| Internet-Draft | SID List Clarification | March 2025 |
| Farrel & Krishnan | Expires 1 October 2025 | [Page] |
Segment Routing over IPv6 (SRv6) is the instantiation of Segment Routing (SR) on the IPv6 data plane. Segments are indicated by Segment Identifiers (SIDs). SRv6 utilizes the Segment Routing Header (SRH), an IPv6 extension header, that includes a SID list indicating the sequence of segments and any additional processing to be performed.¶
This document updates RFC 8754 by clarifying the processing of SID list entries. It does not change any elements of the SRv6 architecture.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 1 October 2025.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The Segment Routing (SR) architecture is specified in [RFC8402]. SR forwards packets along a series of segments, and may perform additional segment-specific processing on packets. Segments are indicated by Segment Identifiers (SIDs).¶
The mechanisms to achieve Segment Routing for IPv6 (SRv6) include the use of the Segment Routing Header (SRH) [RFC8754] an IPv6 extension header that includes a SID list indicating the sequence of segments and any additional processing to be performed.¶
This document updates [RFC8754] by clarifying the processing of SID list entries. It does not change any elements of the SRv6 architecture.¶
At the end of a segment, the SRH is processed to determine the next segment on the packet's path per Section 4 of [RFC8754]. One objective is to determine the value to place in the Destination Address field of the IPv6 packet. To this end, the next entry in the SID list in the SRH is processed and mapped to the value to place in the Destination Address field.¶
The value placed in the 128 bit Destination Address field of an IPv6 packet header needs to be a routable IPv6 address since that is required for forwarding the packet.¶
Note that entries in the SID list do not need to be fully-formed IPv6 addresses that are copied direct to the Destination Address field of the IPv6 packet. The mapping from SID list entry could be a direct copy (the SID list contains a list of IPv6 addresses), or could involve a more complex function.¶
Examples of such functions are shown in [I-D.ietf-spring-srv6-srh-compression] where a REPLACE-CSID compressed SID is expanded to be placed in the Destination Address field.¶
The definition of the Segments Left field of the SRH is presented as:¶
- Segments Left:
- Defined in [RFC8200], Section 4.4.¶
This is clarified by Erratum Report EID 7102. This clarification is included in this update for completeness. The new text reads:¶
- Segments Left:
- Defined in [RFC8200], Section 4.4. Specifically, for the SRH, the number of unprocessed 128-bit entries in the Segment List.¶
The text in RFC 8754 reads:¶
- Segment List[0..n]:
- 128-bit IPv6 addresses representing the nth segment in the Segment List. The Segment List is encoded starting from the last segment of the SR Policy. That is, the first element of the Segment List (Segment List[0]) contains the last segment of the SR Policy, the second element contains the penultimate segment of the SR Policy, and so on.¶
This is updated as follows to clarify that the entries in the Segment List are 128 bit entries, but not necessarily IPv6 addresses.¶
- Segment List[0..n]:
- 128-bit entities representing the nth segment in the Segment List. The Segment List is encoded starting from the last segment of the SR Policy. That is, the first element of the Segment List (Segment List[0]) contains the last segment of the SR Policy, the second element contains the penultimate segment of the SR Policy, and so on.¶
In describing the HMAC processing, the text in RFC 8754 says that HMAC verification checks that the destination address of the packet matches that indicated by the next entry in the Segment List.¶
- HMAC Segments Left is less than or equal to Last Entry, and the destination address is equal to Segment List[Segments Left].¶
This is updated to allow a non-direct mapping from Segment List entry to destination address as follows:¶
- HMAC Segments Left is less than or equal to Last Entry, and the destination address is equal to address created by mapping from Segment List[Segments Left].¶
Further, in describing the concatenation of information to generate the text field input to the HMAC computation, this section says:¶
- SRH: All addresses in the Segment List (variable octets)¶
This is updated as follows to indicate that Segment List entries are not necessarily IPv6 addresses.¶
- SRH: All entries in the Segment List (variable octets)¶
The processing steps for a locally instantiated SRv6 SID includes the following step:¶
S16. Copy Segment List[Segments Left] from the SRH to the destination address of the IPv6 header.¶
As explained earlier in this document, the function used to generate the destination address may be a copy, but may be some other function. Thus, this text is updated as follows:¶
S16. Derive the destination address of the IPv6 header from Segment List[Segments Left] in the SRH.¶
The method for deriving the destination address of the invoking packet in RFC 8574 reads as:¶
- The SID at Segment List[0] may be used as the destination address of the invoking packet.¶
To allow for the 0th entry in the Segment List to be mapped rather than copied to a destination address, this is updated to:¶
- The SID at Segment List[0] may be mapped to derive the destination address of the invoking packet.¶
This document makes no changes to the security properties of SRv6. See [I-D.ietf-spring-srv6-security] for more discussion of SRv6 security.¶
Note that the possibility of applying encryption functions to SID list members mentioned in Section 2 could offer additional security features.¶
This document makes no requests for IANA action.¶
Thanks to Eric Vyncke and Erik Kline for inspiring the authors to write this document. Thanks to Bob Hinden and Mohamed Boucadair for their reviews and comments that improved this document.¶