7. Security Considerations
RFC 9960 inherits the security considerations for Replication segments from RFC 9524. An SR domain must be protected from outside attackers as described in RFC 8402, RFC 8754, and RFC 8986.
If an SR-MPLS domain is not protected by correct per-interface MPLS provisioning, external attackers may send packets to receivers of multipoint services that use SR P2MP Policies inside the domain.
If an SRv6 domain is not protected with inbound Infrastructure Access Control Lists (IACLs) on external interfaces, and the deployment also fails to implement RFC 2827 / BCP 38 or apply IACLs on nodes that provision SIDs, outside attackers may send packets to receivers of those multipoint services.
Incorrect controller provisioning of Replication segments can form a loop. Replicated packets can then create a packet storm until the MPLS TTL for SR-MPLS or IPv6 Hop Limit for SRv6 reaches zero.
Control-plane protocols used to instantiate SR PTI Replication segments, such as PCEP and BGP, should rely on their own security mechanisms, including encryption, authentication, and filtering.
For SRv6, RFC 9524 describes an exception for ICMPv6 Parameter Problem Code 2. If an attacker injects a packet into a multipoint service using a node source address and an unknown mandatory extension-header option, many ICMPv6 Parameter Problem messages can cause a denial-of-service attack on the source node.