Neighbor discoverydhcp

IPv6 Neighbor DiscoveryRFC4861, RFC4862

And DHCPv6

FRED BOVY – CCIE #3013

1 02/10/14

Fred Bovy. ccie #3013

1. INTRODUCTIONMore details to the presentation:http://www.ipv6forlife.com/Docs/IPv6Autoconfig20c.pdf

ND is used by End Nodes to:

o Resolve data link layer address to send a frame (ARP functionality).o Determine when the address of a neighbor has changedo Determine if a neighbor is still reachableo Discover the neighborso Autoconfigure addresses, prefixes, routes and other parameters

ND is used by Routers to:o Announce their presence, provide host with configuration parameters,

routes and prefixes.o Inform a host about a better next hop to transmit a packet for a particular

destination.

ND processes are for:o Routers discovery o Prefixes discoveryo Automatic address Configurationo Information to a host when a better next-host exists for a packet it is routing

The Processes are:✔ MAC Address resolution✔ Next-hop Determination✔ Unreachable neighbor detection✔ Duplicate Address Detection

CISCO ROUTER LOG:*Sep 22 03:55:50.586: %LINK3UPDOWN: Interface FastEthernet1/0, changed state to up*Sep 22 03:55:51.586: %LINEPROTO5UPDOWN: Line protocol on Interface FastEthernet1/0, changed state toup*Sep 22 03:55:51.598: ICMPv6ND: L2 came up on FastEthernet1/0*Sep 22 03:55:51.602: IPv6AddrmgrND: DAD request for FE80::C800:6FF:FEA9:1C on FastEthernet1/0*Sep 22 03:55:51.606: ICMPv6ND: Sending NS for FE80::C800:6FF:FEA9:1C on FastEthernet1/0*Sep 22 03:55:51.626: ICMPv6ND: ND output feature SEND executed on 5 rc=0*Sep 22 03:55:51.638: %SYS5CONFIG_I: Configured from console by console*Sep 22 03:55:52.610: IPv6AddrmgrND: DAD: FE80::C800:6FF:FEA9:1C is unique.*Sep 22 03:55:52.618: ICMPv6ND: Sending NA for FE80::C800:6FF:FEA9:1C on FastEthernet1/0*Sep 22 03:55:52.618: ICMPv6ND: L3 came up on FastEthernet1/0*Sep 22 03:55:52.666: IPv6AddrmgrND: DAD request for F:1::1 on FastEthernet1/0*Sep 22 03:55:52.678: ICMPv6ND: Sending NS for F:1::1 on FastEthernet1/0*Sep 22 03:55:52.686: ICMPv6ND: Linklocal FE80::C :1800:6FF:FEA9:1C on FastEthernet1/0, Up

2 02/10/14 IPv6 For Life

http://www.ipv6forlife.com/Docs/IPv6Autoconfig20c.pdf


*Sep 22 03:55:52.686: ICMPv6ND: Created RA context for FE80::C800:6FF:FEA9:1C*Sep 22 03:55:52.690: ICMPv6ND: Request to send RA for FE80::C800:6FF:FEA9:1C*Sep 22 03:55:52.698: ICMPv6ND: Sending RA from FE80::C800:6FF:FEA9:1C to FF02::1 on FastEthernet1/0*Sep 22 03:55:52.706: ICMPv6ND: MTU = 1500*Sep 22 03:55:52.706: ICMPv6ND: prefix = F:1::/64 onlink autoconfig*Sep 22 03:55:52.710: ICMPv6ND: 2592000/604800 (valid/preferred)*Sep 22 03:55:52.718: ICMPv6ND: ND output feature SEND executed on 5 rc=0*Sep 22 03:55:52.718: ICMPv6ND: ND output feature SEND executed on 5 rc=0*Sep 22 03:55:52.722: ICMPv6ND: ND output feature SEND executed on 5 rc=0*Sep 22 03:55:53.682: IPv6AddrmgrND: DAD: F:1::1 is unique.*Sep 22 03:55:53.682: ICMPv6ND: Sending NA for F:1::1 on FastEthernet1/0*Sep 22 03:55:53.686: ICMPv6ND: ND output feature SEND executed on 5 rc=0*Sep 22 03:55:54.558: ICMPv6ND: ULP neighbour FE80::C801:6FF:FEA9:1C on FastEthernet1/0*Sep 22 03:55:54.562: ICMPv6ND: DELETE > INCMP: FE80::C801:6FF:FEA9:1C*Sep 22 03:55:54.566: ICMPv6ND: Sending NS for FE80::C801:6FF:FEA9:1C on FastEthernet1/0*Sep 22 03:55:54.570: ICMPv6ND: Set ULP NUD for FE80::C801:6FF:FEA9:1C on FastEthernet1/0*Sep 22 03:55:54.594: ICMPv6ND: ND output feature SEND executed on 5 rc=0*Sep 22 03:55:54.614: ICMPv6ND: ND input feature SEND executed on 5 rc=0*Sep 22 03:55:54.618: ICMPv6ND: Received NA for FE80::C801:6FF:FEA9:1C on FastEthernet1/0 from FE80::C801:6FF:FEA9:1C*Sep 22 03:55:54.622: ICMPv6ND: Neighbour FE80::C801:6FF:FEA9:1C on FastEthernet1/0 : LLA ca01.06a9.001c*Sep 22 03:55:. 54622: ICMPv6ND: INCMP > REACH: FE80::C801:6FF:FEA9:1C

Five ND messages :• Router Solicitation (Type 133)• Router Advertisement (Type 134)• Neighbor Solicitation (Type 135)• Neighbor Advertisement (Type 136)• Redirect (Type 137)

2. NEIGHBOR DISCOVERY MESSAGES

2.1. Router Solicitation

Sent by a host to get information from neighboring routers.

MAC Layer• Source MAC Address is NIC address• Destination is all routers MAC address 33-33-00-00-00-02

IPv6 Layer• Link local or unspecified IPv6 address.• Link local all routers IPv6 address

ICMPv6 Layer• Type 133• Code 0



• ICMPv6 Checksum• Source Link-Layer Address option

ICMPv6 Option (Source linklayer address) Type: Source linklayer address (1) Length: 8 Linklayer address: ca:02:06:a9:00:54

2.2. Router Advertisement

Sent unsolicited on a regular basis or as an answer to a router solicitation.

Ethernet header:• Source MAC of the sending NIC


Illustration 1: Router Advertisement recevied from FREE SP


• Destination MAC Address will be 33-33-00-00-00-01

IPv6 header:• Link local source • Destination will be all-nodes : FF02::1 or the unicast address of the station

which has sent the Router Solicitation• Hop Limit 255

Router Advertisement:• Type 134• Code 0• Checksum ICMPv6• Current Hop Limit• Managed Address Configuration Flag• Other Stateful Configuration Flag • Default Router Preference• Reserved• Router Lifetime• Retransmission timer• Source Link-Layer Address Option• MTU Option• Prefix Information Ooptions• Advertisement Interval Option• Home Agent Information Option• Route information options

CaptureFrame 5801 (118 bytes on wire, 118 bytes captured)Ethernet II, Src: ca:02:06:a9:00:1c (ca:02:06:a9:00:1c), Dst: IPv6mcast_00:00:00:01 (33:33:00:00:00:01) Destination: IPv6mcast_00:00:00:01 (33:33:00:00:00:01) Source: ca:02:06:a9:00:1c (ca:02:06:a9:00:1c) Type: IPv6 (0x86dd)Internet Protocol Version 6 0110 .... = Version: 6 .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 64 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::c802:6ff:fea9:1c (fe80::c802:6ff:fea9:1c) Destination: ff02::1 (ff02::1)Internet Control Message Protocol v6



Type: 134 (Router advertisement) Code: 0 Checksum: 0x90a8 [correct] Cur hop limit: 64 Flags: 0x00 Router lifetime: 1800 Reachable time: 0 Retrans timer: 0 ICMPv6 Option (Source linklayer address) Type: Source linklayer address (1) Length: 8 Linklayer address: ca:02:06:a9:00:1c ICMPv6 Option (MTU) Type: MTU (5) Length: 8 MTU: 1500 ICMPv6 Option (Prefix information) Type: Prefix information (3) Length: 32 Prefix length: 64 Flags: 0xc0 Valid lifetime: 2592000 Preferred lifetime: 604800 Prefix: 2001:db8:c0a8:b::

2.3. Neighbor Solicitation.



Type 135Code 0Target AddressSource Link-Layer Address OptionNS are used:

• To ask the link layer address of a neighborThe Destination Address will be the solicited Node Multicast Address

• In the Duplicate Address Detection Procedure or DAD.The Destination Address will be its own Address

• To check if a neighbor is alive (Neighbor Unreachability Detection or NUD)The Destination Address will be the Unicast address of the Neighbor.

Capture:Frame 5344 (86 bytes on wire, 86 bytes captured)Ethernet II, Src: ca:01:06:a9:00:1c (ca:01:06:a9:00:1c), Dst: ca:00:06:a9:00:1c(ca:00:06:a9:00:1c) Destination: ca:00:06:a9:00:1c (ca:00:06:a9:00:1c)


Illustration 2: NS sent to ourself for DAD


Source: ca:01:06:a9:00:1c (ca:01:06:a9:00:1c) Type: IPv6 (0x86dd)Internet Protocol Version 6 0110 .... = Version: 6 .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 32 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::c801:6ff:fea9:1c (fe80::c801:6ff:fea9:1c) Destination: 2001:db8:c0a8:b:c800:6ff:fea9:1c (2001:db8:c0a8:b:c800:6ff:fea9:1c)Internet Control Message Protocol v6 Type: 135 (Neighbor solicitation) Code: 0 Checksum: 0x6230 [correct] Target: 2001:db8:c0a8:b:c800:6ff:fea9:1c (2001:db8:c0a8:b:c800:6ff:fea9:1c) ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: ca:01:06:a9:00:1c

2.4. Neighbor Advertisement

Type 136Code 0Router FlagSolicited flagOverride FlagTarget AddressTarget Link-Layer Address Option

Answer to Neighbor Solicitation

Capture:Frame 23 (454 bytes on wire, 454 bytes captured)Ethernet II, Src: ca:02:09:b9:00:08 (ca:02:09:b9:00:08), Dst: ca:01:09:b9:00:08 (ca:01:09:b9:00:08)Internet Protocol Version 6Internet Control Message Protocol v6 Type: 136 (Neighbor advertisement) Code: 0 Checksum: 0xc988 [correct] Flags: 0x60000000 Target: 2001::347c:26bf:9a38:61c3 (2001::347c:26bf:9a38:61c3) ICMPv6 Option (Target link-layer address) ICMPv6 Option (CGA)



ICMPv6 Option (Timestamp) ICMPv6 Option (Nonce) ICMPv6 Option (RSA Signature)

2.5. RedirectInform a neighbor of a better next hop to reaach a particular destination.

Capture:Internet Control Message Protocol v6 Type: 137 (Redirect) Code: 0 Checksum: 0xd231 [correct] rfc (2001:db8:c0a8:a:c800:6ff:fea9:1c) Destination: 2001:db8:c0a8:a:c800:6ff:fea9:1c (2001:db8:c0a8:a:c800:6ff:fea9:1c) ICMPv6 Option (Target link-layer address) Type: Target link-layer address (2) Length: 8 Link-layer address: ca:00:06:a9:00:1c ICMPv6 Option (Redirected header) Type: Redirected header (4) Length: 112 Reserved: 0 (correct) Redirected packet Internet Protocol Version 6 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 60 Next header: ICMPv6 (0x3a) Hop limit: 63 Source: 2001:db8:c0a8:b::1 (2001:db8:c0a8:b::1) Destination: 2001:db8:c0a8:a:c800:6ff:fea9:1c (2001:db8:c0a8:a:c800:6ff:fea9:1c) Internet Control Message Protocol v6 Type: 128 (Echo request) Code: 0 Checksum: 0xbce7 [correct] ID: 0x22ef Sequence: 0x0004 Data (52 bytes)

0000 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 ................0010 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 ............ !"#0020 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 $%&'()*+,-./01230030 34 35 36 37 4567

3.0 PROCEDURESNeighbor Discovery is activated by a Finite State Machine. It is much more powerful and optimized than ARP which has only a timer to purge oldest entries.



It is presented in a very simplified FSM below. Defaults timers length are in RFC4861.


Illustration 3: IPv6 ND Simplified FSM

http://tools.ietf.org/html/rfc4861#page-89


3.1. Neighbor Discovery Options

3.1.1. Source Link-Layer address Option

Frame 56 (118 bytes on wire, 118 bytes captured)Ethernet II, Src: ca:02:06:a9:00:54 (ca:02:06:a9:00:54), Dst: IPv6mcast_00:00:00:01 (33:33:00:00:00:01) Destination: IPv6mcast_00:00:00:01 (33:33:00:00:00:01) Source: ca:02:06:a9:00:54 (ca:02:06:a9:00:54) Type: IPv6 (0x86dd)Internet Protocol Version 6 0110 .... = Version: 6 .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 64 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::c802:6ff:fea9:54 (fe80::c802:6ff:fea9:54) Destination: ff02::1 (ff02::1)Internet Control Message Protocol v6 Type: 134 (Router advertisement) Code: 0 Checksum: 0x9040 [correct] Cur hop limit: 64 Flags: 0x00 Router lifetime: 1800 Reachable time: 0 Retrans timer: 0 ICMPv6 Option (Source linklayer address) Type: Source linklayer address (1) Length: 8 Linklayer address: ca:02:06:a9:00:54 ICMPv6 Option (MTU) Type: MTU (5) Length: 8 MTU: 1500 ICMPv6 Option (Prefix information) Type: Prefix information (3) Length: 32 Prefix length: 64 Flags: 0xc0 Valid lifetime: 2592000 Preferred lifetime: 604800 Prefix: 2001:db8:c0a8:3::

3.1.2. Target Link-Layer address OptionFrame 25 (86 bytes on wire, 86 bytes captured)Ethernet II, Src: ca:01:06:a9:00:54 (ca:01:06:a9:00:54), Dst: ca:02:06:a9:00:54 (ca:02:06:a9:00:54) Destination: ca:02:06:a9:00:54 (ca:02:06:a9:00:54) Source: ca:01:06:a9:00:54 (ca:01:06:a9:00:54) Type: IPv6 (0x86dd)Internet Protocol Version 6



0110 .... = Version: 6 .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 32 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::c801:6ff:fea9:54 (fe80::c801:6ff:fea9:54) Destination: fe80::c802:6ff:fea9:54 (fe80::c802:6ff:fea9:54)Internet Control Message Protocol v6 Type: 136 (Neighbor advertisement) Code: 0 Checksum: 0x5f24 [correct] Flags: 0xe0000000 Target: fe80::c801:6ff:fea9:54 (fe80::c801:6ff:fea9:54) ICMPv6 Option (Target link-layer address) Type: Target link-layer address (2) Length: 8 Link-layer address: ca:01:06:a9:00:54

3.1.3. Prefix Information Option

Sent with a Router Advertisement. More than one prefixes can be included.

Type. 3 Length. 4.Prefix Length. 8 bits. Generally 64.On-Link Flag. 1 bit. Autonomous Flag. 1 bit. Router Address flag. Defined in RFC 3775 for Mobile IPv6Site Prefix Flag. Reserved1.Valid Lifetime. Prefered Lifetime..Reserved2Site Prefix Length. Prefix.

Frame 56 (118 bytes on wire, 118 bytes captured)Ethernet II, Src: ca:02:06:a9:00:54 (ca:02:06:a9:00:54), Dst: IPv6mcast_00:00:00:01 (33:33:00:00:00:01) Destination: IPv6mcast_00:00:00:01 (33:33:00:00:00:01) Source: ca:02:06:a9:00:54 (ca:02:06:a9:00:54) Type: IPv6 (0x86dd)Internet Protocol Version 6 0110 .... = Version: 6 .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 64 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::c802:6ff:fea9:54 (fe80::c802:6ff:fea9:54) Destination: ff02::1 (ff02::1)Internet Control Message Protocol v6 Type: 134 (Router advertisement)



Code: 0 Checksum: 0x9040 [correct] Cur hop limit: 64 Flags: 0x00 Router lifetime: 1800 Reachable time: 0 Retrans timer: 0 ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: ca:02:06:a9:00:54 ICMPv6 Option (MTU) Type: MTU (5) Length: 8 MTU: 1500 ICMPv6 Option (Prefix information) Type: Prefix information (3) Length: 32 Prefix length: 64 Flags: 0xc0 Valid lifetime: 2592000 Preferred lifetime: 604800 Prefix: 2001:db8:c0a8:3::

3.1.4. Redirected Header Option

Frame 92 (214 bytes on wire, 214 bytes captured)Ethernet II, Src: ca:01:06:a9:00:1c (ca:01:06:a9:00:1c), Dst: ca:02:06:a9:00:1c (ca:02:06:a9:00:1c) Destination: ca:02:06:a9:00:1c (ca:02:06:a9:00:1c) Source: ca:01:06:a9:00:1c (ca:01:06:a9:00:1c) Type: IPv6 (0x86dd)Internet Protocol Version 6 0110 .... = Version: 6 .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 160 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::c801:6ff:fea9:1c (fe80::c801:6ff:fea9:1c) Destination: 2001:db8:c0a8:b::1 (2001:db8:c0a8:b::1)Internet Control Message Protocol v6 Type: 137 (Redirect) Code: 0 Checksum: 0xd231 [correct] Target: 2001:db8:c0a8:a:c800:6ff:fea9:1c (2001:db8:c0a8:a:c800:6ff:fea9:1c) Destination: 2001:db8:c0a8:a:c800:6ff:fea9:1c (2001:db8:c0a8:a:c800:6ff:fea9:1c) ICMPv6 Option (Target link-layer address) Type: Target link-layer address (2) Length: 8 Link-layer address: ca:00:06:a9:00:1c ICMPv6 Option (Redirected header) Type: Redirected header (4) Length: 112 Reserved: 0 (correct) Redirected packet Internet Protocol Version 6



0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 60 Next header: ICMPv6 (0x3a) Hop limit: 63 Source: 2001:db8:c0a8:b::1 (2001:db8:c0a8:b::1)

Destination: 2001:db8:c0a8:a:c800:6ff:fea9:1c (2001:db8:c0a8:a:c800:6ff:fea9:1c) Internet Control Message Protocol v6 Type: 128 (Echo request) Code: 0 Checksum: 0xbce7 [correct] ID: 0x22ef Sequence: 0x0004 Data (52 bytes)

0000 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 ................0010 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 ............ !"#0020 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 $%&'()*+,-./01230030 34 35 36 37 4567

3.1.5. MTU Option

Frame 56 (118 bytes on wire, 118 bytes captured)Ethernet II, Src: ca:02:06:a9:00:54 (ca:02:06:a9:00:54), Dst: IPv6mcast_00:00:00:01 (33:33:00:00:00:01) Destination: IPv6mcast_00:00:00:01 (33:33:00:00:00:01) Source: ca:02:06:a9:00:54 (ca:02:06:a9:00:54) Type: IPv6 (0x86dd)Internet Protocol Version 6 0110 .... = Version: 6 .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 64 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::c802:6ff:fea9:54 (fe80::c802:6ff:fea9:54) Destination: ff02::1 (ff02::1)Internet Control Message Protocol v6 Type: 134 (Router advertisement) Code: 0 Checksum: 0x9040 [correct] Cur hop limit: 64 Flags: 0x00 Router lifetime: 1800 Reachable time: 0 Retrans timer: 0 ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: ca:02:06:a9:00:54 ICMPv6 Option (MTU)



Type: MTU (5) Length: 8 MTU: 1500 ICMPv6 Option (Prefix information) Type: Prefix information (3) Length: 32 Prefix length: 64 Flags: 0xc0 Valid lifetime: 2592000 Preferred lifetime: 604800 Prefix: 2001:db8:c0a8:3::

3.1.6. Route Information Option

Sent in Router Advertisement (see RFC4191.)

Type

Length

Prefix Length

Reserved1

Preference

Reserved2

Route Lifetime

Prefix

In the RA it is possible to advertise Recursive DNS Servers (RFC 5006):

3.1.7. Recursive DNS Server Option

Type 25

Length

Reserved

Lifetime MaxRtrAdvInterval <= Lifetime <= 2* MaxRtrAdvInterval

IPv6 DNS Recursive DNS Servers Addresses



4.0 STATELESS ADDRESS AUTOCONFIGURATION (SLAAC)



A host starting without an IPv6 address will first allocate a Link-Local Address for each interface and test it's unique. If this fails the interface is disable for IPv6. STOP


Illustration 4: Stateless Address Autoconfig


Otherwise it sends a Router Solicitation and wait Router Advertisements. If itcan find a prefix list option it tries to derive an IPv6 address from each prefix according to flags and timers advertised with each prefix and the DAD procedure to verify if it is unique. This is done between A and B on the diagram.

In both case it build the address from the prefix receives or the Link-Local and an Interface ID of 64 bits. The Interface ID can be derived from the MAC Address, thisis EUI-64 or it can be random and replaced on a regular basis for confidentiality.


Illustration 5: SLAAC Prefix list option processing A->B


Once it has made an IPv6 address, it uses ND DAD (Duplicate Address Detection) to check that the address is unique. DAD is just sending a NS to itself and wait. If somebody replies there is a DUP. After a short timeout the address is considered unique and initialized. For the Link-Local address, the interface is disabled for IPv6if it fails. If Secured Neighbor Discovery is in used it makes two more tries with two more computed addresses (CGA). In the normal case, without SeND, it disables it immediately after the first failure. IPv6 is down for this interface.

If the address is a DUP, for Global addresses derived from the prefix received fromthe Routers, the address is not used but the interface it still Up.

‘Debug ipv6 nd’ Cisco Capture with SeND:

*Sep 23 04:06:46.348: %LINK-3-UPDOWN: Interface FastEthernet2/0, changed state to up*Sep 23 04:06:47.352: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0, changed state to up*Sep 23 04:06:47.368: ICMPv6-ND: L2 came up on FastEthernet2/0*Sep 23 04:06:47.368: IPv6-Addrmgr-ND: DAD request for FE80::C801:6FF:FEA9:38 on FastEthernet2/0*Sep 23 04:06:47.376: ICMPv6-ND: Sending NS for FE80::C801:6FF:FEA9:38 on FastEthernet2/0*Sep 23 04:06:47.388: ICMPv6-ND: ND output feature SEND executed on 7 - rc=0*Sep 23 04:06:47.632: ICMPv6-ND: Sending RS on FastEthernet2/0*Sep 23 04:06:47.636: ICMPv6-ND: ND output feature SEND executed on 7 - rc=0*Sep 23 04:06:47.776: ICMPv6-ND: ND input feature SEND executed on 7 - rc=0*Sep 23 04:06:47.780: ICMPv6-ND: Received RA from FE80::C802:6FF:FEA9:38 on FastEthernet2/0*Sep 23 04:06:47.788: ICMPv6-ND: Autoconfiguring F:2::C801:6FF:FEA9:38 on FastEthernet2/0*Sep 23 04:06:48.376: IPv6-Addrmgr-ND: DAD: FE80::C801:6FF:FEA9:38 is unique.*Sep 23 04:06:48.380: ICMPv6-ND: Sending NA for FE80::C801:6FF:FEA9:38 on FastEthernet2/0*Sep 23 04:06:48.384: ICMPv6-ND: L3 came up on FastEthernet2/0*Sep 23 04:06:48.428: IPv6-Addrmgr-ND: DAD request for F:2::C801:6FF:FEA9:38 on FastEthernet2/0*Sep 23 04:06:48.432: ICMPv6-ND: Sending NS for F:2::C801:6FF:FEA9:38 on FastEthernet2/0*Sep 23 04:06:48.436: ICMPv6-ND: Linklocal FE80::C801:6FF:FEA9:38 on FastEthernet2/0, Up*Sep 23 04:06:48.440: ICMPv6-ND: Created RA context for FE80::C801:6FF:FEA9:38*Sep 23 04:06:48.444: ICMPv6-ND: Request to send RA for FE80::C801:6FF:FEA9:38*Sep 23 04:06:48.444: ICMPv6-ND: Sending RA from FE80::C801:6FF:FEA9:38 to FF02::1 on FastEthernet2/0*Sep 23 04:06:48.452: ICMPv6-ND: MTU = 1500*Sep 23 04:06:48.456: ICMPv6-ND: ND output feature SEND executed on 7 - rc=0*Sep 23 04:06:48.456: ICMPv6-ND: ND output feature SEND executed on 7 - rc=0*Sep 23 04:06:48.460: ICMPv6-ND: ND output feature SEND executed on 7 - rc=0*Sep 23 04:06:49.436: IPv6-Addrmgr-ND: DAD: F:2::C801:6FF:FEA9:38 is unique.*Sep 23 04:06:49.440: ICMPv6-ND: Sending NA for F:2::C801:6FF:FEA9:38 on FastEthernet2/0*Sep 23 04:06:49.444: ICMPv6-ND: ND output feature SEND executed on 7 - rc=0*Sep 23 04:06:59.808: ICMPv6-ND: ND input feature SEND executed on 5 - rc=0*Sep 23 04:06:59.808: ICMPv6-ND: Received RA from FE80::C800:6FF:FEA9:1C on FastEthernet1/0*Sep 23 04:07:04.532: ICMPv6-ND: Request to send RA for FE80::C801:6FF:FEA9:38*Sep 23 04:07:04.536: ICMPv6-ND: Sending RA from FE80::C801:6FF:FEA9:38 to FF02::1 on FastEthernet2/0*Sep 23 04:07:04.544: ICMPv6-ND: MTU = 1500*Sep 23 04:07:04.548: ICMPv6-ND: ND output feature SEND executed on 7 - rc=0



CISCO “show interface”: r2(config-if)#do show ipv6 interface f2/0FastEthernet2/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::C801:6FF:FEA9:38 No Virtual link-local address(es): Stateless address autoconfig enabled Global unicast address(es): F:2::C801:6FF:FEA9:38, subnet is F:2::/64 [EUI/CAL/PRE] valid lifetime 2591913 preferred lifetime 604713

• Joined group address(es):

FF02::1 FF02::2 FF02::D FF02::16 FF02::1:FFA9:38 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent Output features: MFIB Adjacency ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds (using 30000) ND advertised reachable time is 0 (unspecified) ND advertised retransmit interval is 0 (unspecified) ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds ND advertised default router preference is Medium Hosts use stateless autoconfig for addresses.

5.0 STATEFUL ADDRESS AUTOCONFIGURATION. (DHCPV6)

DHCPv6 can also be used to provide automatically addresses and other


Illustration 6: DHCP Header from Non Temp


parameters such as DNS server address and other servers but no Router bydefault. RA are still needed or you need static configurations on the workstations.

An "identityassociation" (IA) is a construct through whicha server and a client can identify, group, and manage a setof related IPv6 addresses. Each IA consists of an IAID andassociated configuration information.

DHCPv6 can manage Temporary Random Addresses. This is when the client wants to change often its address, generally every day so the client cannot be identified from his source address. This was requested by IPv4 folks when they complained about privacy with IPv6 as we always had the same address on the Net. So the Temporary addresses were introduced and can be managed by SLAAC or DHCPv6.When Temporary Addresses are used, the header does not include T1 and T2 timers to advertise the frequency for the Lease refreshment to keep one address. It must be managed by the client alone.

A DHCPv6 header contains an "identity-association" (IA) which is a group of Addresses that can be used by the Client and the Server. Each IA has an IAID.

The Configuration of the IA has a T1 and a T2 Timer for all the addresses. T1 is thetimer when the the client should R enew its Lease with its own server. If Renew has failed when T2 expires, it it is time for the client to Rebind. Restarting the process from scratch discovering all DHCP Servers available and then hopefully select one to send a Request if a server replied with a RA.


http://tools.ietf.org/html/rfc3315#section-15.7



http://tools.ietf.org/html/rfc3315#section-10





5.1 capture of the two first packets

DHCP SOLICITInternet Protocol Version 6 0110 .... = Version: 6 [0110 .... = This field makes the filter "ip.version == 6" possible: 6] .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 56 Next header: UDP (0x11) Hop limit: 255 Source: fe80::38b1:e73c:c0f0:4442 (fe80::38b1:e73c:c0f0:4442) Destination: ff02::1:2 (ff02::1:2)User Datagram Protocol, Src Port: dhcpv6-client (546), Dst Port: dhcpv6-server

(547) Source port: dhcpv6-client (546) Destination port: dhcpv6-server (547) Length: 56


Illustration 7: Synchronization DHCP with IPv6 Timers


Checksum: 0x86f0 [validation disabled]DHCPv6 Message type: Solicit (1) Transaction-ID: 0x00b33306 Elapsed time option type: 8 option length: 2 elapsed-time: 0 ms Client Identifier option type: 1 option length: 10 DUID type: link-layer address (3) Hardware type: Ethernet (1) Link-layer address: ba:02:42:76:00:08 Option Request option type: 6 option length: 4 Requested Option code: DNS recursive name server (23) Requested Option code: Domain Search List (24) Identity Association for Non-temporary Address option type: 3 option length: 12 IAID: 262145 T1: 0 T2: 0

DHCP ADVERTISEInternet Protocol Version 6 0110 .... = Version: 6 [0110 .... = This field makes the filter "ip.version == 6" possible: 6] .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 102 Next header: UDP (0x11) Hop limit: 255 Source: fe80::2027:9779:3775:5cf8 (fe80::2027:9779:3775:5cf8) Destination: fe80::38b1:e73c:c0f0:4442 (fe80::38b1:e73c:c0f0:4442)User Datagram Protocol, Src Port: dhcpv6-server (547), Dst Port: dhcpv6-client

(546) Source port: dhcpv6-server (547) Destination port: dhcpv6-client (546) Length: 102 Checksum: 0x6db3 [validation disabled]DHCPv6 Message type: Advertise (2) Transaction-ID: 0x00b44306 Server Identifier option type: 2 option length: 10 DUID type: link-layer address (3) Hardware type: Ethernet (1) Link-layer address: ca:03:42:76:00:08



Client Identifier option type: 1 option length: 10 DUID type: link-layer address (3) Hardware type: Ethernet (1) Link-layer address: ca:02:42:76:00:08 Identity Association for Non-temporary Address option type: 3 option length: 40 IAID: 262145 T1: 43200 T2: 69120 IA Address option type: 5 option length: 24 IPv6 address: bad:1:2:2d98:8e14:c0b1:6ef5:8548 Preferred lifetime: 86400 Valid lifetime: 172800 Domain Search List option type: 24 option length: 14 DNS Domain Search List Domain: fredbovy.com

We miss Request and Reply packets in this capture.

5.2 Other CISCO Useful commands

R4>show ipv6 dhcpThis device's DHCPv6 unique identifier(DUID): 00030001CA0342760008R4>show ipv6 dhcp intFastEthernet0/0 is in server mode Using pool: fred Preference value: 0 Hint from client: ignored Rapid-Commit: disabled

R4#show ipv6 dhcp poolDHCPv6 pool: fred Static bindings: Binding for client BADCAF0E IA PD: IA ID not

specified Prefix: DEAD:BEEF::/48 preferred lifetime 604800, validlifetime 2592000 Address allocation prefix: DEAD:BEEF:1:2:3::/64 valid 172800 preferred 86400 (1 in use, 0 conflicts) Domain name: fredbovy.com Active clients: 1

R4#show ipv6 dhcp bindClient: FE80::38B1:E73C:C0F0:4442 DUID: 00030001CA0242760008 Username : unassigned IA NA: IA ID 0x00040001, T1 43200, T2 69120 Address: DEAD:BEEF:1:2:6090:18A5:E017:DE5C preferred lifetime 86400, valid lifetime 172800 expires at Aug 11 2010 03:23 PM (172554 seconds)

hote#show ipv6 dhcp interfaceFastEthernet0/0 is in client mode Prefix State is IDLE Address State is OPEN



Renew for address will be sent in 11:39:08 List of known servers: Reachable via address: FE80::2027:9779:3775:5CF8 DUID: 00030001CA0342760008 Preference: 0 Configuration parameters: IA NA: IA ID 0x00040001, T1 43200, T2 69120 Address: BAD:1:2:FC64:8ECC:593A:15C3:654/128 preferred lifetime 86400, valid lifetime 172800 expires at Aug 11 2010 02:36 PM (171549 seconds) Domain name: fredbovy.com Information refresh time: 0 Prefix Rapid-Commit: disabled Address Rapid-Commit: disabledConfiguration:interface FastEthernet0/0 ipv6 address dhcp

6.0 DHCPV6 STATELESS AUTOCONFIGURATION

In this hybrid mode, DHCPv6 is not used for address allocation but for other (stateless) parameters. Typically RA and SLAAC are used to configure addresses while DHCPv6 is only used to get DNS Domain name, SIP Servers configurations orany other specific configurations.It is stateless because DHCPv6 does not allocate address so it does not have to keep a state for each allocated address in order to recover the address if the client is gone without releasing the lease.A DHCP Lease is provided with two timers T1 and T2. When T1 expires, the client should renew its lease with its DHCP server to say thatit is going to keep it.

When T2 expires and the client has not been able to Renew its address with its server it must rebind, restarting from scratch a DNS Server discovery (Solicit) to find any server able to provide an address.With Stateless DHCP we do not need these timers.The client sends an “Information Request “ message. And the server sends a reply.

7. DHCP PREFIX BASED

In IPv6 it is possible to request a block of addresses instead of a single address. This way when a site is started, it requests a block to the Service Provider and it


http://www.ietf.org/rfc/rfc3633.txt


https://tools.ietf.org/html/rfc3736


configures all its Networks from this block.For instance it request a /56 block which will give it 256 Networks to configure.

8. SUMMARY


Illustration 8: IA PD headers




To summarize, it is possible to combine these methods for instance, receive a Prefixe as a DHCP-PD Client, subnet it and configure the router interfaces. The attached workstation will automatically configure their default gateway and GlobalAddresses from the router RA. Then they can receive additional configuration froma DHCPv6 Stateless server like a SIP Server address


Illustration 9: IPv6 Addressing methods

Neighbor discoverydhcp

Technology

Transcript of Neighbor discoverydhcp