Skip to main content

IPv6 Segment Routing Security Considerations

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Éric Vyncke , Stefano Previdi , David Lebrun
Last updated 2015-08-31 (Latest revision 2015-02-27)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Segment Routing (SR) allows a node to steer a packet through a controlled set of instructions, called segments, by prepending a SR header to the packet. A segment can represent any instruction, topological or service-based. SR allows to enforce a flow through any path (topological, or application/service based) while maintaining per-flow state only at the ingress node to the SR domain. Segment Routing can be applied to the IPv6 data plane with the addition of a new type of Routing Extension Header. This document analyzes the security aspects of the Segment Routing Extension Header (SRH) and how it is used by SR capable nodes to deliver a secure service.


Éric Vyncke
Stefano Previdi
David Lebrun

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)