Upload
horatio-rogers
View
226
Download
0
Tags:
Embed Size (px)
Citation preview
Neighbor Discovery
IPv6 Terminology
Additional subnets
Router
Host
Neighbors
Host Host
Intra-subnetrouter
Switch
LAN segment
Link
Subnet
Network
Neighbor Discovery Overview
• Set of messages and processes that determine relationships between neighboring nodes– Replaces ARP, ICMPv4 Router Discovery, and ICMPv4 Redirect
• ND is used by nodes:– For address resolution
– To determine link-layer address changes
– To determine neighbor reachability
• ND is used by hosts:– To discover neighboring routers
– Autoconfigure addresses, address prefixes, and other configuration parameters
• ND is used by routers:– To advertise their presence, host configuration parameters, and on-link
prefixes
– To inform hosts of a better next-hop address to forward packets for a specific destination
Neighbor Discovery Processes
• Router discovery
• Prefix discovery
• Parameter discovery
• Address autoconfiguration
• Address resolution
• Next-hop determination
• Neighbor unreachability detection
• Duplicate address detection
• Redirect function
Neighbor Discovery Message Format
• ICMPv6 message structure and ICMPv6 types 133 through 137
• To ensure local link traffic, all ND messages are sent with a hop limit of 255
IPv6 HeaderNext Header = 58 (ICMPv6)
Neighbor Discovery Message Options
Neighbor Discovery MessageHeader
Neighbor Discovery Message
Neighbor Discovery Options
• Type 1: Source Link-Layer Address
• Type 2: Target Link-Layer Address
• Type 3: Prefix Information
• Type 4: Redirected Header
• Type 5: MTU
• Type 7: Advertisement Interval
• Type 8: Home Agent Information
• Type 9: Route Information
Mapping IPv6 Multicast Addresses to Ethernet Addresses
IPv6 Multicast Address
33-33-
8 16 24 32
FF...:
Ethernet Multicast Address
Neighbor Discovery Messages
• Router Solicitation
• Router Advertisement
• Neighbor Solicitation
• Neighbor Advertisement
• Redirect
Structure of the Router Solicitation Message
TypeCode
ChecksumReserved
Options
= 133
= 0
. . .
Router Solicitation message
• The Router Solicitation message is sent by IPv6 hosts to discover the presence of IPv6 routers on the link.
• A host sends a multicast Router Solicitation message to prompt IPv6 routers to respond immediately, rather than waiting for an
unsolicited Router Advertisement message
• For example, assuming that the local link is Ethernet, in the Ethernet header of the Router Solicitation message you will find these settings:
• The Source Address field is set to the MAC address of the sending network adapter.
• The Destination Address field is set to 33-33-00-00-00-02.
Router Solicitation message
• For example, assuming that the local link is Ethernet, in the Ethernet header of the Router Solicitation message you will find these settings:
• The Source Address:
MAC address of the sending network adapter.
• The Destination Address:
33-33-00-00-00-02.(which is the Ethernet MAC address corresponding to the link-local scope all-nodes multicast address.)
Router Solicitation message
• In the IPv6 header of the Router Solicitation message
■ The Source Address field is set to either a link-local IPv6 address assigned to the sending interface or the IPv6 unspecified address (::).
■ The Destination Address field is set to the link-local scope all-routers multicast address (FF02::2).
Router Solicitation message
• Source Link-Layer Address option When present, the Source Link-Layer Address option
• contains the link-layer address of the sender. For an Ethernet node, the Source Link-Layer Address option contains the Ethernet MAC address of the sending host.
• The address in the Source Link-Layer Address option is used by the receiving router to determine the unicast MAC address of the host to which the corresponding unicast Router Advertisement is sent.
Router Advertisement MessageTypeCode
ChecksumCurrent Hop Limit
Managed Address Configuration flagOther Stateful Configuration flag
Home Agent flagDefault Router Preference
ReservedRouter Lifetime
Reachable TimeRetrans Timer
Options
= 134
= 0
. . .
Router Advertisement Message
• Router Advertisement messages in response to the receipt of a Router Solicitation message.
• The Router Advertisement message contains the information required by hosts to determine the link prefixes, the link MTU, specific routes, whether or not to use address autoconfiguration, and the duration for which addresses created through address autoconfiguration are valid and preferred.
Router Advertisement Message
• For example, assuming that the local link is Ethernet, in the Ethernet header of the Router Advertisement message, you will find these settings:
• ■ The Source Address field is set to the MAC address of the sending network adapter.
• ■ The Destination Address field is set to either 33-33-00-00-00-01 or the unicast MAC address of the host that sent a Router Solicitation from a unicast address..
Router Advertisement Message
• In the IPv6 header of the Router Advertisement message, you will find the following settings:
• ■ The Source Address field is set to the link-local address assigned to the sending interface.
• ■ The Destination Address field is set to either the link-local scope all-nodes multicast address (FF02::1) or the unicast IPv6 address of the host that sent the Router Solicitation message from a unicast address.
■ The Hop Limit field is set to 255.
Router Discovery
• Nodes discover the set of routers on the local link
• IPv6 router discovery also provides:– Default value of Hop Limit field
– Use of stateful address protocol
– Reachability and retransmission timers
– Network prefixes for the link
– MTU of the local link
– IPv6 mobility information
– Routes
Multicast Router Solicitation Message
Router
Host A
Send multicast Router Solicitation
Router Solicitation
Ethernet Header• Destination MAC is 33-33-00-00-00-02IPv6 Header• Source Address is :: • Destination Address is FF02::2• Hop limit is 255Router Solicitation Header MAC: 00-B0-D0-E9-41-43
IP: none
MAC: 00-10-FF-D6-58-C0 IP: FE80::210:FFFF:FED6:58C0
Multicast Router Advertisement Message
Host A
Ethernet Header• Destination MAC is 33-33-00-00-00-01IPv6 Header• Source Address is FE80::210:FFFF:FED6:58C0• Destination Address is FF02::1• Hop limit is 255Router Advertisement Header• Current Hop Limit, Flags, Router Lifetime,
Reachable and Retransmission TimersNeighbor Discovery Options• Source Link-Layer Address is 00-10-FF-D6-58-C0• MTU is 1500• Prefix Information is for FEC0:0:0:F282::/64
MAC: 00-10-FF-D6-58-C0 IP: FE80::210:FFFF:FED6:58C0
Router
‚ Send multicast Router Advertisement
Router Advertisement
MAC: 00-B0-D0-E9-41-43 IP: none
Structure of the Neighbor Solicitation Message
TypeCode
ChecksumReserved
Target Address
Options
= 135
= 0
. . .
Neighbor Solicitation Message
• IPv6 nodes send the Neighbor Solicitation message to discover the link-layer address of an on-link IPv6 node. It typically includes the link-layer address of the sender.
• Typical Neighbor Solicitation messages are multicast for address resolution and unicast when the reachability of a neighboring node is being verified
Neighbor Solicitation Message
• For example, assuming that the local link is Ethernet, in the Ethernet header of the Neighbor Solicitation message, you will find the following settings:
■ The Source Address field is set to the MAC address of the sending network adapter.
■ For a multicast Neighbor Solicitation message, the Destination Address field is set to the Ethernet MAC address that corresponds to the solicited-node address of the target.
■ For a unicast Neighbor Solicitation message, the Destination Address field is set to the unicast MAC address of the neighbor
Neighbor Solicitation Message
• In the IPv6 header of the Neighbor Solicitation message, you will find these settings:
■ The Source Address field is set to either a unicast IPv6 address assigned to the sending interface or, during duplicate address detection, the unspecified address (::).
■ For a multicast Neighbor Solicitation, the Destination Address field is set to the solicited node address of the target.
■ For a unicast Neighbor Solicitation, the Destination Address field is set to the unicast address of the target.
■ The Hop Limit field is set to 255.
Neighbor Solicitation Message
• Source Link-Layer Address option When present, the Source Link-Layer Address option contains the link-layer address of the sender.
• For an Ethernet node, the Source Link-Layer Address option contains the Ethernet MAC address of the sending node.
• The receiving node uses the address in the Source Link-Layer Address option to determine the unicast MAC address of the node to which the corresponding Neighbor Advertisement
Neighbor Solicitation Message Example+ Frame: Base frame properties ETHERNET: ETYPE = 0x86DD : Protocol = Unknown + ETHERNET: Destination address : 3333FF026EA5 + ETHERNET: Source address : 00105AAA20A2 ETHERNET: Frame Length : 86 (0x0056) ETHERNET: Ethernet Type : 0x86DD ETHERNET: Ethernet Data: Number of data bytes remaining = 72 (0x0048) IP6: Proto = ICMP6; Len = 32 IP6: Version = 6 (0x6) IP6: Traffic Class = 0 (0x0) IP6: Flow Label = 0 (0x0) IP6: Payload Length = 32 (0x20) IP6: Next Header = 58 (ICMP6) IP6: Hop Limit = 255 (0xFF) IP6: Source Address = fe80::210:5aff:feaa:20a2 IP6: Destination Address = ff02::1:ff02:6ea5 IP6: Payload: Number of data bytes remaining = 32 (0x0020) ICMP6: Neighbor Solicitation; Target = fe80::260:97ff:fe02:6ea5 ICMP6: Checksum = 0x0F35 ICMP6: Type = 135 (Neighbor Solicitation) ICMP6: Code = 0 (0x0) ICMP6: Reserved ICMP6: Target Address = fe80::260:97ff:fe02:6ea5 ICMP6: Source Link-level Address = 00 10 5A AA 20 A2 ICMP6: Type = 1 (0x1) ICMP6: Length = 1 (0x1) ICMP6: Source Link-level Address = 00 10 5A AA 20 A2
+ Frame: Base frame properties ETHERNET: ETYPE = 0x86DD : Protocol = Unknown + ETHERNET: Destination address : 3333FF026EA5 + ETHERNET: Source address : 00105AAA20A2 ETHERNET: Frame Length : 86 (0x0056) ETHERNET: Ethernet Type : 0x86DD ETHERNET: Ethernet Data: Number of data bytes remaining = 72 (0x0048) IP6: Proto = ICMP6; Len = 32 IP6: Version = 6 (0x6) IP6: Traffic Class = 0 (0x0) IP6: Flow Label = 0 (0x0) IP6: Payload Length = 32 (0x20) IP6: Next Header = 58 (ICMP6) IP6: Hop Limit = 255 (0xFF) IP6: Source Address = fe80::210:5aff:feaa:20a2 IP6: Destination Address = ff02::1:ff02:6ea5 IP6: Payload: Number of data bytes remaining = 32 (0x0020) ICMP6: Neighbor Solicitation; Target = fe80::260:97ff:fe02:6ea5 ICMP6: Checksum = 0x0F35 ICMP6: Type = 135 (Neighbor Solicitation) ICMP6: Code = 0 (0x0) ICMP6: Reserved ICMP6: Target Address = fe80::260:97ff:fe02:6ea5 ICMP6: Source Link-level Address = 00 10 5A AA 20 A2 ICMP6: Type = 1 (0x1) ICMP6: Length = 1 (0x1) ICMP6: Source Link-level Address = 00 10 5A AA 20 A2
Neighbor Advertisement Message
• An IPv6 node sends the Neighbor Advertisement message in response to a Neighbor Solicitation message
• An IPv6 node also sends unsolicited Neighbor Advertisements to inform neighboring nodes of changes in link-layer addresses or the node’s role.
Neighbor Advertisement Message
• For example, assuming that the local link is Ethernet, in the Ethernet header of the Neighbor Advertisement message, you will find the following settings:
■ The Source Address field is set to the MAC address of the sending network adapter.
■ The Destination Address field is set,
For a solicited Neighbor Advertisement, to the unicast MAC address of the initial Neighbor Solicitation sender. ■ For an unsolicited Neighbor Advertisement, the Destination Address field is set to 33-33-00-00-00-01, which is the Ethernet MAC address corresponding to the link-local scope all-nodes multicast address.
Neighbor Advertisement Message
• In the IPv6 header of the Neighbor Advertisement message, you will find these settings:
■ The Source Address field is set to a unicast address assigned to the sending interface.
■ The Destination Address field is set, for a solicited Neighbor Advertisement, to the unicast IP address of the sender of the initial Neighbor Solicitation. For an unsolicited Neighbor Advertisement, the Destination Address field is set to the link-local scope all-nodes multicast address (FF02::1).
■ The Hop Limit field is set to 255..
Summary of ND Messages and Options
ND Message ND Option(s)
Router Solicitation Source Link-Layer Address
Router Advertisement Source Link-Layer Address
Prefix Information
MTU
Advertisement Interval
Home Agent Information
Route Information
Neighbor Solicitation Source Link-Layer Address
Neighbor Advertisement Target Link-Layer Address
Redirect Redirected Header
Target Link-Layer Address
Neighbor Discovery Processes
• ND provides message exchanges for the following processes:– Address resolution (including duplicate address
detection)– Router discovery (including prefix and parameter
discovery)– Neighbor unreachability detection– Redirect function
Address Resolution Process
• An exchange of Neighbor Solicitation and Neighbor Advertisement messages to resolve the link-layer address of the next-hop address– Multicast Neighbor Solicitation message– Unicast Neighbor Advertisement message
• Both hosts update their neighbor caches
• Unicast traffic can now be sent
Multicast Neighbor Solicitation
Host B
Host A
Send multicast Neighbor Solicitation
Neighbor Solicitation
Ethernet Header• Destination MAC is 33-33-FF-02-6E-A5IPv6 Header• Source Address is FE80::210:5AFF:FEAA:20A2• Destination Address is FF02::1:FF02:6EA5• Hop limit is 255Neighbor Solicitation Header• Target Address is FE80::260:97FF:FE02:6EA5Neighbor Discovery Option• Source Link-Layer Address is 00-10-5A-AA-20-A2 MAC: 00-10-5A-AA-20-A2
IP: FE80::210:5AFF:FEAA:20A2
MAC: 00-60-97-02-6E-A5IP: FE80::260:97FF:FE02:6EA5
Unicast Neighbor Advertisement
Host B
Host A
‚ Send unicast Neighbor Advertisement
Neighbor Advertisement
Ethernet Header• Destination MAC is 00-10-5A-AA-20-A2IPv6 Header• Source Address is FE80::260:97FF:FE02:6EA5• Destination Address is FE80::210:5AFF:FEAA:20A2• Hop limit is 255Neighbor Advertisement Header• Target Address is FE80::260:97FF:FE02:6EA5Neighbor Discovery Option• Target Link-Layer Address is 00-60-97-02-6E-A5
MAC: 00-10-5A-AA-20-A2IP: FE80::210:5AFF:FEAA:20A2
MAC: 00-60-97-02-6E-A5IP: FE80::260:97FF:FE02:6EA5
Neighbor Unreachability Detection
• A neighboring node is reachable if:– There has been a recent confirmation that IPv6
packets sent were received and processed by the neighboring node
• Detects whether the first hop to the destination is reachable
• Reachability is determined by:– Receipt of a Neighbor Advertisement message in
response to a unicast Neighbor Solicitation message– Upper layer protocol indicators
Duplicate Address Detection
• Use of a neighbor solicitation to detect a duplicate unicast address– Target Address field in the Neighbor Solicitation
message is set to the IPv6 address for which duplication is being detected
– The Source Address is set to the unspecified address (::)
• For a duplicate address, the defending node replies with a multicast Neighbor Advertisement– The Destination Address is set to the link-local scope
all-nodes multicast address (FF02::1)
Multicast Neighbor Solicitation for Duplicate Address Detection
Host B
Host A
Send multicast Neighbor Solicitation
Neighbor Solicitation
Tentative IP: FEC0::2:260:8FF:FE52:F9D8
MAC: 00-60-08-52-F9-D8IP: FEC0::2:260:8FF:FE52:F9D8
Ethernet Header• Dest MAC is 33-33-FF-52-F9-D8IPv6 Header• Source Address is ::• Destination Address is FF02::1:FF52:F9D8• Hop limit is 255Neighbor Solicitation Header• Target Address is FEC0::2:260:8FF:FE52:F9D8
Multicast Neighbor Advertisement for a Duplicate Address
Host B
Host A
Ethernet Header• Destination MAC is 33-33-00-00-00-01IPv6 Header• Source Address is FEC0::2:260:8FF:FE52:F9D8• Destination Address is FF02::1• Hop limit is 255Neighbor Advertisement Header• Target Address is FEC0::2:260:8FF:FE52:F9D8Neighbor Discovery Option• Target Link-Layer Address is 00-60-08-52-F9-D8 Tentative IP: FEC0::2:260:8FF:FE52:F9D8
‚ Send multicast Neighbor Advertisement
Neighbor Advertisement
MAC: 00-60-08-52-F9-D8IP: FEC0::2:260:8FF:FE52:F9D8
Router Discovery
• Nodes discover the set of routers on the local link
• IPv6 router discovery also provides:– Default value of Hop Limit field
– Use of stateful address protocol
– Reachability and retransmission timers
– Network prefixes for the link
– MTU of the local link
– IPv6 mobility information
– Routes
Multicast Router Solicitation Message
Router
Host A
Send multicast Router Solicitation
Router Solicitation
Ethernet Header• Destination MAC is 33-33-00-00-00-02IPv6 Header• Source Address is :: • Destination Address is FF02::2• Hop limit is 255Router Solicitation Header MAC: 00-B0-D0-E9-41-43
IP: none
MAC: 00-10-FF-D6-58-C0 IP: FE80::210:FFFF:FED6:58C0
Multicast Router Advertisement Message
Host A
Ethernet Header• Destination MAC is 33-33-00-00-00-01IPv6 Header• Source Address is FE80::210:FFFF:FED6:58C0• Destination Address is FF02::1• Hop limit is 255Router Advertisement Header• Current Hop Limit, Flags, Router Lifetime,
Reachable and Retransmission TimersNeighbor Discovery Options• Source Link-Layer Address is 00-10-FF-D6-58-C0• MTU is 1500• Prefix Information is for FEC0:0:0:F282::/64
MAC: 00-10-FF-D6-58-C0 IP: FE80::210:FFFF:FED6:58C0
Router
‚ Send multicast Router Advertisement
Router Advertisement
MAC: 00-B0-D0-E9-41-43 IP: none
Redirect Function
• Inform originating hosts of a better first-hop neighbor to which traffic should be forwarded for a specific destination
• Two instances:1. A router informs an originating host of the IP address of a router available
on the local link that is “closer” to the destination
2. A router informs an originating host that the destination is a neighbor (it is on the same link as the originating host)
• Redirect message contains best first-hop address information
• Redirect messages are only sent by the first router in the path between the originating host and the destination
IPv4 Neighbor Functions and IPv6 Equivalents
IPv4 Neighbor Function IPv6 Neighbor Function
ARP Request message Neighbor Solicitation message
ARP Reply message Neighbor Advertisement message
ARP cache Neighbor cache
Gratuitous ARP Duplicate address detection
Router Solicitation message (optional) Router Solicitation (required)
Router Advertisement message (optional) Router Advertisement (required)
Redirect message Redirect message
Thank You
04/21/23 44