27 Aralık 2018 Perşembe

Neighbor Discovery Protocol - NDP

Giriş
Neighbor Discovery Protocol (NDP) IPv6 ile geliyor. RFC 4861 ile tanımlı. ARP ve daha başka protokollerin (örneğin Duplicate Address Detection) birleştirilmiş hali gibi düşünülebilir. Açıklaması şöyle
The Neighbor Discovery Protocol (NDP, ND) is a protocol in the Internet protocol suite used with Internet Protocol Version 6 (IPv6). It operates at the Link Layer of the Internet model (RFC 1122), and is responsible for gathering various information required for internet communication, including the configuration of local connections and the domain name servers and gateways used to communicate with more distant systems. 
Bu protokol için neden komşu ismi seçilmiş bilmiyorum. Bence yanlış isimlendirme olmuş.
NDP güvenli olmak için ilave işler de yapıyor. NDP iletişim için ICMPv6 kullanıyor.

Neighbor Cache
Açıklaması şöyle
IPv6 doesn't use ARP, so there isn't an ARP cache. IPv6 uses ND, and a host maintains a Neighbor Cache and a Destination Cache, among others.

ICMP Mesajı
ICMP mesajının yapısı şöyle.
struct icmpv6header {
  unsigned char type;
  unsigned char code;
  unsigned short int chk_sum;
  unsigned int body; 
};
body alanı çeşitli yapılar olabilir. Yapının ne olduğu type alanına göre belirlenir.
type alanının sahip olabileceği bazı değerler şöyle
ND_ROUTER_SOLICIT = 133
ND_ROUTER_ADVERT = 134
ND_NEIGHBOR_SOLICIT = 135
ND_NEIGHBOR_ADVERT = 136
ND_NEIGHBOR_REDIRECT = 137
Neighbor Solicitation ICMP Message Nedir
Solicitation talep, istek anlamına gelir. Sorgu yapmak isteyen "Neighbor Solicitation ICMP Message" mesajını Solicated Node Multicast grubuna gönderir. Böylece sadece gruptaki bilgisayarlar tetiklenir. ARP'taki gibi tüm bilgisayarlar dürtülmez.Cevap veren ise "Neighbor Advertisement ICMP message" ile cevap verir.

"Target Address" alanına sorgulanmak istenen IPv6 numarası yazılır.
ICMPv6 Option altındaki "Link-layer address" alanında ise kendi MAC adresim yazılıdır.

Neighbor Solicitation ICMP mesajı "link-local multicast" olarak gönderilir. Açıklaması şöyle
The NDP provides two message types that are of interest here: Neighbor Solicitation and Neighbor Advertisement. A node that wants to learn a link-layer address for a particular IP address sends a Neighbor Solicitation to the link-local solicited-node multicast address - there is no broadcast for IPv6 any more.

For example, if the address in question is 2001:db8::0011:2233:4455:6677, then the solicited-node multicast address is ff02::1:ff55:6677, and the ethernet multicast address is 33:33:ff:55:66:77. All nodes with an address ending on *55:6677 belong to that multicast group and will listen to that - this is most likely only the target system itself. The Neighbor Solicitation contains also the unicast IPv6 addresses and the MAC address of the soliciting system.

On receipt, the target node answers with its Neighbor Advertisement, which is sent to the unicast address (link layer and IPv6) of the soliciting node. Thus, the soliciting node learns the MAC-address of the target node.
Router Solicitation ICMP Mesajı Nedir
Bir bilgisayar router'ı bulmak için "Router Solicitation" (RA) mesajı gönderir. Router ise "Router Advertisement" (RA) mesajı ile cevap verir.


Solicited Node Multicast Nedir
IPv6'da broadcast olmadığı için mesajlar multicast olarak gönderilir. Her bilgisayar bir "Solicited Node multicast" grubuna katılır. Açıklaması şöyle
Each IPv6 interface must subscribe to a solicited-node multicast address for each IPv6 unicast or anycast address configured on the interface. These solicited-node multicast addresses are based on the IPv6 unicast or anycast addresses, so, in all likelihood, the resolution request only interrupts the one host with that IPv6 address, or possibly a very few hosts. This is a better solution than ARP.
RFC 4861, Neighbor Discovery for IP version 6 (IPv6)'deki açıklama şöyle
Nodes accomplish address resolution by multicasting a Neighbor Solicitation that asks the target node to return its link-layer address. Neighbor Solicitation messages are multicast to the solicited-node multicast address of the target address. The target returns its link-layer address in a unicast Neighbor Advertisement message. A single request-response pair of packets is sufficient for both the initiator and the target to resolve each other's link-layer addresses; the initiator includes its link-layer address in the Neighbor Solicitation.
Solicited Node Multicast Adresi Nasıl Oluşturulur
IPv6 adresinin son 24 biti kullanılarak oluşturulur. Bir ethernet arayüzü birden fazla IPv6 adresi alabildiği için birden fazla gruba katılım olabilir. RFC 4291, IP Version 6 Addressing Architecture, Section 2.7.1. Pre-Defined Multicast Addresses'deki açıklama şöyle
Solicited-Node multicast address are computed as a function of a node's unicast and anycast addresses. A Solicited-Node multicast address is formed by taking the low-order 24 bits of an address (unicast or anycast) and appending those bits to the prefix FF02:0:0:0:0:1:FF00::/104 resulting in a multicast address in the range
FF02:0:0:0:0:1:FF00:0000
to
FF02:0:0:0:0:1:FFFF:FFFF
For example, the Solicited-Node multicast address corresponding to the IPv6 address 4037::01:800:200E:8C6C is FF02::1:FF0E:8C6C. IPv6 addresses that differ only in the high-order bits (e.g., due to multiple high-order prefixes associated with different aggregations) will map to the same Solicited-Node address, thereby reducing the number of multicast addresses a node must join.
A node is required to compute and join (on the appropriate interface) the associated Solicited-Node multicast addresses for all unicast and anycast addresses that have been configured for the node's interfaces (manually or automatically).
Ethernet Packeti
Açıklaması şöyle
To create an IPv6 layer-2 multicast address from an IPv6 layer-3 multicast address you simply use 33-33 and append the last 32-bits of the IPv6 layer-3 multicast address. This gives you a lot more layer-2 multicast addresses than IPv4 has because IPv4 only uses 23 bits of the layer-3 multicast address in the layer-2 multicast address.
RFC 2464, Transmission of IPv6 Packets over Ethernet Networks'deki açıklaması şöyle
  1. Address Mapping -- Multicast
An IPv6 packet with a multicast destination address DST, consisting of the sixteen octets DST1through DST[16], is transmitted to the Ethernet multicast address whose first two octets are the value 3333 hexadecimal and whose last four octets are the last four octets of DST.
              +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              |0 0 1 1 0 0 1 1|0 0 1 1 0 0 1 1|
              +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              |   DST[13]     |   DST[14]     |
              +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
              |   DST[15]     |   DST[16]     |
              +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
RFC 7042, IANA Considerations and IETF Protocol and Documentation Usage for IEEE 802 Parameters, Section 2.3.1. Identifiers Prefixed "33-33" yazısında açıklaması şöyle
2.3.1. Identifiers Prefixed "33-33"
All MAC-48 multicast identifiers prefixed "33-33" (that is, the 2**32 multicast MAC identifiers in the range from 33-33-00-00-00-00 to 33-33-FF-FF-FF-FF) are used as specified in [RFC2464] for IPv6 multicast. In all of these identifiers, the Group bit (the bottom bit of the first octet) is on, as is required to work properly with existing hardware as a multicast identifier. They also have the Local bit on and are used for this purpose in IPv6 networks.
(Historical note: It was the custom during IPv6 design to use "3" for unknown or example values, and 3333 Coyote Hill Road, Palo Alto, California, is the address of PARC (Palo Alto Research Center, formerly "Xerox PARC"). Ethernet was originally specified by the Digital Equipment Corporation, Intel Corporation, and Xerox Corporation. The pre-IEEE [802.3] Ethernet protocol has sometimes been known as "DIX" Ethernet from the first letters of the names of these companies.)
Cisco
Cisco cihazlarda IPv6 Discovery Cache tablosunu görmek için şöyle yaparız.
show ipv6 neighbors
IPv6 Address                              Age Link-layer Addr State Interface
FE80::222:8303:4977:5A95                    0 0022.8377.5a95  REACH Gi0/0/1.841
Duplicate Address Detection
Açıklaması şöyle
When a interface takes an IPv6 address it does the DAD mechanism. A NS will be sent to the multicast address "solicited node multicast group address". If there is another interface in this multicast group it won't take this address.
Açıklaması şöyle
Neighbor Solicitation and Advertisement messages are also used for Duplicate Address Detection as specified by [ADDRCONF]. In particular, Duplicate Address Detection sends Neighbor Solicitation messages with an unspecified source address targeting its own "tentative" address. Such messages trigger nodes already using the address to respond with a multicast Neighbor Advertisement indicating that the address is in use.

Hiç yorum yok:

Yorum Gönder