"What is the exact optimum solution?” You build SAV into your architect. It is that simple. Start with the end in mind - ensure no packet leaves your part of the network if the IP source does NOT equal the IPs allocated to that network.
It it does, you have FAILED as a network architect. People get caught up with the widgets you might use to achieve your archectural goals. How you do SAV depends on what you are building. What I would do on a 4G/5G architecture is different from an edge rack on a cloud/edge network which is then different from an office enterprise, which is different from a broadband provider which is different from my home network which is different from …… Taygun, people get all tided in knots debating on which is best - the nail, the wood screw, the bolt, the clamp, wood glue, duct tape …. All to connect to piece of wood together. Do not get lost in ’SAV widget debate.’ Focus on the regulatory requirement for networks to have SAV be integral to the network architecture. Yes, “regulator requirement” .. just like civil engineering architecture requirement to ensure a building is safe. It is the only way you are going to break the 80/20 problem. We reached 80% SAV deployment back in 2012 (see https://www.senki.org/everyone-should-be-deploying-bcp-38-wait-they-are/). People didn’t like my post, but it was reality. CAIDA got some funding to move the Spoofer project and do another year, but then that money disappeared. If you want Türkiye to deploy SAV effectively, then you go to the Telecom Regulator and ask for them to make it a licensed requirement. They do not need the knowledge of the “technical SAV widgets,” they just say - no spoofed packets. _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/AOI6DXPG7DCMEH2RVIPXYV7P2KNFSTD2/
