ICMPv6 & Neighbor Discovery Protocol: Learn It
This presentation is the property of its rightful owner.
Sponsored Links
1 / 74

ICMPv6 & Neighbor Discovery Protocol: Learn It Rick Graziani CS/CIS Instructor Cabrillo College PowerPoint PPT Presentation


  • 48 Views
  • Uploaded on
  • Presentation posted in: General

ICMPv6 & Neighbor Discovery Protocol: Learn It Rick Graziani CS/CIS Instructor Cabrillo College. Topics In this Presentation and An Introduction to ICMPv6. Internet Control Message Protocol (ICMPv6) . Described in RFC 4443 Much more robust than ICMP for IPv4

Download Presentation

ICMPv6 & Neighbor Discovery Protocol: Learn It Rick Graziani CS/CIS Instructor Cabrillo College

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

ICMPv6 & Neighbor Discovery Protocol: Learn It

Rick Graziani

CS/CIS Instructor

Cabrillo College


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Topics In this Presentation

and

An Introduction to ICMPv6


Internet control message protocol icmpv6

Internet Control Message Protocol (ICMPv6)

  • Described in RFC 4443

  • Much more robust than ICMP for IPv4

  • Contains new functionality and improvements.

  • More than just “messaging” but “how IPv6 conducts business”.

  • General message similar to ICMP for IPv4

  • Also uses Type and Code fields like in ICMPv4.

  • Two types of ICMPv6 messages

    • Error messages

    • Informational messages


Icmpv6 messages

ICMPv6 Messages

  • The ICMPv6 error messages are:

    • Destination Unreachable

    • Packet Too Big

    • Time Exceeded

    • Parameter Problem

  • ICMPv6 informational messages used by the ping command:

    • Echo Request

    • Echo Reply

Similar to ICMP for IPv4.

Quick look at these first.

We will familiarize ourselves with the IPv6 version of these.


Icmpv6 messages1

ICMPv6 Messages

  • ICMPv6 informational messages used for Multicast Listener Discovery (RFC 2710 ):

    • Multicast Listener Query

    • Multicast Listener Report

    • Multicast Listener Done

  • ICMPv6 informational messages used by Neighbor Discovery (RFC 4861):

    • Router Solicitation Message

    • Router Advertisement Message

    • Neighbor Solicitation Message

    • Neighbor Advertisement Message

    • Redirect Message

Similar to IGMP (Internet Group Message Protocol) for IPv4.

We won’t be covering these.

Most of our time will be spent on the first four of these.

Redirect Message is similar to Redirect Messages for IPv4.


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Stateless Address Autconfiguration

2001:0DB8:AAAA:0001::/64

ipv6 unicast-routing

R1

MAC Address

00-21-9B-D9-C6-44

PC1

Link-local address automatically created

1

Link-local address (Tentative)

Neighbor Solicitation Message

From: :: (Unspecified source address)

To: FF02::1:FFBB:66E1 (Solicited Node Multicast)

Target IPv6 Address: FE80::50A5:8A35:A5BB:66E1

DAD performed on

Link-local address

2

3

Global unicast address created using SLAAC

NDP Router Solicitation From: FE80::50A5:8A35:A5BB:66E1 To: FF02::2 (All-routers multicast)

NDP Router Advertisement From: FE80::1 To: FF02::1 (All-nodes multicast)

4

5

Addressing Information Added

6

Neighbor Solicitation Message

From: :: (Unspecified source address)

To: Solicited Node Multicast

Target IPv6 Address:

DAD performed on global unicast address


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Address Resolution (ARP in IPv4)

R1

2001:0DB8:AAAA:0001::/64

ipv6 unicast-routing

PC1> ping 2001:DB8:AAAA:1::200

2

5

1

Neighbor Cache

<empty until step 5>

MAC Address

00-1B-24-04-A2-1E

PC1

PC2

MAC Address

00-21-9B-D9-C6-44

2001:DB8:AAAA:1::100/64

2001:DB8:AAAA:1::200/64

FF02::1:FF00:200 (Solicited Node Multicast)

3

Neighbor Solicitation Message

From Ethernet MAC address:

00-21-9B-D9-C6-44

To Ethernet MAC address:

33-33-FF-00-02-00

(IPv6 Mapped Multicast)

From: 2001:DB8:AAAA:1::100

To: FF02::1:FF00:200 (Solicited Node Multicast)

Target IPv6 Address: 2001:DB8:AAAA:1::200

Link-layer address: 00:21:9B:D9:C6:44

Neighbor Advertisement Message

From Ethernet MAC address:

00-1B-24-04-A2-1E

To Ethernet MAC address:

00-21-9B-D9-C6-44

From: 2001:DB8:AAAA:1::200

To: 2001:DB8:AAAA:1::100

Target IPv6 Address: 2001:DB8:AAAA:1::200

Link-layer address: 00:1B:24:04:A2:1E

4


Neighbor cache fsm

  • Neighbor Solicitation (NS) = ARP Request

  • Neighbor Advertisement (NA) = ARP Reply

Neighbor Cache FSM

Neighbor Cache (“ARP Cache”)

Neighbor Solicitation (NS) sent

No Entry Exists

Incomplete

3 NS sent with no NA

Neighbor Advertisement (NA) received

Reachable Time exceeded (timeout)

Or

Unsolicited NA received

Reachable

NS sent and

Na received

Packet returned

Packet sent

5 sec

Delay

(Resolution pending)

Probe

(Reresolution in progress)

Stale – no action required

(Requires reresolution)

3 NS sent with no NA


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

General Message Format

ICMPv6 Error Messages


Next header and general message format

Next Header and General Message Format

IPv6 Next Header Value: 58 decimal or 3A hexadecimal

ICMPv6 Message Body

ICMPv6 Header

Next Header

58

IPv6 Header

IPv6 Data

ICMPv6 General Message Format (similar to ICMP for IPv4)

8

32

16

24

Code

Checksum

Type

Message Body


The first messages we will examine

The first messages we will examine…

  • The ICMPv6 error messages are:

    • Destination Unreachable

    • Packet Too Big

    • Time Exceeded

    • Parameter Problem

  • ICMPv6 informational messages used by the ping command:

    • Echo Request

    • Echo Reply

Similar to ICMP for IPv4.

Quick look at these first.

We will familiarize ourselves with the IPv6 version of these.


Destination unreachable message

Destination Unreachable Message

  • Sent when a packet cannot be delivered to its destination for reasons other than congestion.

  • A router (or a firewall) usually generates these messages.

  • Various code values give more detail, such as (4) port unreachable.


Packet too big message

Packet Too Big Message

  • Important difference with IPv6…

  • IPv4 routers fragment a packet when the MTU (Maximum Transmission Unit) of the outgoing link is smaller than the size of the packet.

    • The destination device is responsible for reassembling the fragmented packets.

  • IPv6 routers do not fragment packets (unless it is the source of the packet).


Path mtu discovery

MTU of outgoing link smaller than packet size – drop packet

Path MTU Discovery

Source

Destination

MTU = 1500

MTU = 1500

MTU = 1500

MTU = 1350

PC-B

PC-A

R2

R1

R3

IPv6 Packet with MTU = 1,500 bytes

1

ICMPv6 Packet Too Big message, use MTU 1,350

2

IPv6 Packet with MTU = 1,350 bytes

3

Packet Received

4


Time exceeded message

Time Exceeded Message

  • Before a router forwards an IPv6 packet it decrements the Hop Limit field by one.

  • If the Hop Limit (same as TTL in IPv4) results in a zero

  • Packet is dropped and a Time Exceeded message is sent to the source.


Parameter problem message

Parameter Problem Message

  • Generated when a receiving device finds a problem with a field in the main IPv6 header such as the Next Header field.

  • Means the device didn’t understand the information in the IPv6 header and had to discard it.


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

ICMPv6 Informational Messages:

Echo Request and Echo Reply


Icmpv6 echo request and echo reply messages

ICMPv6 Echo Request and Echo Reply Messages

Echo Reply: Type = 128

Echo Request: Type = 129

  • Like for IPv4, ICMPv6 Echo Request and Echo Reply are two ICMP messages used by ping.

8

32

16

24

Type = 128 or 129

Code = 0

Checksum

Identifier

Sequence Number

Data


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

IPv6 Topology

2001:0DB8:AAAA::/48

R1

R2

2001:0DB8:AAAA:2::/64

Fa0/0 .2

Fa0/1 .1

Fa0/0 .1

FE80::1/64

FE80::2/64

FE80::1/64

2001:0DB8:AAAA:1::/64

PC2

PC1

2001:0DB8:AAAA:1::200

2001:0DB8:AAAA:1::100

FE80::50A5:8A35:A5bb:66E1


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Ping global unicast address from PC1 to R1

PC1> ping 2001:db8:aaaa:1::1

Pinging 2001:db8:aaaa:1::1 from 2001:db8:aaaa:1::100 with 32 bytes of data:

Reply from 2001:db8:aaaa:1::1: time=1ms

Reply from 2001:db8:aaaa:1::1: time=1ms

Reply from 2001:db8:aaaa:1::1: time=1ms

Reply from 2001:db8:aaaa:1::1: time=1ms

Ping statistics for 2001:db8:aaaa:1::1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 1ms, Average = 1ms

PC1>


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Internet Protocol Version 6

0110 .... = Version: 6

.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 40

Next header: ICMPv6 (0x3a)

Hop limit: 128

Source: 2001:db8:aaaa:1::100

Destination: 2001:db8:aaaa:1::1

Internet Control Message Protocol v6

Type: 128 (Echo (ping) request)

Code: 0 (Should always be zero)

Checksum: 0x8f38 [correct]

ID: 0x0001

Sequence: 0

Data (32 bytes)

Echo Request from PC1 to R1


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Internet Protocol Version 6

0110 .... = Version: 6

.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 40

Next header: ICMPv6 (0x3a)

Hop limit: 64

Source: 2001:db8:aaaa:1::1

Destination: 2001:db8:aaaa:1::100

Internet Control Message Protocol v6

Type: 129 (Echo (ping) reply)

Code: 0 (Should always be zero)

Checksum: 0x8e38 [correct]

ID: 0x0001

Sequence: 0

Data (32 bytes)

Echo Reply from R1 to PC1


Ping link local address from r1 to pc1

Ping link-local address from R1 to PC1

R1# ping fe80::50a5:8a35:a5bb:66e1

Output Interface: fastethernet 0/0

% Invalid interface. Use full interface name without spaces (e.g. Serial0/1)

Output Interface: fastethernet0/0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to FE80::50A5:8A35:A5BB:66E1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

R1#


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Internet Protocol Version 6

0110 .... = Version: 6

.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 60

Next header: ICMPv6 (0x3a)

Hop limit: 64

Source: fe80::1

Destination: fe80::50a5:8a35:a5bb:66e1

Internet Control Message Protocol v6

Type: 128 (Echo (ping) request)

Code: 0 (Should always be zero)

Checksum: 0x0444 [correct]

ID: 0x0a24

Sequence: 0

Data (52 bytes)

Echo Request: Link-local address from R1 to PC1


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Internet Protocol Version 6

0110 .... = Version: 6

.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 60

Next header: ICMPv6 (0x3a)

Hop limit: 64

Source: fe80::50a5:8a35:a5bb:66e1

Destination: fe80::1

Internet Control Message Protocol v6

Type: 129 (Echo (ping) reply)

Code: 0 (Should always be zero)

Checksum: 0x0344 [correct]

ID: 0x0a24

Sequence: 0

Data (52 bytes)

Echo Reply: Link-local address from PC1 to R1


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

  • ICMPv6 Informational Messages

  • Used by Neighbor Discovery

    • Router Solicitation Message

    • Router Advertisement Message

    • Neighbor Solicitation Message

    • Neighbor Advertisement Message

    • Redirect Message


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Router Solicitation &

Router Advertisement Messages

and

SLAAC (Stateless Address Autoconfiguration)


Hosts and addressing

Hosts and Addressing

  • Static configuration

  • Stateless Address Autoconfiguration (SLAAC)

    • SLAAC only

    • SLAAC with DHCPv6

    • Note: Host OS determines if it will use EUI-64 or random value for Interface ID

  • StatefulAutoconfiguration

    • DHCPv6 only


Stateless address autoconfiguration slaac

Stateless Address Autoconfiguration (SLAAC)

RouterA

  • Stateless Address Autoconfiguration (SLAAC) is an automatic method for assigning global unicast addresses to interfaces.

    • Defined in RFC 4862, IPv6 Stateless Address Autoconfiguration

  • Uses:

    • Prefix and other information from -> ND Router Advertisement

    • Interface ID from -> IEEE modified EUI-64 format or random value

  • No need for DHCPv6 server (unless need DNS)

ipv6 unicast-routing

MAC: 00-19-D2-8C-E0-4C

1

NDP Router Solicitation

2

NDP Router Advertisement

EUI-64


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

R1

ipv6 unicast-routing

DHCPv6 Server

  • Router Solicitation and Router Advertisement messages are about communications between a host and a router.

  • Router Advertisement includes:

    • Prefix, prefix-length, default-gateway, MTU, Hop limit and more.

  • R1(config)# ipv6 unicast-routing

NDP Router Advertisement

NDP Router Solicitation “Need information from the router”

Time for me to send out a Router Advertisement

I just booted up, send me a Router Advertisement


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

R1

ipv6 unicast-routing

DHCPv6 Server

2

NDP Router Advertisement

“I’m everything you need (Prefix, Prefix-length, Default Gateway)”

Or

“Here is my information but you need to get other information such as DNS addresses from a DHCPv6 server.”

Or

“I can’t help you. Ask a DHCPv6 server for all your information.”

1

NDP Router Solicitation “Need information from the router”

  • The router’s Router Advertisement can determine how the host gets its dynamic address configuration.

  • ipv6 unicast-routing command enables router to send Router Advertisements.


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

R1

ipv6 unicast-routing

MAC: 00-19-D2-8C-E0-4C

1

NDP Router Solicitation

2

NDP Router Advertisement

Prefix: 2001:DB8:AAAA:1::

Prefix-length: /64

To: FF02::1 (All-hosts multicast)

From: FE80::1 (Link-local address)

EUI-64

3

Prefix: 2001:DB8:AAAA:1::

Prefix-length: /64

EUI-64 Interface ID: 02-19-D2-FF-FE-8C-E0-4C

Global Unicast Address:

2001:DB8:AAAA:1:0219:D2FF:FE8C:E04C

Default Gateway: FE80::1 (Default Router List)

  • PC1> ipconfig

  • IPv6 Address. . . . . . : 2001:DB8:AAAA:1:0219:D2FF:FE8C:E04C

  • Default Gateway . . . . :fe80::1

4

Duplicate Address Detection (DAD)


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

R1

ipv6 unicast-routing

1

NDP Router Solicitation

Stateless Addressing

DHCPv6 Addressing

DHCPv6 Server

NDP Router Advertisement

“Here is my information but you need to get other information such as DNS addresses from a DHCPv6 server.”

Or

“I can’t help you. Ask a DHCPv6 server for all your information.”

2

3

DHCPv6 Solicit Message

“I need a DHCPv6 Server.”

4

DHCPv6 Advertise Message

“I’m a DHCPv6 Server.”

5

DHCPv6 Request Message

“I need addressing information.

DHCPv6 Reply Message

“Here is your address and other information.”

6

7

Duplicate Address Detection (DAD)


A closer look at the protocol

ICMPv6 Router Solicitation Message

A closer look at the protocol

24

16

32

8

Type = 133

Code = 0

Checksum

Reserved

Valid Options:

Source link-layer address

ICMPv6 Router Advertisement Message

8

32

16

24

Type = 134

Code = 0

Checksum

Cur Hop Limit

Router Lifetime

O

M

Reserved

Reachable Time

Retrans Time

Possible Options:

Source link-layer address

MTU

Prefix Information


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

R1

2001:0DB8:AAAA:0001::/64

ipv6 unicast-routing

MAC: 00-21-9B-D9-C6-44

1

NDP Router Solicitation From: FE80::50A5:8A35:A5BB:66 To: FF02::2 (All-routers multicast)

Randomly generated Inter ID

PC1

Link-local address: FE80::50A5:8A35:A5BB:66E1

NDP Router Advertisement

From: FE80::1

To: FF02::1 (All-nodes multicast)

Prefix: 2001:DB8:AAAA:1::

Prefix-length: /64

2

3

Prefix: 2001:DB8:AAAA:1::

[EUI-64: Not used, Interface ID is randomly generated]

Global Unicast Address:

2001:DB8:AAAA:1:50A5:8A35:A5BB:66E1

Prefix-length: /64

4

Default Router List

Default Gateway: FE80::1


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 33:33:00:00:00:02

Internet Protocol Version 6

0110 .... = Version: 6 [Traffic class and Flowlabel not shown]

Payload length: 16

Next header: ICMPv6 (0x3a)

Hop limit: 255

Source: fe80::50a5:8a35:a5bb:66e1

Destination: ff02::2

Internet Control Message Protocol v6

Type: 133 (Router solicitation)

Code: 0

Checksum: 0x3277 [correct]

ICMPv6 Option (Source link-layer address)

Type: Source link-layer address (1)

Length: 8

Link-layer address: 00:21:9b:d9:c6:44

All IPv6 routers multicast MAC address

Next header is an ICMPv6 header

Link-local address of PC1

All-routers multicast address

Router Solicitation message

Router Solicitation (RS) from PC1

MAC address of PC1 but

RA sent as all-host multicast


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

R1(config)# ipv6 unicast-routing

R1# show ipv6 interface fastethernet 0/0

FastEthernet0/0 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::1

Global unicastaddress(es):

2001:DB8:AAAA:1::1, subnet is 2001:DB8:AAAA:1::/64

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF00:1

MTU is 1500 bytes

<output omitted for brevity>

ND advertised retransmit interval is 0 milliseconds

ND router advertisements are sent every 200 seconds

ND router advertisements live for 1800 seconds

Hosts use stateless autoconfig for addresses.

R1#

All-routers multicast group


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Router Advertisement (RA) from Router R1

Ethernet II, Src: 00:03:6b:e9:d4:80, Dst: 33:33:00:00:00:01

Internet Protocol Version 6

0110 .... = Version: 6

.... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 64

Next header: ICMPv6 (0x3a)

Hop limit: 255

Source: fe80::1

Destination: ff02::1

All IPv6 hosts multicast MAC address

Next Header is an ICMPv6 header

Link-local address of R1. Added to the Default Router List and is the address hosts will use as their default gateway

All-nodes multicast group


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Internet Control Message Protocol v6

Type: 134 (Router advertisement)

Code: 0

Cur hop limit: 64

Flags: 0x00

ICMPv6 Option (Source link-layer address)

Type: Source link-layer address (1)

Length: 8

Link-layer address: 00:03:6b:e9:d4:80

ICMPv6 Option (MTU)

Type: MTU (5)

Length: 8

MTU: 1500

ICMPv6 Option (Prefix information)

Type: Prefix information (3)

Length: 32

Prefix Length: 64

Prefix: 2001:db8:aaaa:1::

Router Advertisement from Router R1 – some fields omitted

Recommended Hop Limit value for hosts

M and O flags indicate that no information is available via DHCPv6

R1’s MAC address

MTU of the link.

Prefix-length (/64) to be used for autoconfiguration.

Prefix of this network to be used for autoconfiguration


M and o flags

M and O Flags

Internet Control Message Protocol v6

Type: 134 (Router advertisement)

Code: 0

Cur hop limit: 64

Flags: 0x00

<output omitted for brevity?

  • M Flag:Managed Address Configurationflag

    • Tells the host whether to use the configuration information in this Router Advertisement (SLAAC by default) or to get all of its information from a DHCPv6 server.

  • O Flag:Other Configurationflag

    • When SLAAC is being used (using the RA), it tells the host whether more information (like DNS) is available from a DHCPv6 server.

Router Advertisement message

M and O flags


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

R1

ipv6 unicast-routing

DHCPv6 Server

NDP Router Advertisement

M Flag

SLAAC or DHCPv6?

M Flag = 0 (Default)

Use SLAAC, info in RA, prefix, etc.

M Flag = 1

Use DHCPv6 for everything

  • R1(config)# ipv6 managed-config-flag

X

O Flag

Additional information

via DHCPv6?

O Flag = 0 (Default)

No additional information via DHCPv6

X

O Flag = 1

Additional information via DHCPv6 like DNS address

  • R1(config)# ipv6 other-config-flag


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Address Resolution


Neighbor solicitation and neighbor advertisement

Neighbor Solicitation and Neighbor Advertisement

  • Two more protocols used with ICMPv6 Neighbor Discovery:

    • Neighbor Solicitation

    • Neighbor Advertisement

  • Used by a device to:

    • Request layer 2 address information from another device on the same network

    • Provide this information to the requesting device.

  • Part of three important processes:

    • Address resolution (like ARP in IPv4)

    • Duplicate Address Detection (DAD)

    • Neighbor Unreachability Detection (NUD)


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

ICMPv6 Neighbor Solicitation Message

If this is your Target IPv6 Address please send me your MAC address.

ICMPv6 Neighbor Advertisement Message

The Target IPv6 Address you are looking for belongs to me, here is my layer 2 (MAC) address.


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Address Resolution (ARP in IPv4)

R1

2001:0DB8:AAAA:0001::/64

ipv6 unicast-routing

PC1> ping 2001:DB8:AAAA:1::200

2

5

1

Neighbor Cache

<empty until step 5>

MAC Address

00-1B-24-04-A2-1E

PC1

PC2

MAC Address

00-21-9B-D9-C6-44

2001:DB8:AAAA:1::100/64

2001:DB8:AAAA:1::200/64

FF02::1:FF00:200 (Solicited Node Multicast)

3

Neighbor Solicitation Message

From Ethernet MAC address:

00-21-9B-D9-C6-44

To Ethernet MAC address:

33-33-FF-00-02-00

(IPv6 Mapped Multicast)

From: 2001:DB8:AAAA:1::100

To: FF02::1:FF00:200 (Solicited Node Multicast)

Target IPv6 Address: 2001:DB8:AAAA:1::200

MAC address of PC1: 00:21:9B:D9:C6:44

Neighbor Advertisement Message

From Ethernet MAC address:

00-1B-24-04-A2-1E

To Ethernet MAC address:

00-21-9B-D9-C6-44

From: 2001:DB8:AAAA:1::200

To: 2001:DB8:AAAA:1::100

Target IPv6 Address: 2001:DB8:AAAA:1::200

MAC address of PC2: 00:1B:24:04:A2:1E

4


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

What about that Solicited Node Multicast?

IPv6 Addressing

Unicast

Multicast

Anycast

Assigned

Solicited Node

FF00::/8

FF02::1:FF00:0000/104

Embedded IPv4

Unspecified

Unique Local

Global Unicast

Link-Local

Loopback

FC00::/7

FDFF::/7

2000::/3

3FFF::/3

::1/128

::/128

::/80

FE80::/10

FEBF::/10


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

NIC: I will also listen for my MAC multicast addresses

IP: I will also listen for my IP multicast addresses (Global and Link-local)

  • Why Solicited Node Addresses?

  • Devices also have solicited node multicast addresses

  • Broadcasts are sent to all devices.

  • Devices must process all broadcasts at least to layer 3.

  • Solicited Node Multicasts are only processed by those devices with the matching last 24 bits (usually one device).

  • If I know the IPv6 address but not the MAC address I can send it to a solicited node addresses instead of a broadcast to everyone…

PC-2

Broadcasts

Global Unicast Address:

Solicited Node Multicast(Global):

MAC Unicast Address:

Multicast (MAC):

2001:0DB8:AAAA:0001:0000:0000:0000:0200

FF02::1:FF00:200

00-1B-24-04-A2-1E

33-33-FF-00-02-00


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

PC2’s Global Unicast Address

Global Routing Prefix

Interface ID

Subnet ID

24 bits

104 bits

2001:0DB8:AAAA

0001

0000:0000:00

00:0200

Copy

PC2’s IPv6 Solicited-Node Multicast Address

FF02

0000

0000

0000

0000

0001

FF

00:0200

Copy

Solicited-node Multicast address mapped to Ethernet destination MAC address

FF-00-02-00

33-33

PC2’s IPv6 Solicited-node multicast address: FF02::1:FF00:200

PC2’s mapped solicited-node Ethernet multicast address : 33-33-FF-00-02-00


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Neighbor Solicitation from PC1 (ARP Request)

Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 33:33:ff:00:02:00

Internet Protocol Version 6

0110 .... = Version: 6

.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 32

Next header: ICMPv6 (0x3a)

Hop limit: 255

Source: 2001:db8:aaaa:1::100

Destination: ff02::1:ff00:200

Internet Control Message Protocol v6

Type: 135 (Neighbor solicitation)

Code: 0

Checksum: 0xbbab [correct]

Reserved: 0 (Should always be zero)

Target: 2001:db8:aaaa:1::200

ICMPv6 Option (Source link-layer address)

Type: Source link-layer address (1)

Length: 8

Link-layer address: 00:21:9b:d9:c6:44

Mapped multicast address for PC2

Next header is an ICMPv6 header

Global unicastaddress of PC1

Solicited-node multicast address of PC2

Neighbor Solicitation message

Target IPv6 address, needing MAC address

MAC address of the sender, PC1


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Neighbor Advertisement from PC2 (ARP Reply)

Ethernet II, Src: 00:1b:24:04:a2:1e, Dst: 00:21:9b:d9:c6:44

Internet Protocol Version 6

0110 .... = Version: 6

.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 32

Next header: ICMPv6 (0x3a)

Hop limit: 255

Source: 2001:db8:aaaa:1::200

Destination: 2001:db8:aaaa:1::100

Internet Control Message Protocol v6

Type: 136 (Neighbor advertisement)

Code: 0

Checksum: 0x1b4d [correct]

Flags: 0x60000000

Target: 2001:db8:aaaa:1::200

ICMPv6 Option (Target link-layer address)

Type: Target link-layer address (2)

Length: 8

Link-layer address: 00:1b:24:04:a2:1e

Unicast MAC address of PC2

Next header is an ICMPv6 header

Global unicastaddress of PC2

Global unicastaddress of PC1

Neighbor Advertisement message

1 1 0 – Router Flag = 1, Solicitation Flag = 1, Override Flag = 0

IPv6 address of the sender, PC2

MAC address of the sender, PC2


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

R1

2001:0DB8:AAAA:0001::/64

ipv6 unicast-routing

PC1> ping 2001:DB8:AAAA:1::200

2

5

1

Neighbor Cache

<empty until step 5>

MAC Address

00-1B-24-04-A2-1E

PC1

PC2

MAC Address

00-21-9B-D9-C6-44

2001:DB8:AAAA:1::100/64

2001:DB8:AAAA:1::200/64

FF02::1:FF00:200 (Solicited Node Multicast)

3

Neighbor Solicitation

4

Neighbor Advertisement

6

ICMPv6 Echo Request

From Ethernet MAC address:

00-21-9B-D9-C6-44

To: Ethernet MAC address:

00-1B-24-04-A2-1E

From: 2001:DB8:AAAA:1::100

To: 2001:DB8:AAAA:1::100

ICMPv6 Echo Reply

From: Ethernet MAC address:

00-1B-24-04-A2-1E

To: Ethernet MAC address:

00-21-9B-D9-C6-44

From: 2001:DB8:AAAA:1::200

To: 2001:DB8:AAAA:1::100

7


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 00:1b:24:04:a2:1e

Internet Protocol Version 6

0110 .... = Version: 6

.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 40

Next header: ICMPv6 (0x3a)

Hop limit: 128

Source: 2001:db8:aaaa:1::100

Destination: 2001:db8:aaaa:1::200

Internet Control Message Protocol v6

Type: 128 (Echo (ping) request)

Code: 0 (Should always be zero)

Checksum: 0x7b37 [correct]

ID: 0x0001

Sequence: 13

Data (32 bytes)

ICMPv6 Echo Request from PC1


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Ethernet II, Src: 00:1b:24:04:a2:1e, Dst: 00:21:9b:d9:c6:44

Internet Protocol Version 6

0110 .... = Version: 6

.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 40

Next header: ICMPv6 (0x3a)

Hop limit: 64

Source: 2001:db8:aaaa:1::200

Destination: 2001:db8:aaaa:1::100

Internet Control Message Protocol v6

Type: 129 (Echo (ping) reply)

Code: 0 (Should always be zero)

Checksum: 0x7a37 [correct]

ID: 0x0001

Sequence: 13

Data (32 bytes)

ICMPv6 Echo Reply from PC2


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Duplicate Address Detection


Duplicate address detection dad

Duplicate Address Detection (DAD)

  • Duplicate Address Detection (DAD) – Used to determine whether or not an address it wishes to use is already employed in use.

  • Similar to a gratuitous ARP in IPv4.

  • With some exceptions, RFC 4861 recommends that DAD be performed on every unicast address before it is assigned to an interface.


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

R1

ipv6 unicast-routing

2001:0DB8:AAAA:0001::/64

Duplicate Address Detection (DAD)

For Link-local address

MAC Address

00-21-9B-D9-C6-44

PC1

Link-local address (Tentative) – Used Random Interface ID

FE80::50A5:8A35:A5BB:66E1

1

Neighbor Solicitation Message

From Ethernet MAC address: 00-21-9B-D9-C6-44

To Ethernet MAC address:

33-33-FF-BB-66-E1 (IPv6 Mapped Multicast)

From: :: (Unspecified source address – I don’t have an IPv6 address yet)

To: FF02::1:FFBB:66E1 (Solicited Node Multicast)

Target IPv6 Address: FE80::50A5:8A35:A5BB:66E1

2

Neighbor Advertisement Message if it is in use…

To: FF02::1 (All-nodes multicast)

3


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Neighbor Cache


Neighbor cache

Neighbor Cache

  • Similar to ARP tables in IPv4, the Neighbor Cache keeps track of the reachability of neighbors: IPv6 address and MAC address mappings.

  • The Neighbor Cache entry can be in one of five states (RFC 4861):

  • Reachable: Packets have recently been received providing confirmation that this device is reachable.

  • Stale: A certain time period has elapsed since a packet has been received from this address.

  • Other three: (We will talk about all of these)

    • INCOMPLETE—Address resolution is in progress, and the link-layer address is not yet known.

    • DELAY—Neighbor is pending re-resolution, and traffic might flow to this neighbor.

    • PROBE—Neighbor re-resolution is in progress, and traffic might flow to this neighbor.


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Neighbor Cache (“ARP Cache”) for R1

R1# show ipv6 neighbors

IPv6 Address Age Link-layer Addr State Interface

FE80::50A5:8A35:A5BB:66E1 16 0021.9bd9.c644 STALE Fa0/0

2001:db8:aaaa:1::100 16 0021.9bd9.c644 STALE Fa0/0

R1# ping 2001:db8:aaaa:1::100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA:1::100, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R1# show ipv6 neighbors

IPv6 Address Age Link-layer Addr State Interface

FE80::50A5:8A35:A5BB:66E1 16 0021.9bd9.c644 STALE Fa0/0

2001:DB8:AAAA:1::100 0 0021.9bd9.c644 REACH Fa0/0

R1#


Neighbor cache fsm1

  • Neighbor Solicitation (NS) = ARP Request

  • Neighbor Advertisement (NA) = ARP Reply

Neighbor Cache FSM

Neighbor Cache (“ARP Cache”)

Neighbor Solicitation (NS) sent

No Entry Exists

Incomplete

3 NS sent with no NA returned

Neighbor Advertisement (NA) received

Reachable Time exceeded (timeout)

Or

Unsolicited NA received

Reachable

NS sent and

NA received

Packet returned

Packet sent

5 sec

Delay

(Resolution pending)

Probe

(Reresolution in progress)

Stale – no action required

(Requires reresolution)

3 NS sent with no NA returned


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

To summarize…


Internet control message protocol icmpv61

Internet Control Message Protocol (ICMPv6)

  • Described in RFC 4443

  • Much more robust than ICMP for IPv4

  • Contains new functionality and improvements.

  • General message similar to ICMP for IPv4

  • Also uses Type and Code fields like in ICMPv4.

  • Two types of ICMPv6 messages

    • Error messages

    • Informational messages


Icmpv6 messages2

ICMPv6 Messages

  • The ICMPv6 error messages are:

    • Destination Unreachable

    • Packet Too Big

    • Time Exceeded

    • Parameter Problem

  • ICMPv6 informational messages used by the ping command:

    • Echo Request

    • Echo Reply

Similar to ICMP for IPv4.

Quick look at these first.


Icmpv6 messages3

ICMPv6 Messages

  • ICMPv6 informational messages used for Multicast Listener Discovery (RFC 2710 ):

    • Multicast Listener Query

    • Multicast Listener Report

    • Multicast Listener Done

  • ICMPv6 informational messages used by Neighbor Discovery (RFC 4861):

    • Router Solicitation Message

    • Router Advertisement Message

    • Neighbor Solicitation Message

    • Neighbor Advertisement Message

    • Redirect Message

Similar to IGMP (Internet Group Message Protocol) for IPv4.

We won’t be covering these.

Most of our time will be spent on the first four of these.

Redirect Message is similar to Redirect Messages for IPv4.


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Stateless Address Autconfiguration

2001:0DB8:AAAA:0001::/64

ipv6 unicast-routing

R1

MAC Address

00-21-9B-D9-C6-44

PC1

Link-local address automatically created

1

Link-local address (Tentative)

Neighbor Solicitation Message

From: :: (Unspecified source address)

To: FF02::1:FFBB:66E1 (Solicited Node Multicast)

Target IPv6 Address: FE80::50A5:8A35:A5BB:66E1

DAD performed on

Link-local address

2

3

Global unicast address created using SLAAC

NDP Router Solicitation From: FE80::50A5:8A35:A5BB:66E1 To: FF02::2 (All-routers multicast)

NDP Router Advertisement From: FE80::1 To: FF02::1 (All-nodes multicast)

4

5

Addressing Information Added

6

Neighbor Solicitation Message

From: :: (Unspecified source address)

To: Solicited Node Multicast

Target IPv6 Address:

DAD performed on global unicast address


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Address Resolution (ARP in IPv4)

R1

2001:0DB8:AAAA:0001::/64

ipv6 unicast-routing

PC1> ping 2001:DB8:AAAA:1::200

2

5

1

Neighbor Cache

<empty until step 5>

MAC Address

00-1B-24-04-A2-1E

PC1

PC2

MAC Address

00-21-9B-D9-C6-44

2001:DB8:AAAA:1::100/64

2001:DB8:AAAA:1::200/64

FF02::1:FF00:200 (Solicited Node Multicast)

3

Neighbor Solicitation Message

From Ethernet MAC address:

00-21-9B-D9-C6-44

To Ethernet MAC address:

33-33-FF-00-02-00

(IPv6 Mapped Multicast)

From: 2001:DB8:AAAA:1::100

To: FF02::1:FF00:200 (Solicited Node Multicast)

Target IPv6 Address: 2001:DB8:AAAA:1::200

MAC address of PC1: 00:21:9B:D9:C6:44

Neighbor Advertisement Message

From Ethernet MAC address:

00-1B-24-04-A2-1E

To Ethernet MAC address:

00-21-9B-D9-C6-44

From: 2001:DB8:AAAA:1::200

To: 2001:DB8:AAAA:1::100

Target IPv6 Address: 2001:DB8:AAAA:1::200

MAC address of PC2: 00:1B:24:04:A2:1E

4


Neighbor cache fsm2

  • Neighbor Solicitation (NS) = ARP Request

  • Neighbor Advertisement (NA) = ARP Reply

Neighbor Cache FSM

Neighbor Cache (“ARP Cache”)

Neighbor Solicitation (NS) sent

No Entry Exists

Incomplete

3 NS sent with no NA returned

Neighbor Advertisement (NA) received

Reachable Time exceeded (timeout)

Or

Unsolicited NA received

Reachable

NS sent and

NA received

Packet returned

Packet sent

5 sec

Delay

(Resolution pending)

Probe

(Reresolution in progress)

Stale – no action required

(Requires reresolution)

3 NS sent with no NA returned


For more information

For more information

Shameless plug!

  • Web site: www.cabrillo.edu/~rgraziani

  • Username = cisco

  • Password = perlman

  • Email: [email protected]

  • At the end of these slides are some additional slides on the Destination Cache and configuring a router a a stateless DHCPv6 server.

IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6

By Rick Graziani


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

Thank you!!!

Questions?


A quick word about the destination cache

A quick word about the Destination Cache

  • Stores next-hop addresses for destinations to which traffic has recently been sent.

  • Entries in the destination cache contain the:

    • Destination IP address (either local or remote)

    • Previously resolved next-hop address

    • Path MTU for the destination.

  • Generally applies to hosts.

  • Cisco command to display IPv6 MTU per destination cache:

    • show ipv6 mtu


Stateless dhcpv6 configuration on r1

Stateless DHCPv6 configuration on R1

DHCPv6 configuration pool commands

R1(config)# ipv6 dhcp pool cafe-1-pool

R1(config-dhcp)# dns-server 2001:db8:cafe:2::d001

R1(config-dhcp)# exit

R1(config)# interface fa 0/0

R1(config-if)# ipv6 dhcp server cafe-1-pool

R1(config-if)# ipv6 nd other-config-flag

R1(config-if)# end

R1#

Enables DHCPv6 service on the interface.

Sets the Router Advertisement O flag (Other Configuration Flag) to 1


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

R1# show ipv6 interface fastethernet 0/0

FastEthernet0/0 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::1

No Virtual link-local address(es):

Global unicastaddress(es):

2001:DB8:CAFE:1::1, subnet is 2001:DB8:CAFE:1::/64

Joined group address(es):

FF02::1

FF02::2

FF02::5

FF02::6

FF02::1:2

FF02::1:FF00:1

MTU is 1500 bytes

<output omitted for brevity>

ND router advertisements are sent every 200 seconds

ND router advertisements live for 1800 seconds

ND advertised default router preference is Medium

Hosts use stateless autoconfig for addresses.

Hosts use DHCP to obtain other configuration.

R1#

Verifying Router Advertisement Flags

All_DHCP_Relay_Agents_and_Servers multicast group

Router Advertisement M Flag set to 0

Router Advertisement O Flag set to 1


Icmpv6 neighbor discovery protocol learn it rick graziani cs cis instructor cabrillo college

PC-1C> ipconfig /all

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) 82567LM-3 Gigabit Network Connection

Physical Address. . . . . . . . . : B8-AC-6F-20-2A-90

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:db8:cafe:1:e5ff:dd92:a512:19c6(Preferred)

Link-local IPv6 Address . . . . . : fe80::e5ff:dd92:a512:19c6

Default Gateway . . . . . . . . . : fe80::1

DHCPv6 IAID . . . . . . . . . . . : 250629538

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-EF-49-66-B8-AC-6F-20-2A-90

DNS Servers . . . . . . . . . . . : 2001:db8:cafe:2::d001


  • Login