Manualshelf

HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
711712713714715716717718719720
691
Ste
p
Command
Remarks
3. Configure the number of
attempts to send an NS
message for DAD.
ipv6 nd dad attempts value
Optional.
1 by default. When the value argument is
set to 0, DAD is disabled.
Enabling ND proxy
ND proxy supports the NS and NA messages only.
About ND proxy
If a host sends an NS message requesting the hardware address of another host that is isolated from the
sending host at Layer 2, the device in between must be able to forward the NS message to allow Layer
3 communication between the two hosts. This is achieved by ND proxy.
Depending on application scenarios, ND proxy includes common ND proxy and local ND proxy.
Unless otherwise specified, ND proxy described in the following text refers to common ND proxy.
ND proxy
As shown in Figure 362, GigabitEthernet 0/1 with IPv6 address 4:1::99/64 and GigabitEthernet
0/2 with IPv6 address 4:2::99/64 belong to different subnets. Host A and Host B reside on the
same network but in different broadcast domains.
Figure 362 Application environment of ND proxy
Because Host A's IPv6 address is on the same subnet as Host B's, Host A directly sends an NS
message to obtain Host B's MAC address. However, Host B cannot receive the NS message
because they belong to different broadcast domains.
To solve this problem, enable ND proxy on GigabitEthernet 0/1 and GigabitEthernet 0/2 of the
firewall. The firewall replies to the NS message from Host A, and forwards packets from other
hosts to Host B.
Local ND proxy
As shown in Figure 363, both Host A and Host B belong to VLAN 2, but they connect to
GigabitEthernet 0/3 and GigabitEthernet 0/1 respectively, which are isolated at Layer 2.