IPv6 Neighbor Discovery Process Support and Optimization

The IPv6 Neighbor Discovery Process (NDP) uses ICMPv6 messages and solicited-node multicast addresses to determine the link-layer address of a neighbor on the same network (local link), verify the reachability of a neighbor, and keep track of neighboring routers. NDP provides the same functionality as ARP in an IPv4 network. NDP has additional features such as autoconfiguration of IPv6 addresses and duplicate address detection (DAD).

In an IPv6 Layer 3 network, a Netvisor OS vRouter can be configured as a First Hop Router and send Router Advertisements to announce the presence, host configuration parameters, routes, and on-link prefixes. In a Layer 2 network, Netvisor OS can enable NDP optimization to prevent flooding of neighbor solicitation messages.

Supported NDP Messages

Neighbor Solicitation messages (ICMPv6 Type 135) are sent on the local link by nodes attempting to discover the link-layer addresses of other nodes on the local link. The Neighbor Solicitation message is sent to the solicited-node multicast address. The source address in the neighbor solicitation message is the IPv6 address of the node sending the Neighbor Solicitation message. The Neighbor Solicitation message also includes the link-layer address of the source node.

After receiving a Neighbor Solicitation message, the destination node replies by sending a Neighbor Advertisement message (ICPMv6 Type 136) on the local link. The source address in the Neighbor Advertisement message is the IPv6 address of the node sending the Neighbor Advertisement message; the destination address is the IPv6 address of the node that sent the Neighbor Solicitation message. The data portion of the Neighbor Advertisement message includes the link-layer address of the node sending the Neighbor Advertisement message.

After the source node receives the Neighbor Advertisement, the source node and destination node can communicate.

Neighbor Solicitation messages are also used to verify the reachability of a neighbor after the link-layer address of a neighbor is identified. When a node wants to verifying the reachability of a neighbor, the destination address in a Neighbor Solicitation message is the unicast address of the neighbor.

Neighbor Advertisement messages are also sent when there is a change in the link-layer address of a node on a local link. When there is such a change, the destination address for the Neighbor Advertisement is the all-nodes multicast address.

Router Advertisement messages (ICMPv6 Type 134) are periodically sent out each IPv6 configured interface of security appliance. The Router Advertisement messages are sent to the all-nodes multicast address.

Router Advertisement messages typically include the following information:

Router Advertisements are also sent in response to Router Solicitation messages (ICMPv6 Type 133). Router Solicitation messages are sent by hosts at system startup so that the host can immediately auto-configure without waiting for the next scheduled router advertisement message. Because Router Solicitation messages are usually sent by hosts at system startup, and the host does not have a configured unicast address, the source address in Router Solicitation messages is usually the unspecified IPv6 address (0:0:0:0:0:0:0:0). If the host has a configured unicast address, the unicast address of the interface sending the Router Solicitation message is used as the source address in the message. The destination address in Router Solicitation messages is the all-routers multicast address with a scope of the link. When a Router Advertisement is sent in response to a Router Solicitation message, the destination address in the Router Advertisement message is the unicast address of the source of the Router Solicitation message.

You can configure the following settings for router advertisement messages:

Unless otherwise noted, the Router Advertisement message settings are specific to an interface.

To configure NDP, use the vrouter-interface-config-add command:

CLI network-admin@Leaf1 > vrouter-interface-config-add

nd-suppress-ra|no-nd-suppress-ra

Control the transmission of IPv6 Router Advertisements

v6-ra-prefix ip-address

IPv6 prefix to include in Router Advertisement

prefix-netmask netmask

IPv6 prefix netmask

autoconf|no-autoconf

given prefix can be used for IPv6 autoconf

ra-interval mseconds

Time interval between IPv6 router advertisements

ra-lifetime seconds

Time for which router is considered as default router