IPv6 NDP.

Slides:



Advertisements
Similar presentations
计算机网络(第 6 版) 第 10 章 下一代因特网.
Advertisements

动态网站开发 【HTTP与网络基础】 李博杰
基于下一代网络的大规模媒体服务 主讲人 邢卫 2006年5月26日.
Rfc3315 Dynamic Host Configuration Protocol for IPv6 (DHCPv6) 組員: 蔡承翰 A 陳鈺璋 A 翁菘㠙 A 指導老師 吳俊興.
第 8 章 IP 基礎與定址.
IPV6技术与物联网应用 贾智平 1.
第 12 章 UDP 與 TCP.
第 4 章 网络层 数学科学学院 冯世斌.
第 4 章 网络层.
计算机网络教程(第 2 版) 第 7 章 网络互连 课件制作人:谢希仁.
快速換手FMIPv6之擷取路由預測機制 指 導 教 授:童 曉 儒 博 士 學 生:宋 仁 誠.
因特网 TCP/IP协议 IP路由技术 Internet接入技术 Internet服务.
Chapter 12 UDP 與 TCP.
DP DHCP原理 ISSUE 1.0.
数据转发过程.
1. 理想的路由算法 有关路由选择协议的几个基本概念 算法必须是正确的和完整的。 算法在计算上应简单。
NetGuru 創新 網路通訊實驗教學解決方案 PART I TCP/IP通訊協定深入剖析/以NetGuru實作
路由器繞送協定- 第三章 路由器動態繞送服務
AODV路由协议的正确性研究 蔡雪莲.
Routing Protocols and Concepts – Chapter 3
Netman Linux 的防火牆設計與應用 Netman
计算机网络 吴功宜 编著 欢迎辞.
The security implications of IPv6
网络安全威胁与防御策略. TCP/IP Protocols  Contains Five Layers  Top three layers contains many protocols  Actual transmission at the physical layer.
An Adaptive Cross-Layer Multi-Path Routing Protocol for Urban VANET
Group multicast fanOut Procedure
實驗8 ICMP協定分析 實驗目的 明瞭ICMP(Internet Control Message Protocol;網際網路控制訊息協定)的工作原理 解析ICMP協定下封包資料傳送的格式。
第一章IPv6 簡介 IPv6, the standard of the Internet Future.
NAT-PT (Network Address Translation-Protocol Translation)
第 12 章 UDP 與 TCP.
Chapter 4 Network Layer (網路層).
IPv6 技術與服務 台東大學 電算中心 郭俊賢 技術師.
计算机网络原理 计算机与信息工程分院 周文峰.
網路技術管理進階班---網路連結 講師 : 陳鴻彬 國立東華大學 電子計算機中心.
第六章 差错与控制报文 (ICMP).
IPv6原理与应用 技术培训中心
Internet Protocol (IP)
32 bit destination IP address
附錄 通訊協定堆疊.
IP協定 (網路層).
大连理工大学网络中心 冯刚 基于IPv6的SIP移动性研究 大连理工大学网络中心 冯刚 CERNET 2005 DaLian.
利用Netflow即時偵測蠕蟲攻擊 報告人:王明輝 報告日期:民國95年11月2日.
第4章 网络互联与广域网 4.1 网络互联概述 4.2 网络互联设备 4.3 广域网 4.4 ISDN 4.5 DDN
在一定程度上 人类的思维产生于 简单个体之间的相互作用 ——Marvin Minsky.
RFC3810 Multicast Listener Discovery Version 2 (MLDv2) for IPv6
第十讲 TCP协议 协议概述 报文段格式 差错控制 流控和拥塞控制 TCP连接管理 TCP性能问题 TCP软件设计 2018/12/7
第七讲 网际协议IP.
NS2 – TCP/IP Simulation How-Wei Wu.
校園網路架構介紹與資源利用 主講人:趙志宏 圖書資訊館網路通訊組.
第5讲 网络层 本讲目的: 概述: 理解网络层服务原理: 因特网的实现实例 网络层的服务 路由选择原理 分层的路由选择 IP协议
第 12 章 UDP 與 TCP 著作權所有 © 旗標出版股份有限公司.
第十三章 TCP/IP 與 Internet 網路連結技術
第13章 IPv6协议.
滕小玲 北京大学计算中心 IPv6技术讲座 现有Internet的基础是IPv4,到目前为止有近20年的历史了。由于Internet的迅猛发展,据统计平均每年Internet的规模就扩大一倍。IPv4的局限性就越来越明显。个人电脑市场的急剧扩大、还有个人移动计算设备的上网、网上娱乐服务的增加、多媒体数据流的加入、以及出于安全性等方面的需求都迫切要求新一代IP协议的出现。
實驗5 IP協定分析 明瞭IP(Internet Protocol;Internet協定)的基礎觀念
傳輸控制協議 /互聯網協議 TCP/IP.
NAT技术讲座 主讲:周旭 大唐电信科技股份有限公司光通信分公司 数据通信部.
Speaker : Chang Kai-Jia Date : 2010/04/26
第 14 章 DHCP 著作權所有 © 旗標出版股份有限公司.
Distance Vector vs Link State
第8章 網際網路協定IPv6介紹與設定 蕭志明老師 CCNA教學.
Chapter 10 Mobile IP TCP/IP Protocol Suite
数据报分片.
Mobile IPv4.
IP Layer Basics, Firewall, VPN, and NAT
Distance Vector vs Link State Routing Protocols
Link Layer &一點點的Physical Layer
IP Layer Basics & Firewall
Routing Protocols and Concepts – Chapter 5
第 4 章 网络层.
Presentation transcript:

IPv6 NDP

Overview IPv6报头 IPv6 NDP的各种报文 IPv6 NDP各种机制 IPv6 PMTU机制

Version(4-bit):IP版本,该字段值为6 Traffic Class(8-bit):流量分类,与IPv4包头的TOS类似 Flow Label(20-bit):流标签,用来标记IPv6数据包的一个流 Payload Length(16-bit):有效载荷的长度,有效载荷为紧跟IPv6包头的 数据包的其他部分 Next Header(8-bit):处理选项字段,分段,安全,移动性,松散源路由, 记录路由等的新方式 Hop Limit:(8-bit):定义IP数据包所能经过的最大跳数,每跳一次将此值减1 Source Address(128-bit):IP数据包的源地址 Destination Address(128-bit):IP数据包的目的地址

IPv6 Flow Label(RFC 1809/3697) Flow的定义:由某一特定的源到某一特定的单播,任意播或者组播目的地的一系列的有次序的被打上标签的数据包 用途:根据IPv6包头的固定字段(flow label option)使IPv6的flow数据包更高效的处理 对于标识flow的需求: 1.一个flow 由{source address ,flow label,destination}标识 2.每个flow的flow label由源节点生成,数据包中的flow label字段为非0,避免多个流复用同一flow label id 对于flow state 建立方法的需求: 1.每种方法必须提供flow state建立后的清除方法 2.如果设备不支持请求的flow state 建立,每种方法能恢复至原来的状态 3.Flow Labeling Requirements To enable Flow Label based classification, source nodes SHOULD assign each unrelated transport connection and application data stream to a new flow. The source node MAY also take part in flow state establishment methods that result in assigning certain packets to specific flows. A source node which does not assign traffic to flows MUST set the Flow Label to zero. To enable applications and transport protocols to define what packets constitute a flow, the source node MUST provide means for the applications and transport protocols to specify the Flow Label values to be used with their flows. The use of the means to specify Flow Label values is subject to appropriate privileges (see section 5.1). The source node SHOULD be able to select unused Flow Label values for flows not requesting a specific value to be used. A source node MUST ensure that it does not unintentionally reuse Flow Label values it is currently using or has recently used when creating new flows. Flow Label values previously used with a specific pair of source and destination addresses MUST NOT be assigned to new flows with the same address pair within 120 seconds of the termination of the previous flow. The source node SHOULD provide the means for the applications and transport protocols to specify quarantine periods longer than the default 120 seconds for individual flows. To avoid accidental Flow Label value reuse, the source node SHOULD select new Flow Label values in a well-defined sequence (e.g., sequential or pseudo-random) and use an initial value that avoids reuse of recently used Flow Label values each time the system restarts. The initial value SHOULD be derived from a previous value stored in non-volatile memory, or in the absence of such history, a randomly generated initial value using techniques that produce good randomness properties [RND] SHOULD be used . 4. Flow State Establishment Requirements To enable flow-specific treatment, flow state needs to be established on all or a subset of the IPv6 nodes on the path from the source to the destination(s). The methods for the state establishment, as well as the models for flow-specific treatment will be defined in separate specifications. To enable co-existence of different methods in IPv6 nodes, the methods MUST meet the following basic requirements: (1) The method MUST provide the means for flow state clean-up from the IPv6 nodes providing the flow-specific treatment. Signaling based methods where the source node is involved are free to specify flow state lifetimes longer than the default 120 seconds. (2) Flow state establishment methods MUST be able to recover from the case where the requested flow state cannot be supported.

IPv6 Extension Header Value Type of Header Hop-by-Hop Options Header 6 Hop-by-Hop Options Header 6 TCP 17 UDP 41 Encapsulated IPv6 Header 43 Routing Header 44 Fragment Header 50 Encapsulating Security Payload 51 Authentication Header 58 ICMPv6 59 No next header 60 Destination Options Header

IPv6 Extension Header 扩展头的排列顺序: 1. Hop-by-Hop Options header 2. Destination Options header (for intermediate destinations when the Routing header is present) 3. Routing header 4. Fragment header 5. Authentication header 6. Encapsulating Security Payload header 7. Destination Options header (for the final destination) 8. 高层协议(TCP,UDP) 注:除了Hop-by-Hop Options header,其它的扩展头在传输过程中, 中间节点不对其做处理,处理扩展头的节点按扩展头顺序处理,而不能挑选某个header

IPv6 Extension Header IPv6 Header Next Header = 6 (TCP) TCP Segment Next Header = 43 (Routing) Routing Header Next Header = 6 (TCP) TCP Segment IPv6 Header Next Header = 43 (Routing) Routing Header Next Header = 51 (AH) Authentication Header Next Header = 6 (TCP) TCP Segment

IPv6 Extension Header Hop-by-Hop 扩展头(type=0): 介绍:该字段由传送路径上的每个节点和路由器读取并处理 用途:主要用于巨型数据包(RFC2675)和路由器警报(RFC 2711),e.g :RSVP,MLD report etc) 报文格式: Next Header(8-bit):标识下一个包头 Hdr ext Len(8-bit):Hop-by-hop option的长度,不统计前1个字节 Options(变长):包含一个或多个TLV Pad1,PadN:用于填充报文Options剩余部分, 对齐报文,以下类似 Next hdr Hdr ext Len Options Options

IPv6 Extension Header Routing Header(type=43) 介绍:在数据包发往目的地的途中,该包头能够被IPv6源节点用来强制数据包经过特定的路由器。当路由类型字段设为0时,在路由包头可以指定中间路由器列表,类似IPv4的松散源路由选项。 用途:主要用于移动IP 报文格式: Next hdr(8-bit):标识下一个包头 Hdr ext Len(8-bit):扩展头长度,不统计前1个字节 Routing type(8-bit):标识路由头类型 Segment Left(8-bit):剩余的seg数目 Type-specific data(变长):由Routing type决定, Routing type=0时该段保留前4bytes,后跟沿途路由器的 address-list Pad1,PadN:用于填充报文Options剩余部分, 对齐报文,以下类似 Next hdr Hdr ext len Seg Left Routing type type-specific data

IPv6 Extension Header Fragment Header(type=44) 介绍:只能源节点用来将大于传输路径的PMTU的数据包进行分段,与IPv4不同,IPv6在源节点进行分段,而不能在中间的节点进行分段(使用PMTU机制进行检测路径最小的MTU) 报文格式: Next Header:标识下一个包头 Resvd:0 Fragment Offset:分片报文的偏移 Res:0 M:1表示more frag,0表示last frag Identification:分片产生的ID,对于发往同一目的的不同分片报文,该ID不同 Next header Resvd Fra offset Res M Identification

数据包的分片: Original IPv6 Packet Unfragmentable part Fragmentable part Fragment header First fragment Unfragmentable part Fragment header Second fragment Unfragmentable part Fragment header Third fragment

数据包的重组: Unfragmentable part Fragment header Fragmentable part Original IPv6 Packet

IPv6 Extension Header Destination Options Header(type=60) 介绍:承载数据包目的节点所需要的可选信息 用途:IETF暂时建议使用该扩展头在移动节点和家乡代理之间交换注册信息 报文格式: Next Header(8-bit):标识下一个包头 Hdr ext Len(8-bit):Hop-by-hop option的长度,不统计前1个字节 Options(变长):包含一个或多个TLV Pad1,PadN:用于填充报文Options剩余部分, 对齐报文,以下类似 Next hdr Hdr ext Len Options Options

IPv6 Extension Header No Next Header(type=59) 介绍:用于表示后面没有扩展头跟该在该扩展头后面 Authentication header(type=51) 介绍:由IPsec使用,以提供认证,数据完整性和重放保护,确保基本IPv6包头中一些字段的保护 Encapsulating Security Payload header(type=50) 介绍:由IPsec使用,以提供认证数据完整性和重放保护和IPv6数据包的保密

IPv4 Header Field Change in IPv6 Version New value of 6 Internet Header Length Removed Type of Service Traffic Class field Total Length Payload Length field Identification Removed to Fragment header Fragmentation Flags Removed to Fragment header Fragment Offset Removed to Fragment header Time to Live Hop Limit field Protocol Next Header field Header Checksum Removed Source Address Same, new 128-bit length Destination Address Same, new 128-bit length Options Removed (extension headers)

IPv6 NDP 1.相关模块: 2.需要用到的地址类型: Router/Prefix Discovery Address Autoconfigration Duplicate Address Detection Address Resolution Host Sending algorithm (for host) Neighbor Unreachability Detection Redirect 2.需要用到的地址类型: 节点组播地址(FF02::1) 路由器组播地址(FF02::2) 被请求节点组播地址(FF02::1:FFXX:XXXX) 本地链路地址(FE80::/10) 未指定地址(::)

IPv6 NDP 3.报文类型: Router Solicitation (type=133) Router Advertisement(type=134) Neighbor Solicitation(type=135) Neighbor Advertisement(type=136) Redirect(type=137)

IPv6 NDP 报文类型 RS报文 介绍:主机发送RS用于向Router请求并使其快速响应发送RA 报文格式: IP包头: ICMP报文: Source Address:接口指定的地址或者未指定地址 Destination Address:FF02::2 Hop Limit :255 Authentication:启用认证时设置 ICMP报文: Type(8-bit): 133 Code(8-bit): 0 Checksum(16-bit):校验和 Reserved(32-bit):保留,置0 Options(变长):目前只定义了一个—Source link-layer address,如果IP头的源地址为未指定地址,则RS中不能包含该项 Type Code Checksum Reserved Options。。。。

IPv6 NDP 报文类型 RA报文 介绍:由Router周期性发送或者实时响应接收到的RS 报文格式: Type Code Source Address:必须为自身的本地链路地址 Destination Address:FF02::1 Hop Limit:255 Authentication Header:启用认证时设置 ICMP报文格式: Type(8-bit):134 Code(8-bit):0 Checksum(16-bit):校验和 Cur Hop Limit(8-bit):在生成IP packet时设置默认值,为0表示未指定 M(1-bit):标识地址信息是否为有状态自动配置机制 O(1-bit):标识除地址信息之外的其他信息是否为有状态自动配置机制 Reserved(6-bit):保留 Router Lifetime:秒为单位,通告host其作为默认路由器的时间,在该时间host接收并应用其RA的option,为0时接收但不应用该RA的option Reachable Time(32-bit):毫秒为单位,通告邻居可达时间,用于邻居不可达检测机制,为0表示未指定 Retrans Time(32-bit):毫秒为单位,通告重传NS的间隔,用于地址解析和邻居不可达检测机制,为0表示未指定 Options(变长):可以添加的Option有Source link-layer address,MTU,Prefix Information Type Code Checksum Rsrvd Cur Hop Limit Router Lifetime M O Reachable time Retrans Timer Options…..

IPv6 NDP 报文类型 NS报文 介绍:NS报文用于请求目标节点的链路层地址,同时为其他节点提供自己的链路层地址,dst-ip为组播时用于地址解析,DAD检测;为单播时用于邻居不可达检测 报文格式: IP包头: Source Address:接口指定的地址或者未指定地址 Destination Address:目标地址对应的被请求节点多播地址或者目标地址 Hop Limit:255 Authentication Header:启用认证时设置 ICMP报文格式: Type(8-bit):135 Code(8-bit):0 Checksum(16-bit):校验和 Reserved(32-bit):保留 Target Address(128-bit):目标地址 Options(变长):可以添加的option有 Source link-layer address,当src-ip为(::)时不能 携带该option,其他src-ip为非(::)目的为组播必须携带 Type Code Checksum Reserved Target Address Options

IPv6 NDP 报文类型 NA报文 介绍:响应接收到的NS或者更快的发送关于本节点的信息 报文格式: IP报文头: ICMP报文头: Source Address:接口指定的地址 Destination Address:为响应NS或者src-ip为非(::),则为NS报文的src-ip,其他为FF02::1 Hop Limit:255 Authentication Header:启用认证时设置 ICMP报文头: Type(8-bit):136 Code(8-bit):0 Checksum(16-bit):校验和 R(1-bit):置1表示该节点为Router,用于在邻居不可达检测中检测Router是否转变成host S(1-bit):Solicited-flag,置1表示响应NS,用于邻居不 可达检测,不能在dst-ip为组播或者非被请求的NA设置 O(1-bit):置1表示NA提示需要更新cache中的链路层地址 Reserved(29bit):保留 Target Address(128-bit):对于响应NS的NA,该字段为NS报文中的Target Address;非响应NS的NA,该字段为链路层地址改变对应的地址(如自己的地址),不能为组播地址

IPv6 NDP 报文类型 NA报文(续) Type Code Checksum R S O Reserved Target Address Options:可选的option有Target link-layer address,即目标节点请求的链路层地址,对于组播请求的NS,必须包含该选项,对于单播请求的NS,应该包含该选项,但不是必须的 Type Code Checksum R S O Reserved Target Address Options….

IPv6 NDP 报文类型 Redirect报文 介绍:通知host通往dst的更优下一跳,或者dst就是本地邻居 报文格式: Type Source Address:接口的本地链路地址 Destination Address:触发重定向的数据包的src-ip Hop Limit:255 Authentication:启用认证时设置 ICMP报文头: Type(8-bit):137 Code(8-bit):0 Checksum(16-bit):校验和 Reserved(32-bit):保留 Target Address:如果为邻居,则Tar Addr与Dst Addr一致;非邻居时必须为最优下一跳的本地链路地址 Destination Address:触发重定向的数据包的dst-ip Options:可选的选项有 Target link-layer address,Redirected Header, Type Code Checksum Reserved Target Address Destination Address Options…..

IPv6 NDP 报文类型 选项报文 注:Length为0的报文必须被丢弃; Source Link-layer Address(1) Target Link-layer Address(2) Prefix Information(3) Redirected Header(4) MTU(5) 注:Length为0的报文必须被丢弃; Length以8 octets为单位(1 octets 为8 bytes) Type Length …..

IPv6 NDP 报文类型 Source/Target Link-layer Address 介绍:包含发送者的链路层地址,用于NS,RS,RA 报文格式: Type(8-bit):1为src LLA,2为tar LLA Length(8-bit):选项长度 Link layer address(变长):链路层地址 Type Length Link-layer Address..

IPv6 NDP 报文类型 Prefix Information 介绍:为地址自动配置机制提供地址前缀信息,仅用于RA 报文格式: Type Type(8-bit):3 Length(8-bit):4 Prefix Len(8-bit):前缀长度,0-128 L(1-bit):为1表示该地址可以访问, 用于报文的收发,为0表示无法访问 A(1-bit):为1表示可以将该前缀用于自动配置, 为0不能将该前缀用于自动配置 Reserved1(6-bit):保留 Valid Lifetime(32-bit):地址的有效生存时间, 超时后该地址变为无效,不能用来转发数据 和接收dst-ip为该地址的报文,置0xffffffff表示无限 Preferred Lifetime(32-bit):地址的优选生存时间, 超时后,仅在节点没有其他可用地址时作为src-ip用于通信 Reserved2(32-bit):保留 Prefix(128-bit):前缀,由前缀长度字段指定其有效的位数 Type Length Pre len L A Rsvd Valid Lifetime Prefered Lifetime Reserved 2 Address Lifetime Expiry A preferred address becomes deprecated when its preferred lifetime expires. A deprecated address SHOULD continue to be used as a source address in existing communications, but SHOULD NOT be used in new communications if an alternate (non-deprecated) address is available and has sufficient scope. IP and higher layers (e.g., TCP, UDP) MUST continue to accept datagrams destined to a deprecated address since a deprecated address is still a valid address for the interface. An implementation MAY prevent any new communication from using a deprecated address, but system management MUST have the ability to disable such a facility, and the facility MUST be disabled by default. An address (and its association with an interface) becomes invalid when its valid lifetime expires. An invalid address MUST NOT be used as a source address in outgoing communications and MUST NOT be recognized as a destination on a receiving interface. Prefix

IPv6 NDP 报文类型 Redirected Header 介绍:用于重定向报文,包含收到的触发重定向的数据报文的信息 报文格式: Type(8-bit):4 Length(8-bit):长度 Reserved(48-bit):保留 IP header+data(变长,但重定向报文整体不超过1280B) Type Length Reserved Reserved IP header + data

IPv6 NDP 报文类型 MTU 介绍:用于通告链路的MTU值,用于RA 报文格式: Type(8-bit):5 Length(8-bit):1(8-octets) Reserved(16-bit):保留 MTU(32-bit):链路MTU值 Type Length Reserved MTU

IPv6 NDP报文类型summary ND 报文 ND Option(s) Router Solicitation Source Link-Layer Address Router Advertisement Source Link-Layer Address Prefix Information MTU Advertisement Interval Home Agent Information Route Information Neighbor Solicitation Source Link-Layer Address Neighbor Advertisement Target Link-Layer Address Redirect Redirected Header Target Link-Layer Address

IPv6 NDP— Router/Prefix Discovery Hop limit的默认值 stateful 和statefuless 地址配置协议 Reachability and retransmission 计时器 本链路的网络前缀 本链路的MTU IPv6 移动性相关信息 路由信息 3.非请求RA发送间隔(MinRtrAdvInterval, MaxRtrAdvInterval): MaxRtrAdvInterval=600s, MinRtrAdvInterval<=0.75*MaxRtrAdvInterval

IPv6 NDP— Router/Prefix Discovery Ethernet Header Destination MAC is 33-33-00-00-00-02 IPv6 Header Source Address is :: Destination Address is FF02::2 Hop limit is 255 Router Solicitation Header Host A MAC: 00-B0-D0-E9-41-43 IP: none  Send multicast Router Solicitation Router Solicitation MAC: 00-10-FF-D6-58-C0 IP: FE80::210:FFFF:FED6:58C0 Router

IPv6 NDP— Router/Prefix Discovery Ethernet Header Destination MAC is 33-33-00-00-00-01 IPv6 Header Source Address is FE80::210:FFFF:FED6:58C0 Destination Address is FF02::1 Hop limit is 255 Router Advertisement Header Current Hop Limit, Flags, Router Lifetime, Reachable and Retransmission Timers Neighbor Discovery Options Source Link-Layer Address is 00-10-FF-D6-58-C0 MTU is 1500 Prefix Information is for 2000:1:2:3::/64 IPv6 NDP— Router/Prefix Discovery Host A MAC: 00-B0-D0-E9-41-43 IP: none Router Advertisement ‚ Send multicast Router Advertisement MAC: 00-10-FF-D6-58-C0 IP: FE80::210:FFFF:FED6:58C0 Router

IPv6 NDP— Address Autoconfiguration(RFC2462) 地址自动配置类型: 1. Stateless 接收RA报文,获取前缀和其他信息 2. Stateful 通过DHCPv6协议获取前缀和其他信息 3. Both 通过DHCPv6协议和接收RA报文获取前缀和其他信息

IPv6 NDP— Address Autoconfiguration(RFC2462) 地址状态类型: Tentative 验证地址唯一性时的状态 Valid 通过验证后,地址唯一,设置valid timer和preferred timer又分为一下两种状态: Preferred state:两个计时器都未超时,节点可以用这个地址接收发送数据 Deprecated state:preferred timer超时,仅在没有其他地址可用的时候才用该地址进行报文的接收发送 Invalid Valid timer 超时,地址变为无效,不能进行报文的接收转发 Valid Tentative Preferred Deprecated Invalid time Preferred Lifetime Valid Lifetime

A B Router Advertisement response received? No Yes Derive link-local address: FE80::[interface ID] Set Hop Limit, Reachable Time, Retrans Timer, MTU. Send multicast Neighbor Solicitation with Target Address set to derived link-local address. Are Prefix Information options present? Yes No A Neighbor Advertisement response received? Yes No Stop address autoconfiguration. B Is Managed Address Configuration flag set to 1? No Yes Initialize link-local address. Send Router Solicitation. Is Other Stateful Configuration flag set to 1? Yes No Use stateful address configuration protocol. Use stateful address configuration protocol. Stop address autoconfiguration.

A B Neighbor Advertisement response Send multicast Neighbor Solicitation with Target Address set to derived stateless address. Neighbor Advertisement response received? No Yes Get first Prefix Information option. Do not initialize stateless address. Go to next Prefix Information option. Is On-Link flag set to 1? Yes No Add prefix to prefix list. Initialize stateless address. Are there more Prefix Information options to process? No Yes Is Autonomous flag set to 1? No Yes B Derive stateless address: Prefix+interface ID

IPv6 NDP— Duplicate Address Detection 使用NS报文来进行DAD: Target Address field 为要验证的地址(Target address option中) 源地址为(::),目的地址为被请求节点组播地址 若地址重复,则检测节点发送NA报文 目的地址为FF02::1

Neighbor Solicitation 验证DAD,组播NS报文 Ethernet Header Dest MAC is 33-33-FF-52-F9-D8 IPv6 Header Source Address is :: Destination Address is FF02::1:FF00:0100 Hop limit is 255 Neighbor Solicitation Header Target Address is 2000:1:2:3::100 Host A Tentative IP: 2000:1:2:3::100  Send multicast Neighbor Solicitation Neighbor Solicitation MAC: 00-60-08-52-F9-D8 IP: 2000:1:2:3::100 Host B

Neighbor Advertisement 地址重复,组播NA报文 Ethernet Header Destination MAC is 33-33-00-00-00-01 IPv6 Header Source Address is 2000:1:2:3::100 Destination Address is FF02::1 Hop limit is 255 Neighbor Advertisement Header Target Address is 2000:1:2:3::100 Neighbor Discovery Option Target Link-Layer Address is 00-60-08-52-F9-D8 Host A Tentative IP: 2000:1:2:3::100 ‚ Send multicast Neighbor Advertisement Neighbor Advertisement MAC: 00-60-08-52-F9-D8 IP: 2000:1:2:3::100 Host B

IPv6 NDP— Address Resolution 介绍:首先,通过组播的NS和单播的NA报文的相互交换来获取下一跳或者目的地址的链路层地址;其次,双方主机更新自己的neighbor cache;然后,发送相关的单播流量 过程见next page

组播的Neighbor Solicitation Ethernet Header Destination MAC is 33-33-FF-02-6E-A5 IPv6 Header Source Address is FE80::210:5AFF:FEAA:20A2 Destination Address is FF02::1:FF02:6EA5 Hop limit is 255 Neighbor Solicitation Header Target Address is FE80::260:97FF:FE02:6EA5 Neighbor Discovery Option Source Link-Layer Address is 00-10-5A-AA-20-A2 Host A MAC: 00-10-5A-AA-20-A2 IP: FE80::210:5AFF:FEAA:20A2  Send multicast Neighbor Solicitation Neighbor Solicitation MAC: 00-60-97-02-6E-A5 IP: FE80::260:97FF:FE02:6EA5 Host B

单播的Neighbor Advertisement Ethernet Header Destination MAC is 00-10-5A-AA-20-A2 IPv6 Header Source Address is FE80::260:97FF:FE02:6EA5 Destination Address is FE80::210:5AFF:FEAA:20A2 Hop limit is 255 Neighbor Advertisement Header Target Address is FE80::260:97FF:FE02:6EA5 Neighbor Discovery Option Target Link-Layer Address is 00-60-97-02-6E-A5 Host A MAC: 00-10-5A-AA-20-A2 IP: FE80::210:5AFF:FEAA:20A2 ‚ Send unicast Neighbor Advertisement Neighbor Advertisement MAC: 00-60-97-02-6E-A5 IP: FE80::260:97FF:FE02:6EA5 Host B

IPv6 NDP— Host Sending algorithm Neighbor cache 保存邻居的on-link的ipv6 地址和起对应的链路层地址,以及可达性状态,与ipv4的ARP cache类似 Destination cache 保存最近发送数据包中目的地址的下一跳信息 Prefix list 保存on-link的前缀列表 Default router list 保存公告自己为默认Router对应的on-link 地址

Host的数据结构(续) Destination Cache Destination Next-Hop Address PMTU Neighbor Cache Link Layer Address Next-Hop Address State Prefix List Default Router List

IPv6 NDP— Host Sending algorithm 基本流程: 1.确定目的地址的下一跳 1)检查destination cache 2)如果目的地址匹配prefix list中的前缀,则下一跳地址即目的地址 3)如果目的地址不匹配prefix list中的前缀,则下一跳地址为默认Router的地址 2.确定下一跳的链路层地址 1)检查neighbor cache 2)若不存在,使用地址解析来获取下一跳地址的链路层地址 3.以下一跳的链路层地址发送该数据包

Check destination cache for an entry matching the destination address. Check neighbor cache for an entry matching the next-hop address. Entry found in destination cache? Yes No Obtain next-hop address from destination cache or care-of destination cache entry. Is next-hop address entry in neighbor cache? Yes No Send packet using link-layer address of neighbor cache entry. Update neighbor cache. Check prefix list for a prefix that matches the destination address. Update destination cache. Use address resolution process to determine the link-layer address of the next-hop address. Does the destination address match a prefix in the prefix list? Yes No Set the next-hop address to the destination address. Is there a default router? No Yes Was address resolution successful? Yes No Indicate an error. Set the next-hop address to the default router address.

IPv6 NDP— Host Sending algorithm IPv4和IPv6的neighbor功能的总结和对比 IPv4 Neighbor Function IPv6 Neighbor Function ARP Request message Neighbor Solicitation message ARP Reply message Neighbor Advertisement message ARP cache Neighbor cache Gratuitous ARP Duplicate address detection Router Solicitation message (optional) Router Solicitation (required) Router Advertisement message (optional) Router Advertisement (required) Redirect message Redirect message

IPv6 NDP— Neighbor Unreachability Detection 邻居节点在以下情况被认为可达: 最近接收了可达性确认报文 主要用于验证通往目的地的下一跳是否可达 可达性主要取决于: 接收到回应单播NS的NA报文 上层协议提示 邻居不可达状态机: INCOMPLETE,REACHABLE,STALE,DELAY,PROBE 相关的计时器: Reachable timer :30,000ms; Retans timer:1,000ms;Delay timer:5s

邻居不可达检测状态机 INCOMPLETE NO ENTRY EXISTS REACHABLE STALE DELAY PROBE Send multicast Neighbor Solicitation INCOMPLETE NO ENTRY EXISTS Unicast Neighbor Solicitation retries exceeded Multicast Neighbor Solicitation retries exceeded Receive solicited Neighbor Advertisement REACHABLE Reachable Time exceeded(30,000ms) or unsolicited Neighbor Advertisement received STALE Reachability confirmed by sending unicast Neighbor Solicitation and receiving solicited Neighbor Advertisement Reachability confirmed by upper layer protocol Send packet 流量驱动 DELAY Delay time exceeded PROBE

IPv6 NDP— Redirect 告知发送数据的源节点通往目的地的更优的下一跳 Redirect 报文包含最优下一跳信息 1. Router告知host该距离目的地更优下一跳 2. Router告知host该目的地为本链路的一个邻居 Redirect 报文包含最优下一跳信息

单播数据包到默认Router  Send unicast packet Host A Router 2 Router 3 Ethernet Header Destination MAC is 00-AA-00-22-22-22 IPv6 Header Source Address is 2000:1::100 Destination Address is 2000:2::100 Host A MAC: 00-AA-00-11-11-11 IP: 2000:1::100 FE80::2AA:FF:FE11:1111 Unicast Packet  Send unicast packet MAC: 00-AA-00-22-22-22 IP: 2000:1::2 FE80::2AA:FF:FE22:2222 MAC: 00-AA-00-33-33-33 IP: 2000:1::3 FE80::2AA:FF:FE33:3333 Router 2 Router 3

Router发送重定向报文到Host ‚ Send unicast Redirect Host A Router 2 Router 3 Ethernet Header Destination MAC is 00-AA-00-11-11-11 IPv6 Header Source Address is FE80::2AA:FF:FE22:2222 Destination Address is 2000:1::100 Hop limit is 255 Redirect Header Target Address is FE80::2AA:FF:FE33:3333 Destination Address is 2000:2::100 Neighbor Discovery Options Target Link-Layer Address is 00-AA-00-33-33-33 Redirected Header Host A MAC: 00-AA-00-11-11-11 IP: 2000:1::100 FE80::2AA:FF:FE11:1111 ‚ Send unicast Redirect Redirect MAC: 00-AA-00-22-22-22 IP: 2000:1::2 FE80::2AA:FF:FE22:2222 MAC: 00-AA-00-33-33-33 IP: 2000:1::3 FE80::2AA:FF:FE33:3333 Router 2 Router 3

Router 转发单播数据报文 Host A Router 2 Router 3 Unicast Ethernet Header Destination MAC is 00-AA-00-33-33-33 IPv6 Header Source Address is 2000:1::100 Destination Address is 2000:2::100 Host A MAC: 00-AA-00-11-11-11 IP: 2000:1::100 FE80::2AA:FF:FE11:1111 Unicast MAC: 00-AA-00-22-22-22 IP: 2000:1::2 FE80::2AA:FF:FE22:2222 MAC: 00-AA-00-33-33-33 IP: 2000:1::3 FE80::2AA:FF:FE33:3333 Router 2 Router 3

IPv6 PMTU 1. 发送节点初始认为MTU为发送数据报文的接口链路的MTU 2. 发送节点发送MTU大小的ipv6 packet 3. 路径中间的router不能转发该ipv6 packet,向源节点发送ICMP Packet Too Big 报文,报文中包含转发失败的链路的MTU 4. 发送节点以接收到ICMP Packet Too Big中的MTU值来重置PMTU,

Set PMTU to destination to link MTU. Send packet at PMTU size. ICMPv6 Packet Too Big message received? Yes No Set PMTU to destination to the value of the MTU field in the Packet Too Big message. Is PMTU to destination less than the link MTU? Has PMTU timer expired?

参考资料: RFC2461(4861) Neighbor discovery for ipv6 RFC2460:IPv6 specification RFC3697:IPv6 Flow label specification RFC1809:Using the Flow label field in IPv6 RFC2675:IPv6 Jumbograms RFC2711:IPv6 Router Alert option RFC2462:IPv6 Stateless Address Autoconfiguration RFC1981:Path MTU Discovery for IP version 6 www.ipv6.com Cisco ipv6网络实现技术

谢谢大家!! 精彩还将继续 To Be Continued… DHCPv6 ,Tunnel..