IPv6 Neighbor Discovery Protocol
IPv6 introduces the Neighbor Discovery protocol, as described in RFC 2461, Neighbor Discovery for IP Version 6 (IPv6). For
an overview of major Neighbor Discovery features, refer to IPv6 Neighbor Discovery Protocol Overview.
This section discusses the following features of the Neighbor Discovery protocol:
ICMP Messages From Neighbor Discovery
Neighbor Discovery defines five new Internet Control Message Protocol (ICMP) messages. The messages
serve the following purposes:
Router solicitation – When an interface becomes enabled, hosts can send router solicitation messages. The solicitations request routers to generate router advertisements immediately, rather than at their next scheduled time.
Router advertisement – Routers advertise their presence, various link parameters, and various Internet parameters. Routers advertise either periodically, or in response to a router solicitation message. Router advertisements contain prefixes that are used for on-link determination or address configuration, a suggested hop-limit value, and so on.
Neighbor solicitation – Nodes send neighbor solicitation messages to determine the link-layer address of a neighbor. Neighbor solicitation messages are also sent to verify that a neighbor is still reachable by a cached link-layer address. Neighbor solicitations are also used for duplicate address detection.
Neighbor advertisement – A node sends neighbor advertisement messages in response to a neighbor solicitation message. The node can also send unsolicited neighbor advertisements to announce a link-layer address change.
Redirect – Routers use redirect messages to inform hosts of a better first hop for a destination, or that the destination is on the same link.
Autoconfiguration Process
This section provides an overview of the typical steps that are performed by
an interface during autoconfiguration. Autoconfiguration is performed only on multicast-capable links.
A multicast-capable interface is enabled, for example, during system startup of a node.
The node begins the autoconfiguration process by generating a link-local address for the interface.
The link-local address is formed from the Media Access Control (MAC) address of the interface.
The node sends a neighbor solicitation message that contains the tentative link-local address as the target.
The purpose of the message is to verify that the prospective address is not already in use by another node on the link. After verification, the link-local address can be assigned to an interface.
If another node already uses the proposed address, that node returns a neighbor advertisement stating that the address is already in use.
If another node is also attempting to use the same address, the node also sends a neighbor solicitation for the target.
The number of neighbor solicitation transmissions or retransmissions, and the delay between consecutive solicitations, are link specific. You can set these parameters, if necessary.
If a node determines that its prospective link-local address is not unique, autoconfiguration stops. At that point, you must manually configure the link-local address of the interface.
To simplify recovery, you can supply an alternate interface ID that overrides the default identifier. Then, the autoconfiguration mechanism can resume by using the new, presumably unique, interface ID.
When a node determines that its prospective link-local address is unique, the node assigns the address to the interface.
At this point, the node has IP-level connectivity with neighboring nodes. The remaining autoconfiguration steps are performed only by hosts.
Obtaining a Router Advertisement
The next phase of autoconfiguration involves obtaining a router advertisement or determining that
no routers are present. If routers are present, the routers send router advertisements
that specify what type of autoconfiguration a host should perform.
Routers send router advertisements periodically. However, the delay between successive advertisements is generally
longer than a host that performs autoconfiguration can wait. To quickly obtain an
advertisement, a host sends one or more router solicitations to the all-routers multicast
group.
Prefix Configuration Variables
Router advertisements also contain prefix variables with information that stateless address autoconfiguration uses
to generate prefixes. The Stateless Address Autoconfiguration field in router advertisements are processed
independently. One option field that contains prefix information, the Address Autoconfiguration flag, indicates whether
the option even applies to stateless autoconfiguration. If the option field does apply,
additional option fields contain a subnet prefix with lifetime values. These values indicate
the length of time that addresses created from the prefix remain preferred and
valid.
Because routers periodically generate router advertisements, hosts continually receive new advertisements. IPv6-enabled hosts
process the information that is contained in each advertisement. Hosts add to the
information. They also refresh the information that is received in previous advertisements.
Address Uniqueness
For security reasons, all addresses must be tested for uniqueness prior to their
assignment to an interface. The situation is different for addresses that are created
through stateless autoconfiguration. The uniqueness of an address is determined primarily by the
portion of the address that is formed from an interface ID. Thus,
if a node has already verified the uniqueness of a link-local address, additional
addresses need not be tested individually. The addresses must be created from the
same interface ID. In contrast, all addresses that are obtained manually should be
tested individually for uniqueness. System administrators at some sites believe that the overhead
of performing duplicate address detection outweighs its benefits. For these sites, the use of
duplicate address detection can be disabled by setting a per-interface configuration flag.
To accelerate the autoconfiguration process, a host can generate its link-local address, and
verify its uniqueness, while the host waits for a router advertisement. A router
might delay a response to a router solicitation for a few seconds. Consequently,
the total time necessary to complete autoconfiguration can be significantly longer if the
two steps are done serially.
Neighbor Solicitation and Unreachability
Neighbor Discovery uses neighbor solicitation messages to determine if more than one node is
assigned the same unicast address. Neighbor unreachability detection detects the failure of a neighbor or
the failure of the forward path to the neighbor. This detection requires positive
confirmation that packets that are sent to a neighbor are actually reaching that
neighbor. Neighbor unreachability detection also determines that packets are being processed properly by
the node's IP layer.
Neighbor unreachability detection uses confirmation from two sources: upper-layer protocols and neighbor solicitation
messages. When possible, upper-layer protocols provide a positive confirmation that a connection is
making forward progress. For example, when new TCP acknowledgments are received, it is
confirmed that previously sent data has been delivered correctly.
When a node does not get positive confirmation from upper-layer protocols, the node
sends unicast neighbor solicitation messages. These messages solicit neighbor advertisements as reachability confirmation
from the next hop. To reduce unnecessary network traffic, probe messages are sent
only to neighbors to which the node is actively sending packets.
Duplicate Address Detection Algorithm
To ensure that all configured addresses are likely to be unique on a
particular link, nodes run a duplicate address detection algorithm on addresses. The nodes must run
the algorithm before assigning the addresses to an interface. The duplicate address detection
algorithm is performed on all addresses.
The autoconfiguration process that is described in this section applies only to hosts,
and not routers. Because host autoconfiguration uses information that is advertised by routers,
routers need to be configured by some other means. However, routers generate link-local
addresses by using the mechanism that is described in this chapter. In addition,
routers are expected to successfully pass the duplicate address detection algorithm on all
addresses prior to assigning the address to an interface.
Proxy Advertisements
A router that accepts packets on behalf of a target address can
issue non-override neighbor advertisements. The router can accept packets for a target address that
is unable to respond to neighbor solicitations. Currently, the use of proxy
is not specified. However, proxy advertising can potentially be used to handle cases
such as mobile nodes that have moved off-link. Note that the use of
proxy is not intended as a general mechanism to handle nodes that do
not implement this protocol.
Inbound Load Balancing
Nodes with replicated interfaces might need to load balance the reception of incoming
packets across multiple network interfaces on the same link. Such nodes have multiple
link-local addresses assigned to the same interface. For example, a single network driver
can represent multiple network interface cards as a single logical interface that has
multiple link-local addresses.
Load balancing is handled by allowing routers to omit the source link-local address
from router advertisement packets. Consequently, neighbors must use neighbor solicitation messages to learn
link-local addresses of routers. Returned neighbor advertisement messages can then contain link-local addresses
that differ, depending on which issued the solicitation.
Link-Local Address Change
A node that knows its link-local address has been changed can send
out multicast unsolicited, neighbor advertisement packets. The node can send multicast packets to
all nodes to update cached link-local addresses that have become invalid. The sending
of unsolicited advertisements is a performance enhancement only. The detection algorithm for neighbor
unreachability ensures that all nodes reliably discover the new address, though the delay
might be somewhat longer.
Comparison of Neighbor Discovery to ARP and Related IPv4 Protocols
The functionality of the IPv6 Neighbor Discovery protocol corresponds to a combination of
the IPv4 protocols: Address Resolution Protocol (ARP), Internet Control Message Protocol (ICMP) Router
Discovery, and ICMP Redirect. IPv4 does not have a generally agreed on protocol
or mechanism for neighbor unreachability detection. However, host requirements do specify some possible algorithms
for dead gateway detection. Dead gateway detection is a subset of the problems
that neighbor unreachability detection solves.
The following list compares the Neighbor Discovery protocol to the related set of
IPv4 protocols.
Router discovery is part of the base IPv6 protocol set. IPv6 hosts do not need to snoop the routing protocols to find a router. IPv4 uses ARP, ICMP router discovery, and ICMP redirect for router discovery.
IPv6 router advertisements carry link-local addresses. No additional packet exchange is needed to resolve the router's link-local address.
Router advertisements carry site prefixes for a link. A separate mechanism is not needed to configure the netmask, as is the case with IPv4.
Router advertisements enable address autoconfiguration. Autoconfiguration is not implemented in IPv4.
Neighbor Discovery enables IPv6 routers to advertise an MTU for hosts to use on the link. Consequently, all nodes use the same MTU value on links that lack a well-defined MTU. IPv4 hosts on the same network might have different MTUs.
Unlike IPv4 broadcast addresses, IPv6 address resolution multicasts are spread over 4 billion (2^32) multicast addresses, greatly reducing address resolution-related interrupts on nodes other than the target. Moreover, non-IPv6 machines should not be interrupted at all.
IPv6 redirects contain the link-local address of the new first hop. Separate address resolution is not needed on receiving a redirect.
Multiple site prefixes can be associated with the same IPv6 network. By default, hosts learn all local site prefixes from router advertisements. However, routers can be configured to omit some or all prefixes from router advertisements. In such instances, hosts assume that destinations are on remote networks. Consequently, hosts send the traffic to routers. A router can then issue redirects, as appropriate.
Unlike IPv4, the recipient of an IPv6 redirect message assumes that the new next-hop is on the local network. In IPv4, a host ignores redirect messages that specify a next-hop that is not on the local network, according to the network mask. The IPv6 redirect mechanism is analogous to the XRedirect facility in IPv4. The redirect mechanism is useful on non-broadcast and shared media links. On these networks, nodes should not check for all prefixes for local link destinations.
IPv6 neighbor unreachability detection improves packet delivery in the presence of failing routers. This capability improves packet delivery over partially failing or partitioned links. This capability also improves packet delivery over nodes that change their link-local addresses. For example, mobile nodes can move off the local network without losing any connectivity because of stale ARP caches. IPv4 has no corresponding method for neighbor unreachability detection.
Unlike ARP, Neighbor Discovery detects half-link failures by using neighbor unreachability detection. Neighbor Discovery avoids sending traffic to neighbors when two-way connectivity is absent.
By using link-local addresses to uniquely identify routers, IPv6 hosts can maintain the router associations. The ability to identify routers is required for router advertisements and for redirect messages. Hosts need to maintain router associations if the site uses new global prefixes. IPv4 does not have a comparable method for identifying routers.
Because Neighbor Discovery messages have a hop limit of 255 upon receipt, the protocol is immune to spoofing attacks originating from off-link nodes. In contrast, IPv4 off-link nodes can send ICMP redirect messages. IPv4 off-link nodes can also send router advertisement messages.
By placing address resolution at the ICMP layer, Neighbor Discovery becomes more media independent than ARP. Consequently, standard IP authentication and security mechanisms can be used.