Field of the Invention
The present invention is generally directed to limiting unwanted message traffic in a computer network. More specifically, the present invention filters message traffic in a computer network eliminating unwanted messages according to one or more policy rules.
Description of the Related Art
Routers and computing devices in computer networks today broadcast router advertisements (RAs) as part of an auto-configuration process of a network. RAs are messages that are commonly used in internet protocol version 6 (IPv6) networks. RAs provide information that may be used to configure an IPv6 network. In certain instances, an excessive number of RAs appear on a computer network consuming excessive amounts of network bandwidth, sometimes causing hosts on the computer network to fail.
Currently IPv6 networks include router advertisement guards (RA-guards) that examine RAs on the computer network when identifying whether specific RAs should be blocked or forwarded. A first type of RA-guard implemented in IPv6 networks today are referred to as statefull RA-guards that dynamically acquire information when identifying legitimate router assignment (RA) senders. Once a statefull RA-guard identifies legitimate RA senders, the statefull RA-guard stores this information in memory. An RA-guard will not block RAs sent from legitimate RA senders.
A second type of RA-guard used in IPv6 networks today are stateless RA-guards. Stateless RA-guards examine information contained in the RA or information relating to a device configuration when identifying whether a particular RA should be blocked or forwarded. In certain instances a stateless RA-guard is referred to as a level 2 device (L2-device). Information used by a stateless RA-guard sometimes includes a link layer address of a sender, a port on which the RA was received, or a source internet protocol (IP) address. The information used by a stateless RA-guard may be contained in a second layer (L2) or third layer (L3) of an RA message.
While statefull and stateless RA-guards provide benefits to a computer network, they do not provide adequate protection to prevent bogus RAs from being forwarded around in a computer network. One source of RAs are personal devices that connect to a computer network using wireless communications. Such personal devices connect to a computer network when individuals bring their own device (BYOD) to work. As such, personal devices may disturb computer networks by sending too many RAs to the network.
What are needed are new forms of RA-guards that protect computer networks from bogus RAs. This is especially true when a network allows personal devices to connect to the network.