Search RFCs
RFC 7113
Implementation Advice for IPv6 Router Advertisement Guard (RA-Guard),February 2014
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC7113
Discuss this RFC: Send questions or comments to the mailing listv6ops@ietf.org
Other actions:Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 7113
Abstract
The IPv6 Router Advertisement Guard (RA-Guard) mechanism is commonlyemployed to mitigate attack vectors based on forged ICMPv6 RouterAdvertisement messages. Many existing IPv6 deployments rely onRA-Guard as the first line of defense against the aforementioned attackvectors. However, some implementations of RA-Guard have been foundto be prone to circumvention by employing IPv6 Extension Headers.This document describes the evasion techniques that affect theaforementioned implementations and formally updates RFC 6105, suchthat the aforementioned RA-Guard evasion vectors are eliminated.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.