RFC 7113

Implementation Advice for IPv6 Router Advertisement Guard (RA-Guard), February 2014

File formats:
icon for text file icon for PDF icon for HTML
Status:
INFORMATIONAL
Updates:
RFC 6105
Author:
F. Gont
Stream:
IETF
Source:
v6ops (ops)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC7113

Discuss this RFC: Send questions or comments to the mailing list v6ops@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 7113

Abstract

The IPv6 Router Advertisement Guard (RA-Guard) mechanism is commonly employed to mitigate attack vectors based on forged ICMPv6 Router Advertisement messages. Many existing IPv6 deployments rely on RA-Guard as the first line of defense against the aforementioned attack vectors. However, some implementations of RA-Guard have been found to be prone to circumvention by employing IPv6 Extension Headers. This document describes the evasion techniques that affect the aforementioned implementations and formally updates RFC 6105, such that the aforementioned RA-Guard evasion vectors are eliminated.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.



Advanced Search