Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
IPv6: Neighbor Discovery Protocol (NDP)
As defined in RFC 2461 of IETF, the Neighbor Discovery is a key protocol of IPv6. Neighbor Discovery Protocol is an umbrella that defines these mechanisms:
Subsitute of ARP – Since ARP has been removed in IPv6, IPv6 follows a newer way to find the link-layer addresses of nodes on the local link. This new mechanism uses a mix of ICMPv6 messages and multicast addresses.
Stateless Auto-Configuration - This mechanism allows nodes on the local link to configure their IPv6 addresses by themselves by using a mix of ICMPv6 messages and multicast addresses.
Router Redirection - The router sends ICMPv6 messages to an IPv6 node to inform it of the presence of a better router address on the same local link to reach a destination network.
Neighbour Discovery (ND) is for end hosts predominately, whereas routers themselves advertise gateway capabilities via Router Advertisements (RA). This mechanism rely on ICMPv6 Type 133 and 134. NS/ND’s can be triggered with pings when using routers.
Table 1-A: ICMPv6 Messages Defined For NDP
Name of Message
Router Solicitation (RS)
Router Advertisement (RA)
Neighbor Solicitation (NS)
Neighbor Advertisement (NA)
The table 1-A, shows the ICMPv6 messages that are used by NDP mechanisms. ARP subsitution uses neighbor solicitation (ICMPv6 Type 135) and neighbor advertisement (ICMPv6 Type 136) messages. Prefix advertisemnet and prefix renumbering use router solicitaion (ICMPv6 Type 133) and router advertisement (ICMPv6 Type 134) messages. DAD uses neighbor solicitation. Router redirection uses redirect messages (ICMPv6 137).
Table 1-B: ICMPv6 Messages Used by NDP Mechanisms
ICMPv6 Type 133
ICMPv6 Type 134
ICMPv6 Type 135
ICMPv6 Type 136
ICMPv6 Type 137
Replacement Of ARP
On Cisco devices, parameters of NDP and the mechanisms under it's umbrella are controlled by using the ipv6 nd command.
Multicast Address and ICMPV6 Addresses used by NDP for replacing ARP
How Neighbor Solicitation & Neighbor Advertisement Works
This section describes in detail how neighbor solicitation messages, neighbor advertisement messages, and solicited-node multicast addresses are used in IPv6 to replace ARP. Then, Cisco IOS Software commands related to neighbor solicitation and neighbor advertisement are explained.
Following is the neighbor discovery process (refer Figure A)
Using the address FEC0::1:0:0:1 :A, node A wants to deliver packets to destination node B using the IPv6 address FEC0::1 :0:0:1 :B on the same local link. However, node A does not know node B's link-layer address. Node A sends an ICMPv6 Type 1 35 message (neighbor solicitation) on the local link using its site-local address FEC0::1:0:0:1:A as the IPv6 source address, the solicited-node multicast address FF02::1 :FF01:B corresponding to the target address FEC0::1 :0:0:1 :B as the destination IPv6 address, and the source link-layer address 00:50:3e:e4:4c:00 of the sender, node A, as data of the ICMPv6 message. The source link-layer address of this frame is the link-layer address 00:50:3e:e4:4c:00 of node A. The destination link-layer address 33:33:FF:01 :00:0B of this frame uses multicast mapping of the destination IPv6 address FF02::1 :FF01 :B.
Node B, which is listening to the local link for multicast addresses, intercepts the neighbor solicitation message because the destination IPv6 address FF02::1:FF01:B represents the solicited-node multicast address corresponding to its IPv6 address FEC0::1:0:0:1:B.
Node B replies by sending a neighbor advertisement message using its site-local address FEC0::1 :0:0:1 :B as the IPv6 source address and the site-local address FEC0::1 :0:0:1 :A as the destination IPv6 address. It also includes its link-layer address 00:50:3e:e4:4b:01 in the ICMPv6 message. After receiving neighbor solicitation and neighbor advertisement messages, node A and node B know each other's link-layer addresses.
Learned link-layer addresses are kept in a neighbor discovery table (neighbor cache). Therefore, the nodes can communicate on the local link. The neighbor solicitation message is also used by nodes to verify the reachability of neighbor nodes in the neighbor discovery table (neighbor cache). However, the unicast addresses of the neighbor nodes are used as destination IPv6 addresses in ICMPv6 messages instead of solicited-node multicast addresses in this situation. It is possible for a node that changes its link-layer address to inform all other neighbor nodes on the local link by sending a neighbor advertisement message using the all-nodes multicast address FF02::1 . The neighbor discovery table of the nodes on the local link is updated with the new linklayer address.
Router#show ipv6 neighbors
IPv6 Address Age Link-layer Addr State Interface
FE80::221:A0FF:FEC1:3D80 0 0021.a0c1.3d80 REACH Gi0/1.1
2607:F3B0:252:6::1 0 0021.a0c1.3d80 REACH Gi0/1.1
Here is another example of WireShark Capture from Router R1 (Fa0/0) interface, explaining Neighbour Discovery.
Two Routers R1 and R2 are connected via interface FastEthernet 0/0.