{"draft":"draft-ietf-opsec-dhcpv6-shield-08","doc_id":"RFC7610","title":"DHCPv6-Shield: Protecting against Rogue DHCPv6 Servers","authors":["F. Gont","W. Liu","G. Van de Velde"],"format":["ASCII","HTML"],"page_count":"12","pub_status":"BEST CURRENT PRACTICE","status":"BEST CURRENT PRACTICE","source":"Operational Security Capabilities for IP Network Infrastructure","abstract":"This document specifies a mechanism for protecting hosts connected to\r\na switched network against rogue DHCPv6 servers.  It is based on\r\nDHCPv6 packet filtering at the layer 2 device at which the packets\r\nare received.  A similar mechanism has been widely deployed in IPv4\r\nnetworks ('DHCP snooping'); hence, it is desirable that similar\r\nfunctionality be provided for IPv6 networks.  This document specifies\r\na Best Current Practice for the implementation of DHCPv6-Shield.","pub_date":"August 2015","keywords":[],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":["BCP0199"],"doi":"10.17487\/RFC7610","errata_url":null}