{"draft":"draft-ietf-v6ops-nd-considerations-14","doc_id":"RFC9898","title":"Neighbor Discovery Considerations in IPv6 Deployments","authors":["X. Xiao","E. Vasilenko","E. Metz","G. Mishra","N. Buraglio"],"format":["HTML","TEXT","PDF","XML"],"page_count":"26","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"IPv6 Operations","abstract":"The Neighbor Discovery (ND) protocol is a critical component of the\nIPv6 architecture. The protocol uses multicast in many messages. It\nalso assumes a security model where all nodes on a link are trusted.\nSuch a design might be inefficient in some scenarios (e.g., use of\nmulticast in wireless networks) or when nodes are not trustworthy\n(e.g., public access networks). These security and operational issues\nand the associated mitigation solutions are documented in more than\ntwenty RFCs. There is a need to track these issues and solutions in a\nsingle document.\r\n\r\nTo that aim, this document summarizes the published ND issues and\nthen describes how all these issues originate from three causes.\nAddressing the issues is made simpler by addressing the causes. This\ndocument also analyzes the mitigation solutions and demonstrates that\nisolating hosts into different subnets and links can help to address\nthe three causes. Guidance is provided for selecting a suitable\nisolation method to prevent potential ND issues.","pub_date":"November 2025","keywords":["ND","NDP","SLACC","DHCPv6-PD","host isolation"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9898","errata_url":null}