IPv6 On-Link Determination
What Is It And Why Do We Need It?
When an IPv4/IPv6 host wants to send a packet to another host, it has to answer the following simple questions:
- Can I reach the destination IP address directly (is the destination on the same LAN/subnet)?
- If not, who will help me forward the packet (who is the first-hop router)?
In IPv4 world, the host can get all the information it needs through DHCP. In IPv6 world, things are way more complex (but also way more correct if you’re a theoretician).
The Magic of the Subnet Mask
In the IPv4 world, the host gets the answer to the first question with a simple logical AND operation. To figure out if the destination address is in the same subnet, the IPv4 host ANDs its own and the destination IP address with the subnet mask. If (SourceAddr & SubnetMask == DestinationAddr & SubnetMask), the host can send the packet directly to the destination address (assuming it has the destination’s MAC address in its ARP cache).
If the destination IPv4 address is not in the same subnet, the IPv4 host sends the packet to the first-hop router (sometimes called default gateway for historical reasons).
An IPv4 host thus needs two parameters: subnet mask and first-hop router’s IPv4 address. Both can be configured manually or passed to the host through DHCP.
Situation is a bit different when an IPv4 host uses PPP. PPP connection assumes subnet mask of 255.255.255.255 (no other host is on the same subnet); the default gateway is replaced with an interface default route (a static route without an IPv4 next hop pointing to an interface).
The Many Wonders of the IPv6 World
In the IPv6 world, IPv6 hosts have to listen to router advertisement (RA) messages sent by the adjacent routers to get the required parameters:
- Source IPv6 address of an RA message is assumed to be a router. If the lifetime advertised in the RA message is not zero, that router can be used as the first-hop router, and the IPv6 host installs a default route to that IPv6 address.
- The prefix length of IPv6 prefixes is advertised by the routers in prefix information option of RA messages.
Every router might advertise numerous prefixes in RA messages (IPv6 works perfectly well with numerous IPv6 prefixes on the same LAN/L2 subnet), but only those that have the L bit set can be used for on-link determination.
In the end, an IPv6 host could have information about numerous on-link IPv6 prefixes (prefixes that are present on the same LAN/link as the IPv6 host). When a host wants to figure out whether it can send an IPv6 packet directly to the destination address, it has to go through the list of all IPv6 prefixes known to be on the outgoing interface and check whether the destination IPv6 address belongs to one of them. If it does, the packet can be sent directly, otherwise the packet is sent toward the link-local address of one of the routers.
More information
If you want to know more, you MUST read RFC 5942 (IPv6 Subnet Model: The Relationship between Links and Subnet Prefixes) and you SHOULD read RFC 4943. You might also be interested in how things work in mobile world, in which case read RFC 6459 (IPv6 in 3GPP EPS) and RFC 7066 (IPv6 for 3GPP Cellular Hosts).
Finally (you know I have to mention that) you can watch the Building Large IPv6 Service Provider Networks webinar (available with yearly subscription).
Great article again on IPv6.
I was wandering can you write an article about IPv6 and auto-summary command for both IGPs but also BGP.
Thanks,
Laf!
This was great, thanks a lot. I am enlightened.
just to clarify - it is sent in sequence towards the link-local address of the router that the first RA message was received by the host, followed by the 2nd RA's router, 3rd RA's router, and so on.
There's no retrying. If the router is dead, RA lifetime and/or ND should detect that, if the packet is sent to the wrong router, the router can send back ICMPv6 Redirect.
The host receives one IPv6 address, using the prefix sent by the router and its EUI-64 portion. Why is this happening if I have not configured the sending of RA messages on the router yet? I have been reading the theory but it doesn't make much sense to me when compared to what I witness on the machines. Any guidance will be helpful.
If the on-link is working, then why IPv6 requires neighbor discovery in this case. The First Hop router will always gives u the On-link ( Same LAN prefixes ) to reach . So then why need host should send Neighbor discovery .
IP to MAC. But On -link is just knowing IP address,
What is the equivalent of On-link in IPV4. Is there anything present.
This mostly works with "ipv6 nd ra-interval" set to 5, but since failover is driven by the client it is a bit unpredictable.
It works nicely if you 'shutdown' an interface on one of the routers since that seems to revoke the router advertisement. If you hard reload a router it may or may not fail over nicely.
The worst failover time I saw was around 40 seconds, but I know much of that was ospf figuring out the new return path. To properly test this I should set it up both with and without hsrp and see what the difference is.
But in general it does seem to work.
http://packetlife.net/blog/2011/apr/18/ipv6-neighbor-discovery-high-availability/
Thank you for your simple and easy but great articles.
David.
Thank you for your simple and easy but great articles.