, Clients and 4aaS

IPv6 Deployment and Development in CERNET

IPv6 Development in China

Possible Attacks based on IPv6 Features and Its Detection

Presentation transcript:

Source Address Validation Architecture (SAVA) Requirements of CNGI-CERENT2 Jianping Wu CERNET/Tsinghua University IETF 68 Prague March 2007

Outline CNGI-CERNET2 CNGI-CERNET2's SAVA requirements Deployment steps Lessons learned

CNGI-CERNET2 The 2nd generation of China Education and Research Network A nationwide native IPv6 network, part of CNGI (China Next Generation Internet) project Launched in Dec –25 core nodes in 20 major cities. –~200 universities (stub access networks) –IPv6 Core routers and switches from Juniper, Cisco, Huawei, and Bitway

CNGI Backbones

CNGI-CERNET2 Backbones

CERNET2's SAVA requirements(1) Regulatory Compliance Governments may require network operators to vouch for the source of each packet that they carry Protection of the legitimate owner of a spoofed source address Security Requirement Spoofed source addresses are used in some types of DoS attacks

CERNET2's SAVA requirements(2) Accounting Requirements –Facilitate the measurement of end-to-end network usage such as normal telephony. Application Requirements –Spoofed addresses and spoofed application identifiers lead to application problems such as spam . –The performance of end-to-end applications such as VoIP using SIP needs to be improved.

Deployment Steps Step1: Tsinghua University SAVA Testbed Step2: Prototypes implemented and 7 SAVA test AS deployed on CNGI- CERNET2. The observed results are so far good. Step3: SAVA will be deployed in CNGI backbone, including China Telecom, China Netcom, China Mobile, China Unicom, etc.

Lessons Learned BCP 38 limitation –Full deployment –Asymmetric routing environment –Not very incentive to network operators Basic Design Principle of SAVA –Focus on IPv6 –Performance –Scaling –Multi-fence solution –Incrementally deployable –Incomplete deployment still has benefits –Loose coupling of components