DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers
draft-ietf-opsec-dhcpv6-shield-00

The information below is for an old version of the document
Document Type Expired Internet-Draft (opsec WG)
Last updated 2013-06-15 (latest revision 2012-12-12)
Replaces draft-gont-opsec-dhcpv6-shield
Stream IETF
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Additional URLs
- Mailing list discussion
Stream WG state WG Document
Document shepherd None
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-opsec-dhcpv6-shield-00.txt

Abstract

This document specifies a mechanism for protecting hosts connected to a broadcast network against rogue DHCPv6 servers. The aforementioned mechanism is based on DHCPv6 packet-filtering at the layer-2 device on which the packets are received. The aforementioned mechanism has been widely deployed in IPv4 networks ('DHCP snooping'), and hence it is desirable that similar functionality be provided for IPv6 networks.

Authors

Fernando Gont (fgont@si6networks.com)
Will LIU (liushucheng@huawei.com)
Gunter Van de Velde (gunter@cisco.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)