IPv6 Neighbor Discovery and Protocol Features

🎯 What You'll Learn:
Understand IPv6 Neighbor Discovery protocol, Router Advertisements/Solicitations, interface identifier creation, hexadecimal notation, IPv6 header improvements, and Flow Label functionality

Table of Contents

1. IPv4 and IPv6 Header Comparison
2. IPv6 Protocol Changes
3. Flow Label Field
4. Neighbor Discovery Protocol
5. Router Solicitation and Advertisement
6. Neighbor Solicitation and Advertisement
7. Redirect Messages
8. Hexadecimal Notation Practice
9. Shorthand Notation Rules
10. Interface ID Creation Methods
11. IPv6 Prefix Summary

IPv4 and IPv6 Header Comparison

Understanding Header Evolution

One of the most significant improvements in IPv6 is the simplified header structure. Let's examine what changed and why.

🔍 Header Comparison Legend:

• ● Green: Field name kept from IPv4 to IPv6
• ● Red: Fields not kept in IPv6
• ● Yellow: Name and position changed in IPv6
• ● Blue: New field in IPv6

IPv4 Header Fields

IPv4 Header (Variable Length: 20-60 bytes):

Version | IHL | Type of Service | Total Length
Identification | Flags | Fragment Offset
Time to Live | Protocol | Header Checksum
Source Address (32 bits)
Destination Address (32 bits)
Options | Padding

IPv6 Header Fields

IPv6 Header (Fixed Length: 40 bytes):

Version | Traffic Class | Flow Label
Payload Length | Next Header | Hop Limit
Source Address (128 bits)
Destination Address (128 bits)

Key Differences

Feature	IPv4	IPv6
Header Size	Variable (20-60 bytes)	Fixed (40 bytes)
Header Checksum	Required	Removed (handled by lower/upper layers)
Fragmentation	Routers can fragment	Only source can fragment
Options	In header (causes variable length)	Extension headers (separate)
Address Length	32 bits	128 bits
Processing	Complex (variable options)	Simpler (fixed format)

IPv6 Protocol Changes

Key Protocol Improvements

IPv6 introduces significant changes in key areas:

✅ IPv6 Protocol Enhancements:

• Simplification of header format - Fixed 40-byte header for faster processing
• Expanded address space - 128-bit addresses (2¹²⁸ addresses)
• Extensibility - Improved option support through extension headers
• Stateless autoconfiguration - No DHCP required for basic connectivity
• Built-in security and mobility - IPsec mandatory, Mobile IPv6 integrated

IPv6 Packet Structure - Header Sequence

IPv6 uses a chain of headers for extensibility:

Header Chain Examples:

Simple Packet:
IPv6 Header → TCP Segment

With Extension Headers:
IPv6 Header → Routing Header → TCP Segment

Multiple Extensions:
IPv6 Header → Routing Header → Authentication Header → TCP Segment

The Chain of Pointers: Next Header Field

The Next Header field forms a chain linking headers together:

💡 How It Works:
Each header's "Next Header" field points to the next header type in the chain:

• 6 = TCP
• 43 = Routing Header
• 51 = Authentication Header (AH)
• 58 = ICMPv6

Example 1: Direct TCP
IPv6 Header (Next Header = 6) → TCP Segment

Example 2: With Routing
IPv6 Header (Next Header = 43) → Routing Header (Next Header = 6) → TCP Segment

Example 3: Multiple Extensions
IPv6 Header (Next Header = 43) → Routing Header (Next Header = 51) → Authentication Header (Next Header = 6) → TCP Segment

Flow Label Field

What is the Flow Label?

The Flow Label is a new 20-bit field in the IPv6 header defined in RFC 3697. It enables efficient packet classification for Quality of Service (QoS) and traffic management.

🎯 Flow Label Purpose:

• Identifies a sequence of packets requiring special handling
• Enables routers to classify traffic more efficiently
• Provides QoS without deep packet inspection
• Source can label flows for consistent treatment

Traditional Flow Classification (IPv4)

IPv4 flow classification typically uses 5-tuple:

• Source address
• Destination address
• Protocol type
• Source port
• Destination port

⚠️ IPv4 Classification Problems:

• Some fields may be unavailable due to fragmentation
• Encryption hides port information
• Extension headers may obscure data
• Deep packet inspection required (slow)

IPv6 Flow Label Advantages

Flow Label provides a better solution:

✅ Flow Label Benefits:

• Only three parameters needed: Flow Label + Source Address + Destination Address
• Always in fixed position (no searching required)
• Works even with fragmentation or encryption
• Faster router processing
• Consistent treatment for related packets

Neighbor Discovery Protocol

What Does Neighbor Discovery Replace?

Neighbor Discovery (ND) is a fundamental IPv6 protocol that replaces several IPv4 mechanisms:

IPv4 Function	IPv6 Replacement
ARP (Address Resolution)	Neighbor Solicitation/Advertisement
ICMP Router Discovery	Router Solicitation/Advertisement
ICMP Redirect	ICMPv6 Redirect

Neighbor Discovery Functions

• Reachability of neighbors - Verify neighbor availability
• Router discovery - Hosts discover routers on the link
• Address autoconfiguration - Stateless address configuration
• Duplicate Address Detection (DAD) - Ensure address uniqueness

Neighbor Discovery Message Types

Neighbor Discovery uses five ICMPv6 message types:

ICMPv6 Type	Message	Purpose
Type 133	Router Solicitation (RS)	Host requests router information
Type 134	Router Advertisement (RA)	Router advertises presence and parameters
Type 135	Neighbor Solicitation (NS)	Discover link-layer address, verify reachability
Type 136	Neighbor Advertisement (NA)	Respond to NS or announce changes
Type 137	Redirect	Inform better next-hop router

Neighbor Discovery Characteristics

📋 ND Message Properties:

• Uses ICMPv6 messages (not ARP like IPv4)
• Originated from link-local address
• Hop Limit = 255 (ensures messages stay on local link)
• Packet structure: IPv6 Header + ICMPv6 Header + ND Header + ND Options

Router Solicitation and Advertisement

Router Solicitation (RS)

Hosts send Router Solicitation to discover routers on the local link:

Router Solicitation Details:

ICMPv6 Type: 133
Source: Link-local address or unspecified address (::)
Destination: FF02::2 (all routers multicast address)
Purpose: Inquire about presence of routers on the link
When sent: During boot/startup or when network connection established

Router Advertisement (RA)

Routers respond with Router Advertisement containing configuration information:

Router Advertisement Details:

ICMPv6 Type: 134
Source: Router's link-local address (FE80::/10)
Destination: FF02::1 (all nodes) or unicast to requesting host
Contains:
- Network prefix
- Prefix lifetime
- Autoconfiguration flag
- Default gateway information
- MTU options
- Other network parameters

Router Solicitation and Advertisement Process

✅ Step-by-Step Process:

1. Router Solicitation (Host → Routers):
ICMP Type = 133 (RS)
Source = Link-local address (FE80::/10)
Destination = All-routers multicast (FF02::2)
Query = "Please send Router Advertisement"

2. Router Advertisement (Router → Hosts):
ICMP Type = 134 (RA)
Source = Link-local address (FE80::/10)
Destination = All-nodes multicast (FF02::1)
Data = Options, subnet prefix, lifetime, autoconfig flag

💡 Unsolicited Router Advertisements: Routers also send periodic unsolicited Router Advertisements (typically every 200 seconds) to ensure all nodes have current network information without having to explicitly request it.

Neighbor Solicitation and Advertisement

Neighbor Solicitation (NS)

Neighbor Solicitation serves multiple purposes in IPv6:

Neighbor Solicitation Uses:

1. Address Resolution (like ARP in IPv4)
- Discover link-layer address of IPv6 neighbor
- Destination: Solicited-node multicast address

2. Reachability Verification
- Verify neighbor is still reachable
- Destination: Unicast address

3. Duplicate Address Detection (DAD)
- Ensure address uniqueness before using
- Source: Unspecified address (::)
- Destination: Solicited-node multicast

Neighbor Solicitation Details

NS Message Structure:

ICMPv6 Type: 135
Source Address:
- Unicast address (for address resolution/reachability)
- :: (unspecified) for DAD
Destination Address:
- Solicited-node multicast (for address resolution/DAD)
- Unicast address (for reachability)
Layer 2 Destination:
- Multicast MAC (for address resolution)
- Unicast MAC (for reachability)

Neighbor Advertisement (NA)

Neighbor Advertisement is sent in response to Neighbor Solicitation or to announce changes:

Neighbor Advertisement Details:

ICMPv6 Type: 136
Sent in response to: Neighbor Solicitation
Also sent to: Inform neighbors of link-layer address change
Contains: Link-layer address, flags, target address

Neighbor Solicitation and Advertisement Process

✅ Address Resolution Example:

Neighbor Solicitation (Host A → Solicited-node multicast):
ICMP Type = 135
Source = A's IPv6 address
Destination = Solicited-node multicast of B
Data = A's link-layer address
Query = "What is your link-layer address?"

Neighbor Advertisement (Host B → Host A):
ICMP Type = 136
Source = B's IPv6 address
Destination = A's IPv6 address
Data = B's link-layer address
Result = A and B can now exchange packets on this link

Redirect Messages

ICMPv6 Redirect

Redirect messages inform hosts about better routing paths:

Redirect Message Details:

ICMPv6 Type: 137 (Redirect)
Source: Router's link-local address
Destination: Host's unicast address
Purpose: Signal reroute of packets to a better router
Data: Target address (better router), destination address, options

Redirect Example Scenario

💡 Redirect Process:

Network: 3FFE:B00:C18:2::/64
Routers: R1, R2
Host: A (default gateway = R2)
Destination: B (better reached via R1)

1. Host A sends packet to B via R2 (default gateway)
2. R2 receives packet, sees R1 is better next-hop
3. R2 forwards packet to R1
4. R2 sends Redirect to A: "Use R1 for this destination"
5. Host A updates routing cache
6. Future packets to B go directly via R1

Hexadecimal Notation Practice

Understanding Hexadecimal Notation

IPv6 addresses use hexadecimal notation. Let's understand the conversion process:

Example Address Breakdown:

IPv6: 2001:0000:0000:0C21:0000:0000:0000:4C22

Binary representation:
2001: 0010 0000 0000 0001
0000: 0000 0000 0000 0000
0000: 0000 0000 0000 0000
0C21: 0000 1100 0010 0001
0000: 0000 0000 0000 0000
0000: 0000 0000 0000 0000
0000: 0000 0000 0000 0000
4C22: 0100 1100 0010 0010

Shorthand Notation Rules

IPv6 Shorthand Methods

IPv6 addresses can be shortened using two rules:

✅ Compression Rules:

Rule 1: Leading Zeros
Remove leading zeros from each 16-bit block

2001:0000:0000:0C21:0000:0000:0000:4C22
2001:0:0:C21:0:0:0:4C22

Rule 2: Consecutive Zeros (::)
Replace consecutive blocks of zeros with double colon (once only)

Option 1: 2001:0:0:C21::4C22
Option 2: 2001::C21:0:0:0:4C22

Incorrect Shorthand Notation

❌ Common Mistake:

2001:0000:0000:0C21:0000:0000:0000:4C22
2001::C21::4C22 ← INVALID!

Why? Using :: twice creates ambiguity. How many zero groups are missing? The system cannot determine the correct expansion.

Mixed Notation with URL

IPv6 in URLs:

https://[2001:0:0:C21::4C22]:7878/webpage.html

Components:
[ ] = Square brackets enclose IPv6 address
:7878 = Optional port ID
/webpage.html = URL path

Interface ID Creation Methods

Interface ID Summary

IPv6 interface identifiers can be created using several methods:

Method	Description	RFC
EUI-64	Built from MAC address using Modified EUI-64 format	RFC 4291
Privacy Extensions	Random interface ID that changes over time	RFC 4941
Manual	Manually configured by administrator	-
DHCPv6	Assigned by DHCP server	RFC 8415
PPP	Assigned during PPP connection establishment	-
CGA	Cryptographic generation for security	RFC 3972

Interface ID from MAC Address (EUI-64)

Conversion Process:

Step 1: IEEE 48-Bit MAC Address
00:18:71:74:4F:00
Company ID | Manufacturer Data

Step 2: Expand to EUI-64 (insert 0xFFFE)
00:18:71:FF:FE:74:4F:00

Step 3: Invert the Global/Local Bit (7th bit)
00 (00000000) → 02 (00000010)
02:18:71:FF:FE:74:4F:00

Step 4: Format as Interface ID
0218:71FF:FE74:4F00

IPv6 Prefix Summary

Understanding Prefixes

IPv6 prefixes work similarly to CIDR notation in IPv4:

📋 Prefix Representation:

• Global and site-specific routing prefixes
• Variable-length network addressing
• Prefix-length metric (similar to subnet mask)

Prefix Examples

Common Prefix Formats:

2001::/16 (Large allocation)
2400:0000::/19 (Regional Internet Registry)
260C:0000::/22 (ISP allocation)
2001:EA5::/48 (Customer site)

Key Takeaways

🎯 IPv6 Protocol and Neighbor Discovery:

• ✅ IPv6 header is simplified and fixed at 40 bytes
• ✅ Extension headers provide extensibility without complexity
• ✅ Flow Label enables efficient QoS without deep inspection
• ✅ Neighbor Discovery replaces ARP, ICMP Router Discovery, and Redirect
• ✅ Five ICMPv6 message types handle all neighbor operations
• ✅ Router Advertisements enable stateless autoconfiguration
• ✅ Solicited-node multicast provides efficient address resolution
• ✅ Interface IDs can be generated multiple ways (EUI-64, privacy, manual)
• ✅ Prefixes use slash notation similar to CIDR
• ✅ All ND messages use link-local addresses with hop limit 255

What's Next?

With Neighbor Discovery and protocol features mastered, explore:

• IPv6 Routing Protocols - RIPng, OSPFv3, EIGRP for IPv6
• DHCPv6 - Stateful address assignment and configuration
• IPv6 Security - SEND, RA Guard, IPsec implementation
• Transition Mechanisms - Dual-stack, tunneling, translation
• Mobile IPv6 - Mobility support and handover
• IPv6 Deployment - Enterprise implementation strategies

💡 Lab Exercise: Set up a network with two hosts and one router. Capture Neighbor Discovery messages using Wireshark to see Router Advertisements, Neighbor Solicitations, and Neighbor Advertisements in action. Observe how autoconfiguration works without manual intervention!

Master IPv6 Neighbor Discovery! Understanding how devices discover neighbors, routers, and network parameters is essential for troubleshooting and deploying IPv6 networks successfully.