IPv6 Neighbor Discovery Process Support and Optimization


The IPv6 Neighbor Discovery Process (NDP) uses ICMPv6 messages and solicited-node multicast addresses to determine the link-layer address of a neighbor on the same network (local link), verify the reach-ability of a neighbor, and keep track of neighboring routers. NDP provides the same functionality as ARP in an IPv4 network. NDP has additional features such as auto-configuration of IPv6 addresses and duplicate address detection (DAD).


In an IPv6 Layer 3 network, a Netvisor One vRouter can be configured as a First Hop Router and send Router Advertisements to announce the presence, host configuration parameters, routes, and on-link prefixes. In a Layer 2 network, Netvisor One can enable NDP optimization to prevent flooding of neighbor solicitation messages.


Supported NDP Messages


  • Router Solicitation (ICMPv6 type 133)
  • Router Advertisement (ICMPv6 type 134)
  • Neighbor Solicitation (ICMPv6 type 135)
  • Neighbor Advertisement (ICMPv6 type 136)
  • Redirect (ICMPv6 type 137)


Neighbor Solicitation messages (ICMPv6 Type 135) are sent on the local link by nodes attempting to discover the link-layer addresses of other nodes on the local link. The Neighbor Solicitation message is sent to the solicited-node multicast address. The source address in the neighbor solicitation message is the IPv6 address of the node sending the Neighbor Solicitation message. The Neighbor Solicitation message also includes the link-layer address of the source node.


After receiving a Neighbor Solicitation message, the destination node replies by sending a Neighbor Advertisement message (ICPMv6 Type 136) on the local link. The source address in the Neighbor Advertisement message is the IPv6 address of the node sending the Neighbor Advertisement message; the destination address is the IPv6 address of the node that sent the Neighbor Solicitation message. The data portion of the Neighbor Advertisement message includes the link-layer address of the node sending the Neighbor Advertisement message.


After the source node receives the Neighbor Advertisement, the source node and destination node can communicate.


Neighbor Solicitation messages are also used to verify the reach-ability of a neighbor after the link-layer address of a neighbor is identified. When a node wants to verifying the reach-ability of a neighbor, the destination address in a Neighbor Solicitation message is the unicast address of the neighbor.


Neighbor Advertisement messages are also sent when there is a change in the link-layer address of a node on a local link. When there is such a change, the destination address for the Neighbor Advertisement is the all-nodes multicast address.


Router Advertisement messages (ICMPv6 Type 134) are periodically sent out each IPv6 configured interface of security appliance. The Router Advertisement messages are sent to the all-nodes multicast address.


Router Advertisement messages typically include the following information:


  • One or more IPv6 prefix that nodes on the local link can use to automatically configure their IPv6 addresses.
  • Lifetime information for each prefix included in the advertisement.
  • Sets of flags that indicate the type of auto-configuration (stateless or stateful) that can be completed.
  • Default router information (whether the router sending the advertisement should be used as a default router and, if so, the amount of time (in seconds) the router should be used as a default router).
  • Additional information for hosts, such as the hop limit and MTU a host should use in packets that it originates.
  • The amount of time between neighbor solicitation message re-transmissions on a given link.
  • The amount of time a node considers a neighbor reachable.


Router Advertisements are also sent in response to Router Solicitation messages (ICMPv6 Type 133). Router Solicitation messages are sent by hosts at system startup so that the host can immediately auto-configure without waiting for the next scheduled router advertisement message. Since Router Solicitation messages are usually sent by hosts at system startup, and the host does not have a configured unicast address, the source address in Router Solicitation messages is usually the unspecified IPv6 address (0:0:0:0:0:0:0:0). If the host has a configured unicast address, the unicast address of the interface sending the Router Solicitation message is used as the source address in the message. The destination address in Router Solicitation messages is the all-routers multicast address with a scope of the link. When a Router Advertisement is sent in response to a Router Solicitation message, the destination address in the Router Advertisement message is the unicast address of the source of the Router Solicitation message.


You can configure the following settings for router advertisement messages:


  • The time interval between periodic Router Advertisement messages. The default time interval is 200 seconds with a range of 3 to 1800 seconds or 500 to 1800000 milliseconds if you specify milliseconds.
  • The router lifetime value, which indicates the amount of time IPv6 nodes should consider the switch to be the default router. Valid values range from 0 to 9000 seconds. The default is 1800 seconds. Entering 0 indicates that the switch is not considered a default router on the selected interface.
  • The IPv6 network prefixes in use on the link. In order for stateless auto-configuration to work properly, the advertised prefix length in Router Advertisement messages must always be 64 bits.
  • Whether or not an interface transmits Router Advertisement messages. By default, Router Advertisement messages are automatically sent in response to Router Solicitation messages. If you suppress the Router Advertisement messages, the switch appear as a regular IPv6 neighbor on the link and not as an IPv6 router.


Unless otherwise noted, the Router Advertisement message settings are specific to an interface.


To configure NDP, use the vrouter-interface-config-add command:


CLI (network-admin@Leaf1) > vrouter-interface-config-add


nd-suppress-ra|no-nd-suppress-ra

Control the transmission of IPv6 Router Advertisements

v6-ra-prefix ip-address

IPv6 prefix to include in Router Advertisement

prefix-netmask netmask

IPv6 prefix netmask

autoconf|no-autoconf

given prefix can be used for IPv6 autoconf

ra-interval mseconds

Time interval between IPv6 router advertisements

ra-lifetime seconds

Time for which router is considered as default router