12 Jan
2022
12 Jan
'22
4:52 p.m.
What worries me more is the opportunity for adversaries to inject SRv6 packets. MPLS is not enabled by default on most router interfaces, so an adversary would have to have access to an interface where MPLS processing is explicitly enabled. IPv6 packet processing on the other hand… Unless an operator has airtight protection on every interface to block unwanted SRv6 headers I see some interesting opportunities to cause havoc :)
this is quite true, and a serious issue. but it has a good side. if you run an ipv6 enebled network, you can deploy srv6 without enabling srv6 everywhere, only at the marking encaps or embed) points. nice for partial and/or incremental deployment. randy, with no dog in this fight