NDP

What

The IPv6 equivalent of [[ARP]] + some extra stuff
Discovers and maintains information about neighbours int eh same network

Why

IPv6 does not have broadcasts, instead use multicast which is more efficient
Integrates parts into one
ARP
ICMP router discovery
ICMP redirect
Enables [[SLAAC]]
Can be secured with IPSec, preventing things like ARP poisoning

Concepts

Uses ICMPv6 messages:
Router Solicitation (RS): "Any routers here?"
Router Advertisement (RA): "I am a router and here is my/the config"
Neighbour Solicitation (NS): "Anyone here got fe80::16?"
Neighbour Advertisement (NA): "I have that IP, here's my MAC, p.s. I am alive"
Redirect: "Use a better router for that destination, don't go through me"
Uses solicited-node multicast groups for improved efficiency
Stores:
IP-to-MAC mapping of neighbours
Next-hop information for destinations
List of prefixes advertised by routers
List of available routers
Reachability states: INCOMPLETE → REACHABLE → STALE → DELAY → PROBE → (REACHABLE or remove)

Election

Routers can advertise preference in RAs, but no real election

How

IPv6 -> MAC

  1. Check cache
    1. If found, use cache, done
  2. Calculate multicast group:
    1. ff02::1: + last 24 bits of target address
  3. Send NS
    1. Source IP
    2. Dest. IP
    3. Source MAC
    4. Dest. MAC
    5. ICMPv6 type: 135 = NS
  4. Target receives NS
    1. Learns source's IP and MAC
  5. Target responds with:
    1. Source IP
    2. Destination IP (unicast, not multicast)
    3. Source MAC
    4. Destination MAC (that of the original NS sender)
    5. ICMPv6 type: 136 = NA
    6. Target address: the address that was checked
  6. Source receives NA and updates ND cache

Router Discovery

  1. Host comes online, uses [[SLAAC]] to get a link-local address
  2. Wait for RA, or send RS with:
    1. Source IP (link-local)
    2. Destination: ff02::2 (all routers multicast)
    3. ICMPv6 type: 133 = RS
  3. Router receives RS or sends periodic RA with
    1. Source IP: router's link-local address
    2. Destination IP: ff02::01 (all nodes multicast) for periodic RAs, or unicast if in response to RS
    3. Contains:
      1. Prefix, prefix valid and preferred lifetime
      2. Router lifetime: how long to use this as default router
      3. Reachable time: how long a neighbour should be considered reachable
      4. Retrans timer: time between retransmissions
  4. Host processes RA
    1. Learn prefix
    2. Create global IPv6 using [[SLAAC]]
    3. Add router to it's default router list

Neighbour Unreachability Detection

NDP actively monitors which neighbours remain reachable

INCOMPLETE: Just sent NS, waiting for NA
     ↓ (receive NA)
REACHABLE: Recently confirmed bidirectional reachability (≤30s)
     ↓ (timeout, no recent confirmation)
STALE: Not recently confirmed, but might still work
     ↓ (need to send traffic)
DELAY: Sent traffic, waiting for reachability confirmation (5s)
	 → (confirmation) → Mark REACHABLE
     ↓ (no confirmation)
PROBE: Actively probing with NS
     ↓ (receive NA) → REACHABLE
     ↓ (timeout after retries) → Remove entry