SAVNET L. Qin Internet-Draft Zhongguancun Laboratory Intended status: Informational D. Li Expires: 31 December 2026 Tsinghua University N. Geng Huawei 29 June 2026 Information Requirements for Monitoring Source Address Validation (SAV) Enforcement draft-qin-savnet-sav-monitoring-requirements-00 Abstract Source Address Validation (SAV) enforcement requires operational visibility into validation results, traffic-handling outcomes, SAV rule generation and state, and SAV configuration. Such visibility helps operators understand how SAV operates in the network and supports operational decisions, including staged deployment where traffic that fails validation may be permitted while being monitored and analyzed. This document identifies information requirements for monitoring SAV enforcement. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 31 December 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. Qin, et al. Expires 31 December 2026 [Page 1] Internet-Draft SAV Monitoring Requirements June 2026 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Use Cases for SAV Monitoring . . . . . . . . . . . . . . . . 3 3.1. Network-wide Visibility and Operational Decision-Making . . . . . . . . . . . . . . . . . . . . . 3 3.2. SAV Correctness Verification . . . . . . . . . . . . . . 4 3.3. Troubleshooting SAV Enforcement . . . . . . . . . . . . . 4 3.4. Staged Deployment and Enforcement Transition . . . . . . 4 4. Information Requirements for SAV Monitoring . . . . . . . . . 5 4.1. Traffic Validation and Handling Information . . . . . . . 5 4.2. SAV Rule Generation and State Information . . . . . . . . 5 4.3. SAV Configuration and Operation Information . . . . . . . 6 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 7. Informative References . . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction Source Address Validation (SAV) is an important mechanism for mitigating source address spoofing. Operating SAV safely and effectively requires operators to observe and evaluate SAV enforcement behavior in operational networks. Operators need visibility into whether traffic passes or fails SAV validation, how traffic is actually handled after validation, which SAV rule is involved, and whether the observed behavior matches operational expectations. Such visibility requires information from multiple perspectives. Traffic validation and handling information helps operators understand validation results and traffic-handling outcomes. SAV rule generation and state information helps operators understand how SAV rules are generated, updated, and maintained, including the content and scale of enforced SAV rules. SAV configuration and operation information helps operators understand where SAV is enabled, which interfaces are covered, and which traffic handling policy is configured for traffic that fails validation. Qin, et al. Expires 31 December 2026 [Page 2] Internet-Draft SAV Monitoring Requirements June 2026 In some deployments, SAV enforcement may initially permit traffic that fails validation while monitoring and analyzing the validation result and related context. This allows operators to evaluate SAV rule correctness and operational safety before applying stricter traffic handling policies, such as dropping traffic that fails validation. This document identifies information requirements for monitoring SAV enforcement in operational networks. It focuses on what information is needed to observe, analyze, and support operational decisions about SAV enforcement. These requirements are intended to provide a common reference for the use, evaluation, or design of telemetry and monitoring mechanisms for SAV. 2. Terminology Validation result: The result of applying SAV rules to traffic. The validation result is either pass or fail. Enforcement action: The action applied to traffic after validation. For traffic that passes validation, the action is normally to permit the traffic. For traffic that fails validation, the action is determined by the configured traffic handling policy [I-D.ietf-savnet-general-sav-capabilities]. 3. Use Cases for SAV Monitoring This section describes representative use cases for SAV monitoring. These use cases illustrate how the information identified in this document can support SAV operation, but they are not intended to be exhaustive. 3.1. Network-wide Visibility and Operational Decision-Making Network-wide visibility is a basic use case for SAV monitoring. Operators need to understand the overall status of SAV deployment and enforcement across the network. By aggregating information from multiple routers, operators can identify where SAV is enabled, what SAV rules are generated, what traffic handling policies are configured, and what validation results or enforcement actions are observed. Qin, et al. Expires 31 December 2026 [Page 3] Internet-Draft SAV Monitoring Requirements June 2026 Such visibility provides the baseline information needed for SAV operation. Based on this information, operators can refine SAV rules, adjust deployment scope, assess whether observed validation results are consistent with operational expectations, and evaluate the effectiveness of deployed SAV mechanisms. In this way, SAV monitoring supports continuous optimization of SAV deployment and operation. 3.2. SAV Correctness Verification SAV monitoring also supports verification of whether SAV rules are correctly generated and used for validation. Operators can compare SAV rule generation and state information, such as SAV rule content and prefix-to-interface bindings, with traffic validation and handling information, such as validation results, to assess whether SAV validation behaves as expected. For example, monitoring can help operators identify possible incorrect validation, stale SAV states, misconfigurations, abnormal SAV table changes, or unexpected validation results for specific traffic. Such verification is useful for reducing the risk that legitimate traffic will be incorrectly classified as invalid when stricter traffic handling policies are applied. 3.3. Troubleshooting SAV Enforcement Monitoring information enables operators to troubleshoot unexpected validation results or traffic-handling outcomes related to SAV enforcement. Operators can use monitoring information to identify whether traffic is affected due to incorrect validation, stale SAV rules, misconfigurations, or an unexpected enforcement action. This capability is essential for isolating faults and understanding where and why validation results or enforcement actions deviate from expectations. 3.4. Staged Deployment and Enforcement Transition SAV monitoring enables a staged deployment approach that reduces operational risk. Operators can initially deploy SAV with an enforcement action that permits traffic that fails validation while exporting validation results, matched rules, traffic statistics, and related context to a monitoring system. Based on observed data-plane behavior and analysis of monitoring data, operators can evaluate whether SAV rules are correctly generated, whether the installed SAV rules match the intended policy, Qin, et al. Expires 31 December 2026 [Page 4] Internet-Draft SAV Monitoring Requirements June 2026 and whether a stricter traffic handling policy would affect legitimate traffic. Once sufficient confidence is established, operators can transition to stricter traffic handling policies, such as dropping traffic that fails SAV validation. This staged approach treats monitoring as part of the enforcement strategy. It allows incremental rollout of SAV enforcement and minimizes the risk of unintended traffic disruption. 4. Information Requirements for SAV Monitoring 4.1. Traffic Validation and Handling Information Traffic validation and handling information reflects how traffic is validated by SAV and how it is handled after validation. It is essential for understanding validation results, traffic-handling outcomes, and the operational impact of SAV enforcement. The following information is important for monitoring traffic validation and handling: Validation result: Information indicating whether traffic passes or fails SAV validation. This information helps operators understand validation outcomes and determine whether a traffic-handling decision is related to SAV. Traffic-handling outcome: Information indicating how the traffic is actually handled by the router after the enforcement action is applied. This may include whether the traffic is forwarded, dropped, counted, logged, rate- limited, or redirected. Ingress interface: The interface on which traffic is received. This information helps operators identify the interface-specific SAV rules related to a validation result or traffic-handling outcome. Validation and enforcement statistics: Counters or aggregated statistics for validation results and traffic-handling outcomes. These statistics may be maintained per interface, per prefix, or per rule. 4.2. SAV Rule Generation and State Information SAV rule generation and state information describes how SAV rules are generated, updated, and maintained. Qin, et al. Expires 31 December 2026 [Page 5] Internet-Draft SAV Monitoring Requirements June 2026 The following information is important for monitoring SAV rule generation and state: SAV rule content: Information about the SAV rules generated for a router or a specific router interface. This information helps operators understand the SAV rules used for SAV enforcement. SAV rule size: Information about the scale of SAV rules, such as the number of prefixes or the amount of storage used by SAV rules. This information helps operators assess resource usage and determine whether SAV rule generation produces unexpectedly large rule sets. Source of information: The information sources used for SAV rule generation, such as routing information, management configuration, SAV-specific information, or RPKI data. This information helps operators understand how SAV rules are derived and whether they are based on authoritative information. Update status: Information indicating when SAV rules were last updated. When combined with the state of the corresponding information sources, this information can help operators assess whether SAV rules are up to date. 4.3. SAV Configuration and Operation Information SAV configuration and operation information describes how SAV enforcement is configured and operated in the network. It provides essential context for interpreting traffic validation and handling information, as well as SAV rule generation and state information. The following information is important from the configuration and operation perspective: SAV enablement status: Information indicating whether SAV is enabled on each relevant router or interface. This information helps operators understand the deployment coverage of SAV. Traffic handling policy configuration: The configured traffic handling policy for traffic that fails SAV validation. This information helps operators understand how traffic that fails SAV validation is intended to be processed, and helps interpret the relationship between validation results and actual traffic handling. Qin, et al. Expires 31 December 2026 [Page 6] Internet-Draft SAV Monitoring Requirements June 2026 Change history: Information about recent changes to SAV-related configuration, such as traffic handling policy configuration. 5. Security Considerations SAV monitoring information can reveal sensitive operational details. Unauthorized disclosure of such information could help an attacker infer network topology, identify filtering gaps, or evade SAV enforcement. Therefore, access to SAV monitoring information should be restricted to authorized entities. Telemetry or monitoring data used for SAV operations needs to be protected against tampering and spoofing. Incorrect or forged monitoring information could mislead operators, hide enforcement failures, or cause inappropriate policy changes. Mechanisms that export SAV monitoring information should provide appropriate authentication, integrity protection, and confidentiality protection when needed. 6. IANA Considerations This document does not request any IANA allocations. 7. Informative References [I-D.ietf-savnet-general-sav-capabilities] Huang, M., Cheng, W., Li, D., Geng, N., and L. Chen, "General Source Address Validation Capabilities", Work in Progress, Internet-Draft, draft-ietf-savnet-general-sav- capabilities-03, 21 June 2026, . Authors' Addresses Lancheng Qin Zhongguancun Laboratory Beijing China Email: qinlc@mail.zgclab.edu.cn Dan Li Tsinghua University Beijing China Email: tolidan@tsinghua.edu.cn Qin, et al. Expires 31 December 2026 [Page 7] Internet-Draft SAV Monitoring Requirements June 2026 Nan Geng Huawei Beijing China Email: gengnan@huawei.com Qin, et al. Expires 31 December 2026 [Page 8]