Neighbor status changes
- Triggering the action of finding the neighbor list will create an empty entry (empty)
- Send a request (incomplete), wait for the other party to reply NA, if the reply (Reachable)
- It can be used normally if it is reachable. It can only be used for 30s. If used, the time will be refreshed.
- If it is not used, it will enter the stale state after 30 seconds.
- When communicating again, it will enter the delayed state, send NS messages out, and enter the reachable state if it responds
- If there is no answer in the delayed state for five seconds, then it will enter the probing state and send 3 probes. If it replies, it will enter the reachable state. If there is no reply, it will enter the empty state.
Most are in obsolete condition
Duplicate Address Detection DAD
Use message NS NA
Similar to the previous free ARP, when there is an IP address under the interface, the status of this address is a tentative address (test address), and the interface cannot be used at this time.
If there is a conflict in the address configuration, the status of the address is duplicate.
IPV6 address stateless automatic configuration
SLAAC, stateless autoconfiguration
DHCP, stateful auto-configuration (state refers to the lease period)
Route discovery message: RA (route advertisement function), RS (route request function)
The PC is connected to the network, and the network card wants to obtain an address. The PC actively sends an RS message. After receiving the RS message, the router replies with an RA message (including the address prefix), and the computer generates an interface ID based on EUI-64. Adding the network prefix forms an address
When a router can send RA messages, it will periodically send RA messages to the network and periodically advertise the network prefix.
The router actively sends RA messages out (router discovery)
The PC sent an RS and the router responded an RA (stateless automatic configuration)
ipv6 int g0/0/0 ipv6 enable ipv6 address 2000::1 64 undo ipv6 nd ra halt //Turn off RA message suppression function
When the PC sends the RS message, it uses the source address local link address and sends it to the destination address FF02::2 (representing all three-layer devices)
Address lifetime
Optimization stage: You can use the address to actively send messages to the outside, and you can also use this address to receive messages.
Objection stage: You cannot actively use this address to send out messages, but you can use this address to receive messages.
The process of the host obtaining the prefix and other parameters
Ignore the prefix sent by RA when the following conditions exist:
- AUTO in the RA message option is not set
- The prefix is duplicated with an existing address prefix (including link-local address)
- The preferred lifetime time in the RA message option is greater than the valid lifetime time
- The sum of the prefix length and the interface ID length is not equal to 128 bits
FLAG field in RA message
Cur hop limit, when the PC uses the address assigned by the router to access the outside world, the TTL value needs to be consistent with the cur hop limit.
M bit, default is 0 (stateless address allocation), if it is 1, then the address allocated by dhcp needs to be used
ipv6 nd autoconfig managed-address-flag
O bit, there are other messages that need to be delivered
Router Lifetime, the time that this device can be used as a gateway is sent out.
On-Link, after getting the address, this prefix will not be used to generate the address.
ipv6 nd ra prefix 2001:: 64 2592000 60482 off link
Bit A, is this address online?
Redirect functionality
The gateway can reply with a redirect message, so that the PC can forward the traffic without giving it to the gateway (B) first.
It is not safe because it is easy for hackers to send redirect messages to achieve man-in-the-middle attacks.
PMTU function
The intermediate device cannot fragment, reads the source address in the packet, sends a message to the originating device (what is the maximum MTU I support, who am I) and discards the packet
At this time, the originating device can detect the maximum supported MTU of the entire link. When sending again in the future, it can only fragment on the originating device.
OSPF V3
OSPF V3 cannot use network mode to activate interfaces
dis ipv6 ip routing
Static routing
ipv6 route-static 2001:2::2 128 2001::2
ipv6 route-static 2001:2::2 128 g0/0/0 FE80::2E0:FCFF:FE45:5F07 ping ipv6 FE80::2E0:FCFF:FE45:5F07 -i g0/0/0 //ping link-local address
OSPF
The protocol number is still 89, and the RID is still a 32-bit unsigned integer (in IPv6, the RID must be configured manually)
If you run OSPF V2 and OSPF V3, it is called dual stack.
The impact of IPV6 on OSPFV3
Type 1 and Type 2 are now only used to draw topology (the concept of pseudo-nodes still exists), and the addresses under the interface are accessed in the form of hanging leaves. The next hop points to the link-local address. Global unicast addresses are all hanging leaves and are no longer based on network segments.
The similarities between OSPFV3 and OSPFV2
- Network type and interface type
- Interface state machine and neighbor state machine
- Link state database
- Flooding mechanism
- Five kinds of messages
- The routing calculation is basically the same
The differences between OSPFV3 and OSPFV2
Changes in authentication (put in the header of the IP)
There is no packet authentication field in the header of the message, and the security mechanism of IPV6 can be used directly. OSPFv3 also has its own authentication, which is at the end of the hello message.
Three authentication methods: interface>area>process (priority order)
- There is no packet authentication field in the header of the message, and the security mechanism of IPV6 can be used directly. OSPFv3 also has its own authentication, which is at the end of the hello message.
Link-based operation (V2 is based on network segment operation)
OSPF neighbors can be established using only link-local addresses
Use link-local addresses
Use the link local address as the source address for sending packets
On a virtual connection, a global address or a site-local address must be used as the source address of OSPFV3 protocol packets.
The link supports multiple instance reuse (previously, an interface could only belong to one process)
The message carries the instance ID. Neighbors can be established only if the instance IDs are the same (the instance ID is in the HELLO message)
Neighborhoods can be successfully established only if the instances are the same.
Use RID as the unique identifier of the neighbor (in the past, pseudo nodes were identified by IP)
STUB area support
Differences in messages
Head
Differences in Option fields
LSAs vary in type and content
LSA header
LS TYPE head becomes longer
U bit, what to do when receiving an unrecognized LAS?
If it is 1, the LSA is flooded, and the flooding range is identified by S2/21.
LS Type needs to be converted to binary number to view
Link State ID
LSA types are different
Category 1 and Category 2 no longer describe network information, only topology information, and network information is described in the form of leaves.
Router LSA
For now, only the connection relationships are described. For example, who am I, what is my RID, what device with the RID is connected, and what is the interface number used.
dis ospfv3 lsdb
ls age, survival time
ls type, type of lsa
ls id, makes no sense
originating routrer, which device generated it
interface ID, the interface of your own device
neighbor interface ID, the interface to which the neighbor is connected
neighbor router id, neighbor’s RID
It is a 3.3.3.3 device and is connected to a pseudo node using the 0x3 interface. The pseudo node is generated by 3.3.3.3.
dis ospfv3 lsdb network
The pseudo node connects 1.1.1.1 and 2.2.2.2
In this way, the topology map can be calculated using category 1 and category 2.
Changes in Network LSA
OSPFv3’s network-lsa has a regional flooding scope, generated by DR. Its Link State ID is the Interface ID of the DR, and the mask field in OSPFv2 is canceled, so it no longer contains prefix information, but only describes the topology connection.
Add LIink-LSA
It is a new LSA type added to OSPFV3. It has a link flooding range and is used to describe the link-local address of the interface.
- Advertise the link-local address to other routers on the link as their next hop address
- Advertise all IPV6 prefixes on the local link to other routers on the link
- Provide Options value for DR on broadcast network and NBMA network
Rtr Pri: The priority of this router on this link
Options: Describes the capabilities of this route
link local interface address: The local link address of the interface, used for next hop calculation of routing
prefix: the number of prefixes contained
The link-local address and prefix information are announced, so that all addresses on the link know each other’s link-local address and routing prefix information.
Intra-Area-Prefix-LSA
The flood range is within the area and is mainly used for dependent functions
Each router or Transit network can generate multiple Intra-area-prefix-lsa
dis ospfv3 lsdb intra-prefix
Draw a topological diagram for Category 1 and Category 2
Class 8 addresses describe each other’s link-local address and unicast address information prefixes on the link.
DR can collect all prefix information on the link. After collecting it, it will generate type 9 flooding (intra-area flooding), so that devices on other links can know which router needs to go to the destination address first. (Attachment to Category 2, describing public information)
The loopback address does not belong to the link, and the DR cannot collect this address. Now the device advertises it by itself, and advertises the loopback address through category 9. (Dependent on a category)