Neighbor Discovery Protocol (NDP), as defined in RFC 2461, Neighbor Discovery for IP Version 6 (IPv6), is a key protocol of IPv6. Moreover, Figure 3-3 illustrates that NDP is an umbrella that defines these mechanisms:
Replacement of ARP— Because ARP has been removed in IPv6, IPv6 provides a new way to determine link-layer addresses of nodes on the local link. This new mechanism uses a mix of ICMPv6 messages and multicast addresses.
Stateless autoconfiguration— This mechanism allows nodes on the local link to configure their IPv6 addresses by themselves by using a mix of ICMPv6 messages and multicast addresses.
Router redirection— The router sends ICMPv6 messages to an IPv6 node to inform it of the presence of a better router address on the same local link to reach a destination network.
New ICMPv6 messages are defined for NDP's specific scope. As shown in Table 3-2, these ICMPv6 messages are labeled in the context of NDP. These new ICMPv6 messages are Router Solicitation, Router Advertisement, Neighbor Solicitation, Neighbor Advertisement, and Redirect Message.
ICMPv6 Type | Name of Message |
---|---|
Type 133 | Router solicitation (RS) |
Type 134 | Router advertisement (RA) |
Type 135 | Neighbor solicitation (NS) |
Type 136 | Neighbor advertisement (NA) |
Type 137 | Redirect message |
Table 3-3 shows the ICMPv6 messages that are used by NDP mechanisms. ARP replacement uses neighbor solicitation (ICMPv6 Type 135) and neighbor advertisement (ICMPv6 Type 136) messages. Prefix advertisement and prefix renumbering use router solicitation (ICMPv6 Type 133) and router advertisement (ICMPv6 Type 134) messages. DAD uses neighbor solicitation. Router redirection uses redirection message (ICMPv6 Type 137).
Mechanism | ICMPv6 Type 133 | ICMPv6 Type 134 | ICMPv6 Type 135 | ICMPv6 Type 136 | ICMPv6 Type 137 |
---|---|---|---|---|---|
Replacement of ARP | X | X | |||
Prefix advertisement | X | X | |||
Prefix renumbering | X | X | |||
DAD | X | ||||
Router redirection | X |
On Cisco equipment, parameters of NDP and the mechanisms under its umbrella are controlled using the ipv6 nd command. The following sections describe in detail each mechanism under the scope of NDP.
In IPv4, ARP is used by nodes on the local link to determine link-layer addresses of other nodes. Each node handles an ARP cache, which contains link-layer addresses of nodes learned with ARP. In IPv6, the determination of nodes' link-layer addresses uses a combination of neighbor solicitation messages (ICMPv6 Type 135), neighbor advertisement messages (ICMPv6 Type 136), and the solicited-node multicast address (FF02::1:FFxx:xxxx), as discussed in Chapter 2.
As explained in the following list, the NDP used in IPv6 is much more efficient than ARP in IPv4:
In IPv6, only neighbor nodes concerned with this mechanism compute neighbor solicitation and neighbor advertisement messages in their stack. In IPv4, ARP broadcast messages are used to find a node's link-layer addresses. However, ARP broadcast forces all nodes on the local link to push all ARP broadcast messages toward the IPv4 stack.
In IPv6, nodes communicate their link-layer addresses to each other in the same request. In IPv4, two ARP broadcast messages are needed to obtain the same result.
Reachability of IPv6 addresses and link-layer addresses in the neighbor cache is verified. With ARP in IPv4, entries are removed after expiration (timeout).
This section describes in detail how neighbor solicitation messages, neighbor advertisement messages, and solicited-node multicast addresses are used in IPv6 to replace ARP. Then, Cisco IOS Software commands related to neighbor solicitation and neighbor advertisement are explained.
The following steps occur, as shown in Figure 3-4:
Step 1. | Using the address FEC0::1:0:0:1:A, node A wants to deliver packets to destination node B using the IPv6 address FEC0::1:0:0:1:B on the same local link. However, node A does not know node B's link-layer address. Node A sends an ICMPv6 Type 135 message (neighbor solicitation) on the local link using its site-local address FEC0::1:0:0:1:A as the IPv6 source address, the solicited-node multicast address FF02::1:FF01:B corresponding to the target address FEC0::1:0:0:1:B as the destination IPv6 address, and the source link-layer address 00:50:3e:e4:4c:00 of the sender, node A, as data of the ICMPv6 message. The source link-layer address of this frame is the link-layer address 00:50:3e:e4:4c:00 of node A. The destination link-layer address 33:33:FF:01:00:0B of this frame uses multicast mapping of the destination IPv6 address FF02::1:FF01:B. NOTE Note that the local link in this example is an Ethernet link. Refer to Chapter 2 for additional details on the multicast mapping for Ethernet defined for IPv6. |
Step 2. | Node B, which is listening to the local link for multicast addresses, intercepts the neighbor solicitation message because the destination IPv6 address FF02::1:FF01:B represents the solicited-node multicast address corresponding to its IPv6 address FEC0::1:0:0:1:B. |
Step 3. | Node B replies by sending a neighbor advertisement message using its site-local address FEC0::1:0:0:1:B as the IPv6 source address and the site-local address FEC0::1:0:0:1:A as the destination IPv6 address. It also includes its link-layer address 00:50:3e:e4:4b:01 in the ICMPv6 message. |
After receiving neighbor solicitation and neighbor advertisement messages, node A and node B know each other's link-layer addresses. Learned link-layer addresses are kept in a neighbor discovery table (neighbor cache). Therefore, the nodes can communicate on the local link.
The neighbor solicitation message is also used by nodes to verify the reachability of neighbor nodes in the neighbor discovery table (neighbor cache). However, the unicast addresses of the neighbor nodes are used as destination IPv6 addresses in ICMPv6 messages instead of solicited-node multicast addresses in this situation.
It is possible for a node that changes its link-layer address to inform all other neighbor nodes on the local link by sending a neighbor advertisement message using the all-nodes multicast address FF02::1. The neighbor discovery table of the nodes on the local link is updated with the new link-layer address.
Table 3-4 summarizes the types of multicast addresses and ICMPv6 messages involved in the mechanism that replaces ARP.
Mechanism | Multicast Address | ICMPv6 Message |
---|---|---|
Replacement of ARP | Solicited-node multicast address (FF02::1:FFxx:xxxx) | ICMPv6 Type 135 (neighbor solicitation) ICMPv6 Type 136 (neighbor advertisement) |
You can display neighbor adjacency entries of the neighbor discovery table using the following command:
Router#show ipv6 neighbors [ipv6-address-or-name | interface_type interface_number]
As shown in Example 3-2, the show ipv6 neighbors command displays IPv6 addresses of neighbors, the lifetime (in minutes), the link-layer address, the state, and the network interface of the router where the neighbor is known. The REACH state means that the neighbor can be reached. The STALE state means that these neighbors have not been reached within the last 30 minutes (this is the default value).
On the Cisco router, you can add a static neighbor entry to the neighbor discovery table.
NOTE
Cisco implemented the adding of a static neighbor entry because most IPv6 traffic generator devices do not correctly support IPv6's NDP. Thus, it is not possible to send IPv6 traffic through a router because the neighbor entry does not get created in the neighbor discovery table. By adding the static entry command, Cisco IOS Software technology allows for the testing of devices to be used even without proper NDP support.
The ipv6 neighbor command allows you to add a static entry to the neighbor discovery table. The unicast IPv6 address, the network interface of the router where the neighbor is present, and the link-layer address are mandatory parameters of this command:
Router(config)#ipv6 neighbor ipv6-address interface hw-address
This command is enabled on a global basis.
NOTE
If a neighbor entry is already in the neighbor discovery table before the addition, the existing neighbor entry is converted to a static entry.
Example 3-3 shows the addition of a static neighbor entry to the neighbor discovery table. The IPv6 address FEC0::1:0:0:1:B, related to the link-layer address 0080.12ff.6633, is added to Router A's neighbor discovery table.
RouterA(config)#ipv6 unicast-routing RouterA(config)#ipv6 neighbor fec0::1:0:0:1:b fastEthernet 0/0 0080.12ff.6633 RouterA(config)#exit RouterA#show ipv6 neighbors IPv6 Address Age Link-layer Addr State Interface FEC0::1:200:86FF:FE4B:F9CE 15 0000.864b.f9ce STALE FastEthernet0/0 FEC0::1:0:0:1:B - 0080.12ff.6633 REACH FastEthernet0/0 FE80::200:86FF:FE4B:F9CE 15 0000.864b.f9ce STALE FastEthernet0/0 |
You can remove all entries from the neighbor discovery table using the clear ipv6 neighbors command:
Router#clear ipv6 neighbors
Using a Cisco IOS Software command, you can tune neighbor discovery messages for a time interval and the reachability of neighbors.
The ipv6 nd ns-interval command sets the time interval between neighbor solicitation messages. For normal operation, Cisco does not recommend very short time intervals. The syntax of the ipv6 nd ns-interval command is as follows:
Router(config-if)#ipv6 nd ns-interval milliseconds
This command is enabled on an interface basis. By default, this value is adjusted to 1000 milliseconds (1 second).
The ipv6 nd reachable-time command configures the amount of time that a neighbor is considered reachable after an event confirms its reachability. A shorter value discovers dead neighbors more quickly, but it is more expensive in bandwidth consumption and processing. Cisco does not recommend very short reachable-time intervals in normal operation. The syntax of the ipv6 nd reachable-time command is as follows:
Router(config-if)#ipv6 nd reachable-time milliseconds
This command is enabled on an interface basis.
By default, this value is adjusted to 30 minutes (1,800,000 milliseconds).
As defined in RFC 2462, IPv6 Stateless Address Autoconfiguration, stateless autoconfiguration is one of the most interesting and useful new feature of IPv6. It allows nodes on the local link to configure their unicast IPv6 addresses by themselves from the information advertised on a link by a router.
This section describes the mechanisms involved in stateless autoconfiguration. As shown in Figure 3-3, these mechanisms are as follows:
Prefix advertisement— Advertises prefixes and parameters on a local link. The prefix advertisement information is used by IPv6 nodes to configure their IPv6 addresses.
DAD— Ensures that each IPv6 address configured on an interface using stateless autoconfiguration is unique on the link local scope.
Prefix renumbering— Advertises modified prefixes or new prefixes and parameters on the local link to renumber a prefix already advertised.
For each mechanism presented, the following sections cover the commands and parameters used on Cisco equipment to configure stateless autoconfiguration.
NOTE
Routers cannot assign their IPv6 addresses to interfaces using stateless autoconfiguration. Stateless autoconfiguration is designed for nodes only.
Prefix advertisement is the initial mechanism involved in stateless autoconfiguration. The prefix advertisement mechanism uses router advertisement messages (ICMPv6 Type 134) and all-nodes multicast address FF02::1. Router advertisement messages are sent periodically on the local link to the all-nodes multicast address.
NOTE
With stateless autoconfiguration, IPv6 routers are the only kind of devices allowed to advertise prefixes on local links. It is prohibited for the node to advertise prefixes. The prefix length used in stateless autoconfiguration is 64-bit.
As described in Chapter 2, the advertisement of an IPv6 prefix on a Cisco router is enabled as soon as a site-local or aggregatable global unicast IPv6 address with a prefix length is configured on a network interface. The ipv6 address command, as described in Chapter 2, is used for that purpose. If you assign several IPv6 addresses using different prefixes to the same network interface, the different prefixes are advertised to hosts on the local link.
Router advertisement messages contain parameters used by nodes during and after the autoconfiguration process:
IPv6 prefix— One to several IPv6 prefixes may be advertised per local link. By default, the prefix length advertised for stateless autoconfiguration is 64 bits. Nodes get the IPv6 prefix, and then they append their link-layer addresses in EUI-64 format to the prefix received. The combination of this information provides a 128-bit address to the nodes.
Lifetime— A lifetime value for each prefix advertised is provided to nodes. This value may vary from 0 to infinite. Nodes verify this value to cease the use of a prefix after it has expired, such as when the value equals 0. There are two types of lifetime values per prefix:
Default router information— Provides information about the existence and lifetime of the default router's IPv6 address. In IPv6, the default router address used by node is the router's link-local address (FE80::/10). Therefore, even if the prefix is renumbered, the router can always be reached.
Flags/options— Specific flags and options for nodes. You can use a flag to instruct nodes to use stateful autoconfiguration rather than stateless autoconfiguration. The flags and options available on Cisco IOS Software are defined in detail in a moment, when the ipv6 nd prefix command is described.
NOTE
Stateful autoconfiguration allows nodes to get their addresses and configuration parameters manually or from a server. The server maintains a database that keeps track of addresses already assigned to nodes. DHCPv6 is an example of stateful autoconfiguration in IPv6.
This section describes how router advertisement messages and multicast addresses are used to advertise prefixes in IPv6. The Cisco IOS Software commands related to prefix advertisement are presented later.
As shown in Figure 3-5, Router A sends periodic router advertisement messages (ICMPv6 Type 134) using its link-local address FE80::250:3EFF:FEE4:4C00 as the source IPv6 address and the all-nodes multicast address FF02::1 as the destination IPv6 address. The prefix advertised by the router advertisement messages is FEC0:0:0:1::/64 with infinite values as valid and preferred lifetimes. Then, nodes A and B, which listen to the multicast address FF02::1 on the local link, get router advertisement messages and can configure their IPv6 addresses by themselves.
As shown in Example 3-4, the command show ipv6 interface interface prefix displays parameters of the prefix advertised on an interface. In this example, the prefix 2001:410:0:1::/64 is advertised with a valid lifetime of 2,592,000 seconds and a preferred lifetime of 604,800 seconds. As you can see from the value [LA], the L-bit and A-bit flags are enabled for the specified prefix. L-bit and A-bit flags are discussed in the next section.
RouterA#show ipv6 interface fastEthernet 0/0 prefix IPv6 Prefix Advertisements FastEthernet0/0 Codes: A - Address, P - Prefix-Advertisement, O - Pool X - Proxy RA, U - Per-user prefix, D - Default N - Not advertised, C - Calendar AD 2001:410:0:1::/64 [LA] valid lifetime 2592000 preferred lifetime 604800 |
NOTE
On Cisco equipment, the valid lifetime is set to 30 days (2,592,000 seconds), and the preferred lifetime is adjusted to seven days (604,800 seconds) by default.
The ipv6 nd prefix command overrides parameters of prefixes advertised by a router. This command controls individual parameters of any prefix advertised (enabled on a per-interface basis):
Router(config-if)#ipv6 nd prefix ipv6-prefix/prefix-length | default [[valid-lifetime preferred-lifetime] | [at valid-date preferred-date] [off-link] [no-autoconfig] [no-advertise]]
The following describes the parameters and keywords that may be used with the ipv6 nd prefix command:
ipv6-prefix/prefix-length— Defines the prefix length to be managed. The prefix length in stateless autoconfiguration is 64-bit.
default— This keyword may be used to set default parameters for all prefixes advertised for each interface. Default values such as valid and preferred lifetimes are configured.
valid-lifetime— How long in seconds the IPv6 address of a node received by stateless autoconfiguration remains in the valid state. After that valid time period, the address is considered invalid.
preferred-lifetime— How long in seconds an IPv6 address remains preferred.
at valid-date— A date may be set for the prefix's expiration. After a specific date, the prefix is no longer advertised on the local link. This option is available with Cisco IOS Software technology only.
at preferred-date— A date may be set for the prefix's preferred date. This option is available with Cisco IOS Software technology only.
off-link— This flag is related to the L-bit, as defined in RFC 2461, Neighbor Discovery for IP Version 6 (IPv6). When the optional off-link keyword is used in Cisco IOS Software technology, the L-bit flag is turned off. However, when the L-bit is turned on (the default setting), it indicates in the router advertisement messages that the specified prefix is assigned to the local link. Therefore, nodes sending traffic to addresses that contain the specified prefix consider the destination to be locally reachable on the link. By default, the L-bit flag is enabled in Cisco IOS Software technology.
no-autoconfig— This flag is related to the A-bit, as defined in RFC 2461. The A-bit is also known as the autonomous address-configuration flag. When the optional keyword no-autoconfig is used in Cisco IOS Software technology, the A-bit flag is turned off. However, when the A-bit is turned on (the default setting), it indicates to hosts on the local link that the specified prefix can be used for stateless autoconfiguration. Therefore, the prefix is advertised with lifetime values indicating how long addresses created from the specified prefix remain preferred and valid. By default, the A-bit flag is enabled in Cisco IOS Software technology.
no-advertise— When a prefix is flagged with the optional no-advertise keyword, it indicates to hosts on the local link that the specified prefix cannot be used for stateless autoconfiguration (the prefix is not included in the router advertisement messages). By default, this flag is turned off in Cisco IOS Software technology; therefore, prefixes are advertised on the local link. With the optional no-advertise keyword, it is possible to not advertise a specific prefix even though you configured an IPv6 address with a prefix length on a network interface.
To remove an advertised prefix, use the no form of this command:
Router(config-if)#no ipv6 nd prefix ipv6-prefix
Figure 3-6 shows a typical scenario, in which Router A advertises the prefix 2001:410:0:1::/64 using router advertisement messages. Nodes on the local link can configure their addresses using this prefix.
Example 3-5 shows a configuration that overrides default parameters of the prefix 2001:0410:0:0::/64 advertised on the network interface FastEthernet 0/0. The ipv6 address 2001:0410:0:1::/64 eui-64 command is used not only to assign an IPv6 address to this interface, but also to enable prefix advertisement on that interface using 2001:0410:0:1::/64 as the prefix. The command ipv6 nd prefix specifies 43,200 seconds (12 hours) as the valid and preferred lifetimes.
RouterA#configure terminal RouterA(config)#int fastethernet 0/0 RouterA(config-if)#ipv6 address 2001:0410:0:1::/64 eui-64 RouterA(config-if)#ipv6 nd prefix 2001:410:0:1::/64 43200 43200 RouterA(config-if)#exit RouterA(config)#exit |
Another scenario is shown in Figure 3-7. Both Router A and Router B send router advertisement messages on an adjacent local link. Router A advertises prefix 2001:410:0:1::/64 on interface FastEthernet0/0, and Router B advertises the same prefix on its FastEthernet0/1 interface. Router B also advertises the other prefix, 2001:410:0:2::/64, on interface FastEthernet 0/0.
Example 3-6 shows configurations applied on both Router A and Router B according to Figure 3-7. The command ipv6 address is used in this example to enable prefix advertisement on the interfaces.
RouterA#configure terminal RouterA(config)#int fastethernet 0/0 RouterA(config-if)#ipv6 address 2001:0410:0:1::/64 eui-64 RouterA(config-if)#exit RouterA(config)#exit RouterB#configure terminal RouterB(config)#int fastethernet 0/1 RouterB(config-if)#ipv6 address 2001:0410:0:1::/64 eui-64 RouterB(config-if)#interface fastethernet 0/0 RouterB(config-if)#ipv6 address 2001:0410:0:2::/64 eui-64 RouterB(config)#exit |
You can turn off router advertisement on the interface. By default, router advertisement is available on Ethernet (10, 100, 1000 Mbps) FDDI and Token Ring interfaces on Cisco equipment when the global command ipv6 unicast-routing is enabled.
The command ipv6 nd suppress-ra turns off router advertisements on an interface basis:
Router(config-if)#ipv6 nd suppress-ra
The following command cancels the suppression of router advertisements:
Router(config-if)#no ipv6 nd suppress-ra
The ipv6 nd suppress-ra command is enabled on a per-interface basis.
The suppression of router advertisements is useful on a link in which adjacency routers are connected. When two routers advertise the same prefix on an adjacent link, the nodes might see different lifetime values and default routers.
To force nodes on a link where multiple adjacency routers are present to select one default router, the suppression of router advertisements on every router except one using the command ipv6 nd suppress-ra is recommended.
As shown in Figure 3-8, Router A and Router B are adjacent on a link. Router advertisement can be turned off on Router B. Therefore, nodes use parameters and Router A's default address.
Example 3-7 shows the command ipv6 nd suppress-ra applied on interface FastEthernet 0/1 of Router B to turn off router advertisement.
RouterA#configure terminal RouterA(config)#int fastethernet 0/0 RouterA(config-if)#ipv6 address 2001:0410:0:1::/64 eui-64 RouterA(config-if)#exit RouterA(config)#exit ________________________________________________________________ RouterB#configure terminal RouterB(config)#int fastethernet 0/1 RouterB(config-if)#ipv6 address 2001:0410:0:1::/64 eui-64 RouterB(config-if)#ipv6 nd suppress-ra RouterB(config-if)#interface fastethernet 0/0 RouterB(config-if)#ipv6 address 2001:0410:0:2::/64 eui-64 RouterB(config)#exit |
When multiple routers are connected on the same link, you can display prefixes and parameters advertised by the other routers using the Cisco IOS Software commands.
As shown in Example 3-8, the show ipv6 routers command displays router advertisement information received from other routers. This example shows information about the prefix 2001:410:0:2::/64 advertised on the link where the interface FastEthernet 0/0 is physically connected.
RouterA#show ipv6 routers Router FE80::260:8FF:FE37:BF6 on FastEthernet0/0, last update 3 min Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500 Reachable time 0 msec, Retransmit time 0 msec Prefix 2001:410:0:2::/64 onlink autoconfig Valid lifetime 2592000, preferred lifetime 604800 |
On Cisco routers, you can modify prefix advertisement parameters. These parameters are related to router advertisement messages and stateless autoconfiguration, as described in the following:
Router advertisement lifetime— The lifetime of a router advertisement message (ICMPv6 Type 134). This parameter defines how long in seconds each message is considered valid after it is sent. This value is included in all router advertisement messages that are sent. By default, this parameter is set to 1800 seconds (30 minutes) on Cisco routers. The ipv6 nd ra-lifetime command modifies this parameter:
Router(config-if)# ipv6 nd ra-lifetime seconds
This command is enabled on a per-interface basis.
Router advertisement interval— The amount of time in seconds between consecutive router advertisement messages. This value may be less than or equal to the router advertisement lifetime. By default, this parameter is set to 200 seconds on Cisco routers. This parameter has a direct effect on how long a booting node has to wait for the next router advertisement message to configure its address. If the node cannot wait for the next router advertisement message, it can send a router solicitation message to force a router on the local link to send a new router advertisement message. (Router solicitation is discussed in the next section.) The ipv6 nd ra-interval command defines this parameter:
Router(config-if)# ipv6 nd ra-interval seconds
This command is enabled on a per-interface basis.
managed-config-flag— When this parameter is not set, the nodes are allowed to use stateless autoconfiguration (but not stateful autoconfiguration) to configure their IPv6 addresses by themselves. By default on Cisco routers, this value is not set, meaning that stateless autoconfiguration is enabled. Otherwise, when this flag is set, the nodes should use a stateful autoconfiguration mechanism (but not stateless autoconfiguration) such as a DHCPv6 server to get their IPv6 addresses. Therefore, the ipv6 nd managed-config-flag command enables stateful autoconfiguration:
Router(config-if)# ipv6 nd managed-config-flag
On the opposite side, the no ipv6 nd managed-config-flag command disables stateful autoconfiguration:
Router(config-if)# no ipv6 nd managed-config-flag
These commands are enabled on a per-interface basis.
other-config-flag— This flag is also related to stateful autoconfiguration. When it is turned off, the nodes should not use a stateful autoconfiguration mechanism to configure parameters other than the IPv6 address. By default, this value is set to off. The ipv6 nd other-config-flag command enables this flag:
Router(config-if)# ipv6 nd other-config-flag
This command is enabled on a per-interface basis.
Router advertisement messages are sent periodically on local links by routers. However, when nodes boot, it might be a long time before the next router advertisement message. In this situation, any node can send a router solicitation message (ICMPv6 Type 133) to the all-routers multicast address FF02::2 on the local link. When the router solicitation message is received, a router on the local link responds with a router advertisement message (ICMP Type 134) using the all-nodes multicast address FF02::1.
Figure 3-9 illustrates this mechanism. Node A sends a router solicitation message using the link-local address (FE80::/10) as the IPv6 source address to the all-routers multicast address FF02::2. Router A listens for multicast packets corresponding to groups it belongs to and gets the router solicitation message. Then Router A responds with a router advertisement message (ICMP Type 134) using its link-local address as a source IPv6 address to the all-nodes multicast address FF02::1.
NOTE
To avoid the flooding of router solicitation messages on the link, each node can send only three router solicitation messages at boot time. In the absence of an IPv6 router on the link, this rule keeps links from being flooded by router solicitation messages.
Table 3-5 summarizes the types of multicast addresses and ICMPv6 messages that are used the most in prefix advertisement.
Mechanism | Multicast Address | ICMPv6 Message |
---|---|---|
Prefix advertisement | All-nodes multicast (FF02::1) All-routers multicast (FF02::2) | ICMPv6 Type 134 (router advertisement) ICMPv6 Type 133 (router solicitation) |
DAD is an NDP mechanism involved in stateless autoconfiguration and at the boot of a node. Before a node can configure its IPv6 unicast address using stateless autoconfiguration, it must verify on the local link that the tentative address it wants to use is unique and not already in use by another node.
DAD uses neighbor solicitation messages (ICMPv6 Type 135) and solicited-node multicast addresses to perform this task. This operation requires the node to send a neighbor solicitation message on the local link using the unspecified address (::) as its source IPv6 address and the solicited-node multicast address of the tentative unicast address as the destination IPv6 address. If a duplicate address is discovered during the procedure, the tentative address cannot be assigned to the interface. Otherwise, the tentative address is configured to the interface.
Figure 3-10 illustrates this mechanism. First, node A initiates DAD. Node A intends to configure the tentative IPv6 unicast address 2001:410:0:1::1:a on its interface. Therefore, node A sends a neighbor solicitation message using the unspecified address (::) as the IPv6 source address and the solicited-node multicast address FF02::1:FF01:000A of the tentative unicast address 2001:410:0:1::1:a as the destination address.
As soon as the neighbor solicitation has been sent on the local link, if a node responds to that request, it means that the tentative unicast IPv6 address is in use by another node. In the absence of a reply (as shown in Figure 3-10), node A considers the tentative unicast address 2002:410:0:1::1:a to be unique on the local link and can assign it to its interface.
By default, DAD is enabled on Cisco routers. The number of neighbor solicitation messages to send on the local link before considering an address's uniqueness is set to 1. However, as described in Table 3-6, the command ipv6 nd dad attempts may be used to modify this number of neighbor solicitation messages. The acceptable range is between 0 and 600 messages. This command used with the value 0 disables DAD.
Command | Description |
---|---|
Router(config-if)# ipv6 nd dad attempts number | Defines the number of router solicitation messages for DAD to send on the link before considering an IPv6 address unique. |
Example RouterA(config-if)# ipv6 nd dad attempts 3 | DAD sends three neighbor solicitation messages on the link before considering the IPv6 address unique. |
Example RouterA(config-if)# ipv6 nd dad attempts 0 | The value 0 disables DAD on an interface. |
This command is enabled on a per-interface basis.
Table 3-7 summarizes the types of multicast addresses and ICMPv6 messages that are used the most in DAD.
Mechanism | Multicast Address | ICMPv6 Message |
---|---|---|
DAD | Solicited-node multicast address (FF02::1:FFxx:xxxx) | ICMPv6 Type 135 (neighbor solicitation) |
A key benefit of the IPv6 protocol is its capability to provide transparent renumbering of the network to end users when the prefix must be changed for a new one. Because of the strict aggregation of the IPv6 protocol, prefix renumbering is necessary when an organization decides to change its IPv6 provider.
Prefix renumbering allows a smooth transition from a prior network prefix to a new prefix. Getting the benefits of transparent renumbering implies the use of stateless autoconfiguration for all of a site's nodes. Other network renumbering methods may be used, but they are less transparent than prefix renumbering in the context of stateless autoconfiguration.
Prefix renumbering is performed by routers already advertising prefixes on local links. This mechanism uses the same ICMPv6 messages and multicast addresses as the prefix advertisement mechanism. In fact, prefix renumbering is a new concept using time parameters contained in router advertisement messages to perform the task.
First, all routers in the site continue to advertise the current prefix, but the valid and preferred lifetimes are decreased to a value close to 0. Then routers begin to advertise the new prefixes on local links. Therefore, at least two prefixes coexist on every local link. This means that router advertisement messages contain one old and one new IPv6 prefix.
By receiving these router advertisement messages, nodes are discover the deprecation of the current prefix with a short life, but they also obtain the new prefix. During this transition time, all nodes use two unicast addresses:
Old unicast address— The old address is based on the old prefix. Current connections using the old address are still handled.
New unicast address— New connections are established using the new address.
When the old prefix is completely deprecated (its lifetime has expired), router advertisement messages include the new prefix only. A prefix is deprecated when the valid/preferred lifetime values are set to 0.
NOTE
During prefix renumbering, features such as IPv6 ACLs or QoS set with the old prefix must be updated to reflect the new prefix as well on the IPv6 router.
Cisco IOS Software technology introduces proprietary parameters in router advertisement messages to help with prefix renumbering. By using the command ipv6 nd prefix, you can specify an exact date and time when a prefix must be considered deprecated rather than manually decreasing prefixes' lifetimes. The new keywords for this purpose are at valid-date and at preferred-date. The following is the syntax for the ipv6 nd prefix command:
Router(config-if)#ipv6 nd prefix ipv6-prefix/prefix-length | default [[valid-lifetime preferred-lifetime] | [at valid-date preferred-date] [off-link] [no-autoconfig] [no-advertise]]
When a date and time are specified using these parameters, the router performs a time countdown, meaning that each new router advertisement message includes decreased lifetime values until 0.
NOTE
To use parameters related to date and time with the ipv6 nd prefix command, you must adjust the date and time on the router. You can do this using the clock set command or by specifying a Network Time Protocol (NTP) server through the ntp server command.
Example 3-9 shows the command ipv6 nd prefix used to perform prefix renumbering on interface FastEthernet 0/0 based on the valid-date and preferred-date keywords. The initial date/time on the router is set to February 10, 2003 at 16:35:00 using the clock set command. The command ipv6 nd prefix determines that the prefix 2001:410:0:1::/64 is deprecated by February 10, 2003 at 17:00:00 (25 minutes later). However, the other prefix, 2001:420:0:2::/64, continues to be advertised using default values. In this example, the router advertisement interval is set to 60 seconds.
RouterA#clock set 16:35:00 10 February 2003 RouterA(config)#interface Fast-Ethernet 0/0 RouterA(config-if)#ipv6 address 2001:410:0:1::/64 eui-64 RouterA(config-if)#ipv6 address 2001:420:0:2::/64 eui-64 RouterA(config-if)#ipv6 nd ra-interval 60 RouterA(config-if)#ipv6 nd prefix 2001:410:0:1::/64 at Feb 10 2003 17:00 Feb 10 2003 17:00 RouterA(config-if)#exit |
The command debug ipv6 nd may be used to display information related to neighbor discovery messages (prefix advertisement and prefix renumbering). Example 3-10 shows debugging information when a prefix is deprecated using the ipv6 nd prefix command and the date and time as keywords. In this example, remaining valid/preferred lifetimes for the prefix 2001:410:0:1::/64 are decreased each time the router sends a new router advertisement message. Finally, when the prefix is deprecated, router advertisement messages are empty, because no new prefix is advertised.
RouterA#debug ipv6 nd RouterA#ICMP Neighbor Discovery events debugging is on 01:51:14: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/0 01:51:14: ICMPv6-ND: prefix = 2001:410:0:1::/64 onlink autoconfig 01:51:14: ICMPv6-ND: 1138/1138 (valid/preferred) 01:52:09: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/0 01:52:09: ICMPv6-ND: prefix = 2001:410:0:1::/64 onlink autoconfig 01:52:09: ICMPv6-ND: 1084/1084 (valid/preferred) <Data omitted> 02:09:15: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/0 02:09:15: ICMPv6-ND: prefix = 2001:410:0:1::/64 onlink autoconfig 02:09:15: ICMPv6-ND: 58/58 (valid/preferred) 02:10:10: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/0 02:10:10: ICMPv6-ND: prefix = 2001:410:0:1::/64 onlink autoconfig 02:10:10: ICMPv6-ND: 2/2 (valid/preferred) 02:11:02: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/0 02:12:02: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/0 02:12:57: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/0 |
NOTE
The default router is always seen in the routing tables of nodes on the local link with its link-local addresses (FE80::/10). This guarantees that all routers can be reached even when network renumbering occurs. During renumbering, unicast IPv6 addresses assigned to router interfaces change, but not link-local addresses.
Router redirection is an NDP mechanism in IPv6. Routers use ICMPv6 redirection messages to inform nodes on the link that a better router exists on the link to forward packets. Then the node that receives the ICMPv6 redirect message may modify its local routing table according to the new router address in the ICMPv6 redirection message. The router redirection mechanism in IPv6 uses redirect messages (ICMPv6 Type 137). This mechanism is the equivalent of the redirect message in IPv4.
As shown in Figure 3-11, node A wants to send packets to LAN ZZ. First, node A delivers the first packet to its default router (Router A). However, after forwarding this packet to LAN ZZ, Router A knows that Router C is a better path for nodes on this local link to forward packets to LAN ZZ. Therefore, in the second step, Router A sends node A an ICMPv6 redirect message that contains Router C's IPv6 address. Finally, node A sends the next packets to be sent to LAN ZZ to Router C.
ICMPv6 redirect is enabled by default on Cisco interfaces. The command ipv6 redirects may be used to disable or enable the sending of ICMPv6 redirect messages. Here is an example of disabling the sending of messages:
Router(config-if)# no ipv6 redirects
The following example shows the command to enable the sending of messages. By default, ICMPv6 redirect is enabled on all interfaces.
Router(config-if)# ipv6 redirects
The ipv6 redirects command is enabled on a per-interface basis.
The command ipv6 icmp error-interval may be used to limit the minimum rate at which the router can generate ICMPv6 error messages. By default, this parameter is set to 500 milliseconds. Here is the syntax of the ipv6 icmp error-interval command:
Router(config)# ipv6 icmp error-interval msec
This command is enabled on a global basis.
As described throughout this section, NDP mechanisms are fundamental components of the IPv6 protocol. You have learned about the following:
Replacement of ARP by neighbor solicitation and neighbor advertisement messages
Stateless autoconfiguration uses prefix advertisement, DAD, and prefix renumbering mechanisms.
Router redirection is similar to redirection in IPv4.
Table 3-8 summarizes the ICMPv6 messages and multicast addresses involved in each mechanism described.
Mechanism | ICMPv6 Message | Multicast Address |
---|---|---|
Replacement of ARP | Type 135 (neighbor solicitation) Type 136 (neighbor advertisement) | All-nodes multicast (FF02::1) Solicited-node multicast (FF02::1:FFxx:xxxx) |
Prefix advertisement | Type 133 (router solicitation) Type 134 (router advertisement) | All-nodes multicast (FF02::1) All-routers multicast (FF02::2) |
DAD | Type 135 (neighbor solicitation) | Solicited-node multicast (FF02::1:FFxx:xxxx) |
Prefix renumbering | Type 133 (router solicitation) Type 134 (router advertisement) | All-nodes multicast (FF02::1) All-routers multicast (FF02::2) |
Router redirection | Type 137 (router redirection) | — |
You should be able to deploy, manage, and support IPv6 on local links, networks, and routers.
18.190.158.56