ND Proxy Example
In the following topology, A and B are nodes on separate segments which are connected by proxy P.
•
A and B have link-layer addresses a and b, respectively.
•
P has link-layer addresses p1 and p2 on the two segments.
A---|---P---|---B
a p1 p2 b
When A attempts to send an initial IPv6 packet to B, the following actions occur:
•
Route look up for destination address
B
is executed on
A
. Before the packet can be sent,
A
needs to resolve
B
's link-layer
address and sends a Neighbor Solicitation (NS) to the solicited-node multicast address for
B
. The Source Link-Layer Address
(SLLA) option in the solicitation contains
A
's link-layer address.
•
P
receives the solicitation (since it is receiving all link-layer multicast packets) and processes it. Since it is an NS, it creates a
neighbor entry for
A
on interface 1, and records its link-layer address. It also creates a neighbor entry for
B
(on an arbitrary proxy
interface) in the
INCOMPLETE
state. Since the packet is multicast,
P
then needs to proxy the NS out on all other proxy
interfaces on the subnet. Before sending the packet out on interface 2, it replaces the link-layer address in the SLLA option with
its own link-layer address of
p2
.
•
B
receives this NS, processing it as usual. A neighbor entry for
A
is created and mapped to the link-layer address
p2
. In
response, a Neighbor Advertisement (NA) is sent to
A
containing
B
's link-layer address
b
. The NA is sent using
A
's neighbor
entry, i.e. to the link-layer address
p2
.
•
The NA is received by
P
, which is processed as would occur with any unicast packet; i.e. the NA is forwarded out of interface 1,
based on the neighbor cache. However, before actually sending the packet out, it is inspected to determine if the packet about
to be sent is one that requires proxying. Since it is an NA, it updates its neighbor entry for
B
to be
REACHABLE
and records the
link-layer address
b
.
P
then replaces the link-layer address in the LLA option with its own link-layer address on the outgoing
interface,
p1
. The packet is then sent out on interface 1.
•
When
A
receives this NA, it is processed as usual. Hence a neighbor entry is created for
B
on interface 1 in the
REACHABLE
state, and the link-layer address
p1
is recorded.
IPv6 ND Proxy Configuration Tasks
The IPv6 ND Proxy is configured through the tasks of turning on the proxy capability for the node (
ipv6 nd proxy
), and defining the IPv6
destination network (
ipv6 route
). This configuration requires defining the outgoing interface as
ethernet
(with the
slot
or
port
), or
ve
(with
the
ve-id
).
The commands for this configuration task are introduced at the configuration command level, and used to configure ipv6 static route by
specifying the destination prefix and outgoing interface. As per the topology mentioned in the packet flow if the proxy is configured on
R2, this static route can be configured on R1 with a destination prefix of 2002::/64. The static route can also be configured
ve
as an
outgoing interface.
IPv6 ND Proxy
Brocade NetIron MLXe Series Hardware Installation Guide
53-1004203-04
237
Summary of Contents for NetIron MLXe Series
Page 8: ...Brocade NetIron MLXe Series Hardware Installation Guide 8 53 1004203 04...
Page 12: ...Brocade NetIron MLXe Series Hardware Installation Guide 12 53 1004203 04...
Page 20: ...Brocade NetIron MLXe Series Hardware Installation Guide 20 53 1004203 04...
Page 192: ...Brocade NetIron MLXe Series Hardware Installation Guide 192 53 1004203 04...
Page 270: ...Brocade NetIron MLXe Series Hardware Installation Guide 270 53 1004203 04...
Page 286: ...Brocade NetIron MLXe Series Hardware Installation Guide 286 53 1004203 04...
Page 292: ...Brocade NetIron MLXe Series Hardware Installation Guide 292 53 1004203 04...