IPv6 Neighbor Discovery (ND) is a set of messages and processes that determine relationships between neighboring nodes. ND replaces ARP, ICMP router discovery, and the ICMP Redirect message used in IPv4. ND also provides additional functionality.
ND is used by nodes to:
ND is used by hosts to:
ND is used by routers to:
IPv6 ND processes include the following:
During router discovery, a host discovers the local routers on an attached link. This process is equivalent to ICMPv4 router discovery. For more information, see the "Router Discovery" section in this chapter.
Prefix discovery is the process by which hosts discover the network prefixes for local link destinations. This is similar to the exchange of the ICMPv4 Address Mask Request and Address Mask Reply messages. For more information, see the "Router Discovery" section in this chapter.
The parameter discovery process enables hosts to discover additional operating parameters, including the link MTU and the default hop limit for outgoing packets. For more information, see the "Router Discovery" section in this chapter.
During address autoconfiguration, IP addresses are configured for interfaces in either the presence or absence of a stateful address configuration server, such as a Dynamic Host Configuration Protocol version 6 (DHCPv6) server. For more information, see Chapter 8, "Address Autoconfiguration."
Address resolution is the process by which nodes resolve a neighbor's IPv6 address to its link-layer address. It is equivalent to ARP in IPv4. For more information, see the "Address Resolution" section in this chapter.
During next-hop determination, a node determines the IPv6 address of the neighbor to which a packet is being forwarded, based on the destination address. The next-hop address is either the destination address or the address of an on-link default router. For more information, see "Host Sending Algorithm" in this chapter.
The neighbor unreachability detection process is the means by which a node determines that the IPv6 layer of a neighbor is no longer receiving packets. For more information, see the "Neighbor Unreachability Detection" section in this chapter.
During duplicate address detection, a node determines that an address considered for use is not already in use by a neighboring node. This process is equivalent to using gratuitous ARP frames in IPv4. For more information, see the "Duplicate Address Detection" section in this chapter.
The redirect function is the process of informing a host of a better first-hop IPv6 address to reach a destination. It is equivalent to the use of the ICMPv4 Redirect message. For more information, see the "Redirect Function" section in this chapter.
ND is described in RFC 2461.
ND messages use the ICMPv6 message structure and ICMPv6 types 133 through 137. ND messages consist of an ND message header, composed of an ICMPv6 header and ND message-specific data, and zero or more ND options. Figure 6-1 shows the format of an ND message.
Figure 6-1. The format of an ND message
There are five different ND messages:
ND message options provide additional information, indicating MAC addresses, on-link network prefixes, on-link MTU information, redirection data, mobility information, and specific routes.
To ensure that ND messages that are received have originated from a node on the local link, all ND messages are sent with a hop limit of 255. When an ND message is received, the Hop Limit field in the IPv6 header is checked. If it is not set to 255, the message is silently discarded. Verifying that the ND message has a hop limit of 255 provides protection from ND-based network attacks that are launched from off-link nodes. With a hop limit of 255, a router could not have forwarded the ND message from an off-link node.