| Internet-Draft | SRv6 BSID with Notification Relay | July 2026 |
| Liu | Expires 4 January 2027 | [Page] |
This document defines a new SRv6 Endpoint behavior, End.B6.Encaps.Relay, for Binding SID (BSID) nodes in SRv6 networks. The behavior enables BSID nodes to relay tunnel-internal notification messages, such as ICMPv6 errors and congestion notifications, back to the upstream tunnel source node through a mapping mechanism.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 4 January 2027.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The Segment Routing (SR) Architecture [RFC8402] specifies a mechanism to steer packets through an ordered list of segments. As in [RFC8402], the Binding SID (BSID) is bound to an SR Policy, instantiation of which may involve a list of SIDs.¶
[RFC8986] defines the SRv6 Network Programming concept and specifies the base set of SRv6 behaviors. In [RFC8986], End.B6.Encaps and End.B6.Encaps.Red are defined as instantiations of a Binding SID. When a node (BSID node) receives a packet whose destination address matches a local BSID, it encapsulates the packet with a new outer IPv6 header and an optional Segment Routing Header (SRH), and then forwards the packet to the SRv6 policy associated with that BSID.¶
According to [RFC2473], the tunnel entry-point node MUST use one of its own routable IPv6 addresses as the source address of the outer IPv6 header. Since the BSID behavior is essentially a form of IPv6-in-IPv6 tunneling, it MUST also comply with this general requirement of [RFC2473]. This means that the BSID node, acting as the tunnel entry-point, MUST set the source address of the newly encapsulated outer IPv6 header to an IPv6 address that belongs to itself.¶
In SRv6 tunneling scenarios, various types of tunnel-internal notification messages may be generated by nodes inside the tunnel and need to be delivered to the source of the original packet. Examples of such messages include:¶
For ICMP error messages, [RFC2473] defines a relay procedure. When an error occurs inside a tunnel, the ICMP error message is first sent to the tunnel entry-point node (since the entry-point is the source of the outer IPv6 header). Upon receiving the ICMP error, the tunnel entry-point node extracts the invoking packet from the ICMP payload, decapsulates it to retrieve the original packet, and then relays a new ICMP error message to the original source address extracted from the original packet. However, in SRv6 networks, the ICMPv6 error message may contain both outer tunnel IPv6 extension headers (e.g., SRH, Hop-by-Hop Options, Destination Options) as well as inner IPv6 extension headers of the original packet. The relay approach in [RFC2473] may be unsuitable in some scenarios:¶
For network congestion notification messages, similar challenges exist:¶
To address the above issues, this document defines a new SRv6 behavior to be used on the BSID node. This behavior enables the BSID node to relay ICMPv6 error messages and other tunnel-internal notification messages to the original source node of the SR path.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document uses the terminology from [RFC8402], [RFC8754], and [RFC8986]. In particular:¶
This document defines the following new term:¶
In this section, a new SRv6 Endpoint Behavior is proposed for SRv6 based notification relay in nested tunnel scenarios.¶
The "Endpoint Bound to an SRv6 Policy with Notification Relay" behavior ("End.B6.Encaps.Relay" for short) is a variant of the End.B6.Encaps behavior as defined in [RFC8986]. Its main use is to enable the BSID node to relay tunnel-internal notification messages (e.g., ICMPv6 errors, congestion notifications, or other notification messages) to the upstream tunnel source node.¶
The End.B6.Encaps.Relay behavior addresses the notification return path breakage issue in nested SRv6 tunnels, where the standard End.B6.Encaps behavior overwrites the outer IPv6 source address and consequently prevents downstream tunnel-internal notification messages from reaching the original source. By maintaining a local mapping between a dynamically allocated argument and the upstream source address, the End.B6.Encaps.Relay behavior ensures that tunnel-internal notification messages can be relayed back to the original source through layer-by-layer relay.¶
Any SID instance of this behavior is associated with an SR Policy B and a source address A. The SID follows the LOC:FUNCT:ARG format as defined in [RFC8986]. The ARG field serves as a dynamically allocated session identifier that uniquely identifies each encapsulation session.¶
When N receives a packet whose IPv6 DA is S and S is a local End.B6.Encaps.Relay SID, N does the following:¶
S01. When an SRH is processed {
S02. If (Segments Left == 0) {
S03. Stop processing the SRH, and proceed to process the next
header in the packet, whose type is identified by
the Next Header field in the routing header.
S04. }
S05. If (IPv6 Hop Limit <= 1) {
S06. Send an ICMP Time Exceeded message to the Source Address
with Code 0 (Hop limit exceeded in transit),
interrupt packet processing, and discard the packet.
S07. }
S08. max_LE = (Hdr Ext Len / 2) - 1
S09. If ((Last Entry > max_LE) or (Segments Left > Last Entry+1)) {
S10. Send an ICMP Parameter Problem to the Source Address
with Code 0 (Erroneous header field encountered)
and Pointer set to the Segments Left field,
interrupt packet processing, and discard the packet.
S11. }
S12. }
S13. If (ARG == 0) {
S14. Record the source address of the received IPv6 header as ORIG_SA.
S15. If (local relay table does NOT contain ORIG_SA) {
S16. Allocate a new ARG value, NEW_ARG.
S17. Create a mapping entry (NEW_ARG -> ORIG_SA) in the local
relay table.
S18. } Else {
S19. Retrieve NEW_ARG associated with ORIG_SA from the local
relay table.
S20. }
S21. Push a new IPv6 header with its own SRH containing B.
S22. Update the ARG field of N to NEW_ARG, and set it as the outer
IPv6 SA.
S23. Set the outer IPv6 DA to the first SID of B.
S24. Set the outer Payload Length, Traffic Class, Flow Label,
Hop Limit, and Next Header fields per [RFC2473] and
[RFC6437].
S25. Submit the packet to the egress IPv6 FIB lookup for
transmission.
S26. }
S27. If (ARG != 0) {
S28. If (local relay table does not contain this ARG) {
S29. Interrupt packet processing and discard the packet.
S30. }
S31. Retrieve ORIG_SA from the local relay table using the ARG.
S32. If (the received packet is a message that needs to be relayed) {
S33. Decapsulate the received packet and push a new IPv6 header.
S34. Set the IPv6 SA of the resulting packet to A.
S35. Set the IPv6 DA to ORIG_SA.
S36. Set the outer Payload Length, Traffic Class, Flow Label,
Hop Limit, and Next Header fields per [RFC2473] and
[RFC6437].
S37. Submit the packet to the egress IPv6 FIB lookup for
transmission.
S38. } Else {
S39. Process the packet locally.
S40. }
S41. }
¶
End.B6.Encaps.Relay SIDs MAY be allocated by the network nodes and announced to the network controller with the information of the ARG length using IGP [RFC1195] [RFC2328] or BGP-LS [RFC9552]. Alternatively, End.B6.Encaps.Relay SIDs MAY be assigned by a centralized network controller and advertised to the network nodes through Netconf/YANG [RFC6241] [RFC6020], BGP [RFC4271], or PCEP [RFC5440].¶
With the information of End.B6.Encaps.Relay SIDs, the network controller or headend nodes could use End.B6.Encaps.Relay SIDs together with other types of SRv6 SIDs to build SRv6 SID lists that support reliable notification message relay in nested tunnel scenarios.¶
This section provides an application example of the End.B6.Encaps.Relay behavior defined in Section 3. It shows how the behavior enables relay of ICMPv6 error messages generated inside a BSID tunnel back to the original headend of the SR Policy including this BSID.¶
The reference topology is shown in Figure 1, where:¶
+---+ +---+ +---+ +---+ +---+ +---+ |PE1|--|R1 |--|T1 |--|R2 |--|R3 |--|PE2| +---+ +---+ +---+ +---+ +---+ +---+ | | +---+ +---+ |CE1| |CE2| +---+ +---+
Step 1: Encapsulation at PE1¶
Step 2: End.B6.Encaps.Relay Processing¶
Step 3: ICMP Error Generation inside BSID Tunnel¶
Step 4: ICMP Error Relay at T1¶
The End.B6.Encaps.Relay behavior relies on a local mapping table that stores associations between dynamically allocated ARG values and the upstream source addresses. To prevent unbounded growth of the mapping table, an implementation SHOULD provide mechanisms for managing table entries.¶
An implementation MAY support a configurable timer for each mapping entry. When a mapping entry remains inactive for a period exceeding the configured timer, the entry SHOULD be removed and the associated ARG value SHOULD be recycled for future allocations. The default timer value is implementation specific and MAY be configured by the network operator based on the expected session duration and traffic patterns.¶
Additionally, an implementation MAY support a configurable maximum number of mapping entries. When the table reaches the maximum capacity, new session establishment requests MAY be rejected, or the implementation MAY replace the oldest entries based on a configurable policy. The choice of policy is implementation specific and out of scope of this document.¶
An implementation of the End.B6.Encaps.Relay behavior MAY support selective relay based on configurable policies. For example, a network operator may configure the End.B6.Encaps.Relay BSID node to relay only specific types of tunnel-internal notification messages, such as ICMPv6 error messages (e.g., Time Exceeded, Destination Unreachable, Packet Too Big, Parameter Problem) while processing other types of messages locally or discarding them.¶
Not all SRv6 paths that include BSIDs require the End.B6.Encaps.Relay behavior. When orchestrating SR paths, the network controller SHOULD select the appropriate BSID type based on the requirements of the path.¶
If the path requires that tunnel-internal notification messages (e.g., ICMPv6 errors) generated inside the BSID tunnel be relayed to the upstream tunnel source node, the controller SHOULD use an End.B6.Encaps.Relay SID for that path. If such relay capability is not required, the controller MAY use the standard End.B6.Encaps SID as defined in [RFC8986] to reduce state requirements on the BSID node.¶
The End.B6.Encaps.Relay behavior defined in this document addresses the relay of tunnel-internal notification messages from inside a BSID tunnel back to the upstream tunnel source node. It does not address the subsequent delivery of such notifications from the upstream tunnel source node to the final host or customer edge device.¶
For example, in VPN scenarios where ICMPv6 errors need to be delivered to customer edge devices, the End.B6.Encaps.Relay behavior can be used in conjunction with the ICMP error handling mechanisms defined in [I-D.varhal-6man-icmp-srv6-vpn], which specifies how an ingress PE processes ICMP error messages and forwards them to the host.¶
The relay of ICMPv6 error messages follows the model defined in [RFC2473] and [RFC4443]. Implementations SHOULD apply standard ICMP rate limiting to prevent ICMP flooding attacks.¶
The security considerations of [RFC8402], [RFC8754], and [RFC8986] also apply to this specification. This document does not introduce additional security threats beyond those already present in the SRv6 architecture and the underlying IPv6 and ICMPv6 protocols.¶
This document defines a new SRv6 Endpoint behavior called End.B6.Encaps.Relay.¶
IANA is requested to allocate the following code point for End.B6.Encaps.Relay from the "SRv6 Endpoint Behaviors" sub-registry in the "Segment-routing with IPv6 data plane (SRv6) Parameters" registry:¶
| Value | Hex | Endpoint Behavior | Reference |
|---|---|---|---|
| TBA1 | TBA1 | End.B6.Encaps.Relay | This document |