Enabling nd proxy, Introduction – H3C Technologies H3C SecPath F1000-E User Manual
Page 719
694
NOTE:
•
The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA
messages, so that the router can be updated through an RA message before expiration.
•
The values of the NS retransmission timer and the reachable time configured for an interface are sent to
hosts via RA messages. Furthermore, this interface sends NS messages at the interval of the NS
retransmission timer and considers a neighbor reachable within the reachable time.
Configuring the maximum number of attempts to send an NS
message for DAD
An interface sends an NS message for DAD after acquiring an IPv6 address. If the interface does not
receive a response within a specified time (determined by the ipv6 nd ns retrans-timer command), it
continues to send an NS message. If it still does not receive a response after the number of sent attempts
reaches the threshold (specified with the ipv6 nd dad attempts command), the acquired address is
considered usable.
To configure the attempts to send an NS message for DAD:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter interface view.
interface interface-type
interface-number
N/A
3.
Configure the number of attempts
to send an NS message for DAD. ipv6 nd dad attempts value
Optional.
1 by default. When the value
argument is set to 0, DAD is
disabled.
Enabling ND proxy
ND proxy supports the NS and NA messages only.
Introduction
If a host sends an NS message requesting the hardware address of another host that is isolated from the
sending host at Layer 2, the device in between must be able to forward the NS message to allow Layer
3 communication between the two hosts. This is achieved by ND proxy.
As shown in
, Router connects to two subnets through Ethernet 1/1 and Ethernet 1/2. The IP
addresses of the two interfaces are 4:1::99/64 and 4:2::99/64. Host A and Host B have the same prefix
assigned and are connected to Ethernet 1/1 and Ethernet 1/2, respectively.
Figure 359 Network diagram
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer