F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

701

702

703

704

705

706

707

708

709

710

684

833BConfiguring the maximum number of attempts to send an NS

message for DAD

An interface sends an NS message for DAD after acquiring an IPv6 address. If the interface does not

receive a response within a specific time (determined by the ipv6 nd ns retrans-timer command), it

continues to send an NS message. If the interface still does not receive a response after the number of

sent attempts reaches the threshold (specified with the ipv6 nd dad attempts command), the acquired

address is considered usable.

To configure the attempts to send an NS message for DAD:

Ste

Command

Remarks

957. Enter system view.

system-view N/A

958. Enter interface view.

interface interface-type

interface-number

N/A

959. Configure the number of

attempts to send an NS

message for DAD.

ipv6 nd dad attempts value

Optional.

1 by default. When the value argument is

set to 0, DAD is disabled.

834BEnabling ND proxy

ND proxy supports the NS and NA messages only.

1690BAbout ND proxy

If a host sends an NS message requesting the hardware address of another host that is isolated from the

sending host at Layer 2, the device in between must be able to forward the NS message to allow Layer

3 communication between the two hosts. This is achieved by ND proxy.

Depending on application scenarios, ND proxy falls into common ND proxy and local ND proxy.

Unless otherwise specified, ND proxy described in the following text refers to common ND proxy.

• ND proxy

As shown in

2880HFigure 361, GigabitEthernet 0/1 with IPv6 address 4:1::99/64 and GigabitEthernet

0/2 with IPv6 address 4:2::99/64 belong to different subnets. Host A and Host B reside on the

same network but in different broadcast domains.

Figure 361 Application environment of ND proxy

Because Host A's IPv6 address is on the same subnet as Host B's, Host A directly sends an NS

message to obtain Host B's MAC address. However, Host B cannot receive the NS message

because they belong to different broadcast domains.

To solve this problem, enable ND proxy on GigabitEthernet 0/1 and GigabitEthernet 0/2 of the

firewall. The firewall replies to the NS message from Host A, and forwards packets from other

hosts to Host B.