> What worries me more is the opportunity for adversaries to inject SRv6 > packets. MPLS is not enabled by default on most router interfaces, so > an adversary would have to have access to an interface where MPLS > processing is explicitly enabled. IPv6 packet processing on the other > hand… Unless an operator has airtight protection on every interface to > block unwanted SRv6 headers I see some interesting opportunities to > cause havoc :)
this is quite true, and a serious issue. but it has a good side. if you run an ipv6 enebled network, you can deploy srv6 without enabling srv6 everywhere, only at the marking encaps or embed) points. nice for partial and/or incremental deployment. randy, with no dog in this fight
