34
Neighbor Discovery Protocol (NDP)The neighbor discovery protocol for IPv6 is defined in RFC 2461 as part of the Stateless Address
Autoconfiguration protocol. It replaces the Address Resolution Protocol used with IPv4. NDP defines
mechanisms for solving the following problems:
• Router discovery: Hosts can locate routers residing on a link
• Prefix discovery: Hosts can discover address prefixes for the link
• Parameter discovery
• Address autoconfiguration — configuration of addresses for an interface
• Address resolution — mapping from IP address to link-layer address
• Next-hop determination
• Neighbor unreachability detection (NUD): Determine that a neighbor is no longer reachable on the
link.
• Duplicate address detection (DAD): Allow a node to check whether a proposed address is already in
use.
• Redirect: The router can inform a node about a better first-hop.
NDP uses the following five ICMPv6 packet types in its implementation:
• Router Solicitation
• Router Advertisement
• Neighbor Solicitation
• Neighbor Advertisement
• Redirect
IPv6 Router Advertisement (RA) Guard
The IPv6 RA guard provides support to perform conditional forwarding or blocking of the router
advertisement messages that are received at the network device platform. This functionality analyzes and
filters the RAs sent by the devices and compares the configuration information on the layer 2 device with
the RA frame. Once the layer 2 device validates the content of the RA frame against the configuration, it
forwards the RA to its unicast or multicast destination. On failure to validate the RA frame content, the RA
frame is dropped.
The IPv6 RA guard supports two different modes:
• Host mode — When a policy with device role as host is applied on an interface, all the RA packets are
dropped without validation. You can also configure the host mode policy with VLAN option to drop
the RA packets on that specific VLAN and port.
Neighbor Discovery Protocol (NDP) 1021