Segment routing is a new Working Group at the IETF, its goal is to make traffic engineering more scalable by removing state on the service providers core routers. There are two flavors of segment routing: one for MPLS and one for IPv6. The IPv6 segment routing uses a new version of the routing header which of course raises security concerns. The talk will briefly explain how segment routing for IPv6 works, why Routing Header type 0 was deprecated by the IETF with RFC 5095, why other types of routing header are safe for use. Then, the security aspect of segment routing for IPv6 will be detailed.
Eric Vyncke is a Distinguished Engineer based in the Brussels office of Cisco Systems. His main current technical focus is about security and IPv6. He has designed several secured large IPsec networks and other security related designs. In his work for the IETF, he co-authored RFC 3585, 5514, 7381 and 7404 and is active in V6OPS, 6MAN and OPSEC working groups. His recent works are related to IPv6 including co-authoring a book on IPv6 Security; he also authored a book on layer-2 security. Eric is the current co-chair of the Belgian IPv6 Council. www.vyncke.org/ipv6status is well-known for several years to collect statistics about IPv6 deployment. He is also a visiting professor for security topics at the University of Mons. He is an adjunct professor at HEC, the business school of University of Liège, Belgium. He holds a CISSP certification, is a member of ISSA and speaks frequently at international conferences. He’s presented at Troopers several times, like in 2015 on Segment Routing.
Twitter: @evyncke