Embed Size (px)
Citation preview
©
For more information please check out my Cisco Press book and video series:
IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6• By Rick Graziani• ISBN-10: 1-58714-313-5
IPv6 Fundamentals LiveLessons: A Straightforward Approach to Understanding IPv6• By Rick Graziani• ISBN-10: 1-58720-457-6
10.1: Introducing ICMPv6 Neighbor Discovery
©
ICMPv6 Neighbor Discover Protocol
• Router Solicitation Message• Router Advertisement Message
Used with dynamic address allocation
• Neighbor Solicitation Message• Neighbor Advertisement Message
Used with address resolution (IPv4 ARP)
• Redirect Message Similar to ICMPv4 redirect message Router-to-Device messaging
Router-Device Messaging
Device-Device Messaging
ICMPv6 Neighbor Discovery defines 5 different packet types:
See these processes with:R1# debug ipv6 nd
©
ICMPv6 Redirect
• Similar functionality as ICMPv4.• Like IPv4, a router informs an originating host of the IP address of a router that
is on the local link and is closer to the destination. • Unlike IPv4, a router informs an originating host that the destination host (on a
different prefix/network) is on the same link as itself.
Network X
PCA PCB
R1 R2
Destination:Network X Host
Destination:PCB
IPv6 Network A IPv6
Network B
10.2: Router Solicitation and Router Advertisement Messages
©
Dynamic Address Allocation in IPv4DHCPv4 Server
1
2
I need IPv4 addressing information.
Here is everything you need.
©
Dynamic Address Allocation in IPv6
DHCPv6 Server
ICMPv6 Router Advertisement
ICMPv6 Router Solicitation
To all IPv6 routers: I need IPv6 address
information.
To all IPv6 devices:Let me tell you how
to do this … 1. SLAAC
2. SLAAC with Stateless DHCPv6
3. Stateful DHCPv6
SLAAC (Stateless Address Autoconfiguration)
I might not be needed.Router(config)# ipv6 unicast-routing
©
RA Message Options
DHCPv6 Server
ICMPv6 Router AdvertisementOption 1, 2, or 3
Option Other Configuration (“O”) Flag
Managed Configuration (“M”) Flag
Option 1: SLAAC – No DHCPv6 (Default on Cisco routers)
0 0
Option 2: SLAAC + Stateless DHCPv6 for DNS address
1 0
Option 3: All addressing except default gateway use DHCPv6
0 1
Configuring Flags discussed in Lesson 8.
©
Option 3 and the “A” Flag
Option Managed Configuration (“M”) Flag
Address Autoconfiguration (“A”) Flag
Prefix in RA can be used for SLAAC
Option 3: All addressing except default gateway use DHCPv6
1 1 (default) Yes
Option 3: All addressing except default gateway use DHCPv6
1 0 No
ICMPv6 RAM Flag = 1A Flag = 1
G 0/1
DHCPv6
DHCPv6 Server
As a Windows host I will still use the RA prefix to create
temporary (SLAAC) addresses)
0
The autonomous address configuration (A) flag tells hosts that they can create an address for themselves by combining the prefix in the RA with an interface identifier.
Configuring Flags discussed in Lesson 8.
©
To: FF02::1 (All-IPv6 devices)
From: FE80::1 (Link-local address)
ICMPv6 Router Advertisement
RA
2
Link-local: FE80::50A5:8A35:A5BB:66E1MAC: 00-21-9b-d9-c6-44
2001:DB8:CAFE:1::/64
1
Router Solicitation / Router Advertisement
To: FF02::2 (All-IPv6 Routers)
From: FE80::50A5:8A35:A5BB:66E1
ICMPv6 Router SolicitationRS
Router Solicitation• Sent when device needs IPv6
addressing information.Router Advertisement• Sent every 200 seconds or in
response to RS
Link-local: FE80::1MAC: 00-03-6b-e9-d4-80R1
PC1
©
Analyzing the Router Solicitation Message
©
Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 33:33:00:00:00:02
Internet Protocol Version 6 0110 .... = Version: 6 [Traffic class and Flowlabel not shown] Payload length: 16 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::50a5:8a35:a5bb:66e1 Destination: ff02::2
Internet Control Message Protocol v6 Type: 133 (Router solicitation) Code: 0 Checksum: 0x3277 [correct] ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: 00:21:9b:d9:c6:44
Link-local address of PC1
All-IPv6-routers multicast address
Router Solicitation message
MAC address of PC1 but RAis sent as all-IPv6-host multicast
Next header is an ICMPv6 header
Ethernet multicast MAC address – Maps to “all IPv6 routers”
Router Solicitation Message
©
Analyzing the Router Advertisement Message
©
R1(config)# ipv6 unicast-routing
R1# show ipv6 interface gigabitethernet 0/0GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 Global unicast address(es): 2001:DB8:CAFE:1::1, subnet is 2001:DB8:CAFE:1::/64 Joined group address(es): FF02::1 FF02::2 FF02::1:FF00:1 MTU is 1500 bytes <output omitted for brevity> ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds Hosts use stateless autoconfig for addresses.
All-routers multicast group
M & O flags = 0
An IPv6 Router
©
Ethernet II, Src: 00:03:6b:e9:d4:80, Dst: 33:33:00:00:00:01
Internet Protocol Version 6 0110 .... = Version: 6 .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 64 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::1 Destination: ff02::1
Link-local address of R1. Added to hosts’ Default Router List and is the address they will use as their default gateway.
All-IPv6 devices multicast
Next Header is an ICMPv6 header
Ethernet multicast MAC address – Maps to “All-IPv6 devices”
Analyzing the Router Advertisement Message
Continued next slide
©
Internet Control Message Protocol v6 Type: 134 (Router advertisement) Code: 0 Cur hop limit: 64 Flags: 0x00 ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: 00:03:6b:e9:d4:80 ICMPv6 Option (MTU) Type: MTU (5) Length: 8 MTU: 1500 ICMPv6 Option (Prefix information) Type: Prefix information (3) Length: 32 Prefix Length: 64 Prefix: 2001:db8:cafe:1::
Recommended Hop Limit value for hosts
M and O flags indicate that no information is available via DHCPv6
Router R1’s MAC address
MTU of the link.
Prefix-length (/64) to be used for autoconfiguration.
Prefix of this network to be used for autoconfiguration
Router Advertisement
Router Advertisement Message
10.3: Neighbor Solicitation and Neighbor Advertisement Messages
©
Ethernet ARP Request/Reply
ICMPv6: Neighbor Solicitation/Advertisement
IPv4: ARP over Ethernet
PC1PC2ARP Request
Neighbor Advertisement
1
2Neighbor
Solicitation
1
ARP Reply
2
Know IPv4, what
is the MAC?
My IPv4! Here is the
MAC?
Know IPv6, what
is the MAC?
My IPv6! Here is the
MAC?
ARP Request: Broadcast
NS: Multicast NS: Solicited Node Multicast
Ethernet IPv6 Header
IPv6: ICMPv6 over IPv6 over Ethernet
Address Resolution: IPv4 and IPv6
ARP Cache
Neighbor Cache
©
PC1PC2
Neighbor Advertisement
4Neighbor
Solicitation
1
Neighbor Solicitation and Neighbor Advertisement
2001:DB8:CAFE:1::100/64
MAC Address00-21-9B-D9-C6-44
Neighbor Cache<empty until step 5>
2001:DB8:CAFE:1::200/64FF02::1:FF00:200 (Solicited Node Multicast)
MAC Address00-1B-24-04-A2-1E
ICMPv6: Neighbor Solicitation/Advertisement
NS: Multicast NS: Solicited Node Multicast
Ethernet IPv6 Header
PC1> ping 2001:DB8:CAFE:1::200
2 53
NA: Unicast NA: Unicast
©
Neighbor Solicitation
PC1PC2
Neighbor Solicitation
MAC Address00-21-9B-D9-C6-44
Neighbor CacheMAC Address
00-1B-24-04-A2-1E
2001:DB8:CAFE:1::100/642001:DB8:CAFE:1::200/64FF02::1:FF00:200 (Solicited Node Multicast)
I know the IPv6, but
what is the MAC?
©
Ethernet II, Src: 00:21:9b:d9:c6:44, Dst: 33:33:ff:00:02:00
Internet Protocol Version 6 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 32 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: 2001:db8:cafe:1::100 Destination: ff02::1:ff00:200
Internet Control Message Protocol v6 Type: 135 (Neighbor solicitation) Code: 0 Checksum: 0xbbab [correct] Reserved: 0 (Should always be zero) Target: 2001:db8:cafe:1::200 ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: 00:21:9b:d9:c6:44
Global unicast address of PC1Solicited-node multicast address of PC2
Neighbor Solicitation message
Target IPv6 address, needing MAC address (if two devices have the same solicited node address, this resolves the issue)
Next header is an ICMPv6 header
MAC address of the sender, PC1
Mapped multicast address for PC2
PC1NS
©
Neighbor Advertisement
PC1PC2
Neighbor Advertisement
MAC Address00-21-9B-D9-C6-44
Neighbor Cache
MAC Address00-1B-24-04-A2-1E
2001:DB8:CAFE:1::100/642001:DB8:CAFE:1::200/64FF02::1:FF00:200 (Solicited Node Multicast)
It’s my IPv6 and here is my MAC?
©
Ethernet II, Src: 00:1b:24:04:a2:1e, Dst: 00:21:9b:d9:c6:44
Internet Protocol Version 6 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 32 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: 2001:db8:cafe:1::200 Destination: 2001:db8:cafe:1::100
Internet Control Message Protocol v6 Type: 136 (Neighbor advertisement) Code: 0 Checksum: 0x1b4d [correct] Flags: 0x60000000 Target: 2001:db8:cafe:1::200 ICMPv6 Option (Target link-layer address) Type: Target link-layer address (2) Length: 8 Link-layer address: 00:1b:24:04:a2:1e
Next header is an ICMPv6 header
Unicast MAC address of PC1
Global unicast address of PC2
Global unicast address of PC1
Neighbor Advertisement message
MAC address of the sender, PC2
IPv6 address of the sender, PC2
PC2NA
©
ICMPv6 Duplicate Address Detection (DAD)
• Duplicate Address Detection (DAD) is used to guarantee that an IPv6 unicast address is unique on the link.
• A device will send a Neighbor Solicitation for its own unicast address (static or dynamic).
• After a period of time, if a NA is not received, then the address is deemed unique.
• Once required, RFC was updated to where it is only recommended - /64 Interface ID makes duplicates unlikely!
PC2
Hopefully noNeighbor Advertisement
Neighbor Solicitation
Global Unicast - 2001:DB8:CAFE:1::200Link-local - FE80::1111:2222:3333:4444
See the process with:R1# debug ipv6 nd
10.4: Neighbor Cache
©
Neighbor Cache
PC1Neighbor Cache
IPv6 Address MAC Address2001:DB8:ACAD:1::10 0021.9bd9.c644 IPv6 - 2001:DB8:ACAD:1::10
MAC - 0021.9bd9.c644
Neighbor AdvertisementNeighbor Solicitation
?
• Neighbor Cache – Maps IPv6 addresses with Ethernet MAC addresses• Similar to ARP Cache for IPv4
• 5 States (2 noticeable and 3 transitory): • Reachable: Packets have recently been received providing confirmation that this
device is reachable.• Stale: A certain time period has elapsed since a packet has been received from
this address.• Transitory States: INCOMPLETE, DELAY, PROBE
©
R1# show ipv6 neighborsIPv6 Address Age Link-layer Addr State InterfaceFE80::50A5:8A35:A5BB:66E1 16 0021.9bd9.c644 STALE Fa0/02001:DB8:AAAA:1::100 16 0021.9bd9.c644 STALE Fa0/0
R1# ping 2001:db8:aaaa:1::100
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA:1::100, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 msR1# show ipv6 neighborsIPv6 Address Age Link-layer Addr State InterfaceFE80::50A5:8A35:A5BB:66E1 16 0021.9bd9.c644 STALE Fa0/02001:DB8:AAAA:1::100 0 0021.9bd9.c644 REACH Fa0/0
R1#
Neighbor Cache
©
No Entry Exists Incomplete
Reachable
Stale – no action required(Requires resolution again)
Delay(Resolution pending)
Probe(Reresolution in progress)
Neighbor Solicitation (NS) sent
NA receivedReachable Time exceeded (default 30 sec) OrUnsolicited NA received
Packet sent
Packet returned (TCP increasing ACK)
5 sec
NS sent andNA received
3 NS sent with no NA returned
3 NS sent with no NA returned
Neighbor Cache (“ARP Cache”)
Neighbor Cache FSM
See the process with:R1# debug ipv6 nd
©
R1# debug ipv6 nd ICMP Neighbor Discovery events debugging is onR1# ping 2001:db8:aaaa:1::100Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2001:DB8:AAAA:1::100, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms*Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Resolution request*Oct 16 01:41:51.575: ICMPv6-ND: Created ND Entry Chunk pool*Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) DELETE -> INCMP*Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Sending NS*Oct 16 01:41:51.575: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Queued data for
resolution*Oct 16 01:41:51.579: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) Received NA from
2001:DB8:AAAA:1::100*Oct 16 01:41:51.579: ICMPv6-ND: Validating ND packet options: valid*Oct 16 01:41:51.579: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) LLA c471.fe7d.9c29*Oct 16 01:41:51.579: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) INCMP -> REACH*Oct 16 01:42:21.639: ICMPv6-ND: (GigabitEthernet0/1,2001:DB8:AAAA:1::100) REACH -> STALER1#
Neighbor Cache
©
For more information please check out my Cisco Press book and video series:
IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6• By Rick Graziani• ISBN-10: 1-58714-313-5
IPv6 Fundamentals LiveLessons: A Straightforward Approach to Understanding IPv6• By Rick Graziani• ISBN-10: 1-58720-457-6
