Operational Security Considerations for IPv6 Networks
RFC 9099, “Operational Security Considerations for IPv6 Networks”, is an Informational document published in August 2021 by É. Vyncke, K. Chittimaneni, M. Kaeo, E. Rey. The canonical text is published by the RFC Editor.
Abstract
Knowledge and experience on how to operate IPv4 networks securely is available, whether the operator is an Internet Service Provider (ISP) or an enterprise internal network. However, IPv6 presents some new security challenges. RFC 4942 describes security issues in the protocol, but network managers also need a more practical, operations-minded document to enumerate advantages and/or disadvantages of certain choices.
This document analyzes the operational security issues associated with several types of networks and proposes technical and procedural mitigation techniques. This document is only applicable to managed networks, such as enterprise networks, service provider networks, or managed residential networks.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 9099 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9098 Operational Implications of IPv6 Packets with Extension Headers
- RFC 9100 Sensor Measurement Lists Features and Versions
- RFC 9097 Metrics and Methods for One-Way IP Capacity
- RFC 9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request
- RFC 9096 Improving the Reaction of Customer Edge Routers to IPv6 Renumbering Events
- RFC 9102 TLS DNSSEC Chain Extension
- RFC 9095 Extensible Provisioning Protocol Domain Name Mapping Extension for Strict Bundling Registration
- RFC 9103 DNS Zone Transfer over TLS