Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 08-IPv6 Basics Configuration | 260.91 KB |
Introduction to IPv6 Neighbor Discovery Protocol
Introduction to IPv6 Transition Technologies
IPv6 Basics Configuration Task List
Configuring Basic IPv6 Functions
Enabling the IPv6 Packet Forwarding Function
Configuring an IPv6 Unicast Address
Configuring a Static Neighbor Entry
Configuring the Maximum Number of Neighbors Dynamically Learned
Configuring Parameters Related to RA Messages
Configuring the Maximum Number of Attempts to Send an NS Message for DAD
Configuring a Static PMTU for a Specified IPv6 Address
Configuring the Aging Time for Dynamic PMTUs
Configuring IPv6 TCP Properties
Configuring IPv6 FIB-Based Forwarding
Configuring ICMPv6 Packet Sending
Configuring the Maximum ICMPv6 Error Packets Sent in an Interval
Enable Sending of Multicast Echo Replies
Displaying and Maintaining IPv6 Basics Configuration
Troubleshooting IPv6 Basics Configuration
l Support of the H3C WA series WLAN access points (APs) for features may vary by AP model. For more information, see Feature Matrix.
l The interface types and the number of interfaces vary by AP model.
l The term AP in this document refers to common APs, wireless bridges, and mesh APs.
l The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region.
This chapter includes these sections:
l IPv6 Basics Configuration Task List
l Displaying and Maintaining IPv6 Basics Configuration
l Troubleshooting IPv6 Basics Configuration
l The term router in this document refers to a router in a generic sense or a wireless access point with routing functions.
l Support for the IPv6 basics configuration depends on the AP model.
IPv6 Overview
l Internet Protocol Version 6 (IPv6), also called IP next generation (IPng), was designed by the Internet Engineering Task Force (IETF) as the successor to Internet Protocol Version 4 (IPv4). The significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits.
IPv6 Features
Header format simplification
IPv6 cuts down some IPv4 header fields or move them to the IPv6 extension headers to reduce the length of the basic IPv6 header. IPv6 uses the basic header with a fixed length, thus making IPv6 packet handling simple and improving the forwarding efficiency. Although the IPv6 address size is four times the IPv4 address size, the basic IPv6 header size is 40 bytes and is only twice the IPv4 header size (excluding the Options field).
Figure 1-1 Comparison between IPv4 packet header format and basic IPv6 packet header format
Adequate address space
The source and destination IPv6 addresses are both 128 bits (16 bytes) long. IPv6 can provide 3.4 x 1038 addresses to fully meet the requirements of hierarchical address division as well as allocation of public and private addresses.
Hierarchical address structure
IPv6 adopts the hierarchical address structure to quicken route search and reduce the system sources occupied by the IPv6 routing table by route aggregation.
Automatic address configuration
To simplify host configuration, IPv6 supports stateful and stateless address configuration.
l Stateful address configuration means that a host acquires an IPv6 address and related information from a server (for example, DHCP server).
l Stateless address configuration means that a host automatically generates an IPv6 address and related information on the basis of its own link-layer address and the prefix information advertised by a router.
In addition, a host can generate a link-local address on the basis of its own link-layer address and the default prefix (FE80::/10) to communicate with other hosts on the same link.
Built-in security
IPv6 uses IPSec as its standard extension header to provide end-to-end security. This feature provides a standard for network security solutions and enhances the interoperability between different IPv6 applications.
QoS support
The Flow Label field in the IPv6 header allows the AP to label packets of a flow and provide special handling for these packets.
Enhanced neighbor discovery mechanism
The IPv6 neighbor discovery protocol is implemented through a group of Internet Control Message Protocol Version 6 (ICMPv6) messages that manage the information exchange between neighbor nodes on the same link. The group of ICMPv6 messages takes the place of Address Resolution Protocol (ARP) messages, Internet Control Message Protocol version 4 (ICMPv4) router discovery messages, and ICMPv4 redirection messages and provides a series of other functions.
Flexible extension headers
IPv6 cancels the Options field in the IPv4 header but introduces multiple extension headers to provide scalability while improving the handling efficiency. The Options field contains 40 bytes at most, while the size of IPv6 extension headers is restricted to the maximum size of IPv6 packets.
Introduction to IPv6 Address
IPv6 address format
An IPv6 address is represented as a series of 16-bit hexadecimals, separated by colons. An IPv6 address is divided into eight groups, and the 16 bits of each group are represented by four hexadecimal numbers, for example, 2001:0000:130F:0000:0000:09C0:876A:130B.
To simplify the representation of IPv6 addresses, zeros in IPv6 addresses can be handled as follows:
l Leading zeros in each group can be removed. For example, the above-mentioned address can be represented in a shorter format as 2001:0:130F:0:0:9C0:876A:130B.
l If an IPv6 address contains two or more consecutive groups of zeros, they can be replaced by a double-colon ::. For example, the above-mentioned address can be represented in the shortest format as 2001:0:130F::9C0:876A:130B.
A double-colon can be used only once in an IPv6 address. Otherwise, the AP is unable to determine how many zeros that double-colons represent when converting them to zeros to restore a 128-bit IPv6 address.
An IPv6 address consists of two parts: address prefix and interface ID. The address prefix and the interface ID are respectively equivalent to the network ID and the host ID in an IPv4 address.
An IPv6 address prefix is written in IPv6-address/prefix-length notation, where the IPv6-address is in any of the notations above mentioned, and prefix-length is a decimal number indicating how many bits from the left-most of an IPv6 address is the address prefix.
IPv6 address classification
IPv6 addresses fall into three types: unicast address, multicast address, and anycast address.
l Unicast address: An identifier for a single interface, similar to an IPv4 unicast address. A packet sent to a unicast address is delivered to the interface identified by that address.
l Multicast address: An identifier for a set of interfaces (typically belonging to different nodes), similar to an IPv4 multicast address. A packet sent to a multicast address is delivered to all interfaces identified by that address.
l Anycast address: An identifier for a set of interfaces (typically belonging to different nodes). A packet sent to an anycast address is delivered to one of the interfaces identified by that address (the target interface is nearest to the source, according to a routing protocol’s measure of distance).
There are no broadcast addresses in IPv6. Their function is replaced by multicast addresses.
The type of an IPv6 address is designated by the first several bits called format prefix. Table 1-1 lists the mappings between address types and format prefixes.
Table 1-1 Mappings between address types and format prefixes
|
Type |
Format prefix (binary) |
IPv6 prefix ID |
|
|
Unicast address |
Unassigned address |
00...0 (128 bits) |
::/128 |
|
Loopback address |
00...1 (128 bits) |
::1/128 |
|
|
Link-local address |
1111111010 |
FE80::/10 |
|
|
Site-local address |
1111111011 |
FEC0::/10 |
|
|
Global unicast address |
other forms |
— |
|
|
Multicast address |
11111111 |
FF00::/8 |
|
|
Anycast address |
Anycast addresses are taken from unicast address space and are not syntactically distinguishable from unicast addresses. |
||
Unicast address
There are several types of unicast addresses, including aggregatable global unicast address, link-local address, and site-local address.
l The aggregatable global unicast addresses, equivalent to IPv4 public addresses, are provided for network service providers. This type of address allows efficient route prefix aggregation to restrict the number of global routing entries.
l The link-local addresses are used for communication between link-local nodes in neighbor discovery and stateless autoconfiguration. Packets with link-local source or destination addresses are not forwarded to other links.
l IPv6 unicast site-local addresses are similar to private IPv4 addresses. Packets with site-local source or destination addresses are not forwarded out of the local site (equivalent to a private network).
l Loopback address: The unicast address 0:0:0:0:0:0:0:1 (represented in the shortest format as ::1) is called the loopback address and may never be assigned to any physical interface. Like the loopback address in IPv4, it may be used by a node to send an IPv6 packet to itself.
l Unassigned address: The unicast address "::” is called the unassigned address and may not be assigned to any node. Before acquiring a valid IPv6 address, a node may fill this address in the source address field of an IPv6 packet. It cannot be used as a destination IPv6 address.
Multicast address
IPv6 multicast addresses listed in Table 1-2 are reserved for special purpose.
Table 1-2 Reserved IPv6 multicast addresses
|
Address |
Application |
|
FF01::1 |
Node-local scope all nodes multicast address |
|
FF02::1 |
Link-local scope all nodes multicast address |
|
FF01::2 |
Node-local scope all routers multicast address |
|
FF02::2 |
Link-local scope all routers multicast address |
|
FF05::2 |
Site-local scope all routers multicast address |
Besides, there is another type of multicast address: solicited-node address. A solicited-node multicast address is used to acquire the link-layer address of a neighbor node on the same link, and is also used for duplicate address detection (DAD). Each IPv6 unicast or anycast address has a corresponding solicited-node address. The format of a solicited-node multicast address is as follows:
FF02:0:0:0:0:1:FFXX:XXXX
Where, FF02:0:0:0:0:1:FF is permanent and consists of 104 bits, and XX:XXXX is the last 24 bits of an IPv6 unicast or anycast address.
Interface identifier in IEEE EUI-64 format
An interface identifier is used to identify a unique interface on a link and is 64 bits long.
IEEE 802 interfaces (such as Ethernet interface and VLAN interface): The interface identifier is derived from the link-layer address (MAC) of an interface. A MAC address is 48 bits long and therefore, to get the interface identifier, the hexadecimal number FFFE needs to be inserted in the middle of the MAC address (behind the 24 high-order bits). To ensure the interface identifier obtained from a MAC address is unique, it is necessary to set the universal/local (U/L) bit (the seventh high-order bit) to “1”. Thus, an interface identifier in IEEE EUI-64 format is obtained.
Figure 1-2 Convert a MAC address into an EUI-64 interface identifier
Introduction to IPv6 Neighbor Discovery Protocol
The IPv6 Neighbor Discovery Protocol (NDP) uses five types of ICMPv6 messages to implement the following functions:
l Neighbor reachability detection
l Router/prefix discovery and address autoconfiguration
Table 1-3 lists the types and functions of ICMPv6 messages used by the NDP.
Table 1-3 Types and functions of ICMPv6 messages
|
ICMPv6 message |
Number |
Function |
|
Neighbor solicitation (NS) message |
135 |
Used to acquire the link-layer address of a neighbor |
|
Used to verify whether the neighbor is reachable |
||
|
Used to perform a duplicate address detection |
||
|
Neighbor advertisement (NA) message |
136 |
Used to respond to an NS message |
|
When the link layer changes, the local node initiates an NA message to notify neighbor nodes of the node information change. |
||
|
Router solicitation (RS) message |
133 |
After started, a node sends an RS message to request the router for an address prefix and other configuration information for the purpose of autoconfiguration. |
|
Router advertisement (RA) message |
134 |
Used to respond to an RS message |
|
With the RA message suppression disabled, the router regularly sends an RA message containing information such as prefix information options and flag bits. |
||
|
Redirect message |
137 |
When a certain condition is satisfied, the default gateway sends a redirect message to the source host so that the host can reselect a correct next hop router to forward packets. |
The NDP mainly provides the following functions:
Address resolution
Similar to the ARP function in IPv4, a node acquires the link-layer addresses of neighbor nodes on the same link through NS and NA messages. Figure 1-3 shows how node A acquires the link-layer address of node B.
The address resolution procedure is as follows:
1) Node A multicasts an NS message. The source address of the NS message is the IPv6 address of the sending interface of node A and the destination address is the solicited-node multicast address of node B. The NS message contains the link-layer address of node A.
2) After receiving the NS message, node B judges whether the destination address of the packet is its solicited-node multicast address. If yes, node B learns the link-layer address of node A, and then unicasts an NA message containing its link-layer address.
3) Node A acquires the link-layer address of node B from the NA message.
Neighbor reachability detection
After node A acquires the link-layer address of its neighbor node B, node A can verify whether node B is reachable according to NS and NA messages.
1) Node A sends an NS message whose destination address is the IPv6 address of node B.
2) If node A receives an NA message from node B, node A considers that node B is reachable. Otherwise, node B is unreachable.
Duplicate address detection
After node A acquires an IPv6 address, it will perform duplicate address detection (DAD) to determine whether the address is being used by any other node (similar to the gratuitous ARP function of IPv4). DAD is accomplished through NS and NA messages. Figure 1-4 shows the DAD procedure.
Figure 1-4 Duplicate address detection
The DAD procedure is as follows:
1) Node A sends an NS message whose source address is the unassigned address :: and destination address is the corresponding solicited-node multicast address of the IPv6 address to be detected. The NS message contains the IPv6 address.
2) If node B uses this IPv6 address, node B returns an NA message. The NA message contains the IPv6 address of node B.
3) Node A learns that the IPv6 address is being used by node B after receiving the NA message from node B. Otherwise, node B is not using the IPv6 address and node A can use it.
Router/prefix discovery and address autoconfiguration
Router/prefix discovery means that a node locates the neighboring routers, and learns the prefix of the network where the host is located, and other configuration parameters from the received RA message.
Stateless address autoconfiguration means that a node automatically generates an IPv6 address according to the information obtained through router/prefix discovery.
The router/prefix discovery is implemented through RS and RA messages. The router/prefix discovery procedure is as follows:
1) After started, a node sends an RS message to request the address prefix and other configuration information.
2) A device returns an RA message containing information such as prefix information option. (The device also regularly sends an RA message.)
l In addition to an address prefix, the prefix information option also contains the preferred lifetime and valid lifetime of the address prefix. After receiving a periodic RA message, the node updates the preferred lifetime and valid lifetime of the address prefix accordingly.
l An automatically generated address is applicable within the valid lifetime and is removed when the valid lifetime times out.
Redirection
When a host is started, its routing table may contain only the default route to the gateway. When certain conditions are satisfied, the gateway sends an ICMPv6 redirect message to the source host so that the host can select a better next hop to forward packets (similar to the ICMP redirection function in IPv4).
The gateway will send an IPv6 ICMP redirect message when the following conditions are satisfied:
l The receiving interface is the forwarding interface.
l The selected route itself is not created or modified by an IPv6 ICMP redirect message.
l The selected route is not the default route.
l The forwarded IPv6 packet does not contain any routing extension header.
IPv6 PMTU Discovery
The links that a packet passes from the source to the destination may have different MTUs. In IPv6, when the packet size exceeds the path MTU ( the minimum MTU of all links), the packet will be fragmented at the source end so as to reduce the processing pressure of the forwarding device and utilize network resources rationally.
The path MTU (PMTU) discovery mechanism is to find the minimum MTU of all links in the path from the source to the destination. Figure 1-5 shows the working procedure of the PMTU discovery.
Figure 1-5 Working procedure of the PMTU discovery
The working procedure of the PMTU discovery is as follows:
1) The source host uses its MTU to send packets to the destination host.
2) If the MTU supported by a forwarding interface is less than the packet size, the forwarding device will discard the packet and return an ICMPv6 error packet containing the interface MTU to the source host.
3) After receiving the ICMPv6 error packet, the source host uses the returned MTU to sends packets to the destination.
4) Step 2 to step 3 are repeated until the destination host receives the packet. In this way, the minimum MTU of all links in the path from the source host to the destination host is determined.
Introduction to IPv6 Transition Technologies
Before IPv6 dominates the Internet, high-efficient, seamless IPv6 transition technologies are needed to enable communication between IPv4 and IPv6 networks.
Dual stack is the most direct transition approach. A network node that supports both IPv4 and IPv6 is called a dual stack node. A dual stack node configured with an IPv4 address and an IPv6 address can forward both IPv4 and IPv6 packets. For an upper layer application supporting both IPv4 and IPv6, either TCP or UDP can be selected at the transport layer, while IPv6 stack is preferred at the network layer. Dual stack is suitable for communication between IPv4 nodes or between IPv6 nodes. It is the basis of all transitions technologies. However, it does not solve the IP address depletion issue because each dual stack node must have a globally unique IP address.
Protocols and Standards
Protocols and standards related to IPv6 include:
l RFC 1881: IPv6 Address Allocation Management
l RFC 1887: An Architecture for IPv6 Unicast Address Allocation
l RFC 1981: Path MTU Discovery for IP version 6
l RFC 2375: IPv6 Multicast Address Assignments
l RFC 2460: Internet Protocol, Version 6 (IPv6) Specification.
l RFC 2461: Neighbor Discovery for IP Version 6 (IPv6)
l RFC 2462: IPv6 Stateless Address Autoconfiguration
l RFC 2463: Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification
l RFC 2464: Transmission of IPv6 Packets over Ethernet Networks
l RFC 2526: Reserved IPv6 Subnet Anycast Addresses
l RFC 3307: Allocation Guidelines for IPv6 Multicast Addresses
l RFC 3513: Internet Protocol Version 6 (IPv6) Addressing Architecture
IPv6 Basics Configuration Task List
Complete the following tasks to perform IPv6 basics configuration:
|
Task |
Remarks |
|
Required |
|
|
Optional |
|
|
Optional |
|
|
Optional |
|
|
Optional |
|
|
Optional |
Configuring Basic IPv6 Functions
Enabling the IPv6 Packet Forwarding Function
Before performing IPv6-related configurations, you need to enable the IPv6 packet forwarding function. Otherwise, an interface cannot forward IPv6 packets even if it has an IPv6 address configured.
Follow these steps to enable the IPv6 packet forwarding function:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable the IPv6 packet forwarding function |
ipv6 |
Required Disabled by default. |
Configuring an IPv6 Unicast Address
IPv6 site-local addresses and aggregatable global unicast addresses can be configured in the following ways:
l EUI-64 format: When the EUI-64 format is adopted, the IPv6 address prefix of an interface is the configured prefix, and the interface identifier is generated automatically by the interface.
l Manual configuration: IPv6 site-local addresses or aggregatable global unicast addresses are configured manually.
l Stateless address autoconfiguration: IPv6 global unicast addresses are generated automatically based on the address prefix information contained in the RA message.
IPv6 link-local addresses can be configured in either of the following ways:
l Automatic generation: The device automatically generates a link-local address for an interface according to the link-local address prefix (FE80::/10) and the link-layer address of the interface.
l Manual assignment: IPv6 link-local addresses can be assigned manually.
To avoid link-local address conflicts, it is recommended to use the automatic generation method.
Follow these steps to configure an IPv6 unicast address:
|
To do... |
Use the command... |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter interface view |
interface interface-type interface-number |
— |
|
|
Configure an IPv6 aggregatable global unicast address or site-local address |
Manually assign an IPv6 address |
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } |
One of the three commands is required. By default, no site-local address or aggregatable global unicast address is configured for an interface. |
|
Adopt the EUI-64 format to form an IPv6 address |
ipv6 address ipv6-address/prefix-length eui-64 |
||
|
Adopt stateless address autoconfiguration |
ipv6 address auto |
||
|
Configure an IPv6 link-local address |
Automatically generate a link-local address for the interface |
ipv6 address auto link-local |
Optional By default, after an IPv6 site-local address or aggregatable global unicast address is configured for an interface, a link-local address will be generated automatically. |
|
Manually assign a link-local address for the interface |
ipv6 address ipv6-address link-local |
||
l An interface can have only one link-local address, but can have multiple global unicast addresses with different prefixes and site-local addresses.
l After an IPv6 site-local address or aggregatable global unicast address is configured for an interface, a link-local address is generated automatically. The automatically generated link-local address is the same as the one generated by using the ipv6 address auto link-local command. If a link-local address is manually assigned to an interface, this manual link-local address takes effect. If the manually assigned link-local address is removed, the automatically generated link-local address takes effect.
l The manual assignment takes precedence over the automatic generation. That is, if you first adopt the automatic generation and then the manual assignment, the manually assigned link-local address will overwrite the automatically generated one. If you first adopt the manual assignment and then the automatic generation, the automatically generated link-local address will not take effect and the link-local address of an interface is still the manually assigned one. If you delete the manually assigned address, the automatically generated link-local address is validated.
l The undo ipv6 address auto link-local command can only remove the link-local addresses generated through the ipv6 address auto link-local command. However, if an IPv6 site-local address or aggregatable global unicast address is already configured for an interface, the interface still has a link-local address because the system automatically generates one for the interface. If no IPv6 site-local address or aggregatable global unicast address is configured, the interface has no link-local address.
l The manually configured global unicast address takes precedence over the one automatically generated. If a global unicast address has been automatically generated on an interface when you manually configure another one with the same address prefix, the latter overwrites the previous one. After that, the overwritten automatic global unicast address will not be restored even if the manual one is removed. Instead, a new global unicast address will be automatically generated again based on the address prefix information in the RA message that the interface receives for the next time.
l Executing the undo ipv6 address auto command removes all the automatically-generated global unicast addresses from an interface. The automatically generated link-local address on the interface can be removed only when no IPv6 site-local address or global unicast address exists, and the ipv6 address auto link-local command is not configured.
Configuring IPv6 NDP
Configuring a Static Neighbor Entry
The IPv6 address of a neighbor node can be resolved into a link-layer address dynamically through NS and NA messages or through a manually configured static neighbor entry.
The AP uniquely identifies a static neighbor entry according to the neighbor IPv6 address and the local Layer 3 interface ID. Currently, there are two configuration methods:
l Associate a neighbor IPv6 address and link-layer address with a Layer 3 interface.
l Associate a neighbor IPv6 address and link-layer address with a port in a VLAN.
Follow these steps to configure a static neighbor entry:
|
To do... |
Use the command... |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure a static neighbor entry |
ipv6 neighbor ipv6-address mac-address { vlan-id port-type port-number | interface interface-type interface-number } |
Required |
You can adopt either of the two methods above to configure a static neighbor entry.
l After a static neighbor entry is configured by using the first method, the AP needs to resolve the corresponding Layer 2 port information of the VLAN interface.
l If you adopt the second method, you should ensure that the corresponding VLAN interface exists and that the layer 2 port specified by port-type port-number belongs to the VLAN specified by vlan-id. After a static neighbor entry is configured, the AP relates the VLAN interface to the IPv6 address to uniquely identify a static neighbor entry.
Configuring the Maximum Number of Neighbors Dynamically Learned
The AP can dynamically acquire the link-layer address of a neighbor node through NS and NA messages and add it into the neighbor table. Too large a neighbor table may reduce the forwarding performance of the AP. You can restrict the size of the neighbor table by setting the maximum number of neighbors that an interface can dynamically learn. When the number of dynamically learned neighbors reaches the threshold, the interface will stop learning neighbor information.
Follow these steps to configure the maximum number of neighbors dynamically learned:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Configure the maximum number of neighbors dynamically learned by an interface |
ipv6 neighbors max-learning-num number |
Optional |
Configuring Parameters Related to RA Messages
You can enable an interface to send RA messages, and configure the interval for sending RA messages and parameters in RA messages. After receiving an RA message, a host can use these parameters to perform corresponding operations. Table 1-4 lists the configurable parameters in an RA message and their descriptions.
Table 1-4 Parameters in an RA message and their descriptions
|
Parameters |
Description |
|
Cur hop limit |
When sending an IPv6 packet, a host uses the value to fill the Cur Hop Limit field in IPv6 headers. The value is also filled into the Cur Hop Limit field in response messages of a device. |
|
Prefix information options |
After receiving the prefix information, the hosts on the same link can perform stateless autoconfiguration. |
|
M flag |
This field determines whether hosts use the stateful autoconfiguration to acquire IPv6 addresses. If the M flag is set to 1, hosts use the stateful autoconfiguration to acquire IPv6 addresses (for example, through a DHCP server). Otherwise, hosts use the stateless autoconfiguration to acquire IPv6 addresses, that is, hosts generate IPv6 addresses according to their own link-layer addresses and the obtained prefix information. |
|
O flag |
This field determines whether hosts use the stateful autoconfiguration to acquire information other than IPv6 addresses. If the O flag is set to 1, hosts use the stateful autoconfiguration to acquire information other than IPv6 addresses (for example, through a DHCP server). Otherwise, hosts use the stateless autoconfiguration to acquire information other than IPv6 addresses. |
|
Router lifetime |
This field tells the receiving hosts how long the advertising device can live. |
|
Retrans timer |
If the device fails to receive a response message within the specified time after sending an NS message, it will retransmit the NS message. |
|
Reachable time |
If the neighbor reachability detection shows that a neighbor is reachable, the device considers the neighbor is reachable within the specified reachable time. If the device needs to send a packet to the neighbor after the specified reachable time expires, the device will reconfirm whether the neighbor is reachable. |
The values of the Retrans Timer and the Reachable Time configured for an interface are sent to hosts via RA messages. Furthermore, this interface sends NS messages at the interval of Retrans Timer and considers a neighbor reachable within the Reachable Time.
Follow these steps to configure parameters related to an RA message:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the hop limit |
ipv6 nd hop-limit value |
Optional 64 by default. |
|
Enable the consistency check on the source MAC address of ND packets |
ipv6 nd mac-check enable |
Optional Disabled by default. |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Disable the RA message suppression |
undo ipv6 nd ra halt |
Optional By default, RA messages are suppressed. |
|
Configure the maximum and minimum intervals for sending RA messages |
ipv6 nd ra interval max-interval-value min-interval-value |
Optional By default, the maximum interval for sending RA messages is 600 seconds, and the minimum interval is 200 seconds. The AP sends RA messages at random intervals between the maximum interval and the minimum interval. The minimum interval should be less than or equal to 0.75 times the maximum interval. |
|
Configure the prefix information in RA messages |
ipv6 nd ra prefix { ipv6-address prefix-length | ipv6-address/prefix-length } valid-lifetime preferred-lifetime [ no-autoconfig | off-link ] * |
Optional By default, no prefix information is configured for RA messages, and the IPv6 address of the interface sending RA messages is used as the prefix information. |
|
Set the M flag bit to 1 |
ipv6 nd autoconfig managed-address-flag |
Optional By default, the M flag bit is set to 0, that is, hosts acquire IPv6 addresses through stateless autoconfiguration. |
|
Set the O flag bit to 1 |
ipv6 nd autoconfig other-flag |
Optional By default, the O flag bit is set to 0, that is, hosts acquire other information through stateless autoconfiguration. |
|
Configure the router lifetime in RA messages |
ipv6 nd ra router-lifetime value |
Optional 1800 seconds by default. |
|
Set the NS retransmission timer |
ipv6 nd ns retrans-timer value |
Optional By default, the local interface sends NS messages at an interval of 1000 milliseconds, and the value of the Retrans Timer field in RA messages sent by the local interface is 0. |
|
Set the reachable time |
ipv6 nd nud reachable-time value |
Optional By default, the neighbor reachable time on the local interface is 30000 milliseconds, and the value of the Reachable Timer field in RA messages is 0. |
The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages.
Configuring the Maximum Number of Attempts to Send an NS Message for DAD
An interface sends a neighbor solicitation (NS) message for duplicate address detection after acquiring an IPv6 address. If the interface does not receive a response within a specified time (determined by the ipv6 nd ns retrans-timer command), it continues to send an NS message. If it still does not receive a response after the number of sent attempts reaches a configurable threshold, the acquired address is considered usable.
Follow these steps to configure the attempts to send an NS message for DAD:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Configure the number of attempts to send an NS message for DAD |
ipv6 nd dad attempts value |
Optional 1 by default. When the value argument is set to 0, DAD is disabled. |
Configuring PMTU Discovery
Configuring the Interface MTU
IPv6 routers do not support packet fragmentation. After an IPv6 router receives an IPv6 packet, if the packet size is greater than the MTU of the forwarding interface, the router will discard the packet. Meanwhile, the router sends the MTU to the source host through an ICMPv6 packet — Packet Too Big message. The source host fragments the packet according to the MTU and resends it. To reduce the extra flow overhead resulting from packets being discarded, a proper interface MTU should be configured according to the actual networking environment.
Follow these steps to configure the interface MTU:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Configure the interface MTU |
ipv6 mtu mtu-size |
Optional |
Configuring a Static PMTU for a Specified IPv6 Address
You can configure a static PMTU for a specified destination IPv6 address. When a source host sends packets through an interface, it compares the interface MTU with the static PMTU of the specified destination IPv6 address. If the packet size is larger than the smaller one between the two values, the host fragments the packet according to the smaller value.
Follow these steps to configure a static PMTU for a specified address:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure a static PMTU for a specified IPv6 address |
ipv6 pathmtu ipv6-address [ value ] |
Required By default, no static PMTU is configured. |
Configuring the Aging Time for Dynamic PMTUs
After the path MTU from a source host to a destination host is dynamically determined (see IPv6 PMTU Discovery), the source host sends subsequent packets to the destination host on basis of this MTU. After the aging time expires, the dynamic PMTU is removed and the source host re-determines a dynamic path MTU through the PMTU mechanism.
The aging time is invalid for a static PMTU.
Follow these steps to configure the aging time for dynamic PMTUs:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the aging time for dynamic PMTUs |
ipv6 pathmtu age age-time |
Optional 10 minutes by default. |
Configuring IPv6 TCP Properties
The IPv6 TCP properties you can configure include:
l synwait timer: When a SYN packet is sent, the synwait timer is triggered. If no response packet is received before the synwait timer expires, the IPv6 TCP connection establishment fails.
l finwait timer: When the IPv6 TCP connection status is FIN_WAIT_2, the finwait timer is triggered. If no packet is received before the finwait timer expires, the IPv6 TCP connection is terminated. If a FIN packet is received, the IPv6 TCP connection status becomes TIME_WAIT. If other packets are received, the finwait timer is reset from the last received packet and the connection is terminated after the finwait timer expires.
l Size of the IPv6 TCP sending/receiving buffer.
Follow these steps to configure IPv6 TCP properties:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Set the finwait timer |
tcp ipv6 timer fin-timeout wait-time |
Optional 675 seconds by default. |
|
Set the synwait timer |
tcp ipv6 timer syn-timeout wait-time |
Optional 75 seconds by default. |
|
Set the size of the IPv6 TCP sending/receiving buffer |
tcp ipv6 window size |
Optional 8 KB by default. |
Configuring IPv6 FIB-Based Forwarding
With the IPv6 FIB caching function enabled, the AP searches the FIB cache to forward packets, thus reducing the searching time and improving forwarding efficiency.
Follow these steps to configure the IPv6 FIB-based forwarding:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable the IPv6 FIB caching function |
ipv6 fibcache |
Required Disabled by default. |
Configuring ICMPv6 Packet Sending
Configuring the Maximum ICMPv6 Error Packets Sent in an Interval
If too many ICMPv6 error packets are sent within a short time in a network, network congestion may occur. To avoid network congestion, you can control the maximum number of ICMPv6 error packets sent within a specified time, currently by adopting the token bucket algorithm.
You can set the capacity of a token bucket, namely, the number of tokens in the bucket. In addition, you can set the update interval of the token bucket, namely, the interval for restoring the configured capacity. One token allows one ICMPv6 error packet to be sent. Each time an ICMPv6 error packet is sent, the number of tokens in a token bucket decreases by one. If the number of ICMPv6 error packets successively sent exceeds the capacity of the token bucket, the additional ICMPv6 error packets cannot be sent out until the capacity of the token bucket is restored.
Follow these steps to configure the capacity and update interval of the token bucket:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the capacity and update interval of the token bucket |
ipv6 icmp-error { bucket bucket-size | ratelimit interval } * |
Optional By default, the capacity of a token bucket is 10 and the update interval is 100 milliseconds. That is, at most 10 IPv6 ICMP error packets can be sent within 100 milliseconds. The update interval “0” indicates that the number of ICMPv6 error packets sent is not restricted. |
Enable Sending of Multicast Echo Replies
If hosts are capable of replying multicast echo requests, Host A can attack Host B by sending an echo request with the source being Host B to a multicast address, then all the hosts in the multicast group will send echo replies to Host B. Therefore, to prevent such an attack, an AP is disabled from replying multicast echo requests by default.
Follow these steps to enable sending of multicast echo replies:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable sending of multicast echo replies |
ipv6 icmpv6 multicast-echo-reply enable |
Required Not enabled by default. |
Displaying and Maintaining IPv6 Basics Configuration
|
To do… |
Use the command… |
Remarks |
|
Display the IPv6 FIB entries |
display ipv6 fib [ ipv6-address ] |
Available in any view |
|
Display the total number of routes in the IPv6 FIB cache |
display ipv6 fibcache |
Available in any view |
|
Display the IPv6 interface settings |
display ipv6 interface [ interface-type [ interface-number ] ] [ verbose ] |
Available in any view |
|
Display neighbor information |
display ipv6 neighbors { ipv6-address | all | dynamic | interface interface-type interface-number | static | vlan vlan-id } [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display the total number of neighbor entries satisfying the specified conditions |
display ipv6 neighbors { all | dynamic | interface interface-type interface-number | static | vlan vlan-id } count |
Available in any view |
|
Display the PMTU information of an IPv6 address |
display ipv6 pathmtu { ipv6-address | all | dynamic | static } |
Available in any view |
|
Display socket information |
display ipv6 socket [ socktype socket-type ] [ task-id socket-id ] |
Available in any view |
|
Display the statistics of IPv6 packets and ICMPv6 packets |
display ipv6 statistics |
Available in any view |
|
Display the IPv6 TCP connection statistics |
display tcp ipv6 statistics |
Available in any view |
|
Display the IPv6 TCP connection status information |
display tcp ipv6 status |
Available in any view |
|
Display the IPv6 UDP connection statistics |
display udp ipv6 statistics |
Available in any view |
|
Clear FIB cache entries |
reset ipv6 fibcache |
Available in user view |
|
Clear IPv6 neighbor information |
reset ipv6 neighbors { all | dynamic | interface interface-type interface-number | static } |
Available in user view |
|
Clear the specified PMTU values |
reset ipv6 pathmtu { all | static | dynamic} |
Available in user view |
|
Clear the statistics of IPv6 and ICMPv6 packets |
reset ipv6 statistics |
Available in user view |
|
Clear all IPv6 TCP connection statistics |
reset tcp ipv6 statistics |
Available in user view |
|
Clear the statistics of all IPv6 UDP packets |
reset udp ipv6 statistics |
Available in user view |
IPv6 Configuration Example
Network requirements
As shown in Figure 1-6, the client and AP are connected to the PoE switch through Ethernet ports. The global unicast address of VLAN-interface 1 on the AP is 2001::1/64.
Enable IPv6 on the client to automatically generate an IPv6 address through IPv6 NDP.
Figure 1-6 Network diagram for IPv6 address configuration
Configuration procedure
1) Configure the AP
# Enable the IPv6 packet forwarding function.
<AP> system-view
[AP] ipv6
# Configure a global unicast address for VLAN-interface 1 and allow it to advertise RA messages.
[AP] interface vlan-interface 1
[AP-Vlan-interface1] ipv6 address 2001::1/64
[AP-Vlan-interface1] undo ipv6 nd ra halt
2) Configure the client
Enable IPv6 for the client to automatically generate an IPv6 address through IPv6 NDP. (Omitted)
Verification
# Ping the AP from the client to verify the connectivity.
C:\Documents and Settings\Administrator> ping ipv6 -c 1 2001::1
PING 2001::1 : 56 data bytes, press CTRL_C to break
Reply from 2001::1
bytes=56 Sequence=1 hop limit=64 time = 2 ms
--- 2001::1 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/2 ms
Troubleshooting IPv6 Basics Configuration
Symptom
The peer IPv6 address cannot be pinged.
Solution
l Use the display current-configuration command in any view or the display this command in system view to verify that the IPv6 packet forwarding function is enabled.
l Use the display ipv6 interface command in any view to verify that the IPv6 address of the interface is correct and the interface is up.
l Use the debugging ipv6 packet command in user view to enable the debugging for IPv6 packets to help locate the cause.
