SPRING W. Cheng Internet Draft R. Han Intended status: Standards Track China Mobile Expires: February 10, 2024 C. Lin Y. Qiu New H3C Technologies G. Zhang China Mobile August 10, 2023 Distribute SRv6 Locator by DHCP draft-cheng-spring-distribute-srv6-locator-by-dhcp-02 Abstract In a SRv6 network, each SRv6 Segment Endpoint Node must be assigned a locator, and segment IDs are generated within the address space of this locator. This document describes a method for assigning locators to SRv6 Segment Endpoint Nodes through DHCPv6. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html This Internet-Draft will expire on February 10, 2024. Cheng, et al. Expire February,2024 [Page 1] Internet-Draft Distribute SRv6 Locator by DHCP August 2023 Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Cheng, et al. Expires February,2024 [Page 2] Internet-Draft Distribute SRv6 Locator by DHCP August 2023 Table of Contents 1. Introduction...................................................4 1.1. Requirements Language.....................................4 2. Terminology....................................................4 3. Scenario for Locator...........................................5 4. DHCPv6 extension...............................................6 4.1. Identity Association for SRv6 Locator Option..............6 4.2. IA SRv6 Locator Option....................................9 5. Process of Assigning Locator..................................11 5.1.1. DHCP Client Behavior................................11 5.1.2. DHCP Server Behavior................................12 5.1.3. DHCP Relay Agent Behavior...........................13 6. IANA Considerations...........................................14 7. Security Considerations.......................................14 8. Acknowledgements..............................................15 9. References....................................................15 9.1. Normative References.....................................15 Authors' Addresses...............................................16 Cheng, et al. Expires February,2024 [Page 3] Internet-Draft Distribute SRv6 Locator by DHCP August 2023 1. Introduction Segment Routing (SR) [RFC8402] allows a node to steer a packet flow along any path. The headend is a node where the instructions for source routing (i.e., segments) are written into the packet. It hence becomes the starting node for a specific segment routing path. Intermediate per-path states are eliminated thanks to source routing. A Segment Routing Policy (SR Policy) [RFC8402] is an ordered list of segments (i.e., instructions) that represent a source-routed policy. The headend node is said to steer a flow into an SR Policy. The packets steered into an SR Policy have an ordered list of segments associated with that SR Policy written into them. When implementing SRv6, each SRv6 Segment Endpoint Node should be assigned a unique IPv6 prefix, known as a locator. The locator serves as the endpoint's identity and can be distributed to other IPv6 nodes within the SRv6 domain through IGP advertisement. This allows other nodes to learn the locator route. The SRv6 Segment Endpoint Node then allocates SIDs with various behaviors based on its locator. CPE devices often do not support IGP protocol, which makes it impossible to advertise locator routes for SRv6 Segment Endpoint Nodes through IGP. In such scenarios, SIDs can only be configured manually on CPEs, and Locator routes can only be statically distributed. To address this issue, this document proposes a method of dynamically assigning locators to SRv6 Segment Endpoint Nodes through DHCPv6. It follows the existing process of DHCPv6, simplifying the allocation of locators and route distribution. 1.1. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2. Terminology This document leverages the terms defined in [RFC8415] and [RFC8986]. The reader is assumed to be familiar with this terminology. This document introduces the following new terms: Cheng, et al. Expires February,2024 [Page 4] Internet-Draft Distribute SRv6 Locator by DHCP August 2023 IA_SRV6_LOCATOR: Identity Association for SRv6 Locator, an IA that carries delegated SRv6 locator prefixes. See Section 4.1 for detail on the IA_SRV6_LOCATOR option. 3. Scenario for Locator Telecom providers can use its IP Metro and Backbone networks to establish connectivity between access users who are located in different regions. As shown in Figure 1, in the IP backbone network, access network devices (CPE) are deployed for access users in different regions.This deployment assumes that all of the relevant components in Figure 1 are part of a single trusted SR domain. The CPE must be operator-managed and is only applicable when different arms of the same company operate their portions of the network separately, but must trust each other. Metropolitan area network +---------------------------+ | | +------+ +------+ | +-----+ +------+ | |Host1 +-----+ CPE1 +----+--+BRAS1+--------+ CR1 | | +------+ +------+ | +-----+ +---+--+ | | | | +---------------------+-----+ | +--------+-------------+ | | | Backbone Network | | | +--------+-------------+ | +---------------------+-----+ | | | +------+ +------+ | +-----+ +--+---+ | |Host2 +-----+ CPE2 +----+--+BRAS2+---------+ CR2 | | +------+ +------+ | +-----+ +------+ | +---------------------------+ Figure 1: Telecom IPv6 Network CPEs for access users are connected to the local MAN in various ways. CPEs are responsible for assigning addresses to access users, so CPEs apply for DHCPv6 PD from DHCPv6 server. DHCPv6 server is usually enabled on BRAS. Cheng, et al. Expires February,2024 [Page 5] Internet-Draft Distribute SRv6 Locator by DHCP August 2023 After the DHCPv6 server allocates PD, BRAS will add a network route corresponding to PD to local routing table and distribute the network route to the upstream routers. In this network, operators hope to achieve interconnection between access users through End-to-End SRv6 tunnels. Taking the traffic from Host1 to Host2 as an example, CPE1 is the SRv6 ingress node and CPE2 is the SRv6 egress node. To deploy SRv6 tunnels, an SRv6 locator should be configured on the CPE to uniquely identify the CPE. Other devices learn the locator route of the CPE. However, due to the following reasons, it is difficult to achieve these requirements currently. * The configuration is very complex. In Metro network, the number of CPEs is very large and widely distributed geographically. Moreover, the mobility requirements of CPE are relatively high, and the access location of the same CPE often changes, so the IPv6 address of CPE cannot be fixed. At present, SRv6 locator can only be configured on each CPE through the controller or CLI, which increases the configuration complexity. * Locator routes cannot be dynamically distributed. CPE can be connected to the BRAS of local MAN through various types of networks, such as leased line, optical fiber, etc. Due to the diversity of connections, IGP is usually only enabled within the MAN, that is, IGP will not be deployed between CPE and BRAS. As a result, the locator route of CPE could not be distributed to the BRAS node through IGP, and the static route can only be configured manually on the BRAS or the controller. However, CPE and BRAS often belong to different administration domains. Configuring routes to CPE on BRAS increases the cost and workload of communication and coordination. To solve these difficulties this document proposes a method to allocate SRv6 locators to CPE through DHCPv6 and distribute locator routes by using the workflow of DHCPv6. 4. DHCPv6 extension 4.1. Identity Association for SRv6 Locator Option The Identify Association for SRv6 Locator (IA_SRV6_LOCATOR) option is used to carry an IA_SRV6_LOCATOR, the parameters associated with Cheng, et al. Expires February,2024 [Page 6] Internet-Draft Distribute SRv6 Locator by DHCP August 2023 the IA_SRV6_LOCATOR, and the SRv6 locator associated with the IA_SRV6_LOCATOR. The format of the IA_SRV6_LOCATOR option is: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OPTION_IA_SRV6_LOCATOR | Option-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IAID (4 octets) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | T1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | T2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . IA_SRV6_LOCATOR-options . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2: Identify Association for SRv6 Locator Option Format Where: - Option-code: OPTION_IA_SRV6_LOCATOR (TBD). - Option-len: 12 + length of IA_SRV6_LOCATOR-options field. - IAID: The unique identifier for this IA_SRV6_LOCATOR. The IAID must be unique among the identifiers for all of this client's IA_SRV6_LOCATORs. The number space for IA_SRV6_LOCATOR IAIDs is separate from the number space for other IA option types (i.e., IA_TA, IA_NA and IA_PD). A 4-octet field containing an unsigned integer. - T1: The time interval after which the client should contact the server from which the SRv6 locator in the IA_SRV6_LOCATOR were obtained to extend the lifetimes of the SRv6 locators to the IA_SRV6_LOCATOR; T1 is a time duration relative to the message reception time expressed in units of seconds. A 4-octet field containing an unsigned integer. - T2: The time interval after which the client should contact any available server to extend the lifetimes of the SRv6 locators assigned to the IA_SRV6_LOCATOR; T2 is a time duration relative to Cheng, et al. Expires February,2024 [Page 7] Internet-Draft Distribute SRv6 Locator by DHCP August 2023 the message reception time expressed in units of seconds. A 4-octet field containing an unsigned integer. - IA_SRV6_LOCATOR-options: Options associated with this IA_SRV6_LOCATOR. A variable-length field (12 octets less than the value in the Option-len field). The IA_SRV6_LOCATOR-options field encapsulates those options that are specific to this IA_SRV6_LOCATOR. For example, all of the IA SRv6 Locator options (see Section 4.2) carrying the SRv6 locators associated with this IA_SRV6_LOCATOR are in the IA_SRV6_LOCATOR- options field. An IA_SRV6_LOCATOR option may only appear in the options area of a DHCP message. A DHCP message may contain multiple IA_SRV6_LOCATOR options (though each must have a unique IAID). The status of any operations involving this IA_SRV6_LOCATOR is indicated in a Status Code option (see Section 21.13 of [RFC8415]) in the IA_SRV6_LOCATOR-options field. Note that an IA_SRV6_LOCATOR has no explicit "lifetime" or "lease length" of its own. When the valid lifetimes of all of the SRv6 locators in an IA_SRV6_LOCATOR have expired, the IA_SRV6_LOCATOR can be considered as having expired. T1 and T2 fields are included to give the server explicit control over when a client should contact the server about a specific IA_SRV6_LOCATOR. In a message sent by a client to a server, the T1 and T2 fields SHOULD be set to 0. The server MUST ignore any values in these fields in messages received from a client. In a message sent by a server to a client, the client MUST use the values in the T1 and T2 fields for the T1 and T2 timers, unless values in those fields are 0. The values in the T1 and T2 fields are the number of seconds until T1 and T2. The server selects the T1 and T2 times to allow the client to extend the lifetimes of any SRv6 locators in the IA_SRV6_LOCATOR before the lifetimes expire, even if the server is unavailable for some short period of time. Recommended values for T1 and T2 are 0.5 and 0.8 times the shortest preferred lifetime of the SRv6 locators in the IA_SRV6_LOCATOR that the server is willing to extend, respectively. If the time at which the SRv6 locators in an IA_SRV6_LOCATOR are to be renewed is to be left to the discretion of the client, the server sets T1 and T2 to 0. The client MUST follow the rules defined in Section 14.2 of [RFC8415]. Cheng, et al. Expires February,2024 [Page 8] Internet-Draft Distribute SRv6 Locator by DHCP August 2023 If a client receives an IA_SRV6_LOCATOR with T1 greater than T2 and both T1 and T2 are greater than 0, the client discards the IA_SRV6_LOCATOR option and processes the remainder of the message as though the server had not included the IA_SRV6_LOCATOR option. If the device does not support IA_SRV6_LOCATOR, this IA_SRV6_LOCATOR option should be ignored. 4.2. IA SRv6 Locator Option The IA SRv6 Locator option is used to specify a SRv6 locator associated with an IA_SRV6_LOCATOR. The IA SRv6 Locator option must be encapsulated in the IA_SRV6_LOCATOR-options field of an IA_SRV6_LOCATOR option (see Section 4.1). The terms Locator Block and Locator Node correspond to the B and N parts, respectively, of the SRv6 Locator that is defined in Section 3.1 of [RFC8986]. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OPTION_IALOCATOR | Option-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Preferred-lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Valid-lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LOC-len | Func-len | Args-len | LB-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | | | SRv6-Locator | | (16 octets) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . IALocator-options . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 3: IA SRv6 Locator Option Format Where: - Option-code: OPTION_IALOCATOR (TBD). - Option-len: 28 + length of IALocator-options field. - Preferred-lifetime: The preferred lifetime for the SRv6 locator in the option, expressed in units of seconds. A value of 0xffffffff represents "infinity" (see Section 7.7 of [RFC8415]). A 4-octet field containing an unsigned integer. Cheng, et al. Expires February,2024 [Page 9] Internet-Draft Distribute SRv6 Locator by DHCP August 2023 - Valid-lifetime: The valid lifetime for the SRv6 locator in the option, expressed in units of seconds. A value of 0xffffffff represents "infinity". A 4-octet field containing an unsigned integer. - LOC-len: The locator (LOC) length of SRv6 SID in bits. A 1-octet unsigned integer. - Func-len: The function (FUNCT) length of SRv6 SID in bits. A 1- octet unsigned integer. - Args-len: The arguments (ARG) length of SRv6 SID in bits. A 1- octet unsigned integer. - LB-len: The Locator Block length of SRv6 SID in bits. A 1-octet unsigned integer. - SRv6-locator: A SRv6 locator prefix. A 16-octet field. - IALocator-options: Options associated with this SRv6 locator. A variable-length field (28 octets less than the value in the Option- len field). For compressible SID, the length of Locator Node is LOC-len minus LB-len. In a message sent by a client to a server, the preferred-lifetime and valid-lifetime fields SHOULD be set to 0. The server MUST ignore any received values in these lifetime fields. The client SHOULD NOT send an IA SRv6 Locator option with 0 in the "LOC-len" field (and an unspecified value (::) in the "SRv6-Locator" field). A client MAY send a non-zero value in the "LOC-len" field and the unspecified value (::) in the "SRv6-Locator" field to indicate a preference for the size of the SRv6 locator to be delegated. The LOC-len hint of IA_SRV6_LOCATOR is the same as prefix-length hint of IA_PD. For further details on LOC-len hints, see [RFC8168]. The client MUST discard any SRv6 locators for which the preferred lifetime is greater than the valid lifetime. The values in the preferred-lifetime and valid-lifetime fields are the number of seconds remaining in each lifetime. For more details on how these values are used to assign locators, see section 18.2.10.1 of [RFC8415], which is the same as prefix delegation. Cheng, et al. Expires February,2024 [Page 10] Internet-Draft Distribute SRv6 Locator by DHCP August 2023 As per Section 7.7 of [RFC8415], the value of 0xffffffff for the preferred lifetime or the valid lifetime is taken to mean "infinity" and should be used carefully. An IA SRv6 Locator option may appear only in an IA_SRV6_LOCATOR option. More than one IA SRv6 Locator option can appear in a single IA_SRV6_LOCATOR option. The status of any operations involving this IA SRv6 Locator option is indicated in a Status Code option (see Section 21.13 of [RFC8415]) in the IALocator-options field. 5. Process of Assigning Locator This document assumes that a client SHOULD use a single transaction for all of the IA options required on an interface. This simplifies the client implementation and reduces the potential number of transactions required (for the background on this design choice, refer to Section 4 of [RFC7550]). If a client requests multiple IA option types, follow [RFC7550]. 5.1.1. DHCP Client Behavior A client uses the Solicit message to discover DHCPv6 servers configured to assign leases or return other configuration parameters on the link to which the client is attached. A client uses Request, Renew, Rebind and Release messages during the normal lifecycle of addresses and delegated prefixes. The process of applying for SRv6 locator is the same as that of applying for PD. When applying for SRv6 locator, the DHCPv6 client sends a request message carrying the IA_SRV6_LOCATOR option to the DHCPv6 server. Upon the receipt of a valid reply message with IA_SRV6_LOCATOR option in response to a Solicit with a Rapid Commit option, Request, Confirm, Renew, or Rebind message, the client SHOULD process the Reply message according to the requirements of Section 18.2 of [RFC8415], and configure the delegated locator in the client device automatically. When the client uses a delegated locator prefix to configure SRv6 locator locally, the preferred and valid lifetimes of those locators MUST be no longer than the remaining preferred and valid lifetimes respectively for the delegated SRv6 locator at any time. Cheng, et al. Expires February,2024 [Page 11] Internet-Draft Distribute SRv6 Locator by DHCP August 2023 To extend the preferred and valid lifetimes for the leases assigned to the IAs and obtain new delegated SRv6 locators for IAs, the client sends a Renew/Rebind message to the server with IA_SRV6_LOCATOR option. When the valid lifetime of the SRv6 locator expires, or the new lifetime replied by the server is 0, delete the corresponding SRv6 locator. If the client no longer uses the delegated SRv6 locator, the client can actively send a Release message to notify the server to reclaim locator prefixes and delete the corresponding SRv6 locator. The client MUST include options containing the IAs for the locators it is releasing in the IA_SRV6_LOCATOR-options of IA_SRV6_LOCATOR option. A client can explicitly request multiple SRv6 Locator prefixes by sending multiple IA_SRV6_LOCATOR options. A client can send multiple IA_SRV6_LOCATOR options in its initial transmissions. Alternatively, it can send an extra Request message with additional new IA_SRV6_LOCATOR options (or include them in a Renew message). In principle, DHCP allows a client to request new Locator prefixes to be delegated by sending additional new IA_SRV6_LOCATOR options. However, a typical operator usually prefers to delegate a single, larger prefix. In most deployments, it is recommended that the client request a larger Locator prefix in its initial transmissions rather than request additional Locator prefixes later on. 5.1.2. DHCP Server Behavior As described in [RFC8415], when the server receives a valid Request message or a valid Solicit message with a Rapid Commit option, the server creates the bindings for that client according to the server's policy and configuration information and records the IAs and other information requested by the client. The DHCPv6 server treats the locator as the prefix of prefix pool, which is similar to the prefix allocation process. Upon the receipt of the IA_SRV6_LOCATOR option, the server searches locator prefix pool and allocates appropriate locators for the client. If there is an assignable locator prefix, the server records the locator binding entry and encapsulates the locator information into the DHCPv6 Reply message. The IA_SRV6_LOCATOR option fills with the locator prefix information assigned to the client. The IA SRv6 Locator option populates the SRv6 locator length, function length, arguments length and Locator Block length of SRv6 SID specified by the DHCPv6 server. Cheng, et al. Expires February,2024 [Page 12] Internet-Draft Distribute SRv6 Locator by DHCP August 2023 For the scenario described in Section 2 where the BRAS device acts as a DHCPv6 server, after the locator is successfully delegated, the server generates a locator subnet route locally, and the outgoing interface of the route is the access interface connecting the client. Upon receiving the Release message from the client or when the locator lease expires, the server reclaims the locator prefix resource and deletes the locator binding entry. If the BRAS device acts as a DHCPv6 server, the server also SHOULD delete the corresponding locator subnet route locally. For any IA_SRV6_LOCATOR option in the request message to which the server cannot assign any delegated SRv6 locator prefixes, the server MUST return the IA_SRV6_LOCATOR option in the Reply message with no prefixes in the IA_SRV6_LOCATOR and with a Status Code option containing status code NoPrefixAvail in the IA_SRV6_LOCATOR. After receiving a DHCP message with multiple IA_SRV6_LOCATOR options at the same time, whether the server can assign multiple SRv6 Locator prefixes to the client depends on the server policy, which is out of scope for this document. 5.1.3. DHCP Relay Agent Behavior For the scenario described in Section 2, if an external DHCPv6 server is deployed to allocate locators, the DHCPv6 relay agent service needs to be enabled on the layer 3 network nodes close to CPE. As shown in the figure below, the DHCP relay function is enabled on the router directly connected to CPE. This deployment assumes that all of the relevant components in Figure 4 are part of a single trusted SR domain. DHCP Relay +------+ +------+ +------+ +-----+ | Host +-----+ CPE +-------+Router+------+ BRAS| +------+ +------+ +------+ +--+--+ | | +------+-----+ | Backbone | | Network | +------------+ Figure 4: CPE accessed through DHCP relay When the first hop DHCPv6 relay agent device connected to the DHCPv6 PD client receives DHCPv6 Relay-reply messages, it extracts the IA_SRV6_LOCATOR option from the Relay Message option, and obtains the locator delegated by the DHCPv6 server according to IA SRv6 Cheng, et al. Expires February,2024 [Page 13] Internet-Draft Distribute SRv6 Locator by DHCP August 2023 Locator option. The first DHCPv6 relay agent needs to record the locator delegated by the DHCPv6 server, including locator information, lifetime, etc. and generates locator route locally. The outgoing interface of the route is the access interface connecting the client. After receiving the DHCPv6 message releasing the locator prefix from the client or the valid lifetime of Locator prefix expires, the first DHCPv6 relay agent device SHOULD delete the locator route locally. 6. IANA Considerations IANA is kindly requested to assign new values for OPTION_IA_SRV6_LOCATOR (TBD) and OPTION_IALOCATOR (TBD) and add the values to the DHCPv6 Option Codes registry maintained at http://www.iana.org/assignments/dhcpv6-parameters. +=======+========================+========+===========+===========+ | Value | Description | Client | Singleton | Reference | | | | ORO | Option | | +=======+========================+========+===========+===========+ | TBA1 | OPTION_IA_SRV6_LOCATOR | NO | No | [ This | | | | | | Document ]| +-------+------------------------+--------+-----------+-----------+ | TBA2 | OPTION_IALOCATOR | NO | No | [ This | | | | | | Document ]| +-------+------------------------+--------+-----------+-----------+ Table 1 7. Security Considerations See [RFC8415] for the DHCPv6 security considerations. The SR domain is a trusted domain, as defined in [RFC8402], Sections 2 and 8.2. Having such a well-defined trust boundary is necessary in order to operate SRv6-based services for internal traffic while preventing any external traffic from accessing or exploiting the SRv6-based services. Care and rigor in IPv6 address allocation for use for SRv6 SID allocations and network infrastructure addresses, as distinct from IPv6 addresses allocated for end users and systems (as illustrated in Section 5.1 of [RFC8754]), can provide the clear distinction between internal and external address space that is required to maintain the integrity and security of the SRv6 Domain. When using the method defined in this document to assign locators to SRv6 Segment Endpoint Nodes through DHCPv6, it is important to Cheng, et al. Expires February,2024 [Page 14] Internet-Draft Distribute SRv6 Locator by DHCP August 2023 ensure that CPEs and BRAS devices operate within a single trusted SR domain. 8. Acknowledgements The authors would like to thank Chongfeng Xie, Joel Halpern, Robert Raszuk, Aihua Liu, Cheng Li, Xuewei Wang, Hao Li, Junjie Wang, Mengxiao Chen, Fang Gao, Aijun Wang, Xinxin Yi, Shenchao Xu, Yisong Liu, Xueshun Wang and Liyan Gong for their comments to this document. 9. References 9.1. Normative References [RFC7550] Troan, O., Volz, B., Siodelski, M., "Issues and Recommendations with Multiple Stateful DHCPv6 Options", RFC 7550, DOI 10.17487/RFC7550, May 2015, . [RFC8168] Li, T., Liu, C., Cui, Y., "DHCPv6 Prefix-Length Hint Issues", RFC 8168, DOI 10.17487/RFC8168, May 2017, . [RFC8402] Filsfils, C., Ed., Previdi, S., Ed., Ginsberg, L., Decraene, B., Litkowski, S., and R. Shakir, "SegmentRouting Architecture", RFC 8402, DOI 10.17487/RFC8402,July 2018, . [RFC8415] Mrugalski, T., Siodelski, M ., Volz, B., Yourtchenko, A., Richardson, M., Jiang, S., Lemon, T., and Winters, T., "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", RFC 8415, DOI 10.17487/RFC8415, November 2018, . [RFC8986] Filsfils, C., Ed., Camarillo, P., Ed., Leddy, J., Voyer, D., Matsushima, S., and Z. Li, "Segment Routing over IPv6 (SRv6) Network Programming", RFC 8986, DOI 10.17487/RFC8986, February 2021, . Cheng, et al. Expires February,2024 [Page 15] Internet-Draft Distribute SRv6 Locator by DHCP August 2023 Authors' Addresses Weiqiang Cheng China Mobile Email: chengweiqiang@chinamobile.com Ruibo Han China Mobile Email: hanruibo@chinamobile.com Changwang Lin New H3C Technologies Email: linchangwang.04414@h3c.com Yuanxiang Qiu New H3C Technologies Email: qiuyuanxiang@h3c.com Geng Zhang China Mobile Email: zhanggeng@chinamobile.com Cheng, et al. Expires February,2024 [Page 16]