News‎ > ‎

BCP 199, RFC 7610 on DHCPv6-Shield: Protecting against Rogue DHCPv6 Servers

posted Aug 24, 2015, 8:21 PM by Fernando Gont
The Abstract of the RFC is:

This document specifies a mechanism for protecting hosts connected to
a switched network against rogue DHCPv6 servers.  It is based on
DHCPv6 packet filtering at the layer 2 device at which the packets
are received.  A similar mechanism has been widely deployed in IPv4
networks ('DHCP snooping'); hence, it is desirable that similar
functionality be provided for IPv6 networks.  This document specifies
a Best Current Practice for the implementation of DHCPv6-Shield.