SRv6 Capable NOS and Devices
Randy Bush
randy at psg.com
Wed Jan 12 21:52:24 UTC 2022
> What worries me more is the opportunity for adversaries to inject SRv6
> packets. MPLS is not enabled by default on most router interfaces, so
> an adversary would have to have access to an interface where MPLS
> processing is explicitly enabled. IPv6 packet processing on the other
> hand… Unless an operator has airtight protection on every interface to
> block unwanted SRv6 headers I see some interesting opportunities to
> cause havoc :)
this is quite true, and a serious issue. but it has a good side. if
you run an ipv6 enebled network, you can deploy srv6 without enabling
srv6 everywhere, only at the marking encaps or embed) points. nice for
partial and/or incremental deployment.
randy, with no dog in this fight
More information about the NANOG
mailing list