Abstract

Reliable information concerning the reverse path to a particular source address space would be useful for a number of applications, most notably for the filtering of packets with spoofed source addresses. The SAVE protocol makes this information available at every router, although, in the absence of full deployment, it is difficult for SAVE to maintain either correct or complete incoming tables. We propose iSAVE, a modified version of the SAVE protocol, designed to address the case of incremental deployment. In our design, a fraction of the core routers are delegated as filtering routers. Autonomous systems participate in iSAVE by providing authoritative information that validates the appropriate incoming interface for their source address space at each interested filtering router. We present simulation results that demonstrate the effectiveness of the filtering capabilities provided by iSAVE and measurements of the performance costs associated with iSAVE control messages.

Date

September 13, 2025

Authors

Jelena Mirkovic, Zhiguo Xu, Jun Li, Matthew Schnaider, Peter Reiher, Lixia Zhang

Journal

UCLA tech report