Session Date/Time: 19 Mar 2025 02:30

Spring Session

Summary

The Spring working group session covered several key topics, including updates on existing documents, security considerations for SRv6, eligibility concepts in SR policies, flexible candidate path selection, aggregation segments for SR MPLS, SRv6 SFC architecture, advertising SRv6 locator information via IPv6 Neighbor Discovery, and a new presentation on SRV6 security within a trusted domain. A benchmarking methodology was also discussed. The discussion highlighted the need for further collaboration, particularly between authors working on related drafts, and the importance of addressing security concerns.

Key Discussion Points

SRv6 Security Considerations: Terminology updates and milestone progress were reviewed. Concerns regarding the distinction between control plane and management plane attackers were raised. The importance of finishing the draft was emphasized, including an interim meeting in May.
Eligibility Concept in SR Policies: A new eligibility attribute was proposed to preserve intent in candidate paths. Concerns were raised regarding the coordination between local and PCE-based eligibility checks. There was discussion on the impact of the eligibility concept on RFC 9256 active CP selection.
Flexible Candidate Path Selection: A proposal for validity of candidate parts based on threshold parameters was discussed. There was discussion on how this aligned with existing drafts.
Aggregation Segment for SR MPLS: A new type of segment was proposed for summarization on routing borders in SR MPLS. There was a brief discussion on the impact of double pushing labels and interaction with LDP stitching.
SRB6 SFC Architecture: An architecture leveraging SR policies, BGP FlowSpec, and BGP-LS for comprehensive management and simplicity was presented.
Advertising SRv6 Locator Information via IPv6 Neighbor Discovery: Concerns were raised regarding security implications and the definition of a trusted domain, particularly in scenarios involving CPEs and servers in data centers.
SRV6 Security Within a Trusted Domain: Concerns of internal security was raised, and an approach to calculate HMAC of the destination address at each endpoint to incorporate path information into packets was proposed.
Benchmarking: A benchmarking methodology for segment routing packet forwarding capabilities in network devices was discussed.

Decisions and Action Items

Action Item: Authors of the SRv6 Security Considerations draft to address raised concerns regarding the distinction between control plane and management plane attackers.
Action Item: Authors of the Eligibility Concept in SR Policies draft to work out details of how PCE interactions are synchronised with local actions on setting and resetting the eligibility flag.
Action Item: Authors of the Flexible Candidate Path Selection draft and the Eligibility Concept in SR Policies draft to collaborate on ensuring consistency between their approaches.
Action Item: Authors of the draft discussing advertising SRv6 Locator Information via IPv6 Neighbor Discovery to refactor the document considering the security impact it may cause.
Action Item: All authors were encouraged to actively solicit and incorporate feedback from the mailing list.

Next Steps

An interim meeting is scheduled for May, focusing primarily on the SRv6 security document.
The mailing list should be used for continued discussions and feedback on all presented drafts.
Authors are encouraged to collaborate and ensure consistency across related drafts.
The benchmarking draft is nearing working group last call.