Hi Suresh, NEW: > In case the deployments do not use this allocated prefix additional care > needs to be exercised at network ingress and egress points so that SRv6 > packets do not leak out of SR domains and they do not accidentally enter SR > unaware domains. >
IMO this is too broad. I would say that such ingress filtering could/should happen only if dst or locator is within locally configured/allocated prefixes. Otherwise it is pure IPv6 transit and I see no harm not to allow it. > Similarly as stated in Section 5.1 of RFC8754 packets entering an SR > domain from the outside need to be configured to filter out the selected > prefix if it is different from the prefix allocated here. > Again the way I read it this kills pure IPv6 transit for SRv6 packets. Why ? (Well I know the answer to "why" from our endless discussions about SRv6 itself and network programming however I still see no need to mandate in any spec to treat SRv6 packets as unwanted/forbidden for pure IPv6 transit.) Thx, R.
_______________________________________________ spring mailing list spring@ietf.org https://www.ietf.org/mailman/listinfo/spring
