Chapter 62 savi configuration, 1 introduction to savi, 2 savi configuration – PLANET XGS3-24042 User Manual
Page 573: Chapter 62 savi configuration -17, Ntroduction to, Savi -17, Savi, Onfiguration
62-17
Chapter 62 SAVI Configuration
62.1 Introduction to SAVI
SAVI (Source Address Validation Improvement) is a security authentication method that provides the
granularity level of the node source address. It gets the trust node information (such as port, MAC address
information), namely, anchor information by monitoring the interaction process of the relative protocol packets
(such as ND protocol, DHCPv6 protocol) and using CPS (Control Packet Snooping) mechanism. After that, it
binds the anchor information with the node source address and sends the corresponding filter rules, allow the
packets which match the filter rules to pass only, so as to reach the aim that check the validity of node source
address.
SAVI function includes ND Snooping function, DHCPv6 Snooping function and RA Snooping according to the
protocol packet type. ND Snooping function is used to detect ND protocol packet, it sets IPv6 address binding
obtained by nodes with the stateless address configuration. DHCPv6 Snooping function is used to detect
DHCPv6 protocol packet, it sets IPv6 address binding obtained by nodes with the stateful address
configuration. RA Snooping function is used to avoid the lawless node sending the spurious RA packet.
62.2 SAVI Configuration
SAVI configuration task list:
1.
Enable or disable SAVI function
2.
Enable or disable application scene function for SAVI
3.
Configure SAVI binding function
4.
Configure the global max-dad-delay for SAVI
5.
Configure the global max-dad-prepare-delay for SAVI
6.
Configure the global max-slaac-life for SAVI
7.
Configure the lifetime period for SAVI bind-protect
8.
Enable or disable SAVI prefix check function
9.
Configure IPv6 address prefix for a link
10. Configure the filter entry number of IPv6 address
11. Configure the check mode for SAVI conflict binding
12. Enable or disable user authentication
13. Enable or disable DHCPv6 trust of port
14. Enable or disable ND trust of port
15. Configure the binding number
1. Enable or disable SAVI function