IPV6 Rules: Leading 0’s can be omitted.
1 or more contiguous all-0’s can be replaced by ::
::/0 – Default route ; ::/128 – unspecified (used by NDP)
Global unicast address : (001 – first 3 bits => all addresses begin 2xxx::/4 or 3xxx::/4)
Starting addresses: 6bone – 3ffe, RIRs – 2001
|
Global routing Prefix (48) |
Subnet ID (16) |
Interface ID (64) |
ð 65535 subnets
::1/128 – Loopback address; FF00::/8 – Multicast; FE80::/10 – Link-local unicast; FEC0::/10 – Site-local unicast
Anycast address: can be any global unicast address – represents a service (the override bit is always set to 0 in the NA)
Multicast
|
Multicast prefix 0xFF (8) |
Flags (4) |
Scope (4) |
Group ID (112) Only last 32 used |
Flags: First 3 bits unused; 0 = permanent, well known, 1 = temporary, admin assigned
Scope: 0×0 reserved, 0×1 node-local, 0×2 link-local, 0×5 site-local, 0×8 org-local, 0xE global
IPV6 Header: Always 40 octets.
|
Ver(4) |
Traffic Class (8) |
Flow Label (20) |
|
Length (20) |
Next Header (8) |
Hop limit (8) |
|
Source address |
||
|
Destination Address |
||
Extension Headers (Next Header) : Hop-by-hop (0), Routing (43), Fragment (44), ESP (50), AH (51), Destination Options (60), No Next Headers (59)
* Hard rule: If hop-hop is used, it should directly follow IPV6 header.
- NDP’s PnP Features: Router discovery, prefix discovery, parameter discover, address auto-config, address resolution (L2->L3), next-hop discovery (router or local n/w), Neighbor unreachability detection, Duplicate address discovery, Redirects.
ICMPv6 (protocol val = 58) is used for NDP. NDP messages are always link-local in scope and hop-limit is set to 255
RA: type 0, code 134, Source = Originator, Dest = unicast/ FF02::1 (all nodes m/c)
M – Managed address – stateful (DHCPv6) /stateless
O – Other stateful options
Router Lifetime: set to 0 if the router is not a default gateway
Reachable time: Instructs the host of neighbor reachability duration
Retransmit time: Instructs host of NS messages retransmit interval
Options: Link-layer i/f address, MTU, prefix info
—-
RS: type 0 , code 133, Source = Originator/ ::/128(no ip yet), Dest = FF02::2 (all routers )
——–
NS: type 0, code 135, Source = originator/ ::/128 (DaD), Dest = unicast/ Solicited-node m/c
—-
NA: type0, code 136, Source = originator, Dest = unicast/ FF02::1(announce new IP)
R- Router, S-solicited, O- override
—-
Redirect: type 0. code 137, source= router sending the redirect, Dest = unicast
Target = Better next hop, Dest = dest n/w for which target is the better next-hop
Options: set using TLVs ; Values = src-link address, target-link address, prefix-info, redirected header, MTU etc.
NDP Cisco configurable options:
ipv6 unicast-routing : automatically send RA on b/c media
ipv6 nd ra interval etc to influence the default settings
Address Auto-configuration: Prefix + mac-to-eui64 0xFFFE is inserted in the middle of the 48 bit mac and the 7th bit U/L is flipped to 1 (Universal)
Duplicate Address Detection:
- New address is classified “tentative”
- NS -> Dest = Solicited-node m/c address : FF02:0:0:0:0:1:FF::/104
Src = ::/128, target = new address
- Conflict => NA to NS requestor
Neighbor address resolution: DNS query -> <- response with /128 bit address, identifies if it is a link-local address or not (in which case it sends it to the router – known from RA).
- looks up neighbor cache, if absent
- enters the address, marks it INCOMPLETE
- sends a NS to the solicited node m/c of the target
- If there is no NA for 3 NS queries, resolution fails. Else the neighbor cache is updated, status : REACHABLE
Privacy addresses: RFC 3401 – to prevent users from being tracked, pseudo random i/f ID
Neighbor cache states: INCOMPLETE, REACHABLE, STALE (reachability time expired), PROBE (to re-establish reachability) sent after a DELAY
Neighbor Unreachability Detection: Two way confirmation – Either upper layer hints or NS in response to a NA or RA (with “s” set)
