TechLeague

    Security

    IPv6 security best practices: dual-stack and IPv6-only without surprises

    TechLeague EditorialΒ·Β·7 min read

    IPv6 is here to stay. The threats look familiar but the names are new β€” and ignoring them invites trouble.

    Layer 2

    • RA guard to block rogue routers.
    • DHCPv6 guard, ND inspection, source guard.

    Routing

    • Filter bogons; tighten BGP IPv6 max-prefix.
    • Use unique-local for internal-only services.

    ACLs

    • Mirror IPv4 policy to IPv6 β€” no parallel oversights.
    • Permit ICMPv6 types necessary for PMTUD and ND.

    Security devices

    • Verify NGFW understands IPv6 extension headers.
    • Test inspection at line rate.

    Operations

    • Address management with IPAM, not spreadsheets.
    • Document prefix delegation hierarchy.

    Train IPv6 reasoning in a TechLeague tournament.