Routing and Bridging Guide vA5(1.0), Cisco ACE Application Control Engine
Configuring Neighbor Discovery
Downloads: This chapterpdf (PDF - 301.0KB) The complete bookPDF (PDF - 3.97MB) | Feedback

Configuring Neighbor Discovery

Table Of Contents

Configuring Neighbor Discovery

Overview of Neighbor Discovery

Neighbor Solicitation

Neighbor Advertisement

Router Advertisement

Duplicate Address Detection

IPv6 Address Hierarchy

Configuring Neighbor Discovery Parameters

Configuring the Neighbor Solicitation Message Rate

Configuring a Static Neighbor Entry

Configuring the ND Refresh Interval for Configured Host Entries

Configuring the ND Refresh Interval for Learned Host Entries

Configuring the Number of NS Retries

Disabling the Replication of Neighbor Discovery Entries

Configuring the Neighbor Discovery Entry Replication Interval

Configuring Router Advertisement Parameters

Configuring the Hop Limit in the Router Advertisement

Configuring the Router Advertisement Interval

Configuring the Router Advertisement Lifetime

Suppressing Router Advertisements

Configuring the Neighbor Reachable Time

Configuring the Neighbor Discovery Retransmission Time

Configuring the Managed Configuration Flag

Configuring the Other Configuration Flag

Configuring the Prefixes that the ACE Advertises in RA Messages

Configuring Duplicate Address Detection Parameters

Restrictions and Configuration Considerations

Configuring the Number of Duplicate Address Detection Attempts

Displaying Neighbor Discovery Information

Displaying IPv6 Neighbors

Displaying the Duplicate Address Detection Status of VIPs

Displaying Additional Neighbor Discovery Information

Clearing Neighbor Discovery Learned Entries


Configuring Neighbor Discovery



Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted.


This chapter describes how the ACE uses the Neighbor Discovery (ND) protocol to manage and learn the mapping of IPv6 to Media Access Control (MAC) addresses of nodes attached to the local link. The ACE uses this information to forward and transmit IPv6 packets.

This chapter describes how to configure ND parameters and it contains the following major sections:

Overview of Neighbor Discovery

Configuring Neighbor Discovery Parameters

Configuring Router Advertisement Parameters

Configuring Duplicate Address Detection Parameters

Displaying Neighbor Discovery Information

Clearing Neighbor Discovery Learned Entries

Overview of Neighbor Discovery

The neighbor discovery (ND) protocol enables IPv6 nodes and routers to:

Determine the link-layer address of a neighbor on the same link

Find neighboring routers

Keep track of neighbors

The IPv6 ND process uses IPv6 ICMP (ICMPv6) messages and solicited-node multicast addresses to determine the link-layer address of a neighbor on the same network (local link), verify the reachability of a neighbor, and keep track of neighbor routers. Every IPv6 node is required to join the multicast groups corresponding to its unicast and anycast addresses.

The ACE creates an ND cache entry when it receives an ND packet or when you configure an IPv6 address on the ACE (for example, an IPv6 address for a real server, gateway, or an interface VLAN, an alias address, VIPs, and NAT pool addresses).

You can also configure static ND entries for IP to MAC translations. For details about the neighbor discovery protocol, see RFC 4861.

The IPv6 ND protocol uses the following mechanisms for its operation:

Neighbor Solicitation

Neighbor Advertisement

Router Advertisement

Duplicate Address Detection

Neighbor Solicitation

The ACE sends neighbor solicitation (NS) messages on the local link when it wants to determine the link-layer address of another node on the same local link. This function is similar to the ARP in IPv4, but avoids broadcasts used in IPv4 ARP messages, where all nodes receive unnecessary broadcast requests that do not concern them.

The ACE sends an ICMPv6 type 135 (neighbor solicitation) message to learn the corresponding link-layer address for a desired IPv6 unicast address. This request is sent to the solicited-node multicast address corresponding to the requested IPv6 unicast address.

It may be necessary for ACE to first convert a URI to an IPv6 address. If so, a naming service mechanism such as DNS must be used.

NS messages are also used to verify the reachability of a neighbor after the link-layer address of a neighbor is identified. Figure 6-1 shows how the NS message is used to determine the link-layer address of a neighbor.

Figure 6-1 Figure 14: Neighbor Discovery Message Exchange

Neighbor Advertisement

The IPv6 neighbor advertisement (NA) message is a response to the IPv6 NS message. After receiving the NS message, the destination node replies by sending an NA message on the local link with a value of 136 in the Type field of the ICMPv6 packet header. After receiving the NA, the source node and destination node can communicate.

Gratuitous NA messages are sent whenever an IPv6 address becomes active. This happens upon bootup, configuration changes, and for virtual IP (VIP) addresses, alias IP addresses, and NAT addresses following a fault-tolerant switchover.

Router Advertisement

Router advertisement (RA) messages are periodically sent out on each configured interface of an IPv6 router. RAs are also sent out in response to RS messages from IPv6 nodes on the link. The RAs are sent to the all-nodes link-local multicast address (FF02::1) or the unicast IPv6 address of a node that sent the RS messages.

An RA has a value of 134 in the Type field of the ICMP packet header and contains the following information in the message:

Whether nodes could use address autoconfiguration

Flags to indicate the type of autoconfiguration (stateless or stateful) that can be completed

One or more on-link IPv6 prefixes that nodes on the local link could use to automatically configure their IPv6 addresses

Lifetime information for each prefix included in the advertisement

Whether the router sending the advertisement should be used as a default router and, if so, the amount of time (in seconds) the router should be used as a default router

Additional information for hosts, such as the hop limit and maximum transmission unit (MTU) a host should use in packets that it originates

The IPv6 nodes on the local link receive the RA messages and use the information to keep the information about default router and prefix lists and other configuration parameters updated. Figure 15 shows an example of an RA.

Figure 6-2 Router Advertisement

Duplicate Address Detection

Duplicate Address Detection (DAD) is an IPv6 process that a host uses to determine whether another host has the same IP address to avoid address collisions in a subnet. The originating host uses NS messages to query other nodes on the local link for their IP addresses. If the originating host receives an NA response message from another node with the same address, the originating node logs an error and cannot use the address on its interface. If the failing address is a link local address, the originating node's IPv6 interface is disabled.

Per RFC-2461 and RFC-2462, a configured IPv6 address becomes active only after the DAD process has determined that the IPv6 address is not already owned by another host. If the address is determined to be a duplicate, then it is not activated.

IPv6 Address Hierarchy

On the ACE, an IPv6 interface is considered to be operationally up after the link-local address has passed DAD. Once that happens, the ACE performs DAD on the global-unique and unique-local interface addresses, and the VIP addresses. Because the alias interface address may be in the same subnet as either the global-unique interface address or the unique-local interface address, the ACE performs DAD for the alias after DAD passes for the corresponding in-subnet global-unique or unique-local address. If a prerequisite address does not pass DAD, the ACE displays the status of that address as INACTIVE.

When you configure two ACEs as a fault-tolerant pair, only the active ACE performs DAD for virtual addresses. Therefore, the DAD status for interface alias addresses, VIP addresses, and NAT pool addresses always reflects the status on the active ACE.

If the global or unique-local address is a duplicate and the ACE is active in an FT pair, then the alias address is also disabled.

Configuring Neighbor Discovery Parameters

The ACE uses the ND protocol to find and learn the MAC addresses of other nodes that are connected to the local link. For mode details about neighbor discovery, see the "Overview of Neighbor Discovery" section.

This section contains the following subsections:

Configuring the Neighbor Solicitation Message Rate

Configuring a Static Neighbor Entry

Configuring the ND Refresh Interval for Configured Host Entries

Configuring the ND Refresh Interval for Learned Host Entries

Configuring the Number of NS Retries

Disabling the Replication of Neighbor Discovery Entries

Configuring the Neighbor Discovery Entry Replication Interval

Configuring the Neighbor Solicitation Message Rate

The ACE sends neighbor solicitation messages via ICMPv6 on the local link to determine the IPv6 addresses of nearby nodes (hosts or routers). You can configure the rate at which the ACE sends these neighbor solicitation messages.

Procedure

To configure the rate at which the ACE sends NS messages for duplicate address detection (DAD) attempts, use the ipv6 nd ns-interval command in interface VLAN or interface BVI configuration mode. For information about configuring the number of DAD attempts, see the "Configuring the Number of Duplicate Address Detection Attempts" section.

The syntax of this command is as follows:

ipv6 nd ns-interval interval

The keywords and arguments are as follows:

ns-interval—Indicates the frequency of the neighbor solicitation (NS) messages that are sent by the ACE

interval—Specifies the frequency in milliseconds (msecs) of the NS messages that are sent by the ACE. Enter an integer from 1000 to 2147483647. The default is 1000 msecs.

For example, to configure an NS frequency of 36000 msecs, enter the following commands:

host1/Admin(config)# interface VLAN 100
host1/Admin(config-if)# ipv6 nd ns-interval 36000
 
   

To reset the NS interval to the default value of 1000 msecs, enter the following commands:

host1/Admin(config)# interface VLAN 100
host1/Admin(config-if)# no ipv6 nd ns-interval 36000
 
   

Configuring a Static Neighbor Entry

You can configure a static ND entry that maps an IPv6 address to a Layer 2 address. The ACE stores this entry in the ND cache. To configure a static ND entry, use the ipv6 neighbor command in configuration mode. The syntax of this command is as follows:

ipv6 neighbor ipv6_address mac_address

The arguments are as follows:

ipv6_address—IPv6 address of the host

mac_address—Layer 2 media access control (MAC) address

For example, to configure a static ND entry, enter the following commands:

host1/Admin(config)# ipv6 neighbor 2001:DB8:1::80 00-0c-f1-56-98-ad
 
   

To remove the static ND entry, enter the following command:

host1/Admin(config)# no ipv6 neighbor
 
   

Configuring the ND Refresh Interval for Configured Host Entries

By default, the refresh interval for existing ND entries of configured hosts is 300 seconds. To configure this interval, use the ipv6 nd interval command in configuration mode. You configure this command for each context. The syntax of this command is as follows;

ipv6 nd interval number

The number argument specifies the time interval in seconds between NS messages for configured hosts. Enter an integer from 15 to 2073600. The default is 300 seconds (5 minutes).

For example, to configure an NS message interval of 600 seconds (10 minutes), enter the following command:

host1/Admin(config)# ipv6 nd interval 600
 
   

To reset the NS message interval to the default of 300 seconds, enter the following command;

host1/Admin(config)# no ipv6 nd interval 600
 
   

Configuring the ND Refresh Interval for Learned Host Entries

By default, the refresh interval for ND entries of learned hosts is 300 seconds. To configure this interval, use the ipv6 nd learned-interval command in configuration mode. You configure this command for each context. The syntax of this command is as follows:

ipv6 nd learned-interval number

The number argument specifies the time interval in seconds between NS messages for learned neighbor entries. Enter an integer from 60 to 2073600. The default is 14400 seconds (240 minutes or 4 hours).

For example, to configure a learned neighbor interval of 600 seconds (10 minutes), enter the following command:

host1/Admin(config)# ipv6 nd learned-interval 600
 
   

To reset the learned neighbor interval to the default of 300 seconds, enter the following command;

host1/Admin(config)# no ipv6 nd learned-interval 600
 
   

Configuring the Number of NS Retries

To configure the number of NS attempts before the ACE considers a host as down, use the ipv6 nd retries command in configuration mode. The syntax of this command is as follows:

ipv6 nd retries number

The number argument specifies the number of times that the ACE resends the NS messages before considering a host as down. Enter an integer from 1 to 15. The default is 3.

For example, to configure the ACE to resend NS messages five times before marking the host as down, enter the following command:

host1/Admin(config)# ipv6 nd retries 5
 
   

To reset the number of retries to the default value of 3, enter the following command;

host1/Admin(config)# no ipv6 nd retries 5
 
   

Disabling the Replication of Neighbor Discovery Entries

By default, the active ACE replicates ND entries to the standby in a redundant configuration. To disable the replication of ND entries, use the ipv6 nd sync disable command in configuration mode. The syntax of this command is as follows:

ipv6 nd sync disable

For example, to disable ND entry replication for the current context, enter the following command:

host1/Admin(config)# ipv6 nd sync disable
 
   

To reenable the replication of ND entries, enter the following command;

host1/Admin(config)# no ipv6 nd sync disable
 
   

Configuring the Neighbor Discovery Entry Replication Interval

By default, the time interval between ND synchronization messages for learned hosts is 5 seconds. To configure this time interval, use the ipv6 nd sync-interval command in configuration mode. The syntax of this command is as follows:

ipv6 nd sync-interval number

The number argument specifies the time interval between ND synchronization messages. Enter an integer from 1 to 3600 seconds (1 hour). The default is 5 seconds.

For example, to specify a time interval of 100 seconds, enter:

host1/Admin(config)# ipv6 nd sync-interval 100
 
   

To restore the default value of 5 seconds, enter the following command:

host1/Admin(config)# no ipv6 nd sync-interval
 
   

Configuring Router Advertisement Parameters

IPv6 routers periodically send router advertisement (RA) messages on each configured interface. Routers also send RA messages in response to router solicitation (RS) messages from hosts on the local link. RA messages use ICMPv6 type 134 in the ICMP packet header. When a host sends a router solicitation message to the ACE, it sends back an RA message to the host. For more information about router advertisement, see the "Router Advertisement" section. You can configure several RA message parameters in the ACE that affect how the ACE responds to RS messages, as described in the following sections:

Configuring the Hop Limit in the Router Advertisement

Configuring the Router Advertisement Interval

Configuring the Router Advertisement Lifetime

Suppressing Router Advertisements

Configuring the Neighbor Reachable Time

Configuring the Neighbor Discovery Retransmission Time

Configuring the Managed Configuration Flag

Configuring the Other Configuration Flag

Configuring the Prefixes that the ACE Advertises in RA Messages

Configuring the Hop Limit in the Router Advertisement

You can specify the hop limit that the ACE's neighbors should use when originating IPv6 packets. To configure the hop limit in the IPv6 header, use the ipv6 nd ra hop-limit command in interface or BVI configuration mode. The syntax of this command is as follows;

ipv6 nd ra hop-limit number

The number argument specifies the number of hops that neighbors should use when they originate IPv6 packets. Enter an integer from 0 to 255. The default is 64.

For example, to configure the number of hops that neighbors should use, enter the following command:

host1/Admin(config)# interface vlan 100
host1/Admin(config-if)# ipv6 nd ra hop-limit 32
 
   

To reset the hop limit to the default of 64, enter the following command:

host1/Admin(config-if)# no ipv6 nd ra hop-limit 32
 
   

Configuring the Router Advertisement Interval

To configure the rate at which the ACE sends RA messages, use the ipv6 nd ra interval command in interface VLAN or interface BVI configuration mode. The syntax of this command is as follows:

ipv6 nd ra interval number

The number argument specifies the rate in seconds at which the ACE sends RA messages to other nodes on the local link. Enter an integer from 4 to 1800. The default is 600.

For example, to configure the ACE to send RA messages every 900 seconds (15 minutes), enter the following command:

host1/Admin(config)# interface vlan 100
host1/Admin(config-if)# ipv6 nd ra interval 900
 
   

To reset the interval to the default of 600 seconds (10 minutes), enter the following command:

host1/Admin(config-if)# no ipv6 nd ra interval
 
   

Configuring the Router Advertisement Lifetime

The RA lifetime is the length of time that neighboring nodes should consider the ACE as the default router before they send RS messages again. To configure the RA lifetime, use the ipv6 nd ra lifetime command in interface VLAN or interface BVI configuration mode. The syntax of this command is as follows;

ipv6 nd ra lifetime number

The number argument specifies the length of time in seconds that the neighboring nodes should consider the ACE as the default router. Enter an integer from 0 to 9000. The default is 1800.


Note The RA lifetime should be less than or equal to the RA interval. The valid lifetime should be greater than or equal to the preferred lifetime.


For example, to configure an RA lifetime of 2400 seconds (40 minutes), enter the following commands:

host1/Admin(config)# interface vlan 100
host1/Admin(config-if)# ipv6 nd ra lifetime 2400
 
   

To reset the RA lifetime to the default of 1800 seconds (30 minutes), enter the following command:

host1/Admin(config-if)# no ipv6 nd ra lifetime
 
   

Suppressing Router Advertisements

By default, the ACE automatically responds to RS messages that it receives from neighbors with RA messages that include, for example, the network prefix. You can instruct the ACE to not respond to RS messages by using the ipv6 nd ra suppress command in interface VLAN or interface BVI configuration mode. The syntax of this command is as follows:

ipv6 nd ra suppress

For example, to configure the ACE to not send RA messages to neighbors in response to RS messages, enter the following commands;

host1/Admin(config)# interface vlan 100
host1/Admin(config-if)# ipv6 nd ra suppress
 
   

To reset the ACE behavior to the default of always sending RA messages in response to RS messages, enter the following commands:

host1/Admin(config)# interface vlan 100
host1/Admin(config-if)# no ipv6 nd ra suppress
 
   

Configuring the Neighbor Reachable Time

The reachable time parameter specifies the time in milliseconds during which a host considers a peer as reachable following the host's receipt of a reachability confirmation from the peer. A reachability confirmation can be an NA or NS message or any upper protocol traffic. The ACE sends the reachable time value in RA messages in response to RS messages. To configure the neighbor reachable time, use the ipv6 nd reachable-time command in interface VLAN or interface BVI configuration mode. The syntax of this command is as follows:

ipv6 nd reachable-time number

The number argument specifies the length of time after which a node is considered reachable. Enter an integer from 0 to 3600000. The default is 0.

For example, to configure the ACE to send a reachable time value of 2000 msecs, enter the following commands;

host1/Admin(config)# interface vlan 100
host1/Admin(config-if)# ipv6 nd reachable-time 2000
 
   

To restore the reachable time value to the default of 0 msecs, enter the following command:

host1/Admin(config-if)# no ipv6 nd reachable-time
 
   

Configuring the Neighbor Discovery Retransmission Time

You can configure the time during which NS messages (including DAD) are retransmitted.The ND retransmission time is related to RA and applies to hosts. To configure the NS retransmission time, use the ipv6 nd retransmission-time command in interface VLAN or interface BVI configuration mode. The syntax of this command is:

ipv6 nd retransmission-time number

The number argument specifies the time in seconds during which NS messages are retransmitted. Enter an integer from 0 to 3600000. The default is 0.

For example, to configure the NS retransmission time for hosts, enter the following commands:

host1/Admin(config)# interface vlan 100
host1/Admin(config-if)# ipv6 nd retransmission-time 1000
 
   

To restore the NS retransmission time value to the default of 0 msecs, enter the following command:

host1/Admin(config-if)# no ipv6 nd retransmission-time
 
   

Configuring the Managed Configuration Flag

To instruct the ACE to notify hosts that they should use Dynamic Host Configuration Protocol (DHCP) for address configuration, use the ipv6 nd managed-config-flag command in interface VLAN or interface BVI configuration mode. The syntax of this command is as follows:

ipv6 nd managed-config-flag

For example, to instruct the ACE to notify hosts to us e DHCP, enter the following commands:

host1/Admin(config)# interface vlan 100
host1/Admin(config-if)# ipv6 nd managed-config-flag
 
   

To reset the ACE behavior to the default of not notifying hosts to use DHCP, enter the following command:

host1/Admin(config-if)# no ipv6 nd managed-config-flag
 
   

Configuring the Other Configuration Flag

To notify hosts that they should use DHCP for nonaddress configurations, use the ipv6 nd other-config-flag command in interface VLAN or interface BVI configuration mode. The syntax of this command is as follows:

ipv6 nd other-config-flag

For example, to instruct hosts to use DHCP for non-address configurations, enter the following commands:

host1/Admin(config)# interface vlan 100
host1/Admin(config-if)# ipv6 nd other-config-flag
 
   

To reset the ACE behavior to the default of not notifying hosts to use DHCP for nonaddress configurations, enter the following command:

host1/Admin(config-if)# no ipv6 nd other-config-flag
 
   

Configuring the Prefixes that the ACE Advertises in RA Messages

You can configure the IPv6 prefixes that the ACE advertises in router advertisement (RA) messages on the local link. You can configure a maximum of two prefixes for RA. To configure the prefixes that the ACE advertises, use the ipv6 nd prefix command in interface VLAN or interface BVI configuration mode. The syntax of this command is as follows:

ipv6 nd prefix ipv6_address/prefix_length [at date month year time date month year time | no-advertise | no-autoconfig | off-link | [pref-lt | valid-lt {number | infinite}]]

The keywords and arguments are as follows:

ipv6_address/prefix_length—Specifies the prefix that the ACE advertises in RA messages.

at(Optional) Specifies that the IPv6 prefix expires on the date and time that follows.

dateValid lifetime expiration date. Enter an integer from 1 to 31.

monthValid lifetime expiration month. Enter the full name of the month or the three letter case-sensitive month abbreviation. For example, for January, enter January or Jan.

yearValid lifetime year of expiration. Enter the year as a four-digit integer.

timeValid lifetime expiration time. Enter the time in the hh:mm format.

datePreferred lifetime expiration date. Enter an integer from 1 to 31.

monthPreferred lifetime expiration month. Enter the full name of the month or the three letter case-sensitive month abbreviation. For example, for January, enter January or Jan.

yearPreferred lifetime year of expiration. Enter the year as a four-digit integer.

timePreferred lifetime expiration time. Enter the time in the hh:mm format.

no-advertise—(Optional) Instructs the ACE to not advertise the prefix.

no-autoconfig—(Optional) Specifies that the prefix should not be used for autoconfiguration.

off-link—(Optional) Flag related to the L-bit as defined in RFC 2461. When you specify the optional off-link keyword, the L-bit flag is turned off, which indicates that the specified prefix should not be used for onlink determination. However, when the L-bit is enabled (the default setting), it indicates in the router advertisement messages that the specified prefix is assigned to the local link. Therefore, nodes sending traffic to addresses that contain the specified prefix consider the destination to be locally reachable on the link.

valid-lt number—(Optional) Length of time in seconds that the prefix is valid. For the number argument, enter an integer from 0 to 2147483647. The default is 2592000 seconds (30 days).

pref-lt number—(Optional) Length of time in seconds that prefix is preferred. For the number argument, enter an integer from 0 to 2147483647 The default is 604800 (seven days).

infinite—(Optional) Specifies prefix never expires.

For example, to configure the prefixes that the ACE advertises in RA messages, enter the following commands:

host1/Admin(config)# interface vlan 100
host1/Admin(config-if)# ipv6 nd prefix 2001:DB9:1::/64 valid-lt 
3000000
 
   

To specify the valid expiration time and the preferred expiration time of the prefix, enter the following command:

host1/Admin(config-if)# ipv6 nd prefix 2001:DB9:1::/64 at 21 Jan 2019 
12:12 21 Jan 2019 12:12
 
   

To remove the prefix from RA messages, enter the following command:

host1/Admin(config-if)# no ipv6 nd prefix 2001:DB9:1::/64 valid-lt 
3000000
 
   

Configuring Duplicate Address Detection Parameters

To prevent IPv6 address duplication, the ACE uses Duplicate Address Detection (DAD). When you configure a node interface with an IP address for the first time, the node solicits its neighbors to determine whether any other node uses the same IP address. If the address is already in use, the originating node logs an error. If the failed address is the link local address, the interface remains operationally down until the duplicate address is resolved by reconfiguring the address on the interface. For detailed information about DAD, see Chapter 2, Overview of IPv6.

Restrictions and Configuration Considerations

The ACE does not perform DAD on the following types of addresses:

Aggregate VIPs, which are defined as those with network prefix lengths that are less than 128

NAT pool addresses because of the potentially large number of addresses that would be involved

If redundancy is configured, DAD is performed on both the active and the standby ACEs for the link-local, global-unique, and unique-local addresses. However, only the active ACE performs DAD for the virtual addresses, which are the interface alias addresses and the VIPs. After DAD passes on the active ACE for a virtual address, the active ACE communicates the DAD status to the standby ACE. Therefore, the DAD status of PASSED or DUPLICATE for virtual addresses reflects the status on the active ACE, regardless of which ACE is queried for the address. The TENTATIVE state is not communicated from the active to the standby. Therefore, on the standby, the DAD status transitions immediately from INACTIVE to PASSED or DUPLICATE.


Note If you remove the global IPv6 address that is in the same subnet as the VIP from an interface of the active ACE in a redundant configuration where all the addresses have passed DAD, the DAD status of the VIP on the active changes from in-subnet (INACTIVE) to out-of-subnet(NA), but the VIP status on the standby remains in the PASSED state.


The ACE performs DAD only for VIPs that belong to a class map that is associated with a service policy that is active on an in-subnet interface. If a VIP is associated with an out-of-subnet interface, the VIP is installed without performing DAD. This is because the neighbor solicitation messages are multicast on the solicited-node multicast address of the target address and are not forwarded beyond the local subnet.

Configuring the Number of Duplicate Address Detection Attempts

You can configure the number of times that the ACE solicits its neighbors for duplicate address information. To set the number of duplicate address attempts, use the ipv6 nd dad-attempts command in interface VLAN configuration mode. The syntax of this command is as follows:

ipv6 nd dad-attempts number

The number argument specifies the number of times that the ACE sends NS messages to its neighbors on the local link for DAD. Enter an integer from 0 to 255. The default is 1.


Note The ACE uses the ipv6 nd dad-attempts command with the ipv6 nd ns-interval command to determine the number and frequency, respectively, of DAD attempts.


For example, to configure the ACE to send NS messages three times for DAD, enter the following commands:

host1/Admin(config)# interface vlan 100
host1/Admin(config-if)# ipv6 nd dad-attempts 4
 
   

To reset the ACE behavior to the default of sending NS messages for DAD once, enter the following command:

host1/Admin(config-if)# no ipv6 nd dad-attempts
 
   

Displaying Neighbor Discovery Information

This section describes the show commands and output fields that are available to display neighbor discovery (ND) information and statistics. It contains the following topics:

Displaying IPv6 Neighbors

Displaying Additional Neighbor Discovery Information

Displaying IPv6 Neighbors

To display IPv6 neighbors, use the show ipv6 neighbors command in Exec mode. The syntax of this commands is as follows:

show ipv6 neighbors

For example, to display all IPv6 neighbors, enter the following command:

host1/Admin# show ipv6 neighbors
 
   

Table 6-1 describes the fields in the show ipv6 neighbors command output.

Table 6-1 Field Descriptions for the show ipv6 neighbors Command
Output 

Field
Description

Context

Name of the current context.

IPv6 Address

IPv6 address of the neighbor.

MAC Address

MAC address of the neighbor. This address is the interface MAC address if the entry is the local address of the interface. It is the VMAC address if the entry is a vserver.

NextNS(s)

Time in seconds until the next ND entry refresh.

Status

State of the neighbor: up or dn.

Use Count

Number of references to the IPv6 address from an upper layer. For example, for a VIP, if multiple match virtual-address statements are configured with different port numbers but the same IP address, the use count is incremented.

Interface

Name of the VLAN interface or BVI to which the neighbor is connected.

Type

Type of the neighbor entry. Possible values are:

VSERVER (if it is a VIP)

RSERVER

ALIAS (alias IPv6 address)

INTERFACE (interface IPv6 address)

GATEWAY

NAT

Encap

The encap ID is stored in the connection table and is used to fetch Layer 2 information in the data plane. Possible values are integers in the range 1 to (32K - 1).


Displaying the Duplicate Address Detection Status of VIPs

To display the operational status of VIPs with respect to duplicate address detection (DAD), use the show service-policy name detail dad command in Exec mode. The syntax of this command is as follows:

show service-policy name detail dad

For the name argument, enter the name of an existing service policy as an unquoted text string and a maximum of 64 alphanumeric characters. For details about the show service-policy command, see the Server Load-Balancing Guide, Cisco ACE Application Control Engine.

For example, to display the DAD status of IPv6 VIPs associated with the SERVICE_POLICY1 service policy, enter the following command:

host1/Admin# show service-policy SERVICE_POLICY1 detail dad
 
   

Table 6-2 describes the DAD-related fields in the show service-policy name detail dad command output. For a complete description of the other fields in the show service-policy command, see the Server Load-Balancing Guide, Cisco ACE Application Control Engine.

Table 6-2 Field Descriptions for the show service-policy name detail dad Command Output 

Fields
Description

Policy-map

Name of the Layer 4 multimatch policy map.

Status

Current operational state of the service policy. Possible states are ACTIVE or INACTIVE.

Description

User-entered description of the policy map if any.

Interface

VLAN ID of the interface to which the policy map has been applied.

Service-policy

Unique identifier of the policy map.

class

Name of the class map associated with the service policy.

VIP address

Virtual IP address specified in the class map.

Protocol

Protocol specified in the class map.

Port

Port specified in the class map.

Subnet: Subnet DAD Status

VLAN

VLAN ID of the interface where the VIP resides

In

In-subnet DAD status of the VIP. Possible values for the DAD status are:

DUPLICATE—IPv6 address is already owned by another device. The address is inactive.

INACTIVE—Address is not installed.

N/A—Address is installed and DAD was not done. DAD is not done for multiple-address VIPs (those with prefix lengths less than 128) or for out-of-subnet VIPs. In this case, the VIP immediately transitions to active. The interface addresses do not use this state.

PASSED—Address successfully passed DAD and is active. This state can occur only for in-subnet /128 VIPs.

TENTATIVE—address is installed and presently undergoing DAD. DAD is done only for single-address VIPS in the same subnet, and for interface addresses. The address is inactive when in this STATE.

Out

Out-of-subnet DAD status of the VIP. Values can be either INACTIVE or N/A. See In-subnet description.

Loadbalance

VIP DAD state

Final VIP DAD status when there are multiple VIPs.


Displaying Additional Neighbor Discovery Information

To display additional ND information, use the show ipv6 interface command. For details about the syntax and output fields of this command, see the "Displaying IPv4 VLAN and BVI Information" section in Chapter 3, Configuring VLAN Interfaces.

Clearing Neighbor Discovery Learned Entries

To clear neighbor discovery learned entries, use the clear ipv6 neighbors command in Exec mode. The syntax of this command is as follows;

clear ipv6 neighbors [no refresh | ipv6_address [no refresh] | vlan vlan_ID]

The keywords and arguments are as follows:

no-refresh—(Optional) Clears the ND cache entries without performing a new ND for learned entries. A new ND is performed for real server entries.

ipv6_address [no-refresh]—(Optional) Clears the ND cache entry specified by the IPv6 address with or without a new ND.

vlan vlan_ID—(Optional) Clears the ND cache entries associated with the specified VLAN. This option is required for link-local addresses.

If you do not specify one of the optional keywords or arguments, the ACE clears the ND cache entries and then performs a new ND on the entries.

For example, to clear all the ND cache entries without a new ND, enter the following command:

host1/Admin# clear ipv6 neighbors no-refresh