would like to ask the question in a different way since i got no feedback:
If the machines connected to my 7600 all have a static IPv6 address configured, and either have a static default route, or learn default via iBGP or OSPFv3, is rogue RA still a problem in such a case, or is it only an issue when using SLAAC ?
If the RA is in a Fragmented packet or if the RA has some Extention Header, the switch is not able to recognize it!
The question is why should we have fragmented RA or Extension Headers in a RA?
I don't see any need for that but it is supposed to be supported by RFC and then permitted.
Now you can filter it, I will not tell and your RA Guard will work again!
Normally most ND packet MUST have the Hop Limi set to 255 to be valid which is a good protection as it is impossible to send a ND packet from a remote network and I thought that Rogue RA was not as dangerous because of this.
But I just notices on an old capture of a RA I took from my ISP that their RA have a Hop Limit of 64 !
This RA is fully analyzed in my latest IPv6 Tutorial Release on PAge 15 if you click on the RA Capture:
After my first publication of the book OSPF Demystified With RFC in 2014 which goes beyond the CCIE level which explores OSPF from the RFC's perspective. Since one year I had the idea : why not write a book for CCIE Enterprise and Infrastructure to be an ...
Do you use Cisco DNA Center? Have you used and are you willing to provide your feedback in using the Cisco DNA Center help and documentation?
If so, we’d like you to complete the survey linked below. Your feedback will help provide more effective and easi...
Listen: https://smarturl.it/CCRS9E18Follow us: https://twitter.com/CiscoChampion Reaching the height of your career is no simple feat. It often requires a combination of pursuing the right education, building the right professional network and being ...