%% You should probably cite draft-sajassi-bess-evpn-first-hop-security-02 instead of this revision. @techreport{sajassi-bess-evpn-first-hop-security-00, number = {draft-sajassi-bess-evpn-first-hop-security-00}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-sajassi-bess-evpn-first-hop-security/00/}, author = {Ali Sajassi and Lukas Krattiger and Krishnaswamy Ananthamurthy and Samir Thoria}, title = {{EVPN First Hop Security}}, pagetotal = 18, year = , month = , day = , abstract = {DHCP Snoop database stores valid IPv4-to-MAC and IPv6-to-MAC bindings by snooping on Dynamic Host Configuration Protocol (DHCP) messages. These bindings are used by security functions like Dynamic ARP Inspection (DAI), Neighbor Discovery Inspection (NDI), IPv4 Source Guard, and IPv6 Source Guard to safeguard against traffic received with a spoofed address. These functions are collectively referred to as First Hop Security (FHS). This document proposes BGP extensions and new procedures to Ethernet VPN (EVPN) {[}RFC7432{]} for distribution and synchronization of DHCP snoop database to support FHS. Such synchronization is needed to support EVPN host mobility and multi- homing.}, }