Hi Med,
Thank you for your valuable comments and interest in our draft. Below, we have
provided explanations and additional clarifications regarding your questions.
1) Consultation with SAVNET WG: Yes, we have discussed with the chair of the
SAVNET WG. He advised us to promote this draft within the OPS field, as SAVNET
is primarily focused on the SAV protocol, while our draft is centered on
security operations.
2) To a BOF: We have also presented another draft
(https://datatracker.ietf.org/doc/draft-cui-dots-extended-yang/) at the
dispatch-all #191, and the ADes suggested that we can identify more related
topics around the extended DOTS signaling and its use cases to form a BOF.
However, we have not yet identified a sufficient number of related topics and
working directions. We would greatly appreciate your assistance in recommending
related topics and experts who might be interested in contributing to this
field.
3) Implementation and deployment: We have developed a demonstration to
illustrate the effectiveness of SAV-D and have released its code at
https://github.com/sava-anti-ddos/SAV-D. We are also in contact with one of
China's largest network operators, who are interested in deploying SAVI and
SAV-D devices. We will provide experimental results after testing on their
testbed.
Thank you once again for your support.
Best,
Mingzhe
---- Replied Message ----
From<mohamed.boucad...@orange.com>Date10/26/2024 01:52ToMingzhe
Xing<xingmz=40zgclab.edu...@dmarc.ietf.org>ccops...@ietf.org<opsawg@ietf.org>Subject[OPSAWG]Re:
Request for Comments on Draft "SAV-based Anti-DDoS Architecture"
Hi Mingzhe,
As the main author of the DOTS telemetry spec, I’m enthusiast to this proposal
and would like to see more details/practicalities. I have two logistic-related
comments:
Did you checked with SAVNET WG?
Also, it seems to me this was presented in dispatch-all IETF#119. The reaction
was positive as I recall but was there any follow-up with the sec ADs as:
==
Dispatch outcome: To a BOF; maybe related topics not just this draft.
==
Thank you.
Cheers,
Med
On Oct 18, 2024, at 12:39 AM, 邢铭哲 <xingmz=40zgclab.edu...@dmarc.ietf.org> wrote:
Dear OPSAWG Experts,
We have submitted a draft titled "SAV-based Anti-DDoS Architecture"
(https://datatracker.ietf.org/doc/draft-cui-savnet-anti-ddos/), which focuses
on enhancing security operations to defend against DDoS attacks using a SAV-D
controller. The draft is motivated by the observation that spoofed IP addresses
can lead to severe DDoS attacks. While Source Address Validation (SAV) schemes
are an effective means of mitigating such attacks, the limited deployment of
SAV devices impairs their overall performance.
In this context, we propose the SAV-D architecture to leverage information from
both SAV and non-SAV devices. This approach improves detection accuracy and
incentivizes broader deployment of SAV devices. Specifically, the architecture
allows SAV honeypots, legacy routers, and victim defense systems to interact
with the SAV-D controller, retrieving comprehensive threat intelligence to
inform defense strategies. Furthermore, the SAV honeypots report malicious
packet information to the SAV-D controller, enabling data analysis and the
creation of global threat intelligence. The SAV-D controller can also provide
comprehensive attack situation awareness, helping operators manage their
networks more effectively. Our draft introduces the overall architecture of the
SAV-D controller, the interaction with devices, the data transmission protocol,
workflow, deployment strategies, and examples of connections.
Based on SAV-D, we have set up a small-scale experimental environment and
validated the effectiveness of the framework against reflective DDoS attacks.
The details can be found in the paper(SAV-D: Defending DDoS with Incremental
Deployment of SAV ).
This draft offers a practical operational solution for defending against
spoofed IP DDoS attacks while utilizing existing SAV devices, legacy routers,
and victim defense mechanisms. We submit this to OPSAWG and look forward to
your valuable feedback to improve the draft.
Best regards,
Mingzhe
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites
ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez
le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les
messages electroniques etant susceptibles d'alteration, Orange decline toute
responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This
message and its attachments may contain confidential or privileged information
that may be protected by law; they should not be distributed, used or copied
without authorisation. If you have received this email in error, please notify
the sender and delete this message and its attachments. As emails may be
altered, Orange is not liable for messages that have been modified, changed or
falsified. Thank you.
_______________________________________________
OPSAWG mailing list -- opsawg@ietf.org
To unsubscribe send an email to opsawg-le...@ietf.org
