| Internet-Draft | Distribute SRv6 Locator by DHCP | February 2026 |
| Cheng, et al. | Expires 15 August 2026 | [Page] |
In an SRv6 network, each SRv6 Segment Endpoint Node must be assigned an SRv6 Locator, and segment identifiers (SIDs) are generated within the address space of this SRv6 Locator. This document describes a method for assigning SRv6 Locators to SRv6 Segment Endpoint Nodes through Dynamic Host Configuration Protocol for IPv6 (DHCPv6).¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 15 August 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The Segment Routing (SR) architecture [RFC8402] specifies how a node can steer a packet using an ordered list of instructions called segments. These segments are identified using Segment Identifiers (SIDs).¶
Segment Routing can be instantiated on the IPv6 data plane using either the Segment Routing Header (SRH) defined in [RFC8754] or compressed segment lists defined in [RFC9800]. SR instantiation on the IPv6 data plane is referred to as SRv6.¶
[RFC8986] introduces the SRv6 Network Programming concept and specifies the base set of SRv6 behaviors.¶
In an SRv6 network, each SRv6 Segment Endpoint Node must be assigned an SRv6 Locator, and SIDs are generated within the address space of this SRv6 Locator. This document describes a method for assigning SRv6 Locators to SRv6 Segment Endpoint Nodes through Dynamic Host Configuration Protocol for IPv6 (DHCPv6).¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document leverages the terms defined in [RFC9915] and [RFC8986]. The reader is assumed to be familiar with this terminology.¶
As shown in Figure 1, in the IP backbone network, access network devices are deployed for access users in different regions. This deployment assumes that all of the relevant components in Figure 1 are part of a single trusted SR domain. The Customer Premises Equipment (CPE) must be managed by the operator providing services or by a trusted partner. If the CPE is located within the customer premises, it must ensure that the device itself and its ports are under the same operator's administrative domain; otherwise, security risks may arise.¶
CPEs for access users are connected to the local metropolitan area network (MAN) in various ways. CPEs are responsible for assigning addresses to access users by requesting DHCPv6 Prefix Delegation (PD) from a DHCPv6 server, as specified in Section 6.3 of [RFC9915]. [RFC7084] and [RFC7368] describe such use in detail. The DHCPv6 server is usually enabled on or relayed by the Broadband Remote Access Server (BRAS).¶
After the DHCPv6 server allocates any delegated prefix, BRAS will add a network route corresponding to the delegated prefix to local routing table and distribute the network route to the upstream routers.¶
Metropolitan area network
+---------------------------+
| |
+------+ +------+ | +-----+ +-------+ |
|Host1 +-----+ CPE1 +----+--+BRAS1+--------+Router1| |
+------+ +------+ | +-----+ +---+---+ |
| | |
+---------------------+-----+
|
+--------+-------------+
| |
| Backbone Network |
| |
+--------+-------------+
|
+---------------------+-----+
| | |
+------+ +------+ | +-----+ +--+----+|
|Host2 +-----+ CPE2 +----+--+BRAS2+---------+Router2||
+------+ +------+ | +-----+ +-------+|
+---------------------------+
Figure 1: Telecom IPv6 Network
¶
In this network, operators hope to achieve interconnection between access users through CPE-to-CPE SRv6 tunnels. Taking the service traffic from Host1 to Host2 as an example, CPE1 is the SRv6 ingress node and CPE2 is the SRv6 egress node. The SRv6 Locator should be configured on the CPEs. Other devices within the operator's network learn the SRv6 locator routes of the CPEs.¶
At the same time, SRv6 policies need to be configured on CPEs to steer the service traffic between CPEs to the specified SRv6 forwarding path. The SRv6 policy can be manually configured statically (via command-line interface (CLI), NETCONF, YANG, APIs, etc.).¶
This document proposes a method for allocating SRv6 Locators to CPE via DHCPv6 and distributing SRv6 Locator routes using the DHCPv6 workflow. This approach simplifies network operation and maintains consistency with existing IPv6 address allocation mechanisms already deployed in such networks.¶
The Identity Association for SRv6 Locator (IA_SRV6_LOCATOR) option is used to carry an IA_SRV6_LOCATOR, the parameters associated with the IA_SRV6_LOCATOR, and the SRv6 Locator associated with the IA_SRV6_LOCATOR.¶
The IA_SRV6_LOCATOR option can be carried in DHCPv6 Solicit, Advertise, Request, Reply, Renew, and Release messages.¶
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_IA_SRV6_LOCATOR | Option-Len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| IAID (4 octets) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| T1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| T2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. .
. IA_SRV6_LOCATOR-Options .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 2: Identity Association for SRv6 Locator Option Format
Where:
¶
Option-Code: OPTION_IA_SRV6_LOCATOR, the option code for the Identity Association for SRv6 Locator. The current value of 149 was requested as part of an early assignment from IANA.¶
Option-Len: 12 + the length of IA_SRV6_LOCATOR-Options field in octets.¶
IAID: The unique identifier for this IA_SRV6_LOCATOR. The IAID MUST be unique among the identifiers for all of this client's IA_SRV6_LOCATORs. The number space for IA_SRV6_LOCATOR IAIDs is separate from the number space for other IA option types. A 4-octet field containing an unsigned integer.¶
T1: The time interval after which the client should contact the server from which the SRv6 Locators in the IA_SRV6_LOCATOR were obtained to extend the lifetimes of the SRv6 Locators to the IA_SRV6_LOCATOR. T1 is a time duration relative to the message reception time expressed in units of seconds. A 4-octet field containing an unsigned integer.¶
T2: The time interval after which the client should contact any available server to extend the lifetimes of the SRv6 Locators assigned to the IA_SRV6_LOCATOR. T2 is a time duration relative to the message reception time expressed in units of seconds. A 4- octet field containing an unsigned integer.¶
IA_SRV6_LOCATOR-Options: Options associated with this IA_SRV6_LOCATOR. A variable-length field (12 octets less than the value in the Option-Len field).¶
The IA_SRV6_LOCATOR-Options field encapsulates those options that are specific to this IA_SRV6_LOCATOR. For example, all of the IA Locator options (see Section 4.2) carrying the SRv6 Locators associated with this IA_SRV6_LOCATOR are in the IA_SRV6_LOCATOR- Options field.¶
An IA_SRV6_LOCATOR option may only appear in the options area of a DHCP message. A DHCP message may contain multiple IA_SRV6_LOCATOR Options (though each must have a unique IAID).¶
The status of any operations involving this IA_SRV6_LOCATOR is indicated in a Status Code option (see Section 21.13 of [RFC9915]) in the IA_SRV6_LOCATOR-Options field.¶
Note that an IA_SRV6_LOCATOR has no explicit "lifetime" or "lease length" of its own. When the valid lifetimes of all of the SRv6 Locators in an IA_SRV6_LOCATOR have expired, the IA_SRV6_LOCATOR can be considered as having expired. T1 and T2 fields are included to give the server explicit control over when a client should contact the server about a specific IA_SRV6_LOCATOR.¶
In a message sent by a client to a server, the T1 and T2 fields SHOULD be set to 0. The server MUST ignore any values in these fields in messages received from a client.¶
In a message sent by a server to a client, the client MUST use the values in the T1 and T2 fields for the T1 and T2 timers, unless values in those fields are 0. The values in the T1 and T2 fields are the number of seconds until T1 and T2.¶
The server selects the T1 and T2 times to allow the client to extend the lifetimes of any SRv6 Locators in the IA_SRV6_LOCATOR before the lifetimes expire, even if the server is unavailable for some short period of time. Recommended values for T1 and T2 are 0.5 and 0.8 times the shortest preferred lifetime of the SRv6 Locators in the IA_SRV6_LOCATOR that the server is willing to extend, respectively. If the time at which the SRv6 Locators in an IA_SRV6_LOCATOR are to be renewed is to be left to the discretion of the client, the server sets T1 and T2 to 0. The client MUST follow the rules defined in Section 14.2 of [RFC9915].¶
If a client receives an IA_SRV6_LOCATOR with T1 greater than T2 and both T1 and T2 are greater than 0, the client discards the IA_SRV6_LOCATOR option and processes the remainder of the message as though the server had not included the IA_SRV6_LOCATOR option.¶
The IA Locator option is used to specify an SRv6 Locator associated with an IA_SRV6_LOCATOR. The IA Locator option MUST be encapsulated in the IA_SRV6_LOCATOR-Options field of an IA_SRV6_LOCATOR option (see Section 4.1). The terms Locator Block and Locator Node correspond to the B and N parts, respectively, of the SRv6 Locator that is defined in Section 3.1 of [RFC8986].¶
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| OPTION_IALOCATOR | Option-Len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Preferred-lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Valid-lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Algorithm | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| LB-Len | LN-Len | Fun-Len | Arg-Len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
. SRv6-Locator .
. (up to 16 octets) .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. .
. IALocator-Options .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 3: IA Locator Option Format
Where:
¶
Option-code: OPTION_IALOCATOR, the option code for IA_SRv6_LOCATOR option. The current value of 150 was requested as part of an early assignment from IANA.¶
Option-Len: 16 + the length of SRv6-Locator + the length of IALocator-Options field in octets.¶
Preferred-lifetime: The preferred lifetime for the SRv6 Locator in the option, expressed in units of seconds. A value of 0xffffffff represents "infinity" (see Section 7.7 of [RFC9915]). A 4-octet field containing an unsigned integer.¶
Valid-lifetime: The valid lifetime for the SRv6 Locator in the option, expressed in units of seconds. A value of 0xffffffff represents "infinity". A 4-octet field containing an unsigned integer.¶
Algorithm: A 1-octet unsigned integer. The algorithm associated with the SRv6 Locator from which the SID is allocated. Algorithm values are defined in the "IGP Algorithm Types" registry [RFC8665] and [RFC9350].¶
Reserved: A 3-octet unsigned integer, MUST be set to zero and ignored when received.¶
LB-Len: SRv6 SID Locator Block (LB) length in bits. A 1-octet unsigned integer.¶
LN-Len: SRv6 SID Locator Node (LN) length in bits. A 1-octet unsigned integer.¶
Fun-Len: SRv6 SID function (FUNCT) length in bits. A 1-octet unsigned integer.¶
Arg-Len: SRv6 SID arguments (ARG) length in bits. A 1-octet unsigned integer.¶
SRv6-Locator: 0–16 octets. This field encodes the SRv6 Locator. The SRv6 Locator is encoded in the minimal number of octets for the SRv6 SID Locator length that is LB-Len plus LN-Len. Trailing bits MUST be set to zero and ignored when received.¶
IALocator-Options: Options associated with this SRv6 Locator. A variable-length field (determined by subtracting the length of the SRv6-Locator from the Option-Len minus 12). The Status code "NoSRv6LocatorAvail" indicate the server has no locators available to assign to the IA_SRv6_LOCATOR(s).¶
The SRv6 SID Locator length (LOC-Len) is LB-Len plus LN-Len.¶
The sum of LB-Len, LN-Len, Fun-Len, and Arg-Len MUST NOT exceed 128 bits. If the sum exceeds 128 bits, the IA_SRV6_LOCATOR option MUST be marked as invalid, and the remainder of the message SHOULD be processed as if the packet did not include this option.¶
The values in the preferred-lifetime and valid-lifetime fields are the number of seconds remaining in each lifetime. The value of 0xffffffff for the preferred lifetime or the valid lifetime is taken to mean "infinity" and should be used carefully. The details about the use of lifetime values for assigned SRv6 Locators are the same as the ones specified for prefix delegation in Section 18.2.10.1 of [RFC9915].¶
An IA Locator option may appear only in an IA_SRV6_LOCATOR option. More than one IA Locator option can appear in a single IA_SRV6_LOCATOR option.¶
The status of any operations involving this IA_SRv6_LOCATOR option is indicated in a Status Code option (see Section 21.13 of [RFC9915]) in the IALocator-Options field.¶
Consistent with Prefix Delegation mechanism [RFC9915], the DHCPv6 Client obtains an SRv6 Locator via DHCPv6. The key message exchanges involved are Solicit, Request, Advertise, and Reply. Once the DHCPv6 Server assigns an SRv6 Locator to the DHCPv6 Client, it automatically adds the associated SRv6 Locator routes.¶
Figure 4 illustrates the process of SRv6 Locator allocation through DHCPv6.¶
DHCPv6 Client DHCPv6 Server
v v
| |
| |
____________ |\ |
____________ | +-----------+ |
| Solicit \|
| EmptyIALocator|
| |
| /|
| +----------+ |
| / Advertise |
|/ IALocator |
| |
|\ |
| +-----------+ |
| Request \|
| IALocator |
| /|
| +----------+ |
| / Reply |
|/ IALocator |
end of | |
4-message | |
exchange | | Issue Locator Route Locally
Use Locator to | | Distribute Locator Route
alloc SRv6 SID | |
Figure 4: SRv6 Locator Exchange
¶
As specified in Sections 18.2.1 of [RFC9915], DHCP client sends a Solicit message containing an IA_SRV6_LOCATOR option to request a locator. The client may include its preferred locator value within the IA_SRV6_LOCATOR option.¶
DHCPv6 Server processes the Solicit message, assigns a locator to the client, and returns the allocated locator in an Advertise message with the IA_SRV6_LOCATOR option.¶
As specified in Sections 18.2.2 of [RFC9915], upon receiving the Advertise message, client accepts the assigned locator and sends a Request message with the IA_SRV6_LOCATOR option to confirm the requested locator.¶
The server processes the Request message, confirms the locator assignment, and responds with a Reply message containing the IA_SRV6_LOCATOR option with the allocated locator.¶
As described in Sections 18.2.4 of [RFC9915], client periodically sends a Renew message with the IA_SRV6_LOCATOR option to refresh the lease. The server processes the Renew message, updates the lease, and replies with a Reply message containing the IA_SRV6_LOCATOR option.¶
As described in Sections 18.2.5 of [RFC9915], if the client does not receive a Reply message before the T2 timer expires, it sends a Rebind message with the IA_SRV6_LOCATOR option to attempt lease renewal.¶
If the server responds with a Reply message, the client retains its allocated locator.¶
If no response is received, the client considers the lease expired and restarts the process by sending a new Solicit message.¶
As described in Sections 18.2.7 of [RFC9915], if the client is about to go offline, it sends a Release message with the IA_SRV6_LOCATOR option to relinquish the locator.¶
Upon receiving a valid Release message, and when the SRv6 Locator in the message is valid, the server MUST remove the lease and free the locator, making it available for allocation to other clients. For detailed processing procedures, refer to Section 18.3.7 of [RFC9915].¶
A client uses the Solicit message to discover DHCPv6 servers configured to assign leases or return other configuration parameters on the link to which the client is attached.¶
A client uses Request, Renew, Rebind, Release and Decline messages during the normal lifecycle of SRv6 Locator assignment.¶
In a message sent by a client to a server, the preferred-lifetime and valid-lifetime fields SHOULD be set to 0. The server MUST ignore any received values in these lifetime fields.¶
The client MUST NOT send an IA_SRv6_LOCATOR option with 0 in the "LB-Len" or "LN-Len" fields. The client MAY send non-zero values in the "LB-Len" and "LN-Len" fields, and the unspecified value (::) in the "SRv6-Locator" field to indicate a preference for the size of the SRv6 Locator to be assigned. The LOC-Len (LB-Len + LN-Len) hint provided by a client is similar to the prefix-length hint in an IA_PD. Clients and servers are expected to follow the guidance provided in [RFC8168].¶
The client MUST discard any SRv6 Locators for which the preferred lifetime is greater than the valid lifetime.¶
The process of requesting an SRv6 Locator is the same as that of requesting prefixes. When requesting an SRv6 Locator, the DHCPv6 client sends a request message carrying the IA_SRV6_LOCATOR option to the DHCPv6 server.¶
Upon the receipt of a valid Reply message with IA_SRV6_LOCATOR option in response to a Solicit with a Rapid Commit option, Request, Renew, or Rebind message, the client MUST process the Reply message according to the requirements of Section 18.2.10 of [RFC9915], and configure the assigned SRv6 Locator in the client device automatically.¶
After obtaining the SRv6 Locator assigned by the DHCPv6 server, how to assign local SRv6 SIDs based on this SRv6 Locator, how to use multiple assigned SRv6 Locators, and how to advertise these SRv6 SIDs to the rest of the network are not within the scope of this document.¶
The client uses the SRv6 locators and associated information from any IAs that do not contain a Status Code option with the NoSRv6LocatorAvail status code. The client MAY include the IAs for which it received the NoSRv6LocatorAvail status code, with no SRv6 Locators, in subsequent Renew and Rebind messages sent to the server, to retry obtaining the SRv6 Locators for these IAs.¶
To extend the preferred and valid lifetimes for the assigned SRv6 Locators or obtain new assigned SRv6 Locators, the client sends a Renew/Rebind message to the server with IA_SRV6_LOCATOR option as specified in Sections 18.2.4 and 18.2.5 of [RFC9915].¶
If the client no longer uses the SRv6 Locator, the client can actively send a Release message to notify the server to reclaim SRv6 Locator and delete the corresponding SRv6 Locator. The client MUST include options containing the IAs for the SRv6 Locators it is releasing in the IA_SRV6_LOCATOR-options of IA_SRV6_LOCATOR option.¶
A client can explicitly request multiple SRv6 Locator prefixes by sending multiple IA_SRV6_LOCATOR options. A client can send multiple IA_SRV6_LOCATOR options in its initial transmissions. Alternatively, it can send an extra Request message with additional new IA_SRV6_LOCATOR options (or include them in a Renew message).¶
DHCP allows a client to request new SRv6 Locators to be assigned by sending additional new IA_SRV6_LOCATOR options. However, a typical operator usually prefers to assign a single, larger prefix. In most deployments, it is RECOMMENDED that the client request a larger SRv6 Locator in its initial transmissions rather than request additional SRv6 Locators later on.¶
When the server receives a valid Request message or a valid Solicit message with a Rapid Commit option, the server creates the bindings for that client according to the server's policy and configuration information and records the IAs and other information requested by the client.¶
The DHCPv6 server treats the SRv6 Locator as the prefix of prefix pool. Upon the receipt of the IA_SRV6_LOCATOR option, the server searches the SRv6 Locator prefix pool and allocates appropriate SRv6 Locators for the client.¶
If there is an assignable SRv6 Locator, the server creates the SRv6 Locator binding entry for that client according to the server's policy and configuration information and constructs a Reply message that includes an IA_SRV6_LOCATOR option with the SRv6 Locator information (including LB-Len, LN-Len, Fun-Len, and Arg-Len) assigned to the client.¶
The IA_SRV6_LOCATOR option is filled with the SRv6 Locator information assigned to the client. The IA_SRV6_LOCATOR option populates the SRv6 Locator block length, locator node length, function length, and arguments length.¶
Upon receiving a Release message from the client or when the SRv6 Locator lease expires, the server reclaims the SRv6 Locator prefix resource and deletes the corresponding binding entry.¶
For any IA_SRV6_LOCATOR option in the Request message to which the server cannot assign any SRv6 Locators, the server MUST return the IA_SRV6_LOCATOR option in the Reply message with no SRv6 Locator prefixes in the IA_SRV6_LOCATOR and with a Status Code option containing status code NoSRv6LocatorAvail in the IA_SRV6_LOCATOR.¶
After receiving a DHCP message with multiple IA_SRV6_LOCATOR options at the same time, whether the server can assign multiple SRv6 Locators to the client depends on the server policy, which is out of scope for this document. Note that the configuration behavior of the server and client SHOULD be consistent (e.g., "Clients and Servers SHOULD assign a single locator unless explicitly configured").¶
The allocation of SRv6 locators to clients that reside on a different link from the server requires a DHCPv6 relay agent. A DHCPv6 relay agent forwards messages containing IA_SRV6_LOCATOR options in the same way as it would relay addresses (i.e., per Sections 19.1.1 and 19.1.2 of [RFC9915]).¶
+-------------+ +------------+ +-------------+
+DHCPv6 Client+-------+DHCPv6 Relay+-------+DHCPv6 Server|
+-------------+ +------+-----+ +-------------+
|
|
+------+-----+
| Backbone |
| Network |
+------------+
Figure 5: SRv6 Locator Exchange Through DHCPv6 Relay
¶
This section describes the processing of SRv6 Locator routes.¶
As shown in Figure 5, when a DHCPv6 Relay or DHCPv6 Server receives an SRv6 Locator allocation request from a client, it MAY assign an SRv6 Locator to the client and install a corresponding SRv6 Locator route locally. The next hop of this route SHOULD point to the requesting client. Through this route, the DHCPv6 Relay or DHCPv6 Server can access the Host under the DHCPv6 Client, while the DHCPv6 Relay or DHCPv6 Server MAY then advertise this route via traditional routing protocols (e.g., an IGP) to allow other routers to learn it.¶
Upon receiving an SRv6 Locator release request from the client, the the DHCPv6 Relay or DHCPv6 Server MUST release the allocated SRv6 Locator, remove the local SRv6 Locator route, and withdraw the previously advertised SRv6 Locator route via traditional routing protocols.¶
DHCPv6 Client-------(DHCPv6 Relay/DHCPv6 Server)-------------Router
Alloc Locator --> Add SRv6 locator route
Advertise SRv6 Locator route -->
Release Locator--> Del SRv6 locator route
Withdraw SRv6 Locator route -->
Figure 6: Advertisement of SRv6 Locator Route
¶
This section outlines some operational considerations of assigning SRv6 Locators through DHCPv6.¶
The SRv6 Locator can be used to allocate SIDs with SR Endpoint Behaviors as defined in [RFC8986], and also to allocate SIDs with the NEXT and REPLACE flavors defined in [RFC9800]. Operators can allocate corresponding SIDs based on the LB and LN lengths of the SRv6 Locator, as well as local policies.¶
When processing the newly defined SRv6 Locator in this document, if an error occurs in packet processing, SRv6 Locator allocation fails, or lease aging is handled, the DHCPv6 Client and DHCPv6 Server SHOULD log or record these SRv6 Locators as required by local policy.¶
Section 4.4 of [RFC8987] provides necessary functional requirements for operating DHCPv6 relays with prefix delegation. These requirements also apply to the allocation of SRv6 Locators in DHCPv6 Relay scenarios.¶
Routing Stability as an Additional Operational Consideration. Network operators may advertise an aggregated route rather than individual prefixes in certain deployments to optimize Routing Information Base (RIB) performance. The withdrawal of specific routes triggered by address releases may lead to a reduction in advertised routes. An alternative approach is to implement a policy that governs this behavior. In such cases, delegating routers will discard packets destined for specific prefixes that are not "delegated" on the customer-facing interface.¶
[Note to the RFC Editor - remove this section before publication, as well as remove the reference to [RFC7942].¶
This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in [RFC7942]. The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist.¶
According to [RFC7942], "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit".¶
Organization: New H3C Technologies.¶
Implementation: H3C CR16000, CR19000 series routers implementation of Distribute SRv6 Locator by DHCP.¶
Description: All sections including all the "MUST" and "SHOULD" clauses have been implemented in above-mentioned New H3C Products(running Version 7.1.099 and above).¶
Maturity Level: Product¶
Coverage: All sections.¶
Version: Draft-04¶
Licensing: N/A¶
Implementation experience: Nothing specific.¶
Contact: linchangwang.04414@h3c.com¶
Last updated: October 22, 2024¶
Organization: Raisecom Corporation.¶
Implementation: Raisecom's RaizSec-VNF RaizSec-VNF Series SD-WAN Gateway implementation of Distribute SRv6 Locator by DHCP¶
Description: All sections including all the "MUST" and "SHOULD" clauses have been implemented in Raisecom RaizSec-VNF series SD- WAN Gateway.¶
Maturity Level: GA¶
Coverage: ALL¶
Version: Draft-04¶
Licensing: N/A¶
Implementation experience: Nothing specific.¶
Contact: jiarongbin@raisecom.com¶
Last updated: October 10, 2024¶
IANA through its early assignment policy assigned the following new DHCPv6 Option Codes in the "Option Codes" registry maintained at https://www.iana.org/assignments/dhcpv6-parameters.¶
+=======+========================+========+===========+===========+
| Value | Description | Client | Singleton | Reference |
| | | ORO | Option | |
+=======+========================+========+===========+===========+
| 149 | OPTION_IA_SRV6_LOCATOR | No | No | [ This |
| | | | | Document ]|
+-------+------------------------+--------+-----------+-----------+
| 150 | OPTION_IALOCATOR | No | No | [ This |
| | | | | Document ]|
+-------+------------------------+--------+-----------+-----------+
Table 1
¶
IANA is requested to assign a value for the following new DHCPv6 Status code in the registry maintained in http://www.iana.org/assignments/dhcpv6-parameters:¶
NoSRv6LocatorAvail (TBD)¶
See Section 22 of [RFC9915] and Section 23 of [RFC7227] for the DHCP security considerations. See [RFC8200] for the IPv6 security considerations.¶
As discussed in Section 22 of [RFC9915]: DHCP lacks end-to-end encryption between clients and servers; thus, hijacking, tampering, and eavesdropping attacks are all possible as a result.¶
In some network environments, it is possible to secure them, as discussed later in Section 22 of [RFC9915].¶
If not all parties use this mechanism to obtain an SRv6 Locator from the DHCPv6 server, there is the possibility of the same SRv6 Locator being used by more than one device. Note that this issue could exist on these networks even if DHCP were not used to obtain the SRv6 Locator. A potential mitigation is to partition the available address prefixes, ensuring that different allocation mechanisms draw from non-overlapping pools.¶
Server implementations SHOULD consider configuration options to limit the maximum number of SRv6 Locators to allocate (both in a single request and in total) to a client. However, note that this does not prevent a bad client actor from pretending to be many different clients and consuming all available SRv6 Locators.¶
The SR domain is a trusted domain, as defined in [RFC8402], Sections 2 and 8.2. Having such a well-defined trust boundary is necessary in order to operate SRv6-based services for internal traffic while preventing any external traffic from accessing or exploiting the SRv6-based services. Care and rigor in IPv6 address allocation for use for SRv6 SID allocations and network infrastructure addresses, as distinct from IPv6 addresses allocated for end users and systems (as illustrated in Section 5.1 of [RFC8754]), can provide the clear distinction between internal and external address space that is required to maintain the integrity and security of the SRv6 Domain.¶
When assigning SRv6 Locators to SRv6 Segment Endpoint Nodes using DHCPv6 as specified in this document, CPEs and BRAS devices MUST operate within a single trusted SR domain. As a border node device, the CPE MUST implement appropriate traffic filtering capabilities on both its internal and external interfaces, as required by Section 5.1 of [RFC8754].¶
The authors would like to thank Chongfeng Xie, Joel Halpern, Robert Raszuk, Aihua Liu, Cheng Li, Xuewei Wang, Hao Li, Junjie Wang, Mengxiao Chen, Fang Gao, Aijun Wang, Xinxin Yi, Shenchao Xu, Yisong Liu, Xueshun Wang, Min Xiao, Liyan Gong, Linda Dunbar, Quan Xiong, Adrian Farrel and Bernie Volz for their comments to this document.¶
Yuanxiang Qiu New H3C Technologies Email: qiuyuanxiang@h3c.com¶