IPv6, also called IP next generation (IPng), was designed by the IETF as the successor to IPv4. One significant difference between IPv6 and IPv4 is that IPv6 increases the IP address size from 32 bits to 128 bits.

NOTE:

The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).

IPv6 features

Simplified header format

IPv6 removes several IPv4 header fields or moves them to the IPv6 extension headers to reduce the length of the basic IPv6 packet header. The basic IPv6 packet header has a fixed length of 40 bytes to simplify IPv6 packet handling and improve forwarding efficiency. Although the IPv6 address size is four times the IPv4 address size, the basic IPv6 packet header size is only twice the size of the option-less IPv4 packet header.

Figure 1 IPv4 packet header format and basic IPv6 packet header format

Larger address space

IPv6 can provide 3.4 x 10³⁸ addresses to meet the requirements of hierarchical address assignment for both public and private networks.

Hierarchical address structure

IPv6 uses a hierarchical address structure to speed up route lookup and reduce the IPv6 routing table size through route aggregation.

Address autoconfiguration

To simplify host configuration, IPv6 supports stateful and stateless address autoconfiguration.

· Stateful address autoconfiguration enables a host to acquire an IPv6 address and other configuration information from a server (for example, a DHCPv6 server). For more information about DHCPv6 server, see "Configuring the DHCPv6 server."

· Stateless address autoconfiguration enables a host to automatically generate an IPv6 address and other configuration information by using its link-layer address and the prefix information advertised by a router.

To communicate with other hosts on the same link, a host automatically generates a link-local address based on its link-layer address and the link-local address prefix (FE80::/10).

Built-in security

IPv6 defines extension headers to support IPsec. IPsec provides end-to-end security and enhances interoperability among different IPv6 applications.

QoS support

The Flow Label field in the IPv6 header allows the device to label the packets of a specific flow for special handling.

Enhanced neighbor discovery mechanism

The IPv6 neighbor discovery protocol uses a group of ICMPv6 messages to manage information exchange among neighboring nodes on the same link. The group of ICMPv6 messages replaces ARP messages, ICMPv4 Router Discovery messages, and ICMPv4 Redirect messages and provides a series of other functions.

Flexible extension headers

IPv6 eliminates the Options field in the header and introduces optional extension headers to provide scalability and improve efficiency. The Options field in the IPv4 packet header contains up to 40 bytes, whereas the IPv6 extension headers are restricted to the maximum size of IPv6 packets.

IPv6 addresses

IPv6 address formats

An IPv6 address is represented as a set of 16-bit hexadecimals separated by colons (:). An IPv6 address is divided into eight groups, and each 16-bit group is represented by four hexadecimal numbers, for example, 2001:0000:130F:0000:0000:09C0:876A:130B.

To simplify the representation of IPv6 addresses, you can handle zeros in IPv6 addresses by using the following methods:

· The leading zeros in each group can be removed. For example, the above address can be represented in a shorter format as 2001:0:130F:0:0:9C0:876A:130B.

· If an IPv6 address contains one or more consecutive groups of zeros, they can be replaced by a double colon (::). For example, the above address can be represented in the shortest format as 2001:0:130F::9C0:876A:130B.

IMPORTANT:

A double colon can appear once or not at all in an IPv6 address. This limit allows the device to determine how many zeros the double colon represents and correctly convert it to zeros to restore a 128-bit IPv6 address.

An IPv6 address consists of an address prefix and an interface ID, which are equivalent to the network ID and the host ID of an IPv4 address.

An IPv6 address prefix is written in IPv6-address/prefix-length notation. The prefix-length is a decimal number indicating how many leftmost bits of the IPv6 address are in the address prefix.

IPv6 address types

IPv6 addresses include the following types:

· Unicast address—An identifier for a single interface, similar to an IPv4 unicast address. A packet sent to a unicast address is delivered to the interface identified by that address.

· Multicast address—An identifier for a set of interfaces (typically belonging to different nodes), similar to an IPv4 multicast address. A packet sent to a multicast address is delivered to all interfaces identified by that address.

There are no broadcast addresses in IPv6. Their function is replaced by multicast addresses.

· Anycast address—An identifier for a set of interfaces (typically belonging to different nodes). A packet sent to an anycast address is delivered to the nearest interface among the interfaces identified by that address. The nearest interface is chosen according to the routing protocol' measure of distance.

The type of an IPv6 address is designated by the first several bits, called the format prefix.

Table 1 Mappings between address types and format prefixes

Type		Format prefix (binary)	IPv6 prefix ID
Unicast address	Unspecified address	00...0 (128 bits)	::/128
	Loopback address	00...1 (128 bits)	::1/128
	Link-local address	1111111010	FE80::/10
	Global unicast address	Other forms	N/A
Multicast address		11111111	FF00::/8
Anycast address		Anycast addresses use the unicast address space and have the identical structure of unicast addresses.

Unicast addresses

Unicast addresses include global unicast addresses, link-local unicast addresses, the loopback address, and the unspecified address.

· Global unicast addresses—Equivalent to public IPv4 addresses, global unicast addresses are provided for Internet service providers. This type of address allows for prefix aggregation to restrict the number of global routing entries.

· Link-local addresses—Used for communication among link-local nodes for neighbor discovery and stateless autoconfiguration. Packets with link-local source or destination addresses are not forwarded to other links.

· A loopback address—0:0:0:0:0:0:0:1 (or ::1). It has the same function as the loopback address in IPv4. It cannot be assigned to any physical interface. A node uses this address to send an IPv6 packet to itself.

· An unspecified address—0:0:0:0:0:0:0:0 (or ::). It cannot be assigned to any node. Before acquiring a valid IPv6 address, a node fills this address in the source address field of IPv6 packets. The unspecified address cannot be used as a destination IPv6 address.

Multicast addresses

IPv6 multicast addresses listed in Table 2 are reserved for special purposes.

Table 2 Reserved IPv6 multicast addresses

Address	Application
FF01::1	Node-local scope all-nodes multicast address.
FF02::1	Link-local scope all-nodes multicast address.
FF01::2	Node-local scope all-routers multicast address.
FF02::2	Link-local scope all-routers multicast address.

Multicast addresses also include solicited-node addresses. A node uses a solicited-node multicast address to acquire the link-layer address of a neighboring node on the same link and to detect duplicate addresses. Each IPv6 unicast or anycast address has a corresponding solicited-node address. The format of a solicited-node multicast address is FF02:0:0:0:0:1:FFXX:XXXX. FF02:0:0:0:0:1:FF is fixed and consists of 104 bits, and XX:XXXX is the last 24 bits of an IPv6 unicast address or anycast address.

EUI-64 address-based interface identifiers

An interface identifier is 64-bit long and uniquely identifies an interface on a link. It is derived from the link-layer address (typically a MAC address) of the interface. The MAC address is 48-bit long.

To obtain an EUI-64 address-based interface identifier, follow these steps:

1. Insert the 16-bit binary number 1111111111111110 (hexadecimal value of FFFE) behind the 24th high-order bit of the MAC address.

2. Invert the universal/local (U/L) bit (the seventh high-order bit). This operation makes the interface identifier have the same local or global significance as the MAC address.

Figure 2 Converting a MAC address into an EUI-64 address-based interface identifier

IPv6 ND protocol

The IPv6 Neighbor Discovery (ND) protocol uses the following ICMPv6 messages:

Table 3 ICMPv6 messages used by ND

ICMPv6 message	Type	Function
Neighbor Solicitation (NS)	135	Acquires the link-layer address of a neighbor.
		Verifies whether a neighbor is reachable.
		Detects duplicate addresses.
Neighbor Advertisement (NA)	136	Responds to an NS message.
Neighbor Advertisement (NA)	136	Notifies the neighboring nodes of link layer changes.
Router Solicitation (RS)	133	Requests an address prefix and other configuration information for autoconfiguration after startup.
Router Advertisement (RA)	134	Responds to an RS message.
Router Advertisement (RA)	134	Advertises information, such as the Prefix Information options and flag bits.
Redirect	137	Informs the source host of a better next hop on the path to a particular destination when certain conditions are met.

Address resolution

This function is similar to ARP in IPv4. An IPv6 node acquires the link-layer addresses of neighboring nodes on the same link through NS and NA messages. Figure 3 shows how Host A acquires the link-layer address of Host B on the same link.

Figure 3 Address resolution

The address resolution procedure is as follows:

1. Host A multicasts an NS message. The source address of the NS message is the IPv6 address of the sending interface of Host A and the destination address is the solicited-node multicast address of Host B. The NS message body contains the link-layer address of Host A and the target IPv6 address.

2. After receiving the NS message, Host B determines whether the target address of the packet is its IPv6 address. If it is, Host B learns the link-layer address of Host A, and then unicasts an NA message containing its link-layer address.

3. Host A acquires the link-layer address of Host B from the NA message.

Neighbor reachability detection

After Host A acquires the link-layer address of its neighbor Host B, Host A can use NS and NA messages to test reachability of Host B as follows:

1. Host A sends an NS message whose destination address is the IPv6 address of Host B.

2. If Host A receives an NA message from Host B, Host A decides that Host B is reachable. Otherwise, Host B is unreachable.

Duplicate address detection

After Host A acquires an IPv6 address, it performs Duplicate Address Detection (DAD) to check whether the address is being used by any other node (similar to gratuitous ARP in IPv4). DAD is accomplished through NS and NA messages.

Figure 4 Duplicate address detection

1. Host A sends an NS message whose source address is the unspecified address and whose destination address is the corresponding solicited-node multicast address of the IPv6 address to be detected. The NS message body contains the detected IPv6 address.

2. If Host B uses this IPv6 address, Host B returns an NA message that contains its IPv6 address.

3. Host A knows that the IPv6 address is being used by Host B after receiving the NA message from Host B. If receiving no NA message, Host A decides that the IPv6 address is not in use and uses this address.

Router/prefix discovery and stateless address autoconfiguration

A node performs router/prefix discovery and stateless address autoconfiguration as follows:

1. At startup, a node sends an RS message to request configuration information from a router.

2. The router returns an RA message containing the Prefix Information option and other configuration information. (The router also periodically sends an RA message.)

3. The node automatically generates an IPv6 address and other configuration parameters according to the configuration information in the RA message.

The Prefix Information option contains an address prefix and the preferred lifetime and valid lifetime of the address prefix. A node updates the preferred lifetime and valid lifetime upon receiving a periodic RA message.

The generated IPv6 address is valid within the valid lifetime and becomes invalid when the valid lifetime expires.

After the preferred lifetime expires, the node cannot use the generated IPv6 address to establish new connections, but can receive packets destined for the IPv6 address. The preferred lifetime cannot be greater than the valid lifetime.

Redirection

Upon receiving a packet from a host, the gateway sends an ICMPv6 Redirect message to inform the host of a better next hop when the following conditions are met (similar to the ICMP redirection function in IPv4):

· The interface receiving the packet is the same as the interface forwarding the packet.

· The selected route is not created or modified by an ICMPv6 Redirect message.

· The selected route is not a default route on the device.

· The forwarded IPv6 packet does not contain the routing extension header.

IPv6 path MTU discovery

The links that a packet passes from a source to a destination can have different MTUs, among which the minimum MTU is the path MTU. If a packet exceeds path MTU, the source end fragments the packet to reduce the processing pressure on intermediate devices and to use network resources effectively.

A source end uses path MTU discovery to find the path MTU to a destination, as shown in Figure 5.

Figure 5 Path MTU discovery process

1. The source host sends a packet no larger than its MTU to the destination host.

2. If the MTU of a device's output interface is smaller than the packet, the device discards the packet and returns an ICMPv6 error message containing the interface MTU to the source host.

3. After receiving the ICMPv6 error message, the source host uses the returned MTU to limit the packet size, performs fragmentation, and sends the packets to the destination host.

4. Step 2 and step 3 are repeated until the destination host receives the packet. In this way, the source host finds the minimum MTU of all links in the path to the destination host.

IPv6 transition technologies

IPv6 transition technologies enable communication between IPv4 and IPv6 networks. Several IPv6 transition technologies can be used in different environments and periods.

Dual stack is the most direct transition approach. A network node that supports both IPv4 and IPv6 is a dual-stack node. A dual-stack node configured with an IPv4 address and an IPv6 address can forward both IPv4 and IPv6 packets. An application that supports both IPv4 and IPv6 prefers IPv6 at the network layer. Dual stack is suitable for communication between IPv4 nodes or between IPv6 nodes. It is the basis of all transition technologies. However, it does not solve the IPv4 address depletion issue because each dual stack node must have a globally unique IPv4 address.

Protocols and standards

Protocols and standards related to IPv6 include:

· RFC 1881, IPv6 Address Allocation Management

· RFC 1887, An Architecture for IPv6 Unicast Address Allocation

· RFC 1981, Path MTU Discovery for IP version 6

· RFC 2375, IPv6 Multicast Address Assignments

· RFC 2460, Internet Protocol, Version 6 (IPv6) Specification

· RFC 2464, Transmission of IPv6 Packets over Ethernet Networks

· RFC 2526, Reserved IPv6 Subnet Anycast Addresses

· RFC 3307, Allocation Guidelines for IPv6 Multicast Addresses

· RFC 4191, Default Router Preferences and More-Specific Routes

· RFC 4291, IP Version 6 Addressing Architecture

· RFC 4443, Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification

· RFC 4861, Neighbor Discovery for IP Version 6 (IPv6)

· RFC 4862, IPv6 Stateless Address Autoconfiguration

IPv6 basics configuration task list

Tasks at a glance
(Required.) Assigning IPv6 addresses to interfaces: · Configuring an IPv6 global unicast address · Configuring an IPv6 link-local address · Configuring an IPv6 anycast address

(Optional.) Configuring IPv6 ND: · Configuring a static neighbor entry · Setting the maximum number of dynamic neighbor entries · Setting the aging timer for ND entries in stale state · Minimizing link-local ND entries · Setting the hop limit · Configuring parameters for RA messages · Configuring the maximum number of attempts to send an NS message for DAD · Configuring ND snooping · Enabling ND proxy






(Optional.) Configuring path MTU discovery: · Setting the interface MTU · Configuring a static path MTU for an IPv6 address · Configuring the aging time for dynamic path MTUs
(Optional.) Controlling sending ICMPv6 messages: · Configuring the rate limit for ICMPv6 error messages · Enabling replying to multicast echo requests · Enabling sending ICMPv6 destination unreachable messages · Enabling sending ICMPv6 time exceeded messages · Enabling sending ICMPv6 redirect messages · Specifying the source address for ICMPv6 packets
(Optional.) Enabling a device to discard IPv6 packets that contain extension headers

Assigning IPv6 addresses to interfaces

This section describes how to configure an IPv6 global unicast address, an IPv6 link-local address, and an IPv6 anycast address.

Configuring an IPv6 global unicast address

Use one of the following methods to configure an IPv6 global unicast address for an interface:

· EUI-64 IPv6 address—The IPv6 address prefix of the interface is manually configured, and the interface identifier is generated automatically by the interface.

· Manual configuration—The IPv6 global unicast address is manually configured.

· Stateless address autoconfiguration—The IPv6 global unicast address is generated automatically based on the address prefix information contained in the RA message.

You can configure multiple IPv6 global unicast addresses on an interface.

Manually configured global unicast addresses (including EUI-64 IPv6 addresses) take precedence over automatically generated ones. If you manually configure a global unicast address with the same address prefix as an existing global unicast address on an interface, the manually configured one takes effect, but it does not overwrite the automatically generated address. If you remove the manually configured global unicast address, the device uses the automatically generated one.

EUI-64 IPv6 address

To configure an interface to generate an EUI-64 IPv6 address:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter interface view.	interface interface-type interface-number	N/A
3. Configure the interface to generate an EUI-64 IPv6 address.	ipv6 address { ipv6-address prefix-length \| ipv6-address/prefix-length } eui-64	By default, no EUI-64 IPv6 address is configured on an interface.

Manual configuration

To configure an IPv6 global unicast address for an interface:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter interface view.	interface interface-type interface-number	N/A
3. Configure an IPv6 global unicast address for the interface.	ipv6 address { ipv6-address prefix-length \| ipv6-address/prefix-length }	By default, no IPv6 global unicast address is configured on an interface.

Stateless address autoconfiguration

To configure an interface to generate an IPv6 address through stateless address autoconfiguration:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter interface view.	interface interface-type interface-number	N/A
3. Enable stateless address autoconfiguration.	ipv6 address auto	By default, no IPv6 global unicast address is configured on an interface. Using the undo ipv6 address auto command on an interface removes all IPv6 global unicast addresses and link-local addresses that are automatically generated on the interface.

After this configuration, the interface automatically generates an IPv6 global unicast address by using the address prefix in the received RA message and the interface ID. On an IEEE 802 interface (such as an Ethernet interface or a VLAN interface), the interface ID is generated based on the MAC address of the interface and is globally unique. An attacker can exploit this rule to identify the sending device easily.

To fix the vulnerability, you can configure the temporary address function. With this function, an IEEE 802 interface generates the following addresses:

· Public IPv6 address—Includes the address prefix in the RA message and a fixed interface ID generated based on the MAC address of the interface.

· Temporary IPv6 address—Includes the address prefix in the RA message and a random interface ID generated through MD5.

You can also configure the interface to preferentially use the temporary IPv6 address as the source address of sent packets. When the valid lifetime of the temporary IPv6 address expires, the interface removes the address and generates a new one. This function enables the system to send packets with different source addresses through the same interface. If the temporary IPv6 address cannot be used because of a DAD conflict, the public IPv6 address is used.

The preferred lifetime and valid lifetime for a temporary IPv6 address are determined as follows:

· The preferred lifetime of a temporary IPv6 address takes the smaller of the following values:

¡ The preferred lifetime of the address prefix in the RA message.

¡ The preferred lifetime configured for temporary IPv6 addresses minus DESYNC_FACTOR (a random number ranging from 0 to 600 seconds).

· The valid lifetime of a temporary IPv6 address takes the smaller of the following values:

¡ The valid lifetime of the address prefix.

¡ The valid lifetime configured for temporary IPv6 addresses.

To configure the temporary address function:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enable the system to generate a temporary IPv6 address.	ipv6 temporary-address [ valid-lifetime preferred-lifetime ]	By default, the system does not generate any temporary IPv6 address.
3. Enable the system to preferentially use the temporary IPv6 address as the source address of the packet.	ipv6 prefer temporary-address	By default, the system does not preferentially use the temporary IPv6 address as the source address of the packet.

To generate a temporary address, an interface must be enabled with stateless address autoconfiguration. Temporary IPv6 addresses do not overwrite public IPv6 addresses, so an interface can have multiple IPv6 addresses with the same address prefix but different interface IDs.

If an interface fails to generate a public IPv6 address because of a prefix conflict or other reasons, it does not generate any temporary IPv6 address.

Configuring a static IPv6 prefix

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Configure a static IPv6 prefix.	ipv6 prefix prefix-number ipv6-prefix/prefix-length	By default, the device has no static IPv6 prefix.

Configuring an IPv6 link-local address

Configure IPv6 link-local addresses using one of the following methods:

· Automatic generation—The device automatically generates a link-local address for an interface according to the link-local address prefix (FE80::/10) and the link-layer address of the interface.

· Manual assignment—Manually configure an IPv6 link-local address for an interface.

An interface can have only one link-local address. To avoid link-local address conflicts, use the automatic generation method.

Manual assignment takes precedence over automatic generation.

· If you first use automatic generation and then manual assignment, the manually assigned link-local address overwrites the automatically generated one.

· If you first use manual assignment and then automatic generation, both of the following occur:

¡ The automatically generated link-local address does not take effect.

¡ The link-local address is still the manually assigned one.

If you delete the manually assigned address, the automatically generated link-local address takes effect.

Configuring automatic generation of an IPv6 link-local address for an interface

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter interface view.	interface interface-type interface-number	N/A
3. Configure the interface to automatically generate an IPv6 link-local address.	ipv6 address auto link-local	By default, no link-local address is configured on an interface. After an IPv6 global unicast address is configured on the interface, a link-local address is generated automatically.

Manually specifying an IPv6 link-local address for an interface

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter interface view.	interface interface-type interface-number	N/A
3. Manually specify an IPv6 link-local address for the interface.	ipv6 address ipv6-address link-local	By default, no link-local address is configured on an interface. After an IPv6 global unicast address is configured on the interface, a link-local address is generated automatically.

After you configure an IPv6 global unicast address for an interface, the interface automatically generates a link-local address. The automatically generated link-local address is the same as the one generated by using the ipv6 address auto link-local command. If a link-local address is manually assigned to an interface, this manual link-local address takes effect. If the manually assigned link-local address is removed, the automatically generated link-local address takes effect.

Using the undo ipv6 address auto link-local command on an interface only removes the link-local address generated by the ipv6 address auto link-local command. If the interface has an IPv6 global unicast address, it still has a link-local address. If the interface has no IPv6 global unicast address, it has no link-local address.

Configuring an IPv6 anycast address

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter interface view.	interface interface-type interface-number	N/A
3. Configure an IPv6 anycast address.	ipv6 address { ipv6-address prefix-length \| ipv6-address/prefix-length } anycast	By default, no IPv6 anycast address is configured on an interface.

Configuring IPv6 ND

This section describes how to configure IPv6 ND.

Configuring a static neighbor entry

The IPv6 address of a neighboring node can be resolved into a link-layer address dynamically through NS and NA messages or through a manually configured static neighbor entry.

The device uniquely identifies a static neighbor entry by the IPv6 address and the local Layer 3 interface number of the neighbor. You can configure a static neighbor entry by using one of the following methods:

· Method 1—Associate a neighbor's IPv6 address and link-layer address with the local Layer 3 interface.

If you use Method 1, the device automatically finds the Layer 2 port connected to the neighbor.

· Method 2—Associate a neighbor's IPv6 address and link-layer address with a local port in a VLAN.

If you use Method 2, make sure the corresponding VLAN interface exists and the Layer 2 port specified by port-type port-number belongs to the VLAN specified by vlan-id. The device associates the VLAN interface with the neighbor IPv6 address to identify the static neighbor entry.

To configure a static neighbor entry:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Configure a static neighbor entry.	ipv6 neighbor ipv6-address mac-address { vlan-id port-type port-number \| interface interface-type interface-number }	By default, no static neighbor entry exists on the device.

Setting the maximum number of dynamic neighbor entries

The device can dynamically acquire the link-layer address of a neighboring node through NS and NA messages and add it into the neighbor table. When the number of dynamic neighbor entries reaches the threshold, the interface stops learning neighbor information. To prevent an interface from occupying too many neighbor table resources, you can set the maximum number of dynamic neighbors that an interface can learn.

To set the maximum number of dynamic neighbor entries:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter interface view.	interface interface-type interface-number	N/A
3. Set the maximum number of dynamic neighbor entries that the interface can learn.	ipv6 neighbors max-learning-num number	By default, an interface can learn a maximum of 4096 dynamic neighbor entries.

Setting the aging timer for ND entries in stale state

ND entries in stale state have an aging timer. If an ND entry in stale state is not refreshed before the timer expires, the ND entry changes to the delay state. If it is still not refreshed in 5 seconds, the ND entry changes to the probe state, and the device sends an NS message three times. If no response is received, the device removes the ND entry.

To set the aging timer for ND entries in stale state:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Set the aging timer for ND entries in stale state.	ipv6 neighbor stale-aging aging-time	The default setting is 240 minutes.

Minimizing link-local ND entries

Perform this task to minimize link-local ND entries assigned to the driver. Link-local ND entries refer to ND entries comprising link-local addresses.

By default, the device assigns all ND entries to the driver. With this feature enabled, the device does not add newly learned link-local ND entries whose link local addresses are not the next hop of any route into the driver to save driver resources.

This feature affects only newly learned link-local ND entries rather than existing ND entries.

To minimize link-local ND entries:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Minimize link-local ND entries.	ipv6 neighbor link-local minimize	By default, the device assigns all ND entries to the driver.

Setting the hop limit

The device advertises the hop limit in RA messages. All RA message receivers use the advertised value to fill in the Hop Limit field for IPv6 packets to be sent. To disable the device from advertising the hop limit, use the ipv6 nd ra hop-limit unspecified command.

To set the hop limit:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Set the Hop Limit field in the IP header.	ipv6 hop-limit value	The default setting is 64.

Configuring parameters for RA messages

You can enable an interface to send RA messages, and configure the interval for sending RA messages and parameters in RA messages. After receiving an RA message, a host can use these parameters to perform corresponding operations. Table 4 describes the configurable parameters in an RA message.

Table 4 Parameters in an RA message and their descriptions

Parameter	Description
Hop Limit	Maximum number of hops in RA messages. A host receiving the RA message fills the value in the Hop Limit field of sent IPv6 packets.
Prefix information	After receiving the prefix information, the hosts on the same link can perform stateless autoconfiguration.
MTU	Guarantees that all nodes on the link use the same MTU.
M flag	Determines whether a host uses stateful autoconfiguration to obtain an IPv6 address. If the M flag is set to 1, the host uses stateful autoconfiguration (for example, from a DHCPv6 server) to obtain an IPv6 address. Otherwise, the host uses stateless autoconfiguration to generate an IPv6 address according to its link-layer address and the prefix information in the RA message.
O flag	Determines whether a host uses stateful autoconfiguration to obtain configuration information other than IPv6 address. If the O flag is set to 1, the host uses stateful autoconfiguration (for example, from a DHCPv6 server) to obtain configuration information other than IPv6 address. Otherwise, the host uses stateless autoconfiguration.
Router Lifetime	Tells the receiving hosts how long the advertising router can live. If the lifetime of a router is 0, the router cannot be used as the default gateway.
Retrans Timer	If the device does not receive a response message within the specified time after sending an NS message, it retransmits the NS message.
Reachable Time	If the neighbor reachability detection shows that a neighbor is reachable, the device considers the neighbor reachable within the specified reachable time. If the device needs to send a packet to the neighbor after the specified reachable time expires, the device reconfirms whether the neighbor is reachable.
Router Preference	Specifies the router preference in a RA message. A host selects a router as the default gateway according to the router preference. If router preferences are the same, the host selects the router from which the first RA message is received.

The maximum interval for sending RA messages should be less than (or equal to) the router lifetime in RA messages so the router can be updated by an RA message before expiration.

The values of the NS retransmission timer and the reachable time configured for an interface are sent in RA messages to hosts. This interface sends NS messages at the interval of the NS retransmission timer and considers a neighbor reachable within the reachable time.

Enabling sending of RA messages

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter interface view.	interface interface-type interface-number	N/A
3. Enable sending of RA messages.	undo ipv6 nd ra halt	The default setting is disabled.
4. Configure the maximum and minimum intervals for sending RA messages.	ipv6 nd ra interval max-interval-value min-interval-value	By default, the maximum interval for sending RA messages is 600 seconds, and the minimum interval is 200 seconds. The device sends RA messages at random intervals between the maximum interval and the minimum interval. The minimum interval should be less than or equal to 0.75 times the maximum interval.

Configuring parameters for RA messages

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter interface view.	interface interface-type interface-number	N/A
3. Configure the prefix information in RA messages.	ipv6 nd ra prefix { ipv6-prefix prefix-length \| ipv6-prefix/prefix-length } valid-lifetime preferred-lifetime [ no-autoconfig \| off-link ] *	By default, no prefix information is configured for RA messages, and the IPv6 address of the interface sending RA messages is used as the prefix information. If the IPv6 address is manually configured, the prefix uses a fixed valid lifetime of 2592000 seconds (30 days) and a preferred lifetime of 604800 seconds (7 days). If the IPv6 address is automatically obtained, the prefix uses the valid lifetime and preferred lifetime configured for the IPv6 address.
4. Turn off the MTU option in RA messages.	ipv6 nd ra no-advlinkmtu	By default, RA messages contain the MTU option.
5. Specify unlimited hops in RA messages.	ipv6 nd ra hop-limit unspecified	By default, the maximum number of hops in RA messages is 64.
6. Set the M flag bit to 1.	ipv6 nd autoconfig managed-address-flag	By default, the M flag bit is set to 0 in RA advertisements. Hosts receiving the advertisements will obtain IPv6 addresses through stateless autoconfiguration.
7. Set the O flag bit to 1.	ipv6 nd autoconfig other-flag	By default, the O flag bit is set to 0 in RA advertisements. Hosts receiving the advertisements will acquire other configuration information through stateless autoconfiguration.
8. Configure the router lifetime in RA messages.	ipv6 nd ra router-lifetime value	By default, the router lifetime is 1800 seconds.
9. Set the NS retransmission timer.	ipv6 nd ns retrans-timer value	By default, an interface sends NS messages every 1000 milliseconds, and the value of the Retrans Timer field in RA messages is 0.
10. Set the router preference in RA messages.	ipv6 nd router-preference { high \| low \| medium }	By default, the router preference is medium.
11. Set the reachable time.	ipv6 nd nud reachable-time value	By default, the neighbor reachable time is 30000 milliseconds, and the value of the Reachable Time field in sent RA messages is 0.

Configuring the maximum number of attempts to send an NS message for DAD

An interface sends an NS message for DAD after obtaining an IPv6 address. If the interface does not receive a response within the time specified by the ipv6 nd ns retrans-timer command, it sends an NS message again. If the interface still does not receive a response after the number of attempts reaches the threshold specified by the ipv6 nd dad attempts command, it considers the address is usable.

To configure the attempts to send an NS message for DAD:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter interface view.	interface interface-type interface-number	N/A
3. Configure the number of attempts to send an NS message for DAD.	ipv6 nd dad attempts value	The default setting is 1. When the value argument is set to 0, DAD is disabled.

Configuring ND snooping

NOTE:

This feature is available in Release 1122 and later.

About ND snooping

The ND snooping feature is used in Layer 2 switching networks. It learns the source MAC addresses, source IPv6 addresses, input interfaces, and VLANs of arriving ND messages and data packets to build ND snooping table. ND snooping entries can be used by ND detection and IPv6 source guard to prevent spoofing attacks. ND detection processes the ND messages received on ND trusted and untrusted interfaces as follows:

· ND detection forwards all ND messages received on an ND trusted interface.

· ND detection compares all ND messages received on an ND untrusted interface with the ND snooping entries except for RA and redirect messages.

ND snooping provides device liveness tracking so that the ND snooping table can be updated in a timely manner. After ND snooping is enabled for a VLAN, the device uses the following mechanisms to create, update, and delete ND snooping entries. The following example uses ND messages for illustration.

· Creating an ND snooping entry

Upon receiving an ND message or data packet from an unknown source, the device creates a tentative ND snooping entry and performs DAD for the source IPv6 address. The device sends NS messages out of the ND trusted interfaces in the VLAN every 250 milliseconds.

¡ If the device does not receive an NA message within 500 milliseconds, it validates the entry.

¡ If the device receives an NA message within 500 milliseconds, it deletes the entry.

· Updating an ND snooping entry

When the receiving ND untrusted interface of an ND message is different from that in the entry for an IPv6 address, the device performs DAD for the entry. It sends NS messages every 250 milliseconds.

¡ If the device does not receive an NA message within 500 milliseconds, it updates the entry with the new receiving interface.

¡ If the device receives an NA message within 500 milliseconds, the ND snooping entry remains unchanged.

· Deleting an ND snooping entry

¡ When an ND trusted interface in the VLAN receives an ND message from the IPv6 address in a learned ND snooping entry, it performs DAD for the entry. The device sends NS messages every 250 milliseconds.

- If the device does not receive an NA message within 500 milliseconds, it deletes the entry.

- If the device receives an NA message within 500 milliseconds, the ND snooping entry remains unchanged.

¡ If an ND snooping entry has no matching ND messages within 5 minutes, the device performs DAD for the entry. The device sends NS messages out of the interface in the entry every 250 milliseconds.

- If the device does not receive an NA message within 500 milliseconds, it deletes the entry.

- If the device receives an NA message within 500 milliseconds, the ND snooping entry remains unchanged.

Configuration procedure

To configure ND snooping:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter VLAN view.	vlan vlan-id	N/A
3. Enable ND snooping for IPv6 addresses.	· For global unicast addresses: ipv6 nd snooping enable global · For link-local addresses: ipv6 nd snooping enable link-local	You can enable ND snooping for both address types. By default, ND snooping is disabled for IPv6 global unicast addresses and link-local addresses.
4. (Optional.) Enable ND snooping for data packets from unknown sources.	ipv6 nd snooping glean source	By default, ND snooping is disabled for data packets from unknown sources.
5. Return to system view.	quit	N/A
6. Enter Layer 2 Ethernet or aggregate interface view.	interface interface-type interface-number	N/A
7. (Optional.) Set the maximum number of ND snooping entries that an interface can learn.	ipv6 nd snooping max-learning-num max-number	The default setting is 8192.

Enabling ND proxy

About ND proxy

ND proxy enables a device to answer an NS message requesting the hardware address of a host on another network. With ND proxy, hosts on different broadcast domains can communicate with each other as they would on the same network.

ND proxy includes common ND proxy and local ND proxy.

· Common ND proxy

As shown in Figure 6, VLAN-interface 1 with IPv6 address 4:1::99/64 and VLAN-interface 2 with IPv6 address 4:2::99/64 belong to different subnets. Host A and Host B reside on the same network but in different broadcast domains.

Figure 6 Application environment of ND proxy

Because Host A's IPv6 address is on the same subnet as Host B's, Host A directly sends an NS message to obtain Host B's MAC address. However, Host B cannot receive the NS message because they belong to different broadcast domains.

To solve this problem, enable common ND proxy on VLAN-interface 1 and VLAN-interface 2 of the switch. The switch replies to the NS message from Host A, and forwards packets from other hosts to Host B.

· Local ND proxy

As shown in Figure 7, both Host A and Host B belong to VLAN 2. However, they connect to GigabitEthernet 1/0/3 and GigabitEthernet 1/0/1 respectively, which are isolated at Layer 2.

Figure 7 Application environment of local ND proxy

To solve this problem, enable local ND proxy on VLAN-interface 2 of Switch A so that Switch A can forward messages between Host A and Host B.

Local ND proxy implements Layer 3 communication for two hosts in the following cases:

¡ The two hosts must connect to different isolated Layer 2 ports of a VLAN.

¡ If super VLAN is used, the two hosts must belong to different sub VLANs.

¡ If Private VLAN is used, the two hosts must belong to different secondary VLANs.

Configuration procedure

You can enable common ND proxy and local ND proxy in VLAN interface view, Layer 3 Ethernet interface view.

To enable common ND proxy:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter interface view.	interface interface-type interface-number	N/A
3. Enable common ND proxy.	proxy-nd enable	By default, common ND proxy is disabled.

To enable local ND proxy:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter interface view.	interface interface-type interface-number	N/A
3. Enable local ND proxy.	local-proxy-nd enable	By default, local ND proxy is disabled.

Configuring path MTU discovery

Setting the interface MTU

If the size of a packet exceeds the MTU of the sending interface, the device discards the packet. If the device is an intermediate device, it also sends the source host an ICMPv6 Packet Too Big message with the MTU of the sending interface. The source host fragments the packets according to the MTU. To avoid this situation, set a proper interface MTU.

To set the interface MTU:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter interface view.	interface interface-type interface-number	N/A
3. Set the interface MTU.	ipv6 mtu mtu-size	By default, no interface MTU is set.

Configuring a static path MTU for an IPv6 address

You can configure a static path MTU for an IPv6 address. Before sending a packet to the IPv6 address, the device compares the MTU of the output interface with the static path MTU. If the packet exceeds the smaller one of the two values, the device fragments the packet according to the smaller value. After sending the fragmented packets, the device dynamically finds the path MTU to a destination host (see "IPv6 path MTU discovery").

To configure a static path MTU for a destination IPv6 address:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Configure a static path MTU for a destination IPv6 address.	ipv6 pathmtu ipv6-address value	By default, no path MTU is configured for any IPv6 address.

Configuring the aging time for dynamic path MTUs

After the device dynamically finds the path MTU to a destination host (see "IPv6 path MTU discovery"), it sends packets to the destination host based on the path MTU and starts an aging timer. When the aging timer expires, the device removes the dynamic path MTU and finds the path MTU again.

The aging time is invalid for a static path MTU.

To configure the aging time for dynamic path MTUs:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Configure the aging time for dynamic path MTUs.	ipv6 pathmtu age age-time	The default setting is 10 minutes.

Controlling sending ICMPv6 messages

This section describes how to configure ICMPv6 message sending.

Configuring the rate limit for ICMPv6 error messages

To avoid sending excessive ICMPv6 error messages within a short period that might cause network congestion, you can limit the rate at which ICMPv6 error messages are sent. A token bucket algorithm is used with one token representing one ICMPv6 error message.

Tokens are placed in the bucket at intervals until the maximum number of tokens that the bucket can hold is reached.

Tokens are removed from the bucket when ICMPv6 error messages are sent. When the bucket is empty, ICMPv6 error messages are not sent until a new token is placed in the bucket.

To configure the rate limit for ICMPv6 error messages:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Set the bucket size and the interval for tokens to arrive in the bucket for ICMPv6 error messages	ipv6 icmpv6 error-interval milliseconds [ bucketsize ]	By default, the bucket allows a maximum of 10 tokens, and tokens are placed in the bucket at the interval of 100 milliseconds. To disable the ICMPv6 rate limit, set the interval to 0 milliseconds.

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Set the bucket size and the interval for tokens to arrive in the bucket for ICMPv6 error messages

ipv6 icmpv6 error-interval milliseconds [ bucketsize ]

By default, the bucket allows a maximum of 10 tokens, and tokens are placed in the bucket at the interval of 100 milliseconds.

To disable the ICMPv6 rate limit, set the interval to 0 milliseconds.

Enabling replying to multicast echo requests

The device does not respond to multicast echo requests by default. In some scenarios, however, you must enable the device to answer multicast echo requests so the source host can obtain needed information.

To enable the device to answer multicast echo requests:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enable replying to multicast echo requests.	ipv6 icmpv6 multicast-echo-reply enable	By default, this function is disabled.

Enabling sending ICMPv6 destination unreachable messages

The device sends ICMPv6 destination unreachable messages as follows:

· If a packet does not match any route, the device sends a No Route to Destination ICMPv6 error message to the source.

· If the device fails to forward the packet because of administrative prohibition (such as a firewall filter or an ACL), the device sends the source a Destination Network Administratively Prohibited ICMPv6 error message.

· If the device fails to deliver the packet because the destination is beyond the scope of the source IPv6 address (for example, the source IPv6 address is a link-local address whereas the destination IPv6 address is a global unicast address), the device sends the source a Beyond Scope of Source Address ICMPv6 error message.

· If the device fails to resolve the link layer address for the destination IPv6 address, the device sends the source an Address Unreachable ICMPv6 error message.

· If a UDP packet received is destined for the device but its UDP destination port number does not match any process, the device sends the source a Port Unreachable ICMPv6 error message.

If a device is generating ICMPv6 destination unreachable messages incorrectly, disable the sending of ICMPv6 destination unreachable messages to prevent attack risks.

To enable sending ICMPv6 destination unreachable messages:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enable sending ICMPv6 destination unreachable messages.	ipv6 unreachables enable	By default, this function is disabled.

Enabling sending ICMPv6 time exceeded messages

The device sends ICMPv6 Time Exceeded messages as follows:

· If a received packet is not destined for the device and its hop limit is 1, the device sends an ICMPv6 Hop Limit Exceeded message to the source.

· Upon receiving the first fragment of an IPv6 datagram destined for the device, the device starts a timer. If the timer expires before all the fragments arrive, the device sends an ICMPv6 Fragment Reassembly Timeout message to the source.

If the device receives large numbers of malicious packets, its performance degrades greatly because it must send back ICMP Time Exceeded messages. To prevent such attacks, disable sending ICMPv6 Time Exceeded messages.

To enable sending ICMPv6 time exceeded messages:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enable sending ICMPv6 time exceeded messages.	ipv6 hoplimit-expires enable	The default setting is disabled.

Enabling sending ICMPv6 redirect messages

Upon receiving a packet from a host, the device sends an ICMPv6 redirect message to inform the host of a better next hop when the following conditions are met:

· The interface receiving the packet is the interface forwarding the packet.

· The selected route is not created or modified by any ICMPv6 redirect message.

· The selected route is not a default route.

· The forwarded packet does not contain the routing extension header.

The ICMPv6 redirect function simplifies host management by enabling hosts that hold few routes to optimize their routing table gradually. However, to avoid adding too many routes on hosts, this function is disabled by default.

To enable sending ICMPv6 redirect messages:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enable sending ICMPv6 redirect messages.	ipv6 redirects enable	By default, sending ICMPv6 redirect messages is disabled.

Specifying the source address for ICMPv6 packets

Perform this task to specify the source IPv6 address for outgoing ping echo request and ICMPv6 error messages. It is a good practice to specify the IPv6 address of the loopback interface as the source IPv6 address. This feature helps users to easily locate the sending device.

If you specify an IPv6 address in the ping command, ping echo requests use the specified address as the source IPv6 address rather than the IPv6 address specified by the ipv6 icmpv6 source command.

To specify the source IPv6 address for ICMPv6 packets:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Specify an IPv6 address as the source address for outgoing ICMPv6 packets.	ipv6 icmpv6 source ipv6-address	By default, the device uses the IPv6 address of the sending interface as the source IPv6 address for outgoing ICMPv6 packets.

Enabling a device to discard IPv6 packets that contain extension headers

This feature enables a device to discard a received IPv6 packet in either of the following situations:

· The packet contains a Hop-by-Hop Options header.

· The packet contains two or more extension headers.

To enable a device to discard IPv6 packets that contain extension headers:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enable the device to discard IPv6 packets that contain extension headers.	ipv6 option drop enable	By default, the device does not discard IPv6 packets that contain extension headers.

Displaying and maintaining IPv6 basics

Execute display commands in any view and reset commands in user view.

Task	Command
Display IPv6 FIB entries.	display ipv6 fib [ ipv6-address [ prefix-length ] ]
Display IPv6 information about the interface.	display ipv6 interface [ interface-type [ interface-number ] ] [ brief ]
Display IPv6 prefix information about the interface.	display ipv6 interface interface-type interface-number prefix
Display neighbor information	display ipv6 neighbors { { ipv6-address \| all \| dynamic \| static } [ slot slot-number ] \| interface interface-type interface-number \| vlan vlan-id } [ verbose ]
Display the total number of neighbor entries	display ipv6 neighbors { { all \| dynamic \| static } [ slot slot-number ] \| interface interface-type interface-number \| vlan vlan-id } count
Display the IPv6 path MTU information.	display ipv6 pathmtu { ipv6-address \| { all \| dynamic \| static } [ count ] }
Display the IPv6 prefix information	display ipv6 prefix [ prefix-number ]
Display IPv6 and ICMPv6 statistics	display ipv6 statistics [ slot slot-number ]
Display brief information about IPv6 RawIP connections	display ipv6 rawip [ slot slot-number ]
Display detailed information about IPv6 RawIP connections	display ipv6 rawip verbose [ slot slot-number [ pcb pcb-index ] ]
Display brief information about IPv6 TCP connections	display ipv6 tcp [ slot slot-number ]
Display detailed information about IPv6 TCP connections	display ipv6 tcp verbose [ slot slot-number [ pcb pcb-index ] ]
Display brief information about IPv6 UDP connections	display ipv6 udp [ slot slot-number ]
Display detailed information about IPv6 UDP connections	display ipv6 udp verbose [ slot slot-number [ pcb pcb-index ] ]
Display ICMPv6 traffic statistics	display ipv6 icmp statistics [ slot slot-number ]
Display IPv6 TCP traffic statistics	display tcp statistics [ slot slot-number ]
Display IPv6 UDP traffic statistics	display udp statistics [ slot slot-number ]
Clear IPv6 neighbor information	reset ipv6 neighbors { all \| dynamic \| interface interface-type interface-number \| slot slot-number \| static }
Clear path MTUs.	reset ipv6 pathmtu { all \| dynamic \| static }
Clear IPv6 and ICMPv6 packet statistics	reset ipv6 statistics [ slot slot-number ]
Clear IPv6 TCP traffic statistics.	reset tcp statistics
Clear IPv6 UDP traffic statistics.	reset udp statistics

Basic IPv6 configuration example

Network requirements

As shown in Figure 8, a host, Switch A, and Switch B are connected through Ethernet ports. Add the Ethernet ports into corresponding VLANs. Configure IPv6 addresses for the VLAN interfaces and verify that they are connected. Switch B can reach the host.

Enable IPv6 on the host to automatically obtain an IPv6 address through IPv6 ND.

Figure 8 Network diagram

Configuration procedure

This example assumes that the VLAN interfaces have been created on the switches.

1. Configure Switch A:

# Specify a global unicast address for VLAN-interface 2.

<SwitchA> system-view

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ipv6 address 3001::1/64

[SwitchA-Vlan-interface2] quit

# Specify a global unicast address for VLAN-interface 1, and allow it to advertise RA messages (no interface advertises RA messages by default).

[SwitchA] interface vlan-interface 1

[SwitchA-Vlan-interface1] ipv6 address 2001::1/64

[SwitchA-Vlan-interface1] undo ipv6 nd ra halt

[SwitchA-Vlan-interface1] quit

2. Configure Switch B:

# Configure a global unicast address for VLAN-interface 2.

<SwitchB> system-view

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] ipv6 address 3001::2/64

[SwitchB-Vlan-interface2] quit

# Configure an IPv6 static route with destination IPv6 address 2001::/64 and next hop address 3001::1.

[SwitchB] ipv6 route-static 2001:: 64 3001::1

3. Configure the host:

Enable IPv6 for the host to automatically obtain an IPv6 address through IPv6 ND.

# Display neighbor information for GigabitEthernet 1/0/2 on Switch A.

[SwitchA] display ipv6 neighbors interface GigabitEthernet 1/0/2

Type: S-Static D-Dynamic O-Openflow I-Invalid

IPv6 Address Link Layer VID Interface State T Age

FE80::215:E9FF:FEA6:7D14 0015-e9a6-7d14 1 GE1/0/2 STALE D 1238

2001::15B:E0EA:3524:E791 0015-e9a6-7d14 1 GE1/0/2 STALE D 1248

The output shows that the IPv6 global unicast address that Host obtained is 2001::15B:E0EA:3524:E791.

Verifying the configuration

# Display the IPv6 interface settings on Switch A. All IPv6 global unicast addresses configured on the interface are displayed.

[SwitchA] display ipv6 interface vlan-interface 2

Vlan-interface2 current state: UP

Line protocol current state: UP

IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:2

Global unicast address(es):

3001::1, subnet is 3001::/64

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF00:1

FF02::1:FF00:2

MTU is 1500 bytes

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds

ND retransmit interval is 1000 milliseconds

Hosts use stateless autoconfig for addresses

IPv6 Packet statistics:

InReceives: 25829

InTooShorts: 0

InTruncatedPkts: 0

InHopLimitExceeds: 0

InBadHeaders: 0

InBadOptions: 0

ReasmReqds: 0

ReasmOKs: 0

InFragDrops: 0

InFragTimeouts: 0

OutFragFails: 0

InUnknownProtos: 0

InDelivers: 47

OutRequests: 89

OutForwDatagrams: 48

InNoRoutes: 0

InTooBigErrors: 0

OutFragOKs: 0

OutFragCreates: 0

InMcastPkts: 6

InMcastNotMembers: 25747

OutMcastPkts: 48

InAddrErrors: 0

InDiscards: 0

OutDiscards: 0

[SwitchA] display ipv6 interface vlan-interface 1

Vlan-interface1 current state: UP

Line protocol current state: UP

IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0

Global unicast address(es):

2001::1, subnet is 2001::/64

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF00:1

FF02::1:FF00:1C0

MTU is 1500 bytes

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds

ND retransmit interval is 1000 milliseconds

ND advertised reachable time is 0 milliseconds

ND advertised retransmit interval is 0 milliseconds

ND router advertisements are sent every 600 seconds

ND router advertisements live for 1800 seconds

Hosts use stateless autoconfig for addresses

IPv6 Packet statistics:

InReceives: 272

InTooShorts: 0

InTruncatedPkts: 0

InHopLimitExceeds: 0

InBadHeaders: 0

InBadOptions: 0

ReasmReqds: 0

ReasmOKs: 0

InFragDrops: 0

InFragTimeouts: 0

OutFragFails: 0

InUnknownProtos: 0

InDelivers: 159

OutRequests: 1012

OutForwDatagrams: 35

InNoRoutes: 0

InTooBigErrors: 0

OutFragOKs: 0

OutFragCreates: 0

InMcastPkts: 79

InMcastNotMembers: 65

OutMcastPkts: 938

InAddrErrors: 0

InDiscards: 0

OutDiscards: 0

# Display the IPv6 interface settings on Switch B. All IPv6 global unicast addresses configured on the interface are displayed.

[SwitchB] display ipv6 interface vlan-interface 2

Vlan-interface2 current state :UP

Line protocol current state :UP

IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1234

Global unicast address(es):

3001::2, subnet is 3001::/64

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF00:1

FF02::1:FF00:1234

MTU is 1500 bytes

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds

ND retransmit interval is 1000 milliseconds

Hosts use stateless autoconfig for addresses

IPv6 Packet statistics:

InReceives: 117

InTooShorts: 0

InTruncatedPkts: 0

InHopLimitExceeds: 0

InBadHeaders: 0

InBadOptions: 0

ReasmReqds: 0

ReasmOKs: 0

InFragDrops: 0

InFragTimeouts: 0

OutFragFails: 0

InUnknownProtos: 0

InDelivers: 117

OutRequests: 83

OutForwDatagrams: 0

InNoRoutes: 0

InTooBigErrors: 0

OutFragOKs: 0

OutFragCreates: 0

InMcastPkts: 28

InMcastNotMembers: 0

OutMcastPkts: 7

InAddrErrors: 0

InDiscards: 0

OutDiscards: 0

# Ping Switch A and Switch B on the host, and ping Switch A and the host on Switch B to verify that they are connected.

NOTE:

When you ping a link-local address, use the -i parameter to specify an interface for the link-local address.

[SwitchB] ping ipv6 -c 1 3001::1

Ping6(56 data bytes) 3001::2 --> 3001::1, press CTRL_C to break

56 bytes from 3001::1, icmp_seq=0 hlim=64 time=4.404 ms

--- Ping6 statistics for 3001::1 ---

1 packet(s) transmitted, 1 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 4.404/4.404/4.404/0.000 ms

[SwitchB] ping ipv6 -c 1 2001::15B:E0EA:3524:E791

Ping6(56 data bytes) 3001::2 --> 2001::15B:E0EA:3524:E791, press CTRL_C to break

56 bytes from 2001::15B:E0EA:3524:E791, icmp_seq=0 hlim=64 time=5.404 ms

--- Ping6 statistics for 2001::15B:E0EA:3524:E791 ---

1 packet(s) transmitted, 1 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 5.404/5.404/5.404/0.000 ms

The output shows that Switch B can ping Switch A and the host. The host can also ping Switch B and Switch A.

Troubleshooting IPv6 basics configuration

Symptom

An IPv6 address cannot be pinged.

Solution

1. Use the display ipv6 interface command in any view to verify that the IPv6 address of the output interface is correct and the interface is up.

2. Use the debugging ipv6 packet command in user view to enable the debugging for IPv6 packets to locate the fault.

04-Layer 3-IP Services Configuration Guide

Configuring basic IPv6 settings

IPv6 features

Simplified header format

Larger address space

Hierarchical address structure

Address autoconfiguration

Built-in security

QoS support

Enhanced neighbor discovery mechanism

Flexible extension headers

IPv6 addresses

IPv6 address formats

IPv6 address types

Unicast addresses

Multicast addresses

EUI-64 address-based interface identifiers

IPv6 ND protocol

Address resolution

Neighbor reachability detection

IPv6 transition technologies

Protocols and standards

IPv6 basics configuration task list

Configuring an IPv6 global unicast address

EUI-64 IPv6 address

Manual configuration

Stateless address autoconfiguration

Configuring a static IPv6 prefix

Configuring automatic generation of an IPv6 link-local address for an interface

Manually specifying an IPv6 link-local address for an interface

Configuring IPv6 ND

Setting the hop limit

Enabling sending of RA messages

Configuring parameters for RA messages

About ND snooping

Configuration procedure

Enabling ND proxy

About ND proxy

Configuration procedure

Configuring the aging time for dynamic path MTUs

Enabling replying to multicast echo requests

Enabling sending ICMPv6 destination unreachable messages

Enabling sending ICMPv6 time exceeded messages

Displaying and maintaining IPv6 basics

Basic IPv6 configuration example

Troubleshooting IPv6 basics configuration

Solution

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us