The IESG has received a request from the IPv6 Operations WG (v6ops) to consider the following document: - 'Implementation Advice for IPv6 Router Advertisement Guard (RA-Guard)' <draft-ietf-v6ops-ra-guard-implementation-04.txt> as Best Current Practice The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2012-11-09. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The IPv6 Router Advertisement Guard (RA-Guard) mechanism is commonly employed to mitigate attack vectors based on forged ICMPv6 Router Advertisement messages. Many existing IPv6 deployments rely on RA- Guard as the first line of defense against the aforementioned attack vectors. However, some implementations of RA-Guard have been found to be prone to circumvention by employing IPv6 Extension Headers. This document describes the evasion techniques that affect the aforementioned implementations, and formally updates RFC 6105, such that the aforementioned RA-Guard evasion vectors are eliminated. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard-implementation/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard-implementation/ballot/ No IPR declarations have been submitted directly on this I-D.
