Internet-Draft SAV Monitoring Requirements June 2026
Qin, et al. Expires 31 December 2026 [Page]
Workgroup:
SAVNET
Internet-Draft:
draft-qin-savnet-sav-monitoring-requirements-00
Published:
Intended Status:
Informational
Expires:
Authors:
L. Qin
Zhongguancun Laboratory
D. Li
Tsinghua University
N. Geng
Huawei

Information Requirements for Monitoring Source Address Validation (SAV) Enforcement

Abstract

Source Address Validation (SAV) enforcement requires operational visibility into validation results, traffic-handling outcomes, SAV rule generation and state, and SAV configuration. Such visibility helps operators understand how SAV operates in the network and supports operational decisions, including staged deployment where traffic that fails validation may be permitted while being monitored and analyzed. This document identifies information requirements for monitoring SAV enforcement.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 31 December 2026.

Table of Contents

1. Introduction

Source Address Validation (SAV) is an important mechanism for mitigating source address spoofing. Operating SAV safely and effectively requires operators to observe and evaluate SAV enforcement behavior in operational networks. Operators need visibility into whether traffic passes or fails SAV validation, how traffic is actually handled after validation, which SAV rule is involved, and whether the observed behavior matches operational expectations.

Such visibility requires information from multiple perspectives. Traffic validation and handling information helps operators understand validation results and traffic-handling outcomes. SAV rule generation and state information helps operators understand how SAV rules are generated, updated, and maintained, including the content and scale of enforced SAV rules. SAV configuration and operation information helps operators understand where SAV is enabled, which interfaces are covered, and which traffic handling policy is configured for traffic that fails validation.

In some deployments, SAV enforcement may initially permit traffic that fails validation while monitoring and analyzing the validation result and related context. This allows operators to evaluate SAV rule correctness and operational safety before applying stricter traffic handling policies, such as dropping traffic that fails validation.

This document identifies information requirements for monitoring SAV enforcement in operational networks. It focuses on what information is needed to observe, analyze, and support operational decisions about SAV enforcement. These requirements are intended to provide a common reference for the use, evaluation, or design of telemetry and monitoring mechanisms for SAV.

2. Terminology

Validation result:

The result of applying SAV rules to traffic. The validation result is either pass or fail.

Enforcement action:

The action applied to traffic after validation. For traffic that passes validation, the action is normally to permit the traffic. For traffic that fails validation, the action is determined by the configured traffic handling policy [I-D.ietf-savnet-general-sav-capabilities].

3. Use Cases for SAV Monitoring

This section describes representative use cases for SAV monitoring. These use cases illustrate how the information identified in this document can support SAV operation, but they are not intended to be exhaustive.

3.1. Network-wide Visibility and Operational Decision-Making

Network-wide visibility is a basic use case for SAV monitoring. Operators need to understand the overall status of SAV deployment and enforcement across the network. By aggregating information from multiple routers, operators can identify where SAV is enabled, what SAV rules are generated, what traffic handling policies are configured, and what validation results or enforcement actions are observed.

Such visibility provides the baseline information needed for SAV operation. Based on this information, operators can refine SAV rules, adjust deployment scope, assess whether observed validation results are consistent with operational expectations, and evaluate the effectiveness of deployed SAV mechanisms.

In this way, SAV monitoring supports continuous optimization of SAV deployment and operation.

3.2. SAV Correctness Verification

SAV monitoring also supports verification of whether SAV rules are correctly generated and used for validation. Operators can compare SAV rule generation and state information, such as SAV rule content and prefix-to-interface bindings, with traffic validation and handling information, such as validation results, to assess whether SAV validation behaves as expected.

For example, monitoring can help operators identify possible incorrect validation, stale SAV states, misconfigurations, abnormal SAV table changes, or unexpected validation results for specific traffic. Such verification is useful for reducing the risk that legitimate traffic will be incorrectly classified as invalid when stricter traffic handling policies are applied.

3.3. Troubleshooting SAV Enforcement

Monitoring information enables operators to troubleshoot unexpected validation results or traffic-handling outcomes related to SAV enforcement. Operators can use monitoring information to identify whether traffic is affected due to incorrect validation, stale SAV rules, misconfigurations, or an unexpected enforcement action.

This capability is essential for isolating faults and understanding where and why validation results or enforcement actions deviate from expectations.

3.4. Staged Deployment and Enforcement Transition

SAV monitoring enables a staged deployment approach that reduces operational risk. Operators can initially deploy SAV with an enforcement action that permits traffic that fails validation while exporting validation results, matched rules, traffic statistics, and related context to a monitoring system.

Based on observed data-plane behavior and analysis of monitoring data, operators can evaluate whether SAV rules are correctly generated, whether the installed SAV rules match the intended policy, and whether a stricter traffic handling policy would affect legitimate traffic. Once sufficient confidence is established, operators can transition to stricter traffic handling policies, such as dropping traffic that fails SAV validation.

This staged approach treats monitoring as part of the enforcement strategy. It allows incremental rollout of SAV enforcement and minimizes the risk of unintended traffic disruption.

4. Information Requirements for SAV Monitoring

4.1. Traffic Validation and Handling Information

Traffic validation and handling information reflects how traffic is validated by SAV and how it is handled after validation. It is essential for understanding validation results, traffic-handling outcomes, and the operational impact of SAV enforcement.

The following information is important for monitoring traffic validation and handling:

Validation result:

Information indicating whether traffic passes or fails SAV validation. This information helps operators understand validation outcomes and determine whether a traffic-handling decision is related to SAV.

Traffic-handling outcome:

Information indicating how the traffic is actually handled by the router after the enforcement action is applied. This may include whether the traffic is forwarded, dropped, counted, logged, rate-limited, or redirected.

Ingress interface:

The interface on which traffic is received. This information helps operators identify the interface-specific SAV rules related to a validation result or traffic-handling outcome.

Validation and enforcement statistics:

Counters or aggregated statistics for validation results and traffic-handling outcomes. These statistics may be maintained per interface, per prefix, or per rule.

4.2. SAV Rule Generation and State Information

SAV rule generation and state information describes how SAV rules are generated, updated, and maintained.

The following information is important for monitoring SAV rule generation and state:

SAV rule content:

Information about the SAV rules generated for a router or a specific router interface. This information helps operators understand the SAV rules used for SAV enforcement.

SAV rule size:

Information about the scale of SAV rules, such as the number of prefixes or the amount of storage used by SAV rules. This information helps operators assess resource usage and determine whether SAV rule generation produces unexpectedly large rule sets.

Source of information:

The information sources used for SAV rule generation, such as routing information, management configuration, SAV-specific information, or RPKI data. This information helps operators understand how SAV rules are derived and whether they are based on authoritative information.

Update status:

Information indicating when SAV rules were last updated. When combined with the state of the corresponding information sources, this information can help operators assess whether SAV rules are up to date.

4.3. SAV Configuration and Operation Information

SAV configuration and operation information describes how SAV enforcement is configured and operated in the network. It provides essential context for interpreting traffic validation and handling information, as well as SAV rule generation and state information.

The following information is important from the configuration and operation perspective:

SAV enablement status:

Information indicating whether SAV is enabled on each relevant router or interface. This information helps operators understand the deployment coverage of SAV.

Traffic handling policy configuration:

The configured traffic handling policy for traffic that fails SAV validation. This information helps operators understand how traffic that fails SAV validation is intended to be processed, and helps interpret the relationship between validation results and actual traffic handling.

Change history:

Information about recent changes to SAV-related configuration, such as traffic handling policy configuration.

5. Security Considerations

SAV monitoring information can reveal sensitive operational details. Unauthorized disclosure of such information could help an attacker infer network topology, identify filtering gaps, or evade SAV enforcement. Therefore, access to SAV monitoring information should be restricted to authorized entities. Telemetry or monitoring data used for SAV operations needs to be protected against tampering and spoofing. Incorrect or forged monitoring information could mislead operators, hide enforcement failures, or cause inappropriate policy changes. Mechanisms that export SAV monitoring information should provide appropriate authentication, integrity protection, and confidentiality protection when needed.

6. IANA Considerations

This document does not request any IANA allocations.

7. Informative References

[I-D.ietf-savnet-general-sav-capabilities]
Huang, M., Cheng, W., Li, D., Geng, N., and L. Chen, "General Source Address Validation Capabilities", Work in Progress, Internet-Draft, draft-ietf-savnet-general-sav-capabilities-03, , <https://datatracker.ietf.org/doc/html/draft-ietf-savnet-general-sav-capabilities-03>.

Authors' Addresses

Lancheng Qin
Zhongguancun Laboratory
Beijing
China
Dan Li
Tsinghua University
Beijing
China
Nan Geng
Huawei
Beijing
China