Technical Summary
In networks supporting IPv6 the Internet Control Message Protocol
version 6 (ICMPv6) plays a fundamental role with a large number of
functions, and a correspondingly large number of message types and
options. A number of security risks are associated with uncontrolled
forwarding of ICMPv6 messages. On the other hand, compared with IPv4
and the corresponding protocol ICMP, ICMPv6 is essential to the
functioning of IPv6 rather than a useful auxiliary. This document
provides some recommendations for ICMPv6 firewall filter
configuration that will allow propagation of ICMPv6 messages that are
needed to maintain the functioning of the network but drop messages
which are potential security risks.
Working Group Summary
This was approved by the IPv6 Operations Working Group following an
extended discussion.
The document was originally proposed for BCP status, and was
downgraded to informational based on the notion that we should get
experience with the document before giving it that class of
approbation. We expect to review the document about a year hence in
view of operational experience. Apart from that, the working group
has been supportive.
Protocol Quality
David Kessens reviewed this document for the IESG.