multicast
Click on the red underlined text to get to the source
... link-local
(e.g., Neighbor Discovery) and multicast traffic. Without this,
an attacker can pollute the IPv6 ...
... link-local
traffic multicast traffic would need to be identified, possibly
resulting in a long list of SPD entries. The second requirement ...
... tunnel is a much simpler
solution and also easily protects link-local and multicast traffic,
we do not recommend using tunnel mode in this context ...
... tunnel mode. Such usage is more complicated
because IPv6 prefixes need to be known a priori, and multicast and
link-local traffic ...
... IPsec policy checks do not check the IPv6
addresses at all. Routing protocols, multicast, etc. will work
through this tunnel. This mode is similar to transport mode ...
... traffic), there is no Duplicate
Address Detection (DAD), Multicast Listener Discovery (MLD), or
link-local ...
... link-local traffic to protect; multicast is not possible over
such a tunnel. Ingress filtering ...
... the IPv6 prefixes can be known a priori), and it offers only a
limited set of features (e.g., no multicast) compared with a
transport mode tunnel ...