ICMPv6

In contrast to ICMP with IPv4, ICMPv6 is absolutely necessary for the operation of IPv6. A general blocking of ICMPv6 on the firewall means that IPv6 does not work (see RFC 4890 ).

ICMPv6 serves as an auxiliary protocol for IPv6, is located in the same OSI layer 3 as this and uses the IPv6 protocol to send ICMP messages. 58 is inserted as the protocol number in the next header field of the IPv6 header.

ICMPv6 header

The Type field indicates the class of the ICMP message, which can be specified more precisely with the Code field . The checksum is used to verify the validity of the ICMPv6 packet. The rest of the content of the ICMP message is determined by its type. In the case of error messages, as much of the error-causing package as possible is appended after the possible additional fields.

ICMPv6 types

The message types are divided into two groups. The first 128 types (0-127) with the most significant bit (engl. Most significant bit ) to 0, are error messages. The second 128 types (128-255), with the most significant bit at 1, are informational messages.

Checksum

The checksum (engl. Checksum ) of an ICMPv6 packet is a 16-bit one's complement of the one's complement sum of the entire ICMPv6 message. In addition to the message, an IPv6 pseudo header is appended to the front. The checksum field is set to 0 to calculate the checksum. The pseudo header used to calculate the checksum looks like the diagram next to it.

This is one of the innovations of ICMPv6 compared to ICMP , where the checksum was only calculated via the ICMP header.

ICMPv6 processing

The following rules apply to the processing of ICMPv6 messages:

• Unknown ICMPv6 error messages must be passed on to the network layer above.
• Unknown ICMPv6 informational messages must be discarded without notifying the sender.
• Each error message is appended to the end of as much as possible of the package that caused the error.
• The protocol number for forwarding unknown error messages is taken from the attached original package.
• No error messages are sent on the following packages:
  • Error messages
  • Packets to multicast, link-level multicast or link-level broadcast addresses with the following exceptions:
    • Packet Too Big Messages
    • Parameter problem messages with code 2 - unknown IPv6 option
• The network must not be flooded with ICMPv6 error messages.

ICMP standard types

Destination Unreachable - Type 1

Destination-unreachable messages should be generated by the router if a packet could not be delivered. If the package was dropped due to overload, no Destination Unreachable needs to be sent.

If the package was not delivered due to missing routes, code 0 is set. If delivery is administratively prohibited ( firewall ), code 1 is set. If the router cannot resolve the IPv6 address or has a problem with the link, code 3 is set. If a destination host does not have a listener for a UDP packet, it should send a Destination Unreachable with Code 4.

If a Destination Unreachable is received, it must be passed on to the layer above.

Packet Too Big - Type 2

A packet too big message has to be generated by the router if a packet cannot be forwarded because it is larger than the maximum MTU of the link over which it is to be sent. Packet-Too-Big messages are used by Path MTU Discovery to determine the path-dependent MTU.

The code should be set to 0 by the sender and ignored by the receiver.

When a packet too big is received, it has to be passed on to the layer above.

Time Exceeded - Type 3

If a router receives a packet with a hop limit of 0 or reduces the time-to-live value to 0, it must discard the packet and send a Time Exceeded with Code 0 to the sender. This indicates either an infinite loop in the routing or an initial hop limit that is too small.

If not all fragments of a fragmented message arrive within a certain time, the packet is discarded and a Time Exceeded with Code 1 must be sent.

Parameter problem - Type 4

If a host detects a problem in a field while processing an IPv6 packet and cannot continue processing, it must discard the packet and send a parameter problem message.

The code describes the nature of the problem in more detail.

The pointer points to the point in the packet where the problem occurred.

Echo Request - Type 128

A response is requested with an echo request . An echo request is nothing more than a simple ping . The data field can be enlarged with data to produce larger packages. For example, you can determine the MTU .

Each system needs to RFC on Echo Request s react with Echo Replies respond. Every system should also have an application for sending and receiving echo requests / replies . In practice, however, this is often deviated from, for example the Windows firewall blocks ICMPv6 echo request requests by default.

Received echo requests can be forwarded to applications that listen for ICMP messages.

Echo Reply - Type 129

An echo request message must be responded to with an echo reply . The package is the same except for the type field. Echo reply messages should only be sent to unicast addresses.

Using the identification and the sequence number, the recipient will be able to assign the answers to his inquiries.

Received echo reply messages must be passed on to the application that sent the associated echo request . It can be passed on to the rest of the applications listening for ICMP.

Multicast Listener Discovery - Type 130

Web links

• RFC 4861 - Neighbor Discovery for IP Version 6 (IPv6)
• RFC 4443 - Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification
• RFC 3122 - Extensions to IPv6 Neighbor Discovery for Inverse Discovery Specification
• IANA ICMP Parameters - full list of ICMPv6 types and codes
• RFC 4890 - Recommendations for Filtering ICMPv6 Messages in Firewalls
• RFC 7112 - Implications of Oversized IPv6 Header Chains

Individual evidence

1. ↑ https://tools.ietf.org/html/rfc4604
2. ↑ https://lwn.net/Articles/29489/