10: ICMPv6 Neighbor Discovery

Rick Graziani
Cabrillo College

Rick.Graziani@cabrillo.edu
For more information please check out my Cisco Press book and video series:

IPv6 Fundamentals: A Straightforward IPv6 Fundamentals LiveLessons: A

Approach to Understanding IPv6 Straightforward Approach to Understanding IPv6
• By Rick Graziani • By Rick Graziani
• ISBN-10: 1-58714-313-5 • ISBN-10: 1-58720-457-6

©
10.1: Introducing ICMPv6
Neighbor Discovery
 ICMPv6 Neighbor Discover Protocol
ICMPv6 Neighbor Discovery defines 5 different packet types:
• Router Solicitation Message
• Router Advertisement Message Router-Device
Messaging
Used with dynamic address allocation

• Neighbor Solicitation Message

• Neighbor Advertisement Message Device-Device
Used with address resolution (IPv4 ARP) Messaging

• Redirect Message
Similar to ICMPv4 redirect message See these processes with:
Router-to-Device messaging R1# debug ipv6 nd
©
 ICMPv6 Redirect
Network X
R1 R2

Destination:
Network
PCB X Host

IPv6
Network A PCA PCB IPv6
Network B

• Similar functionality as ICMPv4.

• Like IPv4, a router informs an originating host of the IP address of a router that
is on the local link and is closer to the destination.
• Unlike IPv4, a router informs an originating host that the destination host (on a
different prefix/network) is on the same link as itself.

©
 10.2: Router Solicitation and
Router Advertisement Messages
Dynamic Address Allocation in IPv4
DHCPv4 Server

I need IPv4
addressing
information.

Here is everything
you need.

©
 Dynamic Address Allocation in IPv6
To all IPv6 routers: I might not be
Router(config)# ipv6 unicast-routing I need IPv6 address needed.
information.

ICMPv6 Router Solicitation

DHCPv6 Server
To all IPv6 devices: ICMPv6 Router Advertisement
Let me tell you how
to do this … 1. SLAAC
SLAAC
2. SLAAC with
(Stateless Address Autoconfiguration)
Stateless DHCPv6
3. Stateful DHCPv6
©
 RA Message Options

ICMPv6 Router Advertisement

Option 1, 2, or 3
DHCPv6
Server

Option Other Configuration Managed Configuration

(“O”) Flag (“M”) Flag
Option 1: SLAAC – No DHCPv6 0 0
(Default on Cisco routers)
Option 2: SLAAC + Stateless 1 0
DHCPv6 for DNS address
Option 3: All addressing except 0 1
default gateway use DHCPv6

Configuring Flags discussed in Lesson 8. ©

 Option 3 and the “A” Flag As a Windows host I will still
use the RA prefix to create
temporary (SLAAC) addresses)
G 0/1
ICMPv6 RA
M Flag = 1 DHCPv6
A Flag = 10
DHCPv6 Server
Option Managed Address Prefix in RA can
Configuration Autoconfiguration be used for
(“M”) Flag (“A”) Flag SLAAC
Option 3: All addressing 1 1 (default) Yes
The autonomous
except default gateway address configuration (A) flag tells hosts that
use DHCPv6
they can create an address for themselves by combining the prefix
Option
in the3:RA
All addressing 1
with an interface identifier. 0 No
except default gateway
use DHCPv6
Configuring Flags discussed in Lesson 8. ©
 Router Solicitation / Router Advertisement
2001:DB8:CAFE:1::/64
Link-local: FE80::1 Link-local: FE80::50A5:8A35:A5BB:66E1
R1 MAC: 00-03-6b-e9-d4-80 MAC: 00-21-9b-d9-c6-44
PC1
Router Solicitation
• Sent when device needs IPv6 1
addressing information. To: FF02::2 (All-IPv6 Routers)
Router Advertisement
• Sent every 200 seconds or in RS From: FE80::50A5:8A35:A5BB:66E1
response to RS ICMPv6 Router Solicitation
2
To: FF02::1 (All-IPv6 devices)
From: FE80::1 (Link-local address) RA
ICMPv6 Router Advertisement

©
Analyzing the Router Solicitation Message

©
Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 33:33:00:00:00:02
Ethernet multicast MAC address – Maps to “all IPv6 routers”
Internet Protocol Version 6
0110 .... = Version: 6 [Traffic class and Flowlabel not shown]
Payload length: 16
Next header: ICMPv6 (0x3a) Next header is an ICMPv6 header
Hop limit: 255
Source: fe80::50a5:8a35:a5bb:66e1 Link-local address of PC1
Destination: ff02::2 All-IPv6-routers multicast address

Internet Control Message Protocol v6

Type: 133 (Router solicitation) Router Solicitation message
Code: 0
Checksum: 0x3277 [correct]
ICMPv6 Option (Source link-layer address)
Type: Source link-layer address (1)
Length: 8
MAC address of PC1 but RA
Link-layer address: 00:21:9b:d9:c6:44
is sent as all-IPv6-host multicast

Router Solicitation Message ©

Analyzing the Router Advertisement Message

©
R1(config)# ipv6 unicast-routing
An IPv6 Router
R1# show ipv6 interface gigabitethernet 0/0
GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::1
Global unicast address(es):
2001:DB8:CAFE:1::1, subnet is 2001:DB8:CAFE:1::/64
Joined group address(es):
FF02::1
FF02::2 All-routers multicast group
FF02::1:FF00:1
MTU is 1500 bytes
<output omitted for brevity>
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
Hosts use stateless autoconfig for addresses. M & O flags = 0

©
 Analyzing the Router
Advertisement Message
Ethernet II, Src: 00:03:6b:e9:d4:80, Dst: 33:33:00:00:00:01
Ethernet multicast MAC address – Maps to “All-IPv6 devices”
Internet Protocol Version 6
0110 .... = Version: 6
.... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 64
Next header: ICMPv6 (0x3a) Next Header is an ICMPv6 header
Hop limit: 255
Link-local address of R1. Added to hosts’ Default Router List
Source: fe80::1
and is the address they will use as their default gateway.
Destination: ff02::1

All-IPv6 devices multicast

Continued next slide

©
Internet Control Message Protocol v6
Type: 134 (Router advertisement) Router Advertisement
Code: 0
Cur hop limit: 64 Recommended Hop Limit value for hosts
Flags: 0x00 M and O flags indicate that no information is available via DHCPv6
ICMPv6 Option (Source link-layer address)
Type: Source link-layer address (1)
Length: 8
Link-layer address: 00:03:6b:e9:d4:80 Router R1’s MAC address
ICMPv6 Option (MTU)
Type: MTU (5)
Length: 8
MTU: 1500 MTU of the link.
ICMPv6 Option (Prefix information)
Type: Prefix information (3)
Length: 32
Prefix-length (/64) to be used for autoconfiguration.
Prefix Length: 64
Prefix: 2001:db8:cafe:1:: Prefix of this network to be used for
autoconfiguration

Router Advertisement Message ©

 10.3: Neighbor Solicitation and
Neighbor Advertisement Messages
 Address Resolution: IPv4 and IPv6
ARP Request: Broadcast
IPv4: ARP over Ethernet Ethernet ARP Request/Reply
ARP
Cache Know
IPv4, what
My IPv4! 2 1
PC2 PC1 is the
Here is the ARP Reply MAC?
MAC?
ARP Request

2 1 Neighbor
Know
My IPv6!
Here is the Neighbor Neighbor Cache IPv6, what
Advertisement Solicitation is the
MAC?
MAC?

IPv6: ICMPv6 over IPv6 over Ethernet

NS: Multicast NS: Solicited Node Multicast
Ethernet IPv6 Header ICMPv6: Neighbor Solicitation/Advertisement

©
Neighbor Solicitation and Neighbor Advertisement
2001:DB8:CAFE:1::200/64 2001:DB8:CAFE:1::100/64
FF02::1:FF00:200 (Solicited Node Multicast)
MAC Address MAC Address
PC2 00-1B-24-04-A2-1E 00-21-9B-D9-C6-44 PC1
1
PC1> ping 2001:DB8:CAFE:1::200
4 3 Neighbor Cache 2 5
Neighbor Neighbor <empty until step 5>
Advertisement Solicitation

NS: Multicast NS: Solicited Node Multicast

Ethernet IPv6 Header ICMPv6: Neighbor Solicitation/Advertisement
NA: Unicast NA: Unicast

©
 Neighbor Solicitation
2001:DB8:CAFE:1::200/64 2001:DB8:CAFE:1::100/64
FF02::1:FF00:200 (Solicited Node Multicast) Neighbor
MAC Address MAC Address Cache
PC2 00-1B-24-04-A2-1E 00-21-9B-D9-C6-44 PC1

Neighbor I know the

IPv6, but
Solicitation
what is the
MAC?

©
 Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 33:33:ff:00:02:00
PC1
NS Internet Protocol Version 6 Mapped multicast address for PC2
0110 .... = Version: 6
.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 32
Next header: ICMPv6 (0x3a) Next header is an ICMPv6 header
Hop limit: 255
Source: 2001:db8:cafe:1::100 Global unicast address of PC1
Destination: ff02::1:ff00:200 Solicited-node multicast address of PC2

Internet Control Message Protocol v6 Neighbor Solicitation message

Type: 135 (Neighbor solicitation)
Code: 0
Checksum: 0xbbab [correct]
Reserved: 0 (Should always be zero)
Target: 2001:db8:cafe:1::200
ICMPv6 Option (Source link-layer address)
Type: Source link-layer address (1)
Length: 8
Link-layer address: 00:21:9b:d9:c6:44
Target IPv6 address, needing
MAC address (if two devices
have the same solicited node
address, this resolves the issue)
MAC address of the sender, PC1
©
 Neighbor Advertisement
2001:DB8:CAFE:1::200/64 2001:DB8:CAFE:1::100/64
FF02::1:FF00:200 (Solicited Node Multicast)
MAC Address MAC Address
PC2 00-1B-24-04-A2-1E 00-21-9B-D9-C6-44 PC1

Neighbor Cache

It’s my IPv6 Neighbor

and here is Advertisement
my MAC?

©
 Ethernet II, Src: 00:1b:24:04:a2:1e, Dst: 00:21:9b:d9:c6:44
PC2
NA Internet Protocol Version 6 Unicast MAC address of PC1
0110 .... = Version: 6
.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 32
Next header: ICMPv6 (0x3a) Next header is an ICMPv6 header
Hop limit: 255
Source: 2001:db8:cafe:1::200 Global unicast address of PC2
Destination: 2001:db8:cafe:1::100 Global unicast address of PC1

Internet Control Message Protocol v6

Neighbor Advertisement message
Type: 136 (Neighbor advertisement)
Code: 0
Checksum: 0x1b4d [correct]
Flags: 0x60000000
Target: 2001:db8:cafe:1::200 IPv6 address of the sender, PC2
ICMPv6 Option (Target link-layer address)
Type: Target link-layer address (2)
Length: 8
Link-layer address: 00:1b:24:04:a2:1e MAC address of the sender, PC2
©
 ICMPv6 Duplicate Address Detection (DAD)
Global Unicast - 2001:DB8:CAFE:1::200 See the process with:
PC2 Link-local - FE80::1111:2222:3333:4444 R1# debug ipv6 nd

Neighbor Solicitation Hopefully no

Neighbor Advertisement

• Duplicate Address Detection (DAD) is used to guarantee that an IPv6 unicast

address is unique on the link.
• A device will send a Neighbor Solicitation for its own unicast address (static or
dynamic).
• After a period of time, if a NA is not received, then the address is deemed
unique.
• Once required, RFC was updated to where it is only recommended - /64
Interface ID makes duplicates unlikely!
©
10.4: Neighbor Cache
 Neighbor Cache

Neighbor Solicitation Neighbor Advertisement

PC1
Neighbor Cache
IPv6 Address MAC Address
2001:DB8:ACAD:1::10 0021.9bd9.c644 IPv6 - 2001:DB8:ACAD:1::10
?
MAC - 0021.9bd9.c644
• Neighbor Cache – Maps IPv6 addresses with Ethernet MAC addresses
• Similar to ARP Cache for IPv4
• 5 States (2 noticeable and 3 transitory):
• Reachable: Packets have recently been received providing confirmation that
this device is reachable.
• Stale: A certain time period has elapsed since a packet has been received from
this address.
• Transitory States: INCOMPLETE, DELAY, PROBE
©
 Neighbor Cache
R1# show ipv6 neighbors
IPv6 Address Age Link-layer Addr State Interface
FE80::50A5:8A35:A5BB:66E1 16 0021.9bd9.c644 STALE Fa0/0
2001:DB8:AAAA:1::100 16 0021.9bd9.c644 STALE Fa0/0

R1# ping 2001:db8:aaaa:1::100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA:1::100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R1# show ipv6 neighbors
IPv6 Address Age Link-layer Addr State Interface
FE80::50A5:8A35:A5BB:66E1 16 0021.9bd9.c644 STALE Fa0/0
2001:DB8:AAAA:1::100 0 0021.9bd9.c644 REACH Fa0/0

R1#

©
 Neighbor Cache FSM
Neighbor Cache (“ARP Cache”)
See the process with:
R1# debug ipv6 nd
Neighbor Solicitation (NS) sent
No Entry Exists Incomplete
3 NS sent with no NA returned

NA received
Reachable Time exceeded (default 30 sec)
Or Reachable
Unsolicited NA received NS sent and
Packet returned (TCP increasing ACK) NA received
Stale – no action required Packet sent Delay 5 sec Probe
(Requires resolution again) (Resolution pending) (Reresolution in progress)

3 NS sent with no NA returned

©
 Neighbor Cache
R1# debug ipv6 nd
ICMP Neighbor Discovery events debugging is on
R1# ping 2001:db8:aaaa:1::100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA:1::100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
*Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Resolution request
*Oct 16 01:41:51.575: ICMPv6-ND: Created ND Entry Chunk pool
*Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) DELETE -> INCMP
*Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Sending NS
*Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Queued data for
resolution
*Oct 16 01:41:51.579: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Received NA from
2001:DB8:AAAA:1::100
*Oct 16 01:41:51.579: ICMPv6-ND: Validating ND packet options: valid
*Oct 16 01:41:51.579: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) LLA c471.fe7d.9c29
*Oct 16 01:41:51.579: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) INCMP -> REACH
*Oct 16 01:42:21.639: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) REACH -> STALE
R1#
©
For more information please check out my Cisco Press book and video series:

IPv6 Fundamentals: A Straightforward IPv6 Fundamentals LiveLessons: A

Approach to Understanding IPv6 Straightforward Approach to Understanding IPv6
• By Rick Graziani • By Rick Graziani
• ISBN-10: 1-58714-313-5 • ISBN-10: 1-58720-457-6

©
10: ICMPv6 Neighbor Discovery
Rick Graziani
Cabrillo College

Rick.Graziani@cabrillo.edu