IPv6 First-Hop Security Configuration Guide, Cisco IOS Release 15E
IPv6 Neighbor Discovery Multicast Suppress
Downloads: This chapterpdf (PDF - 1.43MB) The complete bookPDF (PDF - 2.92MB) | The complete bookePub (ePub - 439.0KB) | Feedback

IPv6 Neighbor Discovery Multicast Suppress

Contents

IPv6 Neighbor Discovery Multicast Suppress

Some deployment environments, such as large wireless networks, have scarce bandwidth and rely on proxy features to reduce the amount of control traffic exchanged between nodes on the link. IPv6 Neighbor Discovery (ND) Multicast Suppress is one of the proxy features used in such situations. The IPv6 ND Multicast Suppress feature is an IPv6 snooping feature that runs on a switch or a wireless controller and is used to reduce the amount of control traffic necessary for proper link operations.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Restrictions for IPv6 Neighbor Discovery Multicast Suppress

  • The IPv6 ND Multicast Suppress feature is not supported on Etherchannel ports.

Information About IPv6 Neighbor Discovery Multicast Suppress

IPv6 Neighbor Discovery Multicast Suppress

The IPv6 neighbor discovery (ND) multicast suppress feature stops as many ND multicast neighbor solicit (NS) messages as possible by dropping them (and responding to solicitations on behalf of the targets) or converting them into unicast traffic. This feature reduces the amount of control traffic necessary for proper link operations.

When an address is inserted into the binding table, an address resolution request sent to a multicast address is intercepted, and the device either responds on behalf of the address owner or converts the request into a unicast message and forwards it to its destination.

The following figure provides an overview of this feature:

IPv6 DAD Proxy

The IPv6 duplicate address detection (DAD) proxy feature provides host-to-host connectivity in LANs where direct communication between hosts is not possible. For example, in a Service Provider (SP) deployment, hosts must not see each other directly on the layer 2 domain. Hosts often are added to private VLANs and then directed to the same primary VLAN to reach SP servers and devices. This process raises an issue with IPv6 DAD, especially with link-local addresses, which are auto-assigned by hosts using the IPv6 stateless address autoconfiguration ND protocol.

When a host needs to verify that its address is unique, it enables the DAD procedure. However, when the two hosts cannot communicate with each other at layer 2, this procedure cannot detect a duplicate address. If the DAD procedure cannot run, there is the slight possibility that two hosts will assign the same link-local address, which will cause both hosts to fail when they try to reach the DHCPv6 server. The IPv6 DAD proxy feature responds on behalf of the address's owner when an address is already in use.

The following figure provides an overview of the IPv6 DAD proxy feature:

Figure 1. IPv6 DAD Proxy

How to Configure IPv6 Neighbor Discovery Multicast Suppress

Configuring the IPv6 Neighbor Discovery Suppress Policy on the Device

If the IPv6 ND suppress feature and the IPv6 DAD proxy feature are both available on a device, you can perform steps 4 and 5 in this task to enable IPv6 DAD proxy, if desired.

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    ipv6 nd suppress policy policy-name

    4.    mode dad-proxy

    5.    mode full-proxy


DETAILED STEPS
      Command or Action Purpose
    Step 1 enable


    Example:
    Device> enable 
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2 configure terminal


    Example:
    Device# configure terminal 
     

    Enters global configuration mode.

     
    Step 3 ipv6 nd suppress policy policy-name


    Example:
    Device(config)# ipv6 nd suppress policy policy1
     

    Defines the ND suppress policy name and enters ND suppress policy configuration mode.

     
    Step 4 mode dad-proxy


    Example:
    Device(config-nd-suppress)# mode dad-proxy
     

    Enables ND suppress in IPv6 DAD proxy mode.

     
    Step 5 mode full-proxy


    Example:
    Device(config-nd-suppress)# mode full-proxy
     

    Enables ND suppress to proxy multicast and unicast NS messages.

     

    Configuring IPv6 Neighbor Discovery Multicast Suppress on an Interface

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    interface type number

      4.    ipv6 nd suppress attach-policy [policy-name [vlan {add | except | none | remove | all} vlan [vlan1, vlan2, vlan3...]]]

      5.    exit


    DETAILED STEPS
        Command or Action Purpose
      Step 1 enable


      Example:
      Device> enable 
       

      Enables privileged EXEC mode.

      • Enter your password if prompted.
       
      Step 2 configure terminal


      Example:
      Device# configure terminal 
       

      Enters global configuration mode.

       
      Step 3 interface type number


      Example:
      Device(config)# interface ethernet 0/0
       

      Specifies an interface type and number, and places the device in interface configuration mode.

       
      Step 4 ipv6 nd suppress attach-policy [policy-name [vlan {add | except | none | remove | all} vlan [vlan1, vlan2, vlan3...]]]


      Example:
      Device(config-if)# ipv6 nd suppress attach-policy
       

      Applies the IPv6 ND suppress feature on a specific interface.

       
      Step 5 exit


      Example:
      Device(config-if)# exit
       

      Exits interface configuration mode.

       

      Configuring IPv6 DAD Proxy

      SUMMARY STEPS

        1.    enable

        2.    configure terminal

        3.    ipv6 nd dad-proxy


      DETAILED STEPS
          Command or Action Purpose
        Step 1 enable


        Example:
        Device> enable 
         

        Enables privileged EXEC mode.

        • Enter your password if prompted.
         
        Step 2 configure terminal


        Example:
        Device# configure terminal 
         

        Enters global configuration mode.

         
        Step 3 ipv6 nd dad-proxy


        Example:
        Device(config)# ipv6 nd dad-proxy
         

        Enables the IPv6 ND DAD proxy feature on the device when the IPv6 ND multicast suppress feature is not available on the device platform.

         

        Configuration Examples for IPv6 Neighbor Discovery Multicast Suppress

        Example: Configuring the IPv6 Neighbor Discovery Suppress Policy on the Device

        Device(config)# ipv6 nd suppress policy policy1
        Device(config-nd-suppress)#
              

        Example: Configuring IPv6 Neighbor Discovery Suppress on an Interface

        Device(config)# interface Ethernet 0/0
        Device(config-if)# ipv6 nd suppress attach-policy
              

        Additional References for IPv6 Neighbor Discovery Multicast Suppress

        Related Documents

        Related Topic

        Document Title

        IPv6 addressing and connectivity

        IPv6 Configuration Guide

        Cisco IOS commands

        Cisco IOS Master Commands List, All Releases

        IPv6 commands

        Cisco IOS IPv6 Command Reference

        Cisco IOS IPv6 features

        Cisco IOS IPv6 Feature Mapping

        MIBs

        MIB

        MIBs Link

        To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

        http:/​/​www.cisco.com/​go/​mibs

        Technical Assistance

        Description

        Link

        The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

        http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

        Feature Information for IPv6 Neighbor Discovery Multicast Suppress

        The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

        Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

        Table 1 Feature Information for IPv6 Neighbor Discovery Multicast Suppress

        Feature Name

        Releases

        Feature Information

        IPv6 Neighbor Discovery Multicast Suppress

        15.1(2)SG

        15.2(1)E

        The IPv6 ND Multicast Suppress feature is an IPv6 snooping feature that runs on a switch or a wireless controller and is used to reduce the amount of control traffic necessary for proper link operations.

        The following commands were introduced or modified: ipv6 nd dad-proxy, ipv6 nd suppress attach-policy, ipv6 nd suppress policy, mode dad-proxy, mode md-proxy.