NDP (Neighbour Discovery Protocol)
We touched on broadcast traffic in section 1.6 Part 1 and how it is used for ARP (Address Resolution Protocol). ARP uses the broadcast IPv4 address to send a packet to all devices in the subnet requesting if they have a certain IPv4 address then to respond with the corresponding MAC address.
In IPv6, the concept of broadcast is removed however we still need to learn the layer 2 MAC address to forward frames to. So how do IPv6 enabled hosts learn the MAC addresses of neighbouring devices? Using multicast and NDP.
Multicast traffic is a one to many (if they have joined the multicast group) transmission, and we'll go into multicast groups and scopes further in section 1.9. For now you just need to know the multicast group address ff02::1 which is the all hosts multicast address. All IPv6 devices join this group by default and will process any packets it receives.
Solicited-Node Multicast Addresses
In ARP, the ARP request packet (which is sent to all devices on the broadcast domain) states "Who has 192.168.1.1?" of which the corresponding device will send an ARP response back to the sender with it's MAC address. The device receiving the ARP request packet knows who it is for because it states the IP address in the packet itself. With IPv6 and the NDP packet, it is sent to all devices but how does the IPv6 device know if the packet is destined for them? It uses something called a solicited-node multicast address. We use this address rather than the all hosts multicast address of ff02::1 to make NDP more efficient and remove the requirement for all devices to process traffic not destined to them.
The solicited-node multicast address is automatically generated on every IPv6 device from link-local/unicast addresses. It uses the ff02::1:ff00:0/104 network prefix and the last 6 values from the IPv6 address. A solicited-node multicast address is created for every IPv6 address on the device. See the process for solicited-node multicast address generation below:
Take a look at the below output from a Windows PC with IPv6 enabled:
PS C:\Users\nbpc> netsh interface ipv6 show joins
Interface 1: Loopback Pseudo-Interface 1
Scope References Last Address
---------- ---------- ---- ---------------------------------
0 2 Yes ff02::c
Interface 5: Ethernet
Scope References Last Address
---------- ---------- ---- ---------------------------------
0 0 Yes ff01::1
0 0 Yes ff02::1
0 2 Yes ff02::c
0 4 Yes ff02::fb
0 1 Yes ff02::1:3
0 1 Yes ff02::1:ff10:adce
0 1 Yes ff02::1:ff12:d7ea
0 1 Yes ff02::1:ff5f:5887
PS C:\Users\nbpc> netsh interface ipv6 show addresses
Interface 5: Ethernet
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Public Preferred 29m27s 29m27s fd57:205d:eb73:4f8a:2745:8fd1:565f:5887
Temporary Preferred 29m27s 29m27s fd57:205d:eb73:4f8a:3441:9bcb:f812:d7ea
Other Preferred infinite infinite fe80::2ef2:ba89:3a10:adce%5
Looking at the two outputs above, you can see the 3 IPv6 addresses highlighted in orange, and the 3 solicited-node multicast addresses in blue.
ICMPv6 Types for NDP
NDP uses the ICMPv6 (Internet Control Message Protocol version 6) framework to discover devices on the local subnet. The following extensions of ICMPv6 are used for NDP:
Discovering Neighbour Link Addresses
In order to forward traffic across a local network the sending device still needs to know the MAC address of the destination. Once this is learnt it is stored in the NDP neighbours table (similar to an ARP cache) which is simply a list of IPv6 addresses and their mapped MAC addresses.
If a device isn't listed in the NDP neighbour table, it will need to learn it using NDP. The process is as follows:
-
Send NS packet to the solicited-node multicast address of the destination.
-
Device with matching solicited-node multicast address processes the packet, all other devices drop the packet
-
The device with the matching solicited-node multicast address responds with an NA packet containing MAC address and IPv6 address
-
Device which originally sent the NS packet receives the NA packet and adds the details to the NDP neighbour table
See below for a simplified operation of NDP example when PC1 attempts to ping PC2:
SLAAC (Stateless Address Auto-Configuration)
RS - Router Solicitation
RA - Router Advertisement
IPv6 adds the ability to configure IPv6 addresses to hosts without using a server to keep a track of IPv6 addressing on a network. This is called SLAAC and it is an efficient and mostly configuration-less method of address generation on hosts. How does it work?
-
Administrator enables auto-configuration on the host device
-
Host device send an RS packet into the network with destination all routers multicast (ff02::2)
-
Router receives RS message and responds with RA containing network prefix and link-local address (fe80)
-
Host device calculates an IPv6 address using the network prefix from the RA and configures the default gateway as the link-local address of the router
-
Host performs DAD check (more on this in the next section) twice to confirm if the IPv6 address is not in use elsewhere
-
If the "other-config" flag is set to on, the host will use DHCPv6 to learn other details such as DNS servers etc
Simplified process below:
DAD (Duplicate Address Detection)
DAD is performed during the SLAAC process to ensure that the IPv6 address the device is generating isn't in use elsewhere. Here's how it works:
-
SLAAC is performed (see above)
-
Device sends an NS packet with the destination IPv6 address of it's own tentative solicited-node multicast address with an undefined source address of ::
-
If there is another device on the network with the same IPv6 address that SLAAC is attempting to assign, an NA from that host will be received and the device performing DAD will use another IPv6 address. Because the source address is ::, should an NA be sent it'll be forwarded to the all-nodes multicast group
-
If there are no other devices on the network with the same IPv6 address, no NA will be received and the IPv6 address is considered unique
-
The device performing the DAD check will perform the check twice in case there were any transmission issues on the network
Note that DAD is typically only performed during SLAAC or when an interface comes up to avoid issues caused by duplicate IP addresses on the same subnet. See below a simplified overview of the DAD process: