+7(495) 797-3311 www.qtech.ruМосква, Новозаводская ул., 18, стр. 1349Chapter 50 SAVI Configuration50.1 Introduction to SAVISAVI (Source Address Validation Improvement) is a security authentication method thatprovides the granularity level of the node source address. It gets the trust node information(such as port, MAC address information), namely, anchor information by monitoring theinteraction process of the relative protocol packets (such as ND protocol, DHCPv6 protocol)and using CPS (Control Packet Snooping) mechanism. After that, it binds the anchorinformation with the node source address and sends the corresponding filter rules, allow thepackets which match the filter rules to pass only, so as to reach the aim that check the validityof node source address.SAVI function includes ND Snooping function, DHCPv6 Snooping function and RA Snoopingaccording to the protocol packet type. ND Snooping function is used to detect ND protocolpacket, it sets IPv6 address binding obtained by nodes with the stateless addressconfiguration. DHCPv6 Snooping function is used to detect DHCPv6 protocol packet, it setsIPv6 address binding obtained by nodes with the stateful address configuration. RA Snoopingfunction is used to avoid the lawless node sending the spurious RA packet.50.2 SAVI ConfigurationSAVI configuration task list:Enable or disable SAVI functionEnable or disable application scene function for SAVIConfigure SAVI binding functionConfigure the global max-dad-delay for SAVIConfigure the global max-dad-prepare-delay for SAVIConfigure the global max-slaac-life for SAVIConfigure the lifetime period for SAVI bind-protectEnable or disable SAVI prefix check functionConfigure IPv6 address prefix for a linkConfigure the filter entry number of IPv6 addressConfigure the check mode for SAVI conflict bindingEnable or disable user authenticationEnable or disable DHCPv6 trust of portEnable or disable ND trust of portConfigure the binding number