 | ||
| IPv6 NDP |
The Neighbor Discovery Protocol (NDP) (RFC 4861) is a protocol used with Internet Protocol Version 6 (IPv6).
It operates in the Link Layer and is responsible for:
NODE operation:
- Address resolution (ARP in IPv4): mapping between IP addresses and link-layer addresses.
- Neighbor unreachability detection (NUD): determine that a neighbor is no longer reachable on the link.
- Duplicate address detection (DAD): nodes can check whether an address is already in use.
NODE routing:
- Router discovery: hosts can locate routers residing on attached links.
- Prefix discovery: hosts can discover address prefixes that are on-link for attached links.
- Parameter discovery: hosts can find link parameters (e.g., MTU).
- Address autoconfiguration: stateless configuration of addresses of network interfaces.
- Next-hop determination: hosts can find next-hop routers for a destination.
- Recursive DNS Server (RDNSS) and DNS Search List (DNSSL) assignment via a router advertisement (RA) options. This is a new feature and not widely supported by clients.
- Packet redirection to provide a better next-hop route for certain destinations.
To display IPv6 neighbor discovery (ND) cache information
show ipv6 neighbors [ interface-type interface-number | ipv6-address | ipv6-hostname | statistics ]
Device# show ipv6 neighbors 2000:0:0:4::2
IPv6 Address Age Link-layer Addr State Interface
2000:0:0:4::2 0 0003.a0d6.141e REACH Ethernet2
IPv6 Address IPv6 address of neighbor or interface. Age Time (in minutes) since the address was confirmed to be reachable. A hyphen (-) indicates a static entry. Link-layer Addr MAC address. If the address is unknown, a hyphen (-) is displayed. State The state of the neighbor cache entry. Following are the states for dynamic entries in the IPv6 neighbor discovery cache:
Following are the possible states for static entries in the IPv6 neighbor discovery cache:
- INCMP (Incomplete)--Address resolution is being performed on the entry. A neighbor solicitation message has been sent to the solicited-node multicast address of the target, but the corresponding neighbor advertisement message has not yet been received.
- REACH (Reachable)--Positive confirmation was received within the last ReachableTime milliseconds that the forward path to the neighbor was functioning properly. While in REACH state, the device takes no special action as packets are sent.
Roughly speaking, the neighbor is known to have been reachable recently (within tens of seconds ago).- STALE--More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly. While in STALE state, the device takes no action until a packet is sent.
It's a normal part of IPv6 neighbor discovery. Check out RFC 4861, section 5.1.
Basically, the neighbor is no longer known to be reachable (timer expired, no traffic lately, whatever) and reachability will be 'verified' once traffic is sent to the neighbor again.
STALE = NOT FRESHThe STALE state occurs when the specified address that was formerly in the REACH state has not been heard from within the time specified in the ipv6 nd reachable-time <milliseconds> command.- DELAY--More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly. A packet was sent within the last DELAY_FIRST_PROBE_TIME seconds. If no reachability confirmation is received within DELAY_FIRST_PROBE_TIME seconds of entering the DELAY state, send a neighbor solicitation message and change the state to PROBE.
- PROBE--A reachability confirmation is actively sought (past from seek) by resending neighbor solicitation messages every RetransTimer milliseconds until a reachability confirmation is received.
- ????--Unknown state.
- INCMP (Incomplete)--The interface for this entry is down.
- REACH (Reachable)--The interface for this entry is up.
Note Reachability detection is not applied to static entries in the IPv6 neighbor discovery cache; therefore, the descriptions for the INCMP (Incomplete) and REACH (Reachable) states are different for dynamic and static cache entries. Interface Interface from which the address was reachable.
Terminology from http://tools.ietf.org/html/rfc4861
node - a device that implements IP.NDP defines five ICMPv6 packet types
router - a node that forwards IP packets not explicitly addressed to itself.
host - any node that is not a router.
neighbors - nodes attached to the same link.
unspecified address - a reserved address value that indicates the lack of an address (e.g., the address is unknown). It is never used as a destination address, but may be used as a source address if the sender does not (yet) know its own address (e.g., while verifying an address is unused during stateless address autoconfiguration. The unspecified address has a value of 0:0:0:0:0:0:0:0.
Prefix Discovery - How hosts discover the set of address prefixes that define which destinations are on-link for an attached link. (Nodes use prefixes to distinguish destinations that reside on-link from those only reachable through a router.)
1.RS - Router Solicitation (Type 133) - Hosts inquire with RS to locate routers on an attached link.
2.RA - Router Advertisement (Type 134) - Routers advertise their presence together with various link and Internet parameters either periodically, or in response to a RS.
3.NS - Neighbor Solicitation (Type 135) - used by nodes to determine the LinkLayer address of a neighbor or to verify that a neighbor is still reachable via a cached LinkLayer addr.
4.NA - Neighbor Advertisement (Type 136) - are used by nodes to respond to a Neighbor Solicitation message.
5.Redirect (Type 137) - Routers may inform hosts of a better first hop router for a destination.
NDP Start
Router-IPv6 does not not about any ipv6 neighbors on-link.
Router-IPv6 () send 2 icmp packets to Client-2.
Router-IPv6(config)# ipv6 route ::/0 fa0/0
Router-IPv6# sh ipv6 int br | exc unassigned|adm
FastEthernet0/0 [up/up]
FE80::1
2001::1
Loopback1 [up/up]
FE80::C803:BFF:FE9B:8
6::6
Client-2(config)# ipv6 route ::/0 fa 0/0Undo shutdown interface 0/0 on R4
Client-2# sh ipv6 int br | exc unassigned|adm
FastEthernet0/0 [up/up]
FE80::108
2001::108
Loopback1 [up/up]
FE80::C805:BFF:FE9B:8
8::8
 |
| Undo shutdown interface 0/0 on R4 |
*Jun 24 14:11:39.234: ICMPv6-ND: L2 came up on FastEthernet0/0
*Jun 24 14:11:39.234: IPv6-Addrmgr-ND: DAD request for FE80::108 on FastEthernet0/0
*Jun 24 14:11:39.238: ICMPv6-ND: Sending NS for FE80::108 on FastEthernet0/0
*Jun 24 14:11:40.238: IPv6-Addrmgr-ND: DAD: FE80::108 is unique.
*Jun 24 14:11:40.238: ICMPv6-ND: Sending NA for FE80::108 on FastEthernet0/0
*Jun 24 14:11:40.242: ICMPv6-ND: L3 came up on FastEthernet0/0
*Jun 24 14:11:40.250: IPv6-Addrmgr-ND: DAD request for 2001::108 on FastEthernet0/0
*Jun 24 14:11:40.250: ICMPv6-ND: Sending NS for 2001::108 on FastEthernet0/0
*Jun 24 14:11:40.250: ICMPv6-ND: Linklocal FE80::108 on FastEthernet0/0, Up
*Jun 24 14:11:40.254: ICMPv6-ND: Created RA context for FE80::108
*Jun 24 14:11:40.254: ICMPv6-ND: Request to send RA for FE80::108
*Jun 24 14:11:40.254: ICMPv6-ND: Sending RA from FE80::108 to FF02::1 on FastEthernet0/0
*Jun 24 14:11:40.258: ICMPv6-ND: MTU = 1500
*Jun 24 14:11:40.258: ICMPv6-ND: prefix = 2001::/64 onlink autoconfig
*Jun 24 14:11:40.262: ICMPv6-ND: 2592000/604800 (valid/preferred)
*Jun 24 14:11:40.262: IPv6-Address: Address FE80::108/10 is up on FastEthernet0/0
*Jun 24 14:11:41.198: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Jun 24 14:11:41.250: IPv6-Addrmgr-ND: DAD: 2001::108 is unique.
*Jun 24 14:11:41.250: ICMPv6-ND: Sending NA for 2001::108 on FastEthernet0/0
*Jun 24 14:11:41.254: IPv6-Address: Address 2001::108/64 is up on FastEthernet0/0
*Jun 24 14:11:41.502: ICMPv6-ND: Received RA from FE80::101 on FastEthernet0/0
Client-2(config-if)#
Send ICMP Ping from Router-IPv6 to Client-2
 |
| int fa 0/0 on Client-2 |
Sending 2, 100-byte ICMP Echos to 2001::108, timeout is 2 seconds:
!!
Success rate is 100 percent (2/2), round-trip min/avg/max = 20/32/44 ms
Router-IPv6#sh ipv6 neighbors
IPv6 Address Age Link-layer Addr State Interface
2001::108 2 ca05.0b9b.0008 STALE Fa0/0
FE80::108 2 ca05.0b9b.0008 STALE Fa0/0
Router-IPv6#
Client-2#sh ipv6 nei
IPv6 Address Age Link-layer Addr State Interface
2001::1 7 ca03.0b9b.0008 STALE Fa0/0
FE80::1 7 ca03.0b9b.0008 STALE Fa0/0
Client-2#
*Jun 24 14:17:06.758: ICMPv6-ND: Received NS for 2001::108 on FastEthernet0/0 from 2001::1
*Jun 24 14:17:06.758: ICMPv6-ND: DELETE -> INCMP: 2001::1
*Jun 24 14:17:06.762: ICMPv6-ND: Neighbour 2001::1 on FastEthernet0/0 : LLA ca03.0b9b.0008
*Jun 24 14:17:06.766: ICMPv6-ND: INCMP -> STALE: 2001::1
*Jun 24 14:17:06.766: ICMPv6-ND: Sending NA for 2001::108 on FastEthernet0/0
*Jun 24 14:17:06.770: ICMPv6-ND: STALE -> DELAY: 2001::1
*Jun 24 14:17:11.770: ICMPv6-ND: DELAY -> PROBE: 2001::1
*Jun 24 14:17:11.770: ICMPv6-ND: Sending NS for 2001::1 on FastEthernet0/0
*Jun 24 14:17:11.806: ICMPv6-ND: Received NA for 2001::1 on FastEthernet0/0 from 2001::1
*Jun 24 14:17:11.806: ICMPv6-ND: PROBE -> REACH: 2001::1
*Jun 24 14:17:16.794: ICMPv6-ND: Received NS for FE80::108 on FastEthernet0/0 from FE80::1
*Jun 24 14:17:16.794: ICMPv6-ND: DELETE -> INCMP: FE80::1
*Jun 24 14:17:16.798: ICMPv6-ND: Neighbour FE80::1 on FastEthernet0/0 : LLA ca03.0b9b.0008
*Jun 24 14:17:16.798: ICMPv6-ND: INCMP -> STALE: FE80::1
*Jun 24 14:17:16.802: ICMPv6-ND: Sending NA for FE80::108 on FastEthernet0/0
*Jun 24 14:17:16.806: ICMPv6-ND: STALE -> DELAY: FE80::1
*Jun 24 14:17:21.806: ICMPv6-ND: DELAY -> PROBE: FE80::1
*Jun 24 14:17:21.806: ICMPv6-ND: Sending NS for FE80::1 on FastEthernet0/0
*Jun 24 14:17:21.834: ICMPv6-ND: Received NA for FE80::1 on FastEthernet0/0 from FE80::1
*Jun 24 14:17:21.834: ICMPv6-ND: PROBE -> REACH: FE80::1
*Jun 24 14:17:52.722: ICMPv6-ND: REACH -> STALE: 2001::1
*Jun 24 14:17:54.450: ICMPv6-ND: Request to send RA for FE80::108
*Jun 24 14:17:54.450: ICMPv6-ND: Sending RA from FE80::108 to FF02::1 on FastEthernet0/0
*Jun 24 14:17:54.454: ICMPv6-ND: MTU = 1500
*Jun 24 14:17:54.454: ICMPv6-ND: prefix = 2001::/64 onlink autoconfig
*Jun 24 14:17:54.454: ICMPv6-ND: 2592000/604800 (valid/preferred)
*Jun 24 14:17:55.842: ICMPv6-ND: Received RA from FE80::101 on FastEthernet0/0
*Jun 24 14:18:02.750: ICMPv6-ND: REACH -> STALE: FE80::1