Understanding Ipv6

The ND protocol provides message exchanges for the following processes:

• Address resolution (including duplicate address detection)
• Router discovery (includes prefix and parameter discovery)
• Neighbor unreachability detection
• Redirect function

For information about address autoconfiguration, see Chapter 8, "Address Autoconfiguration." For information about next-hop determination, see the "Host Sending Algorithm" section in this chapter.

Conceptual Host Data Structures

To facilitate interactions between neighboring nodes, RFC 2461 defines the following conceptual host data structures as an example of how to store information for ND processes:

• Neighbor cache

  The neighbor cache stores the on-link IP address of each neighbor, its corresponding link-layer address, and an indication of the neighbor's reachability state. The neighbor cache is equivalent to the ARP cache in IPv4.

• Destination cache

  The destination cache stores information on next-hop IP addresses for destinations to which traffic has recently been sent. Each entry in the destination cache contains the destination IP address (either local or remote), the previously resolved next-hop IP address, and the path MTU for the destination.

• Prefix list

  The prefix list contains on-link prefixes. Each entry in the prefix list defines a range of IP addresses for destinations that are directly reachable (neighbors). This list is populated from prefixes advertised by routers using the Router Advertisement message.

• Default router list

  IP addresses corresponding to on-link routers that have sent Router Advertisement messages and are eligible to be default routers are included in the default router list.

Figure 6-19 shows the conceptual host data structures defined in RFC 2461.

Figure 6-19. The conceptual host data structures defined in RFC 2461

RFC 2461 defines these data structures as an example of an IPv6 host conceptual model. An IPv6 implementation is not required to create these exact data structures as long as the external behavior of the host is consistent with RFC 2461. For example, the IPv6 protocol for the Windows .NET Server 2003 family and Windows XP uses a destination cache and neighbor cache. A routing table is used, rather than a prefix list and default router list, to determine the next-hop address for a given destination. For more information about how IPv6 determines the next-hop address using the conceptual RFC 2461 data structures, see the "Host Sending Algorithm" section in this chapter.

To view the destination cache on a computer running a member of the Windows .NET Server 2003 family or Windows XP, type netsh interface ipv6 show destinationcache at a command prompt. To view the neighbor cache, type netsh interface ipv6 show neighbors at a command prompt. To view the routing table, type netsh interface ipv6 show routes at a command prompt.

Address Resolution

The address resolution process for IPv6 nodes consists of an exchange of Neighbor Solicitation and Neighbor Advertisement messages to resolve the link-layer address of the on-link next-hop address for a given destination. The sending host sends a multicast Neighbor Solicitation message on the appropriate interface. The multicast address of the Neighbor Solicitation message is the solicited-node multicast address derived from the target IP address. The Neighbor Solicitation message includes the link-layer address of the sending host in the Source Link-Layer Address option. For information about how a host determines the next-hop address for a destination, see "Host Sending Algorithm" in this chapter.

When the target host receives the Neighbor Solicitation message, it updates its own neighbor cache based on the source address of the Neighbor Solicitation message and the link-layer address in the Source Link-Layer Address option. Next, the target node sends a unicast Neighbor Advertisement to the Neighbor Solicitation sender. The Neighbor Advertisement includes the Target Link-Layer Address option.

After receiving the Neighbor Advertisement from the target, the sending host updates its neighbor cache with an entry for the target based on the information in the Target Link-Layer Address option. At this point, unicast IPv6 traffic between the sending host and the target of the Neighbor Solicitation can be sent.

Address Resolution Example-Part 1

Host A has an Ethernet MAC address of 00-10-5A-AA-20-A2 and a corresponding link-local address of FE80::210:5AFF:FEAA:20A2. Host B has an Ethernet MAC address of 00-60-97-02-6E-A5 and a corresponding link-local address of FE80::260:97FF:FE02:6EA5. To send a packet to Host B, Host A must first use address resolution to resolve Host B's link-layer address.

Based on Host B's IP address, Host A sends a multicast Neighbor Solicitation message to the solicited-node address of FF02::1:FF02:6EA5, as shown in Figure 6-20.

Figure 6-20. The multicast Neighbor Solicitation message

Network Monitor Capture

Here is the Neighbor Solicitation message for this example as displayed by Network Monitor (frame 1 of capture 06_01 in the \NetworkMonitorCaptures folder on the companion CD-ROM):

+ Frame: Base frame properties + ETHERNET: EType = IPv6 ETHERNET: Destination address : 3333FF026EA5 ETHERNET: Source address : 00105AAA20A2 ETHERNET: Frame Length : 86 (0x0056) ETHERNET: Ethernet Type : 0x86DD ETHERNET: Ethernet Data: Number of data bytes remaining = 72 (0x0048) IP6: Proto = ICMP6; Len = 32 IP6: Version = 6 (0x6) IP6: Traffic Class = 0 (0x0) IP6: Flow Label = 0 (0x0) IP6: Payload Length = 32 (0x20) IP6: Next Header = 58 (ICMP6) IP6: Hop Limit = 255 (0xFF) IP6: Source Address = fe80::210:5aff:feaa:20a2 IP6: Destination Address = ff02::1:ff02:6ea5 IP6: Payload: Number of data bytes remaining = 31 (0x001F) ICMP6: Neighbor Solicitation; Target = fe80::260:97ff:fe02:6ea5 ICMP6: Type = 135 (Neighbor Solicitation) ICMP6: Code = 0 (0x0) ICMP6: Checksum = 0x0F35 ICMP6: Reserved ICMP6: Target Address = fe80::260:97ff:fe02:6ea5 ICMP6: Source Link-Layer Address = 00 10 5A AA 20 A2 ICMP6: Type = 1 (0x1) ICMP6: Length = 1 (0x1) ICMP6: Source Link-Layer Address = 00 10 5A AA 20 A2

Address Resolution Example-Part 2

Host B, having registered the multicast MAC address of 33-33-FF-02-6E-A5 with its Ethernet adapter, receives and processes the Neighbor Solicitation message. Host B responds with a unicast Neighbor Advertisement message, as shown in Figure 6-21.

Figure 6-21. The unicast Neighbor Advertisement

Network Monitor Capture

Here is the Neighbor Advertisement message for this example as displayed by Network Monitor (frame 2 of capture 06_01 in the \NetworkMonitorCaptures folder on the companion CD-ROM):

+ Frame: Base frame properties + ETHERNET: EType = IPv6 + ETHERNET: Destination address : 00105AAA20A2 + ETHERNET: Source address : 006097026EA5 ETHERNET: Frame Length : 86 (0x0056) ETHERNET: Ethernet Type : 0x86DD ETHERNET: Ethernet Data: Number of data bytes remaining = 72 (0x0048) IP6: Proto = ICMP6; Len = 32 IP6: Version = 6 (0x6) IP6: Traffic Class = 0 (0x0) IP6: Flow Label = 0 (0x0) IP6: Payload Length = 32 (0x20) IP6: Next Header = 58 (ICMP6) IP6: Hop Limit = 255 (0xFF) IP6: Source Address = fe80::260:97ff:fe02:6ea5 IP6: Destination Address = fe80::210:5aff:feaa:20a2 IP6: Payload: Number of data bytes remaining = 32 (0x0020) ICMP6: Neighbor Advertisement; Target = fe80::260:97ff:fe02:6ea5 ICMP6: Type = 136 (Neighbor Advertisement) ICMP6: Code = 0 (0x0) ICMP6: Checksum = 0x89AC ICMP6: 0............................... = Not router ICMP6: .1.............................. = Solicited ICMP6: ..1............................. = Override ICMP6: Target Address = fe80::260:97ff:fe02:6ea5 ICMP6: Target Link-Layer Address = 00 60 97 02 6E A5 ICMP6: Type = 2 (0x2) ICMP6: Length = 1 (0x1) ICMP6: Target Link-Layer Address = 00 60 97 02 6E A5

Neighbor Unreachability Detection

A neighboring node is reachable if there has been a recent confirmation that IPv6 packets sent to the neighboring node were received and processed by the neighboring node. Neighbor unreachability does not necessarily verify the end-to-end reachability of the destination. Because a neighboring node can be a host or router, the neighboring node might not be the final destination of the packet. Neighbor unreachability verifies only the reachability of the first hop to the destination.

One of the ways that reachability is confirmed is through the sending of a unicast Neighbor Solicitation message and the receipt of a solicited Neighbor Advertisement message. A solicited Neighbor Advertisement message, which has its Solicited flag set to 1, is sent only in response to a Neighbor Solicitation message. Unsolicited Neighbor Advertisement or Router Advertisement messages are not considered proof of reachability. The exchange of Neighbor Solicitation and Neighbor Advertisement messages confirms only the reachability of the node that sent the Neighbor Advertisement from the node that sent the Neighbor Solicitation. It does not confirm the reachability of the node that sent the Neighbor Solicitation from the node that sent the Neighbor Advertisement.

For example, if Host A sends a unicast Neighbor Solicitation to Host B and Host B sends a solicited unicast Neighbor Advertisement to Host A, Host A considers Host B reachable. Because there is no confirmation in this exchange that Host A actually received the Neighbor Advertisement, Host B does not consider Host A reachable. To confirm reachability of Host A from Host B, Host B must send its own unicast Neighbor Solicitation to Host A and receive a solicited unicast Neighbor Advertisement from Host A.

Here is an example of an exchange of ND messages to establish neighbor reachability by two nodes (HOST_A and HOST_B) for each other as displayed by Network Monitor (capture 06_05 in the \NetworkMonitorCaptures folder on the companion CD-ROM):

1 8.356000 HOST_A HOST_B ICMP6 Neighbor Solicitation; Target = fe80::210:5aff:feaa:20a2 2 8.357000 HOST_B HOST_A ICMP6 Neighbor Advertisement; Target = fe80::210:5aff:feaa:20a2 3 8.527000 HOST_B HOST_A ICMP6 Neighbor Solicitation; Target = fe80::250:daff:fed8:c153 4 8.527000 HOST_A HOST_B ICMP6 Neighbor Advertisement; Target = fe80::250:daff:fed8:c153

In frames 1 and 2, HOST_A establishes the reachability of HOST_B. In frames 3 and 4, HOST_B establishes the reachability of HOST_A.

The Network Monitor frame summary lines have been wrapped for improved readability.

Another method of determining reachability is when upper-layer protocols indicate that the communication using the next-hop address is making forward progress. For TCP traffic, forward progress is determined when acknowledgement segments for sent data are received. The end-to-end reachability confirmed by the receipt of TCP acknowledgments implies the reachability of the first hop to the destination. The TCP module provides these indications to the IPv6 protocol module on an ongoing basis.

Other protocols, such as UDP, might not have a method of determining or indicating the forward progress of communication. In this case, the exchange of Neighbor Solicitation and Neighbor Advertisement messages is used to confirm reachability.

Neighbor Cache Entry States

The reachability of a neighboring node is determined by monitoring the state of the neighboring node's entry in the neighbor cache.

Figure 6-22 shows the states of a neighbor cache entry.

Figure 6-22. The states of a neighbor cache entry

RFC 2461 defines the following states for a neighbor cache entry:

• INCOMPLETE

  IPv6 address resolution, which uses a solicited-node multicast Neighbor Solicitation message, is in progress. The INCOMPLETE state is entered when a new neighbor cache entry is created but does not yet have the node's corresponding link-layer address. The number of multicast neighbor solicitations sent before abandoning the address resolution process and removing the neighbor cache entry is set by a configurable variable. RFC 2461 uses the variable name of MAX_MULTICAST_SOLICIT and recommends a value of 3.

• REACHABLE

  Reachability has been confirmed by receipt of a solicited unicast Neighbor Advertisement message. The neighbor cache entry stays in the REACHABLE state until the number of milliseconds indicated in the Reachable Time field in the Router Advertisement message (or a host default value) elapses. As long as upper layer protocols such as TCP indicate that communication is making forward progress, the entry stays in the REACHABLE state. Each time an indication of forward progress is made, the reachable time for the entry is refreshed.

• STALE

  Reachable time (the duration since the last reachability confirmation was received) has elapsed. The neighbor cache entry goes into the STALE state after the value (milliseconds) in the Reachable Time field in the Router Advertisement message (or a host default value) elapses and remains in this state until a packet is sent to the neighbor. The STALE state is also entered when an unsolicited neighbor advertisement that advertises the link-layer address is received.

• DELAY

  To allow time for upper layer protocols to provide reachability confirmation before sending Neighbor Solicitation messages, the state of the neighbor cache entry enters the DELAY state and waits a configurable period of time. RFC 2461 uses the variable name of DELAY_FIRST_PROBE_TIME and recommends a value of 5 seconds. If no reachability confirmation is received by the delay time, then the entry enters the PROBE state and a unicast Neighbor Solicitation message is sent.

• PROBE

  Reachability confirmation is in progress for a neighbor cache entry that was in either the STALE state or the DELAY state. Unicast Neighbor Solicitation messages are sent at intervals corresponding to the Retransmission Timer field in the Router Advertisement message received by this host (or a default host value). The number of Neighbor Solicitations sent before abandoning the reachability detection process and removing the neighbor cache entry is set by a configurable variable. RFC 2461 uses the variable name of MAX_UNICAST_SOLICITS and recommends a value of 3.

Depending on the IPv6 implementation, any entry can go from any state to the NO ENTRY EXISTS state at any time (not shown in Figure 6-21).

If the unreachable neighbor is a router, the host chooses another router from the default router list and performs both address resolution and neighbor unreachability detection on it.

If a router becomes a host, it should send a multicast Neighbor Advertisement message with the Router flag set to 0. If a host receives a Neighbor Advertisement message from a router where the Router flag is set to 0, the host removes that router from the default router list and, if necessary, chooses another router.

Neighbor Unreachability Detection and Dead Gateway Detection

The TCP/IP (IPv4) protocol for the Windows .NET Server 2003 family and Windows XP supports an algorithm known as dead gateway detection. Dead gateway detection detects the failure of the current default gateway by monitoring the number of failing TCP connections. When 25% of the active TCP connections have failed and been switched to another default gateway, the default gateway of the host is switched to another default gateway.

Dead gateway detection provides some default gateway fault tolerance for hosts on subnets containing multiple default routers. However, dead gateway detection:

• Monitors only TCP traffic. If connectivity fails for other types of traffic, the default gateway is not switched.
• Can cause the default gateway configuration to change when a remote router fails. Remote routers in the path between the host and the destination that fail might also cause TCP connections forwarded along that path to fail and for the host to switch its default gateway. Because dead gateway detection relies on an end-to-end protocol (such as TCP), a host can switch its default gateway even when the current default gateway is fully operational.

Neighbor unreachability detection is an improvement over dead gateway detection because it:

• Provides for host-based default router fault tolerance for all types of traffic, not just TCP. Although forward progress indicators are used for TCP traffic, other protocols can rely on an exchange of Neighbor Solicitation and Neighbor Advertisement messages to determine reachability.
• Detects whether the neighboring default router is operational. Neighbor unreachability detection will not cause the default router configuration to change because of a failing remote router.

Duplicate Address Detection

IPv4 nodes use ARP Request messages and a method called gratuitous ARP to detect a duplicate unicast IPv4 address on the local link. Similarly, IPv6 nodes use the Neighbor Solicitation message to detect duplicate address use on the local link.

With IPv4 gratuitous ARP, the Source Protocol Address and Target Protocol Address fields in the ARP Request message header are set to the IPv4 address for which duplication is being detected. In IPv6 duplicate address detection, the Target Address field in the Neighbor Solicitation message is set to the IPv6 address for which duplication is being detected.

Duplicate address detection differs from address resolution in the following ways:

• In the duplicate address detection Neighbor Solicitation message, the Source Address field in the IPv6 header is set to the unspecified address (::). The address being queried for duplication cannot be used until it is determined that there are no duplicates.
• In the Neighbor Advertisement reply to a duplicate address detection Neighbor Solicitation message, the Destination Address in the IPv6 header is set to the link-local scope all-nodes multicast address (FF02::1). The Solicited flag in the Neighbor Advertisement message is set to 0. Because the sender of the duplicate address detection Neighbor Solicitation message is not using the desired IP address, it cannot receive unicast Neighbor Advertisements. Therefore, the Neighbor Advertisement is multicast.

Upon receipt of the multicast Neighbor Advertisement with the Target Address field set to the IP address for which duplication is being detected, the node disables the use of the duplicate IP address on the interface. If the node does not receive a Neighbor Advertisement that defends the use of the address, it initializes the address on the interface.

An IPv6 node does not perform duplicate address detection for anycast addresses. Anycast addresses are not unique to a node.

Duplicate Address Detection Example-Part 1

Host B has a site-local address of FEC0::2:260:8FF:FE52:F9D8. Host A is attempting to use the site-local address of FEC0::2:260:8FF:FE52:F9D8. However, before Host A can use this address, it must verify its uniqueness through duplicate address detection.

Host A sends a solicited-node multicast Neighbor Solicitation message to the address FF02::1:FF52:F9D8, as shown in Figure 6-23.

Figure 6-23. A multicast Neighbor Solicitation messagefor duplicate address detection

Network Monitor Capture

Here is the Neighbor Solicitation message for this example as displayed by Network Monitor (frame 1 of capture 06_06 in the \NetworkMonitorCaptures folder on the companion CD-ROM):

+ Frame: Base frame properties ETHERNET: ETYPE = IPv6 + ETHERNET: Destination address : 3333FF52F9D8 + ETHERNET: Source address : 00B0D0234733 ETHERNET: Frame Length : 78 (0x004E) ETHERNET: Ethernet Type : 0x86DD ETHERNET: Ethernet Data: Number of data bytes remaining = 64 (0x0040) IP6: Proto = ICMP6; Len = 24 IP6: Version = 6 (0x6) IP6: Traffic Class = 0 (0x0) IP6: Flow Label = 0 (0x0) IP6: Payload Length = 24 (0x18) IP6: Next Header = 58 (ICMP6) IP6: Hop Limit = 255 (0xFF) IP6: Source Address = :: IP6: Destination Address = ff02::1:ff52:f9d8 IP6: Payload: Number of data bytes remaining = 24 (0x0018) ICMP6: Neighbor Solicitation; Target = fec0::2:260:8ff:fe52:f9d8 ICMP6: Type = 135 (Neighbor Solicitation) ICMP6: Code = 0 (0x0) ICMP6: Checksum = 0x7E2F ICMP6: Reserved ICMP6: Target Address = fec0::2:260:8ff:fe52:f9d8

Notice the use of the unspecified address (::) in the Source Address field in the IPv6 header and the lack of the Source Link-Layer Address option.

Duplicate Address Detection Example-Part 2

Host B, having registered the multicast MAC address of 33-33-FF-52-F9-D8 with its Ethernet adapter, receives and processes the Neighbor Solicitation message. Host B notes that the source address is the unspecified address. Host B then responds with a multicast Neighbor Advertisement message, as shown in Figure 6-24.

Figure 6-24. The multicast Neighbor Advertisement message

Network Monitor Capture

Here is the Neighbor Advertisement message for this example as displayed by Network Monitor (frame 2 of capture 06_06 in the \NetworkMonitorCaptures folder on the companion CD-ROM):

+ Frame: Base frame properties ETHERNET: ETYPE = IPv6 + ETHERNET: Destination address : 333300000001 + ETHERNET: Source address : 00600852F9D8 ETHERNET: Frame Length : 86 (0x0056) ETHERNET: Ethernet Type : 0x86DD ETHERNET: Ethernet Data: Number of data bytes remaining =

72 (0x0048) IP6: Proto = ICMP6; Len = 32 IP6: Version = 6 (0x6) IP6: Traffic Class = 0 (0x0) IP6: Flow Label = 0 (0x0) IP6: Payload Length = 32 (0x20) IP6: Next Header = 58 (ICMP6) IP6: Hop Limit = 255 (0xFF) IP6: Source Address = fec0::2:260:8ff:fe52:f9d8 IP6: Destination Address = ff02::1 IP6: Payload: Number of data bytes remaining = 32 (0x0020) ICMP6: Neighbor Advertisement; Target = fec0::2:260:8ff:fe52:f9d8 ICMP6: Type = 136 (Neighbor Advertisement) ICMP6: Code = 0 (0x0) ICMP6: Checksum = 0x4F79 ICMP6: 0............................... = Not router ICMP6: .0.............................. = Not solicited ICMP6: ..1............................. = Override ICMP6: Target Address = fec0::2:260:8ff:fe52:f9d8 ICMP6: Target Link-Layer Address = 00 60 08 52 F9 D8 ICMP6: Type = 2 (0x2) ICMP6: Length = 1 (0x1) ICMP6: Target Link-Layer Address = 00 60 08 52 F9 D8

Notice the use of the link-local scope all-nodes multicast address as the destination address and the values of the Solicited and Override flags.

Router Discovery

Router discovery is the process through which nodes attempt to discover the set of routers on the local link. Router discovery in IPv6 is similar to ICMP router discovery for IPv4 described in RFC 1256. ICMP router discovery is a set of ICMP messages that allow IPv4 hosts to determine the presence of local routers, determine which local router is automatically configured as a default gateway, and to automatically switch to a different router as their default gateway when the current default gateway becomes unavailable.

An important difference between ICMPv4 router discovery and IPv6 router discovery is the mechanism through which a new default router is selected when the current one becomes unavailable. In ICMPv4 router discovery, the Router Advertisement message includes an Advertisement Lifetime field. Advertisement Lifetime is the time after which the router can be considered unavailable. In the worst case, a router can become unavailable and hosts will not attempt to discover a new default router until the Router Advertisement time has elapsed.

IPv6 has a Router Lifetime field in the Router Advertisement message. This field indicates the length of time that the router can be considered a default router. However, if the current default router becomes unavailable, the condition is detected through neighbor unreachability detection instead of the Router Lifetime field in the Router Advertisement message. Because neighbor unreachability detection determines that the router is no longer reachable, a new router is chosen immediately from the default router list or the host sends a Router Solicitation message to determine if additional default routers are present on the link. For more information, see the "Neighbor Unreachability Detection" section in this chapter.

In addition to configuring a default router, IPv6 router discovery also configures the following:

• The default setting for the Hop Limit field in the IPv6 header.
• A determination of whether the node should use a stateful address protocol, such as Dynamic Host Configuration Protocol for IPv6 (DHCPv6), for addresses and other configuration parameters.
• The timers used in neighbor unreachability detection and the retransmission of Neighbor Solicitations.
• The list of network prefixes defined for the link. Each network prefix contains both the IPv6 network prefix and its valid and preferred lifetimes. If indicated, a network prefix combined with the interface identifier creates a stateless IP address configuration for the receiving interface. A network prefix also defines the range of addresses for nodes on the local link.
• The MTU of the local link.
• Specific routes to add to the routing table.

The IPv6 router discovery processes are the following:

• IPv6 routers pseudo-periodically send a Router Advertisement message on the local link advertising their existence as routers. They also provide configuration parameters such as default hop limit, MTU, prefixes, and routes. For more information about how often routers send pseudo-periodic router advertisements, see section 6.2.4 of RFC 2461.
• Active IPv6 hosts on the local link receive the Router Advertisement m essages and use the contents to maintain the default router and prefix lists, autoconfigure addresses, add routes, and configure other parameters.
• A host that is starting sends a Router Solicitation message to the link-local scope all-routers multicast address (FF02::2). If the starting host is already configured with a unicast address, the Router Solicitation is sent with a unicast source address. Otherwise, the Router Solicitation is sent with an unspecified source address (::). Upon receipt of a Router Solicitation message, all routers on the local link send a Router Advertisement message to either the unicast address of the host that sent the Router Solicitation (if the source address of the Router Solicitation is a unicast address), or to the link-local scope all-nodes multicast address (FF02::1) (if the source address of the Router Solicitation message is unspecified). The host receives the Router Advertisement messages and uses their contents to build the default router and prefix lists and set other configuration parameters. The number of Router Solicitations sent before abandoning the router discovery process is set by a configurable variable. RFC 2461 uses the variable name of MAX_RTR_SOLICITATIONS and recommends a value of 3.

Router Discovery Example-Part 1

Host A has the Ethernet MAC address of 00-B0-D0-E9-41-43. The router has an Ethernet MAC address of 00-10-FF-D6-58-C0 and a corresponding link-local address of FE80::210:FFFF:FED6:58C0. To forward packets to off-link destinations, Host A must discover the presence of the router.

As part of the startup process, Host A sends a multicast Router Solicitation message to the address FF02::2 before it has confirmed the use of its corresponding link-local address, as shown in Figure 6-25.

Figure 6-25. The multicast Router Solicitation message

Network Monitor Capture

Here is the Router Solicitation message for this example as displayed by Network Monitor (frame 1 of capture 06_07 in the \NetworkMonitorCaptures folder on the companion CD-ROM):

+ Frame: Base frame properties + ETHERNET: EType = IPv6 + ETHERNET: Destination address : 333300000002 + ETHERNET: Source address : 00B0D0E94143 ETHERNET: Frame Length : 62 (0x003E) ETHERNET: Ethernet Type : 0x86DD ETHERNET: Ethernet Data: Number of data bytes remaining = 48 (0x0030) IP6: Proto = ICMP6; Len = 8 IP6: Version = 6 (0x6) IP6: Traffic Class = 0 (0x0) IP6: Flow Label = 0 (0x0) IP6: Payload Length = 8 (0x8) IP6: Next Header = 58 (ICMP6) IP6: Hop Limit = 255 (0xFF) IP6: Source Address = :: IP6: Destination Address = ff02::2 IP6: Payload: Number of data bytes remaining = 8 (0x0008) ICMP6: Router Solicitation ICMP6: Type = 133 (Router Solicitation) ICMP6: Code = 0 (0x0) ICMP6: Checksum = 0x7BB8 ICMP6: Reserved

Notice the use of the unspecified address (::) as the source and that the Source Link-Layer Address option is not included.

Router Discovery Example-Part 2

The router, having registered the multicast MAC address of 33-33-00-00-00-02 with its Ethernet adapter, receives and processes the Router Solicitation. The router responds with a multicast Router Advertisement message containing configuration parameters and local link prefixes, as shown in Figure 6-26.

Figure 6-26. The unicast Router Advertisement message

Network Monitor Capture

Here is the Router Advertisement message for this example as displayed by Network Monitor (frame 4 of capture 06_07 in the \NetworkMonitorCaptures folder on the companion CD-ROM):

+ Frame: Base frame properties + ETHERNET: EType = IPv6 + ETHERNET: Destination address : 333300000001 + ETHERNET: Source address : 0010FFD658C0 ETHERNET: Frame Length : 142 (0x008E) ETHERNET: Ethernet Type : 0x86DD ETHERNET: Ethernet Data: Number of data bytes remaining = 128 (0x0080) IP6: Proto = ICMP6; Len = 88 IP6: Version = 6 (0x6) IP6: Traffic Class = 7 (0x7) IP6: Flow Label = 0 (0x0) IP6: Payload Length = 88 (0x58) IP6: Next Header = 58 (ICMP6) IP6: Hop Limit = 255 (0xFF) IP6: Source Address = fe80::210:ffff:fed6:58c0 IP6: Destination Address = ff02::1 IP6: Payload: Number of data bytes remaining = 88 (0x0058) ICMP6: Router Advertisement ICMP6: Type = 134 (Router Advertisement) ICMP6: Code = 0 (0x0) ICMP6: Checksum = 0x4DDB ICMP6: Current Hop Limit = 64 (0x40) ICMP6: 0....... = Not managed address config ICMP6: .0...... = Not other stateful config ICMP6: ..0..... = Not a Mobile IP Home Agent ICMP6: Default Router Preference = Medium (0) ICMP6: Router Lifetime = 1800 (0x708) ICMP6: Reachable Time = 0 (0x0) ICMP6: Retransmission Timer = 0 (0x0) ICMP6: Source Link-Layer Address = 00 10 FF D6 58 C0 ICMP6: Type = 1 (0x1) ICMP6: Length = 1 (0x1) ICMP6: Source Link-Layer Address = 00 10 FF D6 58 C0 ICMP6: Prefix = 3ffe:2900:d005:f282:: ICMP6: Type = 3 (0x3) ICMP6: Length = 4 (0x4) ICMP6: Prefix Length = 64 (0x40) ICMP6: 1....... = On-link determination allowed ICMP6: .1...... = Autonomous address configuration ICMP6: ..0..... = No router address ICMP6: ...0.... = Not a site prefix ICMP6: Valid Lifetime = 2592000 (0x278D00) ICMP6: Preferred Lifetime = 604800 (0x93A80) ICMP6: Reserved ICMP6: Site Prefix Length = 0 (0x0) ICMP6: Prefix = 3ffe:2900:d005:f282:: ICMP6: Prefix = fec0:0:0:f282:: ICMP6: Type = 3 (0x3) ICMP6: Length = 4 (0x4) ICMP6: Prefix Length = 64 (0x40) ICMP6: 1....... = On-link determination allowed ICMP6: .1...... = Autonomous address configuration ICMP6: ..0..... = No router address ICMP6: ...0.... = Not a site prefix ICMP6: Valid Lifetime = 2592000 (0x278D00) ICMP6: Preferred Lifetime = 604800 (0x93A80) ICMP6: Reserved ICMP6: Site Prefix Length = 0 (0x0) ICMP6: Prefix = fec0:0:0:f282::

This Router Advertisement contains two prefixes—one for 3FFE:2900:D005:F282::/64 and one for FEC0:0:0:F282::/64. Notice how both the global prefix and the site-local prefix use the same subnet identifier (F282).

Redirect Function

Routers use the redirect function to inform originating hosts of a better first-hop neighbor to which traffic should be forwarded for a specific destination. There are two instances where redirect is used:

1. A router informs an originating host of the IP address of a router available on the local link that is "closer" to the destination. "Closer" is a routing metric function used to reach the destination network segment. This condition can occur when there are multiple routers on a network segment, and the originating host chooses a default router and it is not the better ("closer") one to use to reach the destination.
2. A router informs an originating host that the destination is a neighbor (it is on the same link as the originating host). This condition can occur when the prefix list of a host does not include the prefix of the destination. Because the destination does not match a prefix in the list, the originating host forwards the packet to its default router.

The following steps occur in the IPv6 redirect process:

1. The originating host forwards a unicast packet to its default router.
2. The router processes the packet and notes that the address of the originating host is a neighbor. Additionally, it notes that both the originating host's address and the next-hop address are on the same link.
3. The router sends the originating host a Redirect message. In the Target Address field of the Redirect message is the next-hop address of the node to which the originating host should send subsequent packets addressed to the destination.
4. The router forwards the packet to the appropriate next-hop address, using address resolution if needed to obtain the link-layer address of the next hop.

   For packets redirected to a router, the Target Address field is set to the link-local address of the router. For packets redirected to a host, the Target Address field is set to the destination address of the packet originally sent.

   The Redirect message includes the Redirected Header option. It might also include the Target Link-Layer Address option.

5. Upon receipt of the Redirect message, the originating host updates the destination address entry in the destination cache with the address in the Target Address field. If the Target Link-Layer Address option is included in the Redirect message, its contents are used to create or update the corresponding neighbor cache entry.

Redirect messages are sent only by the first router in the path between the originating host and the destination. Hosts never send Redirect messages and routers never update routing tables based on the receipt of a Redirect message. Like ICMPv6 error messages, Redirect messages are rate limited.

Redirect Example-Part 1

Host A has the Ethernet MAC address of 00-AA-00-11-11-11 and a corresponding link-local address of FE80::2AA:FF:FE11:1111. Host A also has the site-local address of FEC0::1:2AA:FF:FE11:1111. Router 2 has the Ethernet MAC address of 00-AA-00-22-22-22 and a corresponding link-local address of FE80::2AA:FF:FE22:2222. Router 2 also has the site-local address of FEC0::1:2AA:FF:FE22:2222. Router 3 has the Ethernet MAC address of 00-AA-00-33-33-33 and a corresponding link-local address of FE80::2AA:FF:FE33:3333. Router 3 also has the site-local address of FEC0::1:2AA:FF:FE33:3333. Host A sends a packet to an off-link host at FEC0::2:2AA:FF:FE99:9999 (not shown) and uses Router 2 as its current default router. However, Router 3 is the better router to use to reach this destination.

Host A performs address resolution if needed and sends the packet destined to FEC0::2:2AA:FF:FE99:9999 to Router 2, as shown in Figure 6-27.

Figure 6-27. The unicast packet sent to the router

Redirect Example-Part 2

Router 2 receives the packet from Host A and notes that Host A is a neighbor. It also notes that Host A and the next-hop address for the destination are on the same link. To inform Host A that subsequent packets to the destination of FEC0::2:2AA:EE:FE99:9999 should be sent to Router 3, Router 2 performs address resolution if needed and sends a Redirect message to Host A, as shown in Figure 6-28.

Figure 6-28. The Redirect message sent by the router

Redirect Example-Part 3

Based on the contents of its local routing table, Router 2 performs address resolution if needed and forwards the unicast packet received from Host A to Router 3, as shown in Figure 6-29.

Figure 6-29. The unicast packet forwarded by the router