IPv6 and DAD principles

Source: Internet
Author: User

About DAD -- & gt; duplicate address detection
The same as IPv4, the difference is that ipv6 is not intended for broadcast. The multicast address of the requested node.
 
Function principle:
Configure IPv6 addresses in the network. If all IPv6 addresses are manually configured, they are inevitably configured with the same IP address. The IP address is absolutely unique in the network and cannot be duplicated. Otherwise, the network device does not know who to transfer the IP address. Because of this uniqueness, arp spoofing these attacks.
In IPv6, as long as the neighbor request is sent to the local link, if a node responds to the request, it indicates that the temporary unicast IPv6 address has been used by another node. If no response is received, node A considers the temporary Unicast address 2001: 410: 0: 1: 1: a to be unique on the local link. Available for use.
Don't talk about anything. directly:

This figure is his principle.
 
By default, a host sends three times of DAD before applying the new IP address. If no response is received after three times, the address can be configured on the interface.
 
Here I used two routers for direct connection, and then deliberately configured a duplicate address on one side of the router interface. At this time, the packet capture result is that the requested multicast address FF02: 1: ff00: 2 is sent as the source, and a response is obtained. We can see that ICMPv6 type = 135 is always used here. The request is, and the response is also. According to the above principle, if a response occurs, the address must be a duplicate address in the local network.

On the vro, you can also see that the cisco IOS prompt has a duplicate address. Cannot be configured.

 
In fact, this principle is not very difficult. It does not take seven steps for ospf interaction, nor is it as complicated as the LDP neighbor interaction process. This is just a mechanism for detecting duplicate addresses. The host is sent out, and no response is received. Set this address three times. If there is a reply, the system will prompt that a layer-3 network device has a duplicate address. As long as IOS supports it, the duplicate address information will be printed. That's all.
 
There are two commands to modify the number of times DAD is sent:

If it is set to any non-zero number, dad works normally.
If it is set to 0, dad is disabled. That is to say, no prompt is prompted even if the IP address is conflicted, because in principle, local does not send the dad request.
It must be enabled by default. This is the basic function at the IP layer.
 
To sum up, DAD, duplicate address detection, the type of the Request node multicast address. FF02: 1: FFxx: xxxx, ICMPv6 is 135. Neighbor request.
This article is from the "thank you-me, focus only on principles" blog.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.