Source Address Validation: Architecture and Protocol Design
The current Internet addressing architecture does not verify the source address of a packet received and forwarded. This causes serious security and accounting problems. Based on the drastically increased IPv6 address space, a Source Address Validation Architecture (SAVA) is proposed in this paper, which can guarantee that every packet received and forwarded holds an authenticated source IP address. The design goals of the architecture are lightweight, loose coupling, multi-fence support and incremental deployment. This paper discusses the details of design and implementation f6r the architecture, including inter-AS, intra-AS and local subnet. This architecture is deployed into the CNGI- CERNET2 infrastructure-a large-scale native IPv6 backbone network of the China Next Generation Internet project. We believe that the Source Address Validation Architecture will help the transition to a new, more secure and sustainable Internet.
Jianping Wu Gang Ren Xing Li
Dept. Of Computer Science Tsinghua University Dept. of Electronic Engineering Tsinghua University
国际会议
The 15th IEEE International Conference on Network Protocols(ICNP 2007)(第15届IEEE国际网络协议大会)
北京
英文
276-283
2007-10-16(万方平台首次上网日期,不代表论文的发表时间)