SRv6 Capable NOS and Devices

Randy Bush randy at
Wed Jan 12 21:52:24 UTC 2022

> What worries me more is the opportunity for adversaries to inject SRv6
> packets. MPLS is not enabled by default on most router interfaces, so
> an adversary would have to have access to an interface where MPLS
> processing is explicitly enabled. IPv6 packet processing on the other
> hand… Unless an operator has airtight protection on every interface to
> block unwanted SRv6 headers I see some interesting opportunities to
> cause havoc :)

this is quite true, and a serious issue.  but it has a good side.  if
you run an ipv6 enebled network, you can deploy srv6 without enabling
srv6 everywhere, only at the marking encaps or embed) points.  nice for
partial and/or incremental deployment.

randy, with no dog in this fight

More information about the NANOG mailing list