cmpt 471 networking ii address resolution ipv6 neighbor discovery 1© janice regan, 2012
TRANSCRIPT
© Janice Regan, 2006 2Modified from the TCP/IP Guide (online)
ADDRESS RESOLUTION
DUPLICATE ADDRESS DETECTION
NEIGHBOR UNREACHABILITY DETECTION
Neighbor Discovery When a network uses the IPv6 protocol
ARP is replaced with part of the Neighbor Discovery protocol (ND)
ND is a part of the ICMPv6 protocol, which also replaces ICMPv4
Just as ARP has a cache, so does the ND protocol. ND cache holds more information
© Janice Regan, 2012 3
Neighbor cache A set of entries about individual neighbors
to which traffic has been sent recently. unicast IP address link-layer address (Ethernet) flag is the neighbor a router or a host the reachability state the number of unanswered probes the time the next Neighbor Unreachability
Detection event is scheduled© Janice Regan, 2012 4
Entry states in neighbor cache
INCOMPLETE Address resolution in progress
REACHABLE verified up to tens of seconds ago
STALE not known to be reachable but until traffic is sent no verification done
DELAY not known to be reachable, traffic has recently been sent wait for upper-layer protocols to confirm
PROBE no longer known to be reachable send Solicitation probes to verify reachability.
© Janice Regan, 2012 5
Address Resolution: Why When an IPv6 host A wishes to send
application data, the data is encapsulated and passed down through the layers of the protocol stack (Just like IPv4)
To send the Ethernet frame it is necessary to have or to obtain the Ethernet address of the next hop destination (host B), given the IP address of B
© Janice Regan, 2012 6
Address resolution: when Want the link layer address (Ethernet)
corresponding to the IP of B, the next hop, First check the neighbor cache for an entry for the IP of B If there is an entry use the corresponding
Ethernet address If there is no entry in the neighbor cache
then we must perform address resolution.
© Janice Regan, 2012 7
Address resolution: first steps Begin by queuing packet to be sent Then create an entry in the neighbor cache
of A with INCOMPLETE state Contains IP address of the next hop
destination A builds a neighbor solicitation packet. Send the neighbor solicitation packet to the
solicited-node multicast address of B
© Janice Regan, 20128
Neighbor solicitation message
© Janice Regan, 2012 9
TYPE (135) CODE 0 CHECKSUM
RESERVED (set to 0)
IPv6 TARGET ADDRESS (link local IP ADDRESS of B)
OPTIONS (VARIABLE LENGTHEthernet Address of source host A.
VERS 6 TRAFFIC CLASS FLOW LABEL
PAYLOAD LENGTH NEXT HEADER HOP LIMIT 255
IPv6 source address (address of A)
IPv6 destination address (solicited-node multicast address of B)
IPv6 header
Neighbor solicitationMessage(ICMP)
Solicited-node multicast address The solicited-node address can be
determined directly from the IP address Add last 24 bits of IP address to the prefix
ff02::1:ff00:0/104
In the data link layer the equivalent Ethernet address is 33-33-FF-Last 24 bits of IP
© Janice Regan, 2012 10
FF02(16 bits)
0 (72 bits all 0)Last 24 bits
of IP address01 FF
Efficiency of Solicited-node For IPv4 ARP requests are broadcast to reach all nodes
on the local network segment. This means all nodes must process every ARP request to see if their address matches
For IPv6 there are 224 solicited-node multicast addresses that replace the single broadcast address. For any particular host there will be fewer IPv6 requests to
process neighbor solicitations than there would be IPv4 requests to process ARP request messages.
Only 1/224 of the possible addresses will interrupt any given host.
IPv4 hosts are not interrupted at all
© Janice Regan, 2012 11
Address resolution: next step The neighbor solicitation packet is received
by the destination (and perhaps a few other nodes in the same solicited node multicast group, who will process and drop the packet)
The destination host builds a neighbor advertisement packet to respond to the neighbor solicitation.
© Janice Regan, 201212
Neighbor advertisement
© Janice Regan, 2012 13
TYPE (136) CODE 0 CHECKSUM
RESERVED (set to 0)
IPv6 TARGET ADDRESS (Copied from solicitation)
OPTIONS (VARIABLE LENGTH) Ethernet Address of source host (host B).
VERS 6 TRAFFIC CLASS FLOW LABEL
PAYLOAD LENGTH NEXT HEADER HOP LIMIT 255
IPv6 source address (Unicast address of sending interface on B)
IPv6 destination address (unicast IP address of A)
IP header
Neighbor solicitationMessage(ICMP)
R|S|0 S flag is set
Neighbor advertisement R Router flag.
When set, indicates that the sender is a router. The S-bit
For reachability confirmation for Neighbor Unreachability Detection.
It MUST NOT be set in unsolicited unicast advertisements.
O Override flag. When set, the O-bit indicates that the advertisement should override an existing cache entry
© Janice Regan, 2012 14
Address resolution: more steps An entry may be updated or added to the
neighbor cache of B The neighbor advertisement is unicast to
the soliciting host (A) If the advertisement is not received by A
The INCOMPLETE cache entry is dropped
© Janice Regan, 2012 15
Address resolution: final steps If the advertisement is received by A
The soliciting host finishes building the INCOMPLETE entry in the neighbor cache
The entry is then in the REACHABLE state Packets that have been queued waiting
for the link layer address are sent At least one packet must be queue for
address resolution to be initiated
© Janice Regan, 2012 16
Improvements: Detecting failure
Unlike ARP, Neighbor Discovery detects half-link failures Uses Neighbor Unreachability Detection Uses state of the entry in the neighbor
cache Avoids sending traffic to neighbors
with which two-way connectivity is absent.
© Janice Regan, 2012 17
Entry states in neighbor cache
INCOMPLETE Address resolution in progress
REACHABLE verified up to tens of seconds ago
STALE not known to be reachable but until traffic is sent no verification done (an update has been requested)
DELAY not known to be reachable, traffic has recently been sent wait for upper-layer protocols to confirm
PROBE no longer known to be reachable send Solicitation probes to verify reachability.
© Janice Regan, 2012 18
Neighbor Unreachability (1) Each time a packet is received by neighbor A
from neighbor B that indicates active two way communication the neighbor cache entry is set to REACHABLE and the entry lifetime timer is reset. A’s receipt of a TCP packet indicates that B
has received an ACK from A, so two way communication is alive
Receiving unsolicited neighbor advertisements only requires 1-way communications and would not cause changes in the cache
© Janice Regan, 2012 19
Neighbor Unreachability (2) If the entry lifetime timer expires the cache entry
moves from the REACHABLE state to the STALE state.
If the host wants to send a packet to a STALE entry, a delay timer is set when that packet is sent and the host moves into the DELAY state. If no reply is received in DELAY_FIRST_PROBE_TIME
seconds the entry moves into the PROBE state. Otherwise if a reply is received the entry moves back to
the REACHABLE state© Janice Regan, 2012 20
Neighbor Unreachability (3) When an entry enters the PROBE state a neighbor
solicitation is sent If a neighbor advertisement is returned before the
retransmission timer expires the entry moves back to the Reachable and the lifetime timer is reset
Otherwise when the retransmission timer expires the neighbor solicitation is retransmitted. Up to MAX_UNICAST_SOLICIT retransmissions will be tried (until an advertisement is received)
Should no advertisement be received after the maximum number of retransmissions the entry should be deleted.
© Janice Regan, 2012 21
Duplicate Address Detection IPv6 equivalent to gratuitous ARP When a host A is initializing, Duplicate
Address Detection (DAD) allows the host A to check that no other host on the local network segment is already using the IPv6 address it is requesting to use.
A required part of initialization or
reinitialization of any interface
© Janice Regan, 2012 22
DAD: step 1 A builds a neighbor solicitation packet to check if
it’s desired IP address is available The requested IP source address is “tentative” so
IP source address in the solicitation packet is all 0’s,
IP destination address is the solicited node multicast address derived from the target address (next line)
Target address is the requested IPv6 address of A
OPTIONS (data) field contains 0’s
© Janice Regan, 2012 23
DAD Neighbor solicitation
© Janice Regan, 2012 24
TYPE (135) CODE 0 CHECKSUM
RESERVED (set to 0)
IPv6 destination address (A’s requested address)
OPTIONS (VARIABLE LENGTH) NONE
VERS 6 TRAFFIC CLASS FLOW LABEL
PAYLOAD LENGTH NEXT HEADER HOP LIMIT 255
: :
IPv6 destination address (solicited node multicast address of A’s requested address)
IPv6 header
Neighbor solicitationMessage(ICMP)
DAD: step 2 A joins all hosts multicast group A joins the multicast group for the
solicited node multicast address derived from the IP address it is requesting.
A random delay (delay before sending the request to join the multicast groups) is added to distribute load if whole network is initializing at the same time
© Janice Regan, 2012 25
DAD: step 3 To check the tentative address, A sends the
solicitation DupAddrDetectTransmits times. Default DupAddrDetectTransmits=1 Setting DupAddrDetectTransmits=0 turns DAD off
Each transmission is separated by RetransTimer milliseconds.
Retransmission stop when A replying neighbor advertisement arrives RetransTimer millisec after the last retransmission
© Janice Regan, 2012 26
DAD: step 4 (no duplicate) No answering neighbor solicitation packet is
received before probing is complete Probing is complete DupAddrDetectTransmits times
RetransTimer milliseconds after the first retransmission is sent
It has been confirmed that the tentative IP address is unique
The tentative IPv6 address is assigned to the interface and becomes the IPv6 address for the interface
© Janice Regan, 2012 27
DAD: step 4 (duplicate) Host B is already using the requested address.
Host B receives A’s neighbor solicitation. B replies A’s solicitation with an advertisement
Reply is multicast to all nodes address FF02::1 (because source address was : : )
Solicited flag is set (S flag) IPv6 source address is B’s address (also A’s
tentative address) Target is B’s IPv4 address (A requested address) B’s Ethernet address is included as an option
© Janice Regan, 2012 28
DAD Neighbor advertisement
© Janice Regan, 2012 29
TYPE (136) CODE 0 CHECKSUM
RESERVED (set to 0)
IPv6 TARGET ADDRESS (Copy solicitation, A’s requested address)
OPTIONS (VARIABLE LENGTH) (Ethernet Address of host B, which is using the requested address).
VERS 6 TRAFFIC CLASS FLOW LABEL
PAYLOAD LENGTH NEXT HEADER HOP LIMIT 255
IPv6 source address (address requested by A also B’s address)
All nodes multicast address (FF02::1)
IP header
Neighbor solicitationMessage(ICMP)
R|S|0 R|S|0 S flag is set
DAD: step 5 (duplicate) Host B is already using the requested address.
Host B receives A’s neighbor solicitation and replies with a neighbor advertisement
Host A SHOULD log a system management error. Then If the IPv6 address was derived from the Ethernet
address, no packets will be received or sent on the interface (no new IPv6 address will be assigned)
If the IPv6 address was assigned then a new IPv6 address may be assigned and DAD repeated.
© Janice Regan, 2012 30