ICMPv6 Neighbor Discovery Presentation
advertisement
10: ICMPv6 Neighbor Discovery Rick Graziani Cabrillo College Rick.Graziani@cabrillo.edu For more information please check out my Cisco Press book and video series: IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6 • By Rick Graziani • ISBN-10: 1-58714-313-5 IPv6 Fundamentals LiveLessons: A Straightforward Approach to Understanding IPv6 • By Rick Graziani • ISBN-10: 1-58720-457-6 © 10.1: Introducing ICMPv6 Neighbor Discovery ICMPv6 Neighbor Discover Protocol ICMPv6 Neighbor Discovery defines 5 different packet types: • Router Solicitation Message • Router Advertisement Message Used with dynamic address allocation • Neighbor Solicitation Message • Neighbor Advertisement Message Used with address resolution (IPv4 ARP) • Redirect Message Similar to ICMPv4 redirect message Router-to-Device messaging Router-Device Messaging Device-Device Messaging See these processes with: R1# debug ipv6 nd © ICMPv6 Redirect Network X R1 R2 Destination: Network PCB X Host IPv6 Network A PCA • • • PCB IPv6 Network B Similar functionality as ICMPv4. Like IPv4, a router informs an originating host of the IP address of a router that is on the local link and is closer to the destination. Unlike IPv4, a router informs an originating host that the destination host (on a different prefix/network) is on the same link as itself. © 10.2: Router Solicitation and Router Advertisement Messages Dynamic Address Allocation in IPv4 DHCPv4 Server 1 2 I need IPv4 addressing information. Here is everything you need. © Dynamic Address Allocation in IPv6 Router(config)# ipv6 unicast-routing To all IPv6 routers: I need IPv6 address information. I might not be needed. ICMPv6 Router Solicitation DHCPv6 Server To all IPv6 devices: Let me tell you how to do this … ICMPv6 Router Advertisement 1. SLAAC 2. SLAAC with Stateless DHCPv6 SLAAC (Stateless Address Autoconfiguration) 3. Stateful DHCPv6 © RA Message Options ICMPv6 Router Advertisement Option 1, 2, or 3 Option Other Configuration (“O”) Flag DHCPv6 Server Managed Configuration (“M”) Flag Option 1: SLAAC – No DHCPv6 (Default on Cisco routers) 0 0 Option 2: SLAAC + Stateless DHCPv6 for DNS address 1 0 Option 3: All addressing except default gateway use DHCPv6 0 1 Configuring Flags discussed in Lesson 8. © Option 3 and the “A” Flag G 0/1 As a Windows host I will still use the RA prefix to create temporary (SLAAC) addresses) ICMPv6 RA M Flag = 1 A Flag = 10 DHCPv6 DHCPv6 Server Option Managed Configuration (“M”) Flag Option 3: All addressing The autonomous except default gateway address use DHCPv6 they can create an address Address Autoconfiguration (“A”) Flag Prefix in RA can be used for SLAAC 1 1 (default) Yes configuration (A) flag tells hosts that for themselves by combining the prefix Option All addressing in the3:RA with an interface identifier. 1 0 No except default gateway use DHCPv6 Configuring Flags discussed in Lesson 8. © Router Solicitation / Router Advertisement 2001:DB8:CAFE:1::/64 R1 Link-local: FE80::1 MAC: 00-03-6b-e9-d4-80 Router Solicitation • Sent when device needs IPv6 addressing information. Router Advertisement • Sent every 200 seconds or in response to RS To: Link-local: FE80::50A5:8A35:A5BB:66E1 MAC: 00-21-9b-d9-c6-44 PC1 1 To: FF02::2 (All-IPv6 Routers) RS From: FE80::50A5:8A35:A5BB:66E1 ICMPv6 Router Solicitation 2 FF02::1 (All-IPv6 devices) From: FE80::1 (Link-local address) RA ICMPv6 Router Advertisement © Analyzing the Router Solicitation Message © Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 33:33:00:00:00:02 Ethernet multicast MAC address – Maps to “all IPv6 routers” Internet Protocol Version 6 0110 .... = Version: 6 [Traffic class Payload length: 16 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::50a5:8a35:a5bb:66e1 Destination: ff02::2 and Flowlabel not shown] Next header is an ICMPv6 header Link-local address of PC1 All-IPv6-routers multicast address Internet Control Message Protocol v6 Type: 133 (Router solicitation) Router Solicitation message Code: 0 Checksum: 0x3277 [correct] ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 MAC address of PC1 but RA Link-layer address: 00:21:9b:d9:c6:44 is sent as all-IPv6-host multicast Router Solicitation Message © Analyzing the Router Advertisement Message © R1(config)# ipv6 unicast-routing An IPv6 Router R1# show ipv6 interface gigabitethernet 0/0 GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 Global unicast address(es): 2001:DB8:CAFE:1::1, subnet is 2001:DB8:CAFE:1::/64 Joined group address(es): FF02::1 FF02::2 All-routers multicast group FF02::1:FF00:1 MTU is 1500 bytes <output omitted for brevity> ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses. M & O flags = 0 © Analyzing the Router Advertisement Message Ethernet II, Src: 00:03:6b:e9:d4:80, Dst: 33:33:00:00:00:01 Ethernet multicast MAC address – Maps to “All-IPv6 devices” Internet Protocol Version 6 0110 .... = Version: 6 .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 64 Next header: ICMPv6 (0x3a) Next Header is an ICMPv6 header Hop limit: 255 Link-local address of R1. Added to hosts’ Default Router List Source: fe80::1 and is the address they will use as their default gateway. Destination: ff02::1 All-IPv6 devices multicast Continued next slide © Internet Control Message Protocol v6 Type: 134 (Router advertisement) Router Advertisement Code: 0 Cur hop limit: 64 Recommended Hop Limit value for hosts Flags: 0x00 M and O flags indicate that no information is available via DHCPv6 ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: 00:03:6b:e9:d4:80 Router R1’s MAC address ICMPv6 Option (MTU) Type: MTU (5) Length: 8 MTU: 1500 MTU of the link. ICMPv6 Option (Prefix information) Type: Prefix information (3) Length: 32 Prefix-length (/64) to be used for autoconfiguration. Prefix Length: 64 Prefix of this network to be used for Prefix: 2001:db8:cafe:1:: autoconfiguration Router Advertisement Message © 10.3: Neighbor Solicitation and Neighbor Advertisement Messages Address Resolution: IPv4 and IPv6 ARP Request: Broadcast IPv4: ARP over Ethernet Ethernet ARP Request/Reply ARP Cache My IPv4! Here is the MAC? PC2 2 1 ARP Reply ARP Request 1 2 My IPv6! Here is the MAC? PC1 Neighbor Solicitation Neighbor Advertisement Neighbor Cache Know IPv4, what is the MAC? Know IPv6, what is the MAC? IPv6: ICMPv6 over IPv6 over Ethernet NS: Multicast NS: Solicited Node Multicast Ethernet IPv6 Header ICMPv6: Neighbor Solicitation/Advertisement © Neighbor Solicitation and Neighbor Advertisement 2001:DB8:CAFE:1::100/64 2001:DB8:CAFE:1::200/64 FF02::1:FF00:200 (Solicited Node Multicast) PC2 MAC Address 00-1B-24-04-A2-1E MAC Address 00-21-9B-D9-C6-44 PC1 1 PC1> ping 2001:DB8:CAFE:1::200 4 3 Neighbor Solicitation Neighbor Advertisement 2 Neighbor Cache <empty until step 5> NS: Multicast NS: Solicited Node Multicast Ethernet NA: Unicast IPv6 Header ICMPv6: Neighbor Solicitation/Advertisement NA: Unicast © 5 Neighbor Solicitation 2001:DB8:CAFE:1::200/64 FF02::1:FF00:200 (Solicited Node Multicast) PC2 MAC Address 00-1B-24-04-A2-1E 2001:DB8:CAFE:1::100/64 MAC Address 00-21-9B-D9-C6-44 Neighbor Solicitation PC1 Neighbor Cache I know the IPv6, but what is the MAC? © PC1 NS Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 33:33:ff:00:02:00 Internet Protocol Version 6 Mapped multicast address for PC2 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 32 Next header is an ICMPv6 header Next header: ICMPv6 (0x3a) Hop limit: 255 Source: 2001:db8:cafe:1::100 Global unicast address of PC1 Destination: ff02::1:ff00:200 Solicited-node multicast address of PC2 Internet Control Message Protocol v6 Neighbor Solicitation message Type: 135 (Neighbor solicitation) Code: 0 Checksum: 0xbbab [correct] Target IPv6 address, needing Reserved: 0 (Should always be zero) MAC address (if two devices Target: 2001:db8:cafe:1::200 have the same solicited node ICMPv6 Option (Source link-layer address) address, this resolves the issue) Type: Source link-layer address (1) Length: 8 MAC address of the sender, PC1 Link-layer address: 00:21:9b:d9:c6:44 © Neighbor Advertisement 2001:DB8:CAFE:1::200/64 FF02::1:FF00:200 (Solicited Node Multicast) PC2 MAC Address 00-1B-24-04-A2-1E 2001:DB8:CAFE:1::100/64 MAC Address 00-21-9B-D9-C6-44 PC1 Neighbor Cache It’s my IPv6 and here is my MAC? Neighbor Advertisement © PC2 NA Ethernet II, Src: 00:1b:24:04:a2:1e, Dst: 00:21:9b:d9:c6:44 Internet Protocol Version 6 Unicast MAC address of PC1 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 32 Next header: ICMPv6 (0x3a) Next header is an ICMPv6 header Hop limit: 255 Global unicast address of PC2 Source: 2001:db8:cafe:1::200 Destination: 2001:db8:cafe:1::100 Global unicast address of PC1 Internet Control Message Protocol v6 Neighbor Advertisement message Type: 136 (Neighbor advertisement) Code: 0 Checksum: 0x1b4d [correct] Flags: 0x60000000 Target: 2001:db8:cafe:1::200 IPv6 address of the sender, PC2 ICMPv6 Option (Target link-layer address) Type: Target link-layer address (2) Length: 8 MAC address of the sender, PC2 Link-layer address: 00:1b:24:04:a2:1e © ICMPv6 Duplicate Address Detection (DAD) PC2 Global Unicast - 2001:DB8:CAFE:1::200 Link-local - FE80::1111:2222:3333:4444 Neighbor Solicitation See the process with: R1# debug ipv6 nd Hopefully no Neighbor Advertisement • Duplicate Address Detection (DAD) is used to guarantee that an IPv6 unicast address is unique on the link. • A device will send a Neighbor Solicitation for its own unicast address (static or dynamic). • After a period of time, if a NA is not received, then the address is deemed unique. • Once required, RFC was updated to where it is only recommended - /64 Interface ID makes duplicates unlikely! © 10.4: Neighbor Cache Neighbor Cache Neighbor Solicitation Neighbor Cache IPv6 Address MAC Address 2001:DB8:ACAD:1::10 0021.9bd9.c644 ? • • Neighbor Advertisement PC1 IPv6 - 2001:DB8:ACAD:1::10 MAC - 0021.9bd9.c644 Neighbor Cache – Maps IPv6 addresses with Ethernet MAC addresses • Similar to ARP Cache for IPv4 5 States (2 noticeable and 3 transitory): • Reachable: Packets have recently been received providing confirmation that this device is reachable. • Stale: A certain time period has elapsed since a packet has been received from this address. • Transitory States: INCOMPLETE, DELAY, PROBE © Neighbor Cache R1# show ipv6 neighbors IPv6 Address FE80::50A5:8A35:A5BB:66E1 2001:DB8:AAAA:1::100 Age Link-layer Addr State Interface 16 0021.9bd9.c644 STALE Fa0/0 16 0021.9bd9.c644 STALE Fa0/0 R1# ping 2001:db8:aaaa:1::100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA:1::100, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms R1# show ipv6 neighbors IPv6 Address Age Link-layer Addr State Interface FE80::50A5:8A35:A5BB:66E1 16 0021.9bd9.c644 STALE Fa0/0 2001:DB8:AAAA:1::100 0 0021.9bd9.c644 REACH Fa0/0 R1# © Neighbor Cache FSM Neighbor Cache (“ARP Cache”) See the process with: R1# debug ipv6 nd No Entry Exists Neighbor Solicitation (NS) sent Incomplete 3 NS sent with no NA returned Reachable Time exceeded (default 30 sec) Reachable Or Unsolicited NA received Packet returned (TCP increasing ACK) NA received NS sent and NA received 5 sec Probe Stale – no action required Packet sent Delay (Resolution pending) (Reresolution in progress) (Requires resolution again) 3 NS sent with no NA returned © Neighbor Cache R1# debug ipv6 nd ICMP Neighbor Discovery events debugging is on R1# ping 2001:db8:aaaa:1::100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA:1::100, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms *Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Resolution request *Oct 16 01:41:51.575: ICMPv6-ND: Created ND Entry Chunk pool *Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) DELETE -> INCMP *Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Sending NS *Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Queued data for resolution *Oct 16 01:41:51.579: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Received NA from 2001:DB8:AAAA:1::100 *Oct 16 01:41:51.579: ICMPv6-ND: Validating ND packet options: valid *Oct 16 01:41:51.579: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) LLA c471.fe7d.9c29 *Oct 16 01:41:51.579: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) INCMP -> REACH *Oct 16 01:42:21.639: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) REACH -> STALE R1# © For more information please check out my Cisco Press book and video series: IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6 • By Rick Graziani • ISBN-10: 1-58714-313-5 IPv6 Fundamentals LiveLessons: A Straightforward Approach to Understanding IPv6 • By Rick Graziani • ISBN-10: 1-58720-457-6 © 10: ICMPv6 Neighbor Discovery Rick Graziani Cabrillo College Rick.Graziani@cabrillo.edu
