IPv6 ND Configuration Example

Similar documents
Guide to TCP/IP Fourth Edition. Chapter 6: Neighbor Discovery in IPv6

Operation Manual IPv6 H3C S3610&S5510 Series Ethernet Switches Table of Contents. Table of Contents

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

Table of Contents 1 IPv6 Basics Configuration 1-1

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

IPv6 Neighbor Discovery

IPv6 Neighbor Discovery

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

IPv6 Neighbor Discovery

Configuring IPv6 basics

Configuring IPv6 DNS. Introduction to IPv6 DNS. Configuring the IPv6 DNS client. Configuring static domain name resolution

Using ping, tracert, and system debugging

DHCPv6 Overview 1. DHCPv6 Server Configuration 1

Step 2. Manual configuration of global unicast and link-local addresses

IPv6 Stateless Autoconfiguration

HP 6125 Blade Switch Series

H3C S5560S-EI & S5130S-HI[EI] & S5110V2 & S3100V3-EI Switch Series

HP A5830 Switch Series Layer 3 - IP Services. Configuration Guide. Abstract

The term "router" in this document refers to both routers and Layer 3 switches. Step Command Remarks. ipv6 host hostname ipv6-address

IPv6 Neighbor Discovery

IPv6 Client IP Address Learning

IPv6 Associated Protocols. Athanassios Liakopoulos 6DEPLOY IPv6 Training, Skopje, June 2011

IPv6 Neighbor Discovery

Step 2. Manual configuration of global unicast and link-local addresses

H3C S6520XE-HI Switch Series

HPE FlexFabric 5940 Switch Series

H3C S7500E-X OSPF Configuration Examples

HP FlexFabric 5930 Switch Series

Juniper Netscreen Security Device. How to Enable IPv6 Page-51

H3C S10500 IP Unnumbered Configuration Examples

The Study on Security Vulnerabilities in IPv6 Autoconfiguration

Rocky Mountain IPv6 Summit April 9, 2008

Chapter 7: IP Addressing CCENT Routing and Switching Introduction to Networks v6.0

HP 5120 SI Switch Series

Table of Contents 1 System Maintenance and Debugging Commands 1-1

H3C S5120-EI Switch Series

HP 3600 v2 Switch Series

Table of Contents 1 System Maintaining and Debugging 1-1

H3C S12500 VLAN Configuration examples

HP FlexFabric 5930 Switch Series

Setup. Grab a vncviewer like: Or

H3C S6800 Switch Series

H3C S6300 Switch Series

HPE FlexNetwork 5510 HI Switch Series

IPv6 Protocol Architecture

Configuring IPv6 First-Hop Security

Table of Contents 1 System Maintaining and Debugging Commands 1-1

FiberstoreOS IPv6 Service Configuration Guide

H3C S7500E-XS Switch Series

IPv6 associated protocols

Introduction to IPv6 - II

HPE FlexNetwork 5510 HI Switch Series

H3C S5120-EI Switch Series

HPE 5920 & 5900 Switch Series

Command Manual Network Protocol. Table of Contents

Table of Contents 1 IP Addressing Configuration IP Performance Configuration 2-1

The Netwok Layer IPv4 and IPv6 Part 2

tcp ipv6 timer fin-timeout 40 tcp ipv6 timer syn-timeout 40 tcp ipv6 window 41

H3C S3100V2 Switch Series

HPE FlexFabric 7900 Switch Series

IPv6 NEMO. Finding Feature Information. Restrictions for IPv6 NEMO

Veryx ATTEST TM Conformance Test Suite

H3C S5120-EI Series Ethernet Switches. Layer 3 - IP Services. Configuration Guide. Hangzhou H3C Technologies Co., Ltd.

H3C S10500 Switch Series

SecBlade Firewall Cards ARP Attack Protection Configuration Examples

netkit lab IPv6 Neighbor Discovery (NDP)

HPE ArubaOS-Switch IPv6 Configuration Guide YA/YB.16.02

FiberstoreOS IPv6 Security Configuration Guide

H3C S5130-HI Switch Series

Configuring ARP attack protection 1

IPv6 Protocol & Structure. npnog Dec, 2017 Chitwan, NEPAL

HP A3100 v2 Switch Series

HP 5120 EI Switch Series

Ch. 22 Bootstrap And Autoconfiguration (DHCP, NDP or IPv6-ND)

ODL Summit Bangalore - Nov 2016 IPv6 Design in OpenDaylight

H3C S12500-X & S12500X-AF Switch Series

Ping, tracert and system debugging commands

Contents. Ping, tracert, and system debugging commands 1 debugging 1 display debugging 2 ping 2 ping ipv6 5 tracert 7 tracert ipv6 9

DHCP Technology White Paper

IPv6 address configuration and local operation

ArubaOS-Switch IPv6 Configuration Guide for YA/YB.16.04

H3C S7500E-XS Switch Series

IPv6 Snooping. Finding Feature Information. Restrictions for IPv6 Snooping

H3C S3600V2 Switch Series

Operation Manual IP Addressing and IP Performance H3C S5500-SI Series Ethernet Switches. Table of Contents

DHCP Overview. Introduction to DHCP

H3C S6800 Switch Series

H3C S5130-HI Switch Series

ISO 9001:2008. Pankaj Kumar Dir, TEC, DOT

IPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land

Table of Contents 1 DNS Configuration 1-1

Lab - Configuring IPv6 Addresses on Network Devices

DELVING INTO SECURITY

H3C S9800 Switch Series

H3C S5120-HI Switch Series

Troubleshooting DHCP server configuration 28

IPv6 Snooping. Finding Feature Information. Restrictions for IPv6 Snooping

SecBlade Firewall Cards NAT Configuration Examples

Lab Configuring IPv6 Static and Default Routes (Solution)

IRT0030 ANDMESIDE LOENG 4. Indrek Rokk

Transcription:

IPv6 ND Configuration Example Keywords: IPv6 ND Abstract: This document describes the application environment and typical configuration of IPv6 ND. Acronyms: Acronym Full spelling ARP FIB Address Resolution Protocol Forwarding Information Base ICMPv6 Internet Control Message Protocol version 6 IPv6 Internet Protocol version 6 NA ND NS RA RS neighbor advertisement neighbor discovery neighbor solicitation router advertisement router solicitation Hangzhou H3C Technologies Co., Ltd. www.h3c.com 1/9

Table of Contents 1 Feature Overview... 3 2 Application Scenarios... 3 3 IPv6 ND Configuration Example... 4 3.1 Network Requirements... 4 3.2 Configuration Considerations... 4 3.3 Configuration Procedures... 5 3.3.1 Configuration on Device A... 5 3.3.2 Configuration on Device B... 6 3.3.3 Configuration on Host... 7 3.3.4 Verification... 7 4 References... 9 4.1 Protocols and Standards... 9 Hangzhou H3C Technologies Co., Ltd. www.h3c.com 2/9

1 Feature Overview The IPv6 Neighbor Discovery (ND) protocol is a basic IPv6 protocol, which uses five types of ICMPv6 messages, neighbor advertisement (NA), neighbor solicitation (NS), router advertisement (RA), router solicitation (RS), and redirect messages, to identify addresses of and relationships between neighbor nodes, and implement functions including address resolution, neighbor unreachability detection, duplicate address detection, router discovery/prefix discovery, address autoconfiguration, and redirection. The functionality of the IPv6 ND protocol corresponds to a combination of the IPv4 protocols: ARP, ICMP Router Discovery, and ICMP Redirect. In addition, ND delivers a bunch of enhanced functions to ensure device security. 2 Application Scenarios ND is used throughout IPv6 communications. For example, when a node forwards IPv6 packets to another node, or a host exchanges IPv6 address configuration with a router, they use ND to acquire the link-layer address, neighbor reachability, and other necessary information. Hosts use ND to: Discover neighbor routers. Automatically acquire the address prefix and other configuration parameters. Routers use ND to: Advertise their existence, address prefix information, and configuration parameters for hosts. Inform hosts of a better next-hop for a specific destination. In addition, hosts and routers use ND to: Resolve the link-layer addresses of neighbor nodes. Maintain neighbor information based on certain mechanism. Generally, the default ND configuration can satisfy common requirements. However, you need adjust ND parameters on your devices when: The network is unstable or has security vulnerability. The device provides address prefix information for other hosts. Hangzhou H3C Technologies Co., Ltd. www.h3c.com 3/9

3 IPv6 ND Configuration Example 3.1 Network Requirements IPv6 ND Configuration Example As shown in Figure 1, Device A functions as a gateway and advertises address prefix information in network segment 2001::/64. The host automatically configures its IPv6 address on basis of the acquired address prefix to communicate with Device B. Figure 1 Network diagram for IPv6 ND 3.2 Configuration Considerations 1) To enable Device A to advertise the IPv6 address prefix, configure Device A as follows: Enable the IPv6 packet forwarding function and configure an IPv6 address on each interface (required). Disable RA message suppression, and thus Device A can send RA messages through the interface (required). Configure the prefix information in RA messages, and thus the host can use it to configure its IPv6 address automatically (optional; by default, the IPv6 address of the interface through which RA messages are sent is used as the prefix information). Change the M flag in the RA message. If the M flag is set to 1, hosts use stateful autoconfiguration (for example, a DHCP server) to acquire IPv6 addresses. Otherwise, hosts use stateless configuration to acquire IPv6 addresses, that is, hosts configure IPv6 addresses on basis of their link-layer addresses and the prefix information advertised by the router. In this example, the flag is set to 0 (optional; by default, the M flag is set to 0). 2) To enable the host to automatically configure its IPv6 address based on the acquired address prefix information, be sure that the host is IPv6 capable (required). 3) To make the host communicate with Device B, configure Device B as follows: Hangzhou H3C Technologies Co., Ltd. www.h3c.com 4/9

Enable the IPv6 packet forwarding function and configure an IPv6 address on each interface (required). Configure a static route or a dynamic routing protocol to provide a route from Device B to the host (required). 3.3 Configuration Procedures Note: The following configurations are made on devices that are using default settings and verified in a lab environment. When using the following configurations on your devices in a live network, make sure they do not conflict with your current configurations to prevent potential negative impact on your network. This documentation does not correspond to specific software and hardware versions. 3.3.1 Configuration on Device A I. Configuration steps Enable the IPv6 packet forwarding function. <DeviceA> system-view [DeviceA] ipv6 Configure the IPv6 address on Ethernet 1/1. [DeviceA] interface ethernet 1/1 [DeviceA-Ethernet1/1] ipv6 address 2001::1/64 Disable RA message suppression on Ethernet 1/1. [DeviceA-Ethernet1/1] undo ipv6 nd ra halt Specify the advertised address prefix as 2001::/64, its valid lifetime as 86400 seconds, and its preferred lifetime as 3600 seconds. [DeviceA-Ethernet1/1] ipv6 nd ra prefix 2001::/64 86400 3600 [DeviceA-Ethernet1/1] quit Configure the IPv6 address on Ethernet 1/2. [DeviceA] interface ethernet 1/2 [DeviceA-Ethernet1/2] ipv6 address 3001::1/64 [DeviceA-Ethernet1/2] quit Hangzhou H3C Technologies Co., Ltd. www.h3c.com 5/9

II. Configuration file [DeviceA] display current-configuration ipv6 interface Ethernet1/1 port link-mode route ipv6 address 2001::1/64 ipv6 nd ra prefix 2001::/64 86400 3600 undo ipv6 nd ra halt interface Ethernet1/2 port link-mode route ipv6 address 3001::1/64 return 3.3.2 Configuration on Device B I. Configuration steps Enable the IPv6 packet forwarding function. <DeviceB> system-view [DeviceB] ipv6 Configure the IPv6 address on Ethernet 1/1. [DeviceB] interface ethernet 1/1 [DeviceB-Ethernet1/1] ipv6 address 3001::2/64 Configure the static IPv6 route to network segment 2001::/64 on which the host resides, and specify the next-hop as 3001::1. [DeviceB] ipv6 route-static 2001:: 64 3001::1 II. Configuration file [DeviceB] display current-configuration ipv6 interface Ethernet1/1 port link-mode route ipv6 address 3001::2/64 ipv6 route-static 2001:: 64 3001::1 Hangzhou H3C Technologies Co., Ltd. www.h3c.com 6/9

return 3.3.3 Configuration on Host I. Configuration steps Make sure that Host is IPv6 capable. Host uses ND to automatically discover the router on the link and configure its IPv6 address. To configure ND on Host, a PC installed with Window XP in this example, do the following: 1) In command line mode, run the following command to install IPv6: C:\> ipv6 install Installing... Succeeded. 2) After the installation succeeds, check whether the network card acquires the IPv6 link-local address. C:\> ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix. : IP Address............ : 192.168.1.17 Subnet Mask........... : 255.255.255.0 IP Address............ : fe80::20d:88ff:fef8:dd7%6 Default Gateway......... : In the preceding information displayed, the string %6 after the IP address indicates the sixth IPv6 interface. You can view all the IPv6 interfaces on the PC using the ipv6 if command. 3) When receiving the IPv6 address prefix (2001::/64) periodically advertised by Device A, Host automatically acquires global unicast addresses with the prefix 2001::/64 without manual intervention. 3.3.4 Verification You can verify the preceding configurations as follows: 1) Check whether Host automatically acquires IPv6 global unicast addresses. Hangzhou H3C Technologies Co., Ltd. www.h3c.com 7/9

View the automatically generated IPv6 addresses on Host using the following command: C:\> ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix. : IP Address............ : 192.168.1.17 Subnet Mask........... : 255.255.255.0 IP Address............ : 2001::dc36:939:d072:7d3f IP Address............ : 2001::20d:88ff:fef8:dd7 IP Address............ : fe80::20d:88ff:fef8:dd7%6 Default Gateway......... : fe80::20f:e2ff:fe00:1024%6 The preceding information shows that Host acquires two IPv6 global unicast addresses, 2001::DC36:939:D072:7D3F and 2001::20D:88FF:FEF8:DD7, and that the default gateway of Host is the link-local address of Ethernet 1/1 on Device A, FE80::20F:E2FF:FE00:1024. Note: After acquiring the network address prefix, Window XP generates two global unicast addresses. The interface ID of one address is automatically generated according to the MAC address of the interface, while that of the other address is generated randomly. You can choose the latter global unicast address to prevent the leakage of the former interface ID. Windows Server 2003 does not randomly generate an interface ID. Obtain IPv6 address information of Host on Device A. [DeviceA] display ipv6 neighbors interface ethernet 1/1 Type: S-Static D-Dynamic IPv6 Address Link-layer VID Interface State T Age FE80::20D:88FF:FEF8:DD7 000d-88f8-0dd7 N/A Eth1/1 REACH D 1 2001::20D:88FF:FEF8:DD7 000d-88f8-0dd7 N/A Eth1/1 REACH D 11 2) Check the connectivity between devices using the ping command on Host, Device A, and Device B, respectively. Ping Device A from Device B. Hangzhou H3C Technologies Co., Ltd. www.h3c.com 8/9

[DeviceB] ping ipv6 -c 1 3001::1 PING 3001::1 : 56 data bytes, press CTRL_C to break Reply from 3001::1 bytes=56 Sequence=1 hop limit=64 time = 6 ms --- 3001::1 ping statistics --- 1 packet(s) transmitted 1 packet(s) received 0.00% packet loss round-trip min/avg/max = 6/6/6 ms Ping Host from Device B. [DeviceB] ping ipv6 -c 1 2001::20D:88FF:FEF8:DD7 PING 2001::20D:88FF:FEF8:DD7 : 56 data bytes, press CTRL_C to break Reply from 2001::20D:88FF:FEF8:DD7 bytes=56 Sequence=1 hop limit=63 time = 17 ms --- 2001::20D:88FF:FEF8:DD7 ping statistics --- 1 packet(s) transmitted 1 packet(s) received 0.00% packet loss round-trip min/avg/max = 17/17/17 ms Similarly, you can successfully ping Device A and Device B from Host. 4 References 4.1 Protocols and Standards RFC 2461, Neighbor Discovery for IP version 6 (IPv6) RFC 2463, Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification Copyright 2008 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. The information in this document is subject to change without notice. Hangzhou H3C Technologies Co., Ltd. www.h3c.com 9/9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback