IPv6 communication principle (1) - The network card startup process that cannot be ignored

Related article: IPv6 Series - 10 Common Problems for Beginners

This article uses packet capture analysis to deeply observe each step of the network card startup process, so as to gradually grasp the communication principles.

1. Why can’t you ignore the network card startup process?

To master network technology, in addition to reading RFC protocols, the most direct and efficient way is to "see it with your own eyes".

Among them, packet capture analysis is the most critical method, which can help us understand:

• What: Which protocol does it correspond to?
• Why: Protocol usage
• When: Association between protocols
• How: message address and content

Network card startup is the first step in network communication. Only by laying a solid foundation can you spread your wings and take off.

2. Experimental Environment

This article uses CentOS 7 as the experimental environment, creates two network namespaces (named ns1 and ns2), and bridges them to the same Linux bridge (named br0) through a veth network card to simulate the simplest environment, that is, two servers on the same layer 2.

1. Post the mac address first:

• mac in ns1: 52:54:00:00:00:01
• mac in ns2: 52:54:00:00:00:02

2. Experimental steps:

• Start the network card in ns1, but do not capture packets for viewing
• Start the network card in ns2 and perform packet capture analysis on br0

3. Observation:

• What packets does ns2 generate?
• Will ns1 respond to ns2?

This article will also include the download address of the experimental script and the packet capture file.

3. Network card appearance before and after startup

1. What the network card looks like before it is started

Before starting the network card in ns2, check the network environment in ns2 first. The command is as follows

 # Check the network card status
 ip netns exec ns2 ip link 
 
 # View the ipv6 address
 ip netns exec ns2 ip -6 addr 
 
 # View ipv6 routing
 ip netns exec ns2 ip -6 route 
 
 # View ipv6 multicast address
 ip netns exec ns2 ip -6 maddr

You can see that eth0 is in DOWN state. Next, bring eth0 up.

2. What the network card looks like after startup

 # Start the network card
 ip netns exec ns2 ip link set eth0 up

Enter ns2 to view

As you can see, the network card is now started and has obtained a link local address (starting with fe80 in the figure)

3. What packages were captured?

Please read on to learn what these packages mean, how they are generated, and why they are generated.

4. Conclusion first

There are 5 steps in the network card startup process, as shown in the diagram (the number on the right indicates the number of packets in the corresponding packet capture diagram):

Next, these 5 steps will be explained step by step.

Step 1. Generate a "link-local address"

(No data packet is generated in this step)

(1) What is a link-local address?

• When the network card is started, a link-local address (Link-Local Address) will be automatically generated according to a certain algorithm.
• The specific address generated depends on the operating system. Some addresses are calculated based on the MAC address (EUI-64), while others are randomly generated and are not uniform.
• A "link-local address" is a unicast address in the range fe80::/10.
• As the name suggests, "link local" only transmits within the same Layer 2 and will not be forwarded by routers.

(2) What is the role of a link-local address?

• Address Autoconfiguration
• Neighbor Discovery Protocol
• Routing forwarding (can be used as the next hop address)

Step 2. Generate the "requested node multicast address"

(No data packet is generated in this step)

(1) What is a Solicited-Node Multicast Address?

In the IPv6 world, every time an IP address (or unicast address to be precise) is generated, regardless of its type, a "Solicited-Node multicast address" will be generated accordingly.

Composition: FF02::1:FF00:0/104 + the first 24 bits of the unicast address. As you can see, this address is derived from the unicast address and is not random. The address in the red box in the figure above is the "requested node multicast address" corresponding to the "link local address".

(2) Why do we need a “solicited node multicast address”?

Just four words: "Address resolution"

• ARP is used for address resolution in IPv4, and ARP is based on broadcast.
• IPv6 has no broadcast, only multicast. Since it is multicast, there must be a multicast address, so it came into being.

(3) Working principle of “Requested Node Multicast Address”

When someone wants to resolve my MAC address, they send an "address resolution request packet" to this multicast address, and then the member of the multicast address (that is, "me") will receive the data packet and ask "me" to return the MAC address to the other party. This completes the "address resolution" process.

(4) What do the five words “requested node” mean?

If someone requests to resolve my address, then I am the requested node. The purpose of generating the "requested node multicast address" is to allow others to request me.

Step 3. "Multicast Membership Report"

(Corresponding to No. 1/2/4/6 in the packet capture diagram)

(1) What is a multicast membership report?

• A message type (Membership Report) in the MLDv2 protocol (Multicast Control Protocol).
• In simple terms, it means declaring to the outside world "I want to join a certain multicast group."
• Membership reports are one-way and no response packets will be received.

(2) Why do we need to perform a multicast member report?

• Whenever a multicast address is generated, a membership report is performed. This is how multicast works.
• The purpose of membership reporting is to reduce multicast traffic in the network.

(3) Which member is being reported?

• The member being reported is not a unicast address but a multicast address.
• This refers to the "requested node multicast address". That is, "I want to join the ff02::1:ff00:2 multicast group"

Step 4. "Duplicate address detection"

(Corresponding to No. 3 in the packet capture diagram)

(1) What is "Duplicate Address Detection"?

• In order to prevent IP address conflicts, a "duplicate address detection" (DAD) is performed every time a unicast address is generated.
• At this point, the "link local address" generated in Step 1 is tested.

(2) When to perform “duplicate address detection”

• After a unicast address is generated and an MLDv2 Membership Report is sent, there will be a random delay of a short period of time for detection.
• In centos7, the number of detections can be modified through the kernel parameter net.ipv6.conf.eth0.dad_transmits. If it is set to 0, no detection is performed.

(3) How “Duplicate Address Detection” works

• For example, I want to name my dog ​​"Qiuqiu", but I don't want to have the same name as my neighbor's dog, so I shout loudly: "Qiuqiu". If no dog looks over, then it can be determined that there is no conflict with the name.
• Professional explanation: Send an address resolution packet (Neighbor Solicitation, NS for short), the address requested for resolution is your own address, and wait for a response. If no response is received after the timeout (Neighbor Advertisement, NA for short), the address can be considered available.

Step 5. "Stateless Address Autoconfiguration"

(Corresponding to No. 5/7/8 in the packet capture diagram)

(1) What is “stateless address autoconfiguration”?

In IPv6, there are two methods of automatically configuring IP addresses:

• DHCPv6: also called "stateful allocation"
• SLAAC: “Stateless Address Autoconfiguration”

(2) What is the role of SLAAC?

• Automatically configure IP address
• Automatically configure the gateway

Note: The IP address mentioned here refers to the "global unicast address" or "unique local address", which is commonly known as the public network address and private network address, not the "link local address".

(3) Working principle

Involving these two types of messages:

• "Router Solicitation" (RS)
• Router Advertisement (RA)

When receiving the RA message from the router, it will automatically generate an IP address based on the IP prefix information in the message and point the gateway to the "link local address" of the router.

(4) How to receive RA messages?

There are 2 ways:

• The router sends RA messages periodically
• It actively sends RS messages, and the router will immediately respond with RA messages after receiving them.

Since there is no router in this experiment, only the RS message sent actively can be seen in the screenshot, but no response is received.

Questions for consideration

• After generating a "global unicast address" or "unique local address", will the "link local address" still be used for basic communication?
• Why can "Multicast Membership Report" reduce unnecessary multicast traffic in the network? Does the access layer switch need to perform additional configuration?
• When there is a "duplicate address", will the IP be automatically changed?
• Can an RA packet only contain one IP prefix? Can one prefix only generate one IP address? What is the generated address like?
• If there are multiple routers, who does the gateway point to?
• If I don't want to configure IP automatically and only want to configure IP manually, can I ignore RA packets? How to ignore them?

The above questions will be answered in the next article of the "IPv6 Series".