BCP 199

RFC 7610

DHCPv6-Shield: Protecting against Rogue DHCPv6 Servers, August 2015

Canonical URL:
https://www.rfc-editor.org/bcp/bcp199.txt
File formats:
Plain TextPDF
Status:
BEST CURRENT PRACTICE
Authors:
F. Gont
W. Liu
G. Van de Velde
Stream:
IETF
Source:
opsec (ops)

Cite this BCP: TXT

Discuss this RFC: Send questions or comments to iesg@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This document specifies a mechanism for protecting hosts connected to a switched network against rogue DHCPv6 servers. It is based on DHCPv6 packet filtering at the layer 2 device at which the packets are received. A similar mechanism has been widely deployed in IPv4 networks ('DHCP snooping'); hence, it is desirable that similar functionality be provided for IPv6 networks. This document specifies a Best Current Practice for the implementation of DHCPv6-Shield.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader



Search RFCs
Advanced Search
×