| Internet-Draft | SID Space Inter-domain Addressing. | November 2024 |
| Kline & Buraglio | Expires 9 May 2025 | [Page] |
This specification recommends a specific structured use of the SRv6 SIDs prefix in support of Inter-Domain SRv6 networks. The core of the proposal is to structure the address space by Autonomous System Number (ASN).¶
Use of this proposed structure is entirely voluntary. Voluntary use of this structure aids SRv6 operations while preserving the ability to use this prefix across cooperating SRv6 domains, but not across the general Internet.¶
This note is to be removed before publishing as an RFC.¶
The latest revision of this draft can be found at https://ipvsix.github.io/draft-sidspace-experiment/draft-ek-srv6ops-sidspace-experiment.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-eknb-srv6ops-interdomain-sidspace/.¶
Discussion of this document takes place on the SRv6 Operations Working Group mailing list (mailto:srv6ops@ietf.org), which is archived at https://mailarchive.ietf.org/arch/browse/srv6ops/. Subscribe at https://www.ietf.org/mailman/listinfo/srv6ops/.¶
Source for this draft and an issue tracker can be found at https://github.com/ipvsix/draft-sidspace-experiment.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 9 May 2025.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
[RFC9602] requested of IANA a dedicated prefix for Segment Routing over IPv6 [RFC8402] Segment Identifiers (SRv6 SIDs), with the aim of "improv[ing] security by making it simpler to filter traffic at the edge of the SR domains." The prefix 5f00::/16 was allocated for this purpose [IANA-IPv6Special]. No requirements were placed on the use of this prefix nor any recommendations made for structured use of this prefix.¶
This specification recommends a specific structured use of the SRv6 SIDs prefix in support of Inter-Domain SRv6 networks. The core of the proposal is to structure the address space by Autonomous System Number (ASN).¶
Use of this proposed structure is entirely voluntary. Voluntary use of this structure aids SRv6 operations while preserving the ability to use this prefix across cooperating SRv6 domains, but not across the general Internet.¶
The SID space prefix was allocated to improve ease of filtering. Where SRv6 traffic using these prefixes may be shared with cooperating partner networks, this proposal makes it easier to craft filters that permit only SRv6 traffic from identified ASNs.¶
As a point of historical interest, this proposal contains echos of the structure of the original 6bone test allocation [RFC1897].¶
An inter-domain SRv6 SID, as used in this document, means an SRv6 SID from the address space used by one SRv6 domain that is advertised to another SRv6 domain force inclusion an SRv6 Policy used by the second domain when forwarding policy-specific traffic to the advertising SRv6 domain.¶
The recommendation of this specification is for SRv6 domains to allocate SIDs from prefixes that are concatenations of the SRv6 SID prefix (5f00::/16) and an applicable ASN.
Assuming 32-bit ASNs, this yields a /48 per ASN in use within an SRv6 domain, i.e. 5f00:as-hi16:as-lo16::/48.¶
Each unique ASN generates a prefix from the IANA allocation by converting mutually agreed upon ASNs to hexidecimal, and inserting this hex into a /48 prefix.¶
Using 16-bit and 32-bit ASNs reserved for documentation purposes [IANA-ASNs] yields several SRv6 SID prefixes that might be used for SRv6 documentation purposes. These prefixes presently include ASNs in the range of 64496-64511 as defined in [RFC5398]:¶
5f00:0:fbf0::/48 ... 5f00:0:fbff::/48¶
or any /48 prefix between these.¶
It should be noted that 32-but ASNs do not have a specific range dedicated for documentation but do have a private use block as defined in [RFC6996].¶
Using 16-bit and 32-bit ASNs reserved for private use purposes [IANA-ASNs] and defined by yields several SRv6 SID prefixes for private use. These prefixes are defined by RFC 6996 and presently include:¶
| ASN size | Private Use Range |
|---|---|
| 16-bit | 64512-65534 |
| 32-bit | 4200000000-4294967294 |
yielding:¶
5f00:0:fc00::/48 ... 5f00:0:fffe::/48¶
and¶
5f00:fa56:ea00::/48 ... 5f00:ffff:fffe::/48¶
or any /48 prefix between these, as private use ASN-derived SID prefixes.¶
As noted in [draft-bdmgct-spring-srv6-security], it is assumed that each ASN using this SRv6 SID space structure has deployed their respective SRv6 implementations within a limited domain [RFC8799] with appropriate filtering at the domain boundaries. Because this is intended for inter-domain use, the requisite filtering exceptions must be made between each SRv6 domain to allow for the desired Inter-Domain communication to occur. Care should be taken to allow only the desired and necessary communication between each SRv6 domain. The mechanisms used should be conformant with the given domain's security policy and may include, but are not limited to:¶
One possible test case is the exchange of the IPv6 prefix SID between two autonomous systems with independent management domains. In this example, AS4294967294 exchanges their SRv6 SID prefix (5f00:ffff:fffe::/48) with AS4200000000 who announces their ASN derived SRv6 SID prefix (5f00:fa56:ea00::/48).¶
┌─────────────────────────────────┐ ┌──────────────────────────────────┐ │ │ │ │ │ │ │ │ │ eBGP speaker │ │ eBGP speaker │ │ 5f00:ffff:fffe::/48 │ │ 5f00:fa56:ea00::/48 │ │ ┌─────┐ ┌────┐ │ │ ┌────┐ ┌─────┐ │ │ │ ├──────┐ │ ├──┼───────────┼──┤ │ ┌───────┤ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ └─────┘ ┌──┴──┐ └─┬──┘ │ │ └──┬─┘ ┌──┴──┐ └─────┘ │ │ │ │ │ │ │ │ │ │ │ │ │ ├───────┘ │ │ └───────┤ │ │ │ └─────┘ │ │ └─────┘ │ │ │ │ │ │ │ │ │ │ │ │ │ │ AS4294967294 │ │ AS4200000000│ └─────────────────────────────────┘ └──────────────────────────────────┘¶
Within this structure, appropriate and agreed upon policy may be shared between the partner ASNs. Defining the policy or use cases is outside of the scope of this document.¶
This document does not alter the inherent security posture of SRv6 [RFC8402], [RFC8754]. The SID space prefix was allocated to improve ease of filtering. Where SRv6 traffic using these prefixes may be shared with cooperating partner networks, this proposal makes it easier to craft filters that permit only SRv6 traffic from identified ASNs.¶
This document has no IANA actions.¶
TODO acknowledge.¶