Table 1 SR native security mechanism.
From: A data plane security model of SR-BE/TE based on zero-trust architecture
security mechanism | Implementation method | Threat against |
|---|---|---|
The head node of the flow encapsulates the label stack to specify the flow path | Malicious drainage | |
Only the source route is used in the domain, and the source route information is cleared by setting the C-flag flag in SRH when the data packet leaves the domain | Label leakage | |
RFC8754 stipulates that the optional TLV (Type-Length-Value) object field of SRH in SRv6 message carries HMAC TLV | SRv6 data message tampering | |
Anycast-SID will balance the traffic from a single node to multiple nodes | Single point failure | |
Local trigger (such as BFD(Bidirectional Forwarding Detection)), remote intra-domain trigger (IGP flooding), remote cross-domain trigger (updated by BGP-LS), end-to-end SR Policy survivability detection, explicit candidate path verification and dynamic candidate path recalculation | – | |
TI-LFA (Topology-Independent Loop-free Alternate) node protection | – | |
Use the “mpls ip-ttl-propagation disable” command to hide the multi-hop MPLS network as a single-hop network, thus invalidating the traceroute command | Traditional topology detection, inter-domain topology detection | |
By binding the SR Policy of the specified domain to BSID, users outside the domain cannot obtain the topology within the domain based on the candidate path information |
