draft-ietf-savi-mix-06.txt   draft-ietf-savi-mix-07.txt 
SAVI J. Bi SAVI J. Bi
Internet-Draft G. Yao Internet-Draft G. Yao
Intended status: Standards Track Tsinghua Univ. Intended status: Standards Track Tsinghua Univ.
Expires: November 17, 2014 J. Halpern Expires: September 9, 2015 J. Halpern
Newbridge Newbridge
E. Levy-Abegnoli, Ed. E. Levy-Abegnoli, Ed.
Cisco Cisco
May 16, 2014 March 8, 2015
SAVI for Mixed Address Assignment Methods Scenario SAVI for Mixed Address Assignment Methods Scenario
draft-ietf-savi-mix-06 draft-ietf-savi-mix-07
Abstract Abstract
This document reviews how multiple address discovery methods can In case that multiple IP address assignment methods are allowed in a
coexist in a single SAVI device and collisions are resolved when the network, the corresponding SAVI methods should be enabled to prevent
same binding entry is discovered by two or more methods. spoofing in the network. This document reviews how multiple SAVI
methods can coexist in a single SAVI device and collisions are
resolved when the same binding entry is discovered by two or more
methods.
Status of this Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 17, 2014. This Internet-Draft will expire on September 9, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3
3. Problem Scope . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Problem Scope . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Architecture . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. Architecture . . . . . . . . . . . . . . . . . . . . . . . . 3
5. Security Perimeter in SAVI MIX . . . . . . . . . . . . . . . . 5 5. Recommendations for preventing collisions . . . . . . . . . . 5
6. Recommendations for preventing collisions . . . . . . . . . . 6 6. Resolving binding collisions . . . . . . . . . . . . . . . . 5
7. Handing binding collisions . . . . . . . . . . . . . . . . . . 7 6.1. Same Address on Different Binding Anchors . . . . . . . . 5
7.1. Same Address on Different Binding Anchors . . . . . . . . 7 6.1.1. Basic preference . . . . . . . . . . . . . . . . . . 6
7.1.1. Basic preference . . . . . . . . . . . . . . . . . . . 7 6.1.2. Overwritten preference . . . . . . . . . . . . . . . 6
7.1.2. Overwritten preference . . . . . . . . . . . . . . . . 7 6.1.3. Multiple SAVI Device Scenario . . . . . . . . . . . . 7
7.1.3. Multiple SAVI Device Scenario . . . . . . . . . . . . 8 6.2. Same Address on the Same Binding Anchor . . . . . . . . . 7
7.2. Same Address on the Same Binding Anchor . . . . . . . . . 8 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
8. Security Considerations . . . . . . . . . . . . . . . . . . . 9 8. Acknowledgment . . . . . . . . . . . . . . . . . . . . . . . 7
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
10. Acknowledgment . . . . . . . . . . . . . . . . . . . . . . . . 9 9.1. Normative References . . . . . . . . . . . . . . . . . . 7
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 9.2. Informative References . . . . . . . . . . . . . . . . . 8
11.1. Informative References . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
11.2. Normative References . . . . . . . . . . . . . . . . . . . 10
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction 1. Introduction
There are currently several documents [savi-fcfs], [savi-dhcp] and There are currently several SAVI documents ([RFC6620], [savi-dhcp]
[savi-send] that describe the different methods by which a switch can and [RFC7219]) that describe the different methods by which a switch
discover and record bindings between a node's layer3 address and a can discover and record bindings between a node's IP address and a
binding anchor and use that binding to perform Source Address binding anchor and use that binding to perform source address
Validation. Each of these documents specifies how to learn on-link validation. Each of these documents specifies how to learn on-link
addresses, based on the method used for their assignment, addresses, based on the method used for their assignment,
respectively: StateLess Autoconfiguration (SLAAC), Dynamic Host respectively: StateLess Autoconfiguration (SLAAC), Dynamic Host
Control Protocol (DHCP) and Secure Neighbor Discovery (SeND). Each Control Protocol (DHCP) and Secure Neighbor Discovery (SeND). Each
of these documents describes separately how one particular discovery of these documents describes separately how one particular method
method deals with address collisions (same address, different deals with address collisions (same address, different binding
anchor). anchor).
While multiple assignment methods can be used in the same layer2 While multiple IP assignment methods can be used in the same layer-2
domain, a SAVI device might have to deal with a mix of binding domain, a SAVI device might have to deal with a mix of SAVI methods.
discovery methods. The purpose of this document is to provide The purpose of this document is to provide recommendations to avoid
recommendations to avoid collisions and to review collisions handling collisions and to review collisions handling when two or more such
when two or more such methods come up with competing bindings. methods come up with competing bindings.
2. Requirements Language 2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [rfc2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
3. Problem Scope 3. Problem Scope
There are three address assignment methods identified and reviewed in There are three IP address assignment methods identified and reviewed
one of the SAVI document: in one of the SAVI document:
1. StateLess Address AutoConfiguration (SLAAC) - reviewed in 1. StateLess Address AutoConfiguration (SLAAC) - reviewed in SAVI-
[savi-fcfs] FCFS[RFC6620]
2. Dynamic Host Control Protocol address assignment (DHCP) - 2. Dynamic Host Control Protocol address assignment (DHCP) -
reviewed in [savi-dhcp] reviewed in SAVI-DHCP[savi-dhcp]
3. Secure Neighbor Discovery (SeND) address assignment, reviewed in 3. Secure Neighbor Discovery (SeND) address assignment, reviewed in
[savi-send] SAVI-SEND[RFC7219]
Each address assignment method corresponds to a binding discovery In addition, there is a fourth method for installing a bindings on
method: SAVI-FCFS, SAVI-DHCP and SAVI-SeND. In addition, there is a the switch, referred to as "manual". It is based on manual (address
fourth method for installing a bindings on the switch, referred to as or prefix) binding configuration and is reviewed in [RFC6620] and
"manual". It is based on manual (address or prefix) binding [RFC7039].
configuration and is reviewed in [savi-fcfs] and [savi-framework].
All combinations of address assignment methods can coexist within a All combinations of address assignment methods can coexist within a
layer2 domain. A SAVI device will have to implement the layer-2 domain. A SAVI device will have to implement the
corresponding SAVI discovery methods (referred to as a "SAVI corresponding binding setup methods (referred to as a "SAVI method")
solution") to enable Source Address Validation. If more than one to enable Source Address Validation. If more than one SAVI method is
SAVI solution is enabled on a SAVI device, the method is referred to enabled on a SAVI device, the method is referred to as "mix address
as "mix address assignment method" in this document. assignment method" in this document.
SAVI solutions are independent from each other, each one handling its SAVI methods are independent from each other, each one handling its
own entries. In the absence of reconciliation, each solution will own entries. In the absence of reconciliation, each method will
reject packets sourced with an address it did not discovered. To reject packets sourced with an address it did not discovered. To
prevent addresses discovered by one solution to be filtered out by prevent addresses discovered by one method to be filtered out by
another, the binding table should be shared by all the solutions. another, the binding table should be shared by all the solutions.
However this could create some conflict when the same entry is However this could create some conflict when the same entry is
discovered by two different methods: the purpose of this document is discovered by two different methods: the purpose of this document is
of two folds: provide recommendations and method to avoid conflicts, of two folds: provide recommendations and method to avoid conflicts,
and resolve conflicts if and when they happen. Collisions happening and resolve conflicts if and when they happen. Collisions happening
within a given solution are outside the scope of this document. within a given method are outside the scope of this document.
4. Architecture 4. Architecture
A SAVI device may enable multiple SAVI methods. This mechanism, A SAVI device may enable multiple SAVI methods. This mechanism,
called SAVI-MIX, is proposed as a layer between the binding called SAVI-MIX, is proposed as a arbiter of the binding generation
generation algorithems and the binding database which contains the algorithms, generating the final working binding entries Figure 1.
working binding entries Figure 1. SAVI methods, i.e., SAVI-FCFS,
SAVI-DHCP, SAVI-SEND, do not have exclusive binding tables. Once a
SAVI method generates a candidate binding, it will request SAVI-MIX
to set up a corresponding entry in the shared binding database, named
Binding DB. Then SAVI-MIX will check if there is any conflict in the
Binding DB. A new binding will be generated if there is no conflict.
If there is a conflict, SAVI-MIX will determine whether replace the
existing binding or reject the candidate binding based on the
policies specified in Section 7. Whether the candidate binding can
be install in the Binding DB will not be returned to the requesting
SAVI method.
Correspondingly, the packet filtering will not be performed by each Once a SAVI method generates a candidate binding, it will request
SAVI method separately. Instead, SAVI-MIX will perform filtering SAVI-MIX to set up a corresponding entry in the binding table. Then
based on the entries in the Binding DB. SAVI-MIX will check if there is any conflict in the binding table. A
new binding will be generated if there is no conflict. If there is a
conflict, SAVI-MIX will determine whether to replace the existing
binding or reject the candidate binding based on the policies
specified in Section 6.
The packet filtering will not be performed by each SAVI method
separately. Instead, SAVI-MIX will perform filtering based on the
entries in the binding table.
+--------------------------------------------------------+ +--------------------------------------------------------+
| | | |
| SAVI Device | | SAVI Device |
| | | |
| | | |
| +------+ +------+ +------+ | | +------+ +------+ +------+ |
| | SAVI | | SAVI | | SAVI | | | | SAVI | | SAVI | | SAVI | |
| | | | | | | | | | | | | | | |
| | FCFS | | DHCP | | SEND | | | | FCFS | | DHCP | | SEND | |
| +------+ +------+ +------+ | | +------+ +------+ +------+ |
| | | | | | | | | Binding |
| | | | Candidate Binding | | | | | setup |
| v v v | | v v v requests |
| +------------------------------+ | | +------------------------------+ |
| | | | | | | |
| | SAVI-MIX | | | | SAVI-MIX | |
| | | | | | | |
| +------------------------------+ | | +------------------------------+ |
| | | | | |
| v Final Binding | | v Final Binding |
| +--------------+ | | +--------------+ |
| | Binding | | | | Binding | |
| | | | | | | |
| | Database | | | | Table | |
| +--------------+ | | +--------------+ |
| | | |
+--------------------------------------------------------+ +--------------------------------------------------------+
Figure 1: SAVI-Mix Architecture Figure 1: SAVI-Mix Architecture
5. Security Perimeter in SAVI MIX Each entry in the binding table will contain the following fields:
The perimeter of SAVI MIX is the union of the perimeter of each SAVI 1. IP source address
method, as illustrated in Figure 2. 2. Binding anchor
+-----------------+ 3. Lifetime
| |
+----+ | +-----+ |
| | | | | |
| H1 | | |DHCP1| |
| | | | | |
| | | | | |
+----+ | +-----+ |
+-------|------------------------------+ | |
| | | |
| +---------+ +---------+ |
| | SAVI | | SAVI | |
| | |--------+ +--------| | |
| +---------+ | | +---------+ |
| | | |
| +-------------+ |
| | SWITCH-A | |
| | | |
| +-------------+ |
| | | |
| +---------+ | | +---------+ |
| | SAVI | | | | SAVI | |
| | |--------+ +--------| | |
| +---------+ +---------+ |
| | | |
| | +----------------------------|---------+
| | | |
| +----+ | +----+
| | | | | |
| | R1 | | | H2 |
| | | | | |
| | | | | |
| +----+ | +----+
| |
+-----------------+
Figure 2: SAVI-Mix Perimeter 4. Creation time
6. Recommendations for preventing collisions 5. Binding methods: the methods which request the binding setup.
5. Recommendations for preventing collisions
If each solution has a dedicated address space, collisions won't If each solution has a dedicated address space, collisions won't
happen. Using non overlapping address space across SAVI solutions is happen. Using non overlapping address space across SAVI solutions is
therefore recommended. To that end, one should: therefore recommended. To that end, one should:
1. DHCP/SLAAC: use non-overlapping prefix for DHCP and SLAAC. Set 1. DHCP/SLAAC: use non-overlapping prefix for DHCP and SLAAC. Set
the A bit in Prefix information option of Router Advertisement the A bit in Prefix information option of Router Advertisement
for SLAAC prefix. And set the M bit in Router Advertisement for for SLAAC prefix, and set the M bit in Router Advertisement for
DHCP prefix. For detail explanations on these bits, refer to DHCP prefix. For detail explanations on these bits, refer to
[rfc4861][rfc4862]. [RFC4861][RFC4862].
2. SeND/non-SeND: avoid mixed environment (where SeND and non-SeND 2. SeND/non-SeND: avoid mixed environment (where SeND and non-SeND
nodes are deployed) or separate the prefixes announced to SeND nodes are deployed) or separate the prefixes announced to SeND
and non-SenD nodes. One way to separate the prefixes is to have and non-SenD nodes. One way to separate the prefixes is to have
the router(s) announcing different (non-overlapping) prefixes to the router(s) announcing different (non-overlapping) prefixes to
SeND and to non-SeND nodes, using unicast Router Advertisements, SeND and to non-SeND nodes, using unicast Router Advertisements,
in response to SeND/non-SeND Router Solicit. in response to SeND/non-SeND Router Solicit.
7. Handing binding collisions 6. Resolving binding collisions
In situations where collisions could not be avoided, two cases should In situations where collisions could not be avoided, two cases should
be considered: be considered:
1. The same address is bound on two different binding anchors by 1. The same address is bound on two different binding anchors by
different SAVI solutions. different SAVI methods.
2. The same address is bound on the same binding anchor by different 2. The same address is bound on the same binding anchor by different
SAVI solutions. SAVI methods.
7.1. Same Address on Different Binding Anchors 6.1. Same Address on Different Binding Anchors
This would typically occur in case assignment address spaces could This would typically occur in case assignment address spaces could
not be separated. For instance,overl an address is assigned by SLAAC not be separated. For instance, an address is assigned by SLAAC on
on node X, installed in the binding table using SAVI-FCFS, anchored node X, installed in the binding table using SAVI-FCFS, anchored to
to "anchor-X". Later, the same address is assigned by DHCP to node "anchor-X". Later, the same address is assigned by DHCP to node Y,
Y, as a potential candidate in the same binding table, anchored to and SAVI-DHCP will generate a candidate binding entry, anchored to
"anchor-Y". "anchor-Y".
7.1.1. Basic preference 6.1.1. Basic preference
The SAVI device must decide whom the address should be bound with The SAVI device must decide whom the address should be bound with
(anchor-X or anchor-Y in this example). Current standard documents (anchor-X or anchor-Y in this example). Current standard documents
of address assignment methods have implied the prioritization of address assignment methods have implied the prioritization
relationship (first-come). In the absence of any configuration or relationship (first-come). In the absence of any configuration or
protocol hint (see Section 7.1.2) the SAVI device should choose the protocol hint (see Section 6.1.2) the SAVI device should choose the
first-come entry, whether it was learnt from SLACC, SeND or DHCP. first-come binding anchor, whether it was learnt from SLACC, SeND or
DHCP.
7.1.2. Overwritten preference 6.1.2. Overwritten preference
There are two identified exceptions to the general prioritization There are two identified exceptions to the general prioritization
model, one of them being CGA addresses, another one controlled by the model, one of them being CGA addresses, another one controlled by the
configuration of the switch: configuration of the switch.
1. When CGA addresses are used, and a collision is detected, 6.1.2.1. CGA preference
preference should be given to the anchor that carries the CGA
credentials once they are verified, in particular the CGA
parameters and the RSA options. Note that if an attacker was
trying to replay CGA credentials, he would then compete on the
base of fcfs (first-come, first-serve).
2. The SAVI device should allow the configuration of a triplet When CGA addresses are used, and a collision is detected, preference
("prefix", "anchor", "method") or ("address", "anchor", should be given to the anchor that carries the CGA credentials once
"method"). Later, if a DAD message is received for a target they are verified, in particular the CGA parameters and the RSA
within "prefix" (or equal "address") bound to "anchor1" options. Note that if an attacker was trying to replay CGA
(different from "anchor"), or via a discovery method different credentials, he would then compete on the base of fcfs (first-come,
from "method", the switch should defend the address by responding first-serve).
to the DAD message. It should not at this point install the
entry into the binding table. It will simply prevent the node to
assign the address, and will de-facto prioritize the configured
anchor or configured assignment method for that address. This is
especially useful to protect well known bindings such as a static
address of a server over anybody, even when the server is down.
It is also a way to give priority to a binding learnt from SAVI-
DHCP over a binding for the same address, learnt from SAVI-FCFS.
7.1.3. Multiple SAVI Device Scenario 6.1.2.2. configuration preference
For configuration driven exceptions, the SAVI device may allow the
configuration of a triplet ("prefix", "anchor", "method") or
("address", "anchor", "method"), where at least one of ("anchor",
"method") should be specified. Later, if a DAD message is received
with the following conditions verified:
1. The target in the DAD message does not exist in the binding table
2. The target is within configured "prefix" (or equal to "address")
3. The anchor bound to target is different from the configured
anchor, when specified
4. The configured method, if any, is different from SAVI-FCFS
the switch should defend the address by responding to the DAD
message. It should not at this point install the entry into the
binding table. It will simply prevent the node to assign the
address, and will de-facto prioritize the configured anchor. This is
especially useful to protect well known bindings such as a static
address of a server over anybody, even when the server is down. It
is also a way to give priority to a binding learnt from SAVI-DHCP
over a binding for the same address, learnt from SAVI-FCFS.
6.1.3. Multiple SAVI Device Scenario
A single SAVI device doesn't have the information of all bound A single SAVI device doesn't have the information of all bound
addresses on the perimeter. Therefore it is not enough to lookup addresses on the perimeter. Therefore it is not enough to lookup
local bindings to identify a collision. However, assuming DAD is local bindings to identify a collision. However, assuming DAD is
performed throughout the security perimeter for all addresses performed throughout the security perimeter for all addresses
regardless of the assignment method, then DAD response will inform regardless of the assignment method, then DAD response will inform
all SAVI devices about any collision. In that case, FCFS will apply all SAVI devices about any collision. In that case, FCFS will apply
the same way as in a single switch scenario. If the admin configured the same way as in a single switch scenario. If the admin configured
on one the switches a prefix (or a single static binding) to defend, on one the switches a prefix (or a single static binding) to defend,
the DAD response generated by this switch will also prevent the the DAD response generated by this switch will also prevent the
binding to be installed on other switches of the perimeter. binding to be installed on other switches of the perimeter.
7.2. Same Address on the Same Binding Anchor 6.2. Same Address on the Same Binding Anchor
A binding may be set up on the same binding anchor by multiple A binding may be set up on the same binding anchor by multiple
solutions. For example, if SAVI-FCFS and SAVI-DHCP are both enabled methods, typically SAVI-FCFS and SAVI-DHCP. If the binding lifetimes
on one SAVI device, a DHCP address be bound by both SAVI instances. obtained from the two methods are different, priority should be given
to 1) Manual configuration 2) SAVI-DHCP 3) SAVI-FCFS as the least
There is no conflict if the binding is valid in all the solutions. authoritative. The binding will be removed when the prioritized
However, the binding lifetimes of different solutions can be lifetime expires, even if a less authoritative method had a longer
different. If one SAVI instance changes the state of a binding to lifetime.
invalid on lifetime expires, conflict will happen.
The solution proposed is to keep a binding as long as possible. A
binding is kept until it has been required to be removed by all the
solutions that ever set up it.
8. Security Considerations
As described in [savi-framework], this solution cannot strictly
prevent spoofing. There are two scenarios in which spoofing can
still happen:
1. The binding anchor is spoofable. if the binding anchor is
spoofable, e.g., plain MAC address, an attacker can use forged
binding anchor to send packet which will not be regarded as
spoofing by SAVI device. Indeed, using binding anchor that can
be easily spoofed is dangerous. An attacker can use the binding
anchor of another host to perform a lot of DHCP procedures, and
the SAVI device will refuse to set up new binding for the host
whenever the binding number limitation has been reached. Thus,
it is RECOMMENDED to use strong enough binding anchor, e.g.,
switch port, secure association in 802.11ae/af and 802.11i.
2. The binding anchor is shared by more than one host. If the
binding anchor is shared by more than one host, they can spoof
the addresses of each other. For example, a number of hosts can
attach to the same switch port of a SAVI device through a hub.
The SAVI device cannot distinguish packets from different hosts
and thus the spoofing between them will not be detected. This
problem can be solved through not sharing binding anchor between
hosts.
9. IANA Considerations 7. IANA Considerations
This memo asks the IANA for no new parameters. This memo asks the IANA for no new parameters.
Note to RFC Editor: This section will have served its purpose if it 8. Acknowledgment
correctly tells IANA that no new assignments or registries are
required, or if those assignments or registries are created during
the RFC publication process. From the authors' perspective, it may
therefore be removed upon publication as an RFC at the RFC Editor's
discretion.
10. Acknowledgment
Thanks to Christian Vogt, Eric Nordmark, Marcelo Bagnulo Braun and Thanks to Christian Vogt, Eric Nordmark, Marcelo Bagnulo Braun and
Jari Arkko for their valuable contributions. Jari Arkko for their valuable contributions.
This document was generated using the xml2rfc tool. This document was generated using the xml2rfc tool.
11. References 9. References
11.1. Informative References 9.1. Normative References
[rfc2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, BCP 14, Match 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
11.2. Normative References [RFC7039] Wu, J., Bi, J., Bagnulo, M., Baker, F., and C. Vogt,
"Source Address Validation Improvement (SAVI) Framework",
RFC 7039, October 2013.
[rfc4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, [RFC6620] Nordmark, E., Bagnulo, M., and E. Levy-Abegnoli, "FCFS
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, SAVI: First-Come, First-Served Source Address Validation
September 2007. Improvement for Locally Assigned IPv6 Addresses", RFC
6620, May 2012.
[rfc4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless [RFC7219] Bagnulo, M. and A. Garcia-Martinez, "SEcure Neighbor
Address Autoconfiguration", RFC 4862, September 2007. Discovery (SEND) Source Address Validation Improvement
(SAVI)", RFC 7219, May 2014.
[savi-dhcp] [savi-dhcp]
Bi, J., Wu, J., Yao, G., and F. Baker, "SAVI Solution for Bi, J., Wu, J., Yao, G., and F. Baker, "SAVI Solution for
DHCP", draft-ietf-savi-dhcp-18 (work in progress), DHCP", draft-ietf-savi-dhcp-34 (work in progress), Feb
February 2012. 2015.
[savi-fcfs] 9.2. Informative References
Nordmark, E., Bagnulo, M., and E. Levy-Abegnoli, "FCFS-
SAVI: First-Come First-Serve Source-Address Validation for
Locally Assigned Addresses", RFC 6620, May 2012.
[savi-framework] [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
Wu, J., Bi, J., Bagnulo, M., Baker, F., and C. Vogt, Ed., "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
"Source Address Validation Improvement Framework", September 2007.
RFC 7039, October 2013.
[savi-send] [RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Bagnulo, M. and A. Garcia-Martinez, "SEND-based Source- Address Autoconfiguration", RFC 4862, September 2007.
Address Validation Implementation",
draft-ietf-savi-send-06 (work in progress), October 2011.
Authors' Addresses Authors' Addresses
Jun Bi Jun Bi
Tsinghua University Tsinghua University
Network Research Center, Tsinghua University Network Research Center, Tsinghua University
Beijing 100084 Beijing 100084
China China
Email: junbi@tsinghua.edu.cn EMail: junbi@tsinghua.edu.cn
Guang Yao Guang Yao
Tsinghua University Tsinghua University
Network Research Center, Tsinghua University Network Research Center, Tsinghua University
Beijing 100084 Beijing 100084
China China
Email: yaoguang@cernet.edu.cn EMail: yaoguang.china@gmail.com
Joel M. Halpern Joel M. Halpern
Newbridge Networks Inc Newbridge Networks Inc
Email: jmh@joelhalpern.com EMail: jmh@joelhalpern.com
Eric Levy-Abegnoli (editor) Eric Levy-Abegnoli (editor)
Cisco Systems Cisco Systems
Village d'Entreprises Green Side - 400, Avenue Roumanille Village d'Entreprises Green Side - 400, Avenue Roumanille
Biot-Sophia Antipolis 06410 Biot-Sophia Antipolis 06410
France France
Email: elevyabe@cisco.com EMail: elevyabe@cisco.com
 End of changes. 63 change blocks. 
244 lines changed or deleted 171 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/