Login
Login

Neighbor Discovery Protocol

{{short description|Protocol in the Internet protocol suite used with IPv6}}

{{Infobox networking protocol

| title = Neighbor Discovery Protocol

| logo =

| logo alt =

| image = ICMP header - General-en.svg

| image alt =

| caption = When defining its messages, NDP follows ICMPv6 message format.

| is stack =

| purpose = Auxiliary protocol for IPv6

| developer = Internet Engineering Task Force

| date = {{Start date and age|1996|03}}

| based on =

| influenced =

| osilayer = Network layer

| ports =

| rfcs = * RFC 1970

  • RFC 2461
  • RFC 4861

| hardware =

}}

The Neighbor Discovery Protocol (NDP), or simply Neighbor Discovery (ND), is a protocol of the Internet protocol suite used with Internet Protocol Version 6 (IPv6).{{Ref RFC|4861|rsection=1}} It operates at the internet layer of the Internet model,{{Ref RFC|1122}} and is responsible for gathering various information required for network communication, including the configuration of local connections and the domain name servers and gateways.

The protocol defines five ICMPv6 packet types to perform functions for IPv6 similar to the Address Resolution Protocol (ARP) and Internet Control Message Protocol (ICMP) Router Discovery and Router Redirect protocols for IPv4. It provides many improvements over its IPv4 counterparts.{{Ref RFC|4861|rsection=3.1}} For example, it includes Neighbor Unreachability Detection (NUD), thus improving robustness of packet delivery in the presence of failing routers or links, or mobile nodes.

The Inverse Neighbor Discovery (IND) protocol extension allows nodes to determine and advertise an IPv6 address corresponding to a given link-layer address, similar to Inverse ARP for IPv4.{{Ref RFC|3122}}

The Secure Neighbor Discovery Protocol (SEND), a security extension of NDP, uses Cryptographically Generated Addresses (CGA) and the Resource Public Key Infrastructure (RPKI) to provide an alternative mechanism for securing NDP with a cryptographic method that is independent of IPsec. Neighbor Discovery Proxy (ND Proxy) provides a service similar to IPv4 Proxy ARP and allows bridging multiple network segments within a single subnet prefix when bridging cannot be done at the link layer.{{Ref RFC|4389}}

{{IPstack}}

Functions

NDP defines five ICMPv6 packet types for the purpose of router solicitation, router advertisement, neighbor solicitation, neighbor advertisement, and network redirects.

;Router Solicitation (Type 133): Hosts inquire with Router Solicitation messages to locate routers on an attached link.{{Ref RFC|4861|rsection=3}} Routers which forward packets not addressed to them generate Router Advertisements immediately upon receipt of this message rather than at their next scheduled time.

;Router Advertisement (Type 134): Routers advertise their presence together with various link and Internet parameters either periodically, or in response to a Router Solicitation message.

;Neighbor Solicitation (Type 135): Neighbor solicitations are used by nodes to determine the link-layer address of a neighbor, or to verify that a neighbor is still reachable via a cached link-layer address.

;Neighbor Advertisement (Type 136): Neighbor advertisements are used by nodes to respond to a Neighbor Solicitation message, or unsolicited to provide new information quickly.

;Redirect (Type 137): Routers may inform hosts of a better first-hop router for a destination.

These messages are used to provide the following functionality:

  • Router discovery: hosts can locate routers residing on attached links.
  • Prefix discovery: hosts can discover address prefixes that are on-link for attached links.
  • Parameter discovery: hosts can find link parameters (e.g., MTU).
  • Address autoconfiguration: optional stateless configuration of addresses of network interfaces (see {{section link|IPv6|Stateless address autoconfiguration (SLAAC)}} and {{section link|IPv6 address|Stateless address autoconfiguration}}).
  • Address resolution: mapping between IP addresses and link-layer addresses.
  • Next-hop determination: hosts can find next-hop routers for a destination.
  • Neighbor unreachability detection (NUD): determine that a neighbor is no longer reachable on the link.
  • Duplicate address detection (DAD): nodes can check whether an address is already in use.
  • Recursive DNS Server (RDNSS) and DNS Search List (DNSSL) assignment via a router advertisement (RA) options.{{Ref RFC|8106}} This is a proposed standard since 2010{{Ref RFC|6106}} and updated in March 2017, but not supported by all clients.{{Citation needed|date=October 2024}}
  • Packet redirection to provide a better next-hop route for certain destinations.

IANA maintains a list of all current NDP options as they are published.{{cite web | url = https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-5 | title = IPv6 Neighbor Discovery Option Formats | work = Internet Control Message Protocol version 6 (ICMPv6) Parameters | publisher = Internet Assigned Numbers Authority | access-date = 2017-12-16 | date = 2017-12-05 }}

Example

Two computers, A and B are connected to the same local area network with no intervening gateway or router. A has a packet to send to IP address {{IPaddr|2001:db8::55}} which happens to be the address of B.

Before sending the packet to B, A creates a solicited-node multicast address by appending the least-significant 24 bits of B's address to the prefix {{IPaddr|ff02::1:ff00:0|104}}, which is {{IPaddr|ff02::1:ff00:55}} and creates a solicited-node multicast MAC address by appending the least-significant 24 bits of B's solicited-node multicast address to the prefix 33:33:FF:xx:xx:xx,{{Cite web |title=IPv6 Real-Time Usage of IEEE 802.16: Problem Statement |url=https://www.ietf.org/proceedings/65/slides/16ng-3/sld5.htm |access-date=2023-09-22 |website=www.ietf.org}} which is {{MACaddr|33:33:FF:00:00:55}}. A sends a neighbor solicitation message requesting an answer for {{IPaddr|2001:db8::55}} (destination {{IPaddr|ff02::1:ff00:55}} IP address and destination {{MACaddr|33:33:FF:00:00:55}} MAC address), which is accepted by B which is listening on its own solicited-node multicast address on the local network. B responds with a neighbor advertisement message containing its MAC and IP addresses. A receives the response and sends the packet on the link with B's MAC address.

Typically, network nodes maintain a lookup cache that associates IP and MAC addressees. In this example, if A had the lookup cached, then it would not need to broadcast the NDP request. Also, when B received the request, it could cache the lookup to A so that if B needs to send a packet to A later, it does not need to use NDP to lookup its MAC address. Finally, when A receives the NDP response, it can cache the lookup for future messages addressed to the same IP address.

Messages formats

Router Solicitation Message-en.svg|Router Solicitation Message

Router Advertisement Message-en.svg|Router Advertisement Message

Neighbor Solicitation Message-en.svg|Neighbor Solicitation Message

Neighbor Advertisement Message-en.svg|Neighbor Advertisement Message

Redirect Message-en.svg|Redirect Message

See also

  • {{Annotated link|NDPMon}}
  • {{Annotated link|radvd}}

References

{{reflist}}

{{IPv6}}

Category:Computer-related introductions in 1996

Category:Internet protocols

Category:Internet Standards

Category:IPv6

Category:Link protocols