SRv6 can provide hybrid cooperation between a centralized network controller and network nodes. IPv6 routers maintainmulti-hop ECMP-aware segments, whereas the controller establishes a source-routed path through the network. Since thestate of the flow is defined at the ingress to the network and then is contained in a specific packet header, called SegmentRouting Header (SRH), the importance of such a header itself is vital. Motivated by the need to study and investigate thistechnology, this paper discusses some security-related issues of Segment Routing. A SRv6 capable experimental testbed is built and detailed. Finally, an experimental test campaign is performed and results are evaluated and discussed.
Segment Routing v6 - Security Issues and Experimental Results
Flavio Lombardi
2023
Abstract
SRv6 can provide hybrid cooperation between a centralized network controller and network nodes. IPv6 routers maintainmulti-hop ECMP-aware segments, whereas the controller establishes a source-routed path through the network. Since thestate of the flow is defined at the ingress to the network and then is contained in a specific packet header, called SegmentRouting Header (SRH), the importance of such a header itself is vital. Motivated by the need to study and investigate thistechnology, this paper discusses some security-related issues of Segment Routing. A SRv6 capable experimental testbed is built and detailed. Finally, an experimental test campaign is performed and results are evaluated and discussed.| File | Dimensione | Formato | |
|---|---|---|---|
|
prod_490122-doc_204164.pdf
accesso aperto
Descrizione: Segment Routing v6 - Security Issues and Experimental Results
Tipologia:
Versione Editoriale (PDF)
Licenza:
Creative commons
Dimensione
2 MB
Formato
Adobe PDF
|
2 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
