Configuring IP Router Parameters
36 Router Configuration Guide
Figure 8: Neighbor discovery with and without SeND
When SeND is enabled on a node, basic neighbor discovery messaging is changed as
illustrated in Figure 8. In the example, PE-A wants to find the MAC address of PE-B.
1. PE-A sends an NS message to the solicited node multicast address for PE-B's address
with the CGA option, RSA signature option, timestamp option, and nonce option.
2. PE-B processes the NS message, and as it is configured for SeND operation,
processes the NS. PE-B will validate the source address of the packet to ensure it is
a valid CGA; then validate the cryptographic signature embedded in the NS message.
3. PE-B generates a NA message which is sent back to PE-A with the solicited bit,
router bit set. The source address is that of PE-B, while the destination address is that
of PE-A from the NS message. The timestamp is generated from PE-B, while the
nonce is copied from PE-A's NS message
4. PE-A receives the NA and completes similar checks as PE-B did.
If all steps process correctly, then both nodes will install each other’s addresses into their
neighbor cache database.
SeND Persistent CGAs
Persistent CGAs is an enhancement of the SeND feature.
Previously, all generated CGAs on SeND-enabled interfaces remained unchanged after a
CPM switchover, but after a reboot from a saved configuration file, all CGAs were
regenerated.
To keep the same CGAs after a reboot from a saved configuration file:
al_0747
Neighbor Solicitation
2001:DB8:A1CA:7E1:DA24:1FF:FE01:2/64
PE-A PE-B
2001:DB8:A1CA:7E1:DA25:1FF:FE01:2/64
Neighbor Advertisement
S-MAC, D-MAC (PE-A), S-ADDR, D-ADDR (PE-A)
FF02:0000:0000:0000:0000:0000:FF01:0002
Neighbor Solicitation w/ RSA_SIG
2001:DB8:A1CA:7E1:DA24:1FF:FE01:2/64
PE-A PE-B
2001:DB8:A1CA:7E1:DA25:1FF:FE01:2/64
Neighbor Advertisement
S-MAC, D-MAC (PE-A), S-ADDR, D-ADDR (PE-A), RSA_SIG, PUB_KEY
FF02:0000:0000:0000:0000:0000:FF01:0002
To Next Page
Loading...
