Hackers send large stream of packets with IP options (for IPv4 packets) or Routing Header of type 0 (for IPv6 packets) to bog down the server with increased packet processing load. This results in a Denial of Service (DoS) attack on the server where the server is occupied with other activities that prevents it from providing services to its clients.
The general mitigation to reduce the impact of the DoS attack is to drop packets that have IP Options configured. This reduces the load on the router and reduces the impact of this attack on the downstream routers. By default, all IPv4 packets with IP options are processed. This feature must be enabled explicitly to implement this mitigation.
For IPv6 packets, those packets with Routing Header (RH) of type 0 must be dropped. A new command is introduced to specifically drop IPv6 packets. By default, all IPv6 packets with RH of type 0 are processed. This feature must be enabled explicitly to implement this mitigation.