Experts also advise using a router that has implemented a Cisco technology called RA Guard - and while Cisco routers support RA Guard, not all routers do. RA Guard was submitted as an informational document to the IETF, , but it is not on track to become a standard.

Juniper, for instance, has no intention of implementing it and is instead waiting for IETF RFC 6164. “RFC 6105 IPv6 Router Advertisement Guard, published about nine weeks ago, is an informational RFC, as opposed to an IETF Standard, that documents Cisco's proprietary RA-Guard technology.  Cisco asserts that at least one of their patent applications (US PPA 20080307516) covers this technology. While Cisco has stated that should RFC 6105 become a standard then they will make a royalty-free license available, since this is not yet a standard there is no such option.  We can however achieve much the same functionality simply by applying access control lists,” said Juniper’s Peter Lunk, director of product marketing for high-end security systems.

Lunk added: “Conversely, RFC 6164, released last month, is a ‘standards track’ RFC (which is to say on the way to being, but not yet, a standard) supported by Juniper, Google and IBM and others that addresses many of the same issues in a much more open manner.  We expect this to be ratified as a full standard at the next IETF meeting in July.”

BACKGROUND:

Heuse has also called Juniper out on the carpet for dragging its feet to fix the hole. Juniper’s Lunk argues that the RA advertisement problem stems from a flaw in the ICMPv6 protocol and should be fixed by the IETF.