Saturday, September 18, 2010

Neighbor Discovery Protocol: Part 2

When we last left NDP, we were talking about ARP, and why it won't do what we want it to do.

From RFC 4681:
IPv6 nodes on the same link use Neighbor Discovery to discover each other's presence, to determine each other's link-layer addresses, to find routers, and to maintain reach-ability information about the paths to active neighbors.
In other words, its more than ARP, its an Adventure!  Let's go through each one of these.

"To determine each other's presence, to determine each other's link layer addresses"
So, this is the original ARP protocol's functionality. ARP determines if an address within a subnet is contactable and determines what addresses are configured on specific hosts. A quick tcpdump of such a packet looks like this:

22:15:26.847304 IP6 fe80::a14a:be36:4596:890d > ff02::1:ff89:7f9d: ICMP6, neighbor solicitation, who has fe80::81a0:12e8:7e89:7f9d, length 32

This is an ICMPv6 packet (more on ICMPv6 later) which is called a 'neighbor solicitation' which queried a well known multicast address called the "all-nodes multicast address" (which sounds like a broadcast, and effectively is, but its not... just trust me on this for now).  In the same fashion as ARP, the machine with this address responds with a 'neighbor advertisement' via unicast (more on unicast vs. multicast later). 

This process happens completely in the IPv6 layer.  There are no MAC addresses being passed back and forth and we've eliminated broadcast traffic.  So in this one feature, we've completely replaced ARP already.

"to maintain reach-ability information about the paths to active neighbors" 
(Yes, we skipped one)

Because there is a looser coupling between MAC addresses and IPs, and because we want to reduce the need to broadcast things on the network (which still means less packets to the "all-nodes multicast address"), NDP includes a way to check on whether one node can still reach another node and sends the same 'neighbor solicitation' messages via unicast.  This only happens when traffic is actively being sent to the host to eliminate reliance on protocols further up the chain to do the right thing.

I think we'll talk about finding routers tomorrow.

Posted by
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)