The IPv6 Segment Endpoint
OptionJuniper Networks2251 Corporate Park DriveHerndon20171VirginiaUSArbonica@juniper.netEricssonP. O. Box 6049LeesburgVirginia20178USAjoel.halpern@ericsson.comReliance Jio3010 Gaylord PKWY, Suite 150FriscoTexas75034USANing.So@ril.comReliance Jio3010 Gaylord PKWY, Suite 150FriscoTexas75034USAFengman.Xu@ril.comBaiduNo.10 Xibeiwang East Road Haidian DistrictBeijing100193P.R. Chinaphdgang@gmail.comChina Telecom109 West Zhongshan Ave, Tianhe DistrictGuangzhouP.R. Chinazhuyq.gd@chinatelecom.cnChina Telecom109 West Zhongshan Ave, Tianhe DistrictGuangzhouP.R. Chinayanggm.gd@chinatelecom.cnByteDanceBuilding 1, AVIC Plaza, 43 N 3rd Ring W Rd Haidian
DistrictBeijing100000P.R. Chinayifeng.zhou@bytedance.com
INT Area
6manIPv6Destination OptionThis document defines the IPv6 Segment Endpoint Option. Source nodes
can use this option to convey internet-layer information to selected
segment endpoints along a packet's delivery path.IPv6 options convey optional
internet-layer information to selected nodes along a packets delivery
path. IPv6 options can be encoded as follows:In a Hop-by-hop Options header.In a Destination Options header that precedes a Routing
header.In a Destination Options header that precedes an upper-layer
header.If an option is encoded in a Hop-by-hop Options header, it
conveys information to every node along the packet's delivery path,
including the destination node. (See NOTE 1). If an option is encoded in
a Destination Options header that precedes a Routing header, it conveys
information to every segment endpoint along the packet's delivery path,
including the destination node. If an option is encoded in a Destination
Options header that precedes an upper-layer header, it conveys
information to the destination node only. (See Section 4.3.4 of )This document defines the IPv6 Segment Endpoint option. The IPv6
Segment Endpoint option provides a mechanism through which a source node
can convey optional internet-layer information to selected segment
endpoints. For example, assume that a packet's delivery path contains
three segments. The source node can use the Segment Endpoint option to
convey one piece of information to the first segment endpoint, another
piece of information to the second segment endpoint, and no information
to the third segment endpoint.NOTE 1: As per IPv6, it is now expected
that nodes along a packet's delivery path only examine and process the
Hop-by-Hop Options header if explicitly configured to do so.Segment Endpoint - A packet that contains a Routing header
traverses multiple segments. Each segment has an endpoint. The first
destination that appears in the IPv6 Destination Address identifies
the first segment endpoint. Subsequent destinations listed in the
Routing header identify subsequent segment endpoints. A packet that
does not contain a Routing Header traverses exactly one segment had
has exactly one segment endpoint (i.e., the packet's ultimate
destination).The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only
when, they appear in all capitals, as shown here.The Segment Endpoint option MAY appear in a Destination Options
header, regardless of whether that Destination Options header precedes a
Routing header or an upper-layer header. The Segment Endpoint option
MUST NOT appear in a Hop-by-hop Options header. depicts the Segment Endpoint option.Option Type - Segment Endpoint option. Value TBD by IANA. See
NOTE 1 and NOTE 2, below.Opt Data Len - 8-bit unsigned integer. Length of the Option Data
field, in octets.Option Data - See .Option Data contains the following fields:Segments Left - 8-bit unsigned integer. Number of route segments
remaining. If the packet also contains a Routing header, this value
MUST be identical to the value of the Segments Left field in the
Routing heder. See .Containers - 8-bit unsigned integer. The number of containers in
the Container List.Container List - A list of Containers.Each element of Container List contains the following fields:Segment ID - 8-bit unsigned integer. Identifies the segment that
should process the IPv6 Option contained by this container. See
.IPv6 Options - Any IPv6 Options
except for the Segment Endpoint Option.Within a Container list, Containers MUST be sorted in descending
order by Segment ID. A Segment ID MUST NOT appear more than once in the
Container list.NOTE 1: The highest-order two bits of the Option Type (i.e., the
"act" bits) are 10. These bits specify the action taken by a destination
node that does not recognize Segment Endpoint option. The required
action is to discard the packet and send an ICMPv6 Parameter Problem, Code 2, message to
the packet's Source Address, pointing to the Segment Endpoint option
Type.NOTE 2: The third highest-order bit of the Option Type (i.e., the
"chg" bit) is 1. This indicates that Option Data can be modified along
the path between the packet's source and its destination.If the option appears in a Hop-by-hop Options header, the processing
node discards the packet and sends an ICMPv6 Parameter Problem, Code 2, message to the
packet's Source Address, pointing to the Segment Endpoint option
Type.If the option appears in a Destination Options header, the processing
node locates the following fields in Option Data:Segments Left.Containers.Container List.It then processes each member of the Container List as follows:Locate the Segment ID and IPv6 Option field in the container.If Segments Left less than the Segment ID, skip over the
container.If Segments Left equals the Segment ID, and the IPv6 Option is a
Segment Endpoint option, skip over the container.If Segments Left equals the Segment ID, and the IPv6 Option is
not a Segment Endpoint option, process the IPv6 Option as per .If Segments Left is greater than Segment ID, skip over all
remaining members of the Container List.Finally, decrement the Segment ID field and process the next
option or header.The Segments Left field of the Segment Endpoint option is mutable.
Intermediate nodes MAY change the value of this field.All other fields in the Segment Endpoint option are immutable.
Intermediate nodes MUST NOT change the values of these fields.The Segment Endpoint Option shares many security concerns with IPv6
routing headers. In particular, any boundary filtering protecting a
domain from external routing headers should also protect against
external Segment Endpoint Options being processed inside a domain. This
occurs naturally if encapsulation is used to add routing headers to a
packet. If external routing headers are allowed, then protections must
also include ensuring that any provided Segment Endpoint option before
the routing header is properly protect, e.g. with an IPSEC AH header or
other suitable means.As with Routing headers, the security assumption within a domain is
that the domain is trusted to provide, and to avoid improperly
modifying, the Segment Endpoint Option.IANA is requested to allocate a codepoint from the Destination
Options and Hop-by-hop Options registry
(https://www.iana.org/assignments/ipv6-parameters/ipv6-parameters.xhtml#ipv6-parameters-2).
This option is called "Segment Endpoint". The "act" bits are 10 and the
"chg" bit is 1.Thanks to Fred Baker and Shizhang Bi for their careful review of this
document."Destination Options and Hop-by-Hop Options"IANA