Network Working Group                                            S. Yue
Internet Draft                                             China Mobile
Intended status: Informational                                   C. Lin
Expires: August 30, 2026                           New H3C Technologies
                                                      February 28, 2026


                   ICMP Extension for SAVNET Validation
                     draft-yl-savnet-icmp-extension-00


Abstract

   This document defines new ICMP and ICMPv6 error codes to send error
   messages to the source device when forwarding Ping or Traceroute
   packets is dropped due to SAVNET validation failure. The error
   message explicitly states the reason for dropping as "SAVNET
   Validation Failed," thereby enhancing network observability and
   troubleshooting capabilities.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF). Note that other groups may also distribute
   working documents as Internet-Drafts. The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other documents
   at any time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 30 August 2026.

Copyright Notice

   Copyright (c) 2026 IETF Trust and the persons identified as the
   document authors. All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document. Please review these documents
   carefully, as they describe your rights and restrictions with
   respect to this document. Code Components extracted from this
   document must include Simplified BSD License text as described in


Yue & Lin, et al.     Expires    !                           [Page 1]

   Internet-Draft       ICMP extension for SAVNET       February, 2026



   Section 4.e of the Trust Legal Provisions and are provided without
   warranty as described in the Simplified BSD License.

Table of Contents


   1. Introduction...................................................2
   2. Requirements Language..........................................3
   3. Terminology....................................................3
   4. Process........................................................3
   5. IANA Considerations............................................5
      5.1. ICMP......................................................5
      5.2. ICMPv6....................................................5
   6. Security Considerations........................................6
   7. Informative References.........................................6
   Authors' Addresses................................................7



1. Introduction

   Source address validation (SAV) can detect and prevent source
   address spoofing on the SAV-enabled routers.  When a packet arrives
   at an interface of the router, the source address of the packet will
   be validated.  Invalid packets those with unauthorized source
   addresses or arriving on incorrect interfaces, are typically
   dropped. Only validated packets will be processed or forwarded.

   SAV is a critical security mechanism designed to mitigate IPv4 and
   IPv6 source address spoofing attacks by validating the legitimacy of
   source prefixes against their ingress interfaces.  Traditional
   methods like ACL-based ingress filtering, strict uRPF and loose uRPF
   mechanisms [RFC3704] have some issues as described in [I-D.ietf-
   savnet-intra-domain-problem-statement] and [I-D.ietf-savnet-inter-
   domain-problem-statement].  The new inter-domain SAV mechanism is
   required not to generate false positive or false negative policies
   leading to improper block or permit of traffic.

   When an intermediate device discards a Ping (ICMP Echo Request) or
   Traceroute (using UDP/TCP/ICMP) packet due to a failed source
   address validation (SAVNET) check, it is typically dropped silently.
   This prevents the source device from distinguishing between network
   unavailability and packet interception due to suspicious source
   addresses under security policies.

   This document extends the ICMP (IPv4) and ICMPv6 protocols by
   defining new error codes. When Ping or Traceroute packets are

Yue & Lin, et al.     Expires    !                           [Page 2]

   Internet-Draft       ICMP extension for SAVNET       February, 2026



   discarded due to SAVNET check failures, the intermediate device will
   send an error message to the source device, explicitly indicating
   the reason for discarding as "SAVNET Validation Failed." This
   enhances network observability and troubleshooting capabilities.

2. Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 RFC 2119 [RFC2119] RFC 8174 [RFC8174] when, and only when,
   they appear in all capitals, as shown here.

3. Terminology

   SAV: Source Address Validation

4. Process

   When the device receives an IP datagram that needs to be forwarded
   or processed (such as an ICMP Echo Request or ICMP/UDP/TCP for
   Traceroute), it performs a SAVNET check on the datagram. If the
   check fails, the device decides to discard the datagram.

   If the device is configured with the function to send SAVNET error
   messages and has not exceeded the rate limit, it constructs an ICMP
   error message with the error code "Source Address Validation
   Failure". The IP header of the triggering datagram and the first 64
   bits (or more, following RFC 792) of its payload are copied into the
   "Original Datagram" section of the new ICMP message. The new ICMP
   message is then sent to the source device of the triggering
   datagram.


   1)PING
   --------------------->
              2) SAV Check Failed Error
   <-----------

                        3) PING Reponse
   <----------------------
   +--+      +--+      +--+
   |N1+------|N2+------|N3+
   +--+      +--+      +--+
           Figure 1 PING Process



Yue & Lin, et al.     Expires    !                           [Page 3]

   Internet-Draft       ICMP extension for SAVNET       February, 2026



   Process of PING:

   1)           The initiator of the PING request.

   2)           The intermediate node or End Point first checks the source address
      when processing a Ping Request. If check failed, it responds with
      a Ping Response, indicating the Error as "SAVNET Validation
      Failed".

   3)           If the check passes, the End Point will respond with a normal PING
      Response.



   1)           TRACERT Request
   ------------>
              2) SAV Check Failed Error
   <-----------
   3) TRACERT Request
   --------------------->

                       4) TRACERT Reply
   <--------------------
   +--+      +--+      +--+
   |N1+------|N2+------|N3+
   +--+      +--+      +--+
           Figure 2 Traceroute Process


   Process of Traceroute:

   1)           The initiator of the Traceroute send the Traceroute request.

   2)           The intermediate node checks source address when processing a
      Traceroute Request. If check failed, it responds with Traceroute
      Response, indicating the Error as "SAVNET Validation Failed".

   3)           If the check passes, the process proceeds with a normal
      Traceroute, performing hop-by-hop detection of the path to the End
      Point until the Traceroute process is completed.



   The IPv6 process is the same as in the IPv4 scenario, but applied to
   IPv6 packets (ICMPv6 request messages, ICMPv6/TCP/UDP for
   traceroute6), generating ICMPv6 messages in the format described
   above.

Yue & Lin, et al.     Expires    !                           [Page 4]

   Internet-Draft       ICMP extension for SAVNET       February, 2026





5. IANA Considerations

   5.1. ICMP

   This document request a new code "Source Address Validation Failure"
   from icmp code for Type 3 - Destination Unreachable.



   Codes     Description                         Reference

   --------  -------------------------           ---------

      0 -    Net Unreachable                     [RFC792]

      1 -    Host Unreachable                    [RFC792]

      2 -    Protocol Unreachable                [RFC792]

      3 -    Port Unreachable                    [RFC792]

      ...

     15 -    Precedence cutoff in effect         [RFC1812]

    TBD1-    Source Address Validation Failure   This Document




   5.2. ICMPv6

   This document request a new code "Source Address Validation Failure"
   from icmpv6 code for Type 1 - Destination Unreachable.



   Codes     Description                         Reference

   --------  -------------------------           ---------

      0 -    no route to destination             [RFC4443]

      1 -    communication with destination administratively prohibited


Yue & Lin, et al.     Expires    !                           [Page 5]

   Internet-Draft       ICMP extension for SAVNET       February, 2026



                                                [RFC4443]

      2 -    beyond scope of source address      [RFC4443]

      ...

      8 -    Headers too long                    [RFC8883]

     TBD2-   Source Address Validation Failure   This Document

6. Security Considerations

   To prevent the use of this mechanism for reflection amplification
   attacks, the sending of error messages must be rate-limited.

7. Informative References

   [RFC792]J. Postel, ISI, "INTERNET CONTROL MESSAGE PROTOCOL", RFC792,
             September 1981.

   [I-D.ietf-savnet-intra-domain-problem-statement]
              Li, D., Wu, J., Qin, L., Huang, M., and N. Geng, "Source
              Address Validation in Intra-domain Networks Gap Analysis,
              Problem Statement, and Requirements", Work in Progress,
              Internet-Draft, draft-ietf-savnet-intra-domain-problem-
              statement-21, 18 January 2026,
              <https://datatracker.ietf.org/doc/html/draft-ietf-savnet-
              intra-domain-problem-statement-21>.
   [I-D.ietf-savnet-inter-domain-problem-statement]
              Li, D., Qin, L., Liu, L., Huang, M., and K. Sriram, "Gap
              Analysis, Problem Statement, and Requirements for Inter-
              Domain SAV", Work in Progress, Internet-Draft, draft-ietf-
              savnet-inter-domain-problem-statement-12, 20 October 2025,
              <https://datatracker.ietf.org/doc/html/draft-ietf-savnet-
              inter-domain-problem-statement-12>.





Yue & Lin, et al.     Expires    !                           [Page 6]

   Internet-Draft       ICMP extension for SAVNET       February, 2026



Authors' Addresses

   Shengnan Yue
   China Mobile
   China
   yueshengnan@chinamobile.com

   Changwang Lin
   New H3C Technologies
   China
   Email: linchangwang.04414@h3c.com



































Yue & Lin, et al.     Expires    !                           [Page 7]

