MUST READ: Operational Security Considerations for IPv6 Networks

A team of IPv6 security experts I highly respect (including my good friends Enno Rey, Eric Vyncke and Merike Kaeo) put together a lengthy document describing security considerations for IPv6 networks. The document is a 35-page overview of things you should know about IPv6 security, listing over a hundred relevant RFCs and other references.

No wonder enterprise IPv6 adoption is so slow – we managed to make a total mess.


  1. In the production networks I manage IPv6 isn't used at all and most of my experience using IPv6 is lab based so apologies if im massively behind the curve here, but did I read that correctly that IPv6 fragmentation can be used as a tool to circumvent RA Guard?
    1. It's a well-known problem, and a source of infinite fun for Fernando Gont (who devised numerous variants of this attack every time the $vendors claimed to fix the problem)... eventually resulting in RFC 6980 and RFC 7113.

      Never tracked how many vendors implemented it correctly though. Any feedback highly welcome.
  2. Thanks for that gold nugget. Eric did also a great job with his 'IPv6 Security' book although it's a bit old, it's still holds value. I've read the whole book.
Add comment