DAD with IPv6 - explanation in the book not accurate??

here is a good one (i think)... the book says that DAD is done by pinging its own solicited node mcast address (SMA) as generated from its ipv6 address. 

So I've done an experiment where on the same link, the two ipv6 addreses would basically generate the same SMA. I then enabled nd debugging and to my surprise DAD still passed, which is good. Though it does tell me the explanation in the book is not 100% accurate.

what do you think? Am i missing something here?

 

Comments

  • what do you think? Am i missing something here?

    This is explanation from Cisco Documentation:

    Node sends a neighbor solicitation message with an unspecified source address and a tentative link-local address in the body of the message. If another node is already using that address, the node returns a neighbor advertisement message that contains the tentative link-local address. If another node is simultaneously verifying the uniqueness of the same address, that node also returns a neighbor solicitation message. If no neighbor advertisement messages are received in response to the neighbor solicitation message and no neighbor solicitation messages are received from other nodes that are attempting to verify the same tentative address, the node that sent the original neighbor solicitation message considers the tentative link-local address to be unique and assigns the address to the interface.

    I hope it is clear now.

  • I would also recommend to go through the RFC for this feature, it is very useful:

    http://www.ietf.org/rfc/rfc4429.txt

  • Hello,

    I think your 2 ipv6 addresses donot match exactly even though they join same solicited node multicast address. That is why DAD is passing. The Neighbor solicitation (NS)has IPv6 destination address as solicited node multicast address in IPv6 header but at ICMPv6 layer this will get dropped as traget address in NS doesnot match with its IPv6 address.

    Regards,

    Dinesh

  • Thanks but I got bit lost in your explanation ... I think the key thing that I'm trying to say is about the destination address - i.e., to verify the uniquness of this address, a NS message is set to, quoting, "its own autoconfigured address's coreresponding solicited-node multicast address."

    Then if anyone replies saying "i've got that IP" then the address is not unique. But for someone to reply, they need to get the question first! So who gets the question? Only hosts that would have the same solicited-node multicast address and not necessarily all hosts on the local link.

    So my dilema here is, that naturally, it could happen that, a node with duplicate IPv6 address exists on the network but it would not get the question and therefore, it won't answer.

  • I will read the RFC as I'm surely missing something here ...

  • So my dilema here is, that naturally, it could happen that, a node with duplicate IPv6 address exists on the network but it would not get the question and therefore, it won't answer.

    Why would it not receive the "question" ? If it has the same IPv6 address, then it will have the same solicited-node multicast address, and so it will receive the question, and respond accordingly.

  • After putting it down on paper, I figured my thinking was wrong!

    thanks all

  • After putting it down on paper, I figured my thinking was wrong!

    I really recommend IPv6 documentation at Cisco.com, go through this about more commands, concepts et al...

Sign In or Register to comment.