5.2.c Implement and troubleshoot IPv6 first hop security

5.2.c [iii] Binding table

A database table of IPv6 neighbors connected to the device is created from information sources such as NDP snooping. This database, or binding table, is used by various IPv6 guard features to validate the link-layer address (LLA), the IPv4 or IPv6 address, and the prefix binding of the neighbors to prevent spoofing and redirect attacks.

The IPv6 first-hop security binding table recovery mechanism enables the binding table to recover in the event of a device reboot. The recovery mechanism will block any data traffic sourced from an unknown source, that is a source not already specified in the binding table and previously learnt via NDP or Dynamic Host Configuration Protocol (DHCP) gleaning. The IPv6 First-Hop Security Binding Table Recovery Mechanism feature recovers the missing binding table entries when the resolution for a destination address fails in the destination guard. Upon a failure, a binding table entry is recovered by querying the DHCP server or the destination host depending on the configuration.

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 5369-5374).  . Kindle Edition.