Presentation is loading. Please wait.

Presentation is loading. Please wait.

10: ICMPv6 Neighbor Discovery Rick Graziani Cabrillo College

Similar presentations


Presentation on theme: "10: ICMPv6 Neighbor Discovery Rick Graziani Cabrillo College"— Presentation transcript:

1 10: ICMPv6 Neighbor Discovery Rick Graziani Cabrillo College

2 © For more information please check out my Cisco Press book and video series: IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6 By Rick Graziani ISBN-10: IPv6 Fundamentals LiveLessons: A Straightforward Approach to Understanding IPv6 By Rick Graziani ISBN-10:

3 10.1: Introducing ICMPv6 Neighbor Discovery

4 © ICMPv6 Neighbor Discover Protocol Router Solicitation Message Router Advertisement Message Used with dynamic address allocation Neighbor Solicitation Message Neighbor Advertisement Message Used with address resolution (IPv4 ARP) Redirect Message Similar to ICMPv4 redirect message Router-to-Device messaging Router-Device Messaging Device-Device Messaging ICMPv6 Neighbor Discovery defines 5 different packet types: See these processes with: R1# debug ipv6 nd

5 © ICMPv6 Redirect Similar functionality as ICMPv4. Like IPv4, a router informs an originating host of the IP address of a router that is on the local link and is closer to the destination. Unlike IPv4, a router informs an originating host that the destination host (on a different prefix/network) is on the same link as itself. Network X PCA PCB R1 R2 Destination: Network X Host Destination: PCB IPv6 Network A IPv6 Network B

6 10.2: Router Solicitation and Router Advertisement Messages

7 © Dynamic Address Allocation in IPv4 DHCPv4 Server I need IPv4 addressing information. Here is everything you need.

8 © Dynamic Address Allocation in IPv6 DHCPv6 Server ICMPv6 Router Advertisement ICMPv6 Router Solicitation To all IPv6 routers: I need IPv6 address information. To all IPv6 devices: Let me tell you how to do this … To all IPv6 devices: Let me tell you how to do this … 1. SLAAC 2. SLAAC with Stateless DHCPv6 3. Stateful DHCPv6 SLAAC (Stateless Address Autoconfiguration ) I might not be needed. Router(config)# ipv6 unicast-routing

9 © RA Message Options DHCPv6 Server ICMPv6 Router Advertisement Option 1, 2, or 3 ICMPv6 Router Advertisement Option 1, 2, or 3 Configuring Flags discussed in Lesson 8.

10 © Option 3 and the “A” Flag ICMPv6 RA M Flag = 1 A Flag = 1 ICMPv6 RA M Flag = 1 A Flag = 1 G 0/1 DHCPv6 DHCPv6 Server As a Windows host I will still use the RA prefix to create temporary (SLAAC) addresses) 0 The autonomous address configuration (A) flag tells hosts that they can create an address for themselves by combining the prefix in the RA with an interface identifier. Configuring Flags discussed in Lesson 8.

11 © To: FF02::1 (All-IPv6 devices) From: FE80::1 (Link-local address) ICMPv6 Router Advertisement RA 2 2 Link-local: FE80::50A5:8A35:A5BB:66E1 MAC: b-d9-c :DB8:CAFE:1::/ Router Solicitation / Router Advertisement To: FF02::2 (All-IPv6 Routers) From: FE80::50A5:8A35:A5BB:66E1 ICMPv6 Router Solicitation RS Router Solicitation Sent when device needs IPv6 addressing information. Router Advertisement Sent every 200 seconds or in response to RS Link-local: FE80::1 MAC: b-e9-d4-80 R1 PC1

12 © Analyzing the Router Solicitation Message

13 © Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 33:33:00:00:00:02 Internet Protocol Version = Version: 6 [Traffic class and Flowlabel not shown] Payload length: 16 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::50a5:8a35:a5bb:66e1 Destination: ff02::2 Internet Control Message Protocol v6 Type: 133 (Router solicitation) Code: 0 Checksum: 0x3277 [correct] ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: 00:21:9b:d9:c6:44 Link-local address of PC1 All-IPv6-routers multicast address Router Solicitation message MAC address of PC1 but RA is sent as all-IPv6-host multicast Next header is an ICMPv6 header Ethernet multicast MAC address – Maps to “all IPv6 routers” Router Solicitation Message

14 © Analyzing the Router Advertisement Message

15 © R1(config)# ipv6 unicast-routing R1# show ipv6 interface gigabitethernet 0/0 GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 Global unicast address(es): 2001:DB8:CAFE:1::1, subnet is 2001:DB8:CAFE:1::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 MTU is 1500 bytes ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses. All-routers multicast group M & O flags = 0 An IPv6 Router

16 © Ethernet II, Src: 00:03:6b:e9:d4:80, Dst: 33:33:00:00:00:01 Internet Protocol Version = Version: = Traffic class: 0x000000e = Flowlabel: 0x Payload length: 64 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::1 Destination: ff02::1 Link-local address of R1. Added to hosts’ Default Router List and is the address they will use as their default gateway. All-IPv6 devices multicast Next Header is an ICMPv6 header Ethernet multicast MAC address – Maps to “All-IPv6 devices” Analyzing the Router Advertisement Message Continued next slide

17 © Internet Control Message Protocol v6 Type: 134 (Router advertisement) Code: 0 Cur hop limit: 64 Flags: 0x00 ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: 00:03:6b:e9:d4:80 ICMPv6 Option (MTU) Type: MTU (5) Length: 8 MTU: 1500 ICMPv6 Option (Prefix information) Type: Prefix information (3) Length: 32 Prefix Length: 64 Prefix: 2001:db8:cafe:1:: Recommended Hop Limit value for hosts M and O flags indicate that no information is available via DHCPv6 Router R1’s MAC address MTU of the link. Prefix-length (/64) to be used for autoconfiguration. Prefix of this network to be used for autoconfiguration Router Advertisement Router Advertisement Message

18 10.3: Neighbor Solicitation and Neighbor Advertisement Messages

19 © Ethernet ARP Request/Reply ICMPv6: Neighbor Solicitation/Advertisement IPv4: ARP over Ethernet PC1 PC2 ARP Request Neighbor Advertisement Neighbor Solicitation 1 1 ARP Reply 2 2 Know IPv4, what is the MAC? My IPv4! Here is the MAC? Know IPv6, what is the MAC? My IPv6! Here is the MAC? ARP Request: Broadcast NS: MulticastNS: Solicited Node Multicast Ethernet IPv6 Header IPv6: ICMPv6 over IPv6 over Ethernet Address Resolution: IPv4 and IPv6 ARP Cache Neighbor Cache

20 © PC1 PC2 Neighbor Advertisement 4 4 Neighbor Solicitation 1 1 Neighbor Solicitation and Neighbor Advertisement 2001:DB8:CAFE:1::100/64 MAC Address B-D9-C6-44 Neighbor Cache 2001:DB8:CAFE:1::200/64 FF02::1:FF00:200 (Solicited Node Multicast) MAC Address 00-1B A2-1E ICMPv6: Neighbor Solicitation/Advertisement NS: MulticastNS: Solicited Node Multicast Ethernet IPv6 Header PC1> ping 2001:DB8:CAFE:1:: NA: Unicast

21 © Neighbor Solicitation PC1 PC2 Neighbor Solicitation MAC Address B-D9-C6-44 Neighbor Cache MAC Address 00-1B A2-1E 2001:DB8:CAFE:1::100/ :DB8:CAFE:1::200/64 FF02::1:FF00:200 (Solicited Node Multicast) I know the IPv6, but what is the MAC?

22 © Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 33:33:ff:00:02:00 Internet Protocol Version = Version: = Traffic class: 0x = Flowlabel: 0x Payload length: 32 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: 2001:db8:cafe:1::100 Destination: ff02::1:ff00:200 Internet Control Message Protocol v6 Type: 135 (Neighbor solicitation) Code: 0 Checksum: 0xbbab [correct] Reserved: 0 (Should always be zero) Target: 2001:db8:cafe:1::200 ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: 00:21:9b:d9:c6:44 Global unicast address of PC1 Solicited-node multicast address of PC2 Neighbor Solicitation message Target IPv6 address, needing MAC address (if two devices have the same solicited node address, this resolves the issue) Next header is an ICMPv6 header MAC address of the sender, PC1 Mapped multicast address for PC2 PC1 NS

23 © Neighbor Advertisement PC1 PC2 Neighbor Advertisement MAC Address B-D9-C6-44 Neighbor Cache MAC Address 00-1B A2-1E 2001:DB8:CAFE:1::100/ :DB8:CAFE:1::200/64 FF02::1:FF00:200 (Solicited Node Multicast) It’s my IPv6 and here is my MAC?

24 © Ethernet II, Src: 00:1b:24:04:a2:1e, Dst: 00:21:9b:d9:c6:44 Internet Protocol Version = Version: = Traffic class: 0x = Flowlabel: 0x Payload length: 32 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: 2001:db8:cafe:1::200 Destination: 2001:db8:cafe:1::100 Internet Control Message Protocol v6 Type: 136 (Neighbor advertisement) Code: 0 Checksum: 0x1b4d [correct] Flags: 0x Target: 2001:db8:cafe:1::200 ICMPv6 Option (Target link-layer address) Type: Target link-layer address (2) Length: 8 Link-layer address: 00:1b:24:04:a2:1e Next header is an ICMPv6 header Unicast MAC address of PC1 Global unicast address of PC2 Global unicast address of PC1 Neighbor Advertisement message MAC address of the sender, PC2 IPv6 address of the sender, PC2 PC2 NA

25 © ICMPv6 Duplicate Address Detection (DAD) Duplicate Address Detection (DAD) is used to guarantee that an IPv6 unicast address is unique on the link. A device will send a Neighbor Solicitation for its own unicast address (static or dynamic). After a period of time, if a NA is not received, then the address is deemed unique. Once required, RFC was updated to where it is only recommended - /64 Interface ID makes duplicates unlikely! PC2 Hopefully no Neighbor Advertisement Neighbor Solicitation Global Unicast :DB8:CAFE:1::200 Link-local - FE80::1111:2222:3333:4444 See the process with: R1# debug ipv6 nd

26 10.4: Neighbor Cache

27 © Neighbor Cache PC1 Neighbor Cache IPv6 Address MAC Address 2001:DB8:ACAD:1:: bd9.c644 Neighbor Cache IPv6 Address MAC Address 2001:DB8:ACAD:1:: bd9.c644 IPv :DB8:ACAD:1::10 MAC bd9.c644 Neighbor Advertisement Neighbor Solicitation ? Neighbor Cache – Maps IPv6 addresses with Ethernet MAC addresses Similar to ARP Cache for IPv4 5 States (2 noticeable and 3 transitory): Reachable: Packets have recently been received providing confirmation that this device is reachable. Stale: A certain time period has elapsed since a packet has been received from this address. Transitory States: INCOMPLETE, DELAY, PROBE

28 © R1# show ipv6 neighbors IPv6 Address Age Link-layer Addr State Interface FE80::50A5:8A35:A5BB:66E bd9.c644 STALE Fa0/0 2001:DB8:AAAA:1:: bd9.c644 STALE Fa0/0 R1# ping 2001:db8:aaaa:1::100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA:1::100, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms R1# show ipv6 neighbors IPv6 Address Age Link-layer Addr State Interface FE80::50A5:8A35:A5BB:66E bd9.c644 STALE Fa0/0 2001:DB8:AAAA:1:: bd9.c644 REACH Fa0/0 R1# Neighbor Cache

29 © No Entry Exists Incomplete Reachable Stale – no action required (Requires resolution again) Delay (Resolution pending) Probe (Reresolution in progress) Neighbor Solicitation (NS) sent NA received Reachable Time exceeded (default 30 sec) Or Unsolicited NA received Packet sent Packet returned (TCP increasing ACK) 5 sec NS sent and NA received 3 NS sent with no NA returned Neighbor Cache (“ARP Cache”) Neighbor Cache FSM See the process with: R1# debug ipv6 nd

30 © ICMP Neighbor Discovery events debugging is on R1# ping 2001:db8:aaaa:1::100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA:1::100, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms *Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Resolution request *Oct 16 01:41:51.575: ICMPv6-ND: Created ND Entry Chunk pool *Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) DELETE -> INCMP *Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Sending NS *Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Queued data for resolution *Oct 16 01:41:51.579: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Received NA from 2001:DB8:AAAA:1::100 *Oct 16 01:41:51.579: ICMPv6-ND: Validating ND packet options: valid *Oct 16 01:41:51.579: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) LLA c471.fe7d.9c29 *Oct 16 01:41:51.579: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) INCMP -> REACH *Oct 16 01:42:21.639: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) REACH -> STALE R1# Neighbor Cache

31 © For more information please check out my Cisco Press book and video series: IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6 By Rick Graziani ISBN-10: IPv6 Fundamentals LiveLessons: A Straightforward Approach to Understanding IPv6 By Rick Graziani ISBN-10:

32 10: ICMPv6 Neighbor Discovery Rick Graziani Cabrillo College


Download ppt "10: ICMPv6 Neighbor Discovery Rick Graziani Cabrillo College"

Similar presentations


Ads by Google