Adding an ipv6 route and enabling proxy nd – Amer Networks E5Web GUI User Manual

Enabling ICMP Error Pass Through

Unlike IPv4, fragmentation of IPv6 packets is only done by the originating host using the host's
selection of MTU size. Should the packets then encounter network equipment that cannot
handle the chosen MTU size, ICMP error messages are sent back to the originating host to
indicate that the MTU must be reduced and the packets resent.

For this reason, it is recommended to always enable the Pass returned ICMP errors messages
from destination property for any Service object used with an IP rule or IP policy for IPv6 traffic.
An alternative to this is to set up IP rules or policies which explicitly allow the ICMP error
messages in both directions.

The exception to this is if the MTU is initially set to 1280 which is the minimum MTU supported
by IPv6. In this case, there is no need for ICMP error messages to be passed since they will not
occur.

IPv6 Neighbor Discovery

IPv6 Neighbor Discovery (ND) is the IPv6 equivalent of the IPv4 ARP protocol (see Section 3.5,
“ARP”).

When IPv6 is enabled for a given Ethernet interface, cOS Core will respond to any IPv6 Neighbor
Solicitations (NS) sent to that interface with IPv6 Neighbor Advertisements (NA) for the IPv6
address configured for that interface. cOS Core will also respond with neighbor advertisements
for any networks configured using Proxy Neighbor Discovery.

Proxy Neighbor Discovery

The IPv6 feature of Proxy Neighbor Discovery (Proxy ND) in cOS Core functions in the same way as
Proxy ARP does with IPv4 (described in Section 4.2.6, “Proxy ARP”). There are two ways of enabling
proxy ND:

A. Directly publish an address on an interface.

This is done in exactly the same way as ARP publish by setting option on an Ethernet
interface. Both the options Publish and Xpublish are supported for IPv6. These options are
explained in Section 3.5.3, “ARP Publish”.

B. Publish an address as part of a static route.

When a route for an IPv6 address on a given Ethernet interface is created, IPv6 should already
be enabled for the interface which means that IPv6 neighbor discovery is operational.
Optionally, Proxy Neighbor Discovery (Proxy ND) can also be enabled for an IPv6 route so that
all or selected interfaces will also respond to any neighbor solicitations for the route's
network.

An example of using this second method is given below.

Example 3.10. Adding an IPv6 Route and Enabling Proxy ND

Assume that a route needs to be in the main routing table so that the IPv6 network my_ipv6_net
is routed on the interface If1 where that interface already has IPv6 enabled.

In addition, proxy neighbor discovery for my_ipv6_net needs to be enabled for the If3 interface.

Command-Line Interface

Chapter 3: Fundamentals

138