Download presentation
1
10: ICMPv6 Neighbor Discovery
Rick Graziani Cabrillo College
2
For more information please check out my Cisco Press book and video series:
IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6 By Rick Graziani ISBN-10: IPv6 Fundamentals LiveLessons: A Straightforward Approach to Understanding IPv6 By Rick Graziani ISBN-10:
3
10.1: Introducing ICMPv6 Neighbor Discovery
4
ICMPv6 Neighbor Discover Protocol
ICMPv6 Neighbor Discovery defines 5 different packet types: Router Solicitation Message Router Advertisement Message Used with dynamic address allocation Neighbor Solicitation Message Neighbor Advertisement Message Used with address resolution (IPv4 ARP) Redirect Message Similar to ICMPv4 redirect message Router-to-Device messaging Router-Device Messaging Device-Device Messaging See these processes with: R1# debug ipv6 nd
5
ICMPv6 Redirect Network X Similar functionality as ICMPv4.
Destination: PCB Destination: Network X Host IPv6 Network A IPv6 Network B PCA PCB Similar functionality as ICMPv4. Like IPv4, a router informs an originating host of the IP address of a router that is on the local link and is closer to the destination. Unlike IPv4, a router informs an originating host that the destination host (on a different prefix/network) is on the same link as itself. Redirect Function Routers use the redirect function to inform originating hosts of a better first-hop neighbor to which traffic should be forwarded for a specific destination. Routers use the redirect function for two purposes: A router informs an originating host of the IP address of a router available on the local link that is closer to the destination. The term closer is a routing metric function used to reach the destination network segment. This condition can occur when multiple routers are on a network segment, the originating host chooses a default router, and it is not the best one to use to reach the destination. A router informs an originating host that the destination is a neighbor (it is on the same link as the originating host). This condition can occur when the prefix list of a host does not include the prefix of the destination. Because the destination does not match a prefix in the list, the originating host forwards the packet to its default router. The following steps occur in the IPv6 redirect process: The originating host sends a unicast packet to its default router. The router processes the packet and notes that the address of the originating host is a neighbor. Additionally, the router notes that both the originating host and the next-hop are on the same link. The router forwards the packet to the appropriate next-hop address. The router sends the originating host a Redirect message. In the Target Address field of the Redirect message is the next-hop address of the node to which the originating host should send packets addressed to the destination. For packets redirected to a router, the Target Address field is set to the link-local address of the router. For packets redirected to a host, the Target Address field is set to the destination address of the packet originally sent. The Redirect message includes the Redirected Header option. The message might also include the Target Link-Layer Address option. 5. Upon receiving the Redirect message, the originating host updates the destination address entry in the destination cache with the address in the Target Address field. If the Redirect message includes the Target Link-Layer Address option, its contents are used to create or update the corresponding entry in the neighbor cache. Only the first router in the path between the originating host and the destination sends redirect messages, and (like ICMPv6 error messages) they are rate limited. Hosts never send Redirect messages, and routers never update routing tables based on the receipt of a Redirect message.
6
10.2: Router Solicitation and Router Advertisement Messages
7
Dynamic Address Allocation in IPv4
DHCPv4 Server 1 2 I need IPv4 addressing information. Here is everything you need. DHCPv4 server is a stateful server.
8
Dynamic Address Allocation in IPv6
To all IPv6 routers: I need IPv6 address information. I might not be needed. Router(config)# ipv6 unicast-routing ICMPv6 Router Solicitation DHCPv6 Server ICMPv6 Router Advertisement To all IPv6 devices: Let me tell you how to do this … 1. SLAAC SLAAC (Stateless Address Autoconfiguration) 2. SLAAC with Stateless DHCPv6 The Router Advertisement (RA) tells hosts how it will receive IPv6 Address Information. Sent periodically by an IPv6 router or… … when the router receives a Router Solicitation (RS) message from a host. More options for devices to get addressing. The device doesn’t need to access a DHCPv6 server for addressing. It’s router, its default gateway is its way out of the network and everything it needs for addressing. Much more in lesson XXX 3. Stateful DHCPv6
9
ICMPv6 Router Advertisement
RA Message Options ICMPv6 Router Advertisement Option 1, 2, or 3 DHCPv6 Server Option Other Configuration (“O”) Flag Managed Configuration (“M”) Flag Option 1: SLAAC – No DHCPv6 (Default on Cisco routers) Option 2: SLAAC + Stateless DHCPv6 for DNS address 1 Option 3: All addressing except default gateway use DHCPv6 RA flags discussed in more detail in Lesson 10. Configuring Flags discussed in Lesson 8.
10
Option 3 and the “A” Flag 1 1 (default) Yes No
As a Windows host I will still use the RA prefix to create temporary (SLAAC) addresses) ICMPv6 RA M Flag = 1 A Flag = 1 G 0/1 DHCPv6 DHCPv6 Server Option Managed Configuration (“M”) Flag Address Autoconfiguration (“A”) Flag Prefix in RA can be used for SLAAC Option 3: All addressing except default gateway use DHCPv6 1 1 (default) Yes No The autonomous address configuration (A) flag tells hosts that they can create an address for themselves by combining the prefix in the RA with an interface identifier. RA flags discussed in more detail in Lesson 10. Configuring Flags discussed in Lesson 8.
11
Router Solicitation / Router Advertisement
2001:DB8:CAFE:1::/64 Link-local: FE80::1 MAC: b-e9-d4-80 Link-local: FE80::50A5:8A35:A5BB:66E1 MAC: b-d9-c6-44 R1 PC1 Router Solicitation Sent when device needs IPv6 addressing information. Router Advertisement Sent every 200 seconds or in response to RS 1 To: FF02::2 (All-IPv6 Routers) From: FE80::50A5:8A35:A5BB:66E1 ICMPv6 Router Solicitation RS 2 To: FF02::1 (All-IPv6 devices) From: FE80::1 (Link-local address) ICMPv6 Router Advertisement RA
12
Analyzing the Router Solicitation Message
13
Router Solicitation Message
Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 33:33:00:00:00:02 Internet Protocol Version 6 = Version: 6 [Traffic class and Flowlabel not shown] Payload length: 16 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::50a5:8a35:a5bb:66e1 Destination: ff02::2 Internet Control Message Protocol v6 Type: 133 (Router solicitation) Code: 0 Checksum: 0x3277 [correct] ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: 00:21:9b:d9:c6:44 Ethernet multicast MAC address – Maps to “all IPv6 routers” Next header is an ICMPv6 header Link-local address of PC1 All-IPv6-routers multicast address Router Solicitation message MAC address of PC1 but RA is sent as all-IPv6-host multicast Lesson 6 discusses the mapping of IPv6 multicast addresses to Ethernet MAC addresses Router Solicitation Message
14
Analyzing the Router Advertisement Message
15
An IPv6 Router R1(config)# ipv6 unicast-routing
R1# show ipv6 interface gigabitethernet 0/0 GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 Global unicast address(es): 2001:DB8:CAFE:1::1, subnet is 2001:DB8:CAFE:1::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 MTU is 1500 bytes <output omitted for brevity> ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses. All-routers multicast group M & O flags = 0
16
Analyzing the Router Advertisement Message
Ethernet II, Src: 00:03:6b:e9:d4:80, Dst: 33:33:00:00:00:01 Internet Protocol Version 6 = Version: 6 = Traffic class: 0x000000e0 = Flowlabel: 0x Payload length: 64 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::1 Destination: ff02::1 Ethernet multicast MAC address – Maps to “All-IPv6 devices” Next Header is an ICMPv6 header Link-local address of R1. Added to hosts’ Default Router List and is the address they will use as their default gateway. All-IPv6 devices multicast Continued next slide
17
Router Advertisement Message
Internet Control Message Protocol v6 Type: 134 (Router advertisement) Code: 0 Cur hop limit: 64 Flags: 0x00 ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: 00:03:6b:e9:d4:80 ICMPv6 Option (MTU) Type: MTU (5) MTU: 1500 ICMPv6 Option (Prefix information) Type: Prefix information (3) Length: 32 Prefix Length: 64 Prefix: 2001:db8:cafe:1:: Router Advertisement Recommended Hop Limit value for hosts M and O flags indicate that no information is available via DHCPv6 Router R1’s MAC address MTU of the link. Prefix-length (/64) to be used for autoconfiguration. Prefix of this network to be used for autoconfiguration Router Advertisement Message
18
10.3: Neighbor Solicitation and Neighbor Advertisement Messages
19
Address Resolution: IPv4 and IPv6
ARP Request: Broadcast IPv4: ARP over Ethernet Ethernet ARP Request/Reply ARP Cache Know IPv4, what is the MAC? My IPv4! Here is the MAC? 2 1 ARP Reply PC2 ARP Request PC1 2 1 My IPv6! Here is the MAC? Know IPv6, what is the MAC? Neighbor Advertisement Neighbor Solicitation Neighbor Cache IPv6: ICMPv6 over IPv6 over Ethernet NS: Multicast NS: Solicited Node Multicast Ethernet More about address resolution in Lesson X. More about Solicited Node Multicast in Lesson X and Y. IPv6 Header ICMPv6: Neighbor Solicitation/Advertisement
20
Neighbor Solicitation and Neighbor Advertisement
2001:DB8:CAFE:1::100/64 2001:DB8:CAFE:1::200/64 FF02::1:FF00:200 (Solicited Node Multicast) MAC Address 00-1B A2-1E MAC Address B-D9-C6-44 PC2 PC1 1 PC1> ping 2001:DB8:CAFE:1::200 4 Neighbor Advertisement Neighbor Solicitation 3 Neighbor Cache <empty until step 5> 2 5 NS: Multicast NS: Solicited Node Multicast Ethernet IPv6 Header ICMPv6: Neighbor Solicitation/Advertisement NA: Unicast NA: Unicast More about address resolution in Lesson X. More about Solicited Node Multicast in Lesson X and Y.
21
Neighbor Solicitation
2001:DB8:CAFE:1::100/64 2001:DB8:CAFE:1::200/64 FF02::1:FF00:200 (Solicited Node Multicast) Neighbor Cache MAC Address 00-1B A2-1E MAC Address B-D9-C6-44 PC2 PC1 Neighbor Solicitation I know the IPv6, but what is the MAC?
22
PC1 NS Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 33:33:ff:00:02:00
Internet Protocol Version 6 = Version: 6 = Traffic class: 0x = Flowlabel: 0x Payload length: 32 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: 2001:db8:cafe:1::100 Destination: ff02::1:ff00:200 Internet Control Message Protocol v6 Type: 135 (Neighbor solicitation) Code: 0 Checksum: 0xbbab [correct] Reserved: 0 (Should always be zero) Target: 2001:db8:cafe:1::200 ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: 00:21:9b:d9:c6:44 Mapped multicast address for PC2 Next header is an ICMPv6 header Global unicast address of PC1 Solicited-node multicast address of PC2 Neighbor Solicitation message Target IPv6 address, needing MAC address (if two devices have the same solicited node address, this resolves the issue) MAC address of the sender, PC1
23
Neighbor Advertisement
2001:DB8:CAFE:1::100/64 2001:DB8:CAFE:1::200/64 FF02::1:FF00:200 (Solicited Node Multicast) MAC Address 00-1B A2-1E MAC Address B-D9-C6-44 PC2 PC1 Neighbor Advertisement Neighbor Cache It’s my IPv6 and here is my MAC?
24
PC2 NA Ethernet II, Src: 00:1b:24:04:a2:1e, Dst: 00:21:9b:d9:c6:44
Internet Protocol Version 6 = Version: 6 = Traffic class: 0x = Flowlabel: 0x Payload length: 32 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: 2001:db8:cafe:1::200 Destination: 2001:db8:cafe:1::100 Internet Control Message Protocol v6 Type: 136 (Neighbor advertisement) Code: 0 Checksum: 0x1b4d [correct] Flags: 0x Target: 2001:db8:cafe:1::200 ICMPv6 Option (Target link-layer address) Type: Target link-layer address (2) Length: 8 Link-layer address: 00:1b:24:04:a2:1e Unicast MAC address of PC1 Next header is an ICMPv6 header Global unicast address of PC2 Global unicast address of PC1 Neighbor Advertisement message IPv6 address of the sender, PC2 ICMPv6 Target IPv6 – you knew this but you needed – Link-layer Dest IPv6 and Dest MAC – Were part of the Neighbor Solicitation message MAC address of the sender, PC2
25
ICMPv6 Duplicate Address Detection (DAD)
Global Unicast :DB8:CAFE:1::200 Link-local FE80::1111:2222:3333:4444 See the process with: R1# debug ipv6 nd PC2 Neighbor Solicitation Hopefully no Neighbor Advertisement Duplicate Address Detection (DAD) is used to guarantee that an IPv6 unicast address is unique on the link. A device will send a Neighbor Solicitation for its own unicast address (static or dynamic). After a period of time, if a NA is not received, then the address is deemed unique. Once required, RFC was updated to where it is only recommended - /64 Interface ID makes duplicates unlikely!
26
10.4: Neighbor Cache
27
Neighbor Cache ? PC1 Neighbor Cache IPv6 Address MAC Address
Neighbor Solicitation Neighbor Advertisement PC1 Neighbor Cache IPv6 Address MAC Address 2001:DB8:ACAD:1:: bd9.c644 IPv :DB8:ACAD:1::10 MAC bd9.c644 ? Neighbor Cache – Maps IPv6 addresses with Ethernet MAC addresses Similar to ARP Cache for IPv4 5 States (2 noticeable and 3 transitory): Reachable: Packets have recently been received providing confirmation that this device is reachable. Stale: A certain time period has elapsed since a packet has been received from this address. Transitory States: INCOMPLETE, DELAY, PROBE
28
Neighbor Cache R1# show ipv6 neighbors
IPv6 Address Age Link-layer Addr State Interface FE80::50A5:8A35:A5BB:66E bd9.c644 STALE Fa0/0 2001:DB8:AAAA:1:: bd9.c644 STALE Fa0/0 R1# ping 2001:db8:aaaa:1::100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA:1::100, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms 2001:DB8:AAAA:1:: bd9.c644 REACH Fa0/0 R1# Age Time (in minutes) since the address was confirmed to be reachable. A hyphen (-) indicates a static entry.
29
Neighbor Cache FSM Neighbor Cache (“ARP Cache”) See the process with:
R1# debug ipv6 nd Neighbor Solicitation (NS) sent No Entry Exists Incomplete 3 NS sent with no NA returned NA received Reachable Time exceeded (default 30 sec) Or Unsolicited NA received Reachable NS sent and NA received Packet returned (TCP increasing ACK) Stale – no action required (Requires resolution again) Packet sent Delay (Resolution pending) 5 sec Probe (Reresolution in progress) The only ways that reachability can be confirmed are: 1. Hints from an upper-layer protocol show that the connection is making forward progress – for example increasing, non-duplicate TCP acknowledgements are received. 2. A solicited NA is received in response to an NS. The NA must be solicited because an unsolicited NA would only confirm 1-way reachability. 3 NS sent with no NA returned
30
Neighbor Cache R1# debug ipv6 nd
ICMP Neighbor Discovery events debugging is on R1# ping 2001:db8:aaaa:1::100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA:1::100, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms *Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Resolution request *Oct 16 01:41:51.575: ICMPv6-ND: Created ND Entry Chunk pool *Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) DELETE -> INCMP *Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Sending NS *Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Queued data for resolution *Oct 16 01:41:51.579: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Received NA from 2001:DB8:AAAA:1::100 *Oct 16 01:41:51.579: ICMPv6-ND: Validating ND packet options: valid *Oct 16 01:41:51.579: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) LLA c471.fe7d.9c29 *Oct 16 01:41:51.579: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) INCMP -> REACH *Oct 16 01:42:21.639: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) REACH -> STALE R1# Age Time (in minutes) since the address was confirmed to be reachable. A hyphen (-) indicates a static entry.
31
For more information please check out my Cisco Press book and video series:
IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6 By Rick Graziani ISBN-10: IPv6 Fundamentals LiveLessons: A Straightforward Approach to Understanding IPv6 By Rick Graziani ISBN-10:
32
10: ICMPv6 Neighbor Discovery
Rick Graziani Cabrillo College
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.