How Does ICMP Work in IPv6? - A Practical Demonstration

ICMP version 6, as an integral part of IPv6, provides a single comprehensive solution for the different network functions, which are usually performed by many different protocols in IPv4 like ARP, IGMP, ICMPv4 Router Discovery, ICMPv4 Redirect, etc.

As a protocol IPv6 also makes a best effort to deliver the packet.

IPv6 is a connectionless and unreliable in its nature.

• Connectionless means that-- it does not establish a connection before the transfer of the data.
• Unreliable means, during the delivery of packet if the packet does not get delivered to the destination, whatsoever is the reason, it will not inform the source regarding the failure of the delivery. Because it does not have any such mechanism in its structure.

Actually it is Transmission Control Protocol (TCP), the upper transport-layer protocol which performs the function of connection-oriented & reliable data transmission between the source, and the destination.

If the packet is lost in the way, TCP attempts again to transfer the packet and TCP also acknowledges after the successfully delivery.

But how will we come to know--If there is some trouble in-between the source and the destination?

It is exactly the point where ICMPv6 comes to rescue us, because it alone can perform many functions which are usually performed by many different protocols in IPv4, e.g., ARP, IGMP, ICMPv4 Router Discovery, ICMPv4 Redirect, etc.

The most critical function of ICMPv6 is to provide the ‘diagnostic information’ and to report errors with different types of messages.

With the help of error messages, we can identify what might be the reason of the un-successful delivery of the packets. That’s why we will discuss here in detail, about Error Messages as well as Neighbor Discovery function in ICMPv6

ICMPv6 Messages

The single protocol ICMPv6 offers a bundle of multiple functions, such as:

• Error reporting in packet processing.
• Diagnostic activities.
• Neighbor Discovery Process.
• IPv6 multicast membership report, etc

In the packet format of ICMPv6, there are 4-fields: Type, Code, Checksum and Data.

The type field provides the information regarding the type of message.

ICMPv6 performs its functions by 255-different types of messages, which can be divided into 2-broad categories:

1. Error messages
2. Information messages

The message types from 0 to 127 are typical error messages, whereas messages types from 128 to 255 are informational messages. Here is a sample of some message types with their meanings.

Neighbor Discovery in ICMPv6

There are three types of IP addresses in IPv6: Unicast, Multicast, and Anycast. There is no broadcast address in IPv6. All the processes which were handled by broadcast in IPv4, are done by the Multicast in IPv6. This understanding of Multicast brings our attention to neighbor discovery process in IPv6.

When we enable IPv6 on an interface of host or router, it becomes the member of certain multicast group. The multicast group membership depends upon which protocol(s) is running on it.

In the following table, we can see –how does a host or router or device become the member of a specific multicast group, according to the protocol applied on that host or router.

• When we apply IPv6 addresses, All the devices such as routers, switches, firewalls, and hosts join the multicast group FF02::1 and they will also become the member of FF02::1:FF00:0000/104, which is Solicited-node multicast addresses group.
• When we enable the IPv6 routing on a router, then router also joins the FF02::2 group.
• When we implement OSPF on a router, then router also joins the FF02::5 group. And if the router will be DR, then this router also joins the FF02::6 group.
• When we enable the RIP on a router, then router also joins the FF02::9 group.
• When we enable the EIGRP on a router, then router also joins the FF02::A group.
• When we apply DHCP service or Relay agent service on any device, it will become the member of FF02::1:2.

These addresses of multicast groups, play a very crucial role in the ICMPv6 neighbor discovery.

There are 5-types of messages used in neighbor discovery:

1. Router Solicitation Message
2. Router Advertisement Message
3. Neighbor Solicitation Message
4. Neighbor Advertisement Message
5. Redirect message

Router Solicitation and Router Advertisement messages are used in case of IPv6 dynamic address allocation. Router also send Router Advertisement message periodically at the interval of 200 seconds.

Neighbor Solicitation and Neighbor Advertisement messages are used for address resolution (IPv6 address to MAC address), which is similar to IPv4 ARP Request and ARP Reply messages.

Neighbor Discovery Between Router And Host

The router and the host are the member of multicast group FF02::1. The router become the member of FF02::2, after implementing the 'IPv6 routing' on the it. So the router will be the member of both the multicast groups.

In a simple scenario, a PC is connected with router via switch, and IPv6 addresses are enabled on both the devices and IPv6 routing (with the command at global mode- IPv6 unicast-routing) is also running on the router.

The PC1, wants to communicate with router on that network. In IPv6 there is not broadcast address, so the IPv6 address to MAC address resolution process in IPv6 is different as compare to the IPv4. In IPv4 ARP (Address Resolution Protocol), works for getting the MAC address of the destination device on the network.  You may like to know more about -- How Does Address Resolution Protocol (ARP) Work? - A Demonstration.  

In IPv6, the devices use Router Solicitation and Router Advertisement messages, for IPv6 address to MAC address resolution. The PC1 sends a Router Solicitation message on the network as a request and the router R1 send a Router Advertisement as a reply.

Let me take the opportunity to explain you some confusing concepts regarding these 'Neighbor Discovery' message, because these made me confused when I was learning about the ICMPv6.

I will present you the step-by-step process of 'Neighbor Discovery' here. I’ve used GNS3 and WireShark for this lab. If GNS3 and WireShark are new to you, you can follow the instructions to setup the lab of ICMPv6: How to use WireShark in GNS3? A Step-by-step Demonstration. It is very easy to setup.

Step 1

Design the topology, assign the IPv6 addresses and enable the routing on router.

IPv6 address on R1 is 2001::1/64 and IPv6 address on PC1 is 2001::10/64.

In IPv6, Link-Local address plays a very important role. It is very easy to calculate the link-local address.

As we know each Ethernet interface has a MAC address, and we need to note down that MAC address.

MAC address of R1 is CC01.2020.0000
MAC on the PC is CC02.237C.0000

I will take the MAC address of PC and will show you--how can we calculate the link-local address from that.

The link-local address always starts from FE80 and to complete it we will use the MAC address of PC, e.g.

• Take the MAC address of PC, i.e., CC02.237C.0000
• Divide the MAC address into two parts.
  CC02.23 (first part) and 7C.0000 (second part)
• Take first two hexa-decimal number from left side of the first part of MAC address and convert into binary:
  CC (Hexa decimal) = 11001100 (binary)
• Take the 7th bit from left of this binary number, if it is 0 then convert to 1, or if it is 1 then convert it to 0.
• Now the new binary value is 11001110. We need to convert the new binary into the hexa decimal value, that will be CE.
• Now the first part of becomes CE02.23
• Insert FFFE between these two parts, e.g., Part1+FFFE+Part2

CE02:23FF:FE7C:0000

• Add the FF80 to the beginning of it:

FE80::Part1+FFFE+Part2
FE80::CE02:23FF:FE7C:0000 or
FE80::CE02:23FF:FE7C:0

It is our Link-Local Address of PC. In this way we can calculate the link-local address of any device.

Step 2

Start the network protocol analyzer, I used 'Wireshark' on the interface which is connected on router R1 for analyzing the traffic.

Step 3

From PC1 run the command ping 2001::1 and be sure you are able to communicate with the router, if not then troubleshoot the problem first.

Step 4

The working process of ICMPv6 is similar to the ICMP in IPv4, but IPv6 use neighbor discovery with multicast address and IPv4 use ARP with broadcast address.

In our topology source device is PC (2001::1) and the destination is R1 (2001::2). Before proceeding with the ICMPv6, the PC which is a source device will check its Neighbor Cache (in IPv4 it is ARP Cache), regarding the MAC address of the destination IPv6 address.

If PC does not find that entry in the Neighbor Cache Table, then PC sends a Neighbor Solicitation message on that link. Then the destination device (R1) send the reply as a Neighbor Advertisement message to the requesting device (PC).

After receiving the MAC of the destination device (R1), that information is entered into the Neighbor Cache. Then the PC will send ICMPv6 request to that destination R1 and the R1 will send the ICMPv6 reply to PC.

It looks very simple, but behind this simple process a lot of things are happening. We will analyze little bit deeper inside the packets, which we have captured by Wireshark (refer to Step-2).

Step 5

ICMPv6 does not use broadcast, with this statement a question pops up in my mind--How ICMPv6 is working without broadcast?

I have captured only IPv6 packets and we will use some packets as a sample. Let us observe packet number 54-57, for an example.

The packet number 54, is a Neighbor Solicitation (NS).

What exactly it is and why it required?

Observe the following graphic. In the Ethernet section the source MAC is cc:02:23:7c:00:00 and the destination IPv6 multicast address is 33:33:ff:00:00:01. We know about the source MAC address but how it is calculating this destination’s MAC address.

Step 6

Destination device R1 received the Neighbor Solicitation and it sends a Neighbor Advertisement reply to the PC, we can see the packet number 55.

After receiving the Neighbor Advertisement packet, PC will make an entry in its Neighbor Cache Table.

Step 7

Now the PC has the MAC address of the R1, it will send the ICMP request to R1 and the R1 will send the reply to PC. ICMPv6 request and reply use unicast address. The Neighbor Solicitation and Neighbor Advertisement messages provide the MAC Address of the destination device.

In case of IPv4, the ARP uses layer 2 broadcast address, due to this broadcast address every node receives that message and they all need to process it. But in case of IPv6, it uses Neighbor Discovery, which use layer 2 multicast address. That layer 2 multicast address belongs to only a specific node, in this way only the particular node will receive it.

Don't you think that ICMPv6 makes the IPv6 far more efficient than IPv4?

What is your opinion about Error & Information messages delivered by ICMP v6?  How the dignostic capabilities of ICMP can be further extended or enhanced?

Please share you insights about Neighbor Discovery in IPv6 also with the us.

You may like to share the article with your friends, contacts on social-media, e.g., Facebook, Linkedin, Twitter etc, who might be interested in knowing more about IPv6 or sharing their insights with us.

 Thanks