Upload
moshe
View
48
Download
3
Tags:
Embed Size (px)
DESCRIPTION
ICMPv6 & Neighbor Discovery Protocol: Learn It Rick Graziani CS/CIS Instructor Cabrillo College. Topics In this Presentation and An Introduction to ICMPv6. Internet Control Message Protocol (ICMPv6) . Described in RFC 4443 Much more robust than ICMP for IPv4 - PowerPoint PPT Presentation
Citation preview
1© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ICMPv6 & Neighbor Discovery Protocol: Learn ItRick GrazianiCS/CIS InstructorCabrillo College
Topics In this Presentation andAn Introduction to ICMPv6
3© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Internet Control Message Protocol (ICMPv6) • Described in RFC 4443
• Much more robust than ICMP for IPv4
• Contains new functionality and improvements.
• More than just “messaging” but “how IPv6 conducts business”.
• General message similar to ICMP for IPv4
• Also uses Type and Code fields like in ICMPv4.
• Two types of ICMPv6 messages• Error messages • Informational messages
4© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ICMPv6 Messages• The ICMPv6 error messages are:
• Destination Unreachable• Packet Too Big• Time Exceeded• Parameter Problem
• ICMPv6 informational messages used by the ping command:• Echo Request• Echo Reply
Similar to ICMP for IPv4.Quick look at these first.
We will familiarize ourselves with the IPv6 version of these.
5© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ICMPv6 Messages• ICMPv6 informational messages used for Multicast Listener Discovery
(RFC 2710 ):• Multicast Listener Query• Multicast Listener Report• Multicast Listener Done
• ICMPv6 informational messages used by Neighbor Discovery (RFC 4861):• Router Solicitation Message• Router Advertisement Message• Neighbor Solicitation Message• Neighbor Advertisement Message• Redirect Message
Similar to IGMP (Internet Group Message Protocol) for IPv4.We won’t be covering these.
Most of our time will be spent on the first four of these.Redirect Message is similar to Redirect Messages for IPv4.
6© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ipv6 unicast-routing
PC1R12001:0DB8:AAAA:0001::/64
MAC Address00-21-9B-D9-C6-44
2Neighbor Solicitation MessageFrom: :: (Unspecified source address)To: FF02::1:FFBB:66E1 (Solicited Node Multicast)Target IPv6 Address: FE80::50A5:8A35:A5BB:66E1
Link-local address (Tentative)
NDP Router Advertisement From: FE80::1 To: FF02::1 (All-nodes multicast)
NDP Router Solicitation From: FE80::50A5:8A35:A5BB:66E1 To: FF02::2 (All-routers multicast)
3
4
6 Neighbor Solicitation MessageFrom: :: (Unspecified source address)To: Solicited Node MulticastTarget IPv6 Address:
Addressing Information Added5
1Link-local address automatically created
DAD performed onLink-local address
Global unicast address created using SLAAC
DAD performed on global unicast address
Stateless Address Autconfiguration
7© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ipv6 unicast-routing
3
4
2001:DB8:AAAA:1::100/64
PC1
R1
Neighbor Solicitation MessageFrom Ethernet MAC address: 00-21-9B-D9-C6-44To Ethernet MAC address: 33-33-FF-00-02-00 (IPv6 Mapped Multicast)
From: 2001:DB8:AAAA:1::100To: FF02::1:FF00:200 (Solicited Node Multicast)
Target IPv6 Address: 2001:DB8:AAAA:1::200Link-layer address: 00:21:9B:D9:C6:44
PC2
2001:0DB8:AAAA:0001::/64
2001:DB8:AAAA:1::200/64FF02::1:FF00:200 (Solicited Node Multicast)
Neighbor Advertisement MessageFrom Ethernet MAC address: 00-1B-24-04-A2-1ETo Ethernet MAC address: 00-21-9B-D9-C6-44
From: 2001:DB8:AAAA:1::200To: 2001:DB8:AAAA:1::100
Target IPv6 Address: 2001:DB8:AAAA:1::200Link-layer address: 00:1B:24:04:A2:1E
MAC Address00-21-9B-D9-C6-44
MAC Address00-1B-24-04-A2-1E
PC1> ping 2001:DB8:AAAA:1::200 1Neighbor Cache<empty until step 5>
2 5
Address Resolution (ARP in IPv4)
8© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
No Entry Exists Incomplete
Reachable
Stale – no action required(Requires reresolution)
Delay(Resolution pending)
Probe(Reresolution in progress)
Neighbor Solicitation (NS) sent
Neighbor Advertisement (NA) received
Reachable Time exceeded (timeout)OrUnsolicited NA received
Packet sentPacket returned
5 sec
NS sent andNa received
3 NS sent with no NA
• Neighbor Solicitation (NS) = ARP Request
• Neighbor Advertisement (NA) = ARP Reply
3 NS sent with no NA
Neighbor Cache (“ARP Cache”)Neighbor Cache FSM
General Message Format
ICMPv6 Error Messages
10© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
IPv6 Next Header Value: 58 decimal or 3A hexadecimal
IPv6 Header
Next Header58
ICMPv6 Header
ICMPv6 Message Body
IPv6 Data
ICMPv6 General Message Format (similar to ICMP for IPv4)
Type Code Checksum
8 16 3224
Message Body
Next Header and General Message Format
11© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
The first messages we will examine…• The ICMPv6 error messages are:
• Destination Unreachable• Packet Too Big• Time Exceeded• Parameter Problem
• ICMPv6 informational messages used by the ping command:• Echo Request• Echo Reply
Similar to ICMP for IPv4.Quick look at these first.
We will familiarize ourselves with the IPv6 version of these.
12© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Destination Unreachable Message
• Sent when a packet cannot be delivered to its destination for reasons other than congestion.
• A router (or a firewall) usually generates these messages.
• Various code values give more detail, such as (4) port unreachable.
13© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Packet Too Big Message
• Important difference with IPv6…
• IPv4 routers fragment a packet when the MTU (Maximum Transmission Unit) of the outgoing link is smaller than the size of the packet. • The destination device is responsible for reassembling the fragmented
packets.
• IPv6 routers do not fragment packets (unless it is the source of the packet).
14© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Source DestinationMTU = 1500 MTU = 1500 MTU = 1350 MTU = 1500
IPv6 Packet with MTU = 1,500 bytes
ICMPv6 Packet Too Big message, use MTU 1,350
IPv6 Packet with MTU = 1,350 bytes
1
2
3
Packet Received4
R1 R2 R3
PC-APC-B
Path MTU DiscoveryMTU of outgoing link smaller than
packet size – drop packet
15© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Time Exceeded Message
• Before a router forwards an IPv6 packet it decrements the Hop Limit field by one.
• If the Hop Limit (same as TTL in IPv4) results in a zero
• Packet is dropped and a Time Exceeded message is sent to the source.
16© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Parameter Problem Message
• Generated when a receiving device finds a problem with a field in the main IPv6 header such as the Next Header field.
• Means the device didn’t understand the information in the IPv6 header and had to discard it.
ICMPv6 Informational Messages:Echo Request and Echo Reply
18© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Type = 128 or 129 Code = 0 Checksum
8 16 3224
Data
Identifier Sequence Number
Echo Reply: Type = 128Echo Request: Type = 129
• Like for IPv4, ICMPv6 Echo Request and Echo Reply are two ICMP messages used by ping.
ICMPv6 Echo Request and Echo Reply Messages
19© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
IPv6 Topology
2001:0DB8:AAAA:1::100FE80::50A5:8A35:A5bb:66E1
2001:0DB8:AAAA:1::200
2001:0DB8:AAAA:2::/64
2001:0DB8:AAAA:1::/64
Fa0/0 .1Fa0/1 .1 Fa0/0 .2
R1 R2
2001:0DB8:AAAA::/48
FE80::1/64FE80::1/64 FE80::2/64
PC1 PC2
20© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Ping global unicast address from PC1 to R1
PC1> ping 2001:db8:aaaa:1::1
Pinging 2001:db8:aaaa:1::1 from 2001:db8:aaaa:1::100 with 32 bytes of data:
Reply from 2001:db8:aaaa:1::1: time=1msReply from 2001:db8:aaaa:1::1: time=1msReply from 2001:db8:aaaa:1::1: time=1msReply from 2001:db8:aaaa:1::1: time=1ms
Ping statistics for 2001:db8:aaaa:1::1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms
PC1>
21© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Echo Request from PC1 to R1Internet Protocol Version 6 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 40 Next header: ICMPv6 (0x3a) Hop limit: 128 Source: 2001:db8:aaaa:1::100 Destination: 2001:db8:aaaa:1::1
Internet Control Message Protocol v6 Type: 128 (Echo (ping) request) Code: 0 (Should always be zero) Checksum: 0x8f38 [correct] ID: 0x0001 Sequence: 0 Data (32 bytes)
22© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Internet Protocol Version 6 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 40 Next header: ICMPv6 (0x3a) Hop limit: 64 Source: 2001:db8:aaaa:1::1 Destination: 2001:db8:aaaa:1::100
Internet Control Message Protocol v6 Type: 129 (Echo (ping) reply) Code: 0 (Should always be zero) Checksum: 0x8e38 [correct] ID: 0x0001 Sequence: 0 Data (32 bytes)
Echo Reply from R1 to PC1
23© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
R1# ping fe80::50a5:8a35:a5bb:66e1Output Interface: fastethernet 0/0% Invalid interface. Use full interface name without spaces (e.g. Serial0/1)Output Interface: fastethernet0/0Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to FE80::50A5:8A35:A5BB:66E1, timeout is
2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 msR1#
Ping link-local address from R1 to PC1
24© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Echo Request: Link-local address from R1 to PC1Internet Protocol Version 6 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 60 Next header: ICMPv6 (0x3a) Hop limit: 64 Source: fe80::1 Destination: fe80::50a5:8a35:a5bb:66e1
Internet Control Message Protocol v6 Type: 128 (Echo (ping) request) Code: 0 (Should always be zero) Checksum: 0x0444 [correct] ID: 0x0a24 Sequence: 0 Data (52 bytes)
25© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Internet Protocol Version 6 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 60 Next header: ICMPv6 (0x3a) Hop limit: 64 Source: fe80::50a5:8a35:a5bb:66e1 Destination: fe80::1
Internet Control Message Protocol v6 Type: 129 (Echo (ping) reply) Code: 0 (Should always be zero) Checksum: 0x0344 [correct] ID: 0x0a24 Sequence: 0 Data (52 bytes)
Echo Reply: Link-local address from PC1 to R1
ICMPv6 Informational MessagesUsed by Neighbor Discovery
Router Solicitation MessageRouter Advertisement MessageNeighbor Solicitation MessageNeighbor Advertisement MessageRedirect Message
Router Solicitation & Router Advertisement Messages
andSLAAC (Stateless Address
Autoconfiguration)
28© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Hosts and Addressing• Static configuration
• Stateless Address Autoconfiguration (SLAAC)• SLAAC only
• SLAAC with DHCPv6
• Note: Host OS determines if it will use EUI-64 or random value for Interface ID
• Stateful Autoconfiguration• DHCPv6 only
29© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Stateless Address Autoconfiguration (SLAAC)
• Stateless Address Autoconfiguration (SLAAC) is an automatic method for assigning global unicast addresses to interfaces. • Defined in RFC 4862, IPv6 Stateless Address Autoconfiguration
• Uses:• Prefix and other information from -> ND Router Advertisement• Interface ID from -> IEEE modified EUI-64 format or random value
• No need for DHCPv6 server (unless need DNS)
NDP Router Solicitation
ipv6 unicast-routing
1
2
MAC: 00-19-D2-8C-E0-4C
RouterA
EUI-64NDP Router Advertisement
30© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ipv6 unicast-routingR1
DHCPv6 Server
R1(config)# ipv6 unicast-routing
• Router Solicitation and Router Advertisement messages are about communications between a host and a router.
• Router Advertisement includes:• Prefix, prefix-length, default-gateway, MTU, Hop limit and more.
NDP Router AdvertisementNDP Router Solicitation “Need information from the router”
Time for me to send out a Router
AdvertisementI just booted up, send
me a Router Advertisement
31© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ipv6 unicast-routing
2
R1
DHCPv6 Server
NDP Router Solicitation “Need information from the router”
1
• The router’s Router Advertisement can determine how the host gets its dynamic address configuration.
• ipv6 unicast-routing command enables router to send Router Advertisements.
NDP Router Advertisement “I’m everything you need (Prefix, Prefix-length, Default Gateway)” Or“Here is my information but you need to get other information such as DNS addresses from a DHCPv6 server.”Or“I can’t help you. Ask a DHCPv6 server for all your information.”
32© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
NDP Router Advertisement Prefix: 2001:DB8:AAAA:1:: Prefix-length: /64To: FF02::1 (All-hosts multicast)From: FE80::1 (Link-local address)
NDP Router Solicitation
ipv6 unicast-routing
12
3
MAC: 00-19-D2-8C-E0-4C
Prefix: 2001:DB8:AAAA:1:: Prefix-length: /64EUI-64 Interface ID: 02-19-D2-FF-FE-8C-E0-4CGlobal Unicast Address: 2001:DB8:AAAA:1:0219:D2FF:FE8C:E04CDefault Gateway: FE80::1 (Default Router List)
PC1> ipconfig IPv6 Address. . . . . . : 2001:DB8:AAAA:1:0219:D2FF:FE8C:E04C Default Gateway . . . . : fe80::1
R1
EUI-64
Duplicate Address Detection (DAD)4
33© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
NDP Router Advertisement “Here is my information but you need to get other information such as DNS addresses from a DHCPv6 server.”Or“I can’t help you. Ask a DHCPv6 server for all your information.”
NDP Router Solicitation
ipv6 unicast-routing
1
2 3
R1
4 DHCPv6 Advertise Message“I’m a DHCPv6 Server.”
DHCPv6 Solicit Message“I need a DHCPv6 Server.”
DHCPv6 Server
5 DHCPv6 Request Message“I need addressing information.
6 DHCPv6 Reply Message“Here is your address and other information.”
Stateless AddressingDHCPv6 Addressing
Duplicate Address Detection (DAD)7
34© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ICMPv6 Router Solicitation Message
Type = 133 Code = 0 Checksum
8 16 3224
Valid Options:Source link-layer address
Reserved
ICMPv6 Router Advertisement Message
Type = 134 Code = 0 Checksum8 16 3224
Possible Options: Source link-layer address MTU Prefix Information
Reachable Time
Retrans Time
Cur Hop Limit Reserved Router LifetimeM O
A closer look at the protocol
35© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
NDP Router Advertisement From: FE80::1To: FF02::1 (All-nodes multicast) Prefix: 2001:DB8:AAAA:1:: Prefix-length: /64
NDP Router Solicitation From: FE80::50A5:8A35:A5BB:66 To: FF02::2 (All-routers multicast)
ipv6 unicast-routing
1
2
3
MAC: 00-21-9B-D9-C6-44
PC1
R1
Prefix: 2001:DB8:AAAA:1:: [EUI-64: Not used, Interface ID is randomly generated]Global Unicast Address: 2001:DB8:AAAA:1:50A5:8A35:A5BB:66E1Prefix-length: /64
2001:0DB8:AAAA:0001::/64
4 Default Router ListDefault Gateway: FE80::1
Link-local address: FE80::50A5:8A35:A5BB:66E1
Randomly generated Inter ID
36© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Router Solicitation (RS) from PC1
Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 33:33:00:00:00:02
Internet Protocol Version 6 0110 .... = Version: 6 [Traffic class and Flowlabel not shown] Payload length: 16 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::50a5:8a35:a5bb:66e1 Destination: ff02::2
Internet Control Message Protocol v6 Type: 133 (Router solicitation) Code: 0 Checksum: 0x3277 [correct] ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: 00:21:9b:d9:c6:44
Link-local address of PC1All-routers multicast address
Router Solicitation message
MAC address of PC1 butRA sent as all-host multicast
Next header is an ICMPv6 header
All IPv6 routers multicast MAC address
37© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
R1(config)# ipv6 unicast-routing
R1# show ipv6 interface fastethernet 0/0FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 Global unicast address(es): 2001:DB8:AAAA:1::1, subnet is 2001:DB8:AAAA:1::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 MTU is 1500 bytes <output omitted for brevity> ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses.R1#
All-routers multicast group
38© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Router Advertisement (RA) from Router R1
Ethernet II, Src: 00:03:6b:e9:d4:80, Dst: 33:33:00:00:00:01
Internet Protocol Version 6 0110 .... = Version: 6 .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 64 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::1 Destination: ff02::1
Link-local address of R1. Added to the Default Router List and is the address hosts will use as their default gateway
All-nodes multicast group
Next Header is an ICMPv6 header
All IPv6 hosts multicast MAC address
39© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Router Advertisement from Router R1 – some fields omitted
Internet Control Message Protocol v6 Type: 134 (Router advertisement) Code: 0 Cur hop limit: 64 Flags: 0x00 ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: 00:03:6b:e9:d4:80 ICMPv6 Option (MTU) Type: MTU (5) Length: 8 MTU: 1500 ICMPv6 Option (Prefix information) Type: Prefix information (3) Length: 32 Prefix Length: 64 Prefix: 2001:db8:aaaa:1::
Recommended Hop Limit value for hosts M and O flags indicate that no information is available via DHCPv6
R1’s MAC address
MTU of the link.
Prefix-length (/64) to be used for autoconfiguration.Prefix of this network to be used for
autoconfiguration
40© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
M and O Flags
• M Flag: Managed Address Configuration flag• Tells the host whether to use the configuration information in this Router
Advertisement (SLAAC by default) or to get all of its information from a DHCPv6 server.
• O Flag: Other Configuration flag• When SLAAC is being used (using the RA), it tells the host whether more
information (like DNS) is available from a DHCPv6 server.
Internet Control Message Protocol v6 Type: 134 (Router advertisement) Code: 0 Cur hop limit: 64 Flags: 0x00 <output omitted for brevity?
M and O flags
Router Advertisement message
41© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ipv6 unicast-routingR1DHCPv6 Server
NDP Router Advertisement
M Flag = 0 (Default)Use SLAAC, info in RA, prefix, etc.M Flag = 1Use DHCPv6 for everything
O Flag = 0 (Default)No additional information via DHCPv6O Flag = 1Additional information via DHCPv6 like DNS address
X
X
M FlagSLAAC or DHCPv6?
O FlagAdditional informationvia DHCPv6?
R1(config)# ipv6 managed-config-flag
R1(config)# ipv6 other-config-flag
Address Resolution
43© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Neighbor Solicitation and Neighbor Advertisement • Two more protocols used with ICMPv6 Neighbor Discovery:
• Neighbor Solicitation• Neighbor Advertisement
• Used by a device to:• Request layer 2 address information from another device on the
same network• Provide this information to the requesting device.
• Part of three important processes:• Address resolution (like ARP in IPv4)• Duplicate Address Detection (DAD) • Neighbor Unreachability Detection (NUD)
44© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ICMPv6 Neighbor Solicitation Message
ICMPv6 Neighbor Advertisement Message
If this is your Target IPv6 Address please send me your MAC address.
The Target IPv6 Address you are looking for belongs to me, here is my layer 2 (MAC) address.
45© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ipv6 unicast-routing
3
4
2001:DB8:AAAA:1::100/64
PC1
R1
Neighbor Solicitation MessageFrom Ethernet MAC address: 00-21-9B-D9-C6-44To Ethernet MAC address: 33-33-FF-00-02-00 (IPv6 Mapped Multicast)
From: 2001:DB8:AAAA:1::100To: FF02::1:FF00:200 (Solicited Node Multicast)
Target IPv6 Address: 2001:DB8:AAAA:1::200MAC address of PC1: 00:21:9B:D9:C6:44
PC2
2001:0DB8:AAAA:0001::/64
2001:DB8:AAAA:1::200/64FF02::1:FF00:200 (Solicited Node Multicast)
Neighbor Advertisement MessageFrom Ethernet MAC address: 00-1B-24-04-A2-1ETo Ethernet MAC address: 00-21-9B-D9-C6-44
From: 2001:DB8:AAAA:1::200To: 2001:DB8:AAAA:1::100
Target IPv6 Address: 2001:DB8:AAAA:1::200MAC address of PC2: 00:1B:24:04:A2:1E
MAC Address00-21-9B-D9-C6-44
MAC Address00-1B-24-04-A2-1E
PC1> ping 2001:DB8:AAAA:1::200 1Neighbor Cache<empty until step 5>
2 5
Address Resolution (ARP in IPv4)
46© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
IPv6 Addressing
What about that Solicited Node Multicast?
MulticastUnicast Anycast
Assigned Solicited Node
Global Unicast
UnspecifiedLoopback Embedded IPv4Link-Local Unique
Local
FF00::/8 FF02::1:FF00:0000/104
::/128::1/1282000::/3
3FFF::/3
FE80::/10FEBF::/10
FC00::/7
FDFF::/7
::/80
47© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
NIC: I will also listen for my MAC multicast addressesIP: I will also listen for my IP multicast addresses (Global and Link-local)
Global Unicast Address:Solicited Node
Multicast(Global):
MAC Unicast Address:Multicast (MAC):
2001:0DB8:AAAA:0001:0000:0000:0000:0200FF02::1:FF00:200
00-1B-24-04-A2-1E33-33-FF-00-02-00
PC-2
Why Solicited Node Addresses?• Devices also have solicited node multicast
addresses• Broadcasts are sent to all devices.• Devices must process all broadcasts at least to
layer 3.• Solicited Node Multicasts are only processed by
those devices with the matching last 24 bits (usually one device).
• If I know the IPv6 address but not the MAC address I can send it to a solicited node addresses instead of a broadcast to everyone…
Broadcasts
48© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Interface ID
FF02 0000 0000 0000 0000 0001 FF
Global Routing Prefix104 bits
24 bits
PC2’s Global Unicast Address
PC2’s IPv6 Solicited-Node Multicast Address
Copy
PC2’s IPv6 Solicited-node multicast address: FF02::1:FF00:200PC2’s mapped solicited-node Ethernet multicast address : 33-33-FF-00-02-00
Subnet ID
2001:0DB8:AAAA 0001 0000:0000:00 00:0200
00:0200
FF-00-02-00
Copy
33-33Solicited-node Multicast address mapped to Ethernet destination MAC address
49© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Neighbor Solicitation from PC1 (ARP Request)Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 33:33:ff:00:02:00
Internet Protocol Version 6 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 32 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: 2001:db8:aaaa:1::100 Destination: ff02::1:ff00:200
Internet Control Message Protocol v6 Type: 135 (Neighbor solicitation) Code: 0 Checksum: 0xbbab [correct] Reserved: 0 (Should always be zero) Target: 2001:db8:aaaa:1::200 ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: 00:21:9b:d9:c6:44
Global unicast address of PC1Solicited-node multicast address of PC2
Neighbor Solicitation message
Target IPv6 address, needing MAC address
Next header is an ICMPv6 header
MAC address of the sender, PC1
Mapped multicast address for PC2
50© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Neighbor Advertisement from PC2 (ARP Reply)Ethernet II, Src: 00:1b:24:04:a2:1e, Dst: 00:21:9b:d9:c6:44
Internet Protocol Version 6 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 32 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: 2001:db8:aaaa:1::200 Destination: 2001:db8:aaaa:1::100
Internet Control Message Protocol v6 Type: 136 (Neighbor advertisement) Code: 0 Checksum: 0x1b4d [correct] Flags: 0x60000000 Target: 2001:db8:aaaa:1::200 ICMPv6 Option (Target link-layer address) Type: Target link-layer address (2) Length: 8 Link-layer address: 00:1b:24:04:a2:1e
1 1 0 – Router Flag = 1, Solicitation Flag = 1, Override Flag = 0
Next header is an ICMPv6 header
Unicast MAC address of PC2
Global unicast address of PC2Global unicast address of PC1
Neighbor Advertisement message
MAC address of the sender, PC2
IPv6 address of the sender, PC2
51© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ipv6 unicast-routing
2001:DB8:AAAA:1::100/64
PC1
R1
PC2
2001:0DB8:AAAA:0001::/64
2001:DB8:AAAA:1::200/64FF02::1:FF00:200 (Solicited Node Multicast)
MAC Address00-21-9B-D9-C6-44
MAC Address00-1B-24-04-A2-1E
PC1> ping 2001:DB8:AAAA:1::200 1Neighbor Cache<empty until step 5>
2 5
6ICMPv6 Echo RequestFrom Ethernet MAC address: 00-21-9B-D9-C6-44To: Ethernet MAC address: 00-1B-24-04-A2-1E
From: 2001:DB8:AAAA:1::100To: 2001:DB8:AAAA:1::100
7
ICMPv6 Echo ReplyFrom: Ethernet MAC address: 00-1B-24-04-A2-1ETo: Ethernet MAC address: 00-21-9B-D9-C6-44
From: 2001:DB8:AAAA:1::200To: 2001:DB8:AAAA:1::100
3
4Neighbor Solicitation
Neighbor Advertisement
52© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ICMPv6 Echo Request from PC1Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 00:1b:24:04:a2:1e
Internet Protocol Version 6 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 40 Next header: ICMPv6 (0x3a) Hop limit: 128 Source: 2001:db8:aaaa:1::100 Destination: 2001:db8:aaaa:1::200
Internet Control Message Protocol v6 Type: 128 (Echo (ping) request) Code: 0 (Should always be zero) Checksum: 0x7b37 [correct] ID: 0x0001 Sequence: 13 Data (32 bytes)
53© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ICMPv6 Echo Reply from PC2Ethernet II, Src: 00:1b:24:04:a2:1e, Dst: 00:21:9b:d9:c6:44
Internet Protocol Version 6 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 40 Next header: ICMPv6 (0x3a) Hop limit: 64 Source: 2001:db8:aaaa:1::200 Destination: 2001:db8:aaaa:1::100
Internet Control Message Protocol v6 Type: 129 (Echo (ping) reply) Code: 0 (Should always be zero) Checksum: 0x7a37 [correct] ID: 0x0001 Sequence: 13 Data (32 bytes)
Duplicate Address Detection
55© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Duplicate Address Detection (DAD)
• Duplicate Address Detection (DAD) – Used to determine whether or not an address it wishes to use is already employed in use.
• Similar to a gratuitous ARP in IPv4.• With some exceptions, RFC 4861 recommends that DAD be performed
on every unicast address before it is assigned to an interface.
56© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Duplicate Address Detection (DAD)For Link-local address
ipv6 unicast-routing
PC1
R1
Link-local address (Tentative) – Used Random Interface IDFE80::50A5:8A35:A5BB:66E1
2001:0DB8:AAAA:0001::/64
Neighbor Advertisement Message if it is in use…To: FF02::1 (All-nodes multicast)
MAC Address00-21-9B-D9-C6-44
2
1
3
Neighbor Solicitation MessageFrom Ethernet MAC address: 00-21-9B-D9-C6-44To Ethernet MAC address: 33-33-FF-BB-66-E1 (IPv6 Mapped Multicast)
From: :: (Unspecified source address – I don’t have an IPv6 address yet)To: FF02::1:FFBB:66E1 (Solicited Node Multicast)
Target IPv6 Address: FE80::50A5:8A35:A5BB:66E1
Neighbor Cache
58© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Neighbor Cache• Similar to ARP tables in IPv4, the Neighbor Cache keeps track of the
reachability of neighbors: IPv6 address and MAC address mappings.• The Neighbor Cache entry can be in one of five states (RFC 4861):• Reachable: Packets have recently been received providing
confirmation that this device is reachable.• Stale: A certain time period has elapsed since a packet has been
received from this address.• Other three: (We will talk about all of these)
• INCOMPLETE—Address resolution is in progress, and the link-layer address is not yet known.
• DELAY—Neighbor is pending re-resolution, and traffic might flow to this neighbor.
• PROBE—Neighbor re-resolution is in progress, and traffic might flow to this neighbor.
59© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Neighbor Cache (“ARP Cache”) for R1R1# show ipv6 neighborsIPv6 Address Age Link-layer Addr State InterfaceFE80::50A5:8A35:A5BB:66E1 16 0021.9bd9.c644 STALE Fa0/02001:db8:aaaa:1::100 16 0021.9bd9.c644 STALE Fa0/0
R1# ping 2001:db8:aaaa:1::100
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA:1::100, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 msR1# show ipv6 neighborsIPv6 Address Age Link-layer Addr State InterfaceFE80::50A5:8A35:A5BB:66E1 16 0021.9bd9.c644 STALE Fa0/02001:DB8:AAAA:1::100 0 0021.9bd9.c644 REACH Fa0/0
R1#
60© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
No Entry Exists Incomplete
Reachable
Stale – no action required(Requires reresolution)
Delay(Resolution pending)
Probe(Reresolution in progress)
Neighbor Solicitation (NS) sent
Neighbor Advertisement (NA) received
Reachable Time exceeded (timeout)OrUnsolicited NA received
Packet sentPacket returned
5 sec
NS sent andNA received
3 NS sent with no NA returned
• Neighbor Solicitation (NS) = ARP Request
• Neighbor Advertisement (NA) = ARP Reply
3 NS sent with no NA returned
Neighbor Cache (“ARP Cache”)Neighbor Cache FSM
To summarize…
62© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Internet Control Message Protocol (ICMPv6) • Described in RFC 4443• Much more robust than ICMP for IPv4• Contains new functionality and
improvements. • General message similar to ICMP for IPv4• Also uses Type and Code fields like in
ICMPv4. • Two types of ICMPv6 messages
• Error messages • Informational messages
63© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ICMPv6 Messages• The ICMPv6 error messages are:
• Destination Unreachable• Packet Too Big• Time Exceeded• Parameter Problem
• ICMPv6 informational messages used by the ping command:• Echo Request• Echo Reply
Similar to ICMP for IPv4.Quick look at these first.
64© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ICMPv6 Messages• ICMPv6 informational messages used for Multicast Listener
Discovery (RFC 2710 ):• Multicast Listener Query• Multicast Listener Report• Multicast Listener Done
• ICMPv6 informational messages used by Neighbor Discovery (RFC 4861):• Router Solicitation Message• Router Advertisement Message• Neighbor Solicitation Message• Neighbor Advertisement Message• Redirect Message
Similar to IGMP (Internet Group Message Protocol) for IPv4.We won’t be covering these.
Most of our time will be spent on the first four of these.Redirect Message is similar to Redirect Messages for IPv4.
65© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ipv6 unicast-routing
PC1R12001:0DB8:AAAA:0001::/64
MAC Address00-21-9B-D9-C6-44
2Neighbor Solicitation MessageFrom: :: (Unspecified source address)To: FF02::1:FFBB:66E1 (Solicited Node Multicast)Target IPv6 Address: FE80::50A5:8A35:A5BB:66E1
Link-local address (Tentative)
NDP Router Advertisement From: FE80::1 To: FF02::1 (All-nodes multicast)
NDP Router Solicitation From: FE80::50A5:8A35:A5BB:66E1 To: FF02::2 (All-routers multicast)
3
4
6 Neighbor Solicitation MessageFrom: :: (Unspecified source address)To: Solicited Node MulticastTarget IPv6 Address:
Addressing Information Added5
1Link-local address automatically created
DAD performed onLink-local address
Global unicast address created using SLAAC
DAD performed on global unicast address
Stateless Address Autconfiguration
66© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
ipv6 unicast-routing
3
4
2001:DB8:AAAA:1::100/64
PC1
R1
Neighbor Solicitation MessageFrom Ethernet MAC address: 00-21-9B-D9-C6-44To Ethernet MAC address: 33-33-FF-00-02-00 (IPv6 Mapped Multicast)
From: 2001:DB8:AAAA:1::100To: FF02::1:FF00:200 (Solicited Node Multicast)
Target IPv6 Address: 2001:DB8:AAAA:1::200MAC address of PC1: 00:21:9B:D9:C6:44
PC2
2001:0DB8:AAAA:0001::/64
2001:DB8:AAAA:1::200/64FF02::1:FF00:200 (Solicited Node Multicast)
Neighbor Advertisement MessageFrom Ethernet MAC address: 00-1B-24-04-A2-1ETo Ethernet MAC address: 00-21-9B-D9-C6-44
From: 2001:DB8:AAAA:1::200To: 2001:DB8:AAAA:1::100
Target IPv6 Address: 2001:DB8:AAAA:1::200MAC address of PC2: 00:1B:24:04:A2:1E
MAC Address00-21-9B-D9-C6-44
MAC Address00-1B-24-04-A2-1E
PC1> ping 2001:DB8:AAAA:1::200 1Neighbor Cache<empty until step 5>
2 5
Address Resolution (ARP in IPv4)
67© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
No Entry Exists Incomplete
Reachable
Stale – no action required(Requires reresolution)
Delay(Resolution pending)
Probe(Reresolution in progress)
Neighbor Solicitation (NS) sent
Neighbor Advertisement (NA) received
Reachable Time exceeded (timeout)OrUnsolicited NA received
Packet sentPacket returned
5 sec
NS sent andNA received
3 NS sent with no NA returned
• Neighbor Solicitation (NS) = ARP Request
• Neighbor Advertisement (NA) = ARP Reply
3 NS sent with no NA returned
Neighbor Cache (“ARP Cache”)Neighbor Cache FSM
68© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
For more information•Web site: www.cabrillo.edu/~rgraziani•Username = cisco•Password = perlman
•Email: [email protected]
• At the end of these slides are some additional slides on the Destination Cache and configuring a router a a stateless DHCPv6 server.
IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6By Rick Graziani
Shameless plug!
Thank you!!!
Questions?
70© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
71© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
A quick word about the Destination Cache• Stores next-hop addresses for destinations to which traffic
has recently been sent. • Entries in the destination cache contain the:
• Destination IP address (either local or remote)• Previously resolved next-hop address• Path MTU for the destination.
• Generally applies to hosts.• Cisco command to display IPv6 MTU per destination cache:
• show ipv6 mtu
72© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
R1(config)# ipv6 dhcp pool cafe-1-poolR1(config-dhcp)# dns-server 2001:db8:cafe:2::d001R1(config-dhcp)# exit
R1(config)# interface fa 0/0R1(config-if)# ipv6 dhcp server cafe-1-poolR1(config-if)# ipv6 nd other-config-flagR1(config-if)# endR1#
DHCPv6 configuration pool commands
Enables DHCPv6 service on the interface.
Sets the Router Advertisement O flag (Other Configuration Flag) to 1
Stateless DHCPv6 configuration on R1
73© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
Verifying Router Advertisement Flags
R1# show ipv6 interface fastethernet 0/0FastEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 No Virtual link-local address(es): Global unicast address(es): 2001:DB8:CAFE:1::1, subnet is 2001:DB8:CAFE:1::/64 Joined group address(es): FF02::1 FF02::2 FF02::5 FF02::6 FF02::1:2 FF02::1:FF00:1 MTU is 1500 bytes <output omitted for brevity> ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds ND advertised default router preference is Medium Hosts use stateless autoconfig for addresses. Hosts use DHCP to obtain other configuration.R1#
All_DHCP_Relay_Agents_and_Servers multicast group
Router Advertisement O Flag set to 1Router Advertisement M Flag set to 0
74© 2012 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, US/Canada
PC-1C> ipconfig /allEthernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) 82567LM-3 Gigabit Network
Connection Physical Address. . . . . . . . . : B8-AC-6F-20-2A-90 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . :
2001:db8:cafe:1:e5ff:dd92:a512:19c6(Preferred) Link-local IPv6 Address . . . . . : fe80::e5ff:dd92:a512:19c6 Default Gateway . . . . . . . . . : fe80::1 DHCPv6 IAID . . . . . . . . . . . : 250629538 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-EF-49-66-B8-AC-6F-20-2A-90 DNS Servers . . . . . . . . . . . : 2001:db8:cafe:2::d001