WOLF-LAB沃尔夫网络实验室中国网络精英的发源地!
24小时咨询热线:173-1636-2402

技术文档

Technical documentation

您当前位置: 首页 > 技术文档 > 详情

HCIE Datacom考试大纲技术分享ICMPV6高级特性-DAD详解

发布日期:2022-06-17 浏览次数:2175 来源:崔志鹏

HCIE Datacom考试大纲技术分享ICMPV6高级特性-DAD详解

HCIE Datacom考试咨询可联系WOLFLAB网站客服

图片 1.png

IPV4的网络里使用免费ARP或者无故ARP对地址做重复性检测,假设AR1的g0/0/0接口配置了1.1.12.1,此时AR1就会发送一个免费ARP的报文,来请求1.1.12.1的MAC地址,如果收到ARP reply,说明地址冲突:

Frame 27: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface -, id 0

Ethernet II, Src: HuaweiTe_e6:7d:3f (00:e0:fc:e6:7d:3f), Dst: Broadcast (ff:ff:ff:ff:ff:ff)

Address Resolution Protocol (ARP Announcement)

    Hardware type: Ethernet (1)

    Protocol type: IPv4 (0x0800)

    Hardware size: 6

    Protocol size: 4

    Opcode: request (1)

    [Is gratuitous: True]

    [Is announcement: True]

    Sender MAC address: HuaweiTe_e6:7d:3f (00:e0:fc:e6:7d:3f)

    Sender IP address: 1.1.12.1

    Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)

    Target IP address: 1.1.12.1

此时在AR2的g0/0/0接口也配置一个IPV4地址,此时AR2设备上就会弹出告警消息,表示地址是冲突的;

图片 1.png

图片 1.png

IPV6网络当中:

①重复地址检测DAD需要确保在一个二层网络内无两个相同的单播地址;

②接口上所有的单播地址都需要做DAD;

③使用NS和NA报文完成DAD;

 

原理:

第一步:现在在AR1的g0/0/0接口上配置地址FE80::1和2001:12::1两个单播地址,这两个地址配置上之后还不能用,称为实验地址(TEN),

             也就是还没有通过重复地址检测后的地址;

interface GigabitEthernet0/0/0

 shutdown

 ipv6 enable

 ipv6 address 2001:12::1/64

 ipv6 address FE80::1 link-local

[AR1]dis ipv6 interface GigabitEthernet 0/0/0

GigabitEthernet0/0/0 current state : Administratively DOWN

IPv6 protocol current state : DOWN

IPv6 is enabled, link-local address is FE80::1 [TENTATIVE]

  Global unicast address(es):

    2001:12::1, subnet is 2001:12::/64 [TENTATIVE]

  Joined group address(es):

    FF02::1:FF00:1

    FF02::2

    FF02::1

  MTU is 1500 bytes

  ND DAD is enabled, number of DAD attempts: 1

  ND reachable time is 30000 milliseconds

  ND retransmit interval is 1000 milliseconds

  Hosts use stateless autoconfig for addresses

-----------------------------------------------------------------------------

第二步:将g0/0/0接口undo shutdown后,AR1就会发送两个NS报文,进行DAD;

第一个NS:

Frame 1: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface -, id 0

Ethernet II, Src: HuaweiTe_c8:32:0b (00:e0:fc:c8:32:0b), Dst: IPv6mcast_ff:00:00:01 (33:33:ff:00:00:01)

Internet Protocol Version 6, Src: ::, Dst: ff02::1:ff00:1

Internet Control Message Protocol v6

    Type: Neighbor Solicitation (135)

    Code: 0

    Checksum: 0x7c25 [correct]

    [Checksum Status: Good]

    Reserved: 00000000

    Target Address: fe80::1

第二个NS:

Frame 2: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface -, id 0

Ethernet II, Src: HuaweiTe_c8:32:0b (00:e0:fc:c8:32:0b), Dst: IPv6mcast_ff:00:00:01 (33:33:ff:00:00:01)

Internet Protocol Version 6, Src: ::, Dst: ff02::1:ff00:1

Internet Control Message Protocol v6

    Type: Neighbor Solicitation (135)

    Code: 0

    Checksum: 0x5a93 [correct]

    [Checksum Status: Good]

    Reserved: 00000000

    Target Address: 2001:12::1

 

注意:

①NS报文里面携带的就是自己接口的地址,link-local地址和全球单播地址都要DAD;

②如果我收到NA报文表明地址冲突;

③NS报文的SIP为::,DIP为接口地址对应的被请求节点组播地址;

-----------------------------------------------------------------------------

第三步:假设AR2的g0/0/0接口link-local为FE80::2,全球单播地址配置的跟AR1冲突了2001:12::1,此时观察现象;

interface GigabitEthernet0/0/0

 ipv6 enable

 ipv6 address 2001:12::1/64

 ipv6 address FE80::2 link-local

此时R2也会发送两个NS报文,针对接口上的两个地址做DAD:

第一个:

Frame 3: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface -, id 0

Ethernet II, Src: HuaweiTe_16:21:1f (00:e0:fc:16:21:1f), Dst: IPv6mcast_ff:00:00:02 (33:33:ff:00:00:02)

Internet Protocol Version 6, Src: ::, Dst: ff02::1:ff00:2

Internet Control Message Protocol v6

    Type: Neighbor Solicitation (135)

    Code: 0

    Checksum: 0x7c23 [correct]

    [Checksum Status: Good]

    Reserved: 00000000

    Target Address: fe80::2

第二个:

Frame 4: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface -, id 0

Ethernet II, Src: HuaweiTe_16:21:1f (00:e0:fc:16:21:1f), Dst: IPv6mcast_ff:00:00:01 (33:33:ff:00:00:01)

Internet Protocol Version 6, Src: ::, Dst: ff02::1:ff00:1

Internet Control Message Protocol v6

    Type: Neighbor Solicitation (135)

    Code: 0

    Checksum: 0x5a93 [correct]

    [Checksum Status: Good]

    Reserved: 00000000

    Target Address: 2001:12::1

-----------------------------------------------------------------------------

第四步:AR1收到后,发现有人请求2001:12::1的mac地址,AR1就会回复NA报文,AR2收到后就知道自己的接口地址2001:12::1是冲突的了

Frame 5: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface -, id 0

Ethernet II, Src: HuaweiTe_c8:32:0b (00:e0:fc:c8:32:0b), Dst: IPv6mcast_01 (33:33:00:00:00:01)

Internet Protocol Version 6, Src: 2001:12::1, Dst: ff02::1

Internet Control Message Protocol v6

    Type: Neighbor Advertisement (136)

    Code: 0

    Checksum: 0x66c3 [correct]

    [Checksum Status: Good]

    Flags: 0xa0000000, Router, Override

        1... .... .... .... .... .... .... .... = Router: Set

        .0.. .... .... .... .... .... .... .... = Solicited: Not set

        ..1. .... .... .... .... .... .... .... = Override: Set

        ...0 0000 0000 0000 0000 0000 0000 0000 = Reserved: 0

    Target Address: 2001:12::1

    ICMPv6 Option (Target link-layer address : 00:e0:fc:c8:32:0b)

        Type: Target link-layer address (2)

        Length: 1 (8 bytes)

        Link-layer address: HuaweiTe_c8:32:0b (00:e0:fc:c8:32:0b)

 

注意:

①收到DAD的NS报文,回复的NA报文里面S=0;

②NA报文的SIP:2001:12::1 DIP:ff02::1,所有的节点都能收到;

-----------------------------------------------------------------------------

第五步:AR2收到AR1回复的NA报文后就知道自己接口的2001:12::1是冲突的

[AR2]dis ipv6 interface GigabitEthernet 0/0/0

GigabitEthernet0/0/0 current state : UP

IPv6 protocol current state : UP

IPv6 is enabled, link-local address is FE80::2

  Global unicast address(es):

    2001:12::1, subnet is 2001:12::/64 [DUPLICATE]

  Joined group address(es):

    FF02::1:FF00:1

    FF02::2

    FF02::1

    FF02::1:FF00:2

  MTU is 1500 bytes

  ND DAD is enabled, number of DAD attempts: 1

  ND reachable time is 30000 milliseconds

  ND retransmit interval is 1000 milliseconds

  Hosts use stateless autoconfig for addresses

[AR1]dis ipv6 interface GigabitEthernet 0/0/0

GigabitEthernet0/0/0 current state : UP

IPv6 protocol current state : UP

IPv6 is enabled, link-local address is FE80::1

  Global unicast address(es):

    2001:12::1, subnet is 2001:12::/64

  Joined group address(es):

    FF02::1:FF00:1

    FF02::2

    FF02::1

  MTU is 1500 bytes

  ND DAD is enabled, number of DAD attempts: 1

  ND reachable time is 30000 milliseconds

  ND retransmit interval is 1000 milliseconds

  Hosts use stateless autoconfig for addresses

HCIE Datacom考试学习,联系WOLFLAB预约免费试听。

返回目录
在线咨询