Slide 1
1
CMPT 471
Networking II
ICMPv6
© Janice Regan, 2012-2018
Calculating the checksum
For ICMP the ICMP header and message are considered when the checksum is calculated
Break the data described above into 16 bit blocks. Consider each of the blocks as an integer. (checksum field should be 0)
Calculate the ones complement sum of all the 16 bit integers.
The ones complement of the ones complement sum is placed in to the checksum field
© Janice Regan, 2012-2018
2
Checking the checksum
The checksum is recalculated on the same octets in the received PDU.
The checksum in the checksum field is included in the ones complement sum.
If the result is all 1 bits the check succeeds
See RFC 1071
© Janice Regan, 2012-2018
3
Checksums other protocols
Most use the same algorithm
For IPv4 only the IPv4 header is checksummed
For IPv6 there is no checksum
For TCP and UDP the pseudo-header, the TCP or UDP header and the TCP or UDP data (see http://www.tcpipguide.com/free/t_TCPChecksumCalculationandtheTCPPseudoHeader-2.htm
© Janice Regan, 2012-2018
4
Link local – Unique local
Link local addresses can only be used with a direct physical connection (FE80::)
(addresses reached by IPv4 broadcast)
Unique local addresses (RFC 4193) can be routed within a local site internet, or between sites but not globally (FC00::/7)
(similar to IPv4 private network reserved addresses e.g. 192.168.0.0)
© Janice Regan, 2012-2018
5
© Janice Regan, 2012-2018
6
ICMPv6 message header format
ICMPv6 message header format is the same as ICMPv4
Each ICMP message has its own format, but all start with the same three fields
A type field (1 octet) indicating which type of ICMP message follows
A 1 octet code following the type that further defines the message (see text for list)
For example type specifies destination unreachable, code specifies router or host
The 3rd common field is a 2 octet checksum. The checksum is calculated the same way as the IPv4 checksum, including the entire ICMP PDU in the calculation
Types and codes DIFFERENT
The types and codes for ICMPv6 messages are completely different for those of ICMPv4 messages
Many of the same messages are available but their types and codes are now different
Messages are divided into two groups
Errors (message numbers 1 to 127)
Information messages (message numbers ≥ 128)
© Janice Regan, 2012-2018
7
Some types and codes (error)
© Janice Regan, 2012-2018
8
CODE
0- no route to destination
1-communication administratively prohibited
3-address unreachable
4-port unreachable
0
0-hop limit exceeded
1-fragment reassembly time exceeded
0-erroneous header field encountered
1-next header type not recognized
2-unrecognized option
Message number
(message number for errors 1-127)
1 (destination unreachable)
2 (packet too big)
3 (time exceeded)
4 (parameter problem
Some more types (information)
© Janice Regan, 2012-2018
9
Message number
128 Echo request
129 Echo reply
133 Router solicitation
134 Router Advertisement
135 Neighbor solicitation
136 Neighbor advertisement
137 Redirect message
Destination Unreachable
ICMPv6 Destination Unreachable message is sent when a router cannot forward the packet to (or toward) the destination because
It has no route to the destination network in its routing table
It cannot find a requested host on its local network
There is no server to deal with the incoming request
The IPv6 address or port is administratively blocked
© Janice Regan, 2012-2018
10
ICMPv6 Destination Unreachable
© Janice Regan, 2012-2018
11
TYPE (1)
CODE 0,1,2, or 3
CHECKSUM
unused
As much of invoking packet as will fit without the resulting ICMPv6 packet exceeding the minimum IPv6 MTU of 1280
VERS 6
TRAFFIC CLASS
FLOW LABEL
PAYLOAD LENGTH
NEXT HEADER
HOP LIMIT
IPv6 source address
IPv6 destination address
IPv6 header
Destination unreachable
Message
(ICMPv6)
Destination unreachable: codes
0. No route to destination: No entry in routing table . that goes to destination network and no default route
Administratively Blocked: may be sent from a firewall that cannot forward a packet or if a host accepts only authenticated echo requests and receives on that is not authenticated
Address: cannot resolve network address, router on destination network cannot find requested host
Port: no listening server
No message equivalent to IPv4 source quench
© Janice Regan, 2012-2018
12
© Janice Regan, 2012-2018
13
Packet too big
Sent by a router that cannot forward a packet because it is larger than the MTU of the destination network.
Used as part of the MTU discovery process (source asks: how big should the packets I send be?)
Packet too big message includes a field for the MTU of the network that the packet could not enter (4 byte field after checksum, before data)
© Janice Regan, 2012-2018
14
ICMPv6 TOO BIG message
© Janice Regan, 2012-2018
15
TYPE (2)
CODE 0
CHECKSUM
MTU of next network (the network with smaller MTU that prevented the packet being forwarded)
As much of invoking packet as will fit without the resulting ICMPv6 packet exceeding the minimum IPv6 MTU of 1280
VERS 6
TRAFFIC CLASS
FLOW LABEL
PAYLOAD LENGTH
NEXT HEADER
HOP LIMIT
IPv6 source address
IPv6 destination address
IPv6 header
TOO BIG
Message
(ICMPv6)
MTU discovery
Assume MTU should be the size on the interface the packet leaves the source through
If the packet is too large at an intermediate router, that router drops the packet and sends the source a packet too big message
Host now sends data with the smaller MTU
Process in previous 3 steps can be repeated
Host never sends with MTU below 1280 bytes
© Janice Regan, 2012-2018
16
MTU discovery
© Janice Regan, 2012-2018
17
NET 3
MTU 1280
NET 3
MTU 1500
NET 2
MTU 1350
ICMP
TOO BIG message
MTU = 1350
ICMP
TOO BIG message
MTU =1280
IP packet MTU = 1500
IP packet MTU = 1350
IP packet MTU =1280
Time exceeded message
Sent by a router when the lifetime of a packet becomes 0
Two possible situations
Too many hops
Waited too long for reassembly
CODE = 2: When fragments do not arrive by the time the reassembly time expires, a time exceeded message will be sent to the source
© Janice Regan, 2012-2018
18
Time exceeded: hop count 0
Hop count is decremented at each router
When hop count is 0 lifetime has expired
CODE=1
When decrementing the hop count results in a hop count of zero the packet is dropped and a time exceeded message is sent to the source
When a packet arrives at a router and hop count = 0, the packet is dropped and a time exceeded message is sent to the source
© Janice Regan, 2012-2018
19
ICMPv6 time exceeded
© Janice Regan, 2012-2018
20
TYPE (2)
CODE 0
CHECKSUM
MTU of next network (the network with smaller MTU that prevented the packet being forwarded)
As much of invoking packet as will fit without the resulting ICMPv6 packet exceeding the minimum IPv6 MTU of 1280
VERS 6
TRAFFIC CLASS
FLOW LABEL
PAYLOAD LENGTH
NEXT HEADER
HOP LIMIT
IPv6 source address
IPv6 destination address
IPv6 header
Time exceeded
Message
(ICMPv6)
traceroute6
The traceroute6 command is an example of the use of the time exceeded message
A UDP packet with a hop count of 1 is sent
The first router reached sends back a time exceeded message
A packet with a hop count of 2 is sent
The second router in the path sends back a time exceeded message
This is repeated, incrementing the hop count by 1 until the packet reaches its destination
Ubuntu sends 3 copies of each packet sent in the description above
© Janice Regan, 2012-2018
21
Echo Reply Echo Request
Used to test reachability of hosts
Message format same as IPv4 (but with different type)
Identifier and sequence number still used to match reply with its request
In IPv4 not authenticated, can be authenticated in IPv6 (verify source)
Improves security
© Janice Regan, 2012-2018
22
ICMPv6 echo request/reply
© Janice Regan, 2012-2018
23
TYPE (128/129)
CODE 0
CHECKSUM
INDENTIFIER
As much of invoking packet as will fit without the resulting ICMPv6 packet exceeding the minimum IPv6 MTU of 1280
VERS 6
TRAFFIC CLASS
FLOW LABEL
PAYLOAD LENGTH
NEXT HEADER
HOP LIMIT
IPv6 source address
IPv6 destination address
IPv6 header
Echo request/replyMessage
(ICMPv6)
SEQUENCE NUMBER
ping6 testing reachability
The ping6 command for testing the reachability of other hosts is an example of the use of echo request/reply pairs
Requests and replies are matched using the identifier field and sequence number field (both fields are identical for a matching reply and request)
If a matching reply is received host is reachable
If no reply is received the host being “pinged” is not reachable
© Janice Regan, 2012-2018
24
© Janice Regan, 2012-2018
25
From the TCP/IP Guide (online)
Neighbor Discovery protocol
We have already discussed a part of the neighbor Discovery protocol that replaces the ARP protocol and gratuitous ARP for IPv4.
Address resolution
Duplicate address detection
And additions to these protocol also adds some additional functionality used in these tasks
Neighbor unreachability
© Janice Regan, 2012-2018
26
Neighbor solicitation (NS) message
© Janice Regan, 2012-2018
27
TYPE (135)
CODE 0
CHECKSUM
RESERVED (set to 0)
IPv6 TARGET ADDRESS (link local IP ADDRESS of B)
OPTIONS (VARIABLE LENGTH
Ethernet Address of source host A.
VERS 6
TRAFFIC CLASS
FLOW LABEL
PAYLOAD LENGTH
NEXT HEADER
HOP LIMIT 255
IPv6 source address (address of A)
IPv6 destination address (solicited-node multicast address of B)
IPv6 header
Neighbor solicitation
Message
(ICMP)
Neighbor advertisement (NA)
© Janice Regan, 2012-2018
28
TYPE (136)
CODE 0
CHECKSUM
RESERVED (set to 0)
IPv6 TARGET ADDRESS (Copied from solicitation)
OPTIONS (VARIABLE LENGTH)
Ethernet Address of source host (host B).
VERS 6
TRAFFIC CLASS
FLOW LABEL
PAYLOAD LENGTH
NEXT HEADER
HOP LIMIT 255
IPv6 source address
IPv6 destination address
IP header
Neighbor solicitation
Message
(ICMP)
R|S|0
Router Discovery: Uses
Router solicitation (RS) and Router advertisement (RA) messages are used to
Help hosts find the routers on the local network segment
Help hosts Determine the range of addresses in the local network segment (prefix discovery)
Supporting auto-config of IPv6 addresses
Help hosts discover MTU of the local segment
Help determine next hop destination
© Janice Regan, 2012-2018
29
© Janice Regan, 2012-2018
30
From the TCP/IP Guide (online)
Router Advertisement
RAs tell hosts on the network how to find the routers on the network and some properties of the networks to which they are attached
Periodic RAs are usually sent at regular intervals. They are sent to all hosts on the network (sent to all hosts multicast address)
A responding Ra is sent to reply to RS
Host’s use RAs,
Routers ignore all received RAs.
© Janice Regan, 2012-2018
31
© Janice Regan, 2012-2018
32
IPv6: information in RA (1)
Information in RAs support
Router Discovery: How hosts locate routers that reside on an attached link.
Prefix Discovery: How hosts discover the set of address prefixes that define which destinations are on-link for an attached link. (Nodes use prefixes to distinguish destinations that reside on-link from those only reachable through a router.)
From RFC 2461
© Janice Regan, 2012-2018
33
IPv6: information in RA (2)
Information in RAs support
Address Auto configuration: How nodes automatically configure an address for an interface.
Address resolution: How nodes determine the link-layer address of an on-link destination (e.g., a neighbor) given only the destination’s IP address. (supply needed prefix information)
From RFC 2461
© Janice Regan, 2012-2018
34
IPv6: information in RA (3)
Information in RAs supports
Next-hop determination: The algorithm for mapping an IP destination address into the IP address of the neighbor to which traffic for the destination should be sent. The next- hop can be a router or the destination itself.
Parameter Discovery: How a node learns such link parameters as the link MTU or such Internet parameters as the hop limit value to place in outgoing packets.
From RFC 2461
© Janice Regan, 2012-2018
35
Improvements over IPv4
RAs carry link-layer addresses
No additional packet exchange is needed to resolve the router’s link-layer address. (ARP not needed)
RAs carry prefixes for a link
There is no need for mask request/reply messages to obtain subnet or network sizes (masks)
RAs enable Address Auto-configuration.
RAs can advertise a link MTU
Hosts use this MTU on the link,
ensures that all nodes on the link use the same MTU
From RFC 2461
Periodic Router Advertisement
Periodic RAs tell hosts on the network how to find the routers on the network and some properties of the networks to which they are attached
Periodic RA’s are usually sent at regular intervals. They are sent to all hosts on the network (sent to all hosts multicast address)
© Janice Regan, 2012-2018
36
Periodic RA
In UBUNTU LINUX (the OS of our virtual lab) periodic router announcements are not sent by default
A daemon radvd must be configured and started on each participating router.
Once radvd is installed and configured it will start each time the host is booted
© Janice Regan, 2012-2018
37
Radvd
Advertises prefixes to use for auto address auto-configuration
Each advertised prefix will produce on auto-configured address for each host on the network being advertised to.
Advertises routes
Can advertise other information
© Janice Regan, 2012-2018
38
38
© Janice Regan, 2012-2018
39
Default Router: Router lifetime
A default router is a router that is willing to forward packets originating on the network segment receiving the RA.
Router Lifetime The lifetime associated with a default router entry in the cache in units of seconds (≤9000s). Default value is 3.
A router which is not willing to be a default router will advertise a lifetime of 0
© Janice Regan, 2012-2018
40
Reply: Router advertisement
© Janice Regan, 2012-2018
41
TYPE (134)
CODE 0
CHECKSUM
RESERVED
RETRANSMISSION TIMER (time in milliseconds between retransmission of NS messages).
VERS 6
TRAFFIC CLASS
FLOW LABEL
PAYLOAD LENGTH
NEXT HEADER
HOP LIMIT 255
IPv6 source address (link local address of sending interface)
IPv6 destination address (all nodes multicast address)
IP header
Router solicitation
Message
(ICMP)
Flags
Cur Hop Limit
ROUTER LIFETIME
OPTIONS (VARIABLE LENGTH includes link layer address of sending interface, prefix information may include MTU
REACHABLE TIMER ≤1hr (time node assumes neighbor is reachable)
Reachable Timer
Reachable Time:. The number of milliseconds, that a node assumes a neighbor is reachable (after receiving a reachability confirmation)
Used by neighbor unreachability detection.
Applies to both hosts and routers
Must be < 1hr (3,600,000 millisecond)
© Janice Regan, 2012-2018
42
Retransmission Timer
Retransmission Timer : The number of milliseconds, between retransmitted Neighbor Solicitation messages. (default 0, unspecified, do not change)
Used by neighbor unreachability detection
Use by address resolution
Default value in RA is 0, which means unspecified,
© Janice Regan, 2012-2018
43
Router Advertisement Flags
M: managed address configuration
When set indicates addresses supplied by DHCPv6
O: other configuration flag
Other configuration information (e.g. DNS info) is available from the DHCPv6 server
Redundant if M flag is set
H: Mobile Home agent flag
Allows continued connectivity when moving from one connection to internet to another, routing packets from home location to present location
© Janice Regan, 2012-2018
44
Router Advertisement Flags
PRF (2bits) Router selection preference
Optional, administrator configured preference, helps multi homed host pick different preferred routers available on different links
P: Neighbor Discovery Proxy Flag
Proxy for cases when bridging is not possible
© Janice Regan, 2012-2018
45
Router advertisement options
Option format
OPTIONS
Link layer address
MTU
Prefix
© Janice Regan, 2012-2018
46
TYPE
LENGTH
DATA (variable length)
© Janice Regan, 2012-2018
47
Router/Parameter/Prefix Discovery
A booting host does not want to wait for the next periodic router advertisement
A booting host can send a router solicitation (RS) message to the all routers multicast address to prompt an immediate RA.
The default routers on the local link will each reply with an immediate RA
The information in these RAs will allow the booting host to discover the routers, parameters, and prefixes for the local network segment
47
Router solicitation message
© Janice Regan, 2012-2018
48
TYPE (133)
CODE 0
CHECKSUM
RESERVED (set to 0)
OPTIONS (VARIABLE LENGTH
Ethernet Address of source the sending host.
VERS 6
TRAFFIC CLASS
FLOW LABEL
PAYLOAD LENGTH
NEXT HEADER
HOP LIMIT 255
IPv6 source address (IPv6 address of sending interface)
IPv6 destination address (all-routers multicast address)
IPv6 header
Router solicitation
Message
(ICMP)
Router Solicitation
Sent by a host to determine where the routers on the local network are and parameters to use
When a host needs this information NOW not at the end of the next interval (which may be several minutes)
Receiving a RS will cause the default routers to unicast a router advertisement to the requestor
Receiving a RS will reset the routers periodic transmission timer (next RA will be 1 period after reception of the RS)
© Janice Regan, 2012-2018
49
Reply: Router advertisement
© Janice Regan, 2012-2018
50
TYPE (134)
CODE 0
CHECKSUM
RESERVED
RETRANSMISSION TIMER (time in milliseconds between retransmission of NS messages).
VERS 6
TRAFFIC CLASS
FLOW LABEL
PAYLOAD LENGTH
NEXT HEADER
HOP LIMIT 255
IPv6 source address (link local address of sending interface)
IPv6 destination address (source address of the RS being replied to)
IP header
Router solicitation
Message
(ICMP)
Flags
Cur Hop Limit
ROUTER LIFETIME
OPTIONS (VARIABLE LENGTH includes link layer address of sending interface, prefix information may include MTU
REACHABLE TIMER ≤1hr (time node assumes neighbor is reachable)
Prefix Discovery
How a host determines the set of prefixes that are on-link, the size and initial address of each range of valid addresses (accessible without going through a router)
Prefixes sent as part of the options in the RA tell us the on link addresses that are available
How are the prefixes sent in the RA?
© Janice Regan, 2012-2018
51
What a prefix option looks like
© Janice Regan, 2012-2018
52
TYPE 3
LENGTH 4
PREFIX LENGTH |L|A| RESERVED
VALID LIFETIME (time in seconds after RA is sent that the prefix is valid)
PREFERRED LIFETIME
RESERVED (both reserved fields must be all 0)
PREFIX (PREFIX LENGTH bits of the binary digits in the prefix of the IP address, followed by 128-PREFIXLENGTH zeros)
L Flag is set when prefix can be used to determine if addresses are on link
A Flag is set when prefix can be used for autonomous address configuration
A lifetime of all 1’s represents infinity
Prefix discovery
Each router should include all prefixes it supports on the local link in the options field of the RA.
Prefix options with the L flag sent are available on link (in the on link database)
Host can combine prefixes with L bit set from the RA’s of all routers to determine all available prefixes on the local link
© Janice Regan, 2012-2018
53
Parameter Discovery
How a node learns IP and link parameters used to send packets
link parameters as such as
the link MTU to determine size of packets to send
the retransmission time for NS messages
Router lifetime
Determine approach to configuration (M flag)
Internet parameters such as the hop limit value to place in outgoing packets. (from the Cur Hop limit field in the RA)
© Janice Regan, 2012-2018
54
© Janice Regan, 2012-2018
55
Parameter Discovery: uses
Router announcements allow one to
Choose stateful configuration (DHCP M flag 1)
Or choose stateless auto configuration of addresses (M flag 0)
Update values such as Cur Hop Limit Reachable Time, and Retransmission Timer, MTU.
If the value given is 0 this means that the existing values should continue to be used, NOT that values should be set to the default or to 0
Immediately send to router after receiving and processing RA because Link local IP addresses and hardware level addresses of the router are provided
55
Updating parameters
A router may send a RA to update any parameter/option that can have only one value
If a different value is given in the RA that the host is presently using, the value the host is using should be updated.
Some parameters (Cur Hop limit, Reachable Time and Retransmission Timer) can be given the value 0 (unspecified). This means that the current value should continue to be used.
© Janice Regan, 2012-2018
56
VALID
Auto configuration outline
© Janice Regan, 2012-2018
57
TENTATIVE
PREFERRED
Normal operation
DEPRECATED
existing connections should use
new connections might not
INVALID
INIT
Generate address
start timers
(preferred lifetime,
valid lifetime)
Verify address
With DAD\
Timers restarted by arrival of RA
Or DHCPv6 renewal
Preferred lifetime expires
valid lifetime expires
RA received
© Janice Regan, 2012-2018
58
IPv6 auto configuration (1)
To make it easier to connect to a network IPv6 provides a process for auto configuration of IP address (and more) for a given node
When a node connects to the network it constructs a link local address (tentative address)
© Janice Regan, 2012-2018
59
Construction of address
When a node connects to the network it constructs a link local address (tentative address)
The address begins with the link local prefix fe80::0/64 (link local address starts with 1111 1110 10 or fe80 followed by 54 0’s )
The last 64 bits will contain a modified Ethernet address of the node. The 64 bits will consist of
The first 24 bits of the Ethernet address
The Intermediate 16 bits will be FFFE (if the IEEE 802 algorithm is used)
The final 24 bits of the Ethernet address
© Janice Regan, 2012-2018
60
IPv6 auto configuration (2)
To make it easier to connect to a network IPv6 provides a process for auto configuration of IP address (and more) for a given node
Node checks address using DAD
sends NS to solicited node multicast address
If a NA is received stop (NEED MANUAL CONFIG)
Otherwise assign the link local address to the interface
© Janice Regan, 2012-2018
61
DAD details
.
The next step is duplicate address detection (DAD, one of the parts of the neighbor discover protocol).
Some vendors ship multiple interfaces with the same Ethernet address, or units with configurable addresses, there is a finite chance that the constructed link local address is already in use.
A neighbor solicitation message with type 135 is sent to the tentative unicast address (source address 0::0)
If there is already a host with the tentative address it will reply to the neighbor solicitation message with a neighbor advertisement message multicast to all nodes multicast address. This message indicates it is send in reply to a solicitation message
If a reply to the neighbor solicitation message is received auto configuration aborts
© Janice Regan, 2012-2018
62
IPv6 auto configuration (3a)
.
Send router solicitation from the link local address to the all routers multicast address
If no router advertisements are received this indicates there is not IPv6 capable router available
The node will attempt to obtain an IP address using DHCPv6
If no DHCPv6 server is available the node communicates to other IPv6 hosts only locally, using the link local address (skip remaining autconfig steps)
© Janice Regan, 2012-2018
63
IPv6 auto configuration (3b)
.
Send a router solicitation message from the link local address to the all routers multicast address
Any IPv6 router that receives the router solicitation message will reply with a router advertisement unicast to the link local address of the auto-configuring node
IPv6 auto configuration (4)
Use the parameters in the RA (or from DHCPv6) to set the parameters of the interface (MTU, Retrans time, Reachable time, Hop Limit)
Choose default routers (Lifetime ≠0). Note that only default routers can have default routes
Use each of the prefixes with the A flag set in the RA (or from DHCPv6) to determine global address, test address with DAD, and initialize corresponding global address on the interface
Each interface has 1 address for each prefix
© Janice Regan, 2012-2018
64
/docProps/thumbnail.jpeg