IPv6 Segment Routing Security Considerations

Document Type Expired Internet-Draft (individual)
Last updated 2015-08-31 (latest revision 2015-02-27)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Segment Routing (SR) allows a node to steer a packet through a controlled set of instructions, called segments, by prepending a SR header to the packet. A segment can represent any instruction, topological or service-based. SR allows to enforce a flow through any path (topological, or application/service based) while maintaining per-flow state only at the ingress node to the SR domain. Segment Routing can be applied to the IPv6 data plane with the addition of a new type of Routing Extension Header. This document analyzes the security aspects of the Segment Routing Extension Header (SRH) and how it is used by SR capable nodes to deliver a secure service.


√Čric Vyncke (evyncke@cisco.com)
Stefano Previdi (sprevidi@cisco.com)
David Lebrun (david.lebrun@uclouvain.be)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)