@techreport{ietf-bess-evpn-first-hop-security-00,
    number =    {draft-ietf-bess-evpn-first-hop-security-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-bess-evpn-first-hop-security/00/},
    author =    {Ali Sajassi and Lukas Krattiger and Krishnaswamy Ananthamurthy and Jorge Rabadan and Wen Lin},
    title =     {{EVPN First Hop Security}},
    pagetotal = 23,
    year =      2026,
    month =     apr,
    day =       17,
    abstract =  {The Dynamic Host Configuration Protocol (DHCP) snoop database stores valid IPv4-to-MAC and IPv6-to-MAC bindings by snooping on DHCP messages. These bindings are used by security functions like Dynamic Address Resolution Protocol Inspection (DAI), Neighbor Discovery Inspection (NDI), IPv4 Source Guard, and IPv6 Source Guard to safeguard against traffic received with a spoofed address. These functions are collectively referred to as First Hop Security (FHS). This document proposes BGP extensions and new procedures for Ethernet VPN (EVPN) will distribute and synchronize the DHCP snoop database to support FHS. Such synchronization is needed to support EVPN host mobility and multi-homing.},
}