Clarifying SRv6 SID List Processing
draft-ietf-6man-sidlist-clarification-00
| Document | Type | Active Internet-Draft (6man WG) | |
|---|---|---|---|
| Authors | Adrian Farrel , Suresh Krishnan | ||
| Last updated | 2025-09-29 | ||
| Replaces | draft-farrel-6man-sidlist-clarification | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | Proposed Standard | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | I-D Exists | |
| Consensus boilerplate | Yes | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-ietf-6man-sidlist-clarification-00
Network Working Group A. Farrel
Internet-Draft Old Dog Consulting
Updates: 8754 (if approved) S. Krishnan
Intended status: Standards Track Cisco Systems, Inc.
Expires: 2 April 2026 29 September 2025
Clarifying SRv6 SID List Processing
draft-ietf-6man-sidlist-clarification-00
Abstract
Segment Routing over IPv6 (SRv6) is the instantiation of Segment
Routing (SR) on the IPv6 data plane. Segments are indicated by
Segment Identifiers (SIDs). SRv6 utilizes the Segment Routing Header
(SRH), an IPv6 extension header, that includes a SID list indicating
the sequence of segments and any additional processing to be
performed.
This document updates RFC 8754 by clarifying the processing of SID
list entries. It does not change any elements of the SRv6
architecture.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 2 April 2026.
Copyright Notice
Copyright (c) 2025 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Farrel & Krishnan Expires 2 April 2026 [Page 1]
Internet-Draft SID List Clarification September 2025
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Clarification . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Updates to RFC 8754 . . . . . . . . . . . . . . . . . . . . . 3
3.1. Segments Left in Section 2 of RFC 8754 . . . . . . . . . 3
3.2. Segment List in Section 2 of RFC 8754 . . . . . . . . . . 3
3.3. HMAC Processing in Section 2.1.2.1 of RFC 8754 . . . . . 6
3.4. SRH Processing in Section 4.3.1.1 of RFC 8754 . . . . . . 6
3.5. ICMP Processing in Section 5.4 of RFC 8754 . . . . . . . 6
4. Operational Considerations . . . . . . . . . . . . . . . . . 7
5. Security Considerations . . . . . . . . . . . . . . . . . . . 7
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 7
Normative References . . . . . . . . . . . . . . . . . . . . . . 7
Informative References . . . . . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction
The Segment Routing (SR) architecture is specified in [RFC8402]. SR
forwards packets along a series of segments, and may perform
additional segment-specific processing on packets. Segments are
indicated by Segment Identifiers (SIDs).
The mechanisms to achieve Segment Routing for IPv6 (SRv6) include the
use of the Segment Routing Header (SRH) [RFC8754] an IPv6 extension
header that includes a SID list indicating the sequence of segments
and any additional processing to be performed.
This document updates [RFC8754] by clarifying the processing of SID
list entries. It does not change any elements of the SRv6
architecture.
2. Clarification
The SRH is processed per Section 4 of [RFC8754]. One objective is to
determine the value to place in the Destination Address field of the
IPv6 packet. To this end, the next entry in the SID list in the SRH
is processed and mapped to the value to place in the Destination
Address field.
Farrel & Krishnan Expires 2 April 2026 [Page 2]
Internet-Draft SID List Clarification September 2025
The value placed in the 128-bit Destination Address field of an IPv6
packet header needs to be a routable IPv6 address since that is
required for forwarding the packet.
Note that entries in the SID list do not need to be fully-formed IPv6
addresses that are copied direct to the Destination Address field of
the IPv6 packet. The mapping from SID list entry could be a direct
copy (the SID list contains a list of IPv6 addresses), or could
involve a more complex function.
An example of such a function is shown in [RFC9800] where a REPLACE-
CSID compressed SID is expanded to be placed in the Destination
Address field.
3. Updates to RFC 8754
3.1. Segments Left in Section 2 of RFC 8754
The definition of the Segments Left field of the SRH is presented as:
| Segments Left: Defined in [RFC8200], Section 4.4.
This is clarified by Erratum Report EID 7102 (https://www.rfc-
editor.org/errata_search.php?eid=7102). This clarification is
included in this update for completeness. The new text reads:
| Segments Left: Defined in [RFC8200], Section 4.4. Specifically,
| for the SRH, the number of unprocessed 128-bit entries in the
| Segment List.
3.2. Segment List in Section 2 of RFC 8754
The figure in Section 2 of RFC 8754 reads:
Farrel & Krishnan Expires 2 April 2026 [Page 3]
Internet-Draft SID List Clarification September 2025
|
| 0 1 2 3
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | Next Header | Hdr Ext Len | Routing Type | Segments Left |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | Last Entry | Flags | Tag |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | |
| | Segment List[0] (128-bit IPv6 address) |
| | |
| | |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | |
| | |
| ...
| | |
| | |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | |
| | Segment List[n] (128-bit IPv6 address) |
| | |
| | |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| // //
| // Optional Type Length Value objects (variable) //
| // //
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
This is updated as follows to clarify that the entries in the Segment
List are 128 bit entries, but not necessarily IPv6 addresses.
Farrel & Krishnan Expires 2 April 2026 [Page 4]
Internet-Draft SID List Clarification September 2025
|
| 0 1 2 3
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | Next Header | Hdr Ext Len | Routing Type | Segments Left |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | Last Entry | Flags | Tag |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | |
| | Segment List[0] (128-bit entry mapped to IPv6 addresses) |
| | |
| | |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | |
| | |
| ...
| | |
| | |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | |
| | Segment List[n] (128-bit entry mapped to IPv6 addresses) |
| | |
| | |
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| // //
| // Optional Type Length Value objects (variable) //
| // //
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
The text in RFC 8754 reads:
| Segment List[0..n]: 128-bit IPv6 addresses representing the nth
| segment in the Segment List. The Segment List is encoded
| starting from the last segment of the SR Policy. That is, the
| first element of the Segment List (Segment List[0]) contains
| the last segment of the SR Policy, the second element contains
| the penultimate segment of the SR Policy, and so on.
This is updated as follows to clarify that the entries in the Segment
List are 128 bit entries, but not necessarily IPv6 addresses.
| Segment List[0..n]: 128-bit entries representing the nth segment
| in the Segment List. The Segment List is encoded starting from
| the last segment of the SR Policy. That is, the first element
| of the Segment List (Segment List[0]) contains the last segment
| of the SR Policy, the second element contains the penultimate
| segment of the SR Policy, and so on.
Farrel & Krishnan Expires 2 April 2026 [Page 5]
Internet-Draft SID List Clarification September 2025
3.3. HMAC Processing in Section 2.1.2.1 of RFC 8754
In describing the HMAC processing, the text in RFC 8754 says that
HMAC verification checks that the destination address of the packet
matches that indicated by the next entry in the Segment List.
| * HMAC Segments Left is less than or equal to Last Entry, and the
| destination address is equal to Segment List[Segments Left].
This is updated to allow a non-direct mapping from Segment List entry
to destination address as follows:
| * HMAC Segments Left is less than or equal to Last Entry, and the
| destination address is equal to the address created by mapping
| from Segment List[Segments Left].
Further, in describing the concatenation of information to generate
the text field input to the HMAC computation, this section says:
| * SRH: All addresses in the Segment List (variable octets)
This is updated as follows to indicate that Segment List entries are
not necessarily IPv6 addresses.
| * SRH: All entries in the Segment List (variable octets)
3.4. SRH Processing in Section 4.3.1.1 of RFC 8754
The processing steps for a locally instantiated SRv6 SID include the
following step:
| S16. Copy Segment List[Segments Left] from the SRH to the
| destination address of the IPv6 header.
As explained earlier in this document, the function used to generate
the destination address may be a copy, but may be some other
function. Thus, this text is updated as follows:
| S16. Derive the destination address of the IPv6 header
| from Segment List[Segments Left] in the SRH.
3.5. ICMP Processing in Section 5.4 of RFC 8754
The method for deriving the destination address of the invoking
packet in RFC 8574 reads as:
| * The SID at Segment List[0] may be used as the destination
| address of the invoking packet.
Farrel & Krishnan Expires 2 April 2026 [Page 6]
Internet-Draft SID List Clarification September 2025
To allow for the 0th entry in the Segment List to be mapped rather
than copied to a destination address, this is updated to:
| * The SID at Segment List[0] may be mapped to derive the
| destination address of the invoking packet.
4. Operational Considerations
This document does not change any elements of the SR architecture
and, as such, it makes no change to the operational procedures or
management tools of SR.
In clarifying the nature of SID list processing, this document also
clarifies the nature of SID list entries. Operational and management
tools that examine the SID list in a packet need to be aware of the
nature of those entries in order to offer maximal clarity to the
users of those tools.
5. Security Considerations
This document makes no changes to the security properties of SRv6.
See [I-D.ietf-spring-srv6-security] for more discussion of SRv6
security.
Note that describing the SID list entries as being mapped to the
destination address of a packet enables potential additional security
features.
6. IANA Considerations
This document makes no requests for IANA action.
Acknowledgments
Thanks to Eric Vyncke and Erik Kline for inspiring the authors to
write this document. Thanks to Bob Hinden, Mohamed Boucadair, Joel
Halpern, Yao Liu, Bruno Decraene, and Brian Carpenter for their
reviews and comments that improved this document.
Normative References
[RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L.,
Decraene, B., Litkowski, S., and R. Shakir, "Segment
Routing Architecture", RFC 8402, DOI 10.17487/RFC8402,
July 2018, <https://www.rfc-editor.org/info/rfc8402>.
Farrel & Krishnan Expires 2 April 2026 [Page 7]
Internet-Draft SID List Clarification September 2025
[RFC8754] Filsfils, C., Ed., Dukes, D., Ed., Previdi, S., Leddy, J.,
Matsushima, S., and D. Voyer, "IPv6 Segment Routing Header
(SRH)", RFC 8754, DOI 10.17487/RFC8754, March 2020,
<https://www.rfc-editor.org/info/rfc8754>.
Informative References
[I-D.ietf-spring-srv6-security]
Buraglio, N., Mizrahi, T., tongtian124, Contreras, L. M.,
and F. Gont, "Segment Routing IPv6 Security
Considerations", Work in Progress, Internet-Draft, draft-
ietf-spring-srv6-security-07, 18 September 2025,
<https://datatracker.ietf.org/doc/html/draft-ietf-spring-
srv6-security-07>.
[RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", STD 86, RFC 8200,
DOI 10.17487/RFC8200, July 2017,
<https://www.rfc-editor.org/info/rfc8200>.
[RFC9800] Cheng, W., Ed., Filsfils, C., Li, Z., Decraene, B., and F.
Clad, Ed., "Compressed SRv6 Segment List Encoding",
RFC 9800, DOI 10.17487/RFC9800, June 2025,
<https://www.rfc-editor.org/info/rfc9800>.
Authors' Addresses
Adrian Farrel
Old Dog Consulting
United Kingdom
Email: adrian@olddog.co.uk
Suresh Krishnan
Cisco Systems, Inc.
United States of America
Email: suresh.krishnan@gmail.com
Farrel & Krishnan Expires 2 April 2026 [Page 8]