Implementation Advice for IPv6 Router Advertisement Guard
RFC 7113, “Implementation Advice for IPv6 Router Advertisement Guard”, is an Informational document published in February 2014 by F. Gont. It updates RFC 6105. The canonical text is published by the RFC Editor.
Abstract
The IPv6 Router Advertisement Guard (RA-Guard) mechanism is commonly employed to mitigate attack vectors based on forged ICMPv6 Router Advertisement messages. Many existing IPv6 deployments rely on RA-Guard as the first line of defense against the aforementioned attack vectors. However, some implementations of RA-Guard have been found to be prone to circumvention by employing IPv6 Extension Headers. This document describes the evasion techniques that affect the aforementioned implementations and formally updates RFC 6105, such that the aforementioned RA-Guard evasion vectors are eliminated.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 7113 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7112 Implications of Oversized IPv6 Header Chains
- RFC 7114 Creation of a Registry for smime-type Parameter Values
- RFC 7111 URI Fragment Identifiers for the text/csv Media Type
- RFC 7115 Origin Validation Operation Based on the Resource Public Key Infrastructure
- RFC 7110 Return Path Specified Label Switched Path Ping
- RFC 7116 Licklider Transmission Protocol , Compressed Bundle Header Encoding , and Bundle Protocol IANA Registries
- RFC 7109 Flow Bindings Initiated by Home Agents for Mobile IPv6
- RFC 7117 Multicast in Virtual Private LAN Service