ICMPv6 & Neighbor Discovery Protocol: Learn It
Download
1 / 74

ICMPv6 & Neighbor Discovery Protocol: Learn It Rick Graziani CS/CIS Instructor Cabrillo College - PowerPoint PPT Presentation


  • 83 Views
  • Uploaded on

ICMPv6 & Neighbor Discovery Protocol: Learn It Rick Graziani CS/CIS Instructor Cabrillo College. Topics In this Presentation and An Introduction to ICMPv6. Internet Control Message Protocol (ICMPv6) . Described in RFC 4443 Much more robust than ICMP for IPv4

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'ICMPv6 & Neighbor Discovery Protocol: Learn It Rick Graziani CS/CIS Instructor Cabrillo College' - moshe


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

ICMPv6 & Neighbor Discovery Protocol: Learn It

Rick Graziani

CS/CIS Instructor

Cabrillo College


Topics In this Presentation

and

An Introduction to ICMPv6


Internet control message protocol icmpv6
Internet Control Message Protocol (ICMPv6)

  • Described in RFC 4443

  • Much more robust than ICMP for IPv4

  • Contains new functionality and improvements.

  • More than just “messaging” but “how IPv6 conducts business”.

  • General message similar to ICMP for IPv4

  • Also uses Type and Code fields like in ICMPv4.

  • Two types of ICMPv6 messages

    • Error messages

    • Informational messages


Icmpv6 messages
ICMPv6 Messages

  • The ICMPv6 error messages are:

    • Destination Unreachable

    • Packet Too Big

    • Time Exceeded

    • Parameter Problem

  • ICMPv6 informational messages used by the ping command:

    • Echo Request

    • Echo Reply

Similar to ICMP for IPv4.

Quick look at these first.

We will familiarize ourselves with the IPv6 version of these.


Icmpv6 messages1
ICMPv6 Messages

  • ICMPv6 informational messages used for Multicast Listener Discovery (RFC 2710 ):

    • Multicast Listener Query

    • Multicast Listener Report

    • Multicast Listener Done

  • ICMPv6 informational messages used by Neighbor Discovery (RFC 4861):

    • Router Solicitation Message

    • Router Advertisement Message

    • Neighbor Solicitation Message

    • Neighbor Advertisement Message

    • Redirect Message

Similar to IGMP (Internet Group Message Protocol) for IPv4.

We won’t be covering these.

Most of our time will be spent on the first four of these.

Redirect Message is similar to Redirect Messages for IPv4.


Stateless Address Autconfiguration

2001:0DB8:AAAA:0001::/64

ipv6 unicast-routing

R1

MAC Address

00-21-9B-D9-C6-44

PC1

Link-local address automatically created

1

Link-local address (Tentative)

Neighbor Solicitation Message

From: :: (Unspecified source address)

To: FF02::1:FFBB:66E1 (Solicited Node Multicast)

Target IPv6 Address: FE80::50A5:8A35:A5BB:66E1

DAD performed on

Link-local address

2

3

Global unicast address created using SLAAC

NDP Router Solicitation From: FE80::50A5:8A35:A5BB:66E1 To: FF02::2 (All-routers multicast)

NDP Router Advertisement From: FE80::1 To: FF02::1 (All-nodes multicast)

4

5

Addressing Information Added

6

Neighbor Solicitation Message

From: :: (Unspecified source address)

To: Solicited Node Multicast

Target IPv6 Address:

DAD performed on global unicast address


Address Resolution (ARP in IPv4)

R1

2001:0DB8:AAAA:0001::/64

ipv6 unicast-routing

PC1> ping 2001:DB8:AAAA:1::200

2

5

1

Neighbor Cache

<empty until step 5>

MAC Address

00-1B-24-04-A2-1E

PC1

PC2

MAC Address

00-21-9B-D9-C6-44

2001:DB8:AAAA:1::100/64

2001:DB8:AAAA:1::200/64

FF02::1:FF00:200 (Solicited Node Multicast)

3

Neighbor Solicitation Message

From Ethernet MAC address:

00-21-9B-D9-C6-44

To Ethernet MAC address:

33-33-FF-00-02-00

(IPv6 Mapped Multicast)

From: 2001:DB8:AAAA:1::100

To: FF02::1:FF00:200 (Solicited Node Multicast)

Target IPv6 Address: 2001:DB8:AAAA:1::200

Link-layer address: 00:21:9B:D9:C6:44

Neighbor Advertisement Message

From Ethernet MAC address:

00-1B-24-04-A2-1E

To Ethernet MAC address:

00-21-9B-D9-C6-44

From: 2001:DB8:AAAA:1::200

To: 2001:DB8:AAAA:1::100

Target IPv6 Address: 2001:DB8:AAAA:1::200

Link-layer address: 00:1B:24:04:A2:1E

4


Neighbor cache fsm

Neighbor Cache FSM

Neighbor Cache (“ARP Cache”)

Neighbor Solicitation (NS) sent

No Entry Exists

Incomplete

3 NS sent with no NA

Neighbor Advertisement (NA) received

Reachable Time exceeded (timeout)

Or

Unsolicited NA received

Reachable

NS sent and

Na received

Packet returned

Packet sent

5 sec

Delay

(Resolution pending)

Probe

(Reresolution in progress)

Stale – no action required

(Requires reresolution)

3 NS sent with no NA


General Message Format

ICMPv6 Error Messages


Next header and general message format
Next Header and General Message Format

IPv6 Next Header Value: 58 decimal or 3A hexadecimal

ICMPv6 Message Body

ICMPv6 Header

Next Header

58

IPv6 Header

IPv6 Data

ICMPv6 General Message Format (similar to ICMP for IPv4)

8

32

16

24

Code

Checksum

Type

Message Body


The first messages we will examine
The first messages we will examine…

  • The ICMPv6 error messages are:

    • Destination Unreachable

    • Packet Too Big

    • Time Exceeded

    • Parameter Problem

  • ICMPv6 informational messages used by the ping command:

    • Echo Request

    • Echo Reply

Similar to ICMP for IPv4.

Quick look at these first.

We will familiarize ourselves with the IPv6 version of these.


Destination unreachable message
Destination Unreachable Message

  • Sent when a packet cannot be delivered to its destination for reasons other than congestion.

  • A router (or a firewall) usually generates these messages.

  • Various code values give more detail, such as (4) port unreachable.


Packet too big message
Packet Too Big Message

  • Important difference with IPv6…

  • IPv4 routers fragment a packet when the MTU (Maximum Transmission Unit) of the outgoing link is smaller than the size of the packet.

    • The destination device is responsible for reassembling the fragmented packets.

  • IPv6 routers do not fragment packets (unless it is the source of the packet).


Path mtu discovery

MTU of outgoing link smaller than packet size – drop packet

Path MTU Discovery

Source

Destination

MTU = 1500

MTU = 1500

MTU = 1500

MTU = 1350

PC-B

PC-A

R2

R1

R3

IPv6 Packet with MTU = 1,500 bytes

1

ICMPv6 Packet Too Big message, use MTU 1,350

2

IPv6 Packet with MTU = 1,350 bytes

3

Packet Received

4


Time exceeded message
Time Exceeded Message packet

  • Before a router forwards an IPv6 packet it decrements the Hop Limit field by one.

  • If the Hop Limit (same as TTL in IPv4) results in a zero

  • Packet is dropped and a Time Exceeded message is sent to the source.


Parameter problem message
Parameter Problem Message packet

  • Generated when a receiving device finds a problem with a field in the main IPv6 header such as the Next Header field.

  • Means the device didn’t understand the information in the IPv6 header and had to discard it.


ICMPv6 Informational Messages: packet

Echo Request and Echo Reply


Icmpv6 echo request and echo reply messages
ICMPv6 Echo Request and Echo Reply Messages packet

Echo Reply: Type = 128

Echo Request: Type = 129

  • Like for IPv4, ICMPv6 Echo Request and Echo Reply are two ICMP messages used by ping.

8

32

16

24

Type = 128 or 129

Code = 0

Checksum

Identifier

Sequence Number

Data


IPv6 Topology packet

2001:0DB8:AAAA::/48

R1

R2

2001:0DB8:AAAA:2::/64

Fa0/0 .2

Fa0/1 .1

Fa0/0 .1

FE80::1/64

FE80::2/64

FE80::1/64

2001:0DB8:AAAA:1::/64

PC2

PC1

2001:0DB8:AAAA:1::200

2001:0DB8:AAAA:1::100

FE80::50A5:8A35:A5bb:66E1


Ping global packetunicast address from PC1 to R1

PC1> ping 2001:db8:aaaa:1::1

Pinging 2001:db8:aaaa:1::1 from 2001:db8:aaaa:1::100 with 32 bytes of data:

Reply from 2001:db8:aaaa:1::1: time=1ms

Reply from 2001:db8:aaaa:1::1: time=1ms

Reply from 2001:db8:aaaa:1::1: time=1ms

Reply from 2001:db8:aaaa:1::1: time=1ms

Ping statistics for 2001:db8:aaaa:1::1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 1ms, Average = 1ms

PC1>


Internet packetProtocol Version 6

0110 .... = Version: 6

.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 40

Next header: ICMPv6 (0x3a)

Hop limit: 128

Source: 2001:db8:aaaa:1::100

Destination: 2001:db8:aaaa:1::1

Internet Control Message Protocol v6

Type: 128 (Echo (ping) request)

Code: 0 (Should always be zero)

Checksum: 0x8f38 [correct]

ID: 0x0001

Sequence: 0

Data (32 bytes)

Echo Request from PC1 to R1


Internet packetProtocol Version 6

0110 .... = Version: 6

.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 40

Next header: ICMPv6 (0x3a)

Hop limit: 64

Source: 2001:db8:aaaa:1::1

Destination: 2001:db8:aaaa:1::100

Internet Control Message Protocol v6

Type: 129 (Echo (ping) reply)

Code: 0 (Should always be zero)

Checksum: 0x8e38 [correct]

ID: 0x0001

Sequence: 0

Data (32 bytes)

Echo Reply from R1 to PC1


Ping link local address from r1 to pc1
Ping link-local address from R1 to PC1 packet

R1# ping fe80::50a5:8a35:a5bb:66e1

Output Interface: fastethernet 0/0

% Invalid interface. Use full interface name without spaces (e.g. Serial0/1)

Output Interface: fastethernet0/0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to FE80::50A5:8A35:A5BB:66E1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

R1#


Internet packetProtocol Version 6

0110 .... = Version: 6

.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 60

Next header: ICMPv6 (0x3a)

Hop limit: 64

Source: fe80::1

Destination: fe80::50a5:8a35:a5bb:66e1

Internet Control Message Protocol v6

Type: 128 (Echo (ping) request)

Code: 0 (Should always be zero)

Checksum: 0x0444 [correct]

ID: 0x0a24

Sequence: 0

Data (52 bytes)

Echo Request: Link-local address from R1 to PC1


Internet packetProtocol Version 6

0110 .... = Version: 6

.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 60

Next header: ICMPv6 (0x3a)

Hop limit: 64

Source: fe80::50a5:8a35:a5bb:66e1

Destination: fe80::1

Internet Control Message Protocol v6

Type: 129 (Echo (ping) reply)

Code: 0 (Should always be zero)

Checksum: 0x0344 [correct]

ID: 0x0a24

Sequence: 0

Data (52 bytes)

Echo Reply: Link-local address from PC1 to R1


  • ICMPv6 Informational Messages packet

  • Used by Neighbor Discovery

    • Router Solicitation Message

    • Router Advertisement Message

    • Neighbor Solicitation Message

    • Neighbor Advertisement Message

    • Redirect Message


Router Solicitation & packet

Router Advertisement Messages

and

SLAAC (Stateless Address Autoconfiguration)


Hosts and addressing
Hosts and Addressing packet

  • Static configuration

  • Stateless Address Autoconfiguration (SLAAC)

    • SLAAC only

    • SLAAC with DHCPv6

    • Note: Host OS determines if it will use EUI-64 or random value for Interface ID

  • StatefulAutoconfiguration

    • DHCPv6 only


Stateless address autoconfiguration slaac
Stateless Address packetAutoconfiguration (SLAAC)

RouterA

  • Stateless Address Autoconfiguration (SLAAC) is an automatic method for assigning global unicast addresses to interfaces.

    • Defined in RFC 4862, IPv6 Stateless Address Autoconfiguration

  • Uses:

    • Prefix and other information from -> ND Router Advertisement

    • Interface ID from -> IEEE modified EUI-64 format or random value

  • No need for DHCPv6 server (unless need DNS)

ipv6 unicast-routing

MAC: 00-19-D2-8C-E0-4C

1

NDP Router Solicitation

2

NDP Router Advertisement

EUI-64


R1 packet

ipv6 unicast-routing

DHCPv6 Server

  • Router Solicitation and Router Advertisement messages are about communications between a host and a router.

  • Router Advertisement includes:

    • Prefix, prefix-length, default-gateway, MTU, Hop limit and more.

  • R1(config)# ipv6 unicast-routing

NDP Router Advertisement

NDP Router Solicitation “Need information from the router”

Time for me to send out a Router Advertisement

I just booted up, send me a Router Advertisement


R1 packet

ipv6 unicast-routing

DHCPv6 Server

2

NDP Router Advertisement

“I’m everything you need (Prefix, Prefix-length, Default Gateway)”

Or

“Here is my information but you need to get other information such as DNS addresses from a DHCPv6 server.”

Or

“I can’t help you. Ask a DHCPv6 server for all your information.”

1

NDP Router Solicitation “Need information from the router”

  • The router’s Router Advertisement can determine how the host gets its dynamic address configuration.

  • ipv6 unicast-routing command enables router to send Router Advertisements.


R1 packet

ipv6 unicast-routing

MAC: 00-19-D2-8C-E0-4C

1

NDP Router Solicitation

2

NDP Router Advertisement

Prefix: 2001:DB8:AAAA:1::

Prefix-length: /64

To: FF02::1 (All-hosts multicast)

From: FE80::1 (Link-local address)

EUI-64

3

Prefix: 2001:DB8:AAAA:1::

Prefix-length: /64

EUI-64 Interface ID: 02-19-D2-FF-FE-8C-E0-4C

Global Unicast Address:

2001:DB8:AAAA:1:0219:D2FF:FE8C:E04C

Default Gateway: FE80::1 (Default Router List)

  • PC1> ipconfig

  • IPv6 Address. . . . . . : 2001:DB8:AAAA:1:0219:D2FF:FE8C:E04C

  • Default Gateway . . . . :fe80::1

4

Duplicate Address Detection (DAD)


R1 packet

ipv6 unicast-routing

1

NDP Router Solicitation

Stateless Addressing

DHCPv6 Addressing

DHCPv6 Server

NDP Router Advertisement

“Here is my information but you need to get other information such as DNS addresses from a DHCPv6 server.”

Or

“I can’t help you. Ask a DHCPv6 server for all your information.”

2

3

DHCPv6 Solicit Message

“I need a DHCPv6 Server.”

4

DHCPv6 Advertise Message

“I’m a DHCPv6 Server.”

5

DHCPv6 Request Message

“I need addressing information.

DHCPv6 Reply Message

“Here is your address and other information.”

6

7

Duplicate Address Detection (DAD)


A closer look at the protocol

ICMPv6 Router Solicitation Message packet

A closer look at the protocol

24

16

32

8

Type = 133

Code = 0

Checksum

Reserved

Valid Options:

Source link-layer address

ICMPv6 Router Advertisement Message

8

32

16

24

Type = 134

Code = 0

Checksum

Cur Hop Limit

Router Lifetime

O

M

Reserved

Reachable Time

Retrans Time

Possible Options:

Source link-layer address

MTU

Prefix Information


R1 packet

2001:0DB8:AAAA:0001::/64

ipv6 unicast-routing

MAC: 00-21-9B-D9-C6-44

1

NDP Router Solicitation From: FE80::50A5:8A35:A5BB:66 To: FF02::2 (All-routers multicast)

Randomly generated Inter ID

PC1

Link-local address: FE80::50A5:8A35:A5BB:66E1

NDP Router Advertisement

From: FE80::1

To: FF02::1 (All-nodes multicast)

Prefix: 2001:DB8:AAAA:1::

Prefix-length: /64

2

3

Prefix: 2001:DB8:AAAA:1::

[EUI-64: Not used, Interface ID is randomly generated]

Global Unicast Address:

2001:DB8:AAAA:1:50A5:8A35:A5BB:66E1

Prefix-length: /64

4

Default Router List

Default Gateway: FE80::1


Ethernet II, packetSrc: 00:21:9b:d9:c6:44, Dst: 33:33:00:00:00:02

Internet Protocol Version 6

0110 .... = Version: 6 [Traffic class and Flowlabel not shown]

Payload length: 16

Next header: ICMPv6 (0x3a)

Hop limit: 255

Source: fe80::50a5:8a35:a5bb:66e1

Destination: ff02::2

Internet Control Message Protocol v6

Type: 133 (Router solicitation)

Code: 0

Checksum: 0x3277 [correct]

ICMPv6 Option (Source link-layer address)

Type: Source link-layer address (1)

Length: 8

Link-layer address: 00:21:9b:d9:c6:44

All IPv6 routers multicast MAC address

Next header is an ICMPv6 header

Link-local address of PC1

All-routers multicast address

Router Solicitation message

Router Solicitation (RS) from PC1

MAC address of PC1 but

RA sent as all-host multicast


R1(config)# packetipv6 unicast-routing

R1# show ipv6 interface fastethernet 0/0

FastEthernet0/0 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::1

Global unicastaddress(es):

2001:DB8:AAAA:1::1, subnet is 2001:DB8:AAAA:1::/64

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF00:1

MTU is 1500 bytes

<output omitted for brevity>

ND advertised retransmit interval is 0 milliseconds

ND router advertisements are sent every 200 seconds

ND router advertisements live for 1800 seconds

Hosts use stateless autoconfig for addresses.

R1#

All-routers multicast group


Router Advertisement (RA) from Router R1 packet

Ethernet II, Src: 00:03:6b:e9:d4:80, Dst: 33:33:00:00:00:01

Internet Protocol Version 6

0110 .... = Version: 6

.... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 64

Next header: ICMPv6 (0x3a)

Hop limit: 255

Source: fe80::1

Destination: ff02::1

All IPv6 hosts multicast MAC address

Next Header is an ICMPv6 header

Link-local address of R1. Added to the Default Router List and is the address hosts will use as their default gateway

All-nodes multicast group


Internet packetControl Message Protocol v6

Type: 134 (Router advertisement)

Code: 0

Cur hop limit: 64

Flags: 0x00

ICMPv6 Option (Source link-layer address)

Type: Source link-layer address (1)

Length: 8

Link-layer address: 00:03:6b:e9:d4:80

ICMPv6 Option (MTU)

Type: MTU (5)

Length: 8

MTU: 1500

ICMPv6 Option (Prefix information)

Type: Prefix information (3)

Length: 32

Prefix Length: 64

Prefix: 2001:db8:aaaa:1::

Router Advertisement from Router R1 – some fields omitted

Recommended Hop Limit value for hosts

M and O flags indicate that no information is available via DHCPv6

R1’s MAC address

MTU of the link.

Prefix-length (/64) to be used for autoconfiguration.

Prefix of this network to be used for autoconfiguration


M and o flags
M and O Flags packet

Internet Control Message Protocol v6

Type: 134 (Router advertisement)

Code: 0

Cur hop limit: 64

Flags: 0x00

<output omitted for brevity?

  • M Flag:Managed Address Configurationflag

    • Tells the host whether to use the configuration information in this Router Advertisement (SLAAC by default) or to get all of its information from a DHCPv6 server.

  • O Flag:Other Configurationflag

    • When SLAAC is being used (using the RA), it tells the host whether more information (like DNS) is available from a DHCPv6 server.

Router Advertisement message

M and O flags


R1 packet

ipv6 unicast-routing

DHCPv6 Server

NDP Router Advertisement

M Flag

SLAAC or DHCPv6?

M Flag = 0 (Default)

Use SLAAC, info in RA, prefix, etc.

M Flag = 1

Use DHCPv6 for everything

  • R1(config)# ipv6 managed-config-flag

X

O Flag

Additional information

via DHCPv6?

O Flag = 0 (Default)

No additional information via DHCPv6

X

O Flag = 1

Additional information via DHCPv6 like DNS address

  • R1(config)# ipv6 other-config-flag



Neighbor solicitation and neighbor advertisement
Neighbor Solicitation and Neighbor Advertisement packet

  • Two more protocols used with ICMPv6 Neighbor Discovery:

    • Neighbor Solicitation

    • Neighbor Advertisement

  • Used by a device to:

    • Request layer 2 address information from another device on the same network

    • Provide this information to the requesting device.

  • Part of three important processes:

    • Address resolution (like ARP in IPv4)

    • Duplicate Address Detection (DAD)

    • Neighbor Unreachability Detection (NUD)


ICMPv6 Neighbor Solicitation Message packet

If this is your Target IPv6 Address please send me your MAC address.

ICMPv6 Neighbor Advertisement Message

The Target IPv6 Address you are looking for belongs to me, here is my layer 2 (MAC) address.


Address Resolution (ARP in IPv4) packet

R1

2001:0DB8:AAAA:0001::/64

ipv6 unicast-routing

PC1> ping 2001:DB8:AAAA:1::200

2

5

1

Neighbor Cache

<empty until step 5>

MAC Address

00-1B-24-04-A2-1E

PC1

PC2

MAC Address

00-21-9B-D9-C6-44

2001:DB8:AAAA:1::100/64

2001:DB8:AAAA:1::200/64

FF02::1:FF00:200 (Solicited Node Multicast)

3

Neighbor Solicitation Message

From Ethernet MAC address:

00-21-9B-D9-C6-44

To Ethernet MAC address:

33-33-FF-00-02-00

(IPv6 Mapped Multicast)

From: 2001:DB8:AAAA:1::100

To: FF02::1:FF00:200 (Solicited Node Multicast)

Target IPv6 Address: 2001:DB8:AAAA:1::200

MAC address of PC1: 00:21:9B:D9:C6:44

Neighbor Advertisement Message

From Ethernet MAC address:

00-1B-24-04-A2-1E

To Ethernet MAC address:

00-21-9B-D9-C6-44

From: 2001:DB8:AAAA:1::200

To: 2001:DB8:AAAA:1::100

Target IPv6 Address: 2001:DB8:AAAA:1::200

MAC address of PC2: 00:1B:24:04:A2:1E

4


What about that Solicited Node Multicast? packet

IPv6 Addressing

Unicast

Multicast

Anycast

Assigned

Solicited Node

FF00::/8

FF02::1:FF00:0000/104

Embedded IPv4

Unspecified

Unique Local

Global Unicast

Link-Local

Loopback

FC00::/7

FDFF::/7

2000::/3

3FFF::/3

::1/128

::/128

::/80

FE80::/10

FEBF::/10


NIC: I will also listen for my MAC multicast addresses packet

IP: I will also listen for my IP multicast addresses (Global and Link-local)

  • Why Solicited Node Addresses?

  • Devices also have solicited node multicast addresses

  • Broadcasts are sent to all devices.

  • Devices must process all broadcasts at least to layer 3.

  • Solicited Node Multicasts are only processed by those devices with the matching last 24 bits (usually one device).

  • If I know the IPv6 address but not the MAC address I can send it to a solicited node addresses instead of a broadcast to everyone…

PC-2

Broadcasts

Global Unicast Address:

Solicited Node Multicast(Global):

MAC Unicast Address:

Multicast (MAC):

2001:0DB8:AAAA:0001:0000:0000:0000:0200

FF02::1:FF00:200

00-1B-24-04-A2-1E

33-33-FF-00-02-00


PC2’s Global packetUnicast Address

Global Routing Prefix

Interface ID

Subnet ID

24 bits

104 bits

2001:0DB8:AAAA

0001

0000:0000:00

00:0200

Copy

PC2’s IPv6 Solicited-Node Multicast Address

FF02

0000

0000

0000

0000

0001

FF

00:0200

Copy

Solicited-node Multicast address mapped to Ethernet destination MAC address

FF-00-02-00

33-33

PC2’s IPv6 Solicited-node multicast address: FF02::1:FF00:200

PC2’s mapped solicited-node Ethernet multicast address : 33-33-FF-00-02-00


Neighbor Solicitation from PC1 (ARP Request) packet

Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 33:33:ff:00:02:00

Internet Protocol Version 6

0110 .... = Version: 6

.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 32

Next header: ICMPv6 (0x3a)

Hop limit: 255

Source: 2001:db8:aaaa:1::100

Destination: ff02::1:ff00:200

Internet Control Message Protocol v6

Type: 135 (Neighbor solicitation)

Code: 0

Checksum: 0xbbab [correct]

Reserved: 0 (Should always be zero)

Target: 2001:db8:aaaa:1::200

ICMPv6 Option (Source link-layer address)

Type: Source link-layer address (1)

Length: 8

Link-layer address: 00:21:9b:d9:c6:44

Mapped multicast address for PC2

Next header is an ICMPv6 header

Global unicastaddress of PC1

Solicited-node multicast address of PC2

Neighbor Solicitation message

Target IPv6 address, needing MAC address

MAC address of the sender, PC1


Neighbor Advertisement from PC2 (ARP Reply) packet

Ethernet II, Src: 00:1b:24:04:a2:1e, Dst: 00:21:9b:d9:c6:44

Internet Protocol Version 6

0110 .... = Version: 6

.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 32

Next header: ICMPv6 (0x3a)

Hop limit: 255

Source: 2001:db8:aaaa:1::200

Destination: 2001:db8:aaaa:1::100

Internet Control Message Protocol v6

Type: 136 (Neighbor advertisement)

Code: 0

Checksum: 0x1b4d [correct]

Flags: 0x60000000

Target: 2001:db8:aaaa:1::200

ICMPv6 Option (Target link-layer address)

Type: Target link-layer address (2)

Length: 8

Link-layer address: 00:1b:24:04:a2:1e

Unicast MAC address of PC2

Next header is an ICMPv6 header

Global unicastaddress of PC2

Global unicastaddress of PC1

Neighbor Advertisement message

1 1 0 – Router Flag = 1, Solicitation Flag = 1, Override Flag = 0

IPv6 address of the sender, PC2

MAC address of the sender, PC2


R1 packet

2001:0DB8:AAAA:0001::/64

ipv6 unicast-routing

PC1> ping 2001:DB8:AAAA:1::200

2

5

1

Neighbor Cache

<empty until step 5>

MAC Address

00-1B-24-04-A2-1E

PC1

PC2

MAC Address

00-21-9B-D9-C6-44

2001:DB8:AAAA:1::100/64

2001:DB8:AAAA:1::200/64

FF02::1:FF00:200 (Solicited Node Multicast)

3

Neighbor Solicitation

4

Neighbor Advertisement

6

ICMPv6 Echo Request

From Ethernet MAC address:

00-21-9B-D9-C6-44

To: Ethernet MAC address:

00-1B-24-04-A2-1E

From: 2001:DB8:AAAA:1::100

To: 2001:DB8:AAAA:1::100

ICMPv6 Echo Reply

From: Ethernet MAC address:

00-1B-24-04-A2-1E

To: Ethernet MAC address:

00-21-9B-D9-C6-44

From: 2001:DB8:AAAA:1::200

To: 2001:DB8:AAAA:1::100

7


Ethernet II, packetSrc: 00:21:9b:d9:c6:44, Dst: 00:1b:24:04:a2:1e

Internet Protocol Version 6

0110 .... = Version: 6

.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 40

Next header: ICMPv6 (0x3a)

Hop limit: 128

Source: 2001:db8:aaaa:1::100

Destination: 2001:db8:aaaa:1::200

Internet Control Message Protocol v6

Type: 128 (Echo (ping) request)

Code: 0 (Should always be zero)

Checksum: 0x7b37 [correct]

ID: 0x0001

Sequence: 13

Data (32 bytes)

ICMPv6 Echo Request from PC1


Ethernet II, packetSrc: 00:1b:24:04:a2:1e, Dst: 00:21:9b:d9:c6:44

Internet Protocol Version 6

0110 .... = Version: 6

.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000

.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000

Payload length: 40

Next header: ICMPv6 (0x3a)

Hop limit: 64

Source: 2001:db8:aaaa:1::200

Destination: 2001:db8:aaaa:1::100

Internet Control Message Protocol v6

Type: 129 (Echo (ping) reply)

Code: 0 (Should always be zero)

Checksum: 0x7a37 [correct]

ID: 0x0001

Sequence: 13

Data (32 bytes)

ICMPv6 Echo Reply from PC2



Duplicate address detection dad
Duplicate Address Detection (DAD) packet

  • Duplicate Address Detection (DAD) – Used to determine whether or not an address it wishes to use is already employed in use.

  • Similar to a gratuitous ARP in IPv4.

  • With some exceptions, RFC 4861 recommends that DAD be performed on every unicast address before it is assigned to an interface.


R1 packet

ipv6 unicast-routing

2001:0DB8:AAAA:0001::/64

Duplicate Address Detection (DAD)

For Link-local address

MAC Address

00-21-9B-D9-C6-44

PC1

Link-local address (Tentative) – Used Random Interface ID

FE80::50A5:8A35:A5BB:66E1

1

Neighbor Solicitation Message

From Ethernet MAC address: 00-21-9B-D9-C6-44

To Ethernet MAC address:

33-33-FF-BB-66-E1 (IPv6 Mapped Multicast)

From: :: (Unspecified source address – I don’t have an IPv6 address yet)

To: FF02::1:FFBB:66E1 (Solicited Node Multicast)

Target IPv6 Address: FE80::50A5:8A35:A5BB:66E1

2

Neighbor Advertisement Message if it is in use…

To: FF02::1 (All-nodes multicast)

3



Neighbor cache
Neighbor Cache packet

  • Similar to ARP tables in IPv4, the Neighbor Cache keeps track of the reachability of neighbors: IPv6 address and MAC address mappings.

  • The Neighbor Cache entry can be in one of five states (RFC 4861):

  • Reachable: Packets have recently been received providing confirmation that this device is reachable.

  • Stale: A certain time period has elapsed since a packet has been received from this address.

  • Other three: (We will talk about all of these)

    • INCOMPLETE—Address resolution is in progress, and the link-layer address is not yet known.

    • DELAY—Neighbor is pending re-resolution, and traffic might flow to this neighbor.

    • PROBE—Neighbor re-resolution is in progress, and traffic might flow to this neighbor.


Neighbor Cache (“ARP Cache”) for R1 packet

R1# show ipv6 neighbors

IPv6 Address Age Link-layer Addr State Interface

FE80::50A5:8A35:A5BB:66E1 16 0021.9bd9.c644 STALE Fa0/0

2001:db8:aaaa:1::100 16 0021.9bd9.c644 STALE Fa0/0

R1# ping 2001:db8:aaaa:1::100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA:1::100, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R1# show ipv6 neighbors

IPv6 Address Age Link-layer Addr State Interface

FE80::50A5:8A35:A5BB:66E1 16 0021.9bd9.c644 STALE Fa0/0

2001:DB8:AAAA:1::100 0 0021.9bd9.c644 REACH Fa0/0

R1#


Neighbor cache fsm1

Neighbor Cache FSM

Neighbor Cache (“ARP Cache”)

Neighbor Solicitation (NS) sent

No Entry Exists

Incomplete

3 NS sent with no NA returned

Neighbor Advertisement (NA) received

Reachable Time exceeded (timeout)

Or

Unsolicited NA received

Reachable

NS sent and

NA received

Packet returned

Packet sent

5 sec

Delay

(Resolution pending)

Probe

(Reresolution in progress)

Stale – no action required

(Requires reresolution)

3 NS sent with no NA returned



Internet control message protocol icmpv61
Internet Control Message Protocol (ICMPv6) packet

  • Described in RFC 4443

  • Much more robust than ICMP for IPv4

  • Contains new functionality and improvements.

  • General message similar to ICMP for IPv4

  • Also uses Type and Code fields like in ICMPv4.

  • Two types of ICMPv6 messages

    • Error messages

    • Informational messages


Icmpv6 messages2
ICMPv6 Messages packet

  • The ICMPv6 error messages are:

    • Destination Unreachable

    • Packet Too Big

    • Time Exceeded

    • Parameter Problem

  • ICMPv6 informational messages used by the ping command:

    • Echo Request

    • Echo Reply

Similar to ICMP for IPv4.

Quick look at these first.


Icmpv6 messages3
ICMPv6 Messages packet

  • ICMPv6 informational messages used for Multicast Listener Discovery (RFC 2710 ):

    • Multicast Listener Query

    • Multicast Listener Report

    • Multicast Listener Done

  • ICMPv6 informational messages used by Neighbor Discovery (RFC 4861):

    • Router Solicitation Message

    • Router Advertisement Message

    • Neighbor Solicitation Message

    • Neighbor Advertisement Message

    • Redirect Message

Similar to IGMP (Internet Group Message Protocol) for IPv4.

We won’t be covering these.

Most of our time will be spent on the first four of these.

Redirect Message is similar to Redirect Messages for IPv4.


Stateless Address packetAutconfiguration

2001:0DB8:AAAA:0001::/64

ipv6 unicast-routing

R1

MAC Address

00-21-9B-D9-C6-44

PC1

Link-local address automatically created

1

Link-local address (Tentative)

Neighbor Solicitation Message

From: :: (Unspecified source address)

To: FF02::1:FFBB:66E1 (Solicited Node Multicast)

Target IPv6 Address: FE80::50A5:8A35:A5BB:66E1

DAD performed on

Link-local address

2

3

Global unicast address created using SLAAC

NDP Router Solicitation From: FE80::50A5:8A35:A5BB:66E1 To: FF02::2 (All-routers multicast)

NDP Router Advertisement From: FE80::1 To: FF02::1 (All-nodes multicast)

4

5

Addressing Information Added

6

Neighbor Solicitation Message

From: :: (Unspecified source address)

To: Solicited Node Multicast

Target IPv6 Address:

DAD performed on global unicast address


Address Resolution (ARP in IPv4) packet

R1

2001:0DB8:AAAA:0001::/64

ipv6 unicast-routing

PC1> ping 2001:DB8:AAAA:1::200

2

5

1

Neighbor Cache

<empty until step 5>

MAC Address

00-1B-24-04-A2-1E

PC1

PC2

MAC Address

00-21-9B-D9-C6-44

2001:DB8:AAAA:1::100/64

2001:DB8:AAAA:1::200/64

FF02::1:FF00:200 (Solicited Node Multicast)

3

Neighbor Solicitation Message

From Ethernet MAC address:

00-21-9B-D9-C6-44

To Ethernet MAC address:

33-33-FF-00-02-00

(IPv6 Mapped Multicast)

From: 2001:DB8:AAAA:1::100

To: FF02::1:FF00:200 (Solicited Node Multicast)

Target IPv6 Address: 2001:DB8:AAAA:1::200

MAC address of PC1: 00:21:9B:D9:C6:44

Neighbor Advertisement Message

From Ethernet MAC address:

00-1B-24-04-A2-1E

To Ethernet MAC address:

00-21-9B-D9-C6-44

From: 2001:DB8:AAAA:1::200

To: 2001:DB8:AAAA:1::100

Target IPv6 Address: 2001:DB8:AAAA:1::200

MAC address of PC2: 00:1B:24:04:A2:1E

4


Neighbor cache fsm2

Neighbor Cache FSM

Neighbor Cache (“ARP Cache”)

Neighbor Solicitation (NS) sent

No Entry Exists

Incomplete

3 NS sent with no NA returned

Neighbor Advertisement (NA) received

Reachable Time exceeded (timeout)

Or

Unsolicited NA received

Reachable

NS sent and

NA received

Packet returned

Packet sent

5 sec

Delay

(Resolution pending)

Probe

(Reresolution in progress)

Stale – no action required

(Requires reresolution)

3 NS sent with no NA returned


For more information
For more information packet

Shameless plug!

  • Web site: www.cabrillo.edu/~rgraziani

  • Username = cisco

  • Password = perlman

  • Email: [email protected]

  • At the end of these slides are some additional slides on the Destination Cache and configuring a router a a stateless DHCPv6 server.

IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6

By Rick Graziani


Thank you!!! packet

Questions?


A quick word about the destination cache
A quick word about the Destination Cache packet

  • Stores next-hop addresses for destinations to which traffic has recently been sent.

  • Entries in the destination cache contain the:

    • Destination IP address (either local or remote)

    • Previously resolved next-hop address

    • Path MTU for the destination.

  • Generally applies to hosts.

  • Cisco command to display IPv6 MTU per destination cache:

    • show ipv6 mtu


Stateless dhcpv6 configuration on r1
Stateless DHCPv6 configuration on R1 packet

DHCPv6 configuration pool commands

R1(config)# ipv6 dhcp pool cafe-1-pool

R1(config-dhcp)# dns-server 2001:db8:cafe:2::d001

R1(config-dhcp)# exit

R1(config)# interface fa 0/0

R1(config-if)# ipv6 dhcp server cafe-1-pool

R1(config-if)# ipv6 nd other-config-flag

R1(config-if)# end

R1#

Enables DHCPv6 service on the interface.

Sets the Router Advertisement O flag (Other Configuration Flag) to 1


R1# packetshow ipv6 interface fastethernet 0/0

FastEthernet0/0 is up, line protocol is up

IPv6 is enabled, link-local address is FE80::1

No Virtual link-local address(es):

Global unicastaddress(es):

2001:DB8:CAFE:1::1, subnet is 2001:DB8:CAFE:1::/64

Joined group address(es):

FF02::1

FF02::2

FF02::5

FF02::6

FF02::1:2

FF02::1:FF00:1

MTU is 1500 bytes

<output omitted for brevity>

ND router advertisements are sent every 200 seconds

ND router advertisements live for 1800 seconds

ND advertised default router preference is Medium

Hosts use stateless autoconfig for addresses.

Hosts use DHCP to obtain other configuration.

R1#

Verifying Router Advertisement Flags

All_DHCP_Relay_Agents_and_Servers multicast group

Router Advertisement M Flag set to 0

Router Advertisement O Flag set to 1


PC-1C> packetipconfig /all

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) 82567LM-3 Gigabit Network Connection

Physical Address. . . . . . . . . : B8-AC-6F-20-2A-90

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:db8:cafe:1:e5ff:dd92:a512:19c6(Preferred)

Link-local IPv6 Address . . . . . : fe80::e5ff:dd92:a512:19c6

Default Gateway . . . . . . . . . : fe80::1

DHCPv6 IAID . . . . . . . . . . . : 250629538

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-EF-49-66-B8-AC-6F-20-2A-90

DNS Servers . . . . . . . . . . . : 2001:db8:cafe:2::d001


ad