IPv6 neighbor discovery

By stretch | Thursday, August 28, 2008 at 5:03 a.m. UTC

Neighbor Discovery Protocol (NDP) can be conceptualized as a toolbox used by IPv6 hosts to carry out various link-local operations. NDP itself does not describe a wire-level protocol or packet structure, but rather it establishes directions for accomplishing routine tasks using certain algorithms and five ICMPv6 message types.

Many of the capabilities provided by NDP are very similar to those found in IPv4's ARP and ICMPv4, while others are new implementations available only under IPv6. RFC 4861 describes the nine functions of NDP in detail, but this article should suffice as a high-level review. A packet capture of various IPv6 Neighbor Discovery functions is available if you want to follow along with Wireshark.

Router Discovery

Whereas IPv4 hosts must rely on manual configuration or DHCP to provide the address of a default gateway, IPv6 hosts can automatically locate default routers on the link. This is accomplished through the use of two ICMPv6 messages: Router Solicitation (type 133) and Router Advertisement (type 134). When first joining a link, an IPv6 host multicasts a router solicitation to the all routers multicast group, and each router active on the link responds by sending a router advertisement with its address to the all nodes group.

router_solicitation.png

Router advertisements indicate paths out of the local link, but they also specify additional information necessary to assist other NDP operations.

Prefix Discovery

One of the options typically carried by a router advertisement is the Prefix Information option (type 3). Each prefix information option lists an IPv6 prefix (subnet) reachable on the local link. Remember that it is not uncommon for multiple IPv6 prefixes to reside on the same link, and routers may include more than one prefix in each advertisement. A host which knows what prefixes are reachable on the link can communicate directly with destinations in those prefixes without passing its traffic through a router.

Parameter Discovery

Another option included in router advertisements is the MTU option (type 5), which informs hosts of the IP MTU to use. For example, this value is typically set to 1500 for Ethernet networks. However, not all link types have a standardized MTU size. Including this option ensures all hosts know the correct MTU to use.

Router advertisements also specify the default value hosts should use for the IPv6 hop count. This isn't an option, but a field built into the router advertisement message header.

Address Autoconfiguration

NDP provides mechanisms for a host to automatically configure itself with an address from a prefix learned from a local router through prefix discovery. This is done by concatenating a candidate learned prefix with the EUI-64 address of the host's interface. In this manner, a host can achieve stateless autoconfiguration.

Address Resolution

The function of address resolution was handled by ARP for IPv4, but is handled by ICMPv6 for IPv6. In a process very similar to router discovery, two ICMPv6 messages are used: Neighbor Solicitation (type 135) and Neighbor Advertisement (type 136). A host seeking the link layer address of a neighbor multicasts a neighbor solicitation and the neighbor (if online) responds with its link layer address in a neighbor advertisement.

neighbor_solicitation.png

Next-Hop Determination

As in IPv4, next-hop determination is simply a procedure for performing longest-match lookups on the host routing table and, for off-link destinations, the selection of a default router.

Neighbor Unreachability Detection

NDP is able to determine the reachability of a neighbor by examining clues from upper-layer protocols (for example, received TCP acknowledgments), or by actively reperforming address resolution (via ICMPv6) when certain thresholds are reached.

Duplicate Address Detection

When a host first joins a link, it multicasts neighbor solicitations for its own IPv6 address for a short period before attempting to use that address to communicate. If it receives a neighbor advertisement in response, the host realizes that another neighbor on the link is already using that address. The host will mark the address as a duplicate and will not use it on the link.

Note that this process is similar to IPv4 gratuitous ARP requests, but NDP elegantly allows for detection of two hosts with the same address before both hosts are actively sending traffic from the address.

Redirection

A fifth type of ICMPv6 message, the Redirect (type 137), is used by routers to either point hosts toward a more preferable router, or to indicate that the destination actually resides on link. ICMPv4 provides the same capability with its own redirect message.

redirection.png

About the Author

Jeremy Stretch is a networking engineer and the maintainer of PacketLife.net. He currently lives in the Raleigh-Durham area of North Carolina. Although employed full-time out of necessity, his true passion lies in improving the field of network engineering around the world. You can contact him by email or follow him on Twitter.

Posted in IPv6, Routing

Comments

Dinger (guest) commented on Thursday, August 28, 2008 at 1:40 p.m. UTC

The link for EUI-64 address in the 'address autoconfig' section is broken.

stretch commented on Thursday, August 28, 2008 at 2:33 p.m. UTC

Whoops! Fixed. Thanks for the heads up!

Rodrigo Brazil (guest) commented on Sunday, August 31, 2008 at 1:28 p.m. UTC

Mate, I guess you could write a book with some articles from your blog. I'm sure that it would be widely accepted. Congrats!

TJ (guest) commented on Wednesday, December 24, 2008 at 3:55 p.m. UTC

Very nice write-up!

One nit: Are you sure a redirect triggers a retransmit? I thought the router would forward the packet normally, but also send a redir ... and the host would then make a route table entry for the destination to use the better first hop ... ?

/TJ

peter (guest) commented on Wednesday, July 8, 2009 at 6:24 a.m. UTC

IPV6 has not been fully utilize by many organization due to inability to migration from IPV4 and relaxity by the network administrator to enforce IPV6.

Built commented on Thursday, October 21, 2010 at 9:20 p.m. UTC

Thanks for a good explanation.

Eddie (guest) commented on Friday, February 4, 2011 at 2:49 p.m. UTC

My reading also confirms what TJ said, the redirect message is sent to the original sender, but the original packet is still forwarded to the 'better' next hop.

Additionally, periodic router advertisements (RAs) are sent to the "all nodes" multicast group. However, RA's sent in response to a Router Solicitation (RS) are sent directly, unciast, to the node which sent the RS. The article above implied RA's are always sent to the all nodes group.

Great read other than these two minor points above. Love all the knowledge you have "put to paper" on packetlife.net! Thanks!

missySK11 commented on Tuesday, June 28, 2011 at 3:50 a.m. UTC

Hi everyone!

I wonder if you have any flash files or videos regarding this neighbor discovery.. It would really help me a lot to understand more on this topic..

Thanks..

p/s: does anyone have the IPSO Neighbor Discovery? it's no longer available from IPSO website :(

vadi (guest) commented on Wednesday, July 20, 2011 at 3:41 a.m. UTC

Hi,
It is a good reference of basics on IPv6 ND.

Please refer any VoD or PPT with detailed ND operation.

Thanks
Vadi
k_vadivel@hotmail.com

Andrei (guest) commented on Friday, August 19, 2011 at 5:58 a.m. UTC

Hi,

Thanks, great article.
I am looking for an answer to quite simple problem; may be people who have played with IPv6 can help me.

It is intriguing (or may be it is obvious for someone who knows IPv6 well). I have a classroom of Windows 7 PCs, which work quite happily on IPv4 (access the Internet, other subnets, etc) They have IPv6 installed by default, of course, being W7. Students need to do some basic labs with IPv6, like ping Link-local adresses of their neighbours. The problem is - they can't: Destination host unreachable!
For example: one pc host name is ET300, it's IPv6 link-local address is fe80::e4c3:d187:f8ca:90f7%11, another PC is ET316, it's IPv6 address is fe80::7023:d014:6f27:9f8d%11. They can happily ping each other on IPv4, but not on IPv6. On IPv4 they can access each other's shared drives, RDP, etc. Firewall is disabled on all machines. If I try ping by name (for example: ping ET316 -6 , it resolves name correctly to IPv6 address, but still "Destination host unreachable". I have captured IPv6 packets with Wireshark: i can see Neighbor solicitation messages going from source computer fe80::e4c3:d187:f8ca:90f7 to ff02::1:ff27:9f8d (when I try to ping fe80::7023:d014:6f27:9f8d), but no replies.

I have searched the net for a while, but couldn't find any explanation, which indicates that either something is unusual in my network, or this is normal behaviour of IPv6 (this doesn't make sense to me).

I have set up a few virtual machines using Windows virtual PC. I have got exatly the same problem. what is going on?

If anyone can help me, it would be great.

Andrei (guest) commented on Friday, August 19, 2011 at 6:45 a.m. UTC

Regarding pinging IPv6 link-local addresses on Windows 7:
I have solved the issue. Symantec Endpoint Protection was the cause.

Manouchehr (guest) commented on Friday, December 2, 2011 at 8:09 p.m. UTC

Great!!!

sobu86 (guest) commented on Friday, July 6, 2012 at 11:07 a.m. UTC

Nice writeup.
Very helpful for IPv6 beginners like me !!

Hank (guest) commented on Tuesday, September 18, 2012 at 11:59 a.m. UTC

Excellent job, this is the best article about NDP I can find from internet.

Fahim (guest) commented on Monday, January 28, 2013 at 7:07 p.m. UTC

This saved me reading the long RFC. For all my networking needs your blog is becoming my one stop shop. Thanks.

Leave a Comment


Register to comment as a member. You'll look cooler.

Optional; will not be displayed publicly or given out.

No commercial links. Only personal (e.g. blog, Twitter, or LinkedIn) and/or on-topic links, please.
_____ is a secure alternative to Telnet.