ARP, IPv4, IPv6, Neighbour Solicitation

Hi, welcome to class. My name is Don LaFond, Professor Don, and this week we are in Cisco One. We are learning about Module 9, Address Resolution. I'm going to go ahead and start my presentation. If you have any questions about this content and you are watching inside of our classroom, please ask your questions inside the Help Discussion Forum. If you are watching... as a recording live with me ask at the end and if it's a recording on youtube uh just ask inside of our uh in the comments down below and i will be happy to help you answer the questions that you ask you should see my powerpoint now let me go ahead and configure my side and we are now ready here we go The objective is to explain how ARP and Neighbor Discovery, ND, enable communications on a network. We're going to compare the roles of the MAC address and the IP address. We talked about the MAC address last week. Hopefully that isn't too foggy. Hopefully that'll be maybe today will be a little bit clearer if it is foggy. We're going to describe the purpose of ARP, Address Resolution Protocol. will describe the operation of ipv6 neighbor discovery nd mac and ip now this should not be new because last week we spent a lot of time talking about that there are two primary addresses assigned to a device on an on an ethernet LAN there's a layer layer to physical address that is embedded in your nix It's a MAC address. We talked about it in Module 7. If you're not familiar with MAC addresses, please watch that video. It's used for NIC-to-NIC communications on the same Ethernet network. Layer 3 logical addresses, on the other hand, IP addresses, are used to send packets from the source to the destination on a different network. Actually, it could be the next device. I really shouldn't say that. But it is used to go from your host, the PC you request a website from, to, say, a web server that has that information that's in a different part of the world. Layer 2 addresses are used to deliver frames from one NIC to another NIC on the same network. They're called Layer 2 addressing. And that is your... MAC addresses. That is, in this case, we have PC1 is AAAA. That's a MAC address representation. PC2 is 5555 on the same network. It just goes from one device to another, never has to go out to the router, doesn't really need the IP address until it gets to the destination. And then the destination reads the IP address and says, yep, that's mine. and then it can do something with it. Now when the destination IP address is on a remote network, the destination MAC address is that of the default gateway. ARP is used by IPv4 to associate an IPv4 address of the device with the MAC address of the devices NIC, the both devices NICs or any devices ICMP version 6 doesn't use ARP, it uses Neighbor Discovery. And the way that works is it uses the MAC address of the devices, Nick. We'll discuss that. So in this case, let me zoom in just to make it a little easier to see for you guys. So remember, Layer 2. communication happens from at the Mac layer at layer two and partially layer one. We learned that last week and it goes from Mac to Mac with the Mac addresses changing between devices. Right. So the the PC one, the destination Mac is BBB. Here it is. Sources AAA. But when we get to our one going to our two. the destination would be DDDD, and the source would be BBBB, right? And then here at the next level, it switches to EEE and ultimately gets to PC5. But I want you to notice that all the way along that path. The source IP address for PC1 and the destination IPv4 address for PC2 remains the same. Whether it's IPv4 or IPv6, it remains the same. Review of last week. You're going to do a packet tracer where you are going to gather PDU information for the local and remote network communication. ARP. A device uses ARP to determine the destination MAC address of a local device when it knows its IPv4 address. ARP provides two basic functions. It resolves IPv4 addressing to MAC addresses, and it maintains an ARP table of IPv4 to MAC address mapping. So once it finds it once, then it maintains it for a short period afterwards. So here we see PC1 doesn't know. uh where the where the destination mac address is uh it just has an ip address so what it does is it broadcasts the address uh indicating and two devices indicate hey that's not me in those packets that just dropped one device in this case ipv uh this is pc4 h4 uh receives the packet as a and then it says yep that's me and it sends back the mac address h1 then now has the mac address and then it sends a unicast address to the destination with using that MAC address. To send a frame, a device will search its ARP table for a destination IPv4 address and a corresponding MAC address. If the packet's destination IPv4 address is on the same network, the device will search its ARP table for the destination IP address and then just send it. If the destination IPv4 address is on a different network, the device will search the ARP table for an IPv4 address of the default gateway. If it locates the IPv4 address and the corresponding MAC address, then it sends the packet. If there are no ARP table entries, then it uses the ARP request that we just looked at. And here is a video to show an ARP request. and I don't have that number unfortunately so I need to run it. Here's the video. In this video we're going to see PCA send an ARP request for the MAC address of PCC. PCA has an IP packet with the source IP address of itself 192.168.1.110 and the destination IP address of PCC at 192.168.1.50. So it needs to know what the destination MAC address will be. Because the source and destination IP addresses are on the same network, the destination MAC address will be that of the destination IP address of PCC. at 192.168.1.50. So PCA checks its ARP cache for the IP address 192.168.1.50. Because it is not in its ARP cache, it will put the packet on hold and create an ARP request. The ARP request contains the target IPv4 address. This is the IPv4 address which is known by PCA. and the target MAC address, which is unknown. This is what PCA is wanting to find out. The ARP request is sent as a broadcast, so everybody on the network will need to examine this Ethernet frame and process the ARP request. So PCA sends it to the switch. Because it is a broadcast, the switch will flood it out all ports except for the port that it came in on. PCB receives the broadcast so it must process it and its ARP process examines the ARP request. It compares its own IPv4 address against the target IPv4 address and notices that they are not the same so it doesn't need to send an ARP reply. The router R1 also receives this ARP request. Its ARP process examines its own IPv4 address and compares that against the target IPv4 address and also realizes this is not its IPv4 address so it does not need to send the ARP reply. By the way, routers will not forward ARP requests out of their ports. PCC receives the ARP request, compares its IPv4 address against the target IPv4 address, and notices that it is the intended target of the ARP request, that the target IPv4 address does match its own IPv4 address. So PCC will need to send an ARP reply. Okay, that is the request and that is. We're going to see PCA send an ARP. Now we watch this video. In the previous video we saw an ARP request. from PCA looking for the MAC address of PCC. In this video we will see the ARP reply in response to that ARP request. PCC when it received the ARP request examined the target IPv4 address and compared it against its own IPv4 address and noticed that it was the intended target. So PCC will generate an ARP reply in response to that ARP request. The ARP The ARP reply includes its own IPv4 address and its own MAC address. It is sent to PCA. ARP replies are sent as a unicast, so the destination MAC address is that of PCA. PCA receives the ARP reply in response to its previous ARP request. takes the information the sender ipv4 address and the sender mac address and adds that information to its arp cache pca can now take the packet the original packet destined for pcc take that packet off hold and has the information it needs to send that packet to pcc so it takes the information from the arp cache the mac address and adds that to the Ethernet header as the destination MAC address. PCA can now forward this packet in the proper Ethernet frame onto PCC. And since you love in videos, there's one more here that continues the conversation. PCA as an IP packet, source IP address itself at 192.168.1.110, and destination IP address 10.1.1.10, which is an IP address on a remote network. So the destination MAC address will be that of its default gateway, 192.168.1.1, the router R1 in this case. PCA checks its ARC cache for that. IP address 192.168.1.1 and there's no entry with a MAC address. So it puts the packet on hold and creates an ARP request. The ARP request has the IP address of the router 192.168.1.1 and the target MAC address is unknown. The destination MAC address of an ARP request is a broadcast. So it will be sent to the switch. and the switch will flood it out all ports except for the incoming port pcb receives the ARP request compares its own ipv4 address against the target ipv4 address in the ARP request and notices it is not a match so it is not the intended target pcc receives the ARP request compares its ipv4 address against the target ipv4 address and it is not the intended target either Router R1 receives the ARP request, compares its IPv4 address against the target IPv4 address, and it is indeed a match. It is the target of the ARP request. So, Router R1 will issue an ARP reply in response. It will include its own MAC address, 000d, along with its IPv4 address. The destination MAC address of the ARP replies a unicast directed for PCA. So, it is a destination MAC address of 000A. So PCA receives the ARP reply. PCA, when it receives the ARP reply in response for its ARP request, sees the target IPv4 address and the target MAC address and adds that to its ARP cache. It now has the information it needs to forward the packet which is on hold. So the destination MAC address is now going to be 000d, that of the router R1, its MAC address. And now PCA can forward the frame onto router R1. All right. So hopefully that information is helpful for you to understand how. ARP is used to determine MAC addresses either of a local host or a destination host. And that was helpful for me when I was learning this content. So hopefully it is for you as well. Now, removing entries from an ARP table. Entries in an ARP table are not permanent. and are removed when the ARPCache timer expires. Now that ARP timer can be 15 to 45 seconds based on the type of data, the type of operating system that you are on, a PC or Linux or router and Cisco equipment. And the ARP table entries can also be removed manually by the administrator. uh in uh a router uh to show uh the ARP table the command is show ip arp and then it will uh show you uh what the um connections uh here we have an ip address uh connected to a hardware device a mac address and then here we on a pc the same thing uh here is the physical address of mac address connected to two different ip addresses ARP requests are received and processed by every device on the local network excessive ARP broadcasts can cause some reduction in performance ARP replies can be spoofed by a threat actor to perform an ARP that performs an ARP poisoning attack And enterprise level switches must mitigate or employ mitigation techniques to protect against ARP attacks. So ultimately what happens is you have a threat actor here that is connected to your network and it sends ARP replies to your ARP broadcast. I broadcast out to the network. This guy's on the network. He said, yeah, yeah, yeah, that's me. That's me. Give me the information. And then he can be man in the middle where then he can forward that information on and the person, the other device doesn't even know that he's there. Or there are some other security techniques or anti-security techniques, I guess. um hacking techniques to be able to disrupt the network google are poisoning beyond the scope of this class uh you will do a packet tracer to examine the arp table and this is you'll see or an op request you'll look at a switch mac table and you'll examine the arp process in a remote communication in remote communication now that's ipv4 Now we're going to shift to IPv6 neighbor discovery. And we're going to start with the video. The video will explain the process of how IPv6 performs address resolution using an ICMPv6 neighbor solicitation and neighbor advertisement NS and NA messages. And let me jump to that video. In this video, we will discuss the process of how IPv6 performs address resolution using ICMPv6 neighbor solicitation and neighbor advertisement messages. This is similar to the ARP process used by IPv4, but has certain advantages that we will see in a moment. Host A has a packet to send to host C. Host A is determined that the destination IPv6 address is on the same network as host A. Host A knows the destination IPv6 address, but needs the associated destination MAC address, so it can encapsulate the IPv6 packet in an Ethernet frame to send directly to host C. HostA examines its neighbor cache to see if there is an entry for this destination IPv6 address. Similar to an ARP table, the neighbor cache maps IPv6 addresses to MAC addresses. For simplicity's sake, MAC addresses are shown here as four hex symbols instead of the usual 12. As we can see, there is no MAC entry associated with this IPv6 address. The IPv6 packet is placed on hold. and host A creates an ICMPv6 neighbor solicitation message. This is similar to an ARP request used for IPv4 address resolution. One significant difference is that ARP messages are sent directly over Ethernet. IPv4 is not involved. The IPv6 address resolution process uses ICMPv6, which is then encapsulated in an IPv6 header and then encapsulated in an Ethernet header and trailer. The ICMPv6 neighbor solicitation header includes the target IPv6 address, which is the same destination IPv6 address in the packet that is on hold. The target IPv6 address is mapped to a special IPv6 solicited node multicast address, which is then mapped to a special Ethernet multicast MAC address. This mapping process contains a significant portion of the target IPv6 address. This allows for the Ethernet NICs on each device that receives this frame to determine whether or not to accept and process the frame. This is where we see an advantage of ICMPv6 Neighbor Discovery over ARP for IPv4. Since ARP uses an Ethernet broadcast address, all devices on the local network must at least partially process an ARP request. The ICMPv6 Neighbor Solicitation message is forwarded by Host A and received by the switch. The switch will flood the Ethernet multicast frame out all ports except the incoming port. Host B receives the Ethernet frame. Host B's Ethernet NIC examines the destination MAC address. The Ethernet NIC will accept frames whose destination MAC address matches the MAC address on the NIC, is a broadcast MAC address, or a multicast MAC address that maps to one of its IPv6 addresses. In this case, The multicast MAC address does not match any of these, so HostB's NIC ignores the rest of the frame without having to pass it up to an upper level process to make this determination. Again, this is an advantage over ARP for IPv4. Router R1 receives the frame on its LAN interface. A similar process occurs on R1's interface. The Ethernet NIC ignores the frame because the destination multicast MAC address does not map to any of its IPv6 addresses. ICMPv6 neighbor solicitation messages are not forwarded by the router. This is because the solicited node multicast address in the IPv6 header is sent with link local scope, which tells the router not to forward these packets off the local link or network. Host C receives the ethernet frame. This time The Ethernet multicast MAC address matches a MAC address associated with host C, specifically the one mapped to host C's IPv6 solicited node multicast address. Therefore, host C accepts the frame and passes it up to its IPv6 process and then its ICMPv6 process. The target IPv6 address in the ICMPv6 header matches its own IPv6 global unicast address. So host C knows it is the target of this neighbor solicitation message. Before replying, host C adds the IPv6 and MAC address of host A to its own neighbor cache so it can return a neighbor advertisement message. Host C replies with an ICMPv6 neighbor advertisement message sent as an Ethernet unicast message. directly to Host A. The ICMPv6 header includes Host C's IPv6 address which Host A already knew. and the associated MAC address that Host A was requesting. Host A receives the Ethernet frame, examines the IPv6 address and the MAC address in the ICMPv6 header, and adds it to its neighbor cache. Host A can now take the IPv6 packet off hold. Host A updates the destination MAC address with the address associated with the destination IPv6 address and forwards the frame an IPv6 packet to host C. Note that if the destination IPv6 address was on a different network, this same process would occur to discover the MAC address of the default gateway, which would map to R1's IPv6 link local address on this LAN. All right, so not too hard to understand. Easy for me to see. say I've seen this video. I've seen that video 30 times now, if not more. Watch it again if you didn't understand or if you lost track halfway through. Watch it again. All right. So hopefully that was helpful. IPv6 Neighbor Discovery Protocol provides address resolution, router discovery, redirection services, neighbor solicitation. NS and neighbor advertisement messages are used for device to device messaging such as address resolution. Router solicitation and router advertisement messages are used for messaging between devices and routers for router discovery. And ICMPv6 redirect messages are used by routers for better next hop selection. The neighbor discovery process The, the, the IC IPV6 devices use neighbor discovery to resolve the MAC address of a known IPV6 address. And basically it says, hey, who out there has this address? Please send me your MAC address. It's very simplified. And then ICMP, that would be a neighbor solicitation message. And then ICMP neighbor. uh solicitation message is sent using the uh special ethernet and ice ipv6 multicast addresses and then um a neighbor discovery uh is um um a neighbor discovery is is sent out and then it receives a message with neighbor to solicitation you're going to do a packet tracer on this neighbor discovery and you'll see exactly how this process works with communication between devices and discovering icmp so our uh addressing all right so that is the second presentation for today um i hope it was informative and again if the videos themselves are not worth watching, then I encourage you to watch the videos in our NetAcad classroom if you want to watch them again without having to watch my whole presentation, or out on itexamanswers.net. They have all the same videos out there, so if you're out in the out not taking a Cisco NetAcad. Class, you can still watch the videos. You can still read the content. You can still do the, the packet traces that I mentioned in the class. They are all out on it exam answers dot net and other places as well. Except that's the place I know of. So that's the 1 I share and again, they're not paying me for that, but maybe they should someday. All right. So, my name is Donald professor Don. This has been Module 9, Address Resolution, and it has been my pleasure to be your teacher. If you have any questions and you're live with me, we'll have just a moment. You'll be able to ask those questions. And if you are watching it as a recording in our Netacad classroom, then I encourage you to ask your questions inside of our help discussion forums. If you're watching it on YouTube, please rate and follow. I appreciate that. And ask questions if you like down in the comment sections, and I'll do my best to answer those in a timely fashion. Have a great evening. Have fun learning Cisco, and we'll see you in the next module.

If you are watching... as a recording live with me ask at the end and if it's a recording on youtube uh just ask inside of our uh in the comments down below and i will be happy to help you answer the questions that you ask you should see my powerpoint now let me go ahead and configure my side and we are now ready here we go The objective is to explain how ARP and Neighbor Discovery, ND, enable communications on a network. We're going to compare the roles of the MAC address and the IP address. We talked about the MAC address last week. Hopefully that isn't too foggy.

Hopefully that'll be maybe today will be a little bit clearer if it is foggy. We're going to describe the purpose of ARP, Address Resolution Protocol. will describe the operation of ipv6 neighbor discovery nd mac and ip now this should not be new because last week we spent a lot of time talking about that there are two primary addresses assigned to a device on an on an ethernet LAN there's a layer layer to physical address that is embedded in your nix It's a MAC address.

We talked about it in Module 7. If you're not familiar with MAC addresses, please watch that video. It's used for NIC-to-NIC communications on the same Ethernet network. Layer 3 logical addresses, on the other hand, IP addresses, are used to send packets from the source to the destination on a different network. Actually, it could be the next device.

I really shouldn't say that. But it is used to go from your host, the PC you request a website from, to, say, a web server that has that information that's in a different part of the world. Layer 2 addresses are used to deliver frames from one NIC to another NIC on the same network. They're called Layer 2 addressing. And that is your...

MAC addresses. That is, in this case, we have PC1 is AAAA. That's a MAC address representation. PC2 is 5555 on the same network.

It just goes from one device to another, never has to go out to the router, doesn't really need the IP address until it gets to the destination. And then the destination reads the IP address and says, yep, that's mine. and then it can do something with it.

Now when the destination IP address is on a remote network, the destination MAC address is that of the default gateway. ARP is used by IPv4 to associate an IPv4 address of the device with the MAC address of the devices NIC, the both devices NICs or any devices ICMP version 6 doesn't use ARP, it uses Neighbor Discovery. And the way that works is it uses the MAC address of the devices, Nick.

We'll discuss that. So in this case, let me zoom in just to make it a little easier to see for you guys. So remember, Layer 2. communication happens from at the Mac layer at layer two and partially layer one.

We learned that last week and it goes from Mac to Mac with the Mac addresses changing between devices. Right. So the the PC one, the destination Mac is BBB.

Here it is. Sources AAA. But when we get to our one going to our two. the destination would be DDDD, and the source would be BBBB, right? And then here at the next level, it switches to EEE and ultimately gets to PC5.

But I want you to notice that all the way along that path. The source IP address for PC1 and the destination IPv4 address for PC2 remains the same. Whether it's IPv4 or IPv6, it remains the same.

Review of last week. You're going to do a packet tracer where you are going to gather PDU information for the local and remote network communication. ARP.

A device uses ARP to determine the destination MAC address of a local device when it knows its IPv4 address. ARP provides two basic functions. It resolves IPv4 addressing to MAC addresses, and it maintains an ARP table of IPv4 to MAC address mapping. So once it finds it once, then it maintains it for a short period afterwards.

So here we see PC1 doesn't know. uh where the where the destination mac address is uh it just has an ip address so what it does is it broadcasts the address uh indicating and two devices indicate hey that's not me in those packets that just dropped one device in this case ipv uh this is pc4 h4 uh receives the packet as a and then it says yep that's me and it sends back the mac address h1 then now has the mac address and then it sends a unicast address to the destination with using that MAC address. To send a frame, a device will search its ARP table for a destination IPv4 address and a corresponding MAC address. If the packet's destination IPv4 address is on the same network, the device will search its ARP table for the destination IP address and then just send it. If the destination IPv4 address is on a different network, the device will search the ARP table for an IPv4 address of the default gateway.

If it locates the IPv4 address and the corresponding MAC address, then it sends the packet. If there are no ARP table entries, then it uses the ARP request that we just looked at. And here is a video to show an ARP request.

and I don't have that number unfortunately so I need to run it. Here's the video. In this video we're going to see PCA send an ARP request for the MAC address of PCC. PCA has an IP packet with the source IP address of itself 192.168.1.110 and the destination IP address of PCC at 192.168.1.50. So it needs to know what the destination MAC address will be.

Because the source and destination IP addresses are on the same network, the destination MAC address will be that of the destination IP address of PCC. at 192.168.1.50. So PCA checks its ARP cache for the IP address 192.168.1.50. Because it is not in its ARP cache, it will put the packet on hold and create an ARP request.

The ARP request contains the target IPv4 address. This is the IPv4 address which is known by PCA. and the target MAC address, which is unknown. This is what PCA is wanting to find out. The ARP request is sent as a broadcast, so everybody on the network will need to examine this Ethernet frame and process the ARP request.

So PCA sends it to the switch. Because it is a broadcast, the switch will flood it out all ports except for the port that it came in on. PCB receives the broadcast so it must process it and its ARP process examines the ARP request. It compares its own IPv4 address against the target IPv4 address and notices that they are not the same so it doesn't need to send an ARP reply.

The router R1 also receives this ARP request. Its ARP process examines its own IPv4 address and compares that against the target IPv4 address and also realizes this is not its IPv4 address so it does not need to send the ARP reply. By the way, routers will not forward ARP requests out of their ports.

PCC receives the ARP request, compares its IPv4 address against the target IPv4 address, and notices that it is the intended target of the ARP request, that the target IPv4 address does match its own IPv4 address. So PCC will need to send an ARP reply. Okay, that is the request and that is. We're going to see PCA send an ARP. Now we watch this video.

In the previous video we saw an ARP request. from PCA looking for the MAC address of PCC. In this video we will see the ARP reply in response to that ARP request. PCC when it received the ARP request examined the target IPv4 address and compared it against its own IPv4 address and noticed that it was the intended target. So PCC will generate an ARP reply in response to that ARP request.

The ARP The ARP reply includes its own IPv4 address and its own MAC address. It is sent to PCA. ARP replies are sent as a unicast, so the destination MAC address is that of PCA. PCA receives the ARP reply in response to its previous ARP request.

takes the information the sender ipv4 address and the sender mac address and adds that information to its arp cache pca can now take the packet the original packet destined for pcc take that packet off hold and has the information it needs to send that packet to pcc so it takes the information from the arp cache the mac address and adds that to the Ethernet header as the destination MAC address. PCA can now forward this packet in the proper Ethernet frame onto PCC. And since you love in videos, there's one more here that continues the conversation. PCA as an IP packet, source IP address itself at 192.168.1.110, and destination IP address 10.1.1.10, which is an IP address on a remote network. So the destination MAC address will be that of its default gateway, 192.168.1.1, the router R1 in this case.

PCA checks its ARC cache for that. IP address 192.168.1.1 and there's no entry with a MAC address. So it puts the packet on hold and creates an ARP request.

The ARP request has the IP address of the router 192.168.1.1 and the target MAC address is unknown. The destination MAC address of an ARP request is a broadcast. So it will be sent to the switch.

and the switch will flood it out all ports except for the incoming port pcb receives the ARP request compares its own ipv4 address against the target ipv4 address in the ARP request and notices it is not a match so it is not the intended target pcc receives the ARP request compares its ipv4 address against the target ipv4 address and it is not the intended target either Router R1 receives the ARP request, compares its IPv4 address against the target IPv4 address, and it is indeed a match. It is the target of the ARP request. So, Router R1 will issue an ARP reply in response.

It will include its own MAC address, 000d, along with its IPv4 address. The destination MAC address of the ARP replies a unicast directed for PCA. So, it is a destination MAC address of 000A. So PCA receives the ARP reply. PCA, when it receives the ARP reply in response for its ARP request, sees the target IPv4 address and the target MAC address and adds that to its ARP cache.

It now has the information it needs to forward the packet which is on hold. So the destination MAC address is now going to be 000d, that of the router R1, its MAC address. And now PCA can forward the frame onto router R1. All right.

So hopefully that information is helpful for you to understand how. ARP is used to determine MAC addresses either of a local host or a destination host. And that was helpful for me when I was learning this content. So hopefully it is for you as well.

Now, removing entries from an ARP table. Entries in an ARP table are not permanent. and are removed when the ARPCache timer expires.

Now that ARP timer can be 15 to 45 seconds based on the type of data, the type of operating system that you are on, a PC or Linux or router and Cisco equipment. And the ARP table entries can also be removed manually by the administrator. uh in uh a router uh to show uh the ARP table the command is show ip arp and then it will uh show you uh what the um connections uh here we have an ip address uh connected to a hardware device a mac address and then here we on a pc the same thing uh here is the physical address of mac address connected to two different ip addresses ARP requests are received and processed by every device on the local network excessive ARP broadcasts can cause some reduction in performance ARP replies can be spoofed by a threat actor to perform an ARP that performs an ARP poisoning attack And enterprise level switches must mitigate or employ mitigation techniques to protect against ARP attacks. So ultimately what happens is you have a threat actor here that is connected to your network and it sends ARP replies to your ARP broadcast. I broadcast out to the network.

This guy's on the network. He said, yeah, yeah, yeah, that's me. That's me. Give me the information.

And then he can be man in the middle where then he can forward that information on and the person, the other device doesn't even know that he's there. Or there are some other security techniques or anti-security techniques, I guess. um hacking techniques to be able to disrupt the network google are poisoning beyond the scope of this class uh you will do a packet tracer to examine the arp table and this is you'll see or an op request you'll look at a switch mac table and you'll examine the arp process in a remote communication in remote communication now that's ipv4 Now we're going to shift to IPv6 neighbor discovery.

And we're going to start with the video. The video will explain the process of how IPv6 performs address resolution using an ICMPv6 neighbor solicitation and neighbor advertisement NS and NA messages. And let me jump to that video.

In this video, we will discuss the process of how IPv6 performs address resolution using ICMPv6 neighbor solicitation and neighbor advertisement messages. This is similar to the ARP process used by IPv4, but has certain advantages that we will see in a moment. Host A has a packet to send to host C. Host A is determined that the destination IPv6 address is on the same network as host A. Host A knows the destination IPv6 address, but needs the associated destination MAC address, so it can encapsulate the IPv6 packet in an Ethernet frame to send directly to host C.

HostA examines its neighbor cache to see if there is an entry for this destination IPv6 address. Similar to an ARP table, the neighbor cache maps IPv6 addresses to MAC addresses. For simplicity's sake, MAC addresses are shown here as four hex symbols instead of the usual 12. As we can see, there is no MAC entry associated with this IPv6 address.

The IPv6 packet is placed on hold. and host A creates an ICMPv6 neighbor solicitation message. This is similar to an ARP request used for IPv4 address resolution. One significant difference is that ARP messages are sent directly over Ethernet. IPv4 is not involved.

The IPv6 address resolution process uses ICMPv6, which is then encapsulated in an IPv6 header and then encapsulated in an Ethernet header and trailer. The ICMPv6 neighbor solicitation header includes the target IPv6 address, which is the same destination IPv6 address in the packet that is on hold. The target IPv6 address is mapped to a special IPv6 solicited node multicast address, which is then mapped to a special Ethernet multicast MAC address.

This mapping process contains a significant portion of the target IPv6 address. This allows for the Ethernet NICs on each device that receives this frame to determine whether or not to accept and process the frame. This is where we see an advantage of ICMPv6 Neighbor Discovery over ARP for IPv4.

Since ARP uses an Ethernet broadcast address, all devices on the local network must at least partially process an ARP request. The ICMPv6 Neighbor Solicitation message is forwarded by Host A and received by the switch. The switch will flood the Ethernet multicast frame out all ports except the incoming port. Host B receives the Ethernet frame. Host B's Ethernet NIC examines the destination MAC address.

The Ethernet NIC will accept frames whose destination MAC address matches the MAC address on the NIC, is a broadcast MAC address, or a multicast MAC address that maps to one of its IPv6 addresses. In this case, The multicast MAC address does not match any of these, so HostB's NIC ignores the rest of the frame without having to pass it up to an upper level process to make this determination. Again, this is an advantage over ARP for IPv4.

Router R1 receives the frame on its LAN interface. A similar process occurs on R1's interface. The Ethernet NIC ignores the frame because the destination multicast MAC address does not map to any of its IPv6 addresses.

ICMPv6 neighbor solicitation messages are not forwarded by the router. This is because the solicited node multicast address in the IPv6 header is sent with link local scope, which tells the router not to forward these packets off the local link or network. Host C receives the ethernet frame. This time The Ethernet multicast MAC address matches a MAC address associated with host C, specifically the one mapped to host C's IPv6 solicited node multicast address.

Therefore, host C accepts the frame and passes it up to its IPv6 process and then its ICMPv6 process. The target IPv6 address in the ICMPv6 header matches its own IPv6 global unicast address. So host C knows it is the target of this neighbor solicitation message. Before replying, host C adds the IPv6 and MAC address of host A to its own neighbor cache so it can return a neighbor advertisement message. Host C replies with an ICMPv6 neighbor advertisement message sent as an Ethernet unicast message.

directly to Host A. The ICMPv6 header includes Host C's IPv6 address which Host A already knew. and the associated MAC address that Host A was requesting. Host A receives the Ethernet frame, examines the IPv6 address and the MAC address in the ICMPv6 header, and adds it to its neighbor cache. Host A can now take the IPv6 packet off hold. Host A updates the destination MAC address with the address associated with the destination IPv6 address and forwards the frame an IPv6 packet to host C.

Note that if the destination IPv6 address was on a different network, this same process would occur to discover the MAC address of the default gateway, which would map to R1's IPv6 link local address on this LAN. All right, so not too hard to understand. Easy for me to see.

say I've seen this video. I've seen that video 30 times now, if not more. Watch it again if you didn't understand or if you lost track halfway through.

Watch it again. All right. So hopefully that was helpful. IPv6 Neighbor Discovery Protocol provides address resolution, router discovery, redirection services, neighbor solicitation. NS and neighbor advertisement messages are used for device to device messaging such as address resolution.

Router solicitation and router advertisement messages are used for messaging between devices and routers for router discovery. And ICMPv6 redirect messages are used by routers for better next hop selection. The neighbor discovery process The, the, the IC IPV6 devices use neighbor discovery to resolve the MAC address of a known IPV6 address. And basically it says, hey, who out there has this address?

Please send me your MAC address. It's very simplified. And then ICMP, that would be a neighbor solicitation message.

And then ICMP neighbor. uh solicitation message is sent using the uh special ethernet and ice ipv6 multicast addresses and then um a neighbor discovery uh is um um a neighbor discovery is is sent out and then it receives a message with neighbor to solicitation you're going to do a packet tracer on this neighbor discovery and you'll see exactly how this process works with communication between devices and discovering icmp so our uh addressing all right so that is the second presentation for today um i hope it was informative and again if the videos themselves are not worth watching, then I encourage you to watch the videos in our NetAcad classroom if you want to watch them again without having to watch my whole presentation, or out on itexamanswers.net. They have all the same videos out there, so if you're out in the out not taking a Cisco NetAcad. Class, you can still watch the videos. You can still read the content.

You can still do the, the packet traces that I mentioned in the class. They are all out on it exam answers dot net and other places as well. Except that's the place I know of.

So that's the 1 I share and again, they're not paying me for that, but maybe they should someday. All right. So, my name is Donald professor Don.

This has been Module 9, Address Resolution, and it has been my pleasure to be your teacher. If you have any questions and you're live with me, we'll have just a moment. You'll be able to ask those questions.

And if you are watching it as a recording in our Netacad classroom, then I encourage you to ask your questions inside of our help discussion forums. If you're watching it on YouTube, please rate and follow. I appreciate that. And ask questions if you like down in the comment sections, and I'll do my best to answer those in a timely fashion. Have a great evening.

Have fun learning Cisco, and we'll see you in the next module.

Transcript for:ARP, IPv4, IPv6, Neighbour Solicitation

Transcript for:
ARP, IPv4, IPv6, Neighbour Solicitation