
Destination guard is a feature that works with [IPv6](/ipv6) neighbor discovery to ensure that a device performs address resolution only for those addresses that are known to be active on the link.

It uses what is known as address glean functionality.  Address gleaning involves snooping Neighbor Discovery Protocol (NDP) and [DHCP](/dhcp) messages on the link to populate the binding table.  When a packet reaches the device and there is not yet an adjacency for the destination or for the next hop, the NDP consults the device binding table to verify that the destination or the next hop has been previously gleaned. If the destination is not found in the binding table, the packet is dropped. Otherwise, neighbor discovery resolution is performed.

Links:

https://forum.networklessons.com/t/ipv6-source-guard/4545/6?u=lagapides

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/xe-16/ip6f-xe-16-book/ipv6-dest-guard.html

IPv6 - destination guard

IP Addressing on a Router

IP Fragmentation - effects on network traffic

IP Fragmentation Attack

IP Routing table - process by which entries are matched

IP SLA - Route Flapping Problem

IP SLA Parameters

IP SLA tracking syntax

IP addressing on a Switch

IP routing table - candidate default route

IP routing table - default route

IP routing table - static route

IPSec - Authentication Header (AH)

IPSec - ESP vs AH

IPSec - Encapsulating Security Payload (ESP)

IPSec - Key Exchange Data

IPSec - NAT, AH, and ESP

IPSec - crypto map multiple peers

IPSec ESP Wireshark decrypt payload

IPSec NAT Transparency

IPSec how it works with NAT-T

IPSec profile operation with more than one crypto isakmp policy

IPSec

IPsec - does it support multicast

IPv4 - Internal Host Loopback Address Range

IPv4 - ToS Byte definition

IPv4 - classful addressing

IPv4 - classless addressing

IPv4 - header protocol field

IPv4 - no subnet mask information in the IP header

IPv4 - subnet mask

IPv4 Link-local address range

IPv4 Private IP address ranges

IPv4 Subnetting invalid entry causing network address of zero

IPv4 header length field

IPv4 network and broadcast addresses

IPv4 point to point addresses

IPv4

IPv6 - ACLs, RAs, and RSes

IPv6 - DHCPv6

IPv6 - IPv4-mapped IPv6 address

IPv6 - NDP Neighbor Discovery Process

IPv6 - NDP preferred and valid lifetimes

IPv6 - Network and Interface Identifiers

IPv6 - RA suppression command

IPv6 - SLAAC

IPv6 - Site Local addresses

IPv6 - Solicited Node Multicast Address

IPv6 - Unique Local addresses

IPv6 - Valid and Preferred Addresses

IPv6 - ipv6 nd prefix command

IPv6 - loopback address

IPv6 - prefix length

IPv6 - understanding how to enable IPv6 functionality and routing on an IOS device

IPv6 EIGRP static neighbors

IPv6 EUI-64 host address configuration method

IPv6 Neighbor Discovery Protocol Extensions

IPv6 RA Guard

IPv6 computing a global unicast address

IPv6 first hop security features on CML

IPv6 global unicast address

IPv6 link-local address

IPv6 minimum and maximum prefix lengths

IPv6 mobility features

IPv6 simplicity and complexity of various prefix values

IPv6 stateless DHCP active clients equals zero

IPv6 transition technologies

IPv6

IS-IS - DIS and Pseudonode

IS-IS - attached bit

IS-IS - route filtering

IS-IS - up-down bit

IS-IS multitopology support

IS-IS

ISDN

ISIS circuit-type command

ISP Peering

ISPs, tiers, transiting, and the Internet

Importance of self-study for CCIE or CCDE

Interface - configuring a range of interfaces

Interface - no carrier counter

Interface - show interfaces counters explained

Interface - unknown protocol drops

Interface speed and bandwidth

Interior Gateway Protocol (IGP)

Internet Exchange Point (IXP)

Internet Service Provider (ISP)

Intrusion prevention system (IPS)

Kron task scheduler

L2TPv3 over IPSec

L2TPv3

LACP

LAG - Multi-Chassis LAG

LFA - Topology Independent LFA

LFA, remote LFA, and how they work together in OSPF

LISP - map request and reply process

LISP - what is it

LISP and overlapping address spaces

LISP debug traffic between two EIDs