Professional Documents
Culture Documents
IPv6 Neighbor Discovery Protocol - NDP
IPv6 Neighbor Discovery Protocol - NDP
5. Redirect
Redirect messages are used in the same way as IPv4 ICMP redirect messages.
Redirect messages are always sent by the router to a host asking the host to update its routing
information.
Upon receiving a packet from a host, The router can sen Redirect message back to the host only
when a router knows that the best path for that host to reach the destination is another router and not
itself. On receiving the Redirect message the host can update its routing information, and send
subsequent packets directly to the other router.
Summary of ICMPv6 messages type 133 through 137 are used for IPv6 Neighbor Discovery
Unsolicited RAs are to be generated periodically by the router to make the presence of the router
known on the link. The Period between transmission of the RAs can be between 4 and 1800
seconds, and the default is 600 seconds. Also the minimum period between advertisement of RAs is
200 seconds by default.
RA Structure: The following fields are carried in the RA messages originated by the routers.
RA Message Fields:
Type: ICMPv6 134 Always
Code: 0
Checksum: To compute the checksum values
Hop Limit: Indicates the hop limit value the hosts should give to the IPv6 packets on this link. Is set
to all Zeros if router does not specify any hop limit.
M: M-Bit is set by the Router to tell the hosts on the link to use the stateful address autoco-
nfiguration via DHCpv6. If the flag is cleared then hosts on the link should use stateless address
auto-configuration. M-Bit is also called as managed address configuration flag.
O: Also known as Other Stateful configuration flag and is set by router to tell the hosts to use
DHCPv6 for getting other link configuration parameters.
Router Lifetime: Specifies the lifetime of the default router in seconds and can be a max of 18.2
hours. If the router originating the RA is not the default router then this value will be set to 0.
Reachable Time: Is the time in milliseconds that a node should assume a neighbor is reachable after
the node has confirmation of its neighbor’s reachability.
Retransmit Timer: Specifies the minimum time between transmitted NS messages and specified in
milliseconds.
Options:
1. Link layer address of the router interface from where the RA was originated.
2. MTU of the Link
3. Prefixes assigned to the Link. This information helps hosts when stateless address configuration
is used, as the hosts will know what prefixes are being used on the link to configure their own
address.
4. Lifetime of each individual IPv6 prefix advertised in the RA options field.
If there are multiple routers on the link, then hosts can select one default router which can cause
suboptimal routing for the host, and can also cause redirects by the router to be sent. On Cisco
routers the Default Router Priority can be set in the RA, which indicates a preference of the default
router.
the Preference can be set to High, Medium or Low. These DRP bits are ignored by hosts that do not
implement DRP extension. DRP bits are backward compatible for both routers which set the DRP
bits and hosts that implement the DRP bits. The DRP of a default router is signalled using the
unused / Reserved bits of the RA message. DRP has to be manually configured and is configured
under the interface, the command structure is
R1# Config t
R1(config)# interface fa0/0
R1(config-if)# ipv6 nd router-preference High (Can be set to either High, Medium or Low)
RA messages are enabled by default on Ethernet and FDDI interfaces by enabling Ipv6 on the
router (issuing the command “ipv6 unicast-routing” on the router). However sending of RA
messages can be controlled on the router.
Target Address: IS the address to which the NA is directed to, so it will be the source address of the
NS to which the NA is being sent to as a response.
If the NA is being sent as an Unsolicited NA (that is not in response to any NS), then the target
address is the originator’s address. An Unsolicited NA is sent only to advertise a change, that is if
the node has changed its link layer address then to advertise it , an unsolicited NA is sent, and
therefor lists its own address as the target address.
The Options field of the NA can contain the target link-layer address, the link layer address of the
NA’s originating interface.
Redirect Message
For IPv6 address auto configuration an IPv6 enabled host determines its 64 bit Interface ID of the
address, using the MAC-to-EUI64 conversion mechanism. The MAC-to-EUI64 conversion takes
the 48 bit MAC address of the interface and converts it into 64 Bit Interface ID by inserting a
reserved 16-bit value of 0xFFFE in the middle of the MAC address and flips the MAC-U/L bit to 1
(universal). This gives the 64 Bit Interface ID.
The next step is to get the 64 Bit Prefix value and that will be the well known link local prefix
which has a value of FF80::/64. The newly derived 64 Bit Interface ID is attached to the 64 Bit
link local Prefix to get the address auto configured on the link. The host will have a full configured
IPv6 address which can be used on the local link to talk to other hosts on the same link. If the host
only needs to talk to other hosts on the same link then this derived link-local address is sufficient,
but if the host needs to talk to devices beyond the local link, then a global IPv6 address is needed
which can be acquired using either stateful or stateless auto-configuration.
With Stateful address auto configuration, the host will need to consult the DHCPv6 server to get
address and parameters.
With Stateless auto-configuration, the host will not have to consult the DHCPv6 server, the host
derives its 64 bit interface ID using the MAC-to-EUI64 conversion, then it attaches its 64 Bit
Interface ID to one or more link prefixes it has received in the RAs, resulting in a globally unique
IPv6 address.
This process guarantees that an IPv6 address acquired by an interface (either statefully or
statelessly) is unique on the link.
This process applies only to the interfaces acquiring the Unicast addresses and does not apply to
Anycast addresses.
Any node that gets a new IPv6 address classifies the address as tentative, and it cannot be used until
its verified that no other node on the link is using this address. To find out if the newly acquired
IPv6 unicast address is unique or not, the Node follows this process
1. Node will send an NS with the target address field set to the address to be verified
2.The source of the NS is set to unspecified address ::/0
3. The Destination of the NS is set to Solicited-Node Multicast address, which is derived by
prepending the prefix FF02:0:0:0:0:1: FF00::/104 to the last 24 bits of the target address. Reason for
doing this – “using a solicited-node multicast address ensures that if two nodes attempt to do a
Duplicate Address Detection on the same address simultaneously, they will detect each other.”.
If any node that receives the NS has an interface address that matches the target address in the
received NS, will send an NA back by setting the target address and the destination address to the
tentative address. The NS originating node upon receipt of the NA will know that the tentative
address is duplicate and cannot be used.
In the situation where the duplicate address detection fails, then the administrative intervention will
be needed to configure the IPv6 address on the host which failed to get the unique IPv6 address.
Is the process of discovering the link layer address of the destination. In IPv4 this is achieved by the
ARP, and in IPv6 its done using the NDP. The nodes already learn the link layer address of the
default router by looking into the RAs sent by the Router. If the destination is not on the same link
then the nodes will use the destination link layer address of the Default Router which they have
learnt from the RAs.
If the node is on the same link, then the IPv6 node first looks into its Neighbor Cache to check if the
L2 address is known ( Neighbor cache is very similar to ARP cache). If the address is there, it sends
the packet to the destination. But if the address is not found in the Neighbor cache then
1. The Neighbor address is entered in the Neighbor Cache as Incomplete, which indicates address
resolution is in progress.
2. An NS is sent to Solicited-node multicast address associated with the target address
3. The NS includes the Source Link-Layer option (type1), so the solicited node gets the link layer
address of the soliciting node and would know where to send an NA as a response back.
4. If No NA is received after sending three consecutive NS, then the neighbor address resolution
fails and an ICMP message of destination unreachable is returned for each packet queued for
transmission.
# ipv6 nd prefix <IPv6 Prefix> < Valid Lifetime> < Preferred Lifetime>
(Is issued under the interface)
Also you may need to make sure that the router is not suppressing RAs by issuing the command
under interface mode: # no ipv6 nd ra suppress
Configurations:
Router1
INT FA0/0
ipv6 address 2001:1111::/64 eui
ipv6 nd prefix 2001:1111::/64 infinite infinite
Clinet1
INT FA0/0
ipv6 address auto-config
The Client will also learn the default gateway through the RA it received. It will also install the link
local address of the Router as its default next-hop address. Note- by default the next-hop address
installed is the link local address on the link.