ND Neighbor Solicitation Message

Any IPv6 node can send a Neighbor Solicitation (NS) message at any time, to request a target node’s link-layer address, while also providing its own link-layer address to the target node. NS messages are sent via multicast to the Solicited Node Multicast Address of the target node when the sending node is doing Address Resolution. They are sent via unicast to the target node’s link-local address when the sending node is doing Neighbor Unreachability Detection.

The syntax of the Neighbor Solicitation message is as follows:nd ns msg

Fields in the IPv6 Packet Header:

The Source Address field is set to the link-local address of the sending interface. Optionally, if the sending node is doing Duplicate Address Detection (DAD), the source address can be set to the unspecified address (::).

The Destination Address field is set to the solicited node multicast address of the target node. This will be received only a few nodes that share that multicast address. Typically only a single node in the link will have that multicast address. This is much better targeted than using the all nodes on link multicast address, which cuts down on interruptions. It is like a rifle shot instead of a shotgun blast.

The Hop Limit field is set to 255.

Fields in the NS message:

The Type field (8 bits) contains 135 for Neighbor Solicitation.

The Code field (8 bits) must contain zero.

The Checksum field (16 bits) contains a standard IP checksum.

The Reserved field (bytes 4-7, 32 bits) is unused, and must be set to zero.

The Target Address field (128 bits) contains the IPv6 address of the target node (usually the link-local address). This cannot be a multicast address.

The Options field (variable length, starting at offset 8) may contain the following options:

Up to one instance of the Source Link-Layer Address option. This specifies the Link Layer address of the sender. If the IP source address is the unspecified address, this option must not be included. Otherwise, this option should be included. On Link Layers that support multicast (e.g. Ethernet) this option must be included in multicast transmissions and should be included in unicast transmissions.

Now let’s look at a captured Neighbor Solicitation message:

ns msg capture

The Link Layer is Ethernet II. The source MAC address is 50:46:5d:6b:7a:54 (MAC address of node lawrence-pc. The destination MAC address is 33:33:ff:1b:57:62 (the Ethernet multicast address corresponding to IPv6 solicited node multicast address ff02::1:ff1b:5762). The Ethertype is 0x86dd (IPv6).

The Internet Layer is IPv6. The source IPv6 address is fe80::2020:9139:9cd5:ab52 (the link local address of node lawrence-pc). The destination IPv6 address is ff02::1:ff1b:5762 (the Solicited Node multicast address corresponding to link local address fe80:290:bff:fe1b:5762, which is the SolidGate firewall). The Next Header field is 58 (ICMPv6).

The ICMPv6 message follows: The Message Type is 135 (Neighbor Solicitation). The Code is zero. The Target Address is fe80::290:bff:fe1b:5762 (the link local address of the SolidGate firewall).

There is one option:

The option is a type 1 option, Source Link Layer Address. The address is 50:46:5d:6b:7a:54 (the MAC address of lawrence-pc).