IPv6 Neighbor Discovery Protocol (NDP)

IPv6 Neighbor Discovery Protocol (NDP)

http://netcerts.net/ipv6-neighbor-discovery-
protocol-ndp/
IPv6 NDP uses 5 ICMPv6 messages for the neighbor discovery mechanism

1. Router Advertisement (RA)

RA messages are always originated by routers.
RA messages are used to indicate the presence of the Router on a link.
RA message carry link-specific parameters which the hosts on the link should use for their network
parameters configuration.
RA messages are sent periodically on a link and also sent in response to a Router Solicitation
message from a host.

2. Router Solicitation (RS)

RS messages are originated only by the hosts.
RS messages are originated by hosts to find the Routers on the link.
Routers respond to RS message by sending an RA.

3. Neighbor Solicitation (NS)

NS messages are originated by the nodes.
NS messages are originated by nodes to request the link layer address of another node.
NS messages are also used for duplicate address detection and neighbor unreachability detection.

4. Neighbor Advertisements (NA)

NA messages are almost always sent in response to an NS message from a node.
NA messages can be sent by a node when its link-layer address is changed. This NA message is
sent as an unsolicited NA to advertise its new address.

5. Redirect
Redirect messages are used in the same way as IPv4 ICMP redirect messages.
Redirect messages are always sent by the router to a host asking the host to update its routing
information.
Upon receiving a packet from a host, The router can sen Redirect message back to the host only
when a router knows that the best path for that host to reach the destination is another router and not
itself. On receiving the Redirect message the host can update its routing information, and send
subsequent packets directly to the other router.

Summary of ICMPv6 messages type 133 through 137 are used for IPv6 Neighbor Discovery

133 : Router Solicitation

134 : Router Advertisement
135 : Neighbor Solicitation
136 : Neighbor Advertisement
137 : Redirect
Router Advertisement (RA) Message

RA is ICMPv6 Type 134 and Code 0.

Source address of the Ipv6 packet encapsulating the RA is always IPv6 Link-Local address of the
interface.
The Destination address can be either the link-local address of the host which sent an RS requesting
for an RA or ALL-Nodes multicast address FF02::1 for the RA generated periodically by the router
with the default being 600Seconds (can be set between 4 and 1800 seconds) and the minimum
period between advertisement of RAs is 200 Seconds by default).

Unsolicited RAs are to be generated periodically by the router to make the presence of the router
known on the link. The Period between transmission of the RAs can be between 4 and 1800
seconds, and the default is 600 seconds. Also the minimum period between advertisement of RAs is
200 seconds by default.

RA Structure: The following fields are carried in the RA messages originated by the routers.

IPv6 Router Advertisement

RA Message Fields:
Type: ICMPv6 134 Always
Code: 0
Checksum: To compute the checksum values
Hop Limit: Indicates the hop limit value the hosts should give to the IPv6 packets on this link. Is set
to all Zeros if router does not specify any hop limit.
M: M-Bit is set by the Router to tell the hosts on the link to use the stateful address autoco-
nfiguration via DHCpv6. If the flag is cleared then hosts on the link should use stateless address
auto-configuration. M-Bit is also called as managed address configuration flag.
O: Also known as Other Stateful configuration flag and is set by router to tell the hosts to use
DHCPv6 for getting other link configuration parameters.
Router Lifetime: Specifies the lifetime of the default router in seconds and can be a max of 18.2
hours. If the router originating the RA is not the default router then this value will be set to 0.
Reachable Time: Is the time in milliseconds that a node should assume a neighbor is reachable after
the node has confirmation of its neighbor’s reachability.
Retransmit Timer: Specifies the minimum time between transmitted NS messages and specified in
milliseconds.
Options:
1. Link layer address of the router interface from where the RA was originated.
2. MTU of the Link
3. Prefixes assigned to the Link. This information helps hosts when stateless address configuration
is used, as the hosts will know what prefixes are being used on the link to configure their own
address.
4. Lifetime of each individual IPv6 prefix advertised in the RA options field.

If there are multiple routers on the link, then hosts can select one default router which can cause
suboptimal routing for the host, and can also cause redirects by the router to be sent. On Cisco
routers the Default Router Priority can be set in the RA, which indicates a preference of the default
router.
the Preference can be set to High, Medium or Low. These DRP bits are ignored by hosts that do not
implement DRP extension. DRP bits are backward compatible for both routers which set the DRP
bits and hosts that implement the DRP bits. The DRP of a default router is signalled using the
unused / Reserved bits of the RA message. DRP has to be manually configured and is configured
under the interface, the command structure is
R1# Config t
R1(config)# interface fa0/0
R1(config-if)# ipv6 nd router-preference High (Can be set to either High, Medium or Low)

RA messages are enabled by default on Ethernet and FDDI interfaces by enabling Ipv6 on the
router (issuing the command “ipv6 unicast-routing” on the router). However sending of RA
messages can be controlled on the router.

To disable originating RA messages from a Router: Under individual interfaces

R1(config-if)# ipv6 nd ra suppress
To Enable: (again under the individual interface)
R1(config-if)# no ipv6 nd ra suppress

Router Solicitation (RS) message

RS is ICMPv6 type 133 and Code 0

Source address of the IPv6 Packet encapsulating the RS can be one of the two
1. IPv6 address of the originating interface
2. Unspecified address ::/0 (All Zeros) if the host interface has not yet been assigned an IPv6
address
The destination address is the All-Routers multicast address which is FF02::2
The options field can carry the following information
1. Link layer address of the RS originating interface
2. If the source IPv6 address is sent as unspecified then the link layer address is not included in the
options field

Neighbor Solicitation (NS) Message

NS is ICMPv6 Type 135 and Code 0

Source address of the IPv6 Packet encapsulating the NS can be one of the two
1. IPv6 address of the originating interface
2. Unspecified address ::/0 (All Zeros) if the NS is sent for Duplicate Address Detection
The destination address of NS can be one of the two
1. Solicited-Node Multicast Address corresponding to the the target address
2. The Target address itself
note: Target address is the IPv6 address of the target of the solicitation and is never a multicast
address.
Options Field of the NS can contain the link-layer address of the interface originating the NS

Neighbor Advertisement (NA) Message

NA is ICMPv6 Type 136 and Code 0

Source Address of the IPv6 packet encapsulating the NS is always the IPv6 address of the
originating interface.
The Destination address can be one of the Two
1. Source address of the packet containing the NS for which the NA is being sent in response.
2. All-Nodes Multicast Address FF02::1
Flags:
R: The Router Flag, is set when the originator of the NA is a router.
S: The Solicited Flag, is set when the NA is being sent in response to an NS
O: The override Flag, is set to indicate that the information in this NA should override any existing
neighbor cache entry and update the link layer address. When O bit is cleared the NA will not
override the existing neighbor cache entry

Target Address: IS the address to which the NA is directed to, so it will be the source address of the
NS to which the NA is being sent to as a response.
If the NA is being sent as an Unsolicited NA (that is not in response to any NS), then the target
address is the originator’s address. An Unsolicited NA is sent only to advertise a change, that is if
the node has changed its link layer address then to advertise it , an unsolicited NA is sent, and
therefor lists its own address as the target address.

The Options field of the NA can contain the target link-layer address, the link layer address of the
NA’s originating interface.

Redirect Message

Redirect is ICMPv6 Type 137 and Code 0.

Source Address of the IPv6 packet encapsulating the Redirect message is always the Link-Local
IPv6 address of the interface which has originated the Redirect.
The Destination address is always the source address of the packet which triggered the Redirect.
The Target address of the Redirect is usually the Link-Local address of another router on the same
link.
The Destination address Field in the Redirect message will contain the IPv6 address of the
destination that will be redirected to the target address.
The Options field will contain the link layer address of the target.
The Options field will have a value of Type/Length/Value (TLV) triplets. The TLV consists of 8-Bit
Type which specifies the type of information its carrying, 8 Bit length which specifies the length in
units of 8 octets of the value field, and it also contains the variable length value field.
The Redirect message can contain a max value of 1280 bytes.

IPv6 Address Auto-configuration Process

For IPv6 address auto configuration an IPv6 enabled host determines its 64 bit Interface ID of the
address, using the MAC-to-EUI64 conversion mechanism. The MAC-to-EUI64 conversion takes
the 48 bit MAC address of the interface and converts it into 64 Bit Interface ID by inserting a
reserved 16-bit value of 0xFFFE in the middle of the MAC address and flips the MAC-U/L bit to 1
(universal). This gives the 64 Bit Interface ID.
The next step is to get the 64 Bit Prefix value and that will be the well known link local prefix
which has a value of FF80::/64. The newly derived 64 Bit Interface ID is attached to the 64 Bit
link local Prefix to get the address auto configured on the link. The host will have a full configured
IPv6 address which can be used on the local link to talk to other hosts on the same link. If the host
only needs to talk to other hosts on the same link then this derived link-local address is sufficient,
but if the host needs to talk to devices beyond the local link, then a global IPv6 address is needed
which can be acquired using either stateful or stateless auto-configuration.

With Stateful address auto configuration, the host will need to consult the DHCPv6 server to get
address and parameters.

With Stateless auto-configuration, the host will not have to consult the DHCPv6 server, the host
derives its 64 bit interface ID using the MAC-to-EUI64 conversion, then it attaches its 64 Bit
Interface ID to one or more link prefixes it has received in the RAs, resulting in a globally unique
IPv6 address.

Duplicate Address Detection Process

This process guarantees that an IPv6 address acquired by an interface (either statefully or
statelessly) is unique on the link.
This process applies only to the interfaces acquiring the Unicast addresses and does not apply to
Anycast addresses.

Any node that gets a new IPv6 address classifies the address as tentative, and it cannot be used until
its verified that no other node on the link is using this address. To find out if the newly acquired
IPv6 unicast address is unique or not, the Node follows this process

1. Node will send an NS with the target address field set to the address to be verified
2.The source of the NS is set to unspecified address ::/0
3. The Destination of the NS is set to Solicited-Node Multicast address, which is derived by
prepending the prefix FF02:0:0:0:0:1: FF00::/104 to the last 24 bits of the target address. Reason for
doing this – “using a solicited-node multicast address ensures that if two nodes attempt to do a
Duplicate Address Detection on the same address simultaneously, they will detect each other.”.

If any node that receives the NS has an interface address that matches the target address in the
received NS, will send an NA back by setting the target address and the destination address to the
tentative address. The NS originating node upon receipt of the NA will know that the tentative
address is duplicate and cannot be used.
In the situation where the duplicate address detection fails, then the administrative intervention will
be needed to configure the IPv6 address on the host which failed to get the unique IPv6 address.

Neighbor Address Resolution Process

Is the process of discovering the link layer address of the destination. In IPv4 this is achieved by the
ARP, and in IPv6 its done using the NDP. The nodes already learn the link layer address of the
default router by looking into the RAs sent by the Router. If the destination is not on the same link
then the nodes will use the destination link layer address of the Default Router which they have
learnt from the RAs.
If the node is on the same link, then the IPv6 node first looks into its Neighbor Cache to check if the
L2 address is known ( Neighbor cache is very similar to ARP cache). If the address is there, it sends
the packet to the destination. But if the address is not found in the Neighbor cache then

1. The Neighbor address is entered in the Neighbor Cache as Incomplete, which indicates address
resolution is in progress.
2. An NS is sent to Solicited-node multicast address associated with the target address
3. The NS includes the Source Link-Layer option (type1), so the solicited node gets the link layer
address of the soliciting node and would know where to send an NA as a response back.
4. If No NA is received after sending three consecutive NS, then the neighbor address resolution
fails and an ICMP message of destination unreachable is returned for each packet queued for
transmission.

How the IPv6 Stateless Auto Configuration works:

Router advertises its global Prefixes and itself as a default router in the RA messages, the clients
(hosts) use the EUI-64 to configure the host portion of the IPv6 address. Before configuring their
host portion the hosts go through the duplicate address detection process to make sure their address
is unique.

Stateless Auto Configuration Example:

Example showing how a router can be configured to give out the global prefixes through neighbor
discovery.
Command Structure For advertising the Prefix information through RA is

# ipv6 nd prefix <IPv6 Prefix> < Valid Lifetime> < Preferred Lifetime>
(Is issued under the interface)

Also you may need to make sure that the router is not suppressing RAs by issuing the command
under interface mode: # no ipv6 nd ra suppress
Configurations:

Router1
INT FA0/0
ipv6 address 2001:1111::/64 eui
ipv6 nd prefix 2001:1111::/64 infinite infinite

CLIENT ROUTER CONFIGURATION

Go under the interface and issue the command:
# ipv6 address auto-config

Clinet1
INT FA0/0
ipv6 address auto-config

The Client will also learn the default gateway through the RA it received. It will also install the link
local address of the Router as its default next-hop address. Note- by default the next-hop address
installed is the link local address on the link.