Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Similar to DHCP for IPv4, DHCPv6 clients and DHCPv6 servers exchange DHCPv6 messages using the User Datagram Protocol (UDP). DHCPv6 clients only process DHCPv6 messages with UDP port number 546. DHCPv6 servers and relay agents only process DHCPv6 messages with UDP port number 547.
DHCPv6 defines 13 types of packets. A DHCPv6 server and a DHCPv6 client communicate by exchanging these types of packets. Table 8-3 lists DHCPv6 packets and their corresponding DHCPv4 packets and describes the DHCPv6 packets. Table 8-3 Comparisons between DHCPv6 packets and DHCPv4 packets
This Document Applies to these Products Page 2
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
The Options field in a DHCP message carries control information and parameters that are not defined in common protocols. When a DHCP client requests an IP address from a DHCP server configured with the Options field, the server replies a message containing the Options field. Figure 3-3 shows the format of the Options field. Figure 3-3 Format of the Options field The Options field consists of Type, Length, and Value. The following table provides the details. Table 3-3 Description of the Options field
The value of the Options field ranges from 1 to 255. Table 3-4 lists common DHCP options. Table 3-4 Description of the Options field in DHCP messages
The objects of this field vary depending on the functions of the Options field. For example, Option 77 is used on a DHCP client to identify user types of the DHCP client. The DHCP server selects an address pool to allocate an IP address and configuration parameters to the DHCP client based on the User Class in the Option field. Option 77 is manually configured only on a DHCP client but not on the server. For more information about common DHCP options, see related RFC document. Some options, such as Option 82, are not defined in RFC and can be customized. The Option 82 field is called the DHCP relay agent information field. It records the location of a DHCP client. A DHCP relay agent or a DHCP snooping-enabled device appends the Option 82 field to a DHCP Request message sent from a DHCP client, and then forwards the DHCP Request message to a DHCP server. An administrator can use the Option 82 field to locate a DHCP client and implement control over security and accounting of the DHCP client. According to information in the Option 82 field, a DHCP server can make a policy for allocating IP addresses and other parameters and provide flexible address allocation schemes. The Option 82 field contains a maximum of 255 suboptions. If the Option 82 field is defined, at least one suboption must be defined. The content of the Option 82 field is not uniformly defined, and vendors fill in the Option 82 field as needed. The device supports the following Option 82 field formats:
This Document Applies to these Products Page 3
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ARP-Ping includes ARP-Ping IP and ARP-Ping MAC. ARP-Ping sends ARP Request packets or ICMP Echo Request packets to check whether a specified IP address or MAC address is used. ARP-Ping IP checks whether an IP address is used by another device on the LAN by sending ARP packets. Before configuring an IP address for a device, configure ARP-Ping IP on the device to check whether this IP address has been used by sending ARP Request packets. You can also run the ping command to check whether this IP address is used by another device on the network. However, if the switch or host that uses the IP address is enabled with the firewall function and the firewall is configured not to respond to ping packets, you may be misled into thinking that this IP address is not used. To solve the problem, use ARP-Ping IP. ARP is a Layer 2 protocol. Therefore, ARP packets can pass through the firewall that is configured not to respond to ping packets. ARP-Ping IP sends ARP Request packets. ARP-Ping IP is implemented as follows:
The ARP-Ping MAC process is similar to the ping process. The difference is that ARP-Ping MAC applies only to directly connected Ethernet LANs or Layer 2 VPN Ethernet networks. ARP-Ping MAC sends ICMP Echo Request packets. ARP-Ping MAC is implemented as follows:
This Document Applies to these Products Page 4
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Figure 2-1 shows the format of an ARP Request or Reply packet. Figure 2-1 Format of an ARP Request or Reply packet Description of the main fields is as follows:
ARP completes address resolution through two processes: ARP request process and ARP reply process. Figure 2-2 ARP request process As shown in Figure 2-2, HOSTA and HOSTB are on the same network segment. HOSTA needs to send IP packets to HOSTB. HOSTA searches the local ARP table for the ARP entry corresponding to HOSTB. If the corresponding ARP entry is found, HOSTA encapsulates the IP packets into Ethernet frames and forwards them to HOSTB based on its MAC address. If the corresponding ARP entry is not found, HOSTA caches the IP packets and broadcasts an ARP Request packet. In the ARP Request packet, the IP address and MAC address of the sender are the IP address and MAC address of HOSTA. The destination IP address is the IP address of HOSTB, and the destination MAC address contains all 0s. All hosts on the same network segment can receive the ARP Request packet, but only HOSTB processes the packet. Figure 2-3 ARP reply process HOSTB compares its IP address with the destination IP address in the ARP Request packet. If HOSTB finds that its IP address is the same as the destination IP address, HOSTB adds the IP address and MAC address of the sender (HOSTA) to the local ARP table. Then HOSTB unicasts an ARP Reply packet, which contains its MAC address, to HOSTA, as shown in Figure 2-3. After receiving the ARP Reply packet, HOSTA adds HOSTB's MAC address into the local ARP table. Meanwhile, HOSTA encapsulates the IP packets and forwards them to HOSTB.
Dynamic ARP entries are generated and maintained dynamically by using ARP packets. They can be aged out, updated, or overwritten by static ARP entries. When the aging time expires or the interface is Down, the corresponding dynamic ARP entries are deleted.
When the egress of ARP entries is a tunnel, in the event of a tunnel status change, the device does not get aware of ARP entries, and ARP entries are automatically deleted when aged out. Static ARP entries record fixed mapping between IP addresses and MAC addresses and are configured manually by network administrators.
This Document Applies to these Products Page 5
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
To obtain a valid dynamic IP address, a DHCP client exchanges different messages with a server at different stages. Generally, a DHCP client and server interact in the following modes.
This Document Applies to these Products Page 6
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Figure 4-1 shows typical networking of a DNS client. Figure 4-1 Typical networking of a DNS client As shown in Figure 4-1, the device functions as a DNS client and can dynamically obtain the corresponding IP address of a domain name from a DNS server. This facilitates user communication.
This Document Applies to these Products Page 7
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
This section describes how to configure the DHCPv6 function.
This Document Applies to these Products Page 8
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Network devices can communicate at the network layer only after they are configured with IP addresses.
This Document Applies to these Products Page 9
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
The SEcure Neighbor Discovery (SEND) protocol is a security extension of the Neighbor Discovery Protocol (NDP) in IPv6. Pre-configuration TasksBefore configuring IPv6 SEND, complete the following tasks:
You can perform the following configuration tasks in sequence.
This Document Applies to these Products Page 10
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
The switch can function as a proxy of the destination host to reply an ARP Request message. Pre-configuration TasksBefore configuring proxy ARP, complete the following task:
This Document Applies to these Products Page 11
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ARP-Ping IP sends ARP packets onto a LAN to check whether an IP address is being used by another device on the LAN. The ping command can also check whether an IP address is in use. If the destination host or the switch configured with the firewall function are configured not to reply to ping packets, there is no response to the ping packet. Consequently, the IP address is considered unused. ARP is a Layer 2 protocol. In most cases, ARP packets can pass through the firewall that is disabled from replying to the Ping packets to prevent the preceding situation.
This Document Applies to these Products Page 12
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
When you know a specific MAC address but not the corresponding IP address on a network segment, you can obtain the corresponding IP address using the ping arp mac command to send ICMP packets. In this way, you can obtain the IP address mapping the MAC address.
This Document Applies to these Products Page 13
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Generally, PMTU is dynamically negotiated according to the IPv6 MTU value of an interface. In special situations, to protect devices on the network and avoid attacks from large-sized packets, you can manually configure the PMTU to a specified destination node to control the maximum length of packets forwarded from the device to the destination node.
This Document Applies to these Products Page 14
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
In IPv4, oversized packets are fragmented. When the transit device receives a packet exceeding the maximum transmission unit (MTU) size of its outbound interface from a source node, the transit device fragments the packet before forwarding it to the destination node. In IPv6, however, the source node fragments the packets to reduce pressure on the transit device. When an interface on the transit device receives a packet whose size exceeds the MTU, the transit device discards the packet and sends an ICMPv6 Packet Too Big message to the source node. The ICMPv6 Packet Too Big message contains the MTU value of the outbound interface. The source node fragments the packet based on the MTU and resends the packet, increasing traffic overhead. The Path MTU Discovery (PMTUD) protocol dynamically discovers the MTU value of each link on the transmission path, reducing excessive traffic overhead. The PMTU protocol is implemented through ICMPv6 Packet Too Big messages. A source node first uses the MTU of its outbound interface as the PMTU and sends a probe packet. If a smaller PMTU exists on the transmission path, the transit device sends a Packet Too Big message to the source node. The Packet Too Big message contains the MTU value of the outbound interface on the transit device. After receiving this message, the source node changes the PMTU value to the received MTU value and sends packets based on the new MTU. This process repeats until packets are sent to the destination address. The source node obtains the PMTU of the destination address. Figure 7-19 shows an example of PMTU discovery. Figure 7-19 PMTU discovery Packets are transmitted through four links with MTU values of 1500, 1500, 1400, and 1300 bytes. Before sending a packet, the source node fragments the packet based on a PMTU of 1500. When the packet is sent to the outbound interface with MTU 1400, the device returns a Packet Too Big message carrying MTU 1400. The source node then fragments the packet based on MTU 1400 and sends the fragmented packet again. The process repeats when the packet based on MTU 1400 is sent to the outbound interface with MTU 1300, the device returns another Packet Too Big message that carries MTU 1300. The source node receives the message and fragments the packet based on MTU 1300. In this way, the source node sends the packet to the destination address and discovers the PMTU of the transmission path.
IPv6 allows a minimum MTU of 1280 bytes. Therefore, the PMTU must be greater than 1280 bytes. PMTU of 1500 bytes is recommended.
This Document Applies to these Products Page 15
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
The DUID identifies a DHCPv6 device. Each DHCPv6 server or client has a unique DUID. DHCPv6 servers use DUIDs to identify DHCPv6 clients and DHCPv6 clients use DUIDs to identify DHCPv6 servers. The DUID is optional for DHCPv6 relay agents.
This Document Applies to these Products Page 16
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Dynamic Host Configuration Protocol for IPv6 (DHCPv6) is designed to assign IPv6 addresses, prefixes, and other network configuration parameters to hosts. The IPv6 protocol provides huge address space formed by 128-bit IPv6 addresses that require proper and efficient assignment and management policies. IPv6 stateless address autoconfiguration is widely used. Hosts configured with the stateless address autoconfiguration function automatically configure IPv6 addresses based on prefixes carried in Route Advertisement (RA) packets sent from a neighboring device. When stateless address autoconfiguration is used, devices do not record IPv6 addresses of hosts. Therefore, stateless address autoconfiguration has poor manageability. In addition, hosts configured with stateless address autoconfiguration cannot obtain other configuration parameters such as the DNS server address. Internet service providers (ISPs) do not provide instructions for automatic allocation of IPv6 prefixes for devices. Therefore, users need to manually configure IPv6 addresses for devices during IPv6 network deployment. DHCPv6 solves this problem. DHCPv6 is a stateful protocol for configuring IPv6 addresses automatically. Compared with manual address configuration and IPv6 stateless address autoconfiguration that uses network prefixes in RA packets, DHCPv6 has the following advantages:
This Document Applies to these Products Page 17
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Dynamic Host Configuration Protocol (DHCP) dynamically manages and configures clients in a centralized manner. It ensures proper IP address allocation and improves IP address utilization. As the network scale and complexity of networks increase, the number of available IPv4 addresses is no longer sufficient. In addition, wireless networks and mobile devices mean that IPv4 addresses and client locations are liable to change. DHCP is introduced to automate the assignment of network parameters, including IPv4 addresses, to clients. DHCP is based on the BOOTstrap Protocol (BOOTP), which runs on networks where each host has a fixed network connection. For each host using BOOTP, an administrator must configure a BOOTP parameter file that requires manual intervention to modify. DHCP improves on BOOTP by:
DHCP ensures proper IP address allocation, which prevents IP address waste and improves IP address usage on the entire network.
Devices support DHCP snooping. For details about DHCP snooping, see the CloudEngine 16800 Series Switches Configuration Guide -- Basic Configurations -- DHCP Snooping Configurations.
This Document Applies to these Products Page 18
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
The Address Resolution Protocol (ARP) maps IP addresses into MAC addresses. On a local area network (LAN), a host or a network device must learn the IP address of the destination host or device before sending data to it. Additionally, the host or network device must learn the physical address of the destination host or device because IP packets must be encapsulated into frames for transmission over a physical network. Therefore, the mapping from an IP address into a physical address is required. ARP is used to map IP addresses into physical addresses.
This Document Applies to these Products Page 19
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
IPv6 DNS is a distributed database used in TCP and IP applications and completes resolution between IPv6 addresses and domain names. Each host on the IPv6 network is identified by an IPv6 address. To access a host, a user must obtain the host IPv6 address first. It is difficult for users to remember IPv6 addresses of hosts. Therefore, host names in the format of strings are designed. In this way, users can use the simple and meaningful domain names instead of the complicated IPv6 addresses to access hosts by resolution of the DNS server on the network. The device can function as an IPv6 DNS client. Figure 9-1 Typical networking of the IPv6 DNS Client As shown in Figure 9-1, the switch functions as an IPv6 DNS client and supports static and dynamic domain name resolution.
This Document Applies to these Products Page 20
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
An IPv6 address is 128 bits long and is written as eight groups of four hexadecimal digits (base 16 digits represented by the numbers 0-9 and the letters A-F). Each group is separated by a colon (:). For example, FC00:0000:130F:0000:0000:09C0:876A:130B is a complete and valid IPv6 address. For convenience, IPv6 addresses can be written in a compressed format. Taking the IPv6 address FC00:0000:130F:0000:0000:09C0:876A:130B as an example:
An IPv6 address can contain only one double colon (::). Otherwise, a computer cannot determine the number of zeros in a group when restoring the compressed address to the original 128-bit address. IPv6 addresses have two parts:
You can manually configure the interface ID, generate it through system software, or generate it in IEEE 64-bit Extended Unique Identifier (EUI-64) format. Generating an interface ID in EUI-64 format is the most common practice. The 64-bit interface ID in an IPv6 address identifies a unique interface on a link. This address is derived from the link-layer address (such as a MAC address) of the interface. The 64-bit IPv6 interface ID is translated from a 48-bit MAC address by inserting a hexadecimal number into the MAC address, and then setting the U/L bit (the leftmost seventh bit) to 1. If the interface has been configured with a MAC address, the EUI-64 address is generated based on the MAC address of the interface, with FFFE added in the middle. If the interface has not been configured with a MAC address, the EUI-64 address is generated based on the following rules:
Taking the insertion of a hexadecimal number FFFE (1111 1111 1111 1110) into the middle of a MAC address as an example, see Figure 7-1 for the detailed conversion procedure. Figure 7-1 EUI-64 format For example, if the MAC address is 000E-0C82-C4D4, the interface ID is 020E:0CFF:FE82:C4D4 after the conversion. Converting MAC addresses into IPv6 interface IDs reduces the configuration workload. When using stateless address autoconfiguration, you only need an IPv6 network prefix to obtain an IPv6 address. One defect of this method, however, is that an IPv6 address is easily calculable based on a MAC address, and could therefore be used for malicious attacks. IPv6 addresses can be classified as unicast, multicast, or a new class called anycast. Unlike IPv4, there is no broadcast IPv6 address. Instead, a multicast address can be used as a broadcast address. IPv6 Unicast Address An IPv6 unicast address identifies an interface. Since each interface belongs to a node, the IPv6 unicast address of any interface can identify the relevant node. Packets sent to an IPv6 unicast address are delivered to the interface identified by that address. A global unicast address cannot be the same as its network prefix because an IPv6 address which is the same as its network prefix is a subnet-router anycast address reserved for a device. However, this rule does not apply to an IPv6 address with a 127-bit network prefix. IPv6 defines multiple types of unicast addresses, including the unspecified address, loopback address, global unicast address, link-local address, and unique local address.
IPv6 Multicast Address Like IPv4 multicast addresses, IPv6 multicast addresses identify groups of interfaces, which usually belong to different nodes. A node may belong to any number of multicast groups. Packets sent to an IPv6 multicast address are delivered to all the interfaces identified by the multicast address. For example, the multicast address FF02::1 indicates all nodes within the link-local scope, and FF02::2 indicates all routers within the link-local scope. An IPv6 multicast address is composed of a prefix, a flag, a scope, and a group ID (global ID).
Figure 7-5 shows the IPv6 multicast address format. Figure 7-5 IPv6 multicast address format
IPv6 Anycast Address An anycast address identifies a group of network interfaces, which usually belong to different nodes. Packets sent to an anycast address are delivered to the nearest interface that is identified by the anycast address, depending on the routing protocols. Application scenario: When a mobile host communicates with the mobile agent on the home subnet, it uses the anycast address of the subnet device. Addresses specifications: Anycast addresses do not have independent address space. They can use the format of any unicast address. Syntax is required to differentiate an anycast address from a unicast address. As IPv6 defines, an IPv6 address with the interface identifier of all 0s is a subnet-router anycast address. As shown in Figure 7-6, the subnet prefix is an IPv6 unicast address prefix which is specified during configuration of an IPv6 unicast address. Figure 7-6 Format of a subnet-router anycast address
An anycast address is not necessarily a subnet-router anycast address and can also be a global unicast address.
This Document Applies to these Products Page 21
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
To ensure that users can use the IP address normally, ensure that:
On Ethernet, the physical address of a host is the MAC address. The DNS server resolves a host name to an IP address. ARP resolves an IP address to a MAC address. For details, see DNS Configuration and ARP Configuration.
This Document Applies to these Products |