SRv6 is a routing architecture that can provide hybrid cooperation between a centralized network controller and network nodes: IPv6 routers maintain the multi-hop ECMP-aware segments, whereas the controller, responsible for the Traffic Engineering policy, combines them to form a source-routed path through the network. Since the state of the flow is defined at the ingress to the network and then is contained in a specific packet header, called Segment Routing Header (SRH), the importance of such a header itself is vital. Motivated by the increasing success and widespread deployment of such approaches and technologies, this paper introduces the context and discusses some of the issues tied to possible tampering with the Segment Routing Header content. Finally, some details of an experimental testbed aimed at evaluating the above issues are provided.
On SRv6 Security / LO BASCIO, David; Lombardi, Flavio. - 201:C(2022), pp. 406-412. (Intervento presentato al convegno The 13th International Conference on Ambient Systems, Networks and Technologies (ANT) / The 5th International Conference on Emerging Data and Industry 4.0 (EDI40) tenutosi a Oporto) [10.1016/j.procs.2022.03.054].
On SRv6 Security
David Lo Bascio
;
2022
Abstract
SRv6 is a routing architecture that can provide hybrid cooperation between a centralized network controller and network nodes: IPv6 routers maintain the multi-hop ECMP-aware segments, whereas the controller, responsible for the Traffic Engineering policy, combines them to form a source-routed path through the network. Since the state of the flow is defined at the ingress to the network and then is contained in a specific packet header, called Segment Routing Header (SRH), the importance of such a header itself is vital. Motivated by the increasing success and widespread deployment of such approaches and technologies, this paper introduces the context and discusses some of the issues tied to possible tampering with the Segment Routing Header content. Finally, some details of an experimental testbed aimed at evaluating the above issues are provided.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
