Before go any further you should be aware that:
– there are three scopes: Link-local unicast, Global unicast, Multicast
– every IPv6 interface has to have the Link-local unicast adress (LUA)
– since there is no such term as broadcast, multicast addresses are used for neighbor discovery
If you are not, please refer to this post – IPv6. Part 1. Scopes.
Neighbor Discovery ICMPv6 Messages
There are five ND messages:
– Neighbor Solicitation (NS)
– Neighbor Advertisement (NA)
– Router Solicitation (RS)
– Router Advertisement (RA)
– Redirect
The Neighbor Solicitation message (ICMP type 135)
Use cases:
- Duplicate address detection (DAD)
- Resolve IPv6 address of another host
- Verify if a neighbor is reachable (cache validation)
Source IPv6:
- IPv6 of querying interface if one exist
- Unspecified address (::) if there is no IPv6 address yet assigned
Destination IPv6:
- Target unicast neighbor’s address
- Solicited-Node multicast address for link-local address
Solicited-Node multicast address is formed by prefix FF02::1:FF/104 + lower 24 bits from link-local address. Since Cisco uses EUI-64 for its link-local addresses, lower 24 bits from Cisco’s link-local address are actually lower 24 bits from interface’s MAC address.
The Neighbor Advertisement message (ICMP type 136)
Use cases:
- Response to a neighbor solicitation (NS)
- To update neighbors’ cache
Source IPv6:
- Current IPv6 address of originating interface
Destination IPv6:
- IPv6 of the node which sent the NS
- FF02::1 (All nodes) for periodic advertisements
The Router Solicitation message (ICMP type 133)
Used to find out what routers are present on the link
Source IPv6:
- IPv6 of querying interface if one exist
- Unspecified address (::) if there is no IPv6 address yet assigned
Destination IPv6:
– FF02::2 (All routers)
The Router Advertisement message (ICMP type 134)
This kind of message is sent by IPv6 router only. It can contain options for host’s Global Unicast Address (GUA).
Use cases:
– Response to a RS
- Periodical update
Source IPv6:
– Link-local address of router’s interface
Destination IPv6:
- FF02::1 (All nodes)
- IPv6 address of requesting node
Now let’s take a look how it works in real environment.
Configuration
Enabling IPv6 routing:
ipv6 unicast-routing
ipv6 cefIf you do not have that option in CLI, your device either not support IPv6 or that feature not enabled in Switching Database Manager (SDM).
The SDM on the Catalyst 3750 series L3 switches defines allocation of Ternary Content Addressable Memory (TCAM) resources for different usages, such as IPv4 unicast routes, IPv4/MAC security aces, etc. Use sdm prefer dual-ipv4-and-ipv6 command to allocate system resources for IPv4 and IPv6 support.
Before enabling IPv6 on interface let’s enable ND and ICMPv6 debug:
Router#debug ipv6 nd
ICMP Neighbor Discovery events debugging is on
Router#debug ipv6 icmp
ICMPv6 Packet debugging is on
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface vlan 136
Router(config-if)#ipv6 enable
Router(config-if)#
ICMPv6-ND: (Vlan136) IPv6 Opr Enabled
ICMPv6-ND: Allocate ND context on Vlan136 [10]
ICMPv6-ND: (Vlan136) L2 came upWhen we enable IPv6 on interface, router creates link-local address using EUI-64, but before actual assignation router must perform DAD by sending NS message – ensure that there is no other host on this segment with same LLA. This message has Unspecified Source IPv6 (::) and Solicited-Node multicast address for link-local address of Vlan136 (FF02::1:FFBC:EB9A):
IPv6-Addrmgr-ND: DAD request for FE80::1EDF:FFF:FEBC:EB9A on Vlan136
ICMPv6-ND: (Vlan136,FE80::1EDF:FFF:FEBC:EB9A) Sending DAD NS [A0A6E]
ICMPv6: Sent N-Solicit, Src=::, Dst=FF02::1:FFBC:EB9A
IPv6-Addrmgr-ND: DAD: FE80::1EDF:FFF:FEBC:EB9A is unique.Since there was no response for 1 DAD request, router decides that address FE80::1EDF:FFF:FEBC:EB9A is free to use and sends NA and RA to all hosts on this segment:
ICMPv6-ND: (Vlan136,FE80::1EDF:FFF:FEBC:EB9A) Linklocal Up
ICMPv6-ND: (Vlan136,FE80::1EDF:FFF:FEBC:EB9A) Link RA context
ICMPv6-ND: (Vlan136,FE80::1EDF:FFF:FEBC:EB9A) send RA to FF02::1
ICMPv6-ND: (Vlan136,FE80::1EDF:FFF:FEBC:EB9A) Sending RA (1800) to FF02::1
ICMPv6-ND: MTU = 1500Now Vlan136 has a link-local address:
Router#show ipv6 interface vlan 136
Vlan136 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::1EDF:FFF:FEBC:EB9ALet’s take a look on host’s IPv6 initialization (CentOS).
No. Time src.IP dst.IP Protocol Length Info
1 18:44:10 :: ff02::1:ff67:549 ICMPv6 78 Neighbor Solicitation for fe80::20c:29ff:fe67:549
2 18:44:11 fe80::20c:29ff:fe67:549 ff02::2 ICMPv6 70 Router Solicitation from 00:0c:29:67:05:49
3 18:44:11 fe80::1edf:fff:febc:eb9a ff02::1 ICMPv6 86 Router Advertisement from 1c:df:0f:bc:eb:9aPacket 1. Host sends NS message for its link-local address, using unspecified IPv6 address (::).
Packet 2. After 1 second host set desirable link-local address and send RS to “all routers” multicast address using its link-local address (fe80::20c:29ff:fe67:549).
Packet 3. Router replies to RS with RA message destined to “all nodes” multicast address. Then host installs default gateway using Source IP from RA:
[root@centos ~]# ip -6 route | grep default
default via fe80::1edf:fff:febc:eb9a dev eth0 proto kernel metric 1024 expires 1778sec mtu 1500 advmss 1440 hoplimit 64Some useful commands for Linux:
[root@centos ~]# ip neigh
fe80::1edf:fff:febc:eb9a dev eth0 lladdr 1c:df:0f:bc:eb:9a router STALE
[root@centos ~]# ip -6 addr show dev eth0
2: eth0: mtu 1500 qlen 1000
inet6 fe80::20c:29ff:fe67:549/64 scope link
valid_lft forever preferred_lft foreverShow multicast groups:
[root@centos ~]# ip maddr
1: lo
inet 224.0.0.1
inet6 ff02::1
2: eth0
link 33:33:ff:67:05:49
link 33:33:00:00:00:01
link 01:00:5e:00:00:01
inet 224.0.0.1
inet6 ff02::1:ff67:549 users 2
inet6 ff02::1Some useful commands for Windows (PowerShell):
PS C:\Users\yurmag> Get-NetIPConfiguration -ifAlias ethernet -Detailed | findstr.exe "IPv6"
NetProfile.IPv6Connectivity : LocalNetwork
IPv6Address : 2001:136::a4a0:4618:5244:728f
IPv6TemporaryAddress : 2001:136::9448:9122:1f13:4bbe
IPv6LinkLocalAddress : fe80::a4a0:4618:5244:728f%4
IPv6DefaultGateway : fe80::1edf:fff:febc:eb9a
NetIPv6Interface.NlMTU : 1500
NetIPv6Interface.DHCP : Enabled
PS C:\Users\yurmag> Get-NetNeighbor -InterfaceAlias ethernet -AddressFamily ipv6
ifIndex IPAddress LinkLayerAddress State PolicyStore
------- --------- ---------------- ----- -----------
4 ff02::1:ffbc:eb9a 33-33-FF-BC-EB-9A Permanent ActiveStore
4 ff02::1:ff44:728f 33-33-FF-44-72-8F Permanent ActiveStore
4 ff02::1:ff13:4bbe 33-33-FF-13-4B-BE Permanent ActiveStore
4 ff02::1:3 33-33-00-01-00-03 Permanent ActiveStore
4 ff02::1:2 33-33-00-01-00-02 Permanent ActiveStore
4 ff02::fb 33-33-00-00-00-FB Permanent ActiveStore
4 ff02::16 33-33-00-00-00-16 Permanent ActiveStore
4 ff02::2 33-33-00-00-00-02 Permanent ActiveStore
4 ff02::1 33-33-00-00-00-01 Permanent ActiveStore
4 fe80::1edf:fff:febc:eb9a 1C-DF-0F-BC-EB-9A Stale ActiveStore
4 2001:136::1 1C-DF-0F-BC-EB-9A Stale ActiveStore
PS C:\Users\yurmag> netsh int ipv6 show int ethernet
Interface Ethernet Parameters
----------------------------------------------
IfLuid : ethernet_32768
IfIndex : 4
State : connected
Metric : 35
Link MTU : 1500 bytes
Reachable Time : 33000 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 1
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : enabled
Weak Host Sends : disabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 64
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
ECN capability : applicationIPv6. Part 3. Neighbor Discovery Protocol and Global Unicast addresses
Cisco networking 