SRv6 Operations E. Kline
Internet-Draft Aalyria Technologies, Inc.
Intended status: Experimental N. Buraglio
Expires: 24 April 2025 Energy Sciences Network
21 October 2024
SID Space (5f00::/16) Experiment
draft-ek-srv6ops-sidspace-experiment-00
Abstract
This specification proposes an experimental structure for use of the
SRv6 SIDs prefix in support of Inter-Domain SRv6 networks. The core
of the proposal is to structure the address space by Autonomous
System Number (ASN).
Use of this proposed structure is entirely voluntary. The goal of
this experiment is to aid SRv6 operations while preserving the
ability to use this prefix across cooperating SRv6 domains, but not
across the general Internet.
About This Document
This note is to be removed before publishing as an RFC.
The latest revision of this draft can be found at
https://ipvsix.github.io/draft-sidspace-experiment/draft-ek-srv6ops-
sidspace-experiment.html. Status information for this document may
be found at https://datatracker.ietf.org/doc/draft-ek-srv6ops-
sidspace-experiment/.
Discussion of this document takes place on the SRv6 Operations
Working Group mailing list (mailto:srv6ops@ietf.org), which is
archived at https://mailarchive.ietf.org/arch/browse/srv6ops/.
Subscribe at https://www.ietf.org/mailman/listinfo/srv6ops/.
Source for this draft and an issue tracker can be found at
https://github.com/ipvsix/draft-sidspace-experiment.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Kline & Buraglio Expires 24 April 2025 [Page 1]
�
Internet-Draft SID Space Exp. October 2024
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 24 April 2025.
Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Proposed Structure . . . . . . . . . . . . . . . . . . . . . 3
2.1. Generation of ASN derived SRv6 prefix SID . . . . . . . . 3
2.1.1. SRv6 SID Documentation Prefixes . . . . . . . . . . . 3
2.1.2. SRv6 SID Private Use Prefixes . . . . . . . . . . . . 4
3. Routing and Filtering . . . . . . . . . . . . . . . . . . . . 5
4. Example test case . . . . . . . . . . . . . . . . . . . . . . 5
5. Evaluating the Experiment . . . . . . . . . . . . . . . . . . 6
6. Security Considerations . . . . . . . . . . . . . . . . . . . 6
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
8.1. Normative References . . . . . . . . . . . . . . . . . . 6
8.2. Informative References . . . . . . . . . . . . . . . . . 6
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7
Kline & Buraglio Expires 24 April 2025 [Page 2]
�
Internet-Draft SID Space Exp. October 2024
1. Introduction
[I-D.ietf-6man-sids] requested of IANA a dedicated prefix for Segment
Routing over IPv6 [RFC8402] Segment Identifiers (SRv6 SIDs), with the
aim of "improv[ing] security by making it simpler to filter traffic
at the edge of the SR domains." The prefix 5f00::/16 was allocated
for this purpose [IANA-IPv6Special]. No requirements were placed on
the use of this prefix nor any recommendations made for structured
use of this prefix.
This specification proposes an experimental structure for use of the
SRv6 SIDs prefix in support of Inter-Domain SRv6 networks. The core
of the proposal is to structure the address space by Autonomous
System Number (ASN).
Use of this proposed structure is entirely voluntary. The goal is to
aid SRv6 operations while preserving the ability to use this prefix
across cooperating SRv6 domains, but not across the general Internet.
The SID space prefix was allocated to improve ease of filtering.
Where SRv6 traffic using these prefixes may be shared with
cooperating partner networks, this proposal makes it easier to craft
filters that permit only SRv6 traffic from identified ASNs.
As a point of historical interest, this proposal contains echos of
the structure of the original 6bone test allocation [RFC1897].
2. Proposed Structure
The recommendation of this specification is for SRv6 domains to
allocate SIDs from prefixes that are concatenations of the SRv6 SID
prefix (5f00::/16) and an applicable ASN. Assuming 32-bit ASNs, this
yields a /48 per ASN in use within an SRv6 domain, i.e. 5f00:as-
hi16:as-lo16::/48.
2.1. Generation of ASN derived SRv6 prefix SID
Each unique ASN generates a prefix from the IANA allocation by
converting mutually agreed upon ASNs to hexidecimal, and inserting
this hex into a /48 prefix.
2.1.1. SRv6 SID Documentation Prefixes
Using 16-bit and 32-bit ASNs reserved for documentation purposes
[IANA-ASNs] yields several SRv6 SID prefixes that might be used for
SRv6 documentation purposes. These prefixes presently include ASNs
in the range of 64496-64511 as defined in [RFC5398]:
Kline & Buraglio Expires 24 April 2025 [Page 3]
�
Internet-Draft SID Space Exp. October 2024
5f00:0:fbf0::/48
...
5f00:0:fbff::/48
or any /48 prefix between these.
It should be noted that 32-but ASNs do not have a specific range
dedicated for documentation but do have a private use block as
defined in [RFC6996].
2.1.2. SRv6 SID Private Use Prefixes
Using 16-bit and 32-bit ASNs reserved for private use purposes
[IANA-ASNs] and defined by yields several SRv6 SID prefixes for
private use. These prefixes are defined by RFC 6996 and presently
include:
+==========+=======================+
| ASN size | Private Use Range |
+==========+=======================+
| 16-bit | 64512-65534 |
+----------+-----------------------+
| 32-bit | 4200000000-4294967294 |
+----------+-----------------------+
Table 1
yielding:
5f00:0:fc00::/48
...
5f00:0:fffe::/48
and
5f00:fa56:ea00::/48
...
5f00:ffff:fffe::/48
or any /48 prefix between these, as private use ASN-derived SID
prefixes.
Kline & Buraglio Expires 24 April 2025 [Page 4]
�
Internet-Draft SID Space Exp. October 2024
3. Routing and Filtering
As noted in [draft-bdmgct-spring-srv6-security], it is assumed that
each ASN participating in the SRv6 SID space experiment has deployed
their respective SRv6 implementations within a limited domain
[RFC8799] with appropriate filtering at the domain boundaries.
Because this is a shared space experiment, the requisite filtering
exceptions must be made between each SRv6 domain to allow for the
desired Inter-Domain communication to occur. Care should be taken to
allow only the desired and necessary communication between each SRv6
domain. The mechanisms used should be conformant with the given
domain's security policy and may include, but are not limited to:
* routing filters such as BGP prefix-lists, route-maps, route-
policies, or other analogous mechanisms, or
* access control filters at the domain edge
4. Example test case
One possible test case is the exchange of the IPv6 prefix SID between
two autonomous systems with independent management domains. In this
example, AS4294967294 exchanges their SRv6 SID prefix
(5f00:ffff:fffe::/48) with AS4200000000 who announces their ASN
derived SRv6 SID prefix (5f00:fa56:ea00::/48).
┌─────────────────────────────────┐ ┌──────────────────────────────────┐
│ │ │ │
│ │ │ │
│ eBGP speaker │ │ eBGP speaker │
│ 5f00:ffff:fffe::/48 │ │ 5f00:fa56:ea00::/48 │
│ ┌─────┐ ┌────┐ │ │ ┌────┐ ┌─────┐ │
│ │ ├──────┐ │ ├──┼───────────┼──┤ │ ┌───────┤ │ │
│ │ │ │ │ │ │ │ │ │ │ │ │ │
│ └─────┘ ┌──┴──┐ └─┬──┘ │ │ └──┬─┘ ┌──┴──┐ └─────┘ │
│ │ │ │ │ │ │ │ │ │
│ │ ├───────┘ │ │ └───────┤ │ │
│ └─────┘ │ │ └─────┘ │
│ │ │ │
│ │ │ │
│ │ │ │
│ AS4294967294 │ │ AS4200000000│
└─────────────────────────────────┘ └──────────────────────────────────┘
Within this structure, appropriate and agreed upon policy may be
shared between the partner ASNs. Defining the policy or use cases is
outside of the scope of this document.
Kline & Buraglio Expires 24 April 2025 [Page 5]
�
Internet-Draft SID Space Exp. October 2024
5. Evaluating the Experiment
A survey of participants in the experiment and subsequent evaluation
of the results will determine the ease of deployment and operation,
or lack thereof, and will inform if further work can be performed to
improve ease of implementation and operation.
6. Security Considerations
This document does not alter the inherent security posture of SRv6
[RFC8402], [RFC8754]. The SID space prefix was allocated to improve
ease of filtering. Where SRv6 traffic using these prefixes may be
shared with cooperating partner networks, this proposal makes it
easier to craft filters that permit only SRv6 traffic from identified
ASNs.
7. IANA Considerations
This document has no IANA actions.
8. References
8.1. Normative References
[I-D.ietf-6man-sids]
"SRv6 Segment Identifiers in the IPv6 Addressing
Architecture", n.d.,
.
[IANA-ASNs]
"Autonomous System (AS) Numbers", n.d.,
.
[IANA-IPv6Special]
"IANA IPv6 Special-Purpose Address Registry", n.d.,
.
8.2. Informative References
[draft-bdmgct-spring-srv6-security]
"SRv6 Security Considerations", n.d.,
.
Kline & Buraglio Expires 24 April 2025 [Page 6]
�
Internet-Draft SID Space Exp. October 2024
[RFC1897] Hinden, R. and J. Postel, "IPv6 Testing Address
Allocation", RFC 1897, DOI 10.17487/RFC1897, January 1996,
.
[RFC5398] Huston, G., "Autonomous System (AS) Number Reservation for
Documentation Use", RFC 5398, DOI 10.17487/RFC5398,
December 2008, .
[RFC6996] Mitchell, J., "Autonomous System (AS) Reservation for
Private Use", BCP 6, RFC 6996, DOI 10.17487/RFC6996, July
2013, .
[RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L.,
Decraene, B., Litkowski, S., and R. Shakir, "Segment
Routing Architecture", RFC 8402, DOI 10.17487/RFC8402,
July 2018, .
[RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J.,
Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header
(SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020,
.
[RFC8799] Carpenter, B. and B. Liu, "Limited Domains and Internet
Protocols", RFC 8799, DOI 10.17487/RFC8799, July 2020,
.
Acknowledgments
TODO acknowledge.
Authors' Addresses
Erik Kline
Aalyria Technologies, Inc.
Email: ek.ietf@gmail.com
Nick Buraglio
Energy Sciences Network
Email: buraglio@forwardingplane.net
Kline & Buraglio Expires 24 April 2025 [Page 7]