One of the differences between IPv4 and IPv6 is that we no longer use ARP (Address Resolution Protocol). ND (Neighbor Discovery Protocol) replaces the functionality of ARP. In this lesson, we’ll take a look at how ND works.
ND uses ICMP and solicited-node multicast addresses to discover the layer two address of other IPv6 hosts on the same network (local link). It uses two messages to accomplish this:
- Neighbor solicitation message
- Neighbor advertisement message
Let’s take a closer look at these two messages.
IPv6 Neighbor Solicitation Message
The neighbor solicitation message is used primarily to find the layer two address of another IPv6 address on the local link. It’s also used for DAD (Duplicated Address Detection). In this packet, the source address will be the source address of the host sending the neighbor solicitation. The destination address will be the solicited-node multicast address of the remote host. This message also includes the layer two address of the host sending it. In the ICMP header of this packet, you will find a type value of 135.
Using solicited-node multicast addresses as the destination is far more efficient than IPv4’s ARP requests broadcast to all hosts.
Every IPV6 device will compute a solicited-node multicast address by taking the multicast group address (FF02::1:FF /104) and adding the last six hexadecimal characters from its IPv6 address. It will then join this multicast group address and “listens” to it.
When one host wants to find the layer two address of another host, it will send the neighbor solicitation to the remote host’s solicited node multicast address. It can calculate the solicited-node multicast address of the remote host since it knows about the multicast group address and it knows the IPv6 address that it wants to reach.
The result will be that only the remote host will receive the neighbor solicitation. That’s far more efficient than a broadcast that everyone receives.
IPv6 Neighbor Advertisement Message
Once the remote host receives the neighbor solicitation, it will reply with the neighbor advertisement message. The source address is the IPv6 address of the host, and the destination address is the IPv6 address of the remote host that sent the neighbor solicitation. The most important part is that this message includes the layer two address of the host. The neighbor advertisement message uses type 136 in the ICMPv6 packet header.
Once R1 receives the neighbor advertisement, these two IPv6 hosts will be able to communicate with each other.
Now you have an idea of how IPv6 neighbor discovery works. Let’s see what it looks like on some real devices. I’ll also show you some Wireshark captures. I will use these two routers for this demonstration:
First, we will configure some IPv6 addresses on our routers:
R1 & R2 (config)#interface FastEthernet 0/0 (config-if)#ipv6 enable
Using ipv6 enable is enough to generate some link-local addresses, which is all we need for this exercise. Here are the IPv6 addresses that the routers created:
R1#show ipv6 interface FastEthernet 0/0 | include FE80 IPv6 is enabled, link-local address is FE80::C001:2FF:FE40:0 [TEN]
R2#show ipv6 interface FastEthernet 0/0 | include FE80 IPv6 is enabled, link-local address is FE80::C002:3FF:FEE4:0 [TEN]
To see the neighbor discovery in action, I will enable a debug on both routers: