Source Address Verification (SAV) Authorization Encoding
This parameter configures a static range of IP addresses authorized for the Source Address Verification (SAV)
enforced by the CMTS for upstream traffic from the CM (see [DOCSIS SECv3.0]). It is intended to be configured
for CMs connecting to CPEs with statically configured CPE Host IP addresses or for CMs connecting to a customer
premise IP router that reaches a statically assigned IP subnet.
This parameter is intended for the CMTS only, and is ignored by the CM. The parameter is encoded as a subtype of
the DOCSIS Extension Information TLV43 encoding in order for it to be included by CMs supporting any DOCSIS
version.
An IP address "prefix" is a combination of an IP address (the "prefix address") and a bit count (the "prefix length").
An IP address is said to be "within" a prefix when it matches the prefix length number of most significant bits in the
prefix address. A prefix length of zero means that all IP addresses are within the prefix.
The SAV Authorization Encoding defines either or both of:
• A "SAV Group Name" that indirectly identifies an "SAV Group", which is a configured list of prefixes in the
CMTS; or
• A list of "Static SAV Prefix Rules", each of which directly defines a single prefix.
The CMTS considers an upstream source IP address within any of the above mentioned prefixes to be authorized
for purposes of Source Address Verification.
A valid configuration file, REG-REQ, or REG-REQ-MP message contains at most one instance of the SAV
Authorization Encoding. Other restrictions on the subtypes of a valid SAV Authorization Encoding are described
below. CM and CMTS operation with an invalid SAV Authorization Encoding is not specified.
Type Length Value
43.7 N Subtype encodings
SAV Group Name Subtype
This subtype contains an ASCII string that identifies an SAV Group Name configured in the CMTS.
Type Length Value
43.7.1 1..15 Name of an SAV Group configured in the CMTS.
A valid SAV Authorization Encoding contains zero or one instances of this subtype.
A CMTS MUST support registration of CMs that reference an SAV Group Name that does not exist in the CMTS.
A CMTS MUST support creation, modification, and deletion of configured SAV Groups while CMs remain
registered that reference the SAV Group Name.
SAV Static Prefix Rule Subtype
This subtype identifies a single static prefix within which upstream traffic from the CM is authorized for purposes
of Source Address Verification. A valid SAV Authorization Encoding contains zero, one, or more instances of this
subtype. A CMTS MUST support at least one SAV Static Prefix Rule for each CM.
The CMTS maintains a management object that reports for each CM the list of SAV Static Prefixes learned from
that CM in its REG-REQ or REG-REQ-MP. The CMTS is expected to recognize when multiple CMs report the
same list of SAV Static Prefix Rules. The CMTS assigns a "list identifier" to each unique set of SAV prefixes. The
minimum number of different SAV Static Prefix lists supported by a CMTS is vendor-specific.
Type Length Value
43.7.2 N SAV Static Prefix Subtype encodings
SAV Static Prefix Address Subtype
This subtype identifies an IPv4 or IPv6 address subnet authorized to contain a source IP address of upstream traffic.
A valid SAV Static Prefix Rule Subtype contains exactly one instance of this subtype.
Type Length Value
43.7.2.1 4 (IPv4) or
16 (IPv6)
Prefix of an IP address range authorized to contain the source IP address
for upstream packets.
SAV Static Prefix Length Subtype
This subtype defines the number of most significant bits in an SAV Static Prefix Address. A valid SAV Static
Prefix Rule Subtype contains exactly one instance of this subtype.
Type Length Value
43.7.2.2 1 Range 0..32 for an IPv4 SAV Static Prefix Address or 0..128 for an IPv6 SAV
Static Prefix Address. Number of most significant bits of the Static SAV Prefix
Address matched to an upstream source IP address.427 A value of 0 means that all
source addresses are authorized for SAV.
227
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
