diff --git a/pkg/agent/route/route_linux.go b/pkg/agent/route/route_linux.go
index f72ccf3bbe9..d2f894c852b 100644
--- a/pkg/agent/route/route_linux.go
+++ b/pkg/agent/route/route_linux.go
@@ -891,6 +891,12 @@ func (c *Client) Reconcile(podCIDRs []string) error {
 		if desiredPodCIDRs.Has(route.Dst.String()) {
 			continue
 		}
+		// A route destined to an IPv6 link-local CIDR is always system auto-generated along with a link-local
+		// address, which is not configured by antrea and is supposed to be ignored in the "deletion" list.
+		// Such routes are helpful in some case, e.g., IPv6 NDP.
+		if route.Dst.IP.IsLinkLocalUnicast() && route.Dst.IP.To4() == nil {
+			continue
+		}
 		// IPv6 doesn't support "on-link" route, routes to the peer IPv6 gateways need to
 		// be added separately. So don't delete such routes.
 		if desiredIPv6GWs.Has(route.Dst.IP.String()) {
diff --git a/pkg/agent/route/route_linux_test.go b/pkg/agent/route/route_linux_test.go
index 9b675304025..78da13055d7 100644
--- a/pkg/agent/route/route_linux_test.go
+++ b/pkg/agent/route/route_linux_test.go
@@ -676,6 +676,7 @@ func TestReconcile(t *testing.T) {
 		{Dst: ip.MustParseCIDR("2001:ab03:cd04:55ee:1001::1/128")}, // existing podCIDR, should not be deleted.
 		{Dst: ip.MustParseCIDR("fc01::aabb:ccdd:eeff/128")},        // service route, should not be deleted.
 		{Dst: ip.MustParseCIDR("2001:ab03:cd04:55ee:100b::/80")},   // non-existing podCIDR, should be deleted.
+		{Dst: ip.MustParseCIDR("fe80::/80")},                       // link-local route, should not be deleted.
 	}, nil)
 	mockNetlink.EXPECT().RouteDel(&netlink.Route{Dst: ip.MustParseCIDR("192.168.11.0/24")})
 	mockNetlink.EXPECT().RouteDel(&netlink.Route{Dst: ip.MustParseCIDR("2001:ab03:cd04:55ee:100b::/80")})
diff --git a/pkg/wfp/interfaces.go b/pkg/wfp/interfaces.go
new file mode 100644
index 00000000000..7d2b0932b86
--- /dev/null
+++ b/pkg/wfp/interfaces.go
@@ -0,0 +1,62 @@
+package wfp
+
+import (
+	"net"
+
+	"golang.org/x/sys/windows"
+)
+
+type RuleID windows.GUID
+
+type WFPProvider interface {
+	CreateSublayer(name string) windows.GUID
+	ListSublayers() []Sublayer
+	SubscribeNetEvents(eventCh chan wf.FwpmNetEvent)
+	Close() error
+}
+
+type Sublayer interface {
+	Name() string
+	ID() windows.GUID
+	NewL4RuleBuilder(direction Direction, stateful bool) L4RuleBuilder
+	NewMacRuleBuilder() L2RuleBuilder
+	ListRules(sublayerID windows.GUID) []*Rule
+	AddRules(rules []Rule) error
+	DeleteRules(rules []windows.GUID) error
+}
+
+type Rule interface {
+	Allow()
+	Block()
+	Reject()
+
+	IsStateful() bool
+	Direction() Direction
+}
+
+type L4RuleBuilder interface {
+	MatchSrcIP(ip net.IP) L4RuleBuilder
+	MatchSrcIPNet(cidr net.IPNet) L4RuleBuilder
+	MatchDstIP(ip net.IP) L4RuleBuilder
+	MatchDstIPNet(cidr net.IPNet) L4RuleBuilder
+	MatchProtocol(ipProto uint8) L4RuleBuilder
+	MatchSrcPort(port uint16) L4RuleBuilder
+	MatchDstPort(port uint16) L4RuleBuilder
+	MatchDNS(dns string) L4RuleBuilder
+	Done() Rule
+}
+
+type L2RuleBuilder interface {
+	MatchSrcMAC(mac net.HardwareAddr) L4RuleBuilder
+	MatchDstMAC(mac net.HardwareAddr) L4RuleBuilder
+	Done() Rule
+}
+
+type statefulRule struct {
+}
+
+type statelessRule struct {
+}
+
+type l2Rule struct {
+}