Network Working Group S. Yue Internet Draft China Mobile Intended status: Informational C. Lin Expires: August 30, 2026 New H3C Technologies February 28, 2026 ICMP Extension for SAVNET Validation draft-yl-savnet-icmp-extension-00 Abstract This document defines new ICMP and ICMPv6 error codes to send error messages to the source device when forwarding Ping or Traceroute packets is dropped due to SAVNET validation failure. The error message explicitly states the reason for dropping as "SAVNET Validation Failed," thereby enhancing network observability and troubleshooting capabilities. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 30 August 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Yue & Lin, et al. Expires ! [Page 1] Internet-Draft ICMP extension for SAVNET February, 2026 Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction...................................................2 2. Requirements Language..........................................3 3. Terminology....................................................3 4. Process........................................................3 5. IANA Considerations............................................5 5.1. ICMP......................................................5 5.2. ICMPv6....................................................5 6. Security Considerations........................................6 7. Informative References.........................................6 Authors' Addresses................................................7 1. Introduction Source address validation (SAV) can detect and prevent source address spoofing on the SAV-enabled routers. When a packet arrives at an interface of the router, the source address of the packet will be validated. Invalid packets those with unauthorized source addresses or arriving on incorrect interfaces, are typically dropped. Only validated packets will be processed or forwarded. SAV is a critical security mechanism designed to mitigate IPv4 and IPv6 source address spoofing attacks by validating the legitimacy of source prefixes against their ingress interfaces. Traditional methods like ACL-based ingress filtering, strict uRPF and loose uRPF mechanisms [RFC3704] have some issues as described in [I-D.ietf- savnet-intra-domain-problem-statement] and [I-D.ietf-savnet-inter- domain-problem-statement]. The new inter-domain SAV mechanism is required not to generate false positive or false negative policies leading to improper block or permit of traffic. When an intermediate device discards a Ping (ICMP Echo Request) or Traceroute (using UDP/TCP/ICMP) packet due to a failed source address validation (SAVNET) check, it is typically dropped silently. This prevents the source device from distinguishing between network unavailability and packet interception due to suspicious source addresses under security policies. This document extends the ICMP (IPv4) and ICMPv6 protocols by defining new error codes. When Ping or Traceroute packets are Yue & Lin, et al. Expires ! [Page 2] Internet-Draft ICMP extension for SAVNET February, 2026 discarded due to SAVNET check failures, the intermediate device will send an error message to the source device, explicitly indicating the reason for discarding as "SAVNET Validation Failed." This enhances network observability and troubleshooting capabilities. 2. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 RFC 2119 [RFC2119] RFC 8174 [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. Terminology SAV: Source Address Validation 4. Process When the device receives an IP datagram that needs to be forwarded or processed (such as an ICMP Echo Request or ICMP/UDP/TCP for Traceroute), it performs a SAVNET check on the datagram. If the check fails, the device decides to discard the datagram. If the device is configured with the function to send SAVNET error messages and has not exceeded the rate limit, it constructs an ICMP error message with the error code "Source Address Validation Failure". The IP header of the triggering datagram and the first 64 bits (or more, following RFC 792) of its payload are copied into the "Original Datagram" section of the new ICMP message. The new ICMP message is then sent to the source device of the triggering datagram. 1)PING ---------------------> 2) SAV Check Failed Error <----------- 3) PING Reponse <---------------------- +--+ +--+ +--+ |N1+------|N2+------|N3+ +--+ +--+ +--+ Figure 1 PING Process Yue & Lin, et al. Expires ! [Page 3] Internet-Draft ICMP extension for SAVNET February, 2026 Process of PING: 1) The initiator of the PING request. 2) The intermediate node or End Point first checks the source address when processing a Ping Request. If check failed, it responds with a Ping Response, indicating the Error as "SAVNET Validation Failed". 3) If the check passes, the End Point will respond with a normal PING Response. 1) TRACERT Request ------------> 2) SAV Check Failed Error <----------- 3) TRACERT Request ---------------------> 4) TRACERT Reply <-------------------- +--+ +--+ +--+ |N1+------|N2+------|N3+ +--+ +--+ +--+ Figure 2 Traceroute Process Process of Traceroute: 1) The initiator of the Traceroute send the Traceroute request. 2) The intermediate node checks source address when processing a Traceroute Request. If check failed, it responds with Traceroute Response, indicating the Error as "SAVNET Validation Failed". 3) If the check passes, the process proceeds with a normal Traceroute, performing hop-by-hop detection of the path to the End Point until the Traceroute process is completed. The IPv6 process is the same as in the IPv4 scenario, but applied to IPv6 packets (ICMPv6 request messages, ICMPv6/TCP/UDP for traceroute6), generating ICMPv6 messages in the format described above. Yue & Lin, et al. Expires ! [Page 4] Internet-Draft ICMP extension for SAVNET February, 2026 5. IANA Considerations 5.1. ICMP This document request a new code "Source Address Validation Failure" from icmp code for Type 3 - Destination Unreachable. Codes Description Reference -------- ------------------------- --------- 0 - Net Unreachable [RFC792] 1 - Host Unreachable [RFC792] 2 - Protocol Unreachable [RFC792] 3 - Port Unreachable [RFC792] ... 15 - Precedence cutoff in effect [RFC1812] TBD1- Source Address Validation Failure This Document 5.2. ICMPv6 This document request a new code "Source Address Validation Failure" from icmpv6 code for Type 1 - Destination Unreachable. Codes Description Reference -------- ------------------------- --------- 0 - no route to destination [RFC4443] 1 - communication with destination administratively prohibited Yue & Lin, et al. Expires ! [Page 5] Internet-Draft ICMP extension for SAVNET February, 2026 [RFC4443] 2 - beyond scope of source address [RFC4443] ... 8 - Headers too long [RFC8883] TBD2- Source Address Validation Failure This Document 6. Security Considerations To prevent the use of this mechanism for reflection amplification attacks, the sending of error messages must be rate-limited. 7. Informative References [RFC792]J. Postel, ISI, "INTERNET CONTROL MESSAGE PROTOCOL", RFC792, September 1981. [I-D.ietf-savnet-intra-domain-problem-statement] Li, D., Wu, J., Qin, L., Huang, M., and N. Geng, "Source Address Validation in Intra-domain Networks Gap Analysis, Problem Statement, and Requirements", Work in Progress, Internet-Draft, draft-ietf-savnet-intra-domain-problem- statement-21, 18 January 2026, . [I-D.ietf-savnet-inter-domain-problem-statement] Li, D., Qin, L., Liu, L., Huang, M., and K. Sriram, "Gap Analysis, Problem Statement, and Requirements for Inter- Domain SAV", Work in Progress, Internet-Draft, draft-ietf- savnet-inter-domain-problem-statement-12, 20 October 2025, . Yue & Lin, et al. Expires ! [Page 6] Internet-Draft ICMP extension for SAVNET February, 2026 Authors' Addresses Shengnan Yue China Mobile China yueshengnan@chinamobile.com Changwang Lin New H3C Technologies China Email: linchangwang.04414@h3c.com Yue & Lin, et al. Expires ! [Page 7]