[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: New Version Notification for draft-ietf-v6ops-ra-guard-01

To: <v6ops@ops.ietf.org>
Subject: FW: New Version Notification for draft-ietf-v6ops-ra-guard-01
From: "Gunter Van de Velde (gvandeve)" <gvandeve@cisco.com>
Date: Wed, 10 Sep 2008 14:36:28 +0200

Folks,

This draft experienced a major rewrite/restructuring based upon the
feedback received.
If there are questions or feedback, then pls send to the list.
http://www.ietf.org/internet-drafts/draft-ietf-v6ops-ra-guard-01.txt

G/

-----Original Message-----
From: IETF I-D Submission Tool [mailto:idsubmission@ietf.org] 
Sent: woensdag 10 september 2008 14:34
To: gunter (mailer list)
Cc: Eric Levy- Abegnoli (elevyabe); Chip Popoviciu (cpopovic);
mohacsi@niif.hu
Subject: New Version Notification for draft-ietf-v6ops-ra-guard-01 


A new version of I-D, draft-ietf-v6ops-ra-guard-01.txt has been
successfuly submitted by Gunter Van de Velde and posted to the IETF
repository.

Filename:	 draft-ietf-v6ops-ra-guard
Revision:	 01
Title:		 IPv6 RA-Guard
Creation_date:	 2008-09-10
WG ID:		 v6ops
Number_of_pages: 10

Abstract:
It is particularly easy to experience "rogue" routers on an unsecured
link.  Devices acting as a rougue router may send illegitimate RAs.
Section 6 of SeND [RFC3971] provides a full solution to this problem, by
enabling routers certification.  This solution does, however, require
all nodes on an L2 network segment to support SeND, as well as it
carries some deployment challenges.  End-nodes must be provisioned with
certificate anchors.  The solution works better when end-nodes have
access to a Certificate Revocation List server, and to a Network Time
Protocol server, both typically off-link, which brings some bootstrap
issues.

When using IPv6 within a single L2 network segment it is possible and
sometimes desirable to enable layer 2 devices to drop rogue RAs before
they reach end-nodes.  In order to distinguish valid from rogue RAs, the
L2 devices can use a spectrum of criterias, from a static scheme that
blocks RAs received on un-trusted ports, or from un-trusted sources, to
a more dynamic scheme that uses SeND to challenge RA sources.

This document reviews various techniques applicable on the L2 devices to
reduce the threat of rogue RAs.
 



The IETF Secretariat.

Prev by Date: Re: New (-02) version of IPv6 CPE Router draft is available for review
Next by Date: I-D Action:draft-ietf-v6ops-ra-guard-01.txt
Previous by thread: Fwd: New Version Notification for draft-miyata-v6ops-snatpt-01
Next by thread: I-D Action:draft-ietf-v6ops-ra-guard-01.txt
Index(es):
- Date
- Thread