nanog mailing list archives
Re: SRv6 Capable NOS and Devices
From: "Dale W. Carder" <dwcarder () es net>
Date: Wed, 12 Jan 2022 11:43:25 -0600
Thus spake Sander Steffann (sander () steffann nl) on Wed, Jan 12, 2022 at 06:21:25PM +0100:
Hi,No SRv6 is MPLS labeling where label is carried inside IP instead before the IP header. Layering violation which increases complexity and cost for no other purpose except dishonest marketing about 'it is IP, you already understand it, MPLS is hard'.What worries me more is the opportunity for adversaries to inject SRv6 packets. MPLS is not enabled by default on most router interfaces, so an adversary would have to have access to an interface where MPLS processing is explicitly enabled. IPv6 packet processing on the other hand… Unless an operator has airtight protection on every interface to block unwanted SRv6 headers I see some interesting opportunities to cause havoc :)
You are not alone, see for example the thread at https://mailarchive.ietf.org/arch/msg/v6ops/GbWiie-bjQ_Bp1JKB1PlDh_fPdc/ this is more pronounced with respect to the various SRv6 compression scheme proposals. Dale
Current thread:
- SRv6 Capable NOS and Devices Colton Conor (Jan 11)
- Re: SRv6 Capable NOS and Devices Vincent Bernat (Jan 11)
- Re: SRv6 Capable NOS and Devices Saku Ytti (Jan 11)
- Re: SRv6 Capable NOS and Devices Mark Tinka (Jan 11)
- RE: SRv6 Capable NOS and Devices Adam Thompson (Jan 11)
- Re: SRv6 Capable NOS and Devices Mark Tinka (Jan 11)
- Re: SRv6 Capable NOS and Devices Saku Ytti (Jan 12)
- RE: SRv6 Capable NOS and Devices aaron1 (Jan 12)
- Re: SRv6 Capable NOS and Devices Saku Ytti (Jan 12)
- Re: SRv6 Capable NOS and Devices Sander Steffann (Jan 12)
- Re: SRv6 Capable NOS and Devices Dale W. Carder (Jan 12)
- Re: SRv6 Capable NOS and Devices Randy Bush (Jan 12)
- Re: SRv6 Capable NOS and Devices Sander Steffann (Jan 12)
- Re: SRv6 Capable NOS and Devices Colton Conor (Jan 12)
- Re: SRv6 Capable NOS and Devices Mark Tinka (Jan 12)
- Re: SRv6 Capable NOS and Devices Saku Ytti (Jan 13)
- Re: SRv6 Capable NOS and Devices Colton Conor (Jan 15)
- Re: SRv6 Capable NOS and Devices -> MPLS instead? Raymond Burkholder (Jan 15)
- Re: SRv6 Capable NOS and Devices -> MPLS instead? Mark Tinka (Jan 15)
- Re: SRv6 Capable NOS and Devices -> MPLS instead? scott (Jan 15)