(Optional) Configuring Generation of Neighbor Entries Upon Receipt of NA Messages

The generation of neighbor entries upon receipt of NA messages enhances network reliability.

Context

By default, a device perform the following operations upon receipt of legitimate NS/NA packets:
  • When an interface where neighbor entries exist receives legitimate NS packets, the values of neighbor entries are updated. When an interface where neighbor entries do not exist receives legitimate NS packets, neighbor entries are generated on the interface.
  • When an interface where neighbor entries exist receives legitimate NA packets, the values of neighbor entries are updated. When an interface where neighbor entries do not exist receives legitimate NA packets, the NA packets are simply discarded.

When an interface has no neighbor entries configured, to prevent the device from discarding valid NA messages or packet loss, configure the device to generate neighbor entries upon receipt of NA messages.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run ipv6 enable

    IPv6 is enabled for the interface.

  4. Run either of the following commands:
    • To configure the device to generate a neighbor entry after receiving a valid NA message from an interface if no neighbor entry exists on the interface, run the ipv6 nd na glean command.
    • To enable NA message attack defense, run the ipv6 nd na anti-attack enable command. After this command is run, only the NA messages in response to the NS messages that the device sends are sent to the CPU for processing, and neighbor entries are generated.

    If the ipv6 nd na glean command is run, the NA messages received by the CPU contain the NA messages in response to the NS messages that the device sends and the gratuitous NA messages that the peer sends. If the ipv6 nd na anti-attack enable command is run, the NA messages received by the CPU contain only the NA messages in response to the NS messages that the device sends.

    The ipv6 nd na glean and ipv6 nd na anti-attack enable commands cannot be used together. If NA message attack defense is enabled on an interface, the device discards the gratuitous NA messages sent by the peer. As a result, the ipv6 nd na glean command fails to take effect.

  5. Run commit

    The configuration is committed.

Parent Topic: Configuring IPv6 Neighbor Discovery
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >