Router Advertisement

The Router Advertisement (RA) message communicates various subnet-wide information to all nodes in a subnet (link). Every IPv6 router should send an RA message periodically (the period is adjusted randomly to prevent all routers from sending simultaneously). They must also send an RA message in response to a Router Solicitation message from any internal node.

The syntax for the RA message is fairly complex:nd ra msg

Fields in the IPv6 Packet Header:

The Source Address field is set to the link-local address of the sending interface. Optionally, if no address is currently assigned to that interface, it can be set to the unspecified address (::).

The Destination Address field is set to the all nodes on local link multicast address (ff02::1). This will be received by all nodes (hosts and routers) in the local link.

The Hop Limit field is set to 255.

Fields in the RA message:

The Type field (8 bits) contains 134 for Router Advertisement.

The Code field (8 bits) must contain zero.

The Checksum field (16 bits) contains a standard IP checksum.

The Reserved field (bytes 4-7, 32 bits) is unused, and must be set to zero.

The Cur Hop Limit field (8 bits) specifies the subnet default value for Hop Limit, which is to be placed in the Hop Limit field of all outgoing IPv6 packets. A value of 0 means this default value is not specified by the sending router.

The M flag (1 bit) is also called the Managed Address Configuration flag.

M=1 indicates that a stateful DHCPv6 server is available, from which a managed global unicast address and stateless subnet-wide information (e.g. IPv6 addresses of DNS) can be obtained. In this case, the O flag is irrelevant and can be ignored.

M=0 indicates that there is no stateful DHCPv6 server available, but a stateless DHCPv6 server may be available (depending on the O flag).

The O flag (1 bit) is also called the Other Address Configuration flag. If M=1, then the state of the O flag doesn’t matter.

O=1 indicates that a stateless DHCPv6 server is available, stateless subnet-wide information (e.g. IPv6 addresses of DNS) can be obtained.

M=0 and O=0 indicates that there is no DHCPv6 server of any kind (stateful or stateless) available.

The Reserved field (6 bits) is unused and must be set to zero.

The Router Lifetime field (16 bits) specified the lifetime of the sending router in seconds (up to 9,000). A zero router lifetime field indicates that this router is not willing to act as a subnet gateway, so should not be added to the default gateway table by nodes receiving this RA message.

The Reachable Time field (32 bits) is used in the Neighbor Unreachability Detection (NUD) mechanism. A node can assume that a neighbor is reachable for this number of milliseconds after receiving a reachability confirmation from NUD. A value of zero means that this setting is not specified by the sending router.

The Retrans Time field (32 bits) is used in the Address Resolution and Neighbor Unreachability mechanisms. It is the time in milliseconds between transmitted Neighbor Solicitation messages (usually several NS messages are sent in quick succession to insure all nodes receive one). A value of zero means this setting is not specified by the sending router.

The Options field (variable length, starting at offset 8) may contain the following options:

Up to one instance of the Source Link-Layer Address option. This specifies the Link Layer address of the sender. If the IP source address is the unspecified address, this option must not be included. Otherwise, this option should be included.

Up to one instance of the MTU option. Contains the maximum packet size allowed in this subnet.

One or more instances of the Prefix Information option. Each Prefix Information option contains information about one IPv6 prefix that is valid in this subnet. Internal nodes doing SLAAC will configure one or more global addresses for each advertised prefix.

Note that the SolidGate firewall was configured to advertise two 64 bit prefixes: 2001:470:3d:3000::/64 (Global) and fda4:73c2:e5b8:1000::/64 (ULA). Both have the L and A flags set, and use the default Valid and Preferred lifetimes.

ra prefix option config

Now let’s look at a captured Router Advertisement message from SolidGate:

ra msg capture

The Link Layer is Ethernet II. The source MAC address is 00:90:0b:1b:57:62 (a SolidGate firewall). The destination MAC address is 33:33:00:00:00:01 (the Ethernet multicast address corresponding to IPv6 multicast address ff02::1). The Ethertype is 0x86dd (IPv6).

The Internet Layer is IPv6. The source IPv6 address is fe80::290:bff:fe1b:5762 (the link local address of the SolidGate firewall). The destination IPv6 address is ff02::1 (the “all nodes on local link” multicast address). The Next Header field is 58 (ICMPv6).

The ICMPv6 message follows: The Message Type is 134 (Router Advertisement). The Code is zero. The M-flag (Managed Address Configuration) is set (so there is a stateful DHCPv6 server available). The O flag is clear (since M=1, so O doesn’t matter). The Router Lifetime is 1800 seconds (the SolidGate firewall is willing to act as a gateway).The Reachable Time and Retrans Time are both zero.

There are four options:

The first option is a type 1 option, Source Link-Layer Address. Its value is 00:90:0b:1b:57:62, the MAC address of the SolidGate firewall.

The second option is a type 5 option, MTU. The value is 1500 (bytes).

The third option is a type 3 option, Prefix Information. The advertised prefix is fda4:73c2:e5b8:1000::/64. The L (On-Link) flag is set (so this prefix can be used to determine if nodes are on-link). The A (Autonomous Configuration) flag is set (so this prefix can be used to generate addresses autonomously). The default Valid Lifetime for this prefix is 2,592,000 seconds (30 days). The default Preferred Lifetime is 604,800 seconds (7 days).

The fourth option is another type 3 option, Prefix Information. The advertised prefix is 2001:470:3d:3000::/64. The L (On-Link) flag is set (so this prefix can be used to determine if nodes are on-link). The A (Autonomous Configuration) flag is set (so this prefix can be used to generate addresses autonomously). The default Valid Lifetime for this prefix is 2,592,000 seconds (30 days). The default Preferred Lifetime is 604,800 seconds (7 days).