Network Working Group W. Cheng Internet Draft China Mobile Intended status: Informational D. Li Expires: August 28, 2026 Tsinghua University C. Lin New H3C Technologies S. Yue China Mobile February 28, 2026 Inter-domain Source Address Validation (SAVNET) OAM draft-cheng-savnet-inter-domain-oam-02 Abstract This document is a framework for how Source Address Validation (SAVNET) can be applied to operations and maintenance procedures for Inter-domain network. The document is structured to outline how Operations and Management (OAM) functionality can be used to assist in fault, configuration, accounting, performance, and security management, commonly known by the acronym FCAPS. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on August 28, 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents Cheng, et al. Expires August 28, 2026 [Page 1] Internet-Draft Inter-domain SAVNET OAM February 2026 (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction...................................................2 2. Requirements Language..........................................3 3. Overview.......................................................3 4. Terminology....................................................4 5. Fault Management...............................................4 5.1. Fault Detection...........................................4 5.2. Fault Isolation...........................................5 6. Operational and Manageability Considerations...................6 6.1. OAM1: Source information from different origins...........6 6.1.1. Configuration for RPKI...............................6 6.1.2. Configuration for source information from Local Routing ............................................................7 6.1.3. Configuration for source information IRR Data........7 6.1.4. Configuration for source information from BGP Update.7 6.1.5. Configuration for source information from specific...8 6.1.6. Notification for Source information..................8 6.1.7. Count for Source information.........................9 6.2. OAM2: SAV Information Base Manager........................9 6.2.1. Organization of Base Manager.........................9 6.2.2. Notification for Base Manager........................9 6.2.3. Count for Base Manager...............................9 6.3. OAM3: SAV Rules..........................................10 6.3.1. Count for SAV Rules.................................10 6.3.2. Permit Rules and Block Rules........................11 6.3.3. Performance.........................................11 6.4. Security Management......................................12 7. Security Considerations.......................................12 8. IANA Considerations...........................................12 9. References....................................................12 9.1. Normative References.....................................12 9.2. Informational References.................................13 Authors' Addresses...............................................13 1. Introduction Source address spoofing is one of the most serious security threats to today's Internet. It serves as a main attack vector for large- Cheng, et al. Expires August 28, 2026 [Page 2] Internet-Draft Inter-domain SAVNET OAM February 2026 scale Distributed Denial of Service (DDoS) attacks and is commonly used in reflective DDoS attacks. To mitigate source address spoofing, many source address validation (SAV) solutions (e.g., BCP38 [RFC2827] and BCP84 [RFC3704] [RFC8704]) have been proposed. The primary design goal of SAV solutions is avoiding improper block (i.e., blocking legitimate traffic) while maintaining directionality, especially in partial deployment scenarios (see [I- D.ietf-savnet-inter-domain-problem-statement] and [RFC8704]). To address these issues and guide the design of new inter-domain SAV solutions, [I-D.draft-ietf-savnet-inter-domain-architecture] proposes the architecture of inter-domain SAVNET and introduces the use of SAV-specific information in inter-domain networks. Based on the architecture of inter-domain SAVNET, this document provides a framework and requirements for Inter-domain SAVNET Operations, Administration, and Maintenance (OAM). The approach of this document is to outline the functionality, potential mechanisms to provide the functions, and the required applicability of inter- domain OAM functions. 2. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. Overview This document primarily explores the functions that SAV Inter-domain OAM needs to accomplish. As shown in the architecture of Figure 1, the following OAM tasks need to be addressed: OAM1: Configure for different data sources, including RPKI, Local Routing, IRR Data, BGP Update, and SAV-Specific. OAM2: Based on the source information from the different data sources in OAM1, provide the functionality to view source information by AS number. OAM3: Based on the source information from different origins, optimize to generate SAV Rules, and maintain Permit Rules and Block Rules. Cheng, et al. Expires August 28, 2026 [Page 3] Internet-Draft Inter-domain SAVNET OAM February 2026 +-----------------------------------------------------------+ | AS X | | +-------------------------------------------------------+ | | | SAVNET Agent | | ---| | +---------------------+ +--------------------------+ | | | | | | General Information | | SAV-specific Inform