Configuring IPv4 and IPv6 Neighbor Discovery Process and Optimization
The IPv6 Neighbor Discovery Process (NDP) uses ICMPv6 messages and solicited-node multicast addresses to determine the link-layer address of a neighbor on the same network (local link), verify the reach-ability of a neighbor, and keep track of neighboring routers. NDP provides the same functionality as ARP in an IPv4 network. NDP has additional features such as auto-configuration of IPv6 addresses and duplicate address detection (DAD).
In an IPv6 Layer 3 network, a NetVisor OS vRouter can be configured as a First Hop Router and send Router Advertisements to announce the presence, host configuration parameters, routes, and on-link prefixes. In a Layer 2 network, NetVisor OS can enable NDP optimization to prevent flooding of neighbor solicitation messages.
Supported NDP Messages
- Router Solicitation (ICMPv6 type 133)
- Router Advertisement (ICMPv6 type 134)
- Neighbor Solicitation (ICMPv6 type 135)
- Neighbor Advertisement (ICMPv6 type 136)
- Redirect (ICMPv6 type 137)
NetVisor OS sends Neighbor Solicitation messages (ICMPv6 Type 135) on the local link by nodes attempting to discover the link-layer addresses of other nodes on the local link. NetVisor OS sends the Neighbor Solicitation message to the solicited-node multicast address. The source address in the neighbor solicitation message is the IPv6 address of the node sending the Neighbor Solicitation message. The Neighbor Solicitation message also includes the link-layer address of the source node.
After receiving a Neighbor Solicitation message, the destination node replies by sending a Neighbor Advertisement message (ICPMv6 Type 136) on the local link. The source address in the Neighbor Advertisement message reflects the IPv6 address of the node sending the Neighbor Advertisement message. The destination address reflects the IPv6 address of the node sending the Neighbor Solicitation message. The data portion of the Neighbor Advertisement message includes the link-layer address of the node sending the Neighbor Advertisement message.
After the source node receives the Neighbor Advertisement, the source node and destination node communicate.
NetVisor OS uses Neighbor Solicitation messages to verify the reach-ability of a neighbor after identifying the link-layer address of a neighbor. When a node requires verification of the reachability of a neighbor, the destination address in a Neighbor Solicitation message includes the unicast address of the neighbor.
NetVisor OS sends Neighbor Advertisement messages when a change occurs in the link-layer address of a node on a local link. When there is such a change, the destination address for the Neighbor Advertisement includes the all-nodes multicast address.
NetVisor OS periodically sendsRouter Advertisement messages (ICMPv6 Type 134) to each IPv6 configured interface of security appliance. NetVisor OS also sends the Router Advertisement messages to the all-nodes multicast address.
Router Advertisement messages typically include the following information:
- One or more IPv6 prefix the nodes use on the local link to automatically configure the IPv6 addresses.
- Lifetime information for each prefix included in the advertisement.
- Sets of flags that indicate the type of auto-configuration (stateless or stateful) that can be completed.
- Default router information (whether the router sending the advertisement should be used as a default router and, if so, the amount of time (in seconds) the router should be used as a default router).
- Additional information for hosts, such as the hop limit and MTU a host should use in origination packets.
- The amount of time between neighbor solicitation message re-transmissions on a given link.
- The amount of time a node considers a neighbor reachable.
NetVisor OS sends Router Advertisements t in response to Router Solicitation messages (ICMPv6 Type 133). Hosts sends Router Solicitation messages at system startup so that the host can immediately auto-configure without waiting for the next scheduled router advertisement message. Router Solicitation messages usually sent by hosts at system startup, and the host does not have a configured unicast address, the source address in Router Solicitation messages includes the unspecified IPv6 address (0:0:0:0:0:0:0:0). If the host has a configured unicast address, the source address in the message uses the unicast address of the interface sending the Router Solicitation message. The destination address in Router Solicitation messages uses the all-routers multicast address with a scope of the link. When sending a Router Advertisement in response to a Router Solicitation message, the destination address in the Router Advertisement message uses the unicast address of the source of the Router Solicitation message.
Configure the following settings for router advertisement messages:
- The time interval between periodic Router Advertisement messages. NetVisor OS uses the default time interval of 200 seconds with a range of 3 to 1800 seconds or 500 to 1800000 milliseconds if you specify milliseconds.
- The router lifetime value, which indicates the amount of time IPv6 nodes should consider the switch to be the default router. Valid values range from 0 to 9000 seconds. NetVisor OS has a default value of 1800 seconds. Entering 0 indicates that the switch is not considered a default router on the selected interface.
- The IPv6 network prefixes in use on the link. In order for stateless auto-configuration to work properly, the advertised prefix length in Router Advertisement messages must always be 64 bits.
- Whether or not an interface transmits Router Advertisement messages. By default, NetVisor OS automatically sends Router Advertisement messages in response to Router Solicitation messages. If you suppress the Router Advertisement messages, the switch appear as a regular IPv6 neighbor on the link and not as an IPv6 router.
Unless otherwise noted, the interface has specific the Router Advertisement message settings.
To configure NDP, use the vrouter-interface-config-add command:
CLI (network-admin@switch) > vrouter-interface-config-add
vrouter-name name-string |
Specify the name of the service configuration. |
Specify one of the options below: |
Options: |
nic vrouter if-list nic |
Specify the vnic name. |
ospf-hello-interval <1..65535> |
Specify the OSPF hello interval from 1 to 65535. The default value is 10 (IPv4 or IPv6). |
ospf-dead-interval <2..65535> |
Specify the OSPF dead interval from 2 to 65535. The default value is 40 (IPv4 or IPv6). |
ospf-retransmit-interval <3..65535> |
Specify the OSPF retransmit interval from 3 to 65535. The default value is 5 (IPv4 or IPv6). |
ospf-priority <0..255> |
Specify the OSPF priority from 0 to 255. The default value is 1 (IPv4 or IPv6). |
ospf-auth-key ospf-auth-key-string |
Specify the OSPF authentication key (IPv4 only). |
ospf-cost <0..65535> |
Specify the OSPF Cost (IPv4 or IPv6). |
ospf-msg-digest-id <0..255> |
Specify the OSPF digest ID from 0 to 255 (IPv4 only). |
ospf-msg-digest-key ospf-msg-digest-key-string |
Specify the OSPF message digest key (IPv4 only). |
ospf-passive-if|no-ospf-passive-if |
Specify the OSPF passive interface (IPv4 or IPv6). |
ospf-network-type default|point-to-point |
Specify the OSPF network type (IPv4 or IPv6). |
ospf-bfd default|enable|disable |
Specify the BFD protocol support for OSPF fault detection. |
bfd-interval <200..3000> |
Specify the BFD desired transmit interval from 200 ms to 3000 ms. The default value is 750 ms. |
bfd-min-rx <200..3000> |
Specify the BFD required minimum receive interval from 200 ms to 3000 ms. The default value is 500 ms. |
bfd-multiplier <1..20> |
Specify the BFD detection multiplier from 1 to 20. The default value is 3. |
nd-suppress-ra|no-nd-suppress-ra |
Control the transmission of IPv6 Router Advertisements. |
ra-interval <1..1800> |
Specify the time interval between ipv6 router advertisements. |
ra-lifetime <0..9000> |
Specify the time for which router is considered as default router. |