SV: IPv6 equivalent of ARP - possibly dumb question

Bøvre Jon Harald Jon.Harald.Bovre at hafslund.no
Thu Apr 1 16:10:39 CEST 2010 

No, it is 30 seconds (30000milliseconds)


below is from debug ipv6 nd with a ping to neighbour:

at 13:31:56.312 goes to REACH
30 seconds later:
at 13:32:33.912 goes back to STALE

Jon

R3#sh ipv6 neighbors
*Apr  1 13:31:49.952: ICMPv6-ND: REACH -> STALE: FE80::ping 2a02:270:1::2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2A02:270:1::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms
R3#
*Apr  1 13:31:56.312: ICMPv6-ND: STALE -> DELAY: 2A02:270:1::2
*Apr  1 13:31:56.312: ICMPv6-ND: ULP indication 2A02:270:1::2
*Apr  1 13:31:56.312: ICMPv6-ND: DELAY -> REACH: 2A02:270:1::2
*Apr  1 13:32:01.316: ICMPv6-ND: Received NS for 2A02:270:1::3 on FastEthernet0/0.500 from FE80::201:C9FF:FE2B:4408
*Apr  1 13:32:01.316: ICMPv6-ND: Sending NA for 2A02:270:1::3 on FastEthernet0/0.500
*Apr  1 13:32:01.320: ICMPv6-ND: STALE -> DELAY: FE80::201:C9FF:FE2B:4408
*Apr  1 13:32:06.320: ICMPv6-ND: DELAY -> PROBE: FE80::201:C9FF:FE2B:4408
*Apr  1 13:32:06.320: ICMPv6-ND: Sending NS for FE80::201:C9FF:FE2B:4408 on FastEthernet0/0.500
*Apr  1 13:32:06.324: ICMPv6-ND: Received NA for FE80::201:C9FF:FE2B:4408 on FastEthernet0/0.500 from FE80::201:C9FF:FE2B:4408
*Apr  1 13:32:06.324: ICMPv6-ND: PROBE -> REACH: FE80::201:C9FF:FE2B:4408
*Apr  1 13:32:11.328: ICMPv6-ND: Received NS for FE80::205:DCFF:FEB3:4008 on FastEthernet0/0.500 from FE80::201:C9FF:FE2B:4408
*Apr  1 13:32:11.328: ICMPv6-ND: Sending NA for FE80::205:DCFF:FEB3:4008 on FastEthernet0/0.500
*Apr  1 13:32:17.908: ICMPv6-ND: Received RA from FE80::201:C9FF:FE2B:4408 on FastEthernet0/0.500
*Apr  1 13:32:24.064: ICMPv6-ND: Request to send RA for FE80::205:DCFF:FEB3:4008
*Apr  1 13:32:24.064: ICMPv6-ND: Sending RA from FE80::205:DCFF:FEB3:4008 to FF02::1 on FastEthernet0/0.500
*Apr  1 13:32:24.064: ICMPv6-ND:     MTU = 1500
*Apr  1 13:32:24.064: ICMPv6-ND:     prefix = 2A02:270::/64 onlink autoconfig
*Apr  1 13:32:24.064: ICMPv6-ND:             2592000/604800 (valid/preferred)
*Apr  1 13:32:24.064: ICMPv6-ND:     prefix = 2A02:270:1::/64 onlink autoconfig
*Apr  1 13:32:24.064: ICMPv6-ND:             2592000/604800 (valid/preferred)
*Apr  1 13:32:33.912: ICMPv6-ND: REACH -> STALE: 2A02:270:1::2



________________________________________
Fra: ipv6-ops-bounces+jon.harald.bovre=hafslund.no at lists.cluenet.de [ipv6-ops-bounces+jon.harald.bovre=hafslund.no at lists.cluenet.de] på vegne av Frank Bulk - iName.com [frnkblk at iname.com]
Sendt: 1. april 2010 15:38
Til: Bøvre Jon Harald; frnkblk at iname.com; 'Gert Doering'
Kopi: ipv6-ops at lists.cluenet.de
Emne: RE: IPv6 equivalent of ARP - possibly dumb question

Would it be this last line?

ICMP error messages limited to one every 100 milliseconds
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
                                  ^^^^

Frank

-----Original Message-----
From: Bøvre Jon Harald [mailto:Jon.Harald.Bovre at hafslund.no]
Sent: Thursday, April 01, 2010 8:32 AM
To: frnkblk at iname.com; 'Gert Doering'
Cc: ipv6-ops at lists.cluenet.de
Subject: SV: IPv6 equivalent of ARP - possibly dumb question


Expiry timer should be 30 seconds

use 'show ipv6 interface' to find exact timers

Jon
________________________________________
Fra: ipv6-ops-bounces+jon.harald.bovre=hafslund.no at lists.cluenet.de
[ipv6-ops-bounces+jon.harald.bovre=hafslund.no at lists.cluenet.de] på
vegne av Frank Bulk - iName.com [frnkblk at iname.com]
Sendt: 1. april 2010 15:16
Til: 'Gert Doering'
Kopi: ipv6-ops at lists.cluenet.de
Emne: RE: IPv6 equivalent of ARP - possibly dumb question

Thanks for the insight.

They must expire quickly.  I pinged ipv6.google.com from a workstation and
that showed up in "sh ipv6 nei" as ACTIVE.  Very quickly it showed up as
stale.

Unfortunately, we don't have any netflow in place today.

Frank

-----Original Message-----
From: Gert Doering [mailto:gert at space.net]
Sent: Thursday, April 01, 2010 4:42 AM
To: Frank Bulk - iName.com
Cc: ipv6-ops at lists.cluenet.de
Subject: Re: IPv6 equivalent of ARP - possibly dumb question

Hi,

On Wed, Mar 31, 2010 at 08:05:07AM -0500, Frank Bulk - iName.com wrote:
> It's my understanding that the closest equivalent of ARP in IPv6 is "sh
ipv6
> neighbors".  When I do that on our Cisco 7206VXR running 12.2(31)SB16 I
see
> only a few addresses, not nearly all the ones that I know that the PCs
> "obtained" via SLAAC.

These entries seem to expire fairly quickly.

> How do I see which IPv6 hosts are actively sending traffic through/to our
> router?

By checking "show ipv6 neighbors" - that's the active hosts.  Most likely
the "unseen rest" is onyl using IPv4...

Alternatively, and if your IOS permits (I'm not sure about 12.2SB - 12.2S
does not, 12.2SR and 12.4 definitely do) you could use IPv6 netflow.

Gert Doering
        -- NetMaster
--
Total number of prefixes smaller than registry allocations:  150584

SpaceNet AG                        Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444            USt-IdNr.: DE813185279

More information about the ipv6-ops mailing list