Skip to main content

Segment Identifiers in SRv6

Document Type Active Internet-Draft (6man WG)
Author Suresh Krishnan
Last updated 2023-05-20 (Latest revision 2023-04-11)
Replaces draft-krishnan-6man-sids
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status Informational
Additional resources Mailing list discussion
Stream WG state Waiting for WG Chair Go-Ahead
Document shepherd Ole Trøan
IESG IESG state I-D Exists
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to
6man                                                         S. Krishnan
Internet-Draft                                                     Cisco
Intended status: Informational                             11 April 2023
Expires: 13 October 2023

                      Segment Identifiers in SRv6


   The data plane for Segment Routing over IPv6 (SRv6) is built using
   IPv6 as the underlying forwarding plane.  Due to this underlying use
   of IPv6, Segment Identifiers (SIDs) used by SRv6 can resemble IPv6
   addresses and behave like them while exhibiting slightly different
   behaviors in some situations.  This document explores the
   characteristics of SRv6 SIDs and to clarify the relationship of SRv6
   SIDs to the IPv6 Addressing Architecture.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 13 October 2023.

Copyright Notice

   Copyright (c) 2023 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Krishnan                 Expires 13 October 2023                [Page 1]
Internet-Draft                  SRv6 SIDs                     April 2023

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   2
   3.  SRv6 SIDs and the IPv6 addressing architecture  . . . . . . .   3
   4.  Special Considerations for Compressed SIDs  . . . . . . . . .   4
     4.1.  Applicability to other forms of compressed SIDs . . . . .   5
   5.  Allocation of a Global Unicast Prefix for SIDs  . . . . . . .   5
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   6
   8.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .   6
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   6
     9.1.  Normative References  . . . . . . . . . . . . . . . . . .   6
     9.2.  Informative References  . . . . . . . . . . . . . . . . .   7
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   8

1.  Introduction

   Segment Routing over IPv6 (SRv6) [RFC8754] uses IPv6 as the
   underlying data plane.  In SRv6, SR source nodes initiate packets
   with a segment identifier in the Destination Address of the IPv6
   header, and SR segment endpoint nodes process a local segment present
   the Destination Address of an IPv6 header.  Thus Segment Identifiers
   (SIDs) in SRv6 can and do appear in the Destination Address of IPv6
   datagrams by design.  This document explores the characteristics of
   SRv6 SIDs and to clarify the relationship of SRv6 SIDs to the IPv6
   Addressing Architecture [RFC4291].

2.  Terminology

   The following terms are used as defined in [RFC8402].

   *  Segment Routing (SR)

   *  SR Domain

   *  Segment

   *  Segment Identifier (SID)

Krishnan                 Expires 13 October 2023                [Page 2]
Internet-Draft                  SRv6 SIDs                     April 2023

   *  SRv6

   *  SRv6 SID

   *  SR Policy.

   The following terms are used as defined in [RFC8754].

   *  Segment Routing Header (SRH)

   *  SR Source Node

   *  Transit Node

   *  SR Segment Endpoint Node

   *  Reduced SRH

   *  Segments Left

   *  Last Entry

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

3.  SRv6 SIDs and the IPv6 addressing architecture

   [RFC8754] defines the Segment List of the SRH as a contiguous array
   of 128-bit IPv6 addresses, and that each of the elements in this list
   are SIDs.  But all of these elements are not necessarily made equal.
   Some of these elements may represent a local interface as described
   in Section 4.3 of [RFC8754] as "A FIB entry that represents a local
   interface, not locally instantiated as an SRv6 SID".  From this it
   follows that not all the SIDs that appear in the SRH are SRv6 SIDs as
   defined by [RFC8402].

   As stated above, the non-SRv6-SID elements that appear in the SRH SID
   list are simply IPv6 addresses assigned to local interfaces and they
   need to conform to [RFC4291].  So, the following discussions are
   applicable solely to SRv6 SIDs that are not assigned to local

Krishnan                 Expires 13 October 2023                [Page 3]
Internet-Draft                  SRv6 SIDs                     April 2023

   One of the key questions to address is how these SRv6 SIDs appearing
   as IPv6 Destination Addresses are perceived and treated by "transit
   nodes" (that are not required to be capable of processing a Segment
   or the Segment Routing Header).

   Section 3.1. of [RFC8986] describes the format of an SRv6 SID as
   composed of three parts LOC:FUNCT:ARG, where a locator (LOC) is
   encoded in the L most significant bits of the SID, followed by F bits
   of function (FUNCT) and A bits of arguments (ARG).  If L+F+A < 128,
   the ARG is followed by enough zero bits to fill the 128 bit SID.
   Such a SID is assigned to a node within a prefix defined as a Locator
   of length L.  When an SRv6 SID occurs in the IPv6 Destination Address
   of an IPv6 header, only the longest match prefix corresponding to the
   Locator [BCP198] is used by the transit node to forward the packet to
   the node identified by the Locator.

   It is clear that this format for SRv6 SIDs is not compliant with the
   requirements set forth in [RFC4291] for IPv6 addresses but it is also
   clear that SRv6 SIDs are not intended for assignment onto interfaces
   on end hosts.  They look and act similar to other mechanisms that use
   IPv6 addresses with different formats such as [RFC6052] that defines
   the IPv6 Addressing of IPv4/IPv6 Translators and [RFC7343] that
   describes ORCHIDv2 (a cryptographic hash identifier format).

   While looking at the transit nodes it becomes apparent that these
   addresses are used purely for forwarding and not for packet delivery
   to end hosts.  Hence the relevant specification to apply here is
   [BCP198] that requires implementations to support the use of variable
   length prefixes in forwarding while explicitly decoupling IPv6
   routing and forwarding from the IPv6 address/prefix semantics
   described in [RFC4291].  Please note that [BCP198] does not override
   the rules in [RFC4291], but merely limits where their impact is

   Furthermore, in the SRv6 specifications, all SIDs assigned within a
   given Locator prefix are located inside the node identified by
   Locator.  Therefore there does not appear to be a conflict with
   section 2.6.1 of [RFC4291] since subnet-router anycast addresses are
   neither required nor useful within a node.

4.  Special Considerations for Compressed SIDs

   [CSID] introduces an encoding for compressed segment lists (C-SIDs),
   and describes how to use a single entry in the Segment list as a
   container for multiple SIDs.  A node taking part in this mechanism
   accomplishes this by using the ARG part [RFC8986] of the Destination
   Address of the IPv6 header to derive a new Destination Address. i.e.,
   the Destination Address field of the packet changes at a segment

Krishnan                 Expires 13 October 2023                [Page 4]
Internet-Draft                  SRv6 SIDs                     April 2023

   endpoint in a way similar to how the address changes as the result of
   processing a segment in the SRH.

   One key thing to note here is that the Locator Block at the beginning
   of the address does not get modified by the operations needed for
   supporting compressed SIDs.  As we have established that the SRv6
   SIDs are being treated simply as routing prefixes on transit nodes
   within the SR domain this does not constitute a modification to the
   IPv6 data plane on such transit nodes and any changes are restricted
   to SR aware nodes.

4.1.  Applicability to other forms of compressed SIDs

   The spring working group is in the process of analyzing multiple
   mechanisms for compressing the SRv6 SID list as described in
   [I-D.ietf-spring-compression-analysis].  Even though this document
   focuses on [CSID], the considerations specified in this document
   might also be applicable to the other mechanisms being analyzed and

5.  Allocation of a Global Unicast Prefix for SIDs

   All of the SRv6 related specifications discussed above are intended
   to be applicable to a contained SR Domain or between collaborating SR
   Domains.  Nodes either inside or outside the SR Domains that are not
   SR-aware will not perform any special behavior for an SRv6 SIDs and
   will treat them solely as IPv6 routing prefixes.

   As an added factor of safety, it is desirable to allocate some
   address space that explicitly signals that the addresses within that
   space cannot be expected to comply with [RFC4291].  As described in
   Section 3 above, there is precedent for mechanisms that use IPv6
   addresses in a manner different from that specified in [RFC4291].
   This would be useful in identifying and potentially filtering packets
   at the edges of the SR Domains to make it simpler for the SR domain
   to fail closed.

   Future specifications are needed to describe the conventions and
   guidelines for the use of this newly allocated address block.  The
   SRv6 operational community, which is the first intended user of this
   block, is requested to come up with such conventions and guidelines
   in line with their requirements.

6.  IANA Considerations

   IANA is requested to assign a /16 address block for the purposes
   described in Section 5 out of the "Reserved by IETF" range defined in
   the Internet Protocol Version 6 Address Space registry.

Krishnan                 Expires 13 October 2023                [Page 5]
Internet-Draft                  SRv6 SIDs                     April 2023

7.  Security Considerations

   The security considerations for the use of Segment Routing [RFC8402],
   SRv6 [RFC8754], and SRv6 network programming [RFC8986] apply to the
   use of these addresses.  The use of IPv6 tunneling mechanisms
   (including SRv6) also brings up additional concerns such as those
   described in [RFC6169].  The usage of the prefix allocated by this
   document improves security by making it simpler to filter traffic at
   the edge of the SR domains.

   In case the deployments do not use this allocated prefix, additional
   care needs to be exercised at network ingress and egress points so
   that SRv6 packets do not leak out of SR domains and they do not
   accidentally enter SR unaware domains.  Similarly as stated in
   Section 5.1 of [RFC8754], packets entering an SR domain from the
   outside need to be configured to filter out the selected prefix if it
   is different from the prefix allocated here.

8.  Acknowledgments

   The author would like to extend a special note of thanks to Brian
   Carpenter and Erik Kline for their precisely summarized thoughts on
   this topic that provided the seed of this draft.  The author would
   also like to thank Andrew Alston, Fred Baker, Ron Bonica, Nick
   Buraglio, Bruno Decraene, Dhruv Dhody, Darren Dukes, Adrian Farrel,
   Clarence Filsfils, Jim Guichard, Joel Halpern, Bob Hinden, Cheng Li,
   Acee Lindem, Jen Linkova, Gyan Mishra, Robert Raszuk, Alvaro Retana,
   Michael Richardson, Mark Smith, Dirk Steinberg, Ole Troan, Eduard
   Vasilenko, Eric Vyncke, Jingrong Xie, and Chongfeng Xie for their
   ideas and comments to improve this document.

9.  References

9.1.  Normative References

   [BCP198]   Boucadair, M., Petrescu, A., and F. Baker, "IPv6 Prefix
              Length Recommendation for Forwarding", BCP 198, RFC 7608,
              DOI 10.17487/RFC7608, July 2015,

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,

   [RFC4291]  Hinden, R. and S. Deering, "IP Version 6 Addressing
              Architecture", RFC 4291, DOI 10.17487/RFC4291, February
              2006, <>.

Krishnan                 Expires 13 October 2023                [Page 6]
Internet-Draft                  SRv6 SIDs                     April 2023

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <>.

   [RFC8200]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", STD 86, RFC 8200,
              DOI 10.17487/RFC8200, July 2017,

   [RFC8402]  Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L.,
              Decraene, B., Litkowski, S., and R. Shakir, "Segment
              Routing Architecture", RFC 8402, DOI 10.17487/RFC8402,
              July 2018, <>.

   [RFC8754]  Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J.,
              Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header
              (SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020,

   [RFC8986]  Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer,
              D., Matsushima, S., and Z. Li, "Segment Routing over IPv6
              (SRv6) Network Programming", RFC 8986,
              DOI 10.17487/RFC8986, February 2021,

9.2.  Informative References

   [CSID]     Cheng, W., Filsfils, C., Li, Z., Decraene, B., and F.
              Clad, "Compressed SRv6 Segment List Encoding in SRH", Work
              in Progress, Internet-Draft, draft-ietf-spring-srv6-srh-
              compression-04, 31 March 2023,

              Bonica, R., Cheng, W., Dukes, D., Henderickx, W., Li, C.,
              Peng, S., and C. Xie, "Compressed SRv6 SID List Analysis",
              Work in Progress, Internet-Draft, draft-ietf-spring-
              compression-analysis-03, 3 April 2023,

   [RFC6052]  Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X.
              Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052,
              DOI 10.17487/RFC6052, October 2010,

Krishnan                 Expires 13 October 2023                [Page 7]
Internet-Draft                  SRv6 SIDs                     April 2023

   [RFC6169]  Krishnan, S., Thaler, D., and J. Hoagland, "Security
              Concerns with IP Tunneling", RFC 6169,
              DOI 10.17487/RFC6169, April 2011,

   [RFC7343]  Laganier, J. and F. Dupont, "An IPv6 Prefix for Overlay
              Routable Cryptographic Hash Identifiers Version 2
              (ORCHIDv2)", RFC 7343, DOI 10.17487/RFC7343, September
              2014, <>.

Author's Address

   Suresh Krishnan

Krishnan                 Expires 13 October 2023                [Page 8]