RFC2461
4. MESSAGE FORMATS
4.4. Neighbor Advertisement Message Format
A node sends Neighbor Advertisements in response to Neighbor
Solicitations and sends unsolicited Neighbor Advertisements in order
to (unreliably) propagate new information quickly.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|R|S|O| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Target Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options ...
+-+-+-+-+-+-+-+-+-+-+-+-
IP Fields:
Source Address
An address assigned to the interface from which the
advertisement is sent.
Destination Address
For solicited advertisements, the Source Address of
an invoking Neighbor Solicitation or, if the
solicitation's Source Address is the unspecified
address, the all-nodes multicast address.
For unsolicited advertisements typically the all-
nodes multicast address.
Hop Limit 255
Authentication Header
If a Security Association for the IP Authentication
Header exists between the sender and the
destination address, then the sender SHOULD include
this header.
ICMP Fields:
Type 136
Code 0
Checksum The ICMP checksum. See [ICMPv6].
R Router flag. When set, the R-bit indicates that
the sender is a router. The R-bit is used by
Neighbor Unreachability Detection to detect a
router that changes to a host.
S Solicited flag. When set, the S-bit indicates that
the advertisement was sent in response to a
Neighbor Solicitation from the Destination address.
The S-bit is used as a reachability confirmation
for Neighbor Unreachability Detection. It MUST NOT
be set in multicast advertisements or in
unsolicited unicast advertisements.
O Override flag. When set, the O-bit indicates that
the advertisement should override an existing cache
entry and update the cached link-layer address.
When it is not set the advertisement will not
update a cached link-layer address though it will
update an existing Neighbor Cache entry for which
no link-layer address is known. It SHOULD NOT be
set in solicited advertisements for anycast
addresses and in solicited proxy advertisements.
It SHOULD be set in other solicited advertisements
and in unsolicited advertisements.
Reserved 29-bit unused field. It MUST be initialized to
zero by the sender and MUST be ignored by the
receiver.
Target Address
For solicited advertisements, the Target Address
field in the Neighbor Solicitation message that
prompted this advertisement. For an unsolicited
advertisement, the address whose link-layer address
has changed. The Target Address MUST NOT be a
multicast address.
Possible options:
Target link-layer address
The link-layer address for the target, i.e., the
sender of the advertisement. This option MUST be
included on link layers that have addresses when
responding to multicast solicitations. When
responding to a unicast Neighbor Solicitation this
option SHOULD be included.
[NA_S_VALID_1]
The option MUST be included for multicast
solicitations in order to avoid infinite Neighbor
Solicitation "recursion" when the peer node does
not have a cache entry to return a Neighbor
Advertisements message. When responding to unicast
solicitations, the option can be omitted since the
sender of the solicitation has the correct link-
layer address; otherwise it would not have be able
to send the unicast solicitation in the first
place. However, including the link-layer address in
this case adds little overhead and eliminates a
potential race condition where the sender deletes
the cached link-layer address prior to receiving a
response to a previous solicitation.
Future versions of this protocol may define new option types.
Receivers MUST silently ignore any options they do not recognize
and continue processing the message.
6. ROUTER AND PREFIX DISCOVERY
6.2. Router Specification
6.2.6. Processing Router Solicitations
Router Solicitations in which the Source Address is the unspecified
address MUST NOT update the router's Neighbor Cache; solicitations
with a proper source address update the Neighbor Cache as follows.
[RS_1]
If
the router already has a Neighbor Cache entry for the solicitation's
sender, the solicitation contains a Source Link-Layer Address option,
and the received link-layer address differs from that already in the
cache, the link-layer address SHOULD be updated in the appropriate
Neighbor Cache entry, and its reachability state MUST also be set to
STALE.
[RS_2]
If there is no existing Neighbor Cache entry for the
solicitation's sender, the router creates one, installs the link-
layer address and sets its reachability state to STALE as specified
in Section 7.3.3. Whether or not a Source Link-Layer Address option
is provided, if a Neighbor Cache entry for the solicitation's sender
exists (or is created) the entry's IsRouter flag MUST be set to
FALSE.
6.3. Host Specification.
6.3.4. Processing Received Router Advertisements
After extracting information from the fixed part of the Router
Advertisement message, the advertisement is scanned for valid
options.
[RA_1]
If the advertisement contains a Source Link-Layer Address
option the link-layer address SHOULD be recorded in the Neighbor
Cache entry for the router (creating an entry if necessary) and the
IsRouter flag in the Neighbor Cache entry MUST be set to TRUE. If no
Source Link-Layer Address is included, but a corresponding Neighbor
Cache entry exists, its IsRouter flag MUST be set to TRUE. The
IsRouter flag is used by Neighbor Unreachability Detection to
determine when a router changes to being a host (i.e., no longer
capable of forwarding packets).
[RA_2]
If a Neighbor Cache entry is created
for the router its reachability state MUST be set to STALE as
specified in Section 7.3.3.
[RA_3]
If a cache entry already exists and is
updated with a different link-layer address the reachability state
MUST also be set to STALE.
7. ADDRESS RESOLUTION AND NEIGHBOR UNREACHABILITY DETECTION
7.1. Message Validation
7.1.2. Validation of Neighbor Advertisements
A node MUST silently discard any received Neighbor Advertisement
messages that do not satisfy all of the following validity checks:
- The IP Hop Limit field has a value of 255, i.e., the packet
could not possibly have been forwarded by a router.
- If the message includes an IP Authentication Header, the message
authenticates correctly.
- ICMP Checksum is valid.
- ICMP Code is 0.
- ICMP length (derived from the IP length) is 24 or more octets.
- Target Address is not a multicast address.
[NA_R_VALID_1]
- If the IP Destination Address is a multicast address the
Solicited flag is zero.
- All included options have a length that is greater than zero.
The contents of the Reserved field, and of any unrecognized options,
MUST be ignored. Future, backward-compatible changes to the protocol
may specify the contents of the Reserved field or add new options;
backward-incompatible changes may use different Code values.
The contents of any defined options that are not specified to be used
with Neighbor Advertisement messages MUST be ignored and the packet
processed as normal. The only defined option that may appear is the
Target Link-Layer Address option.
A Neighbor Advertisements that passes the validity checks is called a
"valid advertisement".
7.2. Address Resolution
7.2.3. Receipt of Neighbor Solicitations
A valid Neighbor Solicitation that does not meet any the following
requirements MUST be silently discarded:
- The Target Address is a "valid" unicast or anycast address
assigned to the receiving interface [ADDRCONF],
- The Target Address is a unicast address for which the node is
offering proxy service, or
- The Target Address is a "tentative" address on which Duplicate
Address Detection is being performed [ADDRCONF].
If the Target Address is tentative, the Neighbor Solicitation should
be processed as described in [ADDRCONF]. Otherwise, the following
description applies. If the Source Address is not the unspecified
address and, on link layers that have addresses, the solicitation
includes a Source Link-Layer Address option, then the recipient
SHOULD create or update the Neighbor Cache entry for the IP Source
Address of the solicitation.
[NS_1]
If an entry does not already exist, the
node SHOULD create a new one and set its reachability state to STALE
as specified in Section 7.3.3.
[NS_2]
If an entry already exists, and the
cached link-layer address differs from the one in the received Source
Link-Layer option, the cached address should be replaced by the
received address and the entry's reachability state MUST be set to
STALE.
7.2.5. Receipt of Neighbor Advertisements
When a valid Neighbor Advertisement is received (either solicited or
unsolicited), the Neighbor Cache is searched for the target's entry.
IF(NO ENTRY EXISTS) {
[NA_1]
If no entry exists, the advertisement SHOULD be silently discarded.
There is no need to create an entry if none exists, since the
recipient has apparently not initiated any communication with the
target.
} ELSE { # THE ENTRY EXISTS
Once the appropriate Neighbor Cache entry has been located, the
specific actions taken depend on the state of the Neighbor Cache
entry, the flags in the advertisement and the actual link-layer
address supplied.
IF(INCOMPLETE STATE) {
If the target's Neighbor Cache entry is in the INCOMPLETE state when
the advertisement is received, one of two things happens.
[NA_2]
If the
link layer has addresses and no Target Link-Layer address option is
included, the receiving node SHOULD silently discard the received
advertisement. Otherwise, the receiving node performs the following
steps:
[NA_3]
- It records the link-layer address in the Neighbor Cache entry.
[NA_4]
- If the advertisement's Solicited flag is set, the state of the
entry is set to REACHABLE,
[NA_5]
otherwise it is set to STALE.
- It sets the IsRouter flag in the cache entry based on the Router
flag in the received advertisement.
- It sends any packets queued for the neighbor awaiting address
resolution.
Note that the Override flag is ignored if the entry is in the
INCOMPLETE state.
} ELSE { # NOT INCOMPLETE
If the target's Neighbor Cache entry is in any state other than
INCOMPLETE when the advertisement is received, processing becomes
quite a bit more complex.
IF(Override==0 && TLLA!=LLA) {
If the Override flag is clear and the
supplied link-layer address differs from that in the cache, then one
of two actions takes place:
IF(REACHABLE) {
[NA_6]
if the state of the entry is REACHABLE,
set it to STALE, but do not update the entry in any other way;
} ELSE { # STALE, DELAY or PROBE
[NA_7]
otherwise, the received advertisement should be ignored and MUST NOT
update the cache.
}
} ELSE IF(Override==1 ||
(Override==0 && TLLA==LLA) ||
TLLA==NULL) {
If the Override flag is set, both the Override
flag is clear and the supplied link-layer address is the same as that
in the cache, or no Target Link-layer address option was supplied,
the received advertisement MUST update the Neighbor Cache entry as
follows:
[NA_8]
- The link-layer address in the Target Link-Layer Address option
MUST be inserted in the cache (if one is supplied and is different
than the already recorded address).
- IF(Solicited flag==1) {
[NA_9]
If the Solicited flag is set, the state of the entry MUST be set
to REACHABLE.
} ELSE IF(Solicited flag==0 && TLLA!=LLA) {
[NA_10]
If the Solicited flag is zero and the link-layer
address was updated with a different address the state MUST be set
to STALE.
} ELSE {
[NA_11]
Otherwise, the entry's state remains unchanged.
}
An advertisement's Solicited flag should only be set if the
advertisement is a response to a Neighbor Solicitation. Because
Neighbor Unreachability Detection Solicitations are sent to the
cached link-layer address, receipt of a solicited advertisement
indicates that the forward path is working. Receipt of an
unsolicited advertisement, however, suggests that a neighbor has
urgent information to announce (e.g., a changed link-layer
address). If the urgent information indicates a change from what
a node is currently using, the node should verify the reachability
of the (new) path when it sends the next packet. There is no need
to update the state for unsolicited advertisements that do not
change the contents of the cache.
[NA_12]
- The IsRouter flag in the cache entry MUST be set based on the
Router flag in the received advertisement. In those cases where
the IsRouter flag changes from TRUE to FALSE as a result of this
update, the node MUST remove that router from the Default Router
List and update the Destination Cache entries for all destinations
using that neighbor as a router as specified in Section 7.3.3.
This is needed to detect when a node that is used as a router
stops forwarding packets due to being configured as a host.
}
}
}
The above rules ensure that the cache is updated either when the
Neighbor Advertisement takes precedence (i.e., the Override flag is
set) or when the Neighbor Advertisement refers to the same link-layer
address that is currently recorded in the cache. If none of the
above apply, the advertisement prompts future Neighbor Unreachability
Detection (if it is not already in progress) by changing the state in
the cache entry.
8. REDIRECT FUNCTION
8.3. Host Specification
[REDIRECT_1]
If the redirect contains a Target Link-Layer Address option the host
either creates or updates the Neighbor Cache entry for the target.
In both cases the cached link-layer address is copied from the Target
Link-Layer Address option.
[REDIRECT_2]
If a Neighbor Cache entry is created for
the target its reachability state MUST be set to STALE as specified
in Section 7.3.3.
[REDIRECT_3]
If a cache entry already existed and it is updated
with a different link-layer address, its reachability state MUST also
be set to STALE.
[REDIRECT_4]
If the link-layer address is the same as that
already in the cache, the cache entry's state remains unchanged.
APPENDIX C: STATE MACHINE FOR THE REACHABILITY STATE
This appendix contains a summary of the rules specified in Sections
7.2 and 7.3. This document does not mandate that implementations
adhere to this model as long as their external behavior is consistent
with that described in this document.
When performing address resolution and Neighbor Unreachability
Detection the following state transitions apply using the conceptual
model:
State Event Action New state
- Packet to send. Create entry. INCOMPLETE
Send multicast NS.
Start retransmit timer
INCOMPLETE Retransmit timeout, Retransmit NS INCOMPLETE
less than N Start retransmit timer
retransmissions.
INCOMPLETE Retransmit timeout, Discard entry -
N or more Send ICMP error
retransmissions.
INCOMPLETE NA, Solicited=0, Record link-layer STALE
Override=any address. Send queued
packets.
INCOMPLETE NA, Solicited=1, Record link-layer REACHABLE
Override=any address. Send queued
packets.
!INCOMPLETE NA, Solicited=1, - REACHABLE
Override=0
Same link-layer
address as cached.
REACHABLE NA, Solicited=1, - STALE
Override=0
Different link-layer
address than cached.
STALE or PROBE NA, Solicited=1, - unchanged
Override=0
Different link-layer
address than cached.
!INCOMPLETE NA, Solicited=1, Record link-layer REACHABLE
Override=1 address (if
different).
!INCOMPLETE NA, Solicited=0, - unchanged
Override=0
!INCOMPLETE NA, Solicited=0, - unchanged
Override=1
Same link-layer
address as cached.
!INCOMPLETE NA, Solicited=0, Record link-layer STALE
Override=1 address.
Different link-layer
address than cached.
!INCOMPLETE upper-layer reachability - REACHABLE
confirmation
REACHABLE timeout, more than - STALE
N seconds since
reachability confirm.
STALE Sending packet Start delay timer DELAY
DELAY Delay timeout Send unicast NS probe PROBE
Start retransmit timer
PROBE Retransmit timeout, Retransmit NS PROBE
less than N
retransmissions.
PROBE Retransmit timeout, Discard entry -
N or more
retransmissions.
The state transitions for receiving unsolicited information other
than Neighbor Advertisement messages apply to either the source of
the packet (for Neighbor Solicitation, Router Solicitation, and
Router Advertisement messages) or the target address (for Redirect
messages) as follows:
State Event Action New state
- NS, RS, RA, Redirect Create entry. STALE
INCOMPLETE NS, RS, RA, Redirect Record link-layer STALE
address. Send queued
packets.
!INCOMPLETE NS, RS, RA, Redirect Update link-layer STALE
Different link-layer address
address than cached.
[UNCHANGE]
!INCOMPLETE NS, RS, RA, Redirect - unchanged
Same link-layer
address as cached.