Almost, but not quite. The first part, up to "egress points" is fine.
But the description of the reasons leaves out one case I think is
important. Namely, preventing packets from outside the SR Domain (e.g.
from an outside attacker) entering the SRv6 Domain.)
Yours,
Joel
On 10/7/2022 9:04 PM, Suresh Krishnan wrote:
Hi Joel,
Thanks for your comment. Please find response inline
On Oct 6, 2022, at 11:15 PM, Joel Halpern <j...@joelhalpern.com> wrote:
I wonder if we could / should add a sentence or two related to the
address block noting that if an operator chooses to use other address
blocks for the SRv6 SIDs then they need to be extra careful about
configuring their edge filters to prevent leaks inwards or outwards?
Sounds good. Would something like this at the end of the penultimate
paragraph of Section 5 work?
NEW:
In case the deployments do not use this allocated prefix additional
care needs to be exercised at network ingress and egress points so
that SRv6 packets do not leak out of SR domains and they do not
accidentally enter SR unaware domains
Regards
Suresh
_______________________________________________
spring mailing list
spring@ietf.org
https://www.ietf.org/mailman/listinfo/spring
