1 CMPT 471 Networking II ICMPv6 © Janice Regan, 2012

1

CMPT 471Networking II

ICMPv6

© Janice Regan, 2012

Link local - site local Link local addresses can only be used

with a direct physical connection (FE80::)

(addresses reached by IPv4 broadcast) Site local addresses can be routed within

a local site internet, but not onto the Internet (FEC0::) (similar to IPv4 reserved addresses like those on network 192.168.0.0)

© Janice Regan, 2012 2


ICMPv6 message header format ICMPv6 message header format is the same as ICMPv4 Each ICMP message has its own format, but all start

with the same three fields A type field (1 octet) indicating which type of ICMP

message follows A 1 octet code following the type that further defines

the message (see text for list) For example type specifies destination unreachable, code

specifies router or host The 3rd common field is a 2 octet checksum. The

checksum is calculated the same way as the IPv4 checksum, including the entire ICPM PDU in the calculation

Types and codes DIFFERENT The types and codes for ICMPv6

messages are completely different for those of ICMPv4 messages Many of the same messages are available

but their types and codes are now different Messages are divided into two groups

Errors (message numbers 1 to 127) Information messages (message numbers ≥ 128)


Some types and codes (error)


CODE

0- no route to destination1-communication administratively prohibited3-address unreachable4-port unreachable

0

0-hop limit exceeded1-fragment reassembly time exceeded

0-erroneous header field encountered1-next header type not recognized2-unrecognized option

Message number(message number for errors 1-127)

1 (destination unreachable)

2 (packet too big)

3 (time exceeded)

4 (parameter problem

Some more types (information)


Message number128 Echo request129 Echo reply

133 Router solicitation134 Router Advertisement135 Neighbor solicitation136 Neighbor advertisement137 Redirect message

Destination Unreachable ICMPv6 Destination Unreachable message is

sent when a router cannot forward the packet to (or toward) the destination because It has no route to the destination network in its

routing table It cannot find a requested host on its local network There is no server to deal with the incoming request The IPv6 address or port is administratively blocked


ICMPv6 Destination Unreachable


TYPE (1) CODE 0,1,2, or 3 CHECKSUM

unused

As much of invoking packet as will fit without the resulting ICMPv6 packet exceeding the minimum IPv6 MTU of 1280

VERS 6 TRAFFIC CLASS FLOW LABELPAYLOAD LENGTH NEXT HEADER HOP LIMIT

IPv6 source address

IPv6 destination addressIPv6 header

Destination unreachableMessage(ICMPv6)

Destination unreachable: codes0. No route to destination: No entry in routing table . that goes to destination network and no default route

1.Administratively Blocked: may be sent from a firewall that cannot forward a packet or if a host accepts only authenticated echo requests and receives on that is not authenticated

2.Address: cannot resolve network address, router on destination network cannot find requested host

3.Port: no listening server

No message equivalent to IPv4 source quench


Packet too big Sent by a router that cannot forward a packet

because it is larger than the MTU of the destination network.

Used as part of the MTU discovery process (source asks: how big should the packets I send be?)

Packet too big message includes a field for the MTU of the network that the packet could not enter (4 byte field after checksum, before data)


ICMPv6 TOO BIG message


TYPE (2) CODE 0 CHECKSUM

MTU of next network (the network with smaller MTU that prevented the packet being forwarded)



IPv6 source address


TOO BIGMessage(ICMPv6)

MTU discovery Assume MTU should be the size on the

interface the packet leaves the source through If the packet is too large at an intermediate

router, that router drops the packet and sends the source a packet too big message

Host now sends data with the smaller MTU Process in previous 3 steps can be repeated Host never sends with MTU below 1280 bytes


MTU discovery


NET 3MTU 1280

NET 3MTU 1500

NET 2MTU 1350

ICMP TOO BIG message MTU = 1350

ICMP TOO BIG message MTU =1280

IP packet MTU = 1500

IP packet MTU = 1350

IP packet MTU =1280

Time exceeded message Sent by a router when the lifetime of a packet

becomes 0 Two possible situations

Too many hops Waited too long for reassembly

CODE = 2: When fragments do not arrive by the time the reassembly time expires, a time exceeded message will be sent to the source


Time exceeded: hop count 0 Hop count is decremented at each router When hop count is 0 lifetime has expired CODE=1

When decrementing the hop count results in a hop count of zero the packet is dropped and a time exceeded message is sent to the source

When a packet arrives at a router and hop count = 0, the packet is dropped and a time exceeded message is sent to the source


ICMPv6 time exceeded



MTU of next network (the network with smaller MTU that prevented the packet being forwarded)



IPv6 source address


Time exceededMessage(ICMPv6)

traceroute6 The traceroute6 command is an example of the use of

the time exceeded message A UDP packet with a hop count of 1 is sent The first router reached sends back a time exceeded

message A packet with a hop count of 2 is sent The second router in the path sends back a time

exceeded message This is repeated, incrementing the hop count by 1 until the

packet reaches its destination Ubuntu sends 3 copies of each packet sent in the description above


Echo Reply Echo Request Used to test reachability of hosts Message format same as IPv4 (but with

different type) Identifier and sequence number still used

to match reply with its request In IPv4 not authenticated, can be

authenticated in IPv6 (verify source) Improves security


ICMPv6 echo request/reply


TYPE (128/129) CODE 0 CHECKSUM

INDENTIFIER



IPv6 source address


Echo request/replyMessage(ICMPv6)

SEQUENCE NUMBER

ping6 testing reachability The ping6 command for testing the reachability of

other hosts is an example of the use of echo request/reply pairs

Requests and replies are matched using the identifier field and sequence number field (both fields are identical for a matching reply and request)

If a matching reply is received host is reachable If no reply is received the host being “pinged” is

not reachable© Janice Regan, 2012 20

© Janice Regan, 2012 21From the TCP/IP Guide (online)

Neighbor Discovery protocol We have already discussed a part of the

neighbor Discovery protocol that replaces the ARP protocol and gratuitous ARP for IPv4. Address resolution Duplicate address detection

And additions to these protocol also adds some additional functionality used in these tasks Neighbor unreachability


Neighbor solicitation (NS) message



RESERVED (set to 0)

IPv6 TARGET ADDRESS (link local IP ADDRESS of B)

OPTIONS (VARIABLE LENGTHEthernet Address of source host A.

VERS 6 TRAFFIC CLASS FLOW LABEL

PAYLOAD LENGTH NEXT HEADER HOP LIMIT 255

IPv6 source address (address of A)

IPv6 destination address (solicited-node multicast address of B)

IPv6 header

Neighbor solicitationMessage(ICMP)

Neighbor advertisement (NA)



RESERVED (set to 0)

IPv6 TARGET ADDRESS (Copied from solicitation)

OPTIONS (VARIABLE LENGTH) Ethernet Address of source host (host B).



IPv6 source address

IPv6 destination address

IP header

Neighbor solicitationMessage(ICMP)

R|S|0

Router Discovery: Uses Router solicitation (RS) and Router

advertisement (RA) messages are used to Help hosts find the routers on the local network

segment Help hosts Determine the range of addresses in

the local network segment (prefix discovery) Supporting auto-config of IPv6 addresses Help hosts discover MTU of the local segment Help determine next hop destination


© Janice Regan, 2012 26From the TCP/IP Guide (online)

Router Advertisement RAs tell hosts on the network how to find the

routers on the network and some properties of the networks to which they are attached

Periodic RAs are usually sent at regular intervals. They are sent to all hosts on the network (sent to all hosts multicast address)

A responding Ra is sent to reply to RS Host’s use RAs, Routers ignore all received RAs.



IPv6: information in RA (1) Information in RAs support

Router Discovery: How hosts locate routers that reside on an attached link.

Prefix Discovery: How hosts discover the set of address prefixes that define which destinations are on-link for an attached link. (Nodes use prefixes to distinguish destinations that reside on-link from those only reachable through a router.)

From RFC 2461


IPv6: information in RA (2) Information in RAs support

Address Auto configuration: How nodes automatically configure an address for an interface.

Address resolution: How nodes determine the link-layer address of an on-link destination (e.g., a neighbor) given only the destination's IP address. (supply needed prefix information)

From RFC 2461


IPv6: information in RA (3) Information in RAs supports

Next-hop determination: The algorithm for mapping an IP destination address into the IP address of the neighbor to which traffic for the destination should be sent. The next- hop can be a router or the destination itself.

Parameter Discovery: How a node learns such link parameters as the link MTU or such Internet parameters as the hop limit value to place in outgoing packets.

From RFC 2461


Improvements over IPv4 RAs carry link-layer addresses

No additional packet exchange is needed to resolve the router's link-layer address. (ARP not needed)

RAs carry prefixes for a link There is no need for mask request/reply messages to

obtain subnet or network sizes (masks) RAs enable Address Auto-configuration. RAs can advertise a link MTU

Hosts use this MTU on the link, ensures that all nodes on the link use the same MTU

From RFC 2461

Periodic Router Advertisement Periodic RAs tell hosts on the network how to find

the routers on the network and some properties of the networks to which they are attached

Periodic RA’s are usually sent at regular intervals. They are sent to all hosts on the network (sent to all hosts multicast address)


Default Router: Router lifetime A default router is a router that is willing to

forward packets originating on the network segment receiving the RA.

Router Lifetime The lifetime associated with a default router entry in the cache in units of seconds (≤9000s). Default value is 3.

A router which is not willing to be a default router will advertise a lifetime of 0


Reply: Router advertisement


34


RESERVED

RETRANSMISSION TIMER (time in milliseconds between retransmission of NS messages).



IPv6 source address (link local address of sending interface)

IPv6 destination address (all nodes multicast address)

IP header

Router solicitationMessage(ICMP)

FlagsCur Hop Limit ROUTER LIFETIME

OPTIONS (VARIABLE LENGTH includes link layer address of sending interface, prefix information may include MTU

REACHABLE TIMER ≤1hr (time node assumes neighbor is reachable)

Reachable Timer Reachable Time:. The number of milliseconds,

that a node assumes a neighbor is reachable (after receiving a reachability confirmation)

Used by neighbor unreachability detection. Applies to both hosts and routers Must be < 1hr (3,600,000 millisecond)


Retransmission Timer Retransmission Timer : The number of

milliseconds, between retransmitted Neighbor Solicitation messages. (default 0, unspecified, do not change)

Used by neighbor unreachability detection Use by address resolution Default value in RA is 0, which means

unspecified,


Router Advertisement Flags M: managed address configuration

When set indicates addresses supplied by DHCPv6

O: other configuration flag Other configuration information (e.g. DNS info) is

available from the DHCPv6 server Redundant if M flag is set

H: Mobile Home agent flag Allows continued connectivity when moving from one

connection to internet to another, routing packets from home location to present location


Router Advertisement Flags PRF (2bits) Router selection preference

Optional, administrator configured preference, helps multi homed host pick different preferred routers available on different links

P: Neighbor Discovery Proxy Flag Proxy for cases when bridging is not possible


Router advertisement optionsOption format

OPTIONSLink layer addressMTUPrefix


TYPE LENGTH DATA (variable length)


Router/Parameter/Prefix Discovery A booting host does not want to wait for the next

periodic router advertisement A booting host can send a router solicitation

(RS) message to the all routers multicast address to prompt an immediate RA.

The default routers on the local link will each reply with an immediate RA

The information in these RAs will allow the booting host to discover the routers, parameters, and prefixes for the local network segment

Router solicitation message



RESERVED (set to 0)

OPTIONS (VARIABLE LENGTHEthernet Address of source the sending host.



IPv6 source address (IPv6 address of sending interface)

IPv6 destination address (all-routers multicast address)

IPv6 header


Router Solicitation Sent by a host to determine where the routers

on the local network are and parameters to use When a host needs this information NOW not at the

end of the next interval (which may be several minutes)

Receiving a RS will cause the default routers to unicast a router advertisement to the requestor

Receiving a RS will reset the routers periodic transmission timer (next RA will be 1 period after reception of the RS)


Reply: Router advertisement


43


RESERVED

RETRANSMISSION TIMER (time in milliseconds between retransmission of NS messages).



IPv6 source address (link local address of sending interface)

IPv6 destination address (source address of the RS being replied to)

IP header


FlagsCur Hop Limit ROUTER LIFETIME

OPTIONS (VARIABLE LENGTH includes link layer address of sending interface, prefix information may include MTU

REACHABLE TIMER ≤1hr (time node assumes neighbor is reachable)

Prefix Discovery How a host determines the set of prefixes

that are on-link, the size and initial address of each range of valid addresses (accessible without going through a router) Prefixes sent as part of the options in the RA

tell us the on link addresses that are available

How are the prefixes sent in the RA?


What a prefix option looks like


TYPE 3 LENGTH 4 PREFIX LENGTH |L|A| RESERVED

VALID LIFETIME (time in seconds after RA is sent that the prefix is valid)

PREFERRED LIFETIME

RESERVED (both reserved fields must be all 0)

PREFIX (PREFIX LENGTH bits of the binary digits in the prefix of the IP address, followed by 128-PREFIXLENGTH zeros)

L Flag is set when prefix can be used to determine if addresses are on link A Flag is set when prefix can be used for autonomous address configurationA lifetime of all 1’s represents infinity

Prefix discovery Each router should include all prefixes it

supports on the local link in the options field of the RA.

Prefix options with the L flag sent are available on link

Host can combine prefixes with L bit set from the RA’s of all routers to determine all available prefixes on the local link


Parameter Discovery How a node learns IP and link parameters used to

send packets link parameters as such as

the link MTU to determine size of packets to send the retransmission time for NS messages Router lifetime Determine approach to configuration (M flag)

Internet parameters such as the hop limit value to place in outgoing packets. (from the Cur Hop limit field in the RA)



Parameter Discovery: uses Router announcements allow one to

Choose stateful configuration (DHCP M flag 1) Or choose stateless auto configuration of addresses

(M flag 0) Update values such as Cur Hop Limit Reachable

Time, and Retransmission Timer, MTU. If the value given is 0 this means that the existing values

should continue to be used, NOT that values should be set to the default or to 0

Immediately send to router after receiving and processing RA because Link local IP addresses and hardware level addresses of the router are provided

Updating parameters A router may send a RA to update any

parameter/option that can have only one value If a different value is given in the RA that the host is

presently using, the value the host is using should be updated.

Some parameters (Cur Hop limit, Reachable Time and Retransmission Timer) can be given the value 0 (unspecified). This means that the current value should continue to be used.


VALID

Auto configuration outline


TENTATIVE

PREFERREDNormal operation

DEPRECATED existing connections should use

new connections might not

INVALID

INITGenerate address

start timers (preferred lifetime,

valid lifetime)

Verify address

With DAD\

Timers restarted by arrival of RA

Or DHCPv6 renewal

Preferred lifetime expires

valid lifetime expires

RA received


IPv6 auto configuration (1) To make it easier to connect to a network IPv6

provides a process for auto configuration of IP address (and more) for a given node

1. When a node connects to the network it constructs a link local address (tentative address)


Construction of address1. When a node connects to the network it

constructs a link local address (tentative address)

The address begins with the link local prefix fe80::0/64 (link local address starts with 1111 1110 10 or fe80 followed by 54 0’s )

The last 64 bits will contain a modified Ethernet address of the node. The 64 bits will consist of

The first 24 bits of the Ethernet address The Intermediate 16 bits will be FFFE (if the

IEEE 802 algorithm is used) The final 24 bits of the Ethernet address


IPv6 auto configuration (2) To make it easier to connect to a network IPv6

provides a process for auto configuration of IP address (and more) for a given node

2. Node checks address using DAD sends NS to solicited node multicast address If a NA is received stop (NEED MANUAL CONFIG) Otherwise assign the link local address to the

interface


DAD details1. .

2. The next step is duplicate address detection (DAD, one of the parts of the neighbor discover protocol).

Some vendors ship multiple interfaces with the same Ethernet address, or units with configurable addresses, there is a finite chance that the constructed link local address is already in use.

A neighbor solicitation message with type 135 is sent to the tentative unicast address (source address 0::0)

If there is already a host with the tentative address it will reply to the neighbor solicitation message with a neighbor advertisement message multicast to all nodes multicast address. This message indicates it is send in reply to a solicitation message

If a reply to the neighbor solicitation message is received auto configuration aborts


IPv6 auto configuration (3a)1. .

3. Send router solicitation from the link local address to the all routers multicast address

4. If no router advertisements are received this indicates there is not IPv6 capable router available

The node will attempt to obtain an IP address using DHCPv6

If no DHCPv6 server is available the node communicates to other IPv6 hosts only locally, using the link local address (skip remaining autconfig steps)


IPv6 auto configuration (3b)1. .

3. Send a router solicitation message from the link local address to the all routers multicast address

4. Any IPv6 router that receives the router solicitation message will reply with a router advertisement unicast to the link local address of the auto-configuring node

IPv6 auto configuration (4) Use the parameters in the RA (or from DHCPv6) to

set the parameters of the interface (MTU, Retrans time, Reachable time, Hop Limit)

Choose default routers (Lifetime ≠0). Note that only default routers can have default routes

Use each of the prefixes with the A flag set in the RA (or from DHCPv6) to determine global address, test address with DAD, and initialize corresponding global address on the interface

Each interface has 1 address for each prefix


Documents

1 CMPT 471 Networking II ICMPv6 © Janice Regan, 2012