< Home

IPv6 ND

IPv6 neighbor discovery (ND) uses ICMPv6 messages to implement address resolution, verify neighbor reachability, detect duplicate addresses, discover routers and prefixes, automatically assign addresses, and perform the redirection function.

IPv6 ND Packet Format

After being configured with an IPv6 address, a node checks whether this address is available and does not conflict with other addresses. When a node is a host, a router needs to notify the host of the optimal next-hop address of a packet to a destination. When a node is a router, it needs to advertise its address, address prefix, and other configuration parameters to instruct hosts to configure parameters. When forwarding IPv6 packets, a node needs to know the link layer addresses and check reachability of neighboring nodes. IPv6 ND provides five types of ICMPv6 messages:

  • Router solicitation (RS): After startup, a host sends an RS message to a router.

    Figure 1 RS message format

    An RS message contains the following fields:

    • Type: The value is 133.
    • Code: The value is 0.
    • Checksum: 16-bit ICMP checksum.
    • Reserved: This field must be initialized to 0 on the transmit end and be ignored on the receive end.
    • Options: An RS message only contains the Source Link-Layer Address option. This option contains the link-layer address of the sender. If an unspecified IPv6 source address is used, an RS message cannot contain the Source Link-Layer Address option.

  • Router advertisement (RA): A router replies with an RS message with an RA message to a host and periodically sends RA messages carrying prefixes and some flag bits.

    Figure 2 RA message format

    An RA message contains the following fields:

    • Type: The value is 134.
    • Code: The value is 0.
    • Checksum: 16-bit ICMP checksum.
    • Cur Hop Limit: 8-bit unsigned integer that defines the hop limit of a message to be sent. The default value is placed in the Hop Count field of the IPv6 header, defined in RFC 2461. Value 0 means that a router does not use this field.
    • M: a 1-bit Managed Address Configuration flag.
      • 0: stateless address allocation. A host obtains an IPv6 address using a stateless protocol, for example, ND.
      • 1: stateful address allocation. A host obtains an IPv6 address using a stateful protocol, for example, DHCPv6.
    • O: a 1-bit Other Stateful Configuration flag.
      • 0: A host obtains IPv6 configurations (except an IPv6 address) using a stateless protocol, for example, ND.
      • 1: A host obtains IPv6 information (except an IPv6 address) using a stateful protocol, for example, DHCPv6. The IPv6 configurations include DNS and Simple Internet Protocol(SIP) server addresses.

      RFC 4861 defines that if the M flag is set to 1, the O flag must also be set to 1.

    • H: a 1-bit Home Agent flag defined for mobile IPv6.
      • 0: A router sending the RA message functions as a home agent for mobile nodes.
      • 1: A router sending an RA message does not function as a home agent for mobile nodes.
    • Prf: a 2-bit Default Router Preference flag. The Prf value of a router that sends the RA message is used as the priority of the default router for hosts.
    • P: a 1-bit Proxy flag. Its value can be:
      • 0: disables ND proxy.
      • 1: enables ND proxy.
    • Rsv: This field must be initialized to 0 on the transmit end and be ignored on the receive end.
    • Router Lifetime: a 16-bit field that indicates the lifetime (in seconds) of a default router. The lifetime of a router that sends the RA message is used as the lifetime of the default router for hosts. The default value is 30 minutes, and the maximum value is 18.2 hours. Value 0 indicates that the router sending the RA message does not function as the default router, while information carried in the RA message takes effect.
    • Reachable Time: a 32-bit field that indicates a period of time (in milliseconds), during which a router considers its neighbor reachable after having received a reachability confirmation. A router sends an RA message through an interface to enable all nodes on a link connected to the interface to use the same reachable time. The value can be set. The default value is 0 in an RA message. Value 0 means that a router does not use this field.
    • Retrans Timer: a 32-bit retransmission field that indicates the interval at which NS messages are resent. The Retrans Timer value is used during neighbor unreachability detection and address resolution. The value can be set. The default value is 0 in an RA message. Value 0 means that a router does not use this field.
    • Options:
      • Source link-layer option: only used on link layers that have addresses. A router must ignore this option when performing load sharing among multiple link-layer addresses.
      • MTU option: variable MTU of a link.
      • Prefix Information option: specifies one or more prefixes for address autoconfiguration.
      • Advertisement Interval option: interval (in milliseconds) at which RA messages are sent. This option is used for mobile IPv6.
      • Home Agent option: used for mobile IPv6.
      • Route Information option: used by a host to generate a default route.

  • Neighbor solicitation (NS): An IPv6 node sends NS messages to obtain data link layer addresses of neighbors, check neighbor reachability, and perform address conflict detection.

    Figure 3 NS message format

    An NS message contains the following fields:

    • Type: The value is 135.
    • Code: The value is 0.
    • Checksum: 16-bit ICMP checksum.
    • Reserved: This field must be initialized to 0 on the transmit end and be ignored on the receive end.
    • Target Address: a 32-bit address of the target node in the solicitation. A link-local or global unicast address, except a multicast address, can be used as a target address.
    • Options: An NS message only contains the source link-layer address option. This option contains the link-layer address of the sender. If an unspecified IPv6 source address is used, an NS message cannot contain the source link-layer address option.

  • Neighbor advertisement (NA): An IPv6 node responds NS messages with NA messages. The IPv6 node also sends NA messages if the data link layer changes.

    Figure 4 NA message format

    An NA message contains the following fields:

    • Type: The value is 136.
    • Code: The value is 0.
    • Checksum: 16-bit ICMP checksum.
    • R: a 1-bit Router flag which identifies the role of the sender.
      • 0: host
      • 1: router

      In the NUD scenario, a router that receives the NA message from its neighbor router checks whether the neighbor router becomes a host based on the R flag.

    • S: a 1-bit Solicited flag:
      • 0: No NA message is sent in response to a unicast NS message.
      • 1: An NA message is sent in response to a unicast NS message.

      During NUD, the S field is used to check whether a neighbor is reachable.

      • 0: reachable
      • 1: unreachable

      The S field must be set to 0 in a multicast advertisement or a non-solicit unicast advertisement. For example, if an NS message used for DAD contains a multicast address of a solicited node, and a node receives the NS message and uses DAD to detect an address conflict, the node replies with an NA message with the S field of 0.

    • O: a 1-bit Override flag.
      • 0: enables the router to use the target link-layer address option to update the cached neighbor entry only if the link-layer address is unspecified.
      • 1: enables the router to use the target link-layer address option to update the cached neighbor entry, regardless of the link-layer address.

      If the target address of an NS message is an anycast address or a proxy advertisement is solicited, the O field must be set to 0. In other situations, for example, the DAD scenario, the O field must set to 1.

    • Reserved: This field must be initialized to 0 on the transmit end and be ignored on the receive end.
    • Target Address: a 32-bit address.
      • If an NA message is sent in response to an NS message, the Target Address field is equal to the target address carried in the NS message.
      • If an NA message is not a response to the NS message, the Target Address field is equal to the IP address of a node with a changed link-layer address.

      A multicast address cannot be used as a target address.

    • Options: The NA message only contains the target link-layer address option. The link-layer address belongs to the sender.

  • Redirect: After a router finds that a received message carries the same inbound and outbound interface name, the router sends Redirect messages to instruct a host to select a better next hop.

    Figure 5 Redirect message format

    A Redirect message contains the following fields:

    • Type: The value is 137.
    • Code: The value is 0.
    • Checksum: 16-bit ICMP checksum.
    • Reserved: This field must be initialized to 0 on the transmit end and be ignored on the receive end.
    • Target Address: a 32-bit next-hop address:
      • If the destination is a router that is not on the local link, the Target Address field must be set to the local link-layer address of the router.
      • If the destination is a host on the local link, the Target Address field must be set to the destination address.
    • Destination: a 32-bit destination address carried in the IPv6 header.
    • Options:
      • Target link-layer address option: new next-hop link-layer address.
      • Redirected header option: contains the content of the IP packet that triggers the sending of the Redirect message. The size of a Redirect message with this option cannot exceed 1280 bytes.

Duplicate Address Detection

Duplicate Address Detection (DAD) is a detection mechanism that identifies whether the IPv6 address is available. The implementation process is as follows:

Figure 6 DAD process

  1. If an IPv6 address is specified for a node, the node sends the NS message to check whether the address is used by any neighbor.

  2. When receiving the message, a neighbor node checks whether the same IPv6 address exists. If the local IPv6 address exists, the neighbor node replies a NA message that contains the IPv6 address to the source node.

  3. After the source node receives the reply message from the neighbor, the source node considers that the IPv6 address is used by the neighbor. If the source node does not receive the reply message from the neighbor, the IPv6 address is available.

Neighbor Discovery

The IPv6 ND function, similar to the IPv4 Address Resolution Protocol (ARP) function, resolves neighbor addresses and detect neighbor reachability using NS and NA messages.

To obtain the data link layer address of another node on the same local link, a node sends an ICMPv6 NS message of Type 135, which is similar to an IPv4 ARP request message. The ICMPv6 NS message is transmitted using a multicast address, not a broadcast address. Only the solicited node that has an IP address with the lest significant 24 bits the same as that of the multicast address can receive the NS message, which minimizes broadcast storms. The destination node adds its data link layer address to an NA message.

The NS message is also used to check the reachability of the neighbor with a known data link layer address. The IPv6 NA message is sent in response to the IPv6 NS message. After receiving the ICMPv6 NS message, the destination node replies with an ICMPv6 NA message of Type 136 on the local link. After the ICMPv6 NA message is received, the source and destination nodes can communicate. A node also sends an NA message if its data link layer address on the local link is changed.

Figure 7 Neighbor address resolution

Router Discovery

The RD function locates neighbor routing devices and learns the prefixes and parameters for address autoconfiguration. The IPv6 RD function is implemented using the following mechanism:

  • Router solicitation

    When no unicast address is specified for a host (for example, when the system is just restarted), the host sends an RS message. The RS message helps the router quickly implement autoconfiguration without waiting for an RA message sent by the IPv6 routing device. The IPv6 RS message is an ICMPv6 message of Type 133.

  • Router advertisement

    After IPv6 RA is configured on interfaces of a routing device, the routing device periodically sends an RA message. After receiving an RS message from an IPv6 node on the local link, a routing device replies with an RA message. The IPv6 RA message is sent to the multicast address (FF02::1) of all nodes or to the IPv6 unicast address of the node that sends the RS message. The IPv6 RA message is an ICMPv6 message of Type 134. The IPv6 RA message includes the following contents:

    • Whether address autoconfiguration is enabled or disabled

    • Supported autoconfiguration type, stateless or stateful

    • One or multiple local link prefixes: The nodes on the local link can implement address autoconfiguration using these prefixes.

    • Lifecycle of an advertised prefix of the local link

    • Whether the router that sends an RA message can serve as a default routing device. If the router serves as a default routing device, the time (in seconds) for the router serving as the default routing device is included.

    • Other information about the host, including the hop limit and MTU specified for messages initiated by the host.

    The IPv6 node on the local link receives an RA message and obtains the default routing device, prefix list, and other settings.

Address Autoconfiguration

A router sends RA messages with the M field to instruct a host how to perform address autoconfiguration. A host selects an address configuration mode based on the M flag in an RA message shown in Figure 2. The configuration modes include stateless and stateful address configuration.
  • If the M field is set to 0, stateless address allocation is used. The host does not need to be additionally configured, the router needs a few configurations, and no server is needed. After a host receives an RA message, it uses prefix information in the message and local interface ID to automatically calculate an IPv6 address. The host also sets the default router according to the default router information in the message. Stateless address allocation only applies to hosts, not routers.
  • If the M field is set to 1, stateful address allocation is used. A server, for example, a DHCPv6 server, assigns a host an IPv6 address. The server maintains a database that contains the host information and configured addresses. Stateful address allocation allows hosts to obtain IPv6 addresses from a server.
Hosts can select the mode for configuring other information, such as DNS and SIP server address based on the O field carried in the RA messages:
  • If the O field is set to 0, the host obtains IPv6 settings (except an IPv6 address) using a stateless protocol, for example, ND.
  • If the O field is set to 1, the host obtains IPv6 settings (except an IPv6 address) using a stateful protocol, for example, DHCPv6.

RFC 4861 defines that if the M flag is set to 1, the O flag must also be set to 1.

Redirection

A redirection message notifies a host of the ideal next-hop IPv6 address to the destination. Similar to IPv4, the IPv6 routing device sends a redirection message to only redirect the message to a better routing device. The node that receives the redirection message sends subsequent messages to the new routing device. The routing device sends the redirection message only for the unicast flow. The redirection message is only sent to and processed by the node (host) that initiates the redirection message.

Figure 8 Redirection process

Parent Topic: Understanding IPv6 Neighbor Discovery
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >