Technical documentation
发布日期:2022-06-17 浏览次数:2175 来源:崔志鹏
HCIE Datacom考试大纲技术分享ICMPV6高级特性-DAD详解
HCIE Datacom考试咨询可联系WOLFLAB网站客服
IPV4的网络里使用免费ARP或者无故ARP对地址做重复性检测,假设AR1的g0/0/0接口配置了1.1.12.1,此时AR1就会发送一个免费ARP的报文,来请求1.1.12.1的MAC地址,如果收到ARP reply,说明地址冲突:
Frame 27: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface -, id 0
Ethernet II, Src: HuaweiTe_e6:7d:3f (00:e0:fc:e6:7d:3f), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (ARP Announcement)
Hardware type: Ethernet (1)
Protocol type: IPv4 (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (1)
[Is gratuitous: True]
[Is announcement: True]
Sender MAC address: HuaweiTe_e6:7d:3f (00:e0:fc:e6:7d:3f)
Sender IP address: 1.1.12.1
Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
Target IP address: 1.1.12.1
此时在AR2的g0/0/0接口也配置一个IPV4地址,此时AR2设备上就会弹出告警消息,表示地址是冲突的;
IPV6网络当中:
①重复地址检测DAD需要确保在一个二层网络内无两个相同的单播地址;
②接口上所有的单播地址都需要做DAD;
③使用NS和NA报文完成DAD;
原理:
第一步:现在在AR1的g0/0/0接口上配置地址FE80::1和2001:12::1两个单播地址,这两个地址配置上之后还不能用,称为实验地址(TEN),
也就是还没有通过重复地址检测后的地址;
interface GigabitEthernet0/0/0
shutdown
ipv6 enable
ipv6 address 2001:12::1/64
ipv6 address FE80::1 link-local
[AR1]dis ipv6 interface GigabitEthernet 0/0/0
GigabitEthernet0/0/0 current state : Administratively DOWN
IPv6 protocol current state : DOWN
IPv6 is enabled, link-local address is FE80::1 [TENTATIVE]
Global unicast address(es):
2001:12::1, subnet is 2001:12::/64 [TENTATIVE]
Joined group address(es):
FF02::1:FF00:1
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
-----------------------------------------------------------------------------
第二步:将g0/0/0接口undo shutdown后,AR1就会发送两个NS报文,进行DAD;
第一个NS:
Frame 1: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface -, id 0
Ethernet II, Src: HuaweiTe_c8:32:0b (00:e0:fc:c8:32:0b), Dst: IPv6mcast_ff:00:00:01 (33:33:ff:00:00:01)
Internet Protocol Version 6, Src: ::, Dst: ff02::1:ff00:1
Internet Control Message Protocol v6
Type: Neighbor Solicitation (135)
Code: 0
Checksum: 0x7c25 [correct]
[Checksum Status: Good]
Reserved: 00000000
Target Address: fe80::1
第二个NS:
Frame 2: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface -, id 0
Ethernet II, Src: HuaweiTe_c8:32:0b (00:e0:fc:c8:32:0b), Dst: IPv6mcast_ff:00:00:01 (33:33:ff:00:00:01)
Internet Protocol Version 6, Src: ::, Dst: ff02::1:ff00:1
Internet Control Message Protocol v6
Type: Neighbor Solicitation (135)
Code: 0
Checksum: 0x5a93 [correct]
[Checksum Status: Good]
Reserved: 00000000
Target Address: 2001:12::1
注意:
①NS报文里面携带的就是自己接口的地址,link-local地址和全球单播地址都要DAD;
②如果我收到NA报文表明地址冲突;
③NS报文的SIP为::,DIP为接口地址对应的被请求节点组播地址;
-----------------------------------------------------------------------------
第三步:假设AR2的g0/0/0接口link-local为FE80::2,全球单播地址配置的跟AR1冲突了2001:12::1,此时观察现象;
interface GigabitEthernet0/0/0
ipv6 enable
ipv6 address 2001:12::1/64
ipv6 address FE80::2 link-local
此时R2也会发送两个NS报文,针对接口上的两个地址做DAD:
第一个:
Frame 3: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface -, id 0
Ethernet II, Src: HuaweiTe_16:21:1f (00:e0:fc:16:21:1f), Dst: IPv6mcast_ff:00:00:02 (33:33:ff:00:00:02)
Internet Protocol Version 6, Src: ::, Dst: ff02::1:ff00:2
Internet Control Message Protocol v6
Type: Neighbor Solicitation (135)
Code: 0
Checksum: 0x7c23 [correct]
[Checksum Status: Good]
Reserved: 00000000
Target Address: fe80::2
第二个:
Frame 4: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface -, id 0
Ethernet II, Src: HuaweiTe_16:21:1f (00:e0:fc:16:21:1f), Dst: IPv6mcast_ff:00:00:01 (33:33:ff:00:00:01)
Internet Protocol Version 6, Src: ::, Dst: ff02::1:ff00:1
Internet Control Message Protocol v6
Type: Neighbor Solicitation (135)
Code: 0
Checksum: 0x5a93 [correct]
[Checksum Status: Good]
Reserved: 00000000
Target Address: 2001:12::1
-----------------------------------------------------------------------------
第四步:AR1收到后,发现有人请求2001:12::1的mac地址,AR1就会回复NA报文,AR2收到后就知道自己的接口地址2001:12::1是冲突的了
Frame 5: 86 bytes on wire (688 bits), 86 bytes captured (688 bits) on interface -, id 0
Ethernet II, Src: HuaweiTe_c8:32:0b (00:e0:fc:c8:32:0b), Dst: IPv6mcast_01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: 2001:12::1, Dst: ff02::1
Internet Control Message Protocol v6
Type: Neighbor Advertisement (136)
Code: 0
Checksum: 0x66c3 [correct]
[Checksum Status: Good]
Flags: 0xa0000000, Router, Override
1... .... .... .... .... .... .... .... = Router: Set
.0.. .... .... .... .... .... .... .... = Solicited: Not set
..1. .... .... .... .... .... .... .... = Override: Set
...0 0000 0000 0000 0000 0000 0000 0000 = Reserved: 0
Target Address: 2001:12::1
ICMPv6 Option (Target link-layer address : 00:e0:fc:c8:32:0b)
Type: Target link-layer address (2)
Length: 1 (8 bytes)
Link-layer address: HuaweiTe_c8:32:0b (00:e0:fc:c8:32:0b)
注意:
①收到DAD的NS报文,回复的NA报文里面S=0;
②NA报文的SIP:2001:12::1 DIP:ff02::1,所有的节点都能收到;
-----------------------------------------------------------------------------
第五步:AR2收到AR1回复的NA报文后就知道自己接口的2001:12::1是冲突的
[AR2]dis ipv6 interface GigabitEthernet 0/0/0
GigabitEthernet0/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2
Global unicast address(es):
2001:12::1, subnet is 2001:12::/64 [DUPLICATE]
Joined group address(es):
FF02::1:FF00:1
FF02::2
FF02::1
FF02::1:FF00:2
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
[AR1]dis ipv6 interface GigabitEthernet 0/0/0
GigabitEthernet0/0/0 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::1
Global unicast address(es):
2001:12::1, subnet is 2001:12::/64
Joined group address(es):
FF02::1:FF00:1
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
HCIE Datacom考试学习,联系WOLFLAB预约免费试听。