DHCPv6-Shield: Protecting against Rogue DHCPv6 Servers
RFC 7610, “DHCPv6-Shield: Protecting against Rogue DHCPv6 Servers”, is a Best Current Practice document published in August 2015 by F. Gont, W. Liu, G. Van de Velde. The canonical text is published by the RFC Editor.
Abstract
This document specifies a mechanism for protecting hosts connected to a switched network against rogue DHCPv6 servers. It is based on DHCPv6 packet filtering at the layer 2 device at which the packets are received. A similar mechanism has been widely deployed in IPv4 networks ('DHCP snooping'); hence, it is desirable that similar functionality be provided for IPv6 networks. This document specifies a Best Current Practice for the implementation of DHCPv6-Shield.
What “Best Current Practice” means
Documents the IETF community's recommended operational or procedural practice rather than a protocol specification.
The canonical text of RFC 7610 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7609 IBM's Shared Memory Communications over RDMA Protocol
- RFC 7611 BGP ACCEPT_OWN Community Attribute
- RFC 7608 IPv6 Prefix Length Recommendation for Forwarding
- RFC 7612 Lightweight Directory Access Protocol : Schema for Printer Services
- RFC 7607 Codification of AS 0 Processing
- RFC 7613 Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords
- RFC 7606 Revised Error Handling for BGP UPDATE Messages
- RFC 7614 Explicit Subscriptions for the REFER Method