OSI layer of Neighbor Discovery Protocol
NDP operates using ICMPv6 and, even though ICMPv6 messages are encapsulated in payload field of IPv6 datagram, ICMPv6 and ICMP are usually considered as network layer protocols. At least, on Wikipedia they are network layer protocols.
So I thought that NDP, thus, is also network layer protocol. However, on Wikipedia it is directly stated that it is a link layer protocol:
The Neighbor Discovery Protocol (NDP, ND)[1] is a protocol in the Internet protocol suite used with Internet Protocol Version 6 (IPv6). It operates at the Link Layer of the Internet model (RFC 1122), and is responsible for gathering various information required for internet communication, including the configuration of local connections and the domain name servers and gateways used to communicate with more distant systems. [https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol]
So my hypothesis is that NDP is considered as a link layer protocol because ICMPv6 messages used by NDP (Neighbor Solicitations, Router Advertisements, Redirects and so on) never leave the local network -- the same as ARP messages never leave the local network. Am I right?
Thank you for attention.
UPDATE 1:
Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?
UPDATE 2:
Though it looks like nothing can actually prevent me from sending Neighbor Solicitation to any host in the Internet. ICMPv6 is routable. So I can choose any destination IPv6 including that which is outside my network.
ip ipv6 osi icmpv6 ndp
asked 7 hours ago
JenyaKh
405
New contributor
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
NDP operates using ICMPv6 and, even though ICMPv6 messages are encapsulated in payload field of IPv6 datagram, ICMPv6 and ICMP are usually considered as network layer protocols. At least, on Wikipedia they are network layer protocols.
So I thought that NDP, thus, is also network layer protocol. However, on Wikipedia it is directly stated that it is a link layer protocol:
The Neighbor Discovery Protocol (NDP, ND)[1] is a protocol in the Internet protocol suite used with Internet Protocol Version 6 (IPv6). It operates at the Link Layer of the Internet model (RFC 1122), and is responsible for gathering various information required for internet communication, including the configuration of local connections and the domain name servers and gateways used to communicate with more distant systems. [https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol]
So my hypothesis is that NDP is considered as a link layer protocol because ICMPv6 messages used by NDP (Neighbor Solicitations, Router Advertisements, Redirects and so on) never leave the local network -- the same as ARP messages never leave the local network. Am I right?
Thank you for attention.
UPDATE 1:
Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?
UPDATE 2:
Though it looks like nothing can actually prevent me from sending Neighbor Solicitation to any host in the Internet. ICMPv6 is routable. So I can choose any destination IPv6 including that which is outside my network.
ip ipv6 osi icmpv6 ndp
asked 7 hours ago
JenyaKh
405
New contributor
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
NDP operates using ICMPv6 and, even though ICMPv6 messages are encapsulated in payload field of IPv6 datagram, ICMPv6 and ICMP are usually considered as network layer protocols. At least, on Wikipedia they are network layer protocols.
So I thought that NDP, thus, is also network layer protocol. However, on Wikipedia it is directly stated that it is a link layer protocol:
The Neighbor Discovery Protocol (NDP, ND)[1] is a protocol in the Internet protocol suite used with Internet Protocol Version 6 (IPv6). It operates at the Link Layer of the Internet model (RFC 1122), and is responsible for gathering various information required for internet communication, including the configuration of local connections and the domain name servers and gateways used to communicate with more distant systems. [https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol]
So my hypothesis is that NDP is considered as a link layer protocol because ICMPv6 messages used by NDP (Neighbor Solicitations, Router Advertisements, Redirects and so on) never leave the local network -- the same as ARP messages never leave the local network. Am I right?
Thank you for attention.
UPDATE 1:
Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?
UPDATE 2:
Though it looks like nothing can actually prevent me from sending Neighbor Solicitation to any host in the Internet. ICMPv6 is routable. So I can choose any destination IPv6 including that which is outside my network.
ip ipv6 osi icmpv6 ndp
asked 7 hours ago
JenyaKh
405
New contributor
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
NDP operates using ICMPv6 and, even though ICMPv6 messages are encapsulated in payload field of IPv6 datagram, ICMPv6 and ICMP are usually considered as network layer protocols. At least, on Wikipedia they are network layer protocols.
So I thought that NDP, thus, is also network layer protocol. However, on Wikipedia it is directly stated that it is a link layer protocol:
The Neighbor Discovery Protocol (NDP, ND)[1] is a protocol in the Internet protocol suite used with Internet Protocol Version 6 (IPv6). It operates at the Link Layer of the Internet model (RFC 1122), and is responsible for gathering various information required for internet communication, including the configuration of local connections and the domain name servers and gateways used to communicate with more distant systems. [https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol]
So my hypothesis is that NDP is considered as a link layer protocol because ICMPv6 messages used by NDP (Neighbor Solicitations, Router Advertisements, Redirects and so on) never leave the local network -- the same as ARP messages never leave the local network. Am I right?
Thank you for attention.
UPDATE 1:
Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?
UPDATE 2:
Though it looks like nothing can actually prevent me from sending Neighbor Solicitation to any host in the Internet. ICMPv6 is routable. So I can choose any destination IPv6 including that which is outside my network.
ip ipv6 osi icmpv6 ndp
ip ipv6 osi icmpv6 ndp
asked 7 hours ago
JenyaKh
405
New contributor
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 7 hours ago
JenyaKh
405
New contributor
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 6 hours ago
asked 7 hours ago
JenyaKh
405
New contributor
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 7 hours ago
JenyaKh
405
asked 7 hours ago
JenyaKh
405
405
New contributor
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
4 Answers
4
active
oldest
votes
First of all: In every "model" you will find some aspects that do not describe the reality correctly. This is true for "models" in computer science, financial theory, politics or any other field of science. As the word already says, the "OSI model" is a "model" so it does not describe the reality correctly in all aspects.
Especially the question "what layer is the protocol XYZ" often has no definite answer: Think about tunneling IP packets in HTTPS connections in a VPN session.
However, the so-called "TCP/IP model" (which is a simplified alternative to the OSI model) sees ICMP packets in the layer corresponding to OSI layer 3, not layer 2.
This model does not see ICMP as own layer-3 protocol, but as part of the IP protocol (which is clearly layer 3):
Placing NDP in any other layer than layer-3 would imply that this protocol works together with any layer-3 protocol (e.g. NDP can be used together with IPv4). However this is not the case.
It would have been possible to place NDP between layer-2 and layer-3:
ARP for example is placed "between" layer-2 and layer-3 (Wikipedia says "layer 2.5") to indicate that this protocol will only work together with certain combinations of layer-2 and layer-3 protocols. (As far as I know ARP only works with the combination IPv4 and Ethernet).
However this is not true in the case of NDP: NDP should work with every layer-2 protocol.
Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?
This criterion is not sufficient to say that a protocol is on layer 2:
DHCP also never leaves the local network - however DHCP covers OSI layers 5-7.
There is at least one case I know where NDP messages travel around the world:
When using IPv6 using Teredo!
answered 6 hours ago
Martin Rosenau
7507
Thank you for the answer!
– JenyaKh
5 hours ago
"ARP only works with the combination IPv4 and Ethernet" -- 802.11, too.
– JoL
2 hours ago
DHCP can be forwarded by routers. This is done when an organization has a central DHCP server for all subnets.
– Barmar
1 hour ago
add a comment |
The OSI model is a conceptual idea -- it doesn't relate to anything that people actually built. Moreover, IPv4 and IPv6 were developed without the OSI model in mind, so there is no direct correlation between them. Many IPv4 protocols don't really fit the model, and the same is true of IPv6.
People spend endless hours debating at what layer a particular protocol resides. Your reasoning is as good as any.
See this questions and answer for more information on the OSI model and networking protocols.
answered 7 hours ago
Ron Trunk
34.3k23171
I see. But am I right that NDP ICMPv6 messages never leave the bounds of local network so this is why we can say that NDP is link layer even though ICMPv6 is network layer?
– JenyaKh
6 hours ago
Yes, I suppose.
– Ron Trunk
6 hours ago
Thank you for the answer!
– JenyaKh
6 hours ago
add a comment |
NDP belongs to the L3 network layer, it is an essential part of IPv6. Just like IPv6 it is encapsulated in L2 frames, so it uses - or operates on top of - the data link layer (most often Ethernet).
answered 6 hours ago
Zac67
25.6k21352
add a comment |
I also want to answer my own question. The answer concerns particularly the two UPDATES which I appended to the initial question. I wondered what will happen if I try to send any NDP ICMPv6 message to a host outside my local network. This sounds like a security problem. So I found that the problem is solved in the following way in RFC-4861
[https://tools.ietf.org/html/rfc4861]:
11.2. Securing Neighbor Discovery Messages
The protocol reduces the exposure to the above threats in the absence
of authentication by ignoring ND packets received from off-link
senders. The Hop Limit field of all received packets is verified to
contain 255, the maximum legal value. Because routers decrement the
Hop Limit on all packets they forward, received packets containing a
Hop Limit of 255 must have originated from a neighbor.
and
3.1. Comparison with IPv4
By setting the Hop Limit to 255, Neighbor Discovery is immune to
off-link senders that accidentally or intentionally send ND
messages. In IPv4, off-link senders can send both ICMP Redirects
and Router Advertisement messages.
So in each of the sections of this RFC-4861, corresponding to each type of NDP messages, --
6.1.1. Validation of Router Solicitation Messages
6.1.2. Validation of Router Advertisement Messages
7.1.1. Validation of Neighbor Solicitations
7.1.2. Validation of Neighbor Advertisements
8.1. Validation of Redirect Messages
-- there is the following phrase:
A host MUST silently discard any received message that does not satisfy all of the following validity checks:
The IP Hop Limit field has a value of 255, i.e., the packet could not possibly have been forwarded by a router.
...
So normally NDP messages have capability to travel only locally in the network and should not be routed.
answered 4 hours ago
JenyaKh
405
New contributor
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "496"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
JenyaKh is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f55682%2fosi-layer-of-neighbor-discovery-protocol%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
First of all: In every "model" you will find some aspects that do not describe the reality correctly. This is true for "models" in computer science, financial theory, politics or any other field of science. As the word already says, the "OSI model" is a "model" so it does not describe the reality correctly in all aspects.
Especially the question "what layer is the protocol XYZ" often has no definite answer: Think about tunneling IP packets in HTTPS connections in a VPN session.
However, the so-called "TCP/IP model" (which is a simplified alternative to the OSI model) sees ICMP packets in the layer corresponding to OSI layer 3, not layer 2.
This model does not see ICMP as own layer-3 protocol, but as part of the IP protocol (which is clearly layer 3):
Placing NDP in any other layer than layer-3 would imply that this protocol works together with any layer-3 protocol (e.g. NDP can be used together with IPv4). However this is not the case.
It would have been possible to place NDP between layer-2 and layer-3:
ARP for example is placed "between" layer-2 and layer-3 (Wikipedia says "layer 2.5") to indicate that this protocol will only work together with certain combinations of layer-2 and layer-3 protocols. (As far as I know ARP only works with the combination IPv4 and Ethernet).
However this is not true in the case of NDP: NDP should work with every layer-2 protocol.
Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?
This criterion is not sufficient to say that a protocol is on layer 2:
DHCP also never leaves the local network - however DHCP covers OSI layers 5-7.
There is at least one case I know where NDP messages travel around the world:
When using IPv6 using Teredo!
answered 6 hours ago
Martin Rosenau
7507
Thank you for the answer!
– JenyaKh
5 hours ago
"ARP only works with the combination IPv4 and Ethernet" -- 802.11, too.
– JoL
2 hours ago
DHCP can be forwarded by routers. This is done when an organization has a central DHCP server for all subnets.
– Barmar
1 hour ago
add a comment |
First of all: In every "model" you will find some aspects that do not describe the reality correctly. This is true for "models" in computer science, financial theory, politics or any other field of science. As the word already says, the "OSI model" is a "model" so it does not describe the reality correctly in all aspects.
Especially the question "what layer is the protocol XYZ" often has no definite answer: Think about tunneling IP packets in HTTPS connections in a VPN session.
However, the so-called "TCP/IP model" (which is a simplified alternative to the OSI model) sees ICMP packets in the layer corresponding to OSI layer 3, not layer 2.
This model does not see ICMP as own layer-3 protocol, but as part of the IP protocol (which is clearly layer 3):
Placing NDP in any other layer than layer-3 would imply that this protocol works together with any layer-3 protocol (e.g. NDP can be used together with IPv4). However this is not the case.
It would have been possible to place NDP between layer-2 and layer-3:
ARP for example is placed "between" layer-2 and layer-3 (Wikipedia says "layer 2.5") to indicate that this protocol will only work together with certain combinations of layer-2 and layer-3 protocols. (As far as I know ARP only works with the combination IPv4 and Ethernet).
However this is not true in the case of NDP: NDP should work with every layer-2 protocol.
Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?
This criterion is not sufficient to say that a protocol is on layer 2:
DHCP also never leaves the local network - however DHCP covers OSI layers 5-7.
There is at least one case I know where NDP messages travel around the world:
When using IPv6 using Teredo!
answered 6 hours ago
Martin Rosenau
7507
Thank you for the answer!
– JenyaKh
5 hours ago
"ARP only works with the combination IPv4 and Ethernet" -- 802.11, too.
– JoL
2 hours ago
DHCP can be forwarded by routers. This is done when an organization has a central DHCP server for all subnets.
– Barmar
1 hour ago
add a comment |
First of all: In every "model" you will find some aspects that do not describe the reality correctly. This is true for "models" in computer science, financial theory, politics or any other field of science. As the word already says, the "OSI model" is a "model" so it does not describe the reality correctly in all aspects.
Especially the question "what layer is the protocol XYZ" often has no definite answer: Think about tunneling IP packets in HTTPS connections in a VPN session.
However, the so-called "TCP/IP model" (which is a simplified alternative to the OSI model) sees ICMP packets in the layer corresponding to OSI layer 3, not layer 2.
This model does not see ICMP as own layer-3 protocol, but as part of the IP protocol (which is clearly layer 3):
Placing NDP in any other layer than layer-3 would imply that this protocol works together with any layer-3 protocol (e.g. NDP can be used together with IPv4). However this is not the case.
It would have been possible to place NDP between layer-2 and layer-3:
ARP for example is placed "between" layer-2 and layer-3 (Wikipedia says "layer 2.5") to indicate that this protocol will only work together with certain combinations of layer-2 and layer-3 protocols. (As far as I know ARP only works with the combination IPv4 and Ethernet).
However this is not true in the case of NDP: NDP should work with every layer-2 protocol.
Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?
This criterion is not sufficient to say that a protocol is on layer 2:
DHCP also never leaves the local network - however DHCP covers OSI layers 5-7.
There is at least one case I know where NDP messages travel around the world:
When using IPv6 using Teredo!
answered 6 hours ago
Martin Rosenau
7507
First of all: In every "model" you will find some aspects that do not describe the reality correctly. This is true for "models" in computer science, financial theory, politics or any other field of science. As the word already says, the "OSI model" is a "model" so it does not describe the reality correctly in all aspects.
Especially the question "what layer is the protocol XYZ" often has no definite answer: Think about tunneling IP packets in HTTPS connections in a VPN session.
However, the so-called "TCP/IP model" (which is a simplified alternative to the OSI model) sees ICMP packets in the layer corresponding to OSI layer 3, not layer 2.
This model does not see ICMP as own layer-3 protocol, but as part of the IP protocol (which is clearly layer 3):
Placing NDP in any other layer than layer-3 would imply that this protocol works together with any layer-3 protocol (e.g. NDP can be used together with IPv4). However this is not the case.
It would have been possible to place NDP between layer-2 and layer-3:
ARP for example is placed "between" layer-2 and layer-3 (Wikipedia says "layer 2.5") to indicate that this protocol will only work together with certain combinations of layer-2 and layer-3 protocols. (As far as I know ARP only works with the combination IPv4 and Ethernet).
However this is not true in the case of NDP: NDP should work with every layer-2 protocol.
Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?
This criterion is not sufficient to say that a protocol is on layer 2:
DHCP also never leaves the local network - however DHCP covers OSI layers 5-7.
There is at least one case I know where NDP messages travel around the world:
When using IPv6 using Teredo!
answered 6 hours ago
Martin Rosenau
7507
answered 6 hours ago
Martin Rosenau
7507
answered 6 hours ago
Martin Rosenau
7507
answered 6 hours ago
Martin Rosenau
7507
7507
Thank you for the answer!
– JenyaKh
5 hours ago
"ARP only works with the combination IPv4 and Ethernet" -- 802.11, too.
– JoL
2 hours ago
DHCP can be forwarded by routers. This is done when an organization has a central DHCP server for all subnets.
– Barmar
1 hour ago
add a comment |
Thank you for the answer!
– JenyaKh
5 hours ago
"ARP only works with the combination IPv4 and Ethernet" -- 802.11, too.
– JoL
2 hours ago
DHCP can be forwarded by routers. This is done when an organization has a central DHCP server for all subnets.
– Barmar
1 hour ago
Thank you for the answer!
– JenyaKh
5 hours ago
Thank you for the answer!
– JenyaKh
5 hours ago
"ARP only works with the combination IPv4 and Ethernet" -- 802.11, too.
– JoL
2 hours ago
"ARP only works with the combination IPv4 and Ethernet" -- 802.11, too.
– JoL
2 hours ago
DHCP can be forwarded by routers. This is done when an organization has a central DHCP server for all subnets.
– Barmar
1 hour ago
DHCP can be forwarded by routers. This is done when an organization has a central DHCP server for all subnets.
– Barmar
1 hour ago
add a comment |
The OSI model is a conceptual idea -- it doesn't relate to anything that people actually built. Moreover, IPv4 and IPv6 were developed without the OSI model in mind, so there is no direct correlation between them. Many IPv4 protocols don't really fit the model, and the same is true of IPv6.
People spend endless hours debating at what layer a particular protocol resides. Your reasoning is as good as any.
See this questions and answer for more information on the OSI model and networking protocols.
answered 7 hours ago
Ron Trunk
34.3k23171
I see. But am I right that NDP ICMPv6 messages never leave the bounds of local network so this is why we can say that NDP is link layer even though ICMPv6 is network layer?
– JenyaKh
6 hours ago
Yes, I suppose.
– Ron Trunk
6 hours ago
Thank you for the answer!
– JenyaKh
6 hours ago
add a comment |
The OSI model is a conceptual idea -- it doesn't relate to anything that people actually built. Moreover, IPv4 and IPv6 were developed without the OSI model in mind, so there is no direct correlation between them. Many IPv4 protocols don't really fit the model, and the same is true of IPv6.
People spend endless hours debating at what layer a particular protocol resides. Your reasoning is as good as any.
See this questions and answer for more information on the OSI model and networking protocols.
answered 7 hours ago
Ron Trunk
34.3k23171
I see. But am I right that NDP ICMPv6 messages never leave the bounds of local network so this is why we can say that NDP is link layer even though ICMPv6 is network layer?
– JenyaKh
6 hours ago
Yes, I suppose.
– Ron Trunk
6 hours ago
Thank you for the answer!
– JenyaKh
6 hours ago
add a comment |
The OSI model is a conceptual idea -- it doesn't relate to anything that people actually built. Moreover, IPv4 and IPv6 were developed without the OSI model in mind, so there is no direct correlation between them. Many IPv4 protocols don't really fit the model, and the same is true of IPv6.
People spend endless hours debating at what layer a particular protocol resides. Your reasoning is as good as any.
See this questions and answer for more information on the OSI model and networking protocols.
answered 7 hours ago
Ron Trunk
34.3k23171
The OSI model is a conceptual idea -- it doesn't relate to anything that people actually built. Moreover, IPv4 and IPv6 were developed without the OSI model in mind, so there is no direct correlation between them. Many IPv4 protocols don't really fit the model, and the same is true of IPv6.
People spend endless hours debating at what layer a particular protocol resides. Your reasoning is as good as any.
See this questions and answer for more information on the OSI model and networking protocols.
answered 7 hours ago
Ron Trunk
34.3k23171
answered 7 hours ago
Ron Trunk
34.3k23171
answered 7 hours ago
Ron Trunk
34.3k23171
answered 7 hours ago
Ron Trunk
34.3k23171
34.3k23171
I see. But am I right that NDP ICMPv6 messages never leave the bounds of local network so this is why we can say that NDP is link layer even though ICMPv6 is network layer?
– JenyaKh
6 hours ago
Yes, I suppose.
– Ron Trunk
6 hours ago
Thank you for the answer!
– JenyaKh
6 hours ago
add a comment |
I see. But am I right that NDP ICMPv6 messages never leave the bounds of local network so this is why we can say that NDP is link layer even though ICMPv6 is network layer?
– JenyaKh
6 hours ago
Yes, I suppose.
– Ron Trunk
6 hours ago
Thank you for the answer!
– JenyaKh
6 hours ago
I see. But am I right that NDP ICMPv6 messages never leave the bounds of local network so this is why we can say that NDP is link layer even though ICMPv6 is network layer?
– JenyaKh
6 hours ago
I see. But am I right that NDP ICMPv6 messages never leave the bounds of local network so this is why we can say that NDP is link layer even though ICMPv6 is network layer?
– JenyaKh
6 hours ago
Yes, I suppose.
– Ron Trunk
6 hours ago
Yes, I suppose.
– Ron Trunk
6 hours ago
Thank you for the answer!
– JenyaKh
6 hours ago
Thank you for the answer!
– JenyaKh
6 hours ago
add a comment |
NDP belongs to the L3 network layer, it is an essential part of IPv6. Just like IPv6 it is encapsulated in L2 frames, so it uses - or operates on top of - the data link layer (most often Ethernet).
answered 6 hours ago
Zac67
25.6k21352
add a comment |
NDP belongs to the L3 network layer, it is an essential part of IPv6. Just like IPv6 it is encapsulated in L2 frames, so it uses - or operates on top of - the data link layer (most often Ethernet).
answered 6 hours ago
Zac67
25.6k21352
add a comment |
NDP belongs to the L3 network layer, it is an essential part of IPv6. Just like IPv6 it is encapsulated in L2 frames, so it uses - or operates on top of - the data link layer (most often Ethernet).
answered 6 hours ago
Zac67
25.6k21352
NDP belongs to the L3 network layer, it is an essential part of IPv6. Just like IPv6 it is encapsulated in L2 frames, so it uses - or operates on top of - the data link layer (most often Ethernet).
answered 6 hours ago
Zac67
25.6k21352
answered 6 hours ago
Zac67
25.6k21352
answered 6 hours ago
Zac67
25.6k21352
answered 6 hours ago
Zac67
25.6k21352
25.6k21352
add a comment |
add a comment |
I also want to answer my own question. The answer concerns particularly the two UPDATES which I appended to the initial question. I wondered what will happen if I try to send any NDP ICMPv6 message to a host outside my local network. This sounds like a security problem. So I found that the problem is solved in the following way in RFC-4861
[https://tools.ietf.org/html/rfc4861]:
11.2. Securing Neighbor Discovery Messages
The protocol reduces the exposure to the above threats in the absence
of authentication by ignoring ND packets received from off-link
senders. The Hop Limit field of all received packets is verified to
contain 255, the maximum legal value. Because routers decrement the
Hop Limit on all packets they forward, received packets containing a
Hop Limit of 255 must have originated from a neighbor.
and
3.1. Comparison with IPv4
By setting the Hop Limit to 255, Neighbor Discovery is immune to
off-link senders that accidentally or intentionally send ND
messages. In IPv4, off-link senders can send both ICMP Redirects
and Router Advertisement messages.
So in each of the sections of this RFC-4861, corresponding to each type of NDP messages, --
6.1.1. Validation of Router Solicitation Messages
6.1.2. Validation of Router Advertisement Messages
7.1.1. Validation of Neighbor Solicitations
7.1.2. Validation of Neighbor Advertisements
8.1. Validation of Redirect Messages
-- there is the following phrase:
A host MUST silently discard any received message that does not satisfy all of the following validity checks:
The IP Hop Limit field has a value of 255, i.e., the packet could not possibly have been forwarded by a router.
...
So normally NDP messages have capability to travel only locally in the network and should not be routed.
answered 4 hours ago
JenyaKh
405
New contributor
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I also want to answer my own question. The answer concerns particularly the two UPDATES which I appended to the initial question. I wondered what will happen if I try to send any NDP ICMPv6 message to a host outside my local network. This sounds like a security problem. So I found that the problem is solved in the following way in RFC-4861
[https://tools.ietf.org/html/rfc4861]:
11.2. Securing Neighbor Discovery Messages
The protocol reduces the exposure to the above threats in the absence
of authentication by ignoring ND packets received from off-link
senders. The Hop Limit field of all received packets is verified to
contain 255, the maximum legal value. Because routers decrement the
Hop Limit on all packets they forward, received packets containing a
Hop Limit of 255 must have originated from a neighbor.
and
3.1. Comparison with IPv4
By setting the Hop Limit to 255, Neighbor Discovery is immune to
off-link senders that accidentally or intentionally send ND
messages. In IPv4, off-link senders can send both ICMP Redirects
and Router Advertisement messages.
So in each of the sections of this RFC-4861, corresponding to each type of NDP messages, --
6.1.1. Validation of Router Solicitation Messages
6.1.2. Validation of Router Advertisement Messages
7.1.1. Validation of Neighbor Solicitations
7.1.2. Validation of Neighbor Advertisements
8.1. Validation of Redirect Messages
-- there is the following phrase:
A host MUST silently discard any received message that does not satisfy all of the following validity checks:
The IP Hop Limit field has a value of 255, i.e., the packet could not possibly have been forwarded by a router.
...
So normally NDP messages have capability to travel only locally in the network and should not be routed.
answered 4 hours ago
JenyaKh
405
New contributor
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I also want to answer my own question. The answer concerns particularly the two UPDATES which I appended to the initial question. I wondered what will happen if I try to send any NDP ICMPv6 message to a host outside my local network. This sounds like a security problem. So I found that the problem is solved in the following way in RFC-4861
[https://tools.ietf.org/html/rfc4861]:
11.2. Securing Neighbor Discovery Messages
The protocol reduces the exposure to the above threats in the absence
of authentication by ignoring ND packets received from off-link
senders. The Hop Limit field of all received packets is verified to
contain 255, the maximum legal value. Because routers decrement the
Hop Limit on all packets they forward, received packets containing a
Hop Limit of 255 must have originated from a neighbor.
and
3.1. Comparison with IPv4
By setting the Hop Limit to 255, Neighbor Discovery is immune to
off-link senders that accidentally or intentionally send ND
messages. In IPv4, off-link senders can send both ICMP Redirects
and Router Advertisement messages.
So in each of the sections of this RFC-4861, corresponding to each type of NDP messages, --
6.1.1. Validation of Router Solicitation Messages
6.1.2. Validation of Router Advertisement Messages
7.1.1. Validation of Neighbor Solicitations
7.1.2. Validation of Neighbor Advertisements
8.1. Validation of Redirect Messages
-- there is the following phrase:
A host MUST silently discard any received message that does not satisfy all of the following validity checks:
The IP Hop Limit field has a value of 255, i.e., the packet could not possibly have been forwarded by a router.
...
So normally NDP messages have capability to travel only locally in the network and should not be routed.
answered 4 hours ago
JenyaKh
405
New contributor
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I also want to answer my own question. The answer concerns particularly the two UPDATES which I appended to the initial question. I wondered what will happen if I try to send any NDP ICMPv6 message to a host outside my local network. This sounds like a security problem. So I found that the problem is solved in the following way in RFC-4861
[https://tools.ietf.org/html/rfc4861]:
11.2. Securing Neighbor Discovery Messages
The protocol reduces the exposure to the above threats in the absence
of authentication by ignoring ND packets received from off-link
senders. The Hop Limit field of all received packets is verified to
contain 255, the maximum legal value. Because routers decrement the
Hop Limit on all packets they forward, received packets containing a
Hop Limit of 255 must have originated from a neighbor.
and
3.1. Comparison with IPv4
By setting the Hop Limit to 255, Neighbor Discovery is immune to
off-link senders that accidentally or intentionally send ND
messages. In IPv4, off-link senders can send both ICMP Redirects
and Router Advertisement messages.
So in each of the sections of this RFC-4861, corresponding to each type of NDP messages, --
6.1.1. Validation of Router Solicitation Messages
6.1.2. Validation of Router Advertisement Messages
7.1.1. Validation of Neighbor Solicitations
7.1.2. Validation of Neighbor Advertisements
8.1. Validation of Redirect Messages
-- there is the following phrase:
A host MUST silently discard any received message that does not satisfy all of the following validity checks:
The IP Hop Limit field has a value of 255, i.e., the packet could not possibly have been forwarded by a router.
...
So normally NDP messages have capability to travel only locally in the network and should not be routed.
answered 4 hours ago
JenyaKh
405
New contributor
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 4 hours ago
JenyaKh
405
New contributor
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 4 hours ago
JenyaKh
405
answered 4 hours ago
JenyaKh
405
405
New contributor
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
JenyaKh is a new contributor. Be nice, and check out our Code of Conduct.
JenyaKh is a new contributor. Be nice, and check out our Code of Conduct.
JenyaKh is a new contributor. Be nice, and check out our Code of Conduct.
JenyaKh is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Network Engineering Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f55682%2fosi-layer-of-neighbor-discovery-protocol%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
