| Internet-Draft | SAV Monitoring Requirements | June 2026 |
| Qin, et al. | Expires 31 December 2026 | [Page] |
Source Address Validation (SAV) enforcement requires operational visibility into validation results, traffic-handling outcomes, SAV rule generation and state, and SAV configuration. Such visibility helps operators understand how SAV operates in the network and supports operational decisions, including staged deployment where traffic that fails validation may be permitted while being monitored and analyzed. This document identifies information requirements for monitoring SAV enforcement.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 31 December 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Source Address Validation (SAV) is an important mechanism for mitigating source address spoofing. Operating SAV safely and effectively requires operators to observe and evaluate SAV enforcement behavior in operational networks. Operators need visibility into whether traffic passes or fails SAV validation, how traffic is actually handled after validation, which SAV rule is involved, and whether the observed behavior matches operational expectations.¶
Such visibility requires information from multiple perspectives. Traffic validation and handling information helps operators understand validation results and traffic-handling outcomes. SAV rule generation and state information helps operators understand how SAV rules are generated, updated, and maintained, including the content and scale of enforced SAV rules. SAV configuration and operation information helps operators understand where SAV is enabled, which interfaces are covered, and which traffic handling policy is configured for traffic that fails validation.¶
In some deployments, SAV enforcement may initially permit traffic that fails validation while monitoring and analyzing the validation result and related context. This allows operators to evaluate SAV rule correctness and operational safety before applying stricter traffic handling policies, such as dropping traffic that fails validation.¶
This document identifies information requirements for monitoring SAV enforcement in operational networks. It focuses on what information is needed to observe, analyze, and support operational decisions about SAV enforcement. These requirements are intended to provide a common reference for the use, evaluation, or design of telemetry and monitoring mechanisms for SAV.¶
The result of applying SAV rules to traffic. The validation result is either pass or fail.¶
The action applied to traffic after validation. For traffic that passes validation, the action is normally to permit the traffic. For traffic that fails validation, the action is determined by the configured traffic handling policy [I-D.ietf-savnet-general-sav-capabilities].¶
This section describes representative use cases for SAV monitoring. These use cases illustrate how the information identified in this document can support SAV operation, but they are not intended to be exhaustive.¶
Network-wide visibility is a basic use case for SAV monitoring. Operators need to understand the overall status of SAV deployment and enforcement across the network. By aggregating information from multiple routers, operators can identify where SAV is enabled, what SAV rules are generated, what traffic handling policies are configured, and what validation results or enforcement actions are observed.¶
Such visibility provides the baseline information needed for SAV operation. Based on this information, operators can refine SAV rules, adjust deployment scope, assess whether observed validation results are consistent with operational expectations, and evaluate the effectiveness of deployed SAV mechanisms.¶
In this way, SAV monitoring supports continuous optimization of SAV deployment and operation.¶
SAV monitoring also supports verification of whether SAV rules are correctly generated and used for validation. Operators can compare SAV rule generation and state information, such as SAV rule content and prefix-to-interface bindings, with traffic validation and handling information, such as validation results, to assess whether SAV validation behaves as expected.¶
For example, monitoring can help operators identify possible incorrect validation, stale SAV states, misconfigurations, abnormal SAV table changes, or unexpected validation results for specific traffic. Such verification is useful for reducing the risk that legitimate traffic will be incorrectly classified as invalid when stricter traffic handling policies are applied.¶
Monitoring information enables operators to troubleshoot unexpected validation results or traffic-handling outcomes related to SAV enforcement. Operators can use monitoring information to identify whether traffic is affected due to incorrect validation, stale SAV rules, misconfigurations, or an unexpected enforcement action.¶
This capability is essential for isolating faults and understanding where and why validation results or enforcement actions deviate from expectations.¶
SAV monitoring enables a staged deployment approach that reduces operational risk. Operators can initially deploy SAV with an enforcement action that permits traffic that fails validation while exporting validation results, matched rules, traffic statistics, and related context to a monitoring system.¶
Based on observed data-plane behavior and analysis of monitoring data, operators can evaluate whether SAV rules are correctly generated, whether the installed SAV rules match the intended policy, and whether a stricter traffic handling policy would affect legitimate traffic. Once sufficient confidence is established, operators can transition to stricter traffic handling policies, such as dropping traffic that fails SAV validation.¶
This staged approach treats monitoring as part of the enforcement strategy. It allows incremental rollout of SAV enforcement and minimizes the risk of unintended traffic disruption.¶
Traffic validation and handling information reflects how traffic is validated by SAV and how it is handled after validation. It is essential for understanding validation results, traffic-handling outcomes, and the operational impact of SAV enforcement.¶
The following information is important for monitoring traffic validation and handling:¶
Information indicating whether traffic passes or fails SAV validation. This information helps operators understand validation outcomes and determine whether a traffic-handling decision is related to SAV.¶
Information indicating how the traffic is actually handled by the router after the enforcement action is applied. This may include whether the traffic is forwarded, dropped, counted, logged, rate-limited, or redirected.¶
The interface on which traffic is received. This information helps operators identify the interface-specific SAV rules related to a validation result or traffic-handling outcome.¶
Counters or aggregated statistics for validation results and traffic-handling outcomes. These statistics may be maintained per interface, per prefix, or per rule.¶
SAV rule generation and state information describes how SAV rules are generated, updated, and maintained.¶
The following information is important for monitoring SAV rule generation and state:¶
Information about the SAV rules generated for a router or a specific router interface. This information helps operators understand the SAV rules used for SAV enforcement.¶
Information about the scale of SAV rules, such as the number of prefixes or the amount of storage used by SAV rules. This information helps operators assess resource usage and determine whether SAV rule generation produces unexpectedly large rule sets.¶
The information sources used for SAV rule generation, such as routing information, management configuration, SAV-specific information, or RPKI data. This information helps operators understand how SAV rules are derived and whether they are based on authoritative information.¶
Information indicating when SAV rules were last updated. When combined with the state of the corresponding information sources, this information can help operators assess whether SAV rules are up to date.¶
SAV configuration and operation information describes how SAV enforcement is configured and operated in the network. It provides essential context for interpreting traffic validation and handling information, as well as SAV rule generation and state information.¶
The following information is important from the configuration and operation perspective:¶
Information indicating whether SAV is enabled on each relevant router or interface. This information helps operators understand the deployment coverage of SAV.¶
The configured traffic handling policy for traffic that fails SAV validation. This information helps operators understand how traffic that fails SAV validation is intended to be processed, and helps interpret the relationship between validation results and actual traffic handling.¶
Information about recent changes to SAV-related configuration, such as traffic handling policy configuration.¶
SAV monitoring information can reveal sensitive operational details. Unauthorized disclosure of such information could help an attacker infer network topology, identify filtering gaps, or evade SAV enforcement. Therefore, access to SAV monitoring information should be restricted to authorized entities. Telemetry or monitoring data used for SAV operations needs to be protected against tampering and spoofing. Incorrect or forged monitoring information could mislead operators, hide enforcement failures, or cause inappropriate policy changes. Mechanisms that export SAV monitoring information should provide appropriate authentication, integrity protection, and confidentiality protection when needed.¶
This document does not request any IANA allocations.¶