FYI. RFC 9288, "Recommendations on the Filtering of IPv6 Packets
Containing IPv6 Extension Headers at Transit Routers" (available at:
FWIW, IMO most of the value is in the analysis of what
protocols/features use what EHs, and what would break (if anything) if
packets with EHs are dropped.
These other two are useful for context:
* RFC 9098, "Operational Implications of IPv6 Packets with Extension
* RFC 7872, "Observations on the Dropping of Packets with IPv6 Extension
Headers in the Real World (https://www.rfc-editor.org/rfc/rfc7872.html
-------- Forwarded Message --------
Subject: RFC 9288 on Recommendations on the Filtering of IPv6 Packets
Containing IPv6 Extension Headers at Transit Routers
Date: Thu, 18 Aug 2022 16:21:47 -0700 (PDT)
A new Request for Comments is now available in online RFC libraries.
Title: Recommendations on the Filtering of IPv6
Packets Containing IPv6 Extension Headers at Transit Routers Author:
Date: August 2022
I-D Tag: draft-ietf-opsec-ipv6-eh-filtering-10.txt
This document analyzes the security implications of IPv6 Extension
Headers and associated IPv6 options. Additionally, it discusses the
operational and interoperability implications of discarding packets
based on the IPv6 Extension Headers and IPv6 options they contain.
Finally, it provides advice on the filtering of such IPv6 packets at
transit routers for traffic not directed to them, for those cases
where such filtering is deemed as necessary.
This document is a product of the Operational Security Capabilities for
IP Network Infrastructure Working Group of the IETF.
INFORMATIONAL: This memo provides information for the Internet community.
It does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk
Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-e...@rfc-editor.org
specifically noted otherwise on the RFC itself, all RFCs are for
The RFC Editor Team
Association Management Solutions, LLC
IETF-Announce mailing list
Ipv6hackers mailing list