1 00:00:02,586 --> 00:00:05,503 (futuristic music) 2 00:00:09,074 --> 00:00:10,000 - So here we're gonna talk 3 00:00:10,000 --> 00:00:13,840 about something called the IPv6 Neighbor Discovery process, 4 00:00:13,840 --> 00:00:17,394 which is actually a combination of several IPv6 packets 5 00:00:17,394 --> 00:00:20,921 working together to perform special roles. 6 00:00:20,921 --> 00:00:25,461 In the previous video, I talked about five special 7 00:00:25,461 --> 00:00:28,543 or distinguishable types of IPv6 addresses. 8 00:00:28,543 --> 00:00:30,558 We talked about link-local. 9 00:00:30,558 --> 00:00:32,909 We talked about multicast, and a couple of others, 10 00:00:32,909 --> 00:00:34,970 and I mentioned that there was one more special one 11 00:00:34,970 --> 00:00:36,195 that I want to get to, 12 00:00:36,195 --> 00:00:38,378 but in order to understand that last one, 13 00:00:38,378 --> 00:00:40,850 we have to understand this first. 14 00:00:40,850 --> 00:00:42,264 And then once I go through this, 15 00:00:42,264 --> 00:00:45,778 then my last video on sort of IPv6 general theory 16 00:00:45,778 --> 00:00:47,796 will be on that final, special address 17 00:00:47,796 --> 00:00:49,452 I've been holding back. 18 00:00:49,452 --> 00:00:53,532 So lets talked about IPv6 Neighbor Discovery. 19 00:00:53,532 --> 00:00:57,699 We've talked, as far as layer four protocols are concerned, 20 00:00:58,984 --> 00:01:01,307 we've really focused pretty much exclusively 21 00:01:01,307 --> 00:01:05,474 on TCP and UDP, but I have hinted in some previous slides 22 00:01:06,357 --> 00:01:09,315 that there were others, as well. 23 00:01:09,315 --> 00:01:12,675 Well, one of them that you definitely need to be aware of, 24 00:01:12,675 --> 00:01:17,154 that's a layer four and above protocol, is ICMP, 25 00:01:17,154 --> 00:01:21,746 the internet control messaging protocol, ICMP, 26 00:01:21,746 --> 00:01:24,033 internet control messaging protocol. 27 00:01:24,033 --> 00:01:26,700 So the most common usage of ICMP 28 00:01:28,109 --> 00:01:31,761 is when people issue the ping command. 29 00:01:31,761 --> 00:01:34,805 For example, and you can do this 30 00:01:34,805 --> 00:01:36,259 on your own laptop, as well. 31 00:01:36,259 --> 00:01:38,946 If I open up my command prompt, 32 00:01:38,946 --> 00:01:40,529 bring it over here. 33 00:01:42,347 --> 00:01:43,859 And a lot of times, if you wanna figure out 34 00:01:43,859 --> 00:01:45,841 if you have network connectivity to something, 35 00:01:45,841 --> 00:01:49,591 for example, I know that Google's DNS server, 36 00:01:51,073 --> 00:01:53,931 a server that Google owns that can resolve websites 37 00:01:53,931 --> 00:01:56,264 to IP addresses, is 8.8.8.8. 38 00:01:58,451 --> 00:01:59,865 That's very common knowledge. 39 00:01:59,865 --> 00:02:01,971 It's public knowledge. 40 00:02:01,971 --> 00:02:04,243 And so if I wanna see if I can actually have connectivity 41 00:02:04,243 --> 00:02:08,940 to that, I can type ping and then type in that IP address 42 00:02:08,940 --> 00:02:10,107 and hit enter. 43 00:02:12,152 --> 00:02:15,919 So clearly, now I'm getting a reply. 44 00:02:15,919 --> 00:02:18,011 So what was just happening right there? 45 00:02:18,011 --> 00:02:22,105 So when you type ping, what's actually happening is the CPU 46 00:02:22,105 --> 00:02:24,460 of your device, of my laptop in this case, 47 00:02:24,460 --> 00:02:26,793 is creating an ICMP message, 48 00:02:27,812 --> 00:02:31,049 and ICMP has several different kinds of messages, 49 00:02:31,049 --> 00:02:34,151 depending on what the objective is. 50 00:02:34,151 --> 00:02:36,619 So in this particular case, my laptap was creating 51 00:02:36,619 --> 00:02:40,786 what was called an ICMP echo request, echo request. 52 00:02:42,220 --> 00:02:46,332 Basically, it sending out an echo request to 8.8.8.8, 53 00:02:46,332 --> 00:02:49,883 and if that server is also running ICMP, 54 00:02:49,883 --> 00:02:52,710 which most devices do by default, 55 00:02:52,710 --> 00:02:53,989 it will turn around and send back 56 00:02:53,989 --> 00:02:57,239 to me what's called an ICMP echo reply, 57 00:02:58,469 --> 00:02:59,715 and that's what we see right here. 58 00:02:59,715 --> 00:03:02,225 We see that the first one timed out for some reason, 59 00:03:02,225 --> 00:03:04,832 but then I got three echo replies. 60 00:03:04,832 --> 00:03:07,211 So this was an echo request going out from me. 61 00:03:07,211 --> 00:03:09,932 I actually send four echo requests, 62 00:03:09,932 --> 00:03:13,843 and I got a response back from three of them. 63 00:03:13,843 --> 00:03:17,430 So that was just an example of ICMP in action. 64 00:03:17,430 --> 00:03:20,309 Now, there are other ICMP messages, as well. 65 00:03:20,309 --> 00:03:23,631 I don't have time to get into all of them in this course, 66 00:03:23,631 --> 00:03:25,476 but I would definitely recommend that you Google 67 00:03:25,476 --> 00:03:28,516 the term ICMP and just be familiar with the, 68 00:03:28,516 --> 00:03:30,229 there's about maybe five, 69 00:03:30,229 --> 00:03:32,177 four or five different ICMP messages, 70 00:03:32,177 --> 00:03:34,698 and I've just talked about the top two, 71 00:03:34,698 --> 00:03:37,075 echo request, echo reply. 72 00:03:37,075 --> 00:03:39,851 What does that have to do with this? 73 00:03:39,851 --> 00:03:41,810 Well, just like I mentioned a couple slides back 74 00:03:41,810 --> 00:03:45,977 or a couple videos back, that DHCP had been upgraded for v6, 75 00:03:47,124 --> 00:03:49,643 that there's a DHCPv6. 76 00:03:49,643 --> 00:03:51,643 Well, there's an ICMPv6. 77 00:03:52,770 --> 00:03:54,977 Now, this is kind of interesting when you think about it 78 00:03:54,977 --> 00:03:58,865 because ICMP, because it's layer four, 79 00:03:58,865 --> 00:04:01,537 rides behind an IP header. 80 00:04:01,537 --> 00:04:04,310 So in other words, you've got your IP header here, 81 00:04:04,310 --> 00:04:09,232 and then ICMP is like in the payload of the IP packet. 82 00:04:09,232 --> 00:04:13,399 So one would wonder why did they have to update ICMP? 83 00:04:14,643 --> 00:04:17,425 Well, for one thing, if they had not updated it, 84 00:04:17,425 --> 00:04:20,858 there'd be no way to ping an IPv6 address 85 00:04:20,858 --> 00:04:24,177 because within the body of the ICMP message, 86 00:04:24,177 --> 00:04:25,851 it says who am I trying to talk to? 87 00:04:25,851 --> 00:04:27,977 So not only is the destination in the header 88 00:04:27,977 --> 00:04:29,772 of the IP packet itself, 89 00:04:29,772 --> 00:04:31,057 but the destination you're trying to ping 90 00:04:31,057 --> 00:04:33,623 is also in the body of the ICP message, 91 00:04:33,623 --> 00:04:35,793 saying I'm trying to do an echo request to you. 92 00:04:35,793 --> 00:04:37,217 Can you please respond back? 93 00:04:37,217 --> 00:04:38,697 It's in the body of the packet. 94 00:04:38,697 --> 00:04:41,270 So they had to upgrade ICMP, as well, 95 00:04:41,270 --> 00:04:45,636 in order to be able to handle IPv6 addresses. 96 00:04:45,636 --> 00:04:48,411 In addition to doing that, when they updated ICMP, 97 00:04:48,411 --> 00:04:52,412 they actually added some new ICMP message types 98 00:04:52,412 --> 00:04:53,750 that did not exist before. 99 00:04:53,750 --> 00:04:56,163 So in addition to echo request and echo reply, 100 00:04:56,163 --> 00:04:57,670 which still exist, 101 00:04:57,670 --> 00:05:01,837 they also created four new types of ICMPv6 messages, 102 00:05:03,232 --> 00:05:06,149 which are only applicable for IPv6, 103 00:05:07,552 --> 00:05:12,065 and those are Neighbor Solicitation, Neighbor Advertisement, 104 00:05:12,065 --> 00:05:15,945 Router Solicitation, and Router Advertisement. 105 00:05:15,945 --> 00:05:20,112 All four of those are in the body of an ICMPv6 packet. 106 00:05:21,771 --> 00:05:25,383 In the header of the ICMPv6 packet, in the header, 107 00:05:25,383 --> 00:05:28,177 there's a little type code, and the type code indicates 108 00:05:28,177 --> 00:05:30,283 what kind of ICMP message is this. 109 00:05:30,283 --> 00:05:31,623 Is this an echo request? 110 00:05:31,623 --> 00:05:33,109 Is it an echo reply? 111 00:05:33,109 --> 00:05:37,243 Or there are other type codes for these things right here. 112 00:05:37,243 --> 00:05:41,745 So these specific ICMPv6 message types together, 113 00:05:41,745 --> 00:05:45,297 we call them the Neighbor Discovery Protocol. 114 00:05:45,297 --> 00:05:47,829 So if you hear that term, which you most likely will, 115 00:05:47,829 --> 00:05:49,937 the IPv6 Neighbor Discovery Protocol, 116 00:05:49,937 --> 00:05:52,404 that should key off in your head, oh, okay, 117 00:05:52,404 --> 00:05:54,937 they're talking about how we use these four different kinds 118 00:05:54,937 --> 00:05:56,520 of ICMPv6 messages. 119 00:05:57,603 --> 00:06:01,580 So lets talk about how this process works. 120 00:06:01,580 --> 00:06:03,499 And what I'm gonna specifically gonna refer to 121 00:06:03,499 --> 00:06:06,771 is back when I was talking about IPv6 addresses, 122 00:06:06,771 --> 00:06:10,311 and I was first introducing the concept of an IPv6 address, 123 00:06:10,311 --> 00:06:11,938 I said that a device could have 124 00:06:11,938 --> 00:06:14,997 a statically configured IPv6 address. 125 00:06:14,997 --> 00:06:19,865 I said it could learn about it from a DHCPv6 server 126 00:06:19,865 --> 00:06:22,691 or there was something special in IPv6 127 00:06:22,691 --> 00:06:25,973 called stateless address automatic configuration, 128 00:06:25,973 --> 00:06:27,640 or SLAAC, S-L-A-A-C, 129 00:06:29,473 --> 00:06:32,833 and this, these messages that we see right here 130 00:06:32,833 --> 00:06:37,000 are how our stateless address automatic configuration works. 131 00:06:39,321 --> 00:06:40,555 Let's whiteboard that process, 132 00:06:40,555 --> 00:06:43,138 so you can see what's going on. 133 00:06:45,898 --> 00:06:48,898 Okay, so lets start with our laptop. 134 00:06:54,623 --> 00:06:58,790 And the laptop has a network interface card, a NIC. 135 00:07:02,623 --> 00:07:06,790 And then all of a sudden, it's connected to a cable. 136 00:07:08,563 --> 00:07:10,552 And there's something at the other end of this cable here. 137 00:07:10,552 --> 00:07:11,878 I'm not gonna tell you what it is, 138 00:07:11,878 --> 00:07:15,065 but whatever it is, it's generating electrical signal 139 00:07:15,065 --> 00:07:18,125 so the NIC card on this PC says, aha, okay, 140 00:07:18,125 --> 00:07:20,164 I've been connected to a network. 141 00:07:20,164 --> 00:07:22,231 I know I'm connected to a network. 142 00:07:22,231 --> 00:07:25,481 Now, this NIC card is enabled for IPv6. 143 00:07:27,663 --> 00:07:29,311 That's one of the protocols that's on it. 144 00:07:29,311 --> 00:07:31,919 As a matter of fact, all Windows devices these days 145 00:07:31,919 --> 00:07:33,833 have IPV6 enabled on their NIC cards. 146 00:07:33,833 --> 00:07:35,354 You probably didn't even know it, 147 00:07:35,354 --> 00:07:38,051 but you're running IPv6. 148 00:07:38,051 --> 00:07:40,966 Now we know that a NIC card, because it's connected 149 00:07:40,966 --> 00:07:42,883 to an ethernet segment, 150 00:07:44,894 --> 00:07:48,644 has a burned in address called a MAC address. 151 00:07:50,805 --> 00:07:53,374 So let's put my MAC address on here. 152 00:07:53,374 --> 00:07:54,624 0002.1111.2222. 153 00:07:59,765 --> 00:08:03,834 Alright, so that's the MAC address of this NIC card. 154 00:08:03,834 --> 00:08:05,807 So very first thing this NIC card has to do, 155 00:08:05,807 --> 00:08:07,967 once it enables itself for IPv6, 156 00:08:07,967 --> 00:08:11,204 is it has to create a link-local address for itself. 157 00:08:11,204 --> 00:08:12,863 Do you remember, review question, 158 00:08:12,863 --> 00:08:16,946 how do we recognize link-local addresses in IPv6? 159 00:08:19,743 --> 00:08:21,378 Well, hopefully you said, ah, those are the addresses 160 00:08:21,378 --> 00:08:23,545 that begin with fe80. 161 00:08:23,545 --> 00:08:24,911 You're absolutely right. 162 00:08:24,911 --> 00:08:27,652 So we'll begin with fe80, but before I add that, 163 00:08:27,652 --> 00:08:31,819 we have to convert this into an EUI-64 interface ID. 164 00:08:33,365 --> 00:08:34,333 I'm not gonna explain it. 165 00:08:34,333 --> 00:08:36,079 We already did that in a previous video, 166 00:08:36,079 --> 00:08:40,451 so all I'll say is that my link-local address 167 00:08:40,451 --> 00:08:44,118 will end up being fe80::0202:11ff:fe11:2222. 168 00:08:54,954 --> 00:08:58,371 So that's gonna be my link-local address. 169 00:08:59,441 --> 00:09:01,059 Starts out with fe80, 170 00:09:01,059 --> 00:09:04,488 and then we use the EUI-64 format to convert this 171 00:09:04,488 --> 00:09:06,853 into an interface ID. 172 00:09:06,853 --> 00:09:09,939 Now, one thing I wanna make you aware of right now. 173 00:09:09,939 --> 00:09:13,755 Several years back, there were some engineers 174 00:09:13,755 --> 00:09:16,551 from various different disciplines and companies 175 00:09:16,551 --> 00:09:20,437 who decided that creating an interface ID 176 00:09:20,437 --> 00:09:24,270 out of a MAC address might be kind of insecure 177 00:09:25,652 --> 00:09:27,473 because they said, hey, if somebody was monitoring 178 00:09:27,473 --> 00:09:29,371 your traffic and they always saw 179 00:09:29,371 --> 00:09:31,103 the exact same interface ID, 180 00:09:31,103 --> 00:09:32,408 they could track where you were. 181 00:09:32,408 --> 00:09:34,389 They could say, oh, we can see this guy moved 182 00:09:34,389 --> 00:09:35,815 around through the building throughout the day 183 00:09:35,815 --> 00:09:37,709 because we can see this link-local, 184 00:09:37,709 --> 00:09:40,095 we can see this interface ID, 185 00:09:40,095 --> 00:09:42,895 this same interface ID moving around. 186 00:09:42,895 --> 00:09:46,375 So because, just like IP version 4 right? 187 00:09:46,375 --> 00:09:48,389 When you move from one subnet to the other, 188 00:09:48,389 --> 00:09:51,015 you get a new address via DHCP. 189 00:09:51,015 --> 00:09:52,831 Well, same thing is true with IPv6. 190 00:09:52,831 --> 00:09:54,783 If I'm sitting in Payroll right now, 191 00:09:54,783 --> 00:09:57,524 I'll have some sort of IPv6 network 192 00:09:57,524 --> 00:10:01,183 that belongs to Payroll, but my interface ID 193 00:10:01,183 --> 00:10:03,855 will still be based off of my MAC address 194 00:10:03,855 --> 00:10:05,522 if I'm using EUI-64. 195 00:10:06,437 --> 00:10:08,255 Now if I pick up my laptop and I go over 196 00:10:08,255 --> 00:10:12,513 to the Marketing Department, well, now my IPv6 prefix 197 00:10:12,513 --> 00:10:15,173 has changed because I did DHCP, 198 00:10:15,173 --> 00:10:16,921 and now I'm sitting in their subnet, 199 00:10:16,921 --> 00:10:20,735 but my interface ID has not changed. 200 00:10:20,735 --> 00:10:23,760 If it's using EUI-64, it is still the same 201 00:10:23,760 --> 00:10:27,021 'cause my MAC address goes with me wherever I go. 202 00:10:27,021 --> 00:10:28,819 So some people said, huh, 203 00:10:28,819 --> 00:10:30,393 well, that means if somebody has 204 00:10:30,393 --> 00:10:32,655 some network monitoring equipment set up 205 00:10:32,655 --> 00:10:34,223 like in a building or something, 206 00:10:34,223 --> 00:10:35,927 watching all the packets everywhere, 207 00:10:35,927 --> 00:10:38,549 they could say, oh, interesting. 208 00:10:38,549 --> 00:10:41,549 We see the interface ID here of Joe. 209 00:10:42,996 --> 00:10:45,103 It's his MAC address, and we see it traveling 210 00:10:45,103 --> 00:10:46,351 throughout the building. 211 00:10:46,351 --> 00:10:49,555 Even though the prefix is changing, we can track 212 00:10:49,555 --> 00:10:53,823 where Joe is going because we can see that same interface ID 213 00:10:53,823 --> 00:10:57,522 never changing as it moves around through the network. 214 00:10:57,522 --> 00:10:59,609 So these engineers came up with a different, 215 00:10:59,609 --> 00:11:01,281 I don't know what the RFC is. 216 00:11:01,281 --> 00:11:03,151 It's not off the top off my head, 217 00:11:03,151 --> 00:11:05,029 but there's an RFC that's been out for a while now 218 00:11:05,029 --> 00:11:08,995 that says basically, when a device dynamically comes up 219 00:11:08,995 --> 00:11:11,361 with an interface ID, it should just be 220 00:11:11,361 --> 00:11:13,263 some like random number, 221 00:11:13,263 --> 00:11:15,304 and it should change it every once in a while. 222 00:11:15,304 --> 00:11:17,489 Like every hour or so, it should change it, 223 00:11:17,489 --> 00:11:18,969 so that it can't be tracked. 224 00:11:18,969 --> 00:11:21,009 So the reason I'm saying that to you 225 00:11:21,009 --> 00:11:25,249 is because if you look at the IPv6 address on your laptop, 226 00:11:25,249 --> 00:11:29,056 chances are your interface ID will probably not be 227 00:11:29,056 --> 00:11:31,017 the EUI-64 format. 228 00:11:31,017 --> 00:11:33,583 It probably will not be related to your MAC address. 229 00:11:33,583 --> 00:11:35,311 It's probably running this newer standard 230 00:11:35,311 --> 00:11:37,943 that says it needs to be some random number 231 00:11:37,943 --> 00:11:39,784 that changes over time. 232 00:11:39,784 --> 00:11:41,169 But you do need to know 233 00:11:41,169 --> 00:11:44,612 how EUI-64 interface IDs are created, 234 00:11:44,612 --> 00:11:47,407 especially on Cisco devices 235 00:11:47,407 --> 00:11:50,192 because it's a keyword that you can use on a Cisco device, 236 00:11:50,192 --> 00:11:51,746 and every single Cisco device, 237 00:11:51,746 --> 00:11:54,719 when it creates a link-local address for itself, 238 00:11:54,719 --> 00:11:58,319 it's always based off of the EUI-64 format. 239 00:11:58,319 --> 00:12:00,245 Cisco routers and switches, 240 00:12:00,245 --> 00:12:03,319 they don't use this randomized interface ID thing 241 00:12:03,319 --> 00:12:05,925 that Microsoft Windows and other hosts do. 242 00:12:05,925 --> 00:12:07,842 They always use EUI-64. 243 00:12:09,039 --> 00:12:11,353 So enough said about that. 244 00:12:11,353 --> 00:12:13,720 This device right here creates a link-local address 245 00:12:13,720 --> 00:12:17,479 for itself, and it says, alright, first thing I need to do 246 00:12:17,479 --> 00:12:20,015 is I need to make sure that on this segment 247 00:12:20,015 --> 00:12:22,431 there's nobody else that's using 248 00:12:22,431 --> 00:12:24,207 this exact same link-local address. 249 00:12:24,207 --> 00:12:26,893 I have to make sure that there are no duplicates, 250 00:12:26,893 --> 00:12:28,560 that this is unique. 251 00:12:29,439 --> 00:12:32,733 So he'll send out his very first type 252 00:12:32,733 --> 00:12:35,951 of Neighbor Discovery Packet, 253 00:12:35,951 --> 00:12:37,534 which is an ICMPv6. 254 00:12:39,993 --> 00:12:42,743 We call it Neighbor Solicitation, 255 00:12:45,778 --> 00:12:48,945 and the source will be his link-local, 256 00:12:50,479 --> 00:12:52,146 and the destination, 257 00:12:54,079 --> 00:12:56,132 the destination will be something called 258 00:12:56,132 --> 00:12:59,049 a solicited node multicast address. 259 00:12:59,937 --> 00:13:02,013 Now, that is that special type of address 260 00:13:02,013 --> 00:13:03,605 I have not talked to you about. 261 00:13:03,605 --> 00:13:06,545 I said there was one remaining address that was unique, 262 00:13:06,545 --> 00:13:07,834 that we hadn't talked about. 263 00:13:07,834 --> 00:13:11,137 That's it, and in the next video, I'll talk about this. 264 00:13:11,137 --> 00:13:12,999 But I want to start out by explaining 265 00:13:12,999 --> 00:13:16,066 where this special address is used, 266 00:13:16,066 --> 00:13:19,566 and then we can look at how is it created. 267 00:13:20,815 --> 00:13:24,430 Now, if anybody did have this link-local address here, 268 00:13:24,430 --> 00:13:25,869 what I will tell you 269 00:13:25,869 --> 00:13:28,081 is that the solicited node multicast address 270 00:13:28,081 --> 00:13:30,581 is actually derived from this. 271 00:13:31,761 --> 00:13:33,321 It's derived from that, 272 00:13:33,321 --> 00:13:35,656 so that if somebody on this wire actually did have 273 00:13:35,656 --> 00:13:37,609 this exact same link-local address, 274 00:13:37,609 --> 00:13:40,401 which is highly unlikely, 275 00:13:40,401 --> 00:13:43,183 then they would actually listen to this packet, 276 00:13:43,183 --> 00:13:45,668 and they would respond back. 277 00:13:45,668 --> 00:13:47,835 So hopefully, nobody does, 278 00:13:49,188 --> 00:13:51,747 and so he says, okay. 279 00:13:51,747 --> 00:13:54,707 Now if somebody did respond back, 280 00:13:54,707 --> 00:13:56,457 I'm gonna erase this, 281 00:13:57,423 --> 00:14:01,590 somebody would respond back with a Neighbor Advertisement. 282 00:14:07,984 --> 00:14:10,677 So that's another part of the Neighbor Discovery Process, 283 00:14:10,677 --> 00:14:13,423 Neighbor Solicitation and Neighbor Advertisement. 284 00:14:13,423 --> 00:14:15,805 But in this particular case, we don't wanna see 285 00:14:15,805 --> 00:14:17,284 a Neighbor Advertisement come back 286 00:14:17,284 --> 00:14:21,329 because that would mean uh-oh, somebody's got our address. 287 00:14:21,329 --> 00:14:23,297 So this process right now 288 00:14:23,297 --> 00:14:26,591 of where we're basically sending out a packet saying, 289 00:14:26,591 --> 00:14:29,031 hey, is anybody using my address? 290 00:14:29,031 --> 00:14:33,199 It actually goes by a name that you should be familiar with. 291 00:14:33,199 --> 00:14:36,532 It's called Duplicate Address Detection, 292 00:14:39,450 --> 00:14:41,515 Duplicate Address Detection. 293 00:14:41,515 --> 00:14:46,025 So whenever an IPv6 node either dynamically comes up 294 00:14:46,025 --> 00:14:48,315 with an address for itself 295 00:14:48,315 --> 00:14:50,697 or you statically configure one on there, 296 00:14:50,697 --> 00:14:52,377 it always does this. 297 00:14:52,377 --> 00:14:54,715 It sends out a Neighbor Solicitation packet, 298 00:14:54,715 --> 00:14:56,217 basically for itself, saying, 299 00:14:56,217 --> 00:14:59,250 hey, is anybody out there using this? 300 00:14:59,250 --> 00:15:03,261 Most of the time, probably 99.99% of the time, 301 00:15:03,261 --> 00:15:04,883 nothing should come back. 302 00:15:04,883 --> 00:15:06,255 So you have completed 303 00:15:06,255 --> 00:15:10,243 the Duplicate Address Detection process. 304 00:15:10,243 --> 00:15:13,923 Okay, now, this PC says, okay, great, 305 00:15:13,923 --> 00:15:16,621 I've got a link-local address. 306 00:15:16,621 --> 00:15:20,011 So the next thing it says is I need to get a global prefix. 307 00:15:20,011 --> 00:15:23,677 If I'm ever gonna get off this link and send IPv6 packets 308 00:15:23,677 --> 00:15:27,063 to other departments or even the internet, 309 00:15:27,063 --> 00:15:29,355 I need a global address to do that. 310 00:15:29,355 --> 00:15:32,857 And he says, well, I've been configured for SLAAC, 311 00:15:32,857 --> 00:15:36,457 for stateless address automatic configuration. 312 00:15:36,457 --> 00:15:39,374 So what he does is now he sends out 313 00:15:40,974 --> 00:15:44,057 another type of ICMP message, ICMPv6, 314 00:15:46,987 --> 00:15:50,154 which is called a Router Solicitation, 315 00:15:51,629 --> 00:15:53,462 Solicit, Solicitation. 316 00:15:55,889 --> 00:16:00,729 And once again, the source is gonna be his link-local, 317 00:16:00,729 --> 00:16:04,062 and the destination is gonna be FF02::2. 318 00:16:09,043 --> 00:16:12,193 Now, FF, you should be able to recognize that. 319 00:16:12,193 --> 00:16:14,090 That's one of those patterns I said you should recognize. 320 00:16:14,090 --> 00:16:16,423 That is a multicast address, 321 00:16:17,359 --> 00:16:20,146 and this multicast address has special meaning. 322 00:16:20,146 --> 00:16:23,979 This is called the All IPv6 Routers multicast, 323 00:16:25,321 --> 00:16:29,359 so any router that's enabled to IPv6 is listening 324 00:16:29,359 --> 00:16:32,192 for packets going to this address. 325 00:16:33,051 --> 00:16:34,729 So let' say there is a router. 326 00:16:34,729 --> 00:16:36,979 Hopefully there is one. 327 00:16:36,979 --> 00:16:39,181 Let's put him right here, 328 00:16:39,181 --> 00:16:41,193 and let's say that on that router's interface, 329 00:16:41,193 --> 00:16:44,943 I have configured the following IPv6 address. 330 00:16:50,699 --> 00:16:51,747 Okay? 331 00:16:51,747 --> 00:16:54,010 So looking at that, remember, 332 00:16:54,010 --> 00:16:58,177 how much of this IPv6 address is the prefix, the network? 333 00:16:59,490 --> 00:17:00,842 The first 64 bits. 334 00:17:00,842 --> 00:17:02,690 That's what this subnet mask is telling us, 335 00:17:02,690 --> 00:17:04,968 which is all of this right there. 336 00:17:04,968 --> 00:17:07,070 That's the prefix. 337 00:17:07,070 --> 00:17:08,461 So when this router receives 338 00:17:08,461 --> 00:17:11,211 this Router Solicitation message, 339 00:17:13,364 --> 00:17:18,289 he responds back with, you can probably guess what it is. 340 00:17:18,289 --> 00:17:20,206 A Router-Advertisement. 341 00:17:27,357 --> 00:17:30,190 And he sends it back to that node. 342 00:17:31,189 --> 00:17:34,022 I'm trying to make some room here. 343 00:17:35,014 --> 00:17:38,681 Destination= fe80::0202:11ff:fe11:2222. 344 00:17:46,007 --> 00:17:48,974 So it's going back to that host. 345 00:17:48,974 --> 00:17:52,891 And the source is, see if I can fit it in here, 346 00:17:55,156 --> 00:17:57,739 the router's link-local address 347 00:18:00,523 --> 00:18:03,273 because this router also has one. 348 00:18:09,877 --> 00:18:11,796 So whatever his link-local address is, 349 00:18:11,796 --> 00:18:14,604 that is what the source of this will be. 350 00:18:14,604 --> 00:18:16,101 And here's the great thing. 351 00:18:16,101 --> 00:18:20,564 Inside this Router-Advertisement, in the body of it, 352 00:18:20,564 --> 00:18:24,775 he says, hey, let me tell you what prefixes I have 353 00:18:24,775 --> 00:18:26,275 on this interface. 354 00:18:30,964 --> 00:18:34,649 Now that the host sees that, that Router-Advertisement, 355 00:18:34,649 --> 00:18:36,638 he says, oh, very cool. 356 00:18:36,638 --> 00:18:39,684 I know what the global prefix is that lives on this wire, 357 00:18:39,684 --> 00:18:42,603 so I can use stateless address automatic configuration 358 00:18:42,603 --> 00:18:46,389 to come up with my own global address. 359 00:18:46,389 --> 00:18:48,577 I'll just use that 'cause after all, 360 00:18:48,577 --> 00:18:49,789 that's what the router's using, 361 00:18:49,789 --> 00:18:53,298 and I gotta be on the same thing as the router, 362 00:18:53,298 --> 00:18:56,798 and then, I will use the same interface ID 363 00:18:58,637 --> 00:19:00,009 that I got in my link-local. 364 00:19:00,009 --> 00:19:03,336 I'll just do the EUI-64 process again, 365 00:19:03,336 --> 00:19:06,503 which will end up with the same thing. 366 00:19:10,089 --> 00:19:12,021 And then, once he has this, 367 00:19:12,021 --> 00:19:15,210 he will do Duplicate Address Detection on this. 368 00:19:15,210 --> 00:19:18,341 He'll send out a Neighbor Solicitation message for this. 369 00:19:18,341 --> 00:19:20,215 Shouldn't hear anything back, 370 00:19:20,215 --> 00:19:23,132 and now he knows that it is unique. 371 00:19:24,131 --> 00:19:27,884 So this is how stateless address automatic configuration 372 00:19:27,884 --> 00:19:31,003 works, or Address Autoconfig. 373 00:19:31,003 --> 00:19:32,924 Basically, you gotta come up with a link-local address 374 00:19:32,924 --> 00:19:36,375 for yourself first, verify that there's no duplicates 375 00:19:36,375 --> 00:19:38,363 by sending a Neighbor Solicitation message 376 00:19:38,363 --> 00:19:40,177 to yourself essentially. 377 00:19:40,177 --> 00:19:42,804 Then you send out a Router Solicitation 378 00:19:42,804 --> 00:19:45,804 to this reserved address of FF02::2. 379 00:19:47,069 --> 00:19:49,429 All routers are supposed to listen to that. 380 00:19:49,429 --> 00:19:50,742 When the router hears it, 381 00:19:50,742 --> 00:19:53,444 he sends a Router-Advertisement back. 382 00:19:53,444 --> 00:19:56,262 He sends it to you, your link-local address, 383 00:19:56,262 --> 00:19:58,338 and in the body of that message, he says, 384 00:19:58,338 --> 00:20:00,551 here's the global prefix at everybody on this wire, 385 00:20:00,551 --> 00:20:04,371 here's the group that you're a part of, the subnet, 386 00:20:04,371 --> 00:20:07,517 and now the PC can use that prefix, 387 00:20:07,517 --> 00:20:10,364 once again, create his own interface ID, 388 00:20:10,364 --> 00:20:13,416 and now he has a global prefix that he can use 389 00:20:13,416 --> 00:20:16,869 to speak to the rest of the world. 390 00:20:16,869 --> 00:20:18,869 Now, there is one other, 391 00:20:19,724 --> 00:20:21,377 there's a couple of additional things about this here 392 00:20:21,377 --> 00:20:23,377 that I wanna talk about. 393 00:20:24,339 --> 00:20:26,098 This address is special. 394 00:20:26,098 --> 00:20:28,977 Let me put a red circle around it. 395 00:20:28,977 --> 00:20:31,309 Definitely wanna memorize that. 396 00:20:31,309 --> 00:20:34,976 And every single IPv6 host is also listening 397 00:20:37,013 --> 00:20:40,516 to another special multicast address. 398 00:20:40,516 --> 00:20:43,933 I'll write that on the bottom, I suppose. 399 00:20:45,913 --> 00:20:47,746 That would be FF02::1. 400 00:20:50,246 --> 00:20:53,163 That is the All IPv6 Hosts Address, 401 00:20:56,142 --> 00:20:57,635 and the router's listening to that, 402 00:20:57,635 --> 00:21:00,885 so actually this router is listening to 403 00:21:03,661 --> 00:21:05,796 four addresses, right? 404 00:21:05,796 --> 00:21:07,994 The router's got his link-local. 405 00:21:07,994 --> 00:21:10,001 He's listening to anybody who wants to talk to him 406 00:21:10,001 --> 00:21:11,773 on his global prefix. 407 00:21:11,773 --> 00:21:13,860 He's listening to anybody who wants to send something 408 00:21:13,860 --> 00:21:16,893 to him specifically as just a generic router, 409 00:21:16,893 --> 00:21:19,823 and he is considered a host. 410 00:21:19,823 --> 00:21:22,775 Any NIC card that has IPv6 on it is considered a host, 411 00:21:22,775 --> 00:21:26,314 so he's listening to the All Hosts Address. 412 00:21:26,314 --> 00:21:29,314 So everybody at minimum, at minimum, 413 00:21:31,112 --> 00:21:34,945 devices are listening to three IPv6 addresses, 414 00:21:36,793 --> 00:21:40,126 their link-local, the All Hosts Address, 415 00:21:41,211 --> 00:21:44,051 and the solicited node multicast address. 416 00:21:44,051 --> 00:21:46,491 Now, I know that I haven't defined that one for you yet. 417 00:21:46,491 --> 00:21:48,830 That'll be in the next video. 418 00:21:48,830 --> 00:21:52,701 But every device has a solicited node multicast address, 419 00:21:52,701 --> 00:21:56,235 and that's derived from the link-local address, 420 00:21:56,235 --> 00:21:57,461 and they're also listening 421 00:21:57,461 --> 00:22:00,378 to the All Hosts multicast address. 422 00:22:01,451 --> 00:22:03,250 Now, whether or not they have a global prefix, 423 00:22:03,250 --> 00:22:04,701 they may or they may not. 424 00:22:04,701 --> 00:22:07,098 I mean, if they wanna get off of their subnet, 425 00:22:07,098 --> 00:22:11,616 they're gonna need one, but it's not mandatory. 426 00:22:11,616 --> 00:22:14,123 And routers also listen to this other special address 427 00:22:14,123 --> 00:22:17,494 of the All IPv6 router's address. 428 00:22:17,494 --> 00:22:20,411 (futuristic music)