Cisco Public © 2013 Cisco and/or its affiliates. All rights reserved. 1
2 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Introduction to ICMPv6 Echo Request and Echo Reply Neighbor Discovery Neighbor Cache
Cisco Public © 2013 Cisco and/or its affiliates. All rights reserved. 3
4 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Similar to ICMP for IPv4 More robust New features Improving upon similar functionality Both ICMP and ICMPv6 use types and codes Two types of ICMPv6 messages Error messages Informational messages
5 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada IPv6 routing is off by default in Cisco IOS R1(config)# ipv6 unicast-routing Global configuration mode to enable IPv6 Routing
6 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada ICMPv6 Next Header Value: 58 decimal or 3A hexadecimal IPv6 Header Next Header 58 ICMPv6 Header ICMPv6 Message Body IPv6 Data ICMPv6 General Message Format Type CodeChecksum Message Body
7 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Type = 0 to 127 (8 bit field with first bit off 0xxxxxxx)
8 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Type = 128 – 255 (8 bit field with first bit on 1xxxxxxx)
Cisco Public © 2013 Cisco and/or its affiliates. All rights reserved. 9
10 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Type = 128 or 129Code = 0Checksum Data Identifier Sequence Number Echo Reply: Type = 128 Echo Request: Type = 129 Like IPv4, ICMPv6 Echo Request and Echo Reply are two ICMP messages used by ping
11 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada 2001:DB8:AAAA:1::100 FE80::50A5:8A35:A5bb:66E1 2001:DB8:AAAA:1::200 Fa0/0 2001:DB8:AAAA:1::1 FE80::1/64 R1 PC1 PC2 Ping
12 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada PC1> ping 2001:db8:aaaa:1::1 Pinging 2001:db8:aaaa:1::1 from 2001:db8:aaaa:1::100 with 32 bytes of data: Reply from 2001:db8:aaaa:1::1: time=1ms Ping statistics for 2001:db8:aaaa:1::1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms
13 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Internet Protocol Version = Version: = Traffic class: 0x = Flowlabel: 0x Payload length: 40 Next header: ICMPv6 (0x3a) Hop limit: 128 Source: 2001:db8:aaaa:1::100 Destination: 2001:db8:aaaa:1::1 Internet Control Message Protocol v6 Type: 128 (Echo (ping) request) Code: 0 (Should always be zero) Checksum: 0x8f38 [correct] ID: 0x0001 Sequence: 0 Data (32 bytes)
14 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Internet Protocol Version = Version: = Traffic class: 0x = Flowlabel: 0x Payload length: 40 Next header: ICMPv6 (0x3a) Hop limit: 64 Source: 2001:db8:aaaa:1::1 Destination: 2001:db8:aaaa:1::100 Internet Control Message Protocol v6 Type: 129 (Echo (ping) reply) Code: 0 (Should always be zero) Checksum: 0x8e38 [correct] ID: 0x0001 Sequence: 0 Data (32 bytes)
15 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada R1# ping fe80::50a5:8a35:a5bb:66e1 Output Interface: fastethernet 0/0 % Invalid interface. Use full interface name without spaces (e.g. Serial0/1) R1# ping fe80::50a5:8a35:a5bb:66e1 Output Interface: fastethernet0/0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to FE80::50A5:8A35:A5BB:66E1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
16 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Internet Protocol Version = Version: = Traffic class: 0x = Flowlabel: 0x Payload length: 60 Next header: ICMPv6 (0x3a) Hop limit: 64 Source: fe80::1 Destination: fe80::50a5:8a35:a5bb:66e1 Internet Control Message Protocol v6 Type: 128 (Echo (ping) request) Code: 0 (Should always be zero) Checksum: 0x0444 [correct] ID: 0x0a24 Sequence: 0 Data (52 bytes)
17 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Internet Protocol Version = Version: = Traffic class: 0x = Flowlabel: 0x Payload length: 60 Next header: ICMPv6 (0x3a) Hop limit: 64 Source: fe80::50a5:8a35:a5bb:66e1 Destination: fe80::1 Internet Control Message Protocol v6 Type: 129 (Echo (ping) reply) Code: 0 (Should always be zero) Checksum: 0x0344 [correct] ID: 0x0a24 Sequence: 0 Data (52 bytes)
Cisco Public © 2013 Cisco and/or its affiliates. All rights reserved. 18
19 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Neighbors with IPv6 Routers Hosts So Neighbor Discovery means host to host communication or router to host communication, a router can also be a host IPv6 designers wanted IPv6 to be plug and play at the user’s end Processes are called Neighbor Discovery Processes and are implemented using ICMPv6 messages
20 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Router Solicitation – Type 133 Router Advertisement – Type 134 Neighbor Solicitation – Type 135 Neighbor Advertisement – Type 136 Redirect Message – Type 137
21 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Communication between a host and router Router Solicitation Sent by host (remember a router can be a host) When host needs addressing and other configuration information important as part of SLAAC Router Advertisement Sent periodically (every 200 seconds on Cisco IOS) Sent in response to Router Solicitation Provides addressing and other configuration information important as part of SLAAC
22 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Used by a device to: Request Layer 2 address information from another device on the same network Provide this information to the requesting device Part of three important processes: Address Resolution Duplicate Address Detection (DAD) Neighbor Unreachability Detection (NUD)
23 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Terms ND or NDP – Neighbor Discovery Protocol SLAAC – Stateless Address Autoconfiguration DAD – Duplicate Address Detection Addresses FF02::1 All-nodes multicast FF02::2 All-routers multicast - Memory hint: routers are more important so thus the higher number
24 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada IPv6 routing is off by default in Cisco IOS R1(config)# ipv6 unicast-routing Global configuration mode to enable IPv6 Routing
25 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Stateless Address Auto Configuration can be explained using Neighbor Discovery Messages Prerequisites: 1. The host (PC1) boots up 2. IPv6 Configuration set to Auto Config 3. The host calculates the interface part of IPv6 address using modified EUI-64 (depending on the operating system) 4. PC1 then adds the link-local prefix FE80 to the interface address to get a link-local IPv6 address
26 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada R1 PC1
27 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada 1. Duplicate Address Detection (DAD) of Link-Local IPv6 Address 2. Router Solicitation 3. Router Advertisement 4. Duplicate Address Detection of Global Unicast IPv6 Address
28 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada PC1 must verify that the link-local address is unique The Duplicate Address Detection(DAD) Neighbor Discovery Process is implemented The following ICMPv6 Messages are used: 1)Neighbor Solicitation 2)Neighbor Advertisement Copy Cat
29 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Link-local address is in a tentative state until DAD is complete Source address will be :: (unspecified ) Destination address will be solicited-node multicast address of PC1 FF02::1:FF90:41B0 Target address field is the link-local address FE80::202:4AFF:FE90:41B0 PC1 sets a timer If no Neighbor Advertisement message is received then it transitions the address from tentative to assigned PC1 then sends a Neighbor Advertisement message indicating that its using the link-local address FE80::202:4AFF:FE90:41B0 to other nodes in the link If a device has the same link-local it responds with a Neighbor Advertisement Address is then suspended on PC1
30 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada PC1 sends Neighbor Solicitation to R1
31 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada PC1 Link-local All-nodes Multicast Last step in DAD Process R1 sends Neighbor Advertisement to PC1
32 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada PC1 now needs a global unicast IPv6 address to communicate outside of the link (network) PC1 needs to find a router on its link PC1 has to perform the Router Discovery Process PC1 sends a Router Solicitation Message Source address will be link-local address of PC1 FE80::202:4AFF:FE90:41B0 Destination address will be FF02::2 (All-routers multicast)
33 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada PC1 sends Router Solicitation to R1
34 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada R1 sends Router Advertisement if ipv6 unicast-routing is enabled on the router Source address is link-local address of the R1’s inferface FE80::1 Destination Address is FF02::1 (All Nodes Multicast) R1 sends the following information to PC1 1)Global Prefix and Prefix Length 2)Layer 2 Address of the interface sending Router Advertisement 3)Link MTU 4)Timers to check reachability 5)M and O flags
35 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada R1 sends Router Advertisement to PC1
36 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
37 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
38 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada PC1 has to check whether the global unicast is unique Perfoms Duplicate Address Detection Sends a Neighbor Solicitation message with global IPv6 unicast address as the Target Address Once process ends and address is confirmed unique PC1 sends a Neighbor Advertisement message to announce its global unicast IPv6 address
39 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
40 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
41 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Cisco Public © 2013 Cisco and/or its affiliates. All rights reserved. 42
43 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada Neighbor Cache – Maps IPv6 addresses with Ethernet MAC addresses Similar to ARP Cache for IPv4 5 States (2 noticeable and 3 transitory): Reachable: Packets have recently been received providing confirmation that this device is reachable. Stale: A certain time period has elapsed since a packet has been received from this address. Transitory States: INCOMPLETE, DELAY, PROBE PC1 Neighbor Cache IPv6 Address MAC Address 2001:DB8:ACAD:1:: bd9.c644 Neighbor Cache IPv6 Address MAC Address 2001:DB8:ACAD:1:: bd9.c644 Neighbor Cache IPv :DB8:ACAD:1::10 MAC bd9.c644
44 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada R1# show ipv6 neighbors IPv6 Address Age Link-layer Addr State Interface FE80::50A5:8A35:A5BB:66E bd9.c644 STALE Fa0/0 2001:db8:aaaa:1:: bd9.c644 STALE Fa0/0 R1# ping 2001:db8:aaaa:1::100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA:1::100, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms R1# show ipv6 neighbors IPv6 Address Age Link-layer Addr State Interface FE80::50A5:8A35:A5BB:66E bd9.c644 STALE Fa0/0 2001:DB8:AAAA:1:: bd9.c644 REACH Fa0/0
Cisco Public © 2013 Cisco and/or its affiliates. All rights reserved. 45
Thank you.