Configuration Guide
IP Service Configuration
IPv6 Configuration
16 min
introduction introduction ipv6 (internet protocol version 6) is the second generation standard for network layer protocols, used to replace ipv4 this chapter introduces the basic ipv6 configurations supported by the device, including interface ipv6 address settings, neighbor discovery protocol (ndp) management, router advertisement (ra) configuration, and the ra guard security feature, to help users complete the deployment and maintenance of ipv6 networks description of the principle description of the principle ipv6 address the length of an ipv6 address is 128 bits, and it is usually represented using colon separated hexadecimal notation (for example 2001\ db8 1/64) device interfaces can be configured with global unicast addresses, unique local addresses, or link local addresses link local addresses (fe80 /10) are automatically generated when ipv6 is enabled on an interface and are often used for neighbor discovery and the establishment of routing protocol neighbors neighbor discovery protocol (ndp) ndp is a core protocol of ipv6, replacing arp, icmp router discovery, etc in ipv4 its main functions include address resolution obtain the link layer address corresponding to the ipv6 address on the same link through neighbor solicitation (ns) and neighbor advertisement (na) messages, and maintain the neighbor cache table (which can be viewed via show ndp) router discovery hosts discover routers on the link and their configuration information through router solicitation (rs) and router advertisement (ra) messages address autoconfiguration hosts can use the prefix information in ra messages for stateless address autoconfiguration (slaac), or obtain addresses and other configurations through dhcpv6 (stateful configuration) router advertisement (ra) when a device functions as an ipv6 router, it can periodically send ra (router advertisement) messages to advertise network configuration information to hosts on the link, including prefix information ipv6 prefixes used for slaac (stateless address autoconfiguration) flags the m flag (managed flag) indicates whether the host should obtain an address using dhcpv6; the o flag (other flag) indicates whether to obtain other configurations (such as dns) using dhcpv6 routing information specific routes and their priorities are advertised through routing options other parameters link mtu, dns servers, etc configuration configuration configure the ipv6 address of the interface configure the ipv6 address of the interface operation command description enter the interface view interface interface type interface name for example interface vlan 100 configure ipv6 address ip address a b/mask the address format is x\ x x\ x x\ x x\ x/prefix length delete the ipv6 address no ip address a b/mask configure the interface to use a link local address configure the interface to use a link local address in some scenarios (such as bgp peer establishment), the link local address of the interface needs to be used, which can be enabled through this command operation command description enter the interface view interface interface type interface name for example interface vlan 100 enable the use of link local addresses ipv6 use link local the interface will prioritize the use of link local addresses disable no ipv6 use link local configure ndp message rate limiting configure ndp message rate limiting operation command description enter the system configuration view configure terminal configure ndp packet rate limiting nd rate limit value value:100 2000pps,default 2000pps enable ndp mac address check enable ndp mac address check operation command description enter the system configuration view configure terminal enable mac address check nd ipv6 mac check enable check whether the link layer address of the nd message is consistent with the source mac if they are inconsistent, discard the message turn off the check no nd ipv6 mac check enable configure router advertisement (ra) configure router advertisement (ra) the ra function is used to advertise ipv6 network configuration information to hosts on the link globally enable ra globally enable ra operation command description enter the system configuration view configure terminal enable ra nd ra the device will send ra messages periodically turn off ra no nd ra configure ra prefix information configure ra prefix information ra messages do not carry prefixes by default and need to be specified manually operation command description enter the vlan view vlan vlan id for example vlan 100 configure prefix nd ra prefix a b/mask for example nd ra prefix fd00 100 /64 remove the prefix no nd ra prefix a b/mask configure the ra flag bit configure the ra flag bit m flag (managed flag) indicates whether the host uses dhcpv6 to obtain an ipv6 address o flag (other flag) indicates whether the host uses dhcpv6 to obtain other configurations (such as dns) a flag (autonomous flag) indicates whether the prefix is used for slaac operation command description enter the vlan view vlan vlan id for example vlan 100 configure the m flag nd ra managed flag { on | off } default off configure the o flag nd ra other flag { on | off } default off configure the a flag nd ra autonomous { on | off } default off configure ra routing options configure ra routing options advertise specific routing information to the host via ra operation command description enter the vlan view vlan vlan id configure routing information nd ra route information a b/mask \[ preference { low | medium | high }] default priority medium delete routing information no nd ra route information a b/mask configure other ra options configure other ra options including dns servers, link mtu, etc operation command description enter the vlan view vlan vlan id configure the dns server nd ra dns server a b multiple dns servers can be configured multiple times delete the dns server no nd ra dns server a b configure the link mtu nd ra link mtu mtu the value range of mtu is 0 or 1280 1500, where 0 means not carrying this option display and maintenance display and maintenance operation command display interface ipv6 address information show ipv6 interfaces display the ipv6 neighbor table (ndp table) show ndp display the neighbor information of the specified ipv6 address show ndp ipv6 address a b display the neighbor information of the specified interface show ndp ipv6 iface { mgmt | ethernet } interface name display ipv6 mac address detection configuration show nd ipv6 mac check display nd message speed limit configuration show nd rate limi t configuration example configuration example networking requirements a park's network uses ipv6, with a switch acting as the gateway the requirements are as follows 1 hosts in vlan100 automatically obtain ipv6 addresses through slaac, with the prefix being fd00 100 /64 2\ the switch sends ra messages regularly and advertises the dns server 2400 3200\ baba 1 configuration steps sonic# configure terminal sonic(config)# vlan 100 sonic(config vlan 100)# exit sonic(config)# interface vlan 100 sonic(config vlanif 100)# ip address fd00 100 1/64 sonic(config vlanif 100)# nd ra sonic(config vlanif 100)# nd ra prefix fd00 100 /64 sonic(config vlanif 100)# nd ra autonomous on sonic(config vlanif 100)# nd ra dns server 2400 3200\ baba 1 sonic(config vlanif 100)# end verification check the interface ipv6 address show ipv6 interfaces check the ndp neighbor table show ndp, and you should be able to observe the neighbor entries of the host after the host is built, check whether the host has automatically obtained an address with the fd00 100 /64 prefix
