Neighbor Discovery Protocol (NDP)

Neighbor Discovery Protocol (NDP), as defined in RFC 2461, Neighbor Discovery for IP Version 6 (IPv6), is a key protocol of IPv6. Moreover, Figure 3-3 illustrates that NDP is an umbrella that defines these mechanisms:

  • Replacement of ARP— Because ARP has been removed in IPv6, IPv6 provides a new way to determine link-layer addresses of nodes on the local link. This new mechanism uses a mix of ICMPv6 messages and multicast addresses.

  • Stateless autoconfiguration— This mechanism allows nodes on the local link to configure their IPv6 addresses by themselves by using a mix of ICMPv6 messages and multicast addresses.

  • Router redirection— The router sends ICMPv6 messages to an IPv6 node to inform it of the presence of a better router address on the same local link to reach a destination network.

Figure 3-3. NDP Is an Umbrella for Mechanisms


New ICMPv6 messages are defined for NDP's specific scope. As shown in Table 3-2, these ICMPv6 messages are labeled in the context of NDP. These new ICMPv6 messages are Router Solicitation, Router Advertisement, Neighbor Solicitation, Neighbor Advertisement, and Redirect Message.

Table 3-2. ICMPv6 Messages Defined for NDP
ICMPv6 TypeName of Message
Type 133Router solicitation (RS)
Type 134Router advertisement (RA)
Type 135Neighbor solicitation (NS)
Type 136Neighbor advertisement (NA)
Type 137Redirect message

Table 3-3 shows the ICMPv6 messages that are used by NDP mechanisms. ARP replacement uses neighbor solicitation (ICMPv6 Type 135) and neighbor advertisement (ICMPv6 Type 136) messages. Prefix advertisement and prefix renumbering use router solicitation (ICMPv6 Type 133) and router advertisement (ICMPv6 Type 134) messages. DAD uses neighbor solicitation. Router redirection uses redirection message (ICMPv6 Type 137).

Table 3-3. ICMPv6 Messages Used by NDP Mechanisms
MechanismICMPv6 Type 133ICMPv6 Type 134ICMPv6 Type 135ICMPv6 Type 136ICMPv6 Type 137
Replacement of ARP  XX 
Prefix advertisementXX   
Prefix renumberingXX   
DAD  X  
Router redirection    X

On Cisco equipment, parameters of NDP and the mechanisms under its umbrella are controlled using the ipv6 nd command. The following sections describe in detail each mechanism under the scope of NDP.

Replacement of ARP by Neighbor Solicitation and Neighbor Advertisement Messages

In IPv4, ARP is used by nodes on the local link to determine link-layer addresses of other nodes. Each node handles an ARP cache, which contains link-layer addresses of nodes learned with ARP. In IPv6, the determination of nodes' link-layer addresses uses a combination of neighbor solicitation messages (ICMPv6 Type 135), neighbor advertisement messages (ICMPv6 Type 136), and the solicited-node multicast address (FF02::1:FFxx:xxxx), as discussed in Chapter 2.

As explained in the following list, the NDP used in IPv6 is much more efficient than ARP in IPv4:

  • In IPv6, only neighbor nodes concerned with this mechanism compute neighbor solicitation and neighbor advertisement messages in their stack. In IPv4, ARP broadcast messages are used to find a node's link-layer addresses. However, ARP broadcast forces all nodes on the local link to push all ARP broadcast messages toward the IPv4 stack.

  • In IPv6, nodes communicate their link-layer addresses to each other in the same request. In IPv4, two ARP broadcast messages are needed to obtain the same result.

  • Reachability of IPv6 addresses and link-layer addresses in the neighbor cache is verified. With ARP in IPv4, entries are removed after expiration (timeout).

How Neighbor Solicitation and Neighbor Advertisement Work

This section describes in detail how neighbor solicitation messages, neighbor advertisement messages, and solicited-node multicast addresses are used in IPv6 to replace ARP. Then, Cisco IOS Software commands related to neighbor solicitation and neighbor advertisement are explained.

The following steps occur, as shown in Figure 3-4:

Step 1.
Using the address FEC0::1:0:0:1:A, node A wants to deliver packets to destination node B using the IPv6 address FEC0::1:0:0:1:B on the same local link. However, node A does not know node B's link-layer address. Node A sends an ICMPv6 Type 135 message (neighbor solicitation) on the local link using its site-local address FEC0::1:0:0:1:A as the IPv6 source address, the solicited-node multicast address FF02::1:FF01:B corresponding to the target address FEC0::1:0:0:1:B as the destination IPv6 address, and the source link-layer address 00:50:3e:e4:4c:00 of the sender, node A, as data of the ICMPv6 message.

The source link-layer address of this frame is the link-layer address 00:50:3e:e4:4c:00 of node A. The destination link-layer address 33:33:FF:01:00:0B of this frame uses multicast mapping of the destination IPv6 address FF02::1:FF01:B.

NOTE

Note that the local link in this example is an Ethernet link. Refer to Chapter 2 for additional details on the multicast mapping for Ethernet defined for IPv6.

Step 2.
Node B, which is listening to the local link for multicast addresses, intercepts the neighbor solicitation message because the destination IPv6 address FF02::1:FF01:B represents the solicited-node multicast address corresponding to its IPv6 address FEC0::1:0:0:1:B.

Step 3.
Node B replies by sending a neighbor advertisement message using its site-local address FEC0::1:0:0:1:B as the IPv6 source address and the site-local address FEC0::1:0:0:1:A as the destination IPv6 address. It also includes its link-layer address 00:50:3e:e4:4b:01 in the ICMPv6 message.

Figure 3-4. Neighbor Solicitation and Neighbor Solicitation Messages Used to Find the Node's Link-Layer Addresses on the Local Link

[View full size image]

After receiving neighbor solicitation and neighbor advertisement messages, node A and node B know each other's link-layer addresses. Learned link-layer addresses are kept in a neighbor discovery table (neighbor cache). Therefore, the nodes can communicate on the local link.

The neighbor solicitation message is also used by nodes to verify the reachability of neighbor nodes in the neighbor discovery table (neighbor cache). However, the unicast addresses of the neighbor nodes are used as destination IPv6 addresses in ICMPv6 messages instead of solicited-node multicast addresses in this situation.

It is possible for a node that changes its link-layer address to inform all other neighbor nodes on the local link by sending a neighbor advertisement message using the all-nodes multicast address FF02::1. The neighbor discovery table of the nodes on the local link is updated with the new link-layer address.

Table 3-4 summarizes the types of multicast addresses and ICMPv6 messages involved in the mechanism that replaces ARP.

Table 3-4. Multicast Addresses and ICMPv6 Messages Used by the Mechanism That Replaces ARP
MechanismMulticast AddressICMPv6 Message
Replacement of ARPSolicited-node multicast address (FF02::1:FFxx:xxxx)ICMPv6 Type 135 (neighbor solicitation) ICMPv6 Type 136 (neighbor advertisement)

Displaying the Neighbor Discovery Table's Neighbor Adjacency Entries

You can display neighbor adjacency entries of the neighbor discovery table using the following command:

Router#show ipv6 neighbors [ipv6-address-or-name | interface_type interface_number]

As shown in Example 3-2, the show ipv6 neighbors command displays IPv6 addresses of neighbors, the lifetime (in minutes), the link-layer address, the state, and the network interface of the router where the neighbor is known. The REACH state means that the neighbor can be reached. The STALE state means that these neighbors have not been reached within the last 30 minutes (this is the default value).

Example 3-2. show ipv6 neighbors Command
RouterA#show ipv6 neighbors
IPv6 Address                  Age Link-layer Addr State Interface
FEC0::1:200:86FF:FE4B:F9CE      0 0000.864b.f9ce  REACH FastEthernet0/0
<waiting of 10 minutes>
RouterA#show ipv6 neighbors
IPv6 Address                  Age Link-layer Addr State Interface
FEC0::1:200:86FF:FE4B:F9CE      2 0000.864b.f9ce  STALE FastEthernet0/0
FE80::200:86FF:FE4B:F9CE       10 0000.864b.f9ce  STALE FastEthernet0/0

Adding a Static Neighbor Entry to the Neighbor Discovery Table

On the Cisco router, you can add a static neighbor entry to the neighbor discovery table.

NOTE

Cisco implemented the adding of a static neighbor entry because most IPv6 traffic generator devices do not correctly support IPv6's NDP. Thus, it is not possible to send IPv6 traffic through a router because the neighbor entry does not get created in the neighbor discovery table. By adding the static entry command, Cisco IOS Software technology allows for the testing of devices to be used even without proper NDP support.


The ipv6 neighbor command allows you to add a static entry to the neighbor discovery table. The unicast IPv6 address, the network interface of the router where the neighbor is present, and the link-layer address are mandatory parameters of this command:

Router(config)#ipv6 neighbor
								ipv6-address interface hw-address

This command is enabled on a global basis.

NOTE

If a neighbor entry is already in the neighbor discovery table before the addition, the existing neighbor entry is converted to a static entry.


Example 3-3 shows the addition of a static neighbor entry to the neighbor discovery table. The IPv6 address FEC0::1:0:0:1:B, related to the link-layer address 0080.12ff.6633, is added to Router A's neighbor discovery table.

Example 3-3. Adding a Static Neighbor Entry to the Neighbor Discovery Table
RouterA(config)#ipv6 unicast-routing
								RouterA(config)#ipv6 neighbor fec0::1:0:0:1:b fastEthernet 0/0 0080.12ff.6633
RouterA(config)#exit
RouterA#show ipv6 neighbors
IPv6 Address                     Age Link-layer Addr State Interface
FEC0::1:200:86FF:FE4B:F9CE       15 0000.864b.f9ce  STALE FastEthernet0/0
FEC0::1:0:0:1:B                   - 0080.12ff.6633  REACH FastEthernet0/0
FE80::200:86FF:FE4B:F9CE         15 0000.864b.f9ce  STALE FastEthernet0/0

Removing Neighbor Entries from the Neighbor Discovery Table

You can remove all entries from the neighbor discovery table using the clear ipv6 neighbors command:

Router#clear ipv6 neighbors

Tuning Parameters of Neighbor Discovery Messages

Using a Cisco IOS Software command, you can tune neighbor discovery messages for a time interval and the reachability of neighbors.

The ipv6 nd ns-interval command sets the time interval between neighbor solicitation messages. For normal operation, Cisco does not recommend very short time intervals. The syntax of the ipv6 nd ns-interval command is as follows:

Router(config-if)#ipv6 nd ns-interval
								milliseconds

This command is enabled on an interface basis. By default, this value is adjusted to 1000 milliseconds (1 second).

The ipv6 nd reachable-time command configures the amount of time that a neighbor is considered reachable after an event confirms its reachability. A shorter value discovers dead neighbors more quickly, but it is more expensive in bandwidth consumption and processing. Cisco does not recommend very short reachable-time intervals in normal operation. The syntax of the ipv6 nd reachable-time command is as follows:

Router(config-if)#ipv6 nd reachable-time
								milliseconds

This command is enabled on an interface basis.

By default, this value is adjusted to 30 minutes (1,800,000 milliseconds).

Stateless Autoconfiguration

As defined in RFC 2462, IPv6 Stateless Address Autoconfiguration, stateless autoconfiguration is one of the most interesting and useful new feature of IPv6. It allows nodes on the local link to configure their unicast IPv6 addresses by themselves from the information advertised on a link by a router.

This section describes the mechanisms involved in stateless autoconfiguration. As shown in Figure 3-3, these mechanisms are as follows:

  • Prefix advertisement— Advertises prefixes and parameters on a local link. The prefix advertisement information is used by IPv6 nodes to configure their IPv6 addresses.

  • DAD— Ensures that each IPv6 address configured on an interface using stateless autoconfiguration is unique on the link local scope.

  • Prefix renumbering— Advertises modified prefixes or new prefixes and parameters on the local link to renumber a prefix already advertised.

For each mechanism presented, the following sections cover the commands and parameters used on Cisco equipment to configure stateless autoconfiguration.

NOTE

Routers cannot assign their IPv6 addresses to interfaces using stateless autoconfiguration. Stateless autoconfiguration is designed for nodes only.


Prefix Advertisement

Prefix advertisement is the initial mechanism involved in stateless autoconfiguration. The prefix advertisement mechanism uses router advertisement messages (ICMPv6 Type 134) and all-nodes multicast address FF02::1. Router advertisement messages are sent periodically on the local link to the all-nodes multicast address.

NOTE

With stateless autoconfiguration, IPv6 routers are the only kind of devices allowed to advertise prefixes on local links. It is prohibited for the node to advertise prefixes. The prefix length used in stateless autoconfiguration is 64-bit.


Advertising an IPv6 Prefix on a Cisco Router

As described in Chapter 2, the advertisement of an IPv6 prefix on a Cisco router is enabled as soon as a site-local or aggregatable global unicast IPv6 address with a prefix length is configured on a network interface. The ipv6 address command, as described in Chapter 2, is used for that purpose. If you assign several IPv6 addresses using different prefixes to the same network interface, the different prefixes are advertised to hosts on the local link.

Router advertisement messages contain parameters used by nodes during and after the autoconfiguration process:

  • IPv6 prefix— One to several IPv6 prefixes may be advertised per local link. By default, the prefix length advertised for stateless autoconfiguration is 64 bits. Nodes get the IPv6 prefix, and then they append their link-layer addresses in EUI-64 format to the prefix received. The combination of this information provides a 128-bit address to the nodes.

  • Lifetime— A lifetime value for each prefix advertised is provided to nodes. This value may vary from 0 to infinite. Nodes verify this value to cease the use of a prefix after it has expired, such as when the value equals 0. There are two types of lifetime values per prefix:

    - Valid lifetime— How long the node's address remains in the valid state. When this value expires, the node's address becomes invalid.

    - Preferred lifetime— How long the address configured by a node through stateless autoconfiguration remains preferred. The preferred lifetime must be less than or equal to the valid lifetime. When this value expires, all addresses received by stateless autoconfiguration and using this prefix are deprecated. Therefore, nodes cannot use deprecated addresses to establish new connections. But nodes still accept connections while the valid time is not expired. This parameter is used for prefix renumbering.

  • Default router information— Provides information about the existence and lifetime of the default router's IPv6 address. In IPv6, the default router address used by node is the router's link-local address (FE80::/10). Therefore, even if the prefix is renumbered, the router can always be reached.

  • Flags/options— Specific flags and options for nodes. You can use a flag to instruct nodes to use stateful autoconfiguration rather than stateless autoconfiguration. The flags and options available on Cisco IOS Software are defined in detail in a moment, when the ipv6 nd prefix command is described.

NOTE

Stateful autoconfiguration allows nodes to get their addresses and configuration parameters manually or from a server. The server maintains a database that keeps track of addresses already assigned to nodes. DHCPv6 is an example of stateful autoconfiguration in IPv6.


How Prefix Advertisement Works

This section describes how router advertisement messages and multicast addresses are used to advertise prefixes in IPv6. The Cisco IOS Software commands related to prefix advertisement are presented later.

As shown in Figure 3-5, Router A sends periodic router advertisement messages (ICMPv6 Type 134) using its link-local address FE80::250:3EFF:FEE4:4C00 as the source IPv6 address and the all-nodes multicast address FF02::1 as the destination IPv6 address. The prefix advertised by the router advertisement messages is FEC0:0:0:1::/64 with infinite values as valid and preferred lifetimes. Then, nodes A and B, which listen to the multicast address FF02::1 on the local link, get router advertisement messages and can configure their IPv6 addresses by themselves.

Figure 3-5. Stateless Autoconfiguration Uses a Router Advertisement Message to Allow Nodes on the Local Link to Configure Their IPv6 Addresses

[View full size image]

Displaying Prefix Advertisement Parameters

As shown in Example 3-4, the command show ipv6 interface interface prefix displays parameters of the prefix advertised on an interface. In this example, the prefix 2001:410:0:1::/64 is advertised with a valid lifetime of 2,592,000 seconds and a preferred lifetime of 604,800 seconds. As you can see from the value [LA], the L-bit and A-bit flags are enabled for the specified prefix. L-bit and A-bit flags are discussed in the next section.

Example 3-4. show ipv6 interface interface prefix Command
RouterA#show ipv6 interface fastEthernet 0/0 prefix
IPv6 Prefix Advertisements FastEthernet0/0
Codes: A - Address, P - Prefix-Advertisement, O - Pool
       X - Proxy RA, U - Per-user prefix, D - Default
       N - Not advertised, C - Calendar

AD  2001:410:0:1::/64 [LA] valid lifetime 2592000 preferred lifetime 604800

NOTE

On Cisco equipment, the valid lifetime is set to 30 days (2,592,000 seconds), and the preferred lifetime is adjusted to seven days (604,800 seconds) by default.


Overriding Default Parameters of Prefix Advertisement

The ipv6 nd prefix command overrides parameters of prefixes advertised by a router. This command controls individual parameters of any prefix advertised (enabled on a per-interface basis):

Router(config-if)#ipv6 nd prefix
								ipv6-prefix/prefix-length | default
  [[valid-lifetime preferred-lifetime] | [at
								valid-date preferred-date] [off-link]
  [no-autoconfig] [no-advertise]]

The following describes the parameters and keywords that may be used with the ipv6 nd prefix command:

  • ipv6-prefix/prefix-length— Defines the prefix length to be managed. The prefix length in stateless autoconfiguration is 64-bit.

  • default— This keyword may be used to set default parameters for all prefixes advertised for each interface. Default values such as valid and preferred lifetimes are configured.

  • valid-lifetime— How long in seconds the IPv6 address of a node received by stateless autoconfiguration remains in the valid state. After that valid time period, the address is considered invalid.

  • preferred-lifetime— How long in seconds an IPv6 address remains preferred.

  • at valid-date— A date may be set for the prefix's expiration. After a specific date, the prefix is no longer advertised on the local link. This option is available with Cisco IOS Software technology only.

  • at preferred-date— A date may be set for the prefix's preferred date. This option is available with Cisco IOS Software technology only.

  • off-link— This flag is related to the L-bit, as defined in RFC 2461, Neighbor Discovery for IP Version 6 (IPv6). When the optional off-link keyword is used in Cisco IOS Software technology, the L-bit flag is turned off. However, when the L-bit is turned on (the default setting), it indicates in the router advertisement messages that the specified prefix is assigned to the local link. Therefore, nodes sending traffic to addresses that contain the specified prefix consider the destination to be locally reachable on the link. By default, the L-bit flag is enabled in Cisco IOS Software technology.

  • no-autoconfig— This flag is related to the A-bit, as defined in RFC 2461. The A-bit is also known as the autonomous address-configuration flag. When the optional keyword no-autoconfig is used in Cisco IOS Software technology, the A-bit flag is turned off. However, when the A-bit is turned on (the default setting), it indicates to hosts on the local link that the specified prefix can be used for stateless autoconfiguration. Therefore, the prefix is advertised with lifetime values indicating how long addresses created from the specified prefix remain preferred and valid. By default, the A-bit flag is enabled in Cisco IOS Software technology.

  • no-advertise— When a prefix is flagged with the optional no-advertise keyword, it indicates to hosts on the local link that the specified prefix cannot be used for stateless autoconfiguration (the prefix is not included in the router advertisement messages). By default, this flag is turned off in Cisco IOS Software technology; therefore, prefixes are advertised on the local link. With the optional no-advertise keyword, it is possible to not advertise a specific prefix even though you configured an IPv6 address with a prefix length on a network interface.

To remove an advertised prefix, use the no form of this command:

Router(config-if)#no ipv6 nd prefix ipv6-prefix

Figure 3-6 shows a typical scenario, in which Router A advertises the prefix 2001:410:0:1::/64 using router advertisement messages. Nodes on the local link can configure their addresses using this prefix.

Figure 3-6. Router A Advertises a Prefix by Sending Router Advertisement Messages on the Local Link


Example 3-5 shows a configuration that overrides default parameters of the prefix 2001:0410:0:0::/64 advertised on the network interface FastEthernet 0/0. The ipv6 address 2001:0410:0:1::/64 eui-64 command is used not only to assign an IPv6 address to this interface, but also to enable prefix advertisement on that interface using 2001:0410:0:1::/64 as the prefix. The command ipv6 nd prefix specifies 43,200 seconds (12 hours) as the valid and preferred lifetimes.

Example 3-5. Enabling and Controlling Prefix Advertisement on Interface Fast-Ethernet 0/0
RouterA#configure terminal
RouterA(config)#int fastethernet 0/0
								RouterA(config-if)#ipv6 address 2001:0410:0:1::/64 eui-64
								RouterA(config-if)#ipv6 nd prefix 2001:410:0:1::/64 43200 43200
RouterA(config-if)#exit
RouterA(config)#exit

Another scenario is shown in Figure 3-7. Both Router A and Router B send router advertisement messages on an adjacent local link. Router A advertises prefix 2001:410:0:1::/64 on interface FastEthernet0/0, and Router B advertises the same prefix on its FastEthernet0/1 interface. Router B also advertises the other prefix, 2001:410:0:2::/64, on interface FastEthernet 0/0.

Figure 3-7. Router A and Router B Advertise Prefixes 2001:410:0:1::/64 and 2001:410:0:2::/64 on Different Local Links


Example 3-6 shows configurations applied on both Router A and Router B according to Figure 3-7. The command ipv6 address is used in this example to enable prefix advertisement on the interfaces.

Example 3-6. Configuring Router A and Router B to Advertise Prefixes
RouterA#configure terminal
RouterA(config)#int fastethernet 0/0
								RouterA(config-if)#ipv6 address 2001:0410:0:1::/64 eui-64
RouterA(config-if)#exit
RouterA(config)#exit

RouterB#configure terminal
RouterB(config)#int fastethernet 0/1
								RouterB(config-if)#ipv6 address 2001:0410:0:1::/64 eui-64
RouterB(config-if)#interface fastethernet 0/0
								RouterB(config-if)#ipv6 address 2001:0410:0:2::/64 eui-64
RouterB(config)#exit

Disabling Router Advertisements on the Interface

You can turn off router advertisement on the interface. By default, router advertisement is available on Ethernet (10, 100, 1000 Mbps) FDDI and Token Ring interfaces on Cisco equipment when the global command ipv6 unicast-routing is enabled.

The command ipv6 nd suppress-ra turns off router advertisements on an interface basis:

Router(config-if)#ipv6 nd suppress-ra

The following command cancels the suppression of router advertisements:

Router(config-if)#no ipv6 nd suppress-ra

The ipv6 nd suppress-ra command is enabled on a per-interface basis.

The suppression of router advertisements is useful on a link in which adjacency routers are connected. When two routers advertise the same prefix on an adjacent link, the nodes might see different lifetime values and default routers.

To force nodes on a link where multiple adjacency routers are present to select one default router, the suppression of router advertisements on every router except one using the command ipv6 nd suppress-ra is recommended.

As shown in Figure 3-8, Router A and Router B are adjacent on a link. Router advertisement can be turned off on Router B. Therefore, nodes use parameters and Router A's default address.

Figure 3-8. Router B with Router Advertisement Turned off on Interface FastEthernet 0/1


Example 3-7 shows the command ipv6 nd suppress-ra applied on interface FastEthernet 0/1 of Router B to turn off router advertisement.

Example 3-7. Turning off Router Advertisement on an Interface
RouterA#configure terminal
RouterA(config)#int fastethernet 0/0
RouterA(config-if)#ipv6 address 2001:0410:0:1::/64 eui-64
RouterA(config-if)#exit
RouterA(config)#exit
________________________________________________________________
RouterB#configure terminal
RouterB(config)#int fastethernet 0/1
RouterB(config-if)#ipv6 address 2001:0410:0:1::/64 eui-64
								RouterB(config-if)#ipv6 nd suppress-ra
RouterB(config-if)#interface fastethernet 0/0
RouterB(config-if)#ipv6 address 2001:0410:0:2::/64 eui-64
RouterB(config)#exit

When multiple routers are connected on the same link, you can display prefixes and parameters advertised by the other routers using the Cisco IOS Software commands.

As shown in Example 3-8, the show ipv6 routers command displays router advertisement information received from other routers. This example shows information about the prefix 2001:410:0:2::/64 advertised on the link where the interface FastEthernet 0/0 is physically connected.

Example 3-8. Displaying Router Advertisement Information Received on Interface FastEthernet 0/0
RouterA#show ipv6 routers
Router FE80::260:8FF:FE37:BF6 on FastEthernet0/0, last update 3 min
  Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500
  Reachable time 0 msec, Retransmit time 0 msec
  Prefix 2001:410:0:2::/64 onlink autoconfig
    Valid lifetime 2592000, preferred lifetime 604800

Tuning Prefix Advertisement Parameters

On Cisco routers, you can modify prefix advertisement parameters. These parameters are related to router advertisement messages and stateless autoconfiguration, as described in the following:

  • Router advertisement lifetime— The lifetime of a router advertisement message (ICMPv6 Type 134). This parameter defines how long in seconds each message is considered valid after it is sent. This value is included in all router advertisement messages that are sent. By default, this parameter is set to 1800 seconds (30 minutes) on Cisco routers. The ipv6 nd ra-lifetime command modifies this parameter:

    Router(config-if)# ipv6 nd ra-lifetime
										seconds

    This command is enabled on a per-interface basis.

  • Router advertisement interval— The amount of time in seconds between consecutive router advertisement messages. This value may be less than or equal to the router advertisement lifetime. By default, this parameter is set to 200 seconds on Cisco routers. This parameter has a direct effect on how long a booting node has to wait for the next router advertisement message to configure its address. If the node cannot wait for the next router advertisement message, it can send a router solicitation message to force a router on the local link to send a new router advertisement message. (Router solicitation is discussed in the next section.) The ipv6 nd ra-interval command defines this parameter:

    Router(config-if)# ipv6 nd ra-interval
										seconds

    This command is enabled on a per-interface basis.

  • managed-config-flag— When this parameter is not set, the nodes are allowed to use stateless autoconfiguration (but not stateful autoconfiguration) to configure their IPv6 addresses by themselves. By default on Cisco routers, this value is not set, meaning that stateless autoconfiguration is enabled. Otherwise, when this flag is set, the nodes should use a stateful autoconfiguration mechanism (but not stateless autoconfiguration) such as a DHCPv6 server to get their IPv6 addresses. Therefore, the ipv6 nd managed-config-flag command enables stateful autoconfiguration:

    Router(config-if)# ipv6 nd managed-config-flag

    On the opposite side, the no ipv6 nd managed-config-flag command disables stateful autoconfiguration:

    Router(config-if)# no ipv6 nd managed-config-flag

    These commands are enabled on a per-interface basis.

  • other-config-flag— This flag is also related to stateful autoconfiguration. When it is turned off, the nodes should not use a stateful autoconfiguration mechanism to configure parameters other than the IPv6 address. By default, this value is set to off. The ipv6 nd other-config-flag command enables this flag:

    Router(config-if)# ipv6 nd other-config-flag

    This command is enabled on a per-interface basis.

Requesting Router Advertisement Using Router Solicitation

Router advertisement messages are sent periodically on local links by routers. However, when nodes boot, it might be a long time before the next router advertisement message. In this situation, any node can send a router solicitation message (ICMPv6 Type 133) to the all-routers multicast address FF02::2 on the local link. When the router solicitation message is received, a router on the local link responds with a router advertisement message (ICMP Type 134) using the all-nodes multicast address FF02::1.

Figure 3-9 illustrates this mechanism. Node A sends a router solicitation message using the link-local address (FE80::/10) as the IPv6 source address to the all-routers multicast address FF02::2. Router A listens for multicast packets corresponding to groups it belongs to and gets the router solicitation message. Then Router A responds with a router advertisement message (ICMP Type 134) using its link-local address as a source IPv6 address to the all-nodes multicast address FF02::1.

Figure 3-9. Router Solicitation Message Is Sent to Ask the Router to Respond with a Router Advertisement Message

[View full size image]

NOTE

To avoid the flooding of router solicitation messages on the link, each node can send only three router solicitation messages at boot time. In the absence of an IPv6 router on the link, this rule keeps links from being flooded by router solicitation messages.


Table 3-5 summarizes the types of multicast addresses and ICMPv6 messages that are used the most in prefix advertisement.

Table 3-5. Multicast Addresses and ICMPv6 Messages Used by Prefix Advertisement
MechanismMulticast AddressICMPv6 Message
Prefix advertisementAll-nodes multicast (FF02::1) All-routers multicast (FF02::2)ICMPv6 Type 134 (router advertisement) ICMPv6 Type 133 (router solicitation)

How Duplicate Address Detection (DAD) Works

DAD is an NDP mechanism involved in stateless autoconfiguration and at the boot of a node. Before a node can configure its IPv6 unicast address using stateless autoconfiguration, it must verify on the local link that the tentative address it wants to use is unique and not already in use by another node.

DAD uses neighbor solicitation messages (ICMPv6 Type 135) and solicited-node multicast addresses to perform this task. This operation requires the node to send a neighbor solicitation message on the local link using the unspecified address (::) as its source IPv6 address and the solicited-node multicast address of the tentative unicast address as the destination IPv6 address. If a duplicate address is discovered during the procedure, the tentative address cannot be assigned to the interface. Otherwise, the tentative address is configured to the interface.

Figure 3-10 illustrates this mechanism. First, node A initiates DAD. Node A intends to configure the tentative IPv6 unicast address 2001:410:0:1::1:a on its interface. Therefore, node A sends a neighbor solicitation message using the unspecified address (::) as the IPv6 source address and the solicited-node multicast address FF02::1:FF01:000A of the tentative unicast address 2001:410:0:1::1:a as the destination address.

Figure 3-10. Node A Sends a Neighbor Solicitation Message on the Local Link to Perform DAD

[View full size image]

As soon as the neighbor solicitation has been sent on the local link, if a node responds to that request, it means that the tentative unicast IPv6 address is in use by another node. In the absence of a reply (as shown in Figure 3-10), node A considers the tentative unicast address 2002:410:0:1::1:a to be unique on the local link and can assign it to its interface.

Tuning DAD

By default, DAD is enabled on Cisco routers. The number of neighbor solicitation messages to send on the local link before considering an address's uniqueness is set to 1. However, as described in Table 3-6, the command ipv6 nd dad attempts may be used to modify this number of neighbor solicitation messages. The acceptable range is between 0 and 600 messages. This command used with the value 0 disables DAD.

Table 3-6. ipv6 nd dad attempts Command
CommandDescription
Router(config-if)# ipv6 nd dad attempts numberDefines the number of router solicitation messages for DAD to send on the link before considering an IPv6 address unique.
Example RouterA(config-if)# ipv6 nd dad attempts 3DAD sends three neighbor solicitation messages on the link before considering the IPv6 address unique.
Example RouterA(config-if)# ipv6 nd dad attempts 0The value 0 disables DAD on an interface.

This command is enabled on a per-interface basis.

Table 3-7 summarizes the types of multicast addresses and ICMPv6 messages that are used the most in DAD.

Table 3-7. Multicast Addresses and ICMPv6 Messages Used by DAD
MechanismMulticast AddressICMPv6 Message
DADSolicited-node multicast address (FF02::1:FFxx:xxxx)ICMPv6 Type 135 (neighbor solicitation)

How Prefix Renumbering Works

A key benefit of the IPv6 protocol is its capability to provide transparent renumbering of the network to end users when the prefix must be changed for a new one. Because of the strict aggregation of the IPv6 protocol, prefix renumbering is necessary when an organization decides to change its IPv6 provider.

Prefix renumbering allows a smooth transition from a prior network prefix to a new prefix. Getting the benefits of transparent renumbering implies the use of stateless autoconfiguration for all of a site's nodes. Other network renumbering methods may be used, but they are less transparent than prefix renumbering in the context of stateless autoconfiguration.

Prefix renumbering is performed by routers already advertising prefixes on local links. This mechanism uses the same ICMPv6 messages and multicast addresses as the prefix advertisement mechanism. In fact, prefix renumbering is a new concept using time parameters contained in router advertisement messages to perform the task.

First, all routers in the site continue to advertise the current prefix, but the valid and preferred lifetimes are decreased to a value close to 0. Then routers begin to advertise the new prefixes on local links. Therefore, at least two prefixes coexist on every local link. This means that router advertisement messages contain one old and one new IPv6 prefix.

By receiving these router advertisement messages, nodes are discover the deprecation of the current prefix with a short life, but they also obtain the new prefix. During this transition time, all nodes use two unicast addresses:

  • Old unicast address— The old address is based on the old prefix. Current connections using the old address are still handled.

  • New unicast address— New connections are established using the new address.

When the old prefix is completely deprecated (its lifetime has expired), router advertisement messages include the new prefix only. A prefix is deprecated when the valid/preferred lifetime values are set to 0.

NOTE

During prefix renumbering, features such as IPv6 ACLs or QoS set with the old prefix must be updated to reflect the new prefix as well on the IPv6 router.


Configuring Prefix Renumbering

Cisco IOS Software technology introduces proprietary parameters in router advertisement messages to help with prefix renumbering. By using the command ipv6 nd prefix, you can specify an exact date and time when a prefix must be considered deprecated rather than manually decreasing prefixes' lifetimes. The new keywords for this purpose are at valid-date and at preferred-date. The following is the syntax for the ipv6 nd prefix command:

Router(config-if)#ipv6 nd prefix
								ipv6-prefix/prefix-length | default
  [[valid-lifetime preferred-lifetime] | [at
								valid-date preferred-date]
  [off-link] [no-autoconfig] [no-advertise]]

When a date and time are specified using these parameters, the router performs a time countdown, meaning that each new router advertisement message includes decreased lifetime values until 0.

NOTE

To use parameters related to date and time with the ipv6 nd prefix command, you must adjust the date and time on the router. You can do this using the clock set command or by specifying a Network Time Protocol (NTP) server through the ntp server command.


Example 3-9 shows the command ipv6 nd prefix used to perform prefix renumbering on interface FastEthernet 0/0 based on the valid-date and preferred-date keywords. The initial date/time on the router is set to February 10, 2003 at 16:35:00 using the clock set command. The command ipv6 nd prefix determines that the prefix 2001:410:0:1::/64 is deprecated by February 10, 2003 at 17:00:00 (25 minutes later). However, the other prefix, 2001:420:0:2::/64, continues to be advertised using default values. In this example, the router advertisement interval is set to 60 seconds.

Example 3-9. Prefix Deprecated Using the ipv6 nd prefix Command and the Parameters valid-date and preferred-date
								RouterA#clock set 16:35:00 10 February 2003
RouterA(config)#interface Fast-Ethernet 0/0
RouterA(config-if)#ipv6 address 2001:410:0:1::/64 eui-64
RouterA(config-if)#ipv6 address 2001:420:0:2::/64 eui-64
RouterA(config-if)#ipv6 nd ra-interval 60
								RouterA(config-if)#ipv6 nd prefix 2001:410:0:1::/64 at Feb 10 2003 17:00
								Feb 10 2003 17:00
RouterA(config-if)#exit

Debugging Prefix Advertisement and Prefix Renumbering

The command debug ipv6 nd may be used to display information related to neighbor discovery messages (prefix advertisement and prefix renumbering). Example 3-10 shows debugging information when a prefix is deprecated using the ipv6 nd prefix command and the date and time as keywords. In this example, remaining valid/preferred lifetimes for the prefix 2001:410:0:1::/64 are decreased each time the router sends a new router advertisement message. Finally, when the prefix is deprecated, router advertisement messages are empty, because no new prefix is advertised.

Example 3-10. debug ipv6 nd Command
RouterA#debug ipv6 nd
RouterA#ICMP Neighbor Discovery events debugging is on
01:51:14: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/0
01:51:14: ICMPv6-ND:     prefix = 2001:410:0:1::/64 onlink autoconfig
01:51:14: ICMPv6-ND:         1138/1138 (valid/preferred)
01:52:09: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/0
01:52:09: ICMPv6-ND:     prefix = 2001:410:0:1::/64 onlink autoconfig
01:52:09: ICMPv6-ND:         1084/1084 (valid/preferred)
<Data omitted>
02:09:15: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/0
02:09:15: ICMPv6-ND:     prefix = 2001:410:0:1::/64 onlink autoconfig
02:09:15: ICMPv6-ND:         58/58 (valid/preferred)
02:10:10: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/0
02:10:10: ICMPv6-ND:     prefix = 2001:410:0:1::/64 onlink autoconfig
02:10:10: ICMPv6-ND:         2/2 (valid/preferred)
								02:11:02: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/0
								02:12:02: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/0
								02:12:57: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/0

NOTE

The default router is always seen in the routing tables of nodes on the local link with its link-local addresses (FE80::/10). This guarantees that all routers can be reached even when network renumbering occurs. During renumbering, unicast IPv6 addresses assigned to router interfaces change, but not link-local addresses.


Router Redirection

Router redirection is an NDP mechanism in IPv6. Routers use ICMPv6 redirection messages to inform nodes on the link that a better router exists on the link to forward packets. Then the node that receives the ICMPv6 redirect message may modify its local routing table according to the new router address in the ICMPv6 redirection message. The router redirection mechanism in IPv6 uses redirect messages (ICMPv6 Type 137). This mechanism is the equivalent of the redirect message in IPv4.

As shown in Figure 3-11, node A wants to send packets to LAN ZZ. First, node A delivers the first packet to its default router (Router A). However, after forwarding this packet to LAN ZZ, Router A knows that Router C is a better path for nodes on this local link to forward packets to LAN ZZ. Therefore, in the second step, Router A sends node A an ICMPv6 redirect message that contains Router C's IPv6 address. Finally, node A sends the next packets to be sent to LAN ZZ to Router C.

Figure 3-11. ICMPv6 Redirect Messages

[View full size image]

ICMPv6 redirect is enabled by default on Cisco interfaces. The command ipv6 redirects may be used to disable or enable the sending of ICMPv6 redirect messages. Here is an example of disabling the sending of messages:

Router(config-if)# no ipv6 redirects

The following example shows the command to enable the sending of messages. By default, ICMPv6 redirect is enabled on all interfaces.

Router(config-if)# ipv6 redirects

The ipv6 redirects command is enabled on a per-interface basis.

The command ipv6 icmp error-interval may be used to limit the minimum rate at which the router can generate ICMPv6 error messages. By default, this parameter is set to 500 milliseconds. Here is the syntax of the ipv6 icmp error-interval command:

Router(config)# ipv6 icmp error-interval msec

This command is enabled on a global basis.

NDP Summary

As described throughout this section, NDP mechanisms are fundamental components of the IPv6 protocol. You have learned about the following:

  • Replacement of ARP by neighbor solicitation and neighbor advertisement messages

  • Stateless autoconfiguration uses prefix advertisement, DAD, and prefix renumbering mechanisms.

  • Router redirection is similar to redirection in IPv4.

Table 3-8 summarizes the ICMPv6 messages and multicast addresses involved in each mechanism described.

Table 3-8. ICMPv6 Messages, Multicast, and Other Addresses Used by All NDP Mechanisms
MechanismICMPv6 MessageMulticast Address
Replacement of ARPType 135 (neighbor solicitation) Type 136 (neighbor advertisement)All-nodes multicast (FF02::1) Solicited-node multicast (FF02::1:FFxx:xxxx)
Prefix advertisementType 133 (router solicitation) Type 134 (router advertisement)All-nodes multicast (FF02::1) All-routers multicast (FF02::2)
DADType 135 (neighbor solicitation)Solicited-node multicast (FF02::1:FFxx:xxxx)
Prefix renumberingType 133 (router solicitation) Type 134 (router advertisement)All-nodes multicast (FF02::1) All-routers multicast (FF02::2)
Router redirectionType 137 (router redirection)

You should be able to deploy, manage, and support IPv6 on local links, networks, and routers.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.190.158.56