Dell 9.7(0.0) manual Neighbor Discovery Protocol NDP, IPv6 Router Advertisement RA Guard

34

Neighbor Discovery Protocol (NDP)

The neighbor discovery protocol for IPv6 is defined in RFC 2461 as part of the Stateless Address Autoconfiguration protocol. It replaces the Address Resolution Protocol used with IPv4. NDP defines mechanisms for solving the following problems:

•Router discovery: Hosts can locate routers residing on a link

•Prefix discovery: Hosts can discover address prefixes for the link

•Parameter discovery

•Address autoconfiguration — configuration of addresses for an interface

•Address resolution — mapping from IP address to link-layer address

•Next-hop determination

•Neighbor unreachability detection (NUD): Determine that a neighbor is no longer reachable on the link.

•Duplicate address detection (DAD): Allow a node to check whether a proposed address is already in use.

•Redirect: The router can inform a node about a better first-hop.

NDP uses the following five ICMPv6 packet types in its implementation:

•Router Solicitation

•Router Advertisement

•Neighbor Solicitation

•Neighbor Advertisement

•Redirect

IPv6 Router Advertisement (RA) Guard

The IPv6 RA guard provides support to perform conditional forwarding or blocking of the router advertisement messages that are received at the network device platform. This functionality analyzes and filters the RAs sent by the devices and compares the configuration information on the layer 2 device with the RA frame. Once the layer 2 device validates the content of the RA frame against the configuration, it forwards the RA to its unicast or multicast destination. On failure to validate the RA frame content, the RA frame is dropped.

The IPv6 RA guard supports two different modes:

•Host mode — When a policy with device role as host is applied on an interface, all the RA packets are dropped without validation. You can also configure the host mode policy with VLAN option to drop the RA packets on that specific VLAN and port.