CMPT 471 Networking II - PowerPoint PPT Presentation

cmpt 471 networking ii n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
CMPT 471 Networking II PowerPoint Presentation
Download Presentation
CMPT 471 Networking II

play fullscreen
1 / 31
CMPT 471 Networking II
87 Views
Download Presentation
justis
Download Presentation

CMPT 471 Networking II

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. CMPT 471Networking II Address Resolution IPv6 Neighbor Discovery

  2. ADDRESS RESOLUTION NEIGHBOR UNREACHABILITY DETECTION DUPLICATE ADDRESS DETECTION Modified from the TCP/IP Guide (online)

  3. Neighbor Discovery • When a network uses the IPv6 protocol ARP is replaced with part of the Neighbor Discovery protocol (ND) • ND is a part of the ICMPv6 protocol, which also replaces ICMPv4 • Just as ARP has a cache, so does the ND protocol. ND cache holds more information

  4. Neighbor cache • A set of entries about individual neighbors to which traffic has been sent recently. • unicast IP address • link-layer address (Ethernet) • flag is the neighbor a router or a host • the reachability state • the number of unanswered probes • the time the next Neighbor Unreachability Detection event is scheduled

  5. Entry states in neighbor cache • INCOMPLETE Address resolution in progress • REACHABLE verified up to tens of seconds ago • STALE not known to be reachable but until traffic is sent no verification done • DELAY not known to be reachable, traffic has recently been sent wait for upper-layer protocols to confirm • PROBE no longer known to be reachable send Solicitation probes to verify reachability.

  6. Address Resolution: Why • When an IPv6 host A wishes to send application data, the data is encapsulated and passed down through the layers of the protocol stack (Just like IPv4) • To send the Ethernet frame it is necessary to have or to obtain the Ethernet address of the next hop destination (host B), given the IP address of B

  7. Address resolution: when • Want the link layer address (Ethernet) corresponding to the IP of B, the next hop, First check the neighbor cache for an entry for the IP of B • If there is an entry use the corresponding Ethernet address • If there is no entry in the neighbor cache then we must perform address resolution.

  8. Address resolution: first steps • Begin by queuing packet to be sent • Then create an entry in the neighbor cache of A with INCOMPLETE state • Contains IP address of the next hop destination • A builds a neighbor solicitation packet. • Send the neighbor solicitation packet to the solicited-node multicast address of B

  9. Neighbor solicitation message TRAFFIC CLASS VERS 6 FLOW LABEL HOP LIMIT 255 PAYLOAD LENGTH NEXT HEADER IPv6 header IPv6 source address (address of A) IPv6 destination address (solicited-node multicast address of B) TYPE (135) CODE 0 CHECKSUM Neighbor solicitation Message (ICMP) RESERVED (set to 0) IPv6 TARGET ADDRESS (link local IP ADDRESS of B) OPTIONS (VARIABLE LENGTH Ethernet Address of source host A.

  10. Solicited-node multicast address • The solicited-node address can be determined directly from the IP address • Add last 24 bits of IP address to the prefix ff02::1:ff00:0/104 • In the data link layer the equivalent Ethernet address is 33-33-FF-Last 24 bits of IP FF02 (16 bits) 0 (72 bits all 0) 01 FF Last 24 bits of IP address

  11. Efficiency of Solicited-node • For IPv4 ARP requests are broadcast to reach all nodes on the local network segment. This means all nodes must process every ARP request to see if their address matches • For IPv6 there are 224 solicited-node multicast addresses that replace the single broadcast address. • For any particular host there will be fewer IPv6 requests to process neighbor solicitations than there would be IPv4 requests to process ARP request messages. • Only 1/224 of the possible addresses will interrupt any given host. • IPv4 hosts are not interrupted at all

  12. Address resolution: next step • The neighbor solicitation packet is received by the destination (and perhaps a few other nodes in the same solicited node multicast group, who will process and drop the packet) • The destination host builds a neighbor advertisement packet to respond to the neighbor solicitation.

  13. Neighbor advertisement TRAFFIC CLASS VERS 6 FLOW LABEL HOP LIMIT 255 PAYLOAD LENGTH NEXT HEADER IP header IPv6 source address (Unicast address of sending interface on B) IPv6 destination address (unicast IP address of A) TYPE (136) CODE 0 CHECKSUM S flag is set Neighbor solicitation Message (ICMP) RESERVED (set to 0) R|S|0 IPv6 TARGET ADDRESS (Copied from solicitation) OPTIONS (VARIABLE LENGTH) Ethernet Address of source host (host B).

  14. Neighbor advertisement • R Router flag. • When set, indicates that the sender is a router. • The S-bit • For reachability confirmation for Neighbor Unreachability Detection. • It MUST NOT be set in unsolicited unicast advertisements. • O Override flag. When set, the O-bit indicates that the advertisement should override an existing cache entry

  15. Address resolution: more steps • An entry may be updated or added to the neighbor cache of B • The neighbor advertisement is unicast to the soliciting host (A) • If the advertisement is not received by A • The INCOMPLETE cache entry is dropped

  16. Address resolution: final steps • If the advertisement is received by A • The soliciting host finishes building the INCOMPLETE entry in the neighbor cache • The entry is then in the REACHABLE state • Packets that have been queued waiting for the link layer address are sent • At least one packet must be queue for address resolution to be initiated

  17. Improvements: Detecting failure • Unlike ARP, Neighbor Discovery detects half-link failures • Uses Neighbor Unreachability Detection • Uses state of the entry in the neighbor cache • Avoids sending traffic to neighbors with which two-way connectivity is absent.

  18. Entry states in neighbor cache • INCOMPLETE Address resolution in progress • REACHABLE verified up to tens of seconds ago • STALE not known to be reachable but until traffic is sent no verification done • DELAY not known to be reachable, traffic has recently been sent wait for upper-layer protocols to confirm • PROBE no longer known to be reachable send Solicitation probes to verify reachability.

  19. Neighbor Unreachability (1) • Each time a packet is received by neighbor A from neighbor B that indicates active two way communication the neighbor cache entry is set to REACHABLE and the entry lifetime timer is reset. • A’s receipt of a TCP packet indicates that B has received an ACK from A, so two way communication is alive • Receiving unsolicited neighbor advertisements only requires 1-way communications and would not cause changes in the cache

  20. Neighbor Unreachability (2) • If the entry lifetime timer expires the cache entry moves from the REACHABLE state to the STALE state. • If the host wants to send a packet to a STALE entry, a delay timer is set when that packet is sent and the host moves into the DELAY state. • If no reply is received in DELAY_FIRST_PROBE_TIMEseconds the entry moves into the PROBE state. • Otherwise if a reply is received the entry moves back to the REACHABLE state

  21. Neighbor Unreachability (3) • When an entry enters the PROBE state a neighbor solicitation is sent • If a neighbor advertisement is returned before the retransmission timer expires the entry moves back to the Reachable and the lifetime timer is reset • Otherwise when the retransmission timer expires the neighbor solicitation is retransmitted. Up to MAX_UNICAST_SOLICIT retransmissions will be tried (until an advertisement is received) • Should no advertisement be received after the maximum number of retransmissions the entry should be deleted.

  22. Duplicate Address Detection • IPv6 equivalent to gratuitous ARP • When a host A is initializing, Duplicate Address Detection (DAD) allows the host A to check that no other host on the local network segment is already using the IPv6 address it is requesting to use. • A required part of initialization or reinitialization of any interface

  23. DAD: step 1 • A builds a neighbor solicitation packet to check if it’s desired IP address is available • The requested IP source address is “tentative” so IP source address in the solicitation packet is all 0’s, • IP destination address is the solicited node multicast address derived from the target address (next line) • Target address is the requested IPv6 address of A • OPTIONS (data) field contains 0’s

  24. DAD Neighbor solicitation TRAFFIC CLASS VERS 6 FLOW LABEL NEXT HEADER HOP LIMIT 255 PAYLOAD LENGTH IPv6 header : : IPv6 destination address (solicited node multicast address of A’s requested address) TYPE (135) CODE 0 CHECKSUM Neighbor solicitation Message (ICMP) RESERVED (set to 0) IPv6 destination address (A’s requested address) OPTIONS (VARIABLE LENGTH) NONE

  25. DAD: step 2 • A joins all hosts multicast group • A joins the multicast group for the solicited node multicast address derived from the IP address it is requesting. • A random delay (delay before sending the request to join the multicast groups) is added to distribute load if whole network is initializing at the same time

  26. DAD: step 3 • To check the tentative address, A sends the solicitation DupAddrDetectTransmits times. • Default DupAddrDetectTransmits=1 • Setting DupAddrDetectTransmits=0 turns DAD off • Each transmission is separated by RetransTimer milliseconds. • Retransmission stop when • A replying neighbor advertisement arrives • RetransTimer millisec after the last retransmission

  27. DAD: step 4 (no duplicate) • No answering neighbor solicitation packet is received before probing is complete • Probing is complete DupAddrDetectTransmits times RetransTimer milliseconds after the first retransmission is sent • It has been confirmed that the tentative IP address is unique • The tentative IPv6 address is assigned to the interface and becomes the IPv6 address for the interface

  28. DAD: step 4 (duplicate) • Host B is already using the requested address. Host B receives A’s neighbor solicitation. • B replies A’s solicitation with an advertisement • Reply is multicast to all nodes address FF02::1 (because source address was : : ) • Solicited flag is set (S flag) • IPv6 source address is B’s address (also A’s tentative address) • Target is B’s IPv4 address (A requested address) • B’s Ethernet address is included as an option

  29. DAD Neighbor advertisement TRAFFIC CLASS VERS 6 FLOW LABEL HOP LIMIT 255 PAYLOAD LENGTH NEXT HEADER IP header IPv6 source address (address requested by A also B’s address) All nodes multicast address (FF02::1) TYPE (136) CODE 0 CHECKSUM S flag is set Neighbor solicitation Message (ICMP) RESERVED (set to 0) R|S|0 R|S|0 IPv6 TARGET ADDRESS (Copy solicitation, A’s requested address) OPTIONS (VARIABLE LENGTH) (Ethernet Address of host B, which is using the requested address).

  30. DAD: step 5 (duplicate) • Host B is already using the requested address. Host B receives A’s neighbor solicitation and replies with a neighbor advertisement • Host B SHOULD log a system management error. Then • If the IPv6 address was derived from the Ethernet address, no packets will be received or sent on the interface (no new IPv6 address will be assigned) • If the IPv6 address was assigned then a new IPv6 address may be assigned and DAD repeated.

  31. Some relevant RFC’s • RFC’s • 4429 • 2461 • 2462 • 4861 • 4862