How to preempt rogue RAs?

Fernando Gont fernando at
Sat Nov 27 01:30:50 CET 2010

On 30/10/2010 06:03 a.m., Gert Doering wrote:

> There's are a couple of IETF drafts focusing on this problem:
>  draft-ietf-v6ops-rogue-ra-02.txt
>     "the problem statement" (plus ideas on mitigation, like L2 ACLs)
>  draft-ietf-v6ops-ra-guard-08.txt
>     "how a switch implementation could help fixing this"

My take is that this will fix the "accidental" rogue IPv6 router
problem, but not the malicious router IPv6 problem.

I'm in the process of crafting some code to actually check the idea I
have in mind... and will share afterwards.


Kind regards,
Fernando Gont
e-mail: fernando at || fgont at
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

More information about the ipv6-ops mailing list