Routing Loop Attack using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations

Document Type Replaced Internet-Draft (individual)
Authors Gabi Nakibly  , Fred Templin 
Last updated 2010-09-14 (latest revision 2010-08-18)
Replaced by RFC 6324
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-v6ops-tunnel-loops
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document is concerned with security vulnerabilities in IPv6-in- IPv4 automatic tunnels. These vulnerabilities allow an attacker to take advantage of inconsistencies between a tunnel's overlay IPv6 routing state and the native IPv6 routing state. The attack forms a routing loop which can be abused as a vehicle for traffic amplification to facilitate DoS attacks. The first aim of this document is to inform on this attack and its root causes. The second aim is to present some possible mitigation measures.


Gabi Nakibly (
Fred Templin (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)