S12700 Series Agile Switches

Configuration Guide - IP Service 9 Basic IPv6 Configuration

9 Basic IPv6 Configuration

About This Chapter

The IPv6 protocol stack supports routing protocols and application protocols on an
IPv6 network.
9.1 Overview of IPv6
9.2 Understanding IPv6
9.3 Licensing Requirements and Limitations for IPv6
9.4 Default Settings for IPv6
9.5 Configuring IPv6 Addresses for Interfaces
9.6 Configuring ICMPv6 Error Packet Control
9.7 Configuring IPv6 Neighbor Discovery
9.8 Disabling a Device from Packetizing ND Packets and ND Miss Messages
9.9 Configuring the Optimized ND Reply Function
9.10 Configuring the Trap Function for Hash Conflicts of ND Entries
9.11 Configuring PMTU
9.12 Configuring TCP6
9.13 Maintaining IPv6
9.14 Example for Configuring IPv6 Addresses for Interfaces

9.1 Overview of IPv6

Definition
Internet Protocol version 6 (IPv6), also called IP Next Generation (IPng), is the
second-generation network layer protocol. Designed by the Internet Engineering
Task Force (IETF), IPv6 is an upgraded version of Internet Protocol version 4 (IPv4).

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 286

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Purpose
IPv6 was developed in response to rapidly increasing Internet use. IPv4, despite
being easy to implement, simple to use, and providing good interoperability, is no
longer feasible as the dominant network layer protocol. This is mainly due to IPv4
address exhaustion.
Table 9-1 shows how IPv6 overcomes many of the deficiencies found in IPv4.

Table 9-1 Comparison between IPv6 and IPv4

Item Deficiency in IPv4 Advantage of IPv6

Address IPv4 addresses are 32 bits long, IPv6 addresses are 128 bits
space theoretically giving an available long. A 128 bit structure allows
IP address space that contains for an address space of 2128
about 4.3 billion IP addresses. The (4.3 billion x 4.3 billion x 4.3
currently available IP addresses billion x 4.3 billion) possible
are no longer sufficient to addresses. This vast address
continually support the rapid space makes it very unlikely
expansion of the Internet. IPv4 that IPv6 address exhaustion
address resources are allocated will ever occur.
unevenly. USA address resources
account for almost half of the
global address space, with barely
enough addresses left for Europe,
and still fewer for the Asia-Pacific
area. Furthermore, the
development of mobile IP and
broadband technologies still
requires more IP addresses. The
process of IP addresses being
used up is known as IP address
exhaustion.
While several solutions to IPv4
exhaustion are currently in place,
such as Classless Inter-domain
Routing (CIDR) and Network
Address Translator (NAT), they all
have significant disadvantages.
These disadvantages prompted
the development of IPv6.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 287

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Item Deficiency in IPv4 Advantage of IPv6

Packet The IPv4 packet header carries Unlike the IPv4 packet header,
format the Options field, including the IPv6 packet header does
security, timestamp, and record not carry IHL, identifier, flag,
route options. The variable length fragment offset, header
of the Options field makes the checksum, option, or padding
IPv4 packet header length range fields, but it carries the flow
from 20 bytes to 60 bytes. IPv4 label field. This facilitates IPv6
packets often need to be packet processing and
forwarded by intermediate improves processing efficiency.
devices. Therefore, using the To support various options
Options field occupies a large without changing the existing
amount of resources, which packet format, the Extension
means this field is rarely used in Header information field is
practice. added to the IPv6 packet
header, improving IPv6
flexibility.

Autoconfi IP addresses often need to be IPv6 provides address

guration reallocated during network autoconfiguration to allow
and expansion or re-planning. hosts to automatically discover
readdressi Currently, IPv4 depends on networks and obtain IPv6
ng Dynamic Host Configuration addresses, improving network
Protocol (DHCP) to provide manageability.
address autoconfiguration and
readdressing to simplify address
maintenance.

Route Many non-contiguous IPv4 The enormous address space

summariz addresses are allocated. Routes allows for the hierarchical
ation cannot be summarized effectively network design in IPv6 to
due to incorrect IPv4 address facilitate route summarization
allocation and planning. The and improve forwarding
increasingly large routing table efficiency.
consumes a lot of memory and
affects forwarding efficiency.
Manufacturers must continually
upgrade devices to improve route
addressing and forwarding
performance.

End-to- The original IPv4 framework does IPv6 supports IP Security

end not support end-to-end security (IPSec) authentication and
security because security was not fully encryption at the network
support considered during the initial layer, providing end-to-end
design. security.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 288

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Item Deficiency in IPv4 Advantage of IPv6

Quality of IPv4 has no native mechanism to The Flow Label field in IPv6
Service support QoS, especially when guarantees QoS for voice, data,
(QoS) regarding real-time forwarding of and video services.
support voice, data, and video services
such as network conferencing,
network telephones, and network
TVs.

Mobility Due to the development of the Mobile IPv6 improves mobile

Internet, mobile IPv4 experiences communication efficiency and
significant problems such as is transparent to the
triangular routing and source application layer because IPv6
address filtering. has the native capability to
support mobility. Unlike mobile
IPv4, mobile IPv6 uses the
neighbor discovery function to
discover a foreign network and
obtain a care-of address
without using any foreign
agent. The mobile node and
peer node can communicate
using the routing header and
destination options header.
This function solves the
problems of triangular routing
and source address filtering
found in mobile IPv4.

9.2 Understanding IPv6

9.2.1 IPv6 Addresses
IPv6 Address Formats
An IPv6 address is 128 bits long and is written as eight groups of four hexadecimal
digits (base 16 digits represented by the numbers 0-9 and the letters A-F). Each
group is separated by a colon (:). For example, FC00:0000:130F:
0000:0000:09C0:876A:130B is a complete and valid IPv6 address.
For convenience, IPv6 addresses can be written in a compressed format. Taking the
IPv6 address FC00:0000:130F:0000:0000:09C0:876A:130B as an example:
● Any leading zeroes in a group can be omitted. The example address now
becomes FC00:0:130F:0:0:9C0:876A:130B.
● A double colon (::) can be used when two or more consecutive groups contain
all zeros. The example address now becomes FC00:0:130F::9C0:876A:130B.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 289

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

NOTE

An IPv6 address can contain only one double colon (::). Otherwise, a computer cannot
determine the number of zeros in a group when restoring the compressed address to the
original 128-bit address.

IPv6 Address Structure

IPv6 addresses have two parts:

● Network prefix: Corresponds to the network ID of an IPv4 address. It is

comprised of n bits.
● Interface identifier (interface ID): Corresponds to the host ID of an IPv4
address. It is comprised of 128-n bits.
NOTE

If the first 3 bits of an IPv6 unicast address are not 000, the interface ID must contain 64
bits. If the first 3 bits are 000, there is no such limitation.

You can manually configure the interface ID, generate it through system software,
or generate it in IEEE 64-bit Extended Unique Identifier (EUI-64) format.
Generating an interface ID in EUI-64 format is the most common practice.

IEEE EUI-64 standards convert an interface MAC address into an IPv6 interface ID.
Figure 9-1 shows a 48-bit MAC address. When used as an interface ID, the first 24
bits (expressed by c) are a vendor identifier, and the last 24 bits (expressed by m)
are an extension identifier. If the higher seventh bit is 0, the MAC address is locally
unique. During conversion, EUI-64 inserts FFFE between the vendor identifier and
extension identifier. The higher seventh bit also changes from 0 to 1 to indicate
that the interface ID is globally unique.

Figure 9-1 EUI-64 format

MAC
address cccccc0 ccccccccccccccccc mmmmmmmmmmmmmmmmmmmmmmmm

1111111111111110

Insert FFFE
cccccc0 ccccccccccccccccc 1111111111111110m mm m. . . mmmm

Change the
seventh high bit
to 1 cccccc1 ccccccccccccccccc 1111111111111110m m m m . . . mmmm

For example, if the MAC address is 000E-0C82-C4D4, the interface ID is 020E:

0CFF:FE82:C4D4 after the conversion.

Converting MAC addresses into IPv6 interface IDs reduces the configuration
workload. When using stateless address autoconfiguration, you only need an IPv6
network prefix to obtain an IPv6 address. One defect of this method, however, is

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 290

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

that an IPv6 address is easily calculable based on a MAC address, and could
therefore be used for malicious attacks.

IPv6 Address Types

IPv6 addresses can be classified as unicast, multicast, or a new class called
anycast. Unlike IPv4, there is no broadcast IPv6 address. Instead, a multicast
address can be used as a broadcast address.
IPv6 Unicast Address
An IPv6 unicast address identifies an interface. Since each interface belongs to a
node, the IPv6 unicast address of any interface can identify the relevant node.
Packets sent to an IPv6 unicast address are delivered to the interface identified by
that address.
IPv6 defines multiple types of unicast addresses, including the unspecified address,
loopback address, global unicast address, link-local address, and unique local
address.
● Unspecified address
The IPv6 unspecified address is 0:0:0:0:0:0:0:0/128 or ::/128, indicating that an
interface or a node does not have an IP address. It can be used as the source
IP address of some packets, such as Neighbor Solicitation (NS) messages, in
duplicate address detection. Devices do not forward packets with an
unspecified address as the source IP address.
● Loopback address
The IPv6 loopback address is 0:0:0:0:0:0:0:1/128 or ::1/128. Similar to the IPv4
loopback address 127.0.0.1, the IPv6 loopback address is used when a node
needs to send IPv6 packets to itself. This IPv6 loopback address is usually used
as the IP address of a virtual interface, such as a loopback interface. The
loopback address cannot be used as the source or destination IP address of
packets needing to be forwarded.
● Global unicast address
An IPv6 global unicast address is an IPv6 address with a global unicast prefix,
which is similar to an IPv4 public address. IPv6 global unicast addresses
support route prefix summarization, helping limit the number of global
routing entries.
Figure 9-2 shows a global unicast address consisting of a global routing
prefix, subnet ID, and interface ID.

Figure 9-2 Global unicast address format

Provider Site Host
m bit n bit 128-m-n bit

Global routing prefix Subnet ID Interface ID

001

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 291

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

These components are described as follows:

Global routing prefix: is assigned by a service provider to an organization. A
global routing prefix is comprised of at least 48 bits. Currently, the first 3 bits
of every assigned global routing prefix is 001.
Subnet ID: is used by organizations to construct a local network (site). Similar
to an IPv4 subnet number, there are a maximum of 64 bits for both the global
routing prefix and subnet ID.
Interface ID: identifies a device (host).
● Link-local address
Link-local addresses are used only in communication between nodes on the
same local link. A link-local address uses a link-local prefix of FE80::/10 as the
first 10 bits (1111111010 in binary) and an interface ID as the last 64 bits.
When IPv6 runs on a node, a link-local address that consists of a fixed prefix
and an interface ID in EUI-64 format is automatically assigned to each
interface of the node. This mechanism enables two IPv6 nodes on the same
link to communicate without any configuration, making link-local addresses
widely used in neighbor discovery and stateless address configuration.
Devices do not forward IPv6 packets with the link-local address as a source or
destination address to devices on different links.
Figure 9-3 shows the link-local address format.

Figure 9-3 Link-local address format

64 bit 64 bit

0 Interface ID

1111 1110 10
FE80::/10

10 bit

● Unique local address

Unique local addresses are used only within a site. Site-local addresses,
according to RFC 3879, have been replaced by unique local addresses.
Unique local addresses are similar to IPv4 private addresses. Any organization
that does not obtain a global unicast address from a service provider can use
a unique local address. However, they are routable only within a local
network, not the Internet as a whole.
Figure 9-4 shows the unique local address format.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 292

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Figure 9-4 Unique local address format

7 bit 1 bit 40 bit 16 bit 64 bit

Prefix L Global ID Subnet ID Interface ID

1111 110
FC00::/7

These components are described as follows:

Prefix: is fixed as FC00::/7.
L: is set to 1 if the address is valid within a local network. The value 0 is
reserved for future expansion.
Global ID: indicates a globally unique prefix, which is pseudo-randomly
allocated (for details, see RFC 4193).
Subnet ID: identifies a subnet within the site.
Interface ID: identifies an interface.
A unique local address has the following features:
– Has a globally unique prefix that is pseudo-randomly allocated with a
high probability of uniqueness.
– Allows private connections between sites without creating address
conflicts.
– Has a well-known prefix (FC00::/7) that allows for easy route filtering at
site boundaries.
– Does not conflict with any other addresses if it is accidentally routed
offsite.
– Functions as a global unicast address to applications.
– Is independent of Internet Service Providers (ISPs).
IPv6 Multicast Address
Like IPv4 multicast addresses, IPv6 multicast addresses identify groups of
interfaces, which usually belong to different nodes. A node may belong to any
number of multicast groups. Packets sent to an IPv6 multicast address are
delivered to all the interfaces identified by the multicast address. For example, the
multicast address FF02::1 indicates all nodes within the link-local scope, and
FF02::2 indicates all routers within the link-local scope.
An IPv6 multicast address is composed of a prefix, a flag, a scope, and a group ID
(global ID).
● Prefix: is fixed as FF00::/8.
● Flag: is 4 bits long. The high-order 3 bits are reserved and must be set to 0s.
The last bit 0 indicates a permanently-assigned, well-known multicast address
allocated by the Internet Assigned Numbers Authority (IANA). The last bit 1
indicates a non-permanently-assigned (transient) multicast address.
● Scope: is 4 bits long. It limits the scope where multicast data flows are sent on
the network. Figure 9-5 shows the field values and meanings.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 293

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

● Group ID (global ID): is 112 bits long. It identifies a multicast group. RFC 2373
does not define all the 112 bits as a group ID but recommends using the low-
order 32 bits as the group ID and setting all of the remaining 80 bits to 0s. In
this case, each multicast group ID maps to a unique Ethernet multicast MAC
address (for details, see RFC 2464).
Figure 9-5 shows the IPv6 multicast address format.

Figure 9-5 IPv6 multicast address format

80 bit 32 bit

Reserved must be zero Group ID

field value description

1111 1111 1 temporary multicast address
Flag
FF Flag Scope 0 permanent multicast address
1 node
8 bit 4 bit 4 bit link
2
4 management
Scope 5 site
8 organization
E global
the rest unsigned or reserved

● Solicited-node Multicast Address

A solicited-node multicast address is generated using an IPv6 unicast or
anycast address of a node. When a node has an IPv6 unicast or anycast
address, a solicited-node multicast address is generated for the node, and the
node joins the multicast group that corresponds to its IPv6 unicast or anycast
address. Each unicast or anycast address corresponds to a single solicited-
node multicast address, which is often used in neighbor discovery and
duplicate address detection.
IPv6 does not support broadcast addresses or Address Resolution Protocol
(ARP). In IPv6, Neighbor Solicitation (NS) packets are used to resolve IP
addresses to MAC addresses. When a node needs to resolve an IPv6 address
to a MAC address, it sends an NS packet in which the destination IP address is
the solicited-node multicast address corresponding to the IPv6 address.
The solicited-node multicast address consists of the prefix FF02::1:FF00:0/104
and the last 24 bits of the corresponding unicast address.
IPv6 Anycast Address
An anycast address identifies a group of network interfaces, which usually belong
to different nodes. Packets sent to an anycast address are delivered to the nearest
interface that is identified by the anycast address, depending on the routing
protocols.
Anycast addresses implement redundancy backup and load balancing functions
when multiple hosts or nodes are provided with the same services. Currently, a
unicast address is assigned to more than one interface to make a unicast address

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 294

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

become an anycast address. When sending data packets to anycast addresses,

senders cannot determine which of the assigned devices will receive the packets.
Which device receives the packets depends on the routing protocols running on
the network. Anycast addresses are used in stateless applications, such as Domain
Name Service (DNS).

IPv6 anycast addresses are allocated from the unicast address space. Mobile IPv6
applications also use anycast addresses.

NOTE

IPv6 anycast addresses can be assigned only to routing devices but not hosts. Anycast
addresses cannot be used as the source IP addresses of IPv6 packets.
● Subnet-router Anycast Address
RFC 3513 predefines a subnet-router anycast address. Packets sent to a
subnet-router anycast address are delivered to the nearest device on the
subnet identified by the anycast address, depending on the routing protocols.
All devices must support subnet-router anycast addresses. A subnet-router
anycast address is used when a node needs to communicate with any of the
devices on the subnet identified by the anycast address. For example, a
mobile node needs to communicate with one of the mobile agents on the
home subnet.
In a subnet-router anycast address, the n-bit subnet prefix identifies a subnet,
and the remaining bits are padded with 0s. Figure 9-6 shows the subnet-
router anycast address format.

Figure 9-6 Subnet-router anycast address format

n bit 128-n bit

Subnet prefix 0

9.2.2 IPv6 Packet Format

An IPv6 packet has three parts: an IPv6 basic header, one or more IPv6 extension
headers, and an upper-layer protocol data unit (PDU).

An upper-layer PDU is composed of the upper-layer protocol header and its

payload, which maybe an ICMPv6 packet, a TCP packet, or a UDP packet.

IPv6 Basic Header

An IPv6 basic header is fixed as 40 bytes long and has eight fields. Each IPv6
packet must have an IPv6 basic header that provides basic packet forwarding
information, and which all devices parse on the forwarding path.

Figure 9-7 shows the IPv6 basic header.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 295

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Figure 9-7 IPv6 basic header

Version Traffic Class Flow Label

Payload Length Next Header Hop Limit

Source 40 octets
Address Basic Header

Destination
Address

Next Header Extension Header information Variable length

Extension Header
32 bit

An IPv6 basic header contains the following fields:

● Version: 4 bits long. In IPv6, the value of the Version field is set to 6.
● Traffic Class: 8 bits long. This field indicates the class or priority of an IPv6
packet. The Traffic Class field is similar to the TOS field in an IPv4 packet and
is mainly used in QoS control.
● Flow Label: 20 bits long. This field was added in IPv6 to differentiate traffic. A
flow label and source IP address identify a data flow. Intermediate network
devices can effectively differentiate data flows based on this field.
● Payload Length: 16 bits long. This field indicates the length of the IPv6
payload in bytes. The payload is the part of the IPv6 packet following the IPv6
basic header, including the extension header and upper-layer PDU. This field
has a maximum value of 65535. If the payload length exceeds 65535 bytes,
the field is set to 0, and the Jumbo Payload option in the Hop-by-Hop
Options header is used to express the actual payload length.
● Next Header: 8 bits long. This field identifies the type of the first extension
header that follows the IPv6 basic header or the protocol type in the upper-
layer PDU.
● Hop Limit: 8 bits long. This field is similar to the Time to Live field in an IPv4
packet, defining the maximum number of hops that an IP packet can pass
through. Each device that forwards the packet decrements the field value by
1. If the field value is reduced to 0, the packet is discarded.
● Source Address: 128 bits long. This field indicates the address of the packet
originator.
● Destination Address: 128 bits long. This field indicates the address of the
packet recipient.
Unlike the IPv4 packet header, the IPv6 packet header does not carry IHL,
identifier, flag, fragment offset, header checksum, option, or padding fields, but it

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 296

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

carries the flow label field. This facilitates IPv6 packet processing and improves
processing efficiency. To support various options without changing the existing
packet format, the Extension Header information field is added to the IPv6 packet
header, improving flexibility. The following paragraphs describe IPv6 extension
headers.

IPv6 Extension Header

An IPv4 packet header has an optional field (Options), which includes security,
timestamp, and record route options. The variable length of the Options field
makes the IPv4 packet header length range from 20 bytes to 60 bytes. When
devices forward IPv4 packets with the Options field, many resources need to be
used. Therefore, these IPv4 packets are rarely used in practice.
To improve packet processing efficiency, IPv6 uses extension headers to replace
the Options field in the IPv4 header. Extension headers are placed between the
IPv6 basic header and upper-layer PDU. An IPv6 packet may carry zero or more
extension headers. The sender of a packet adds one or more extension headers to
the packet only when the sender requests the destination device or other devices
to perform special handling. Unlike IPv4, IPv6 has variable-length extension
headers, which are not limited to 40 bytes. This facilitates further extension. To
improve extension header processing efficiency and transport protocol
performance, IPv6 requires that the extension header length be an integer
multiple of 8 bytes.
When multiple extension headers are used, the Next Header field of an extension
header indicates the type of the next header following this extension header. The
Next Header field in the IPv6 basic header indicates the type of the first extension
header, and the Next Header field in the first extension header indicates the type
of the next extension header. If there are no extension headers following the
current one, the Next Header field indicates the upper-layer protocol type. Figure
9-8 shows the IPv6 extension header format.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 297

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Figure 9-8 IPv6 extension header format

Version Traffic Class Flow Label

Payload Length Next Header Hop Limit

Source Address 40 octets

Basic
Header
Destination
Address

Next Header Extension Header Len

Extension Head Data Variable
Next Header Extension Header Len Length
Extension Head Data
Extension
Header

...
Next Header Extension Header Len
Extension Head Data(last)

... Data

An IPv6 extension header contains the following fields:

● Next Header: 8 bits long. This is similar to the Next Header field in the IPv6
basic header, indicating the type of the next extension header (if any) or the
upper-layer protocol type.
● Extension Header Len: 8 bits long. This indicates the extension header length
excluding the Next Header field.
● Extension Head Data: Variable length. This includes a series of options and
the padding field.
RFC 2460 defines six IPv6 extension headers: Hop-by-Hop Options header,
Destination Options header, Routing header, Fragment header, Authentication
header, and Encapsulating Security Payload header.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 298

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Table 9-2 IPv6 extension headers

Head Next Description
er Head
Type er
Field
Value

Hop- 0 This header carries information that every node must examine
by- along the delivery path of a packet. This header is used in the
Hop following applications:
Optio ● Jumbo payload (if the payload length exceeds 65535 bytes)
ns
heade ● Prompting devices to check this option before the devices
r forward packets.
● Resource Reservation Protocol (RSVP)

Destin 60 This header carries information that only the destination node
ation of a packet examines. Currently, this header is used in mobile
Optio IPv6.
ns
heade
r

Routin 43 An IPv6 source node uses this header to specify the

g intermediate nodes that a packet must pass through on the
heade way to its destination. This option is similar to the Loose
r Source and Record Route option in IPv4.

Fragm 44 Like IPv4 packets, the length of IPv6 packets to be forwarded

ent cannot exceed the maximum transmission unit (MTU). When
heade the packet length exceeds the MTU, the packet needs to be
r fragmented. In IPv6, the Fragment header is used by an IPv6
source node to send a packet larger than the MTU.

Authe 51 IPSec uses this header to provide data origin authentication,

nticati data integrity check, and packet anti-replay functions. It also
on protects some fields in the IPv6 basic header.
heade
r

Encap 50 This header provides the same functions as the Authentication

sulati header plus IPv6 packet encryption.
ng
Securi
ty
Payloa
d
heade
r

Conventions for IPv6 extension headers

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 299

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

When a single packet uses more than one extension header, the headers must be
listed in the following order:
● IPv6 basic header
● Hop-by-Hop Options header
● Destination Options header
● Routing header
● Fragment header
● Authentication header
● Encapsulating Security Payload header
● Destination Options header
● Upper-layer header
Intermediate devices determine whether to process extension headers based on
the Next Header field value in the IPv6 basic header. The intermediate devices do
not need to examine or process all extension headers.
Each extension header can only occur once in an IPv6 packet, except for the
Destination Options header which may occur twice (once before a Routing header
and once before the upper-layer header).

9.2.3 ICMPv6
The Internet Control Message Protocol version 6 (ICMPv6) is one of the basic IPv6
protocols.
In IPv4, ICMP reports IP packet forwarding information and errors to the source
node. ICMP defines certain messages such as Destination Unreachable, Packet Too
Big, Time Exceeded, Echo Request, and Echo Reply to facilitate fault diagnosis and
information management. ICMPv6 provides additional mechanisms alongside the
current ICMPv4 functions such as Neighbor Discovery (ID), stateless address
configuration (including duplicate address detection), and Path Maximum
Transmission Unit (PMTU) discovery.
The protocol number of ICMPv6 (that is, the value of the Next Header field in an
IPv6 packet) is 58. Figure 9-9 shows the ICMPv6 packet format.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 300

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Figure 9-9 Format of an ICMPv6 packet

IPv6 basic
header
Next header = 58
ICMPv6 packet
ICMPv6 packet

Type Code Checksum

ICMPv6 Data

Some fields in the packet are described as follows:

● Type: specifies a message type. Values 0 to 127 indicate the error message
type, and values 128 to 255 indicate the informational message type.
● Code: indicates a specific message type.
● Checksum: indicates the checksum of an ICMPv6 packet.

Classification of ICMPv6 Error Messages

ICMPv6 error messages are generated when errors occur during IPv6 packet
forwarding. They are classified into the following four types:
● Destination Unreachable message
During IPv6 packet forwarding, if an IPv6 node detects that the destination
address of a packet is unreachable, it sends an ICMPv6 Destination
Unreachable message to the source node carrying information about the
causes for the error message.
In an ICMPv6 Destination Unreachable message, the value of the Type field is
1. Depending on the cause, the value of the Code field can be:
– 0: No route to the destination device.
– 1: Communication with the destination device is administratively
prohibited.
– 2: Not assigned.
– 3: Destination IP address is unreachable.
– 4: Destination port is unreachable.
● Packet Too Big message
If an IPv6 node, during IPv6 packet forwarding, detects that the size of a
packet exceeds the link MTU of the outbound interface, it sends an ICMPv6

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 301

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Packet Too Big message to the source node. The link MTU of the outbound
interface is carried in the message. PMTU discovery is implemented based on
Packet Too Big messages.
In a Packet Too Big message, the Type field value is 2 and the Code field value
is 0.
● Time Exceeded message
During the transmission of IPv6 packets, when a device receives a packet with
a hop limit of 0 or a device reduces the hop limit to 0, it sends an ICMPv6
Time Exceeded message to the source node. During the processing of a packet
to be fragmented and reassembled, an ICMPv6 Time Exceeded message is
also generated when the reassembly time is longer than the specified period.
In a Time Exceeded message, the Type field value is 3. Depending on the
cause, the Code field value can be:
– 0: Hop limit exceeded in packet transmission.
– 1: Fragment reassembly timeout.
● Parameter Problem message
When a destination node receives an IPv6 packet, it checks the validity of the
packet. If it detects an error, it sends an ICMPv6 Parameter Problem message
to the source node.
In a Parameter Problem message, the Type field value is 4. Depending on the
cause, the Code field value can be:
– 0: A field in the IPv6 basic header or extension header is incorrect.
– 1: The Next Header field in the IPv6 basic header or extension header
cannot be identified.
– 2: Unknown options exist in the extension header.

Classification of ICMPv6 Information Messages

ICMPv6 information messages provide diagnosis and additional host functions
such as Multicast Listener Discovery (MLD) and Neighbor Discovery (ND).
Common ICMPv6 information messages include Ping messages, which consist of
Echo Request and Echo Reply messages.
● Echo Request messages: Echo Request messages are sent to destination
nodes. After receiving an Echo Request message, the destination node
responds with an Echo Reply message. In an Echo Request message, the Type
field value is 128 and the Code field value is 0.
● Echo Reply messages: After receiving an Echo Request message, the
destination node responds with an Echo Reply message. In an Echo Reply
message, the Type field value is 129 and the Code field value is 0.

9.2.4 Neighbor Discovery

The Neighbor Discovery Protocol (NDP) is an enhancement of Address Resolution
Protocol (ARP) and Internet Control Management Protocol (ICMP) router
discovery in IPv4. In addition to ICMPv6 address resolution, NDP also provides the
neighbor unreachable detection, duplicate address detection, router discovery, and
redirection functions.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 302

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Address Resolution
In IPv4, a host needs to obtain the link-layer address of the destination host
through the ARP protocol for communication. Similar to IPv4, the IPv6 NDP
protocol parses the IP address to obtain the link-layer address.
ARP packets are encapsulated in Ethernet packets. The Ethernet type value is
0x0806. ARP is defined as a protocol that runs between Layer 2 and Layer 3. ND is
implemented through ICMPv6 packets. The Ethernet type value is 0x86dd. The
Next Header value in the IPv6 header is 58, indicating that the packets are ICMPv6
packets. NDP packets are encapsulated in ICMPv6 packets. NDP is a Layer 3
protocol. Layer 3 address resolution has the following advantages:
● Layer 3 address resolution enables Layer 2 devices to use the same address
resolution protocol.
● Layer 3 security mechanisms are used to prevent address resolution attacks.
● Request packets can be sent in multicast mode, reducing load on Layer 2
networks.
During address resolution, Neighbor Solicitation (NS) packets and Neighbor
Advertisement (NA) packets are used.
● In NS packets, the Type field value is 135 and the Code field value is 0. NS
packets are similar to IPv4 ARP Request packets.
● In NA packets, the Type field value is 136 and the Code field value is 0. NA
packets are similar to IPv4 ARP Reply packets.
Figure 9-10 shows the process of address resolution.

Figure 9-10 IPv6 address resolution

Host A Host B

ICMP Type = 135 NS

Src = IPv6-Addr of A
Dst = solicited-node multicast of B
Data = link-layer address of A
Query = What is your link address?
ICMP Type = 136
NA Src = IPv6-Addr of B
Dst = IPv6-Addr of A
Data = link-layer address of B

A and B can now exchange packets on this link

Host A needs to parse the link-layer address of Host B before sending packets to
Host B. Host A sends an NS message with its IPv6 address as the source address

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 303

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

and the solicited-node multicast address of Host B as the destination address. The
Options field in the NS message carries the link-layer address of Host A.

After receiving the NS message, Host B replies with an NA Reply message. In the
NA reply message, the source address is the IPv6 address of Host B, and the
destination address is the IPv6 address of Host A (the NS message is sent to Host
A in unicast mode using the link-layer address of Host A). The Options field carries
the link-layer address of Host B. This is the whole address resolution process.

Neighbor Unreachable Detection

A neighbor state can transit from one to another. Hardware faults and hot
swapping of interface cards interrupt communication with neighboring devices.
Communication cannot be restored if the destination of a neighboring device
becomes invalid, but it can be restored if the path fails. Nodes need to maintain a
neighbor table to monitor the state of each neighboring device.

There are five neighbor states: Incomplete, Reachable, Stale, Delay, and Probe.

Figure 9-11 shows the transition of neighbor states. The Empty state indicates
that the neighbor table is empty.

Figure 9-11 Neighbor state transition

Empty Incomplete Reachable

Probe Delay Stale

The following example describes changes in neighbor state of node A during its
first communication with node B.

1. Node A sends an NS message and generates a cache entry. The neighbor

state of node A is Incomplete.
2. If node B replies with an NA message, the neighbor state of node A changes
from Incomplete to Reachable. Otherwise, the neighbor state changes from
Incomplete to Empty after a certain period of time, and node A deletes this
entry.
3. After the neighbor reachable time times out, the neighbor state changes from
Reachable to Stale, indicating that the neighbor reachable state is unknown.
4. If node A in the Reachable state receives a non-NA Request message from
node B, and the link-layer address of node B carried in the message is
different from that learned by node A, the neighbor state of node A changes
to Stale.
5. Node A sends data to node B. The state of node A changes from Stale to
Delay. Node A then sends an NS Request message.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 304

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

6. After a period of time, the neighbor state changes from Delay to Probe.
During this time, if node A receives an NA Reply message, the neighbor state
of node A changes to Reachable.
7. Node A in the Probe state sends several unicast NS messages at the
configured interval. If node A receives a Reply message, the neighbor state of
node A changes from Probe to Reachable. Otherwise, the state changes to
Empty and node A deletes the entry.

Duplicate Address Detection

Before an IPv6 unicast address is assigned to an interface, duplicate address
detection (DAD) is performed to check whether another node uses the address.
DAD is required if IP addresses are configured automatically. An IPv6 unicast
address assigned to an interface but not verified by DAD is called a tentative
address. An interface cannot use the tentative address for unicast communication
but will join two multicast groups: ALL-nodes multicast group and Solicited-node
multicast group.

IPv6 DAD is similar to IPv4 gratuitous ARP. A node sends an NS message that
requests the tentative address as the destination address to the Solicited-node
multicast group. If the node receives an NA Reply message, another node is using
the tentative address for communication. This node will not use this tentative
address for communication.

Figure 9-12 shows an example of DAD.

Figure 9-12 DAD example

Host A Host B
tentative address: FC00::1 FC00::1

ICMP Type = 135 NS

Src = ::
Dst = FF02::1:FF00:1
Data = FC00::1
Query = Anyone has this address?
ICMP Type = 136
NA Src = FC00::1
Dst = FF02::1
Data = FC00::1
Answer = I have this address.

The IPv6 address FC00::1 is assigned to Host A as a tentative IPv6 address. To

check the validity of this address, Host A sends an NS message containing the
requested address FC00::1 to the Solicited-node multicast group to which FC00::1
belongs. Since FC00::1 is not specified, the source address of the NS message is an
unspecified address. After receiving the NS message, Host B processes the
message in one of the following ways:

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 305

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

● If FC00::1 is a tentative address of Host B, Host B will not use this address as
an interface address and will not send an NA message.
● If FC00::1 is in use on Host B, Host B sends an NA message to FF02::1 carrying
IP address FC00::1. In this way, Host A can find and mark the duplicate
tentative address after receiving the message so it will not take effect.

Router Discovery
Router discovery is used to locate neighboring devices and learn their address
prefixes and configuration parameters for address autoconfiguration.
IPv6 supports stateless address autoconfiguration. Hosts obtain IPv6 prefixes and
automatically generate interface IDs. Router Discovery is the basis of IPv6 address
autoconfiguration and is implemented through the following two types of packets:
● Router Advertisement (RA) message: Each router periodically sends multicast
RA messages carrying network prefixes and identifiers on the network to
declare its existence to Layer 2 hosts and devices. An RA message has a Type
field value of 134.
● Router Solicitation (RS) message: After being connected to the network, a
host immediately sends an RS message to obtain network prefixes. Devices on
the network reply with RA messages. An RS message has a Type field value of
133.
Figure 9-13 shows the router discovery function.

Figure 9-13 Router discovery example

RA RS RA

ICMP Type = 134

ICMP Type = 133 Src = router link-local address
Src = self interface address Dst = all-nodes multicast address
Dst = all-router multicast (FF02::1)
address (FF02::2) Data = Router lifetime, Cur hop
limit, Autoconfig flag,
options(prefix、MTU)...

Address Autoconfiguration
IPv4 uses DHCP to automatically configure IP addresses and default gateways.
This simplifies network management. The length of an IPv6 address is increased to
128 bits. Multiple terminal nodes require the function of automatic configuration.
IPv6 allows both stateful and stateless address autoconfiguration. Stateless
autoconfiguration enables hosts to automatically generate link-local addresses.
Hosts automatically configure global unicast addresses and obtain other
information based on prefixes in the RA message.
The process of IPv6 stateless autoconfiguration is as follows:

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 306

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

1. A host automatically configures the link-local address based on the interface

ID.
2. The host sends an NS message for duplicate address detection.
3. If address conflict occurs, the host stops address autoconfiguration. Then
addresses need to be configured manually.
4. If addresses do not conflict, the link-local address takes effect. The host then
connects to the network and communicates with the local node.
5. The host either sends an RS message or receives RA messages devices
periodically send.
6. The host obtains the IPv6 address based on the prefixes carried in the RA
message and the interface ID.
Default Router Priority and Route Information Discovery
If there are multiple devices on the network where hosts reside, hosts need to
select forwarding devices based on the destination address of the packet. In such a
case, devices advertise default router priorities and route information, which
allows hosts to select the optimal forwarding device based on the packet
destination address.
The fields of default router priority and route information are defined in an RA
message. These two fields enable hosts to select the optimal forwarding device.
After receiving an RA message containing route information, hosts update their
routing tables. When sending packets to other devices, hosts check the routing
table and select the optimal route.
When receiving an RA message carrying default router priorities, hosts update
their default router lists. When sending packets to other devices, hosts select the
device with the highest priority to forward packets from the router list. If the
selected router does not work, hosts select the subsequent device in descending
order of priority.

Redirection
To choose an optimal gateway device, the gateway device sends a Redirection
message to notify the sender that another gateway device can send packets.
Redirection messages are contained within ICMPv6 messages and have a Type
field value of 137. They carry a better next hop address and destination address
for packets that need to be redirected.
Figure 9-14 shows an example of packet redirection.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 307

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Figure 9-14 Packet redirection example

Host B Switch B Host A Switch A

IPv6 packet

Neighbor redirect packet definitions:

ICMPv6 Type = 137
Src = link-local address of Switch A
Dst = link-local address of Host
Data = target address (link-local
address of Switch B), options
(header of redirected packet)

Subsequent IPv6 packets

Host A needs to communicate with Host B. By default, Switch A sends packets

from Host A to Host B. After receiving packets from Host A, Switch A discovers
that sending packets directly to Switch B is more efficient. Switch A sends a
Redirection message carrying the destination address of Host B to Host A to notify
Host A that Switch B is a better next hop address. After receiving the Redirection
message, Host A adds a host route to the default routing table. Packets sent to
Host B will be sent directly to Switch B.
A device sends a Redirection message in the following situations:
● The destination address of the packet is not a multicast address.
● Packets are not forwarded to the device through routing.
● After route calculation, the outbound interface of the next hop is the interface
that receives the packets.
● The device discovers that a better next hop IP address of the packet is on the
same network segment as the source IP address of the packet.
● After checking the source address of the packet, the device discovers a
neighboring device in the neighbor entries using this address as the global
unicast address or the link-local unicast address.
NOTE

If the communication target is a host, the IPv6 address of the host is used as the
destination address of the Redirection message. If the Redirection message contains
options, the link-layer address of the target host is included in the options.

9.2.5 Path MTU

In IPv4, oversized packets are fragmented. When the transit device receives a
packet exceeding the maximum transmission unit (MTU) size of its outbound
interface from a source node, the transit device fragments the packet before

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 308

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

forwarding it to the destination node. In IPv6, however, the source node fragments
the packets to reduce pressure on the transit device. When an interface on the
transit device receives a packet whose size exceeds the MTU, the transit device
discards the packet and sends an ICMPv6 Packet Too Big message to the source
node. The ICMPv6 Packet Too Big message contains the MTU value of the
outbound interface. The source node fragments the packet based on the MTU and
resends the packet, increasing traffic overhead. The Path MTU Discovery (PMTUD)
protocol dynamically discovers the MTU value of each link on the transmission
path, reducing excessive traffic overhead.

The PMTU protocol is implemented through ICMPv6 Packet Too Big messages. A
source node first uses the MTU of its outbound interface as the PMTU and sends a
probe packet. If a smaller PMTU exists on the transmission path, the transit device
sends a Packet Too Big message to the source node. The Packet Too Big message
contains the MTU value of the outbound interface on the transit device. After
receiving this message, the source node changes the PMTU value to the received
MTU value and sends packets based on the new MTU. This process repeats until
packets are sent to the destination address. The source node obtains the PMTU of
the destination address.

Figure 9-15 shows an example of PMTU discovery.

Figure 9-15 PMTU discovery

MTU=1500 MTU=1500 MTU=1400 MTU=1300

Packet with MTU=1500

ICMP error: packet too big, use MTU 1400

Packet with MTU=1400

ICMP error: packet too big, use MTU 1300

Packet with MTU=1300

Packet received
Path MTU=1300

Packets are transmitted through four links with MTU values of 1500, 1500, 1400,
and 1300 bytes. Before sending a packet, the source node fragments the packet
based on a PMTU of 1500. When the packet is sent to the outbound interface with
MTU 1400, the device returns a Packet Too Big message carrying MTU 1400. The
source node then fragments the packet based on MTU 1400 and sends the
fragmented packet again. The process repeats when the packet based on MTU
1400 is sent to the outbound interface with MTU 1300, the device returns another
Packet Too Big message that carries MTU 1300. The source node receives the
message and fragments the packet based on MTU 1300. In this way, the source

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 309

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

node sends the packet to the destination address and discovers the PMTU of the
transmission path.

NOTE

IPv6 allows a minimum MTU of 1280 bytes. Therefore, the PMTU must be greater than
1280 bytes. PMTU of 1500 bytes is recommended.

9.3 Licensing Requirements and Limitations for IPv6

Involved Network Elements
Other network elements are not required.

Licensing Requirements
The IPv6 function is controlled by a license. By default, this function is disabled on
a new device. To use the IPv6 function, apply for and purchase the license from
the device supplier.
For details about how to apply for a license, see S Series Switch License Use
Guide.

Version Requirements

Table 9-3 Product and version requirements of IPv6

Product Product Software Version

Model

S12700 S12708 V200R005C00, V200R006C00, V200R007C00,

and V200R007C20, V200R008C00, V200R009C00,
S12712 V200R010C00, V200R011C10

S12710 V200R010C00, V200R011C10

S12704 V200R008C00, V200R009C00, V200R010C00,

V200R011C10

NOTE
To know details about software mappings, see Hardware Query Tool.

Feature Limitations
● IPv6 addresses cannot be assigned to the management interface.
● In V200R011C10 and later versions, the VLANIF interface of a super-VLAN on
a switch supports the IPv6 function.
● The switch can set the CPCAR values for the packets of each protocol. The
CPCAR values of some protocol packets need to be adjusted based on the
actual service scale and user network.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 310

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

● If the default CPCAR value of ND packets cannot meet the packet exchange
requirements when too many IPv6 user hosts are connected to the switch, a
large number of ND packets may be lost and the switch fails to learn ND
neighbor entries. Therefore, the CPCAR value must be adjusted. To prevent the
CPU from running with a high load, the CPCAR value needs to be increased to
a proper value.
● If the CPCAR values are adjusted improperly, network services are affected. To
adjust the CPCAR values of ND packets, contact technical support personnel.
● A device can only forward ICMPv6 packets with the Option field at Layer 3.
Other IPv6 packets with the Option field will be discarded.

9.4 Default Settings for IPv6

Default settings for IPv6
Parameter Default Setting

IPv6 packet forwarding Disabled

Maximum interval for sending RA 600s

packets

Minimum interval for sending RA 200s

packets

Neighbor reachable time 30000 ms

ND packet and ND Miss message Enabled

packetizing

Optimized ND reply Enabled

PMTU for a specified IPv6 address 1500 bytes

Aging time of dynamic PMTU 10 minutes

entries

SYN-Wait timer for TCP6 75s

connections

FIN-Wait timer for TCP6 600s

connections

Packet receive or send buffer size 8 KB

of a TCP6 socket

Minimum MSS value for a TCP6 216 bytes

connection

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 311

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

9.5 Configuring IPv6 Addresses for Interfaces

Pre-configuration Tasks
Before configuring IPv6 addresses for interfaces, configure link layer protocol
parameters for interfaces to ensure that the link layer protocol status on the
interfaces is Up.

9.5.1 Configuring Global Unicast Addresses for Interfaces

Context
A global unicast address is similar to an IPv4 public address and provided for the
Internet Service Provider (ISP). A global unicast address can be generated by
either of the following methods:

● Generated in EUI-64 format: An IPv6 global unicast address in EUI-64 format

contains a manually configured prefix and an automatically generated
interface identifier.
● Configured manually: You can manually configure an IPv6 global unicast
address.
NOTE

● You can configure an interface with multiple global unicast addresses with different
network prefixes.
● Manually configured global unicast addresses have a higher priority than automatically
generated ones. Manually configured addresses can overwrite automatically generated
ones with the same prefix. The overwritten automatically generated addresses do not
take effect even if manually configured addresses are deleted. A device needs to
generate a new global unicast address based on the IP prefix carried in the received RA
packet.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run ipv6

IPv6 packet forwarding is enabled.

By default, IPv6 packet forwarding is disabled.

Step 3 Run interface interface-type interface-number

The specified interface view is displayed.

Step 4 (Optional) On an Ethernet interface, run undo portswitch

The interface is switched to Layer 3 mode.

By default, an Ethernet interface works in Layer 2 mode.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 312

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Step 5 Run ipv6 enable

The IPv6 function is enabled on the interface.
By default, the IPv6 function is disabled on an interface.
Step 6 Run either of the following commands to configure an IPv6 global unicast address
for an interface:
● Run ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
An IPv6 global unicast address is manually configured.
● Run ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
eui-64
An IPv6 global unicast address is generated in EUI-64 format.
You can configure a maximum of 10 global unicast addresses on an interface.

----End

Verifying the Configuration

● Run the display ipv6 interface [ interface-type interface-number | brief ]
command in any view to check IPv6 information about a specified interface.
● Run the display this ipv6 interface command in the interface view to check
IPv6 information about the current interface.

9.5.2 Configuring Link-local Addresses for Interfaces

Context
Link-local addresses are used in neighbor discovery or stateless autoconfiguration.
An IPv6 link-local address is generated by either of the following methods:
● Generated automatically: A device automatically generates a link-local
address for an interface based on the link-local prefix (FE80::/10) and link
layer address of the interface.
● Configured manually: You can manually configure an IPv6 link-local address
for an interface.
NOTE

● Each interface can be configured with only one link-local address. To prevent link-local
address conflict, automatically generated link-local addresses are recommended. After
an interface is configured with an IPv6 global unicast address, it automatically generates
a link-local address.
● Manually configured link-local addresses have a higher priority than automatically
generated ones. Manually configured addresses can overwrite automatically generated
ones, but automatically generated addresses cannot overwrite manually configured
ones. If manually configured addresses are deleted, the automatically generated ones
that were previously overwritten take effect again.

Procedure
Step 1 Run system-view
The system view is displayed.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 313

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Step 2 Run ipv6

IPv6 packet forwarding is enabled.

By default, IPv6 packet forwarding is disabled.

Step 3 Run interface interface-type interface-number

The specified interface view is displayed.

Step 4 (Optional) On an Ethernet interface, run undo portswitch

The interface is switched to Layer 3 mode.

By default, an Ethernet interface works in Layer 2 mode.

Step 5 Run ipv6 enable

The IPv6 function is enabled on the interface.

By default, the IPv6 function is disabled on an interface.

Step 6 Run either of the following commands to configure a link-local address for an
interface:
● Run ipv6 address ipv6-address link-local
A link-local address is configured for an interface.
● Run ipv6 address auto link-local
A link-local address is automatically generated.

----End

Verifying the Configuration

● Run the display ipv6 interface [ interface-type interface-number | brief ]
command in any view to check IPv6 information about a specified interface.
● Run the display this ipv6 interface command in the interface view to check
IPv6 information about the current interface.

9.5.3 Configuring Anycast Addresses for Interfaces

Context
IPv6 anycast addresses are allocated from the unicast address space. An anycast
address identifies a group of network interfaces, which usually belong to different
nodes. When using anycast addresses, pay attention to the following points:

● You can use anycast addresses as destination addresses only.

● Packets addressed to an anycast address are delivered to the nearest interface
identified by the anycast address, depending on the routing protocols used.

Procedure
Step 1 Run system-view

The system view is displayed.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 314

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Step 2 Run ipv6

IPv6 packet forwarding is enabled on the switch.

By default, IPv6 packet forwarding is disabled.

Step 3 Run interface interface-type interface-number

The specified interface view is displayed.

Step 4 (Optional) On an Ethernet interface, run undo portswitch

The interface is switched to Layer 3 mode.

By default, an Ethernet interface works in Layer 2 mode.

Step 5 Run ipv6 enable

The IPv6 function is enabled on the interface.

By default, the IPv6 function is disabled on an interface.

Step 6 Run ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

anycast

An IPv6 anycast address is configured for the interface.

----End

Verifying the Configuration

● Run the display ipv6 interface [ interface-type interface-number | brief ]
command in any view to check IPv6 information about a specified interface.
● Run the display this ipv6 interface command in the interface view to check
IPv6 information about the current interface.

9.6 Configuring ICMPv6 Error Packet Control

Context
Configuring ICMPv6 error packet control reduces network traffic and prevents
malicious attacks. Network congestion may occur when a large number of ICMPv6
error packets are sent on the network within a short period of time. To prevent
network congestion, you can limit the maximum number of ICMPv6 error packets
sent in a specified period using the token bucket algorithm.

You can set the bucket size and interval for placing tokens into the bucket. The
bucket size indicates the maximum number of tokens that a bucket can hold. One
token represents one ICMPv6 error packet. When an ICMPv6 error packet is sent,
one token is taken out of the token bucket. When there are no tokens, ICMPv6
error packets cannot be sent until new tokens are placed into the token bucket.

If transmission of too many ICMPv6 error packets causes network congestion or

the network is attacked by forged ICMPv6 error packets, you can disable the
system from receiving ICMPv6 error packets, Host Unreachable packets, and Port
Unreachable packets.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 315

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Pre-configuration Tasks
Before setting rate limit for sending ICMPv6 error packets, perform the task of 9.5
Configuring IPv6 Addresses for Interfaces.

Procedure
● Control ICMPv6 error messages in the system view.
a. Run system-view

The system view is displayed.

b. Run ipv6

IPv6 packet forwarding is enabled.

By default, a device is disabled from forwarding IPv6 unicast packets.

c. Run ipv6 icmp-error { bucket bucket-size | ratelimit interval } *

Rate limit for sending ICMPv6 error packets is set.

By default, a token bucket can hold a maximum of 10 tokens and the

interval for placing tokens into the bucket is 100 ms.

NOTE

If transmission of too many ICMPv6 error packets causes network congestion or

the network is attacked by forged ICMPv6 error packets, you can also run the
undo ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } receive
command to disable the system from receiving ICMPv6 error packets, Host
Unreachable packets, and Port Unreachable packets.
d. Run ipv6 icmp too-big-rate-limit

The device is enabled to reject oversized ICMPv6 error messages.

By default, the device rejects oversized ICMPv6 error messages.

e. Run undo ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all }
receive

The system is disabled from receiving ICMPv6 messages.

By default, the system is enabled to receive ICMPv6 messages.

f. Run undo ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all }
send

The system is disabled from sending ICMPv6 messages.

By default, the system is enabled to send ICMPv6 messages.

g. Run ipv6 icmp blackhole unreachable send

The Broadband Remote Access Server (BRAS) is enabled to send a

Destination Unreachable ICMP packet to an initiator when a tracert
packet matches an IPv6 blackhole route.

By default, the BRAS is disabled from sending a Destination Unreachable

ICMP packet to an initiator when a tracert packet matches an IPv6
blackhole route.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 316

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

● Control ICMPv6 messages in the interface view.

a. Run system-view

The system view is displayed.

b. Run interface interface-type interface-number

The specified interface view is displayed.

c. (Optional) On an Ethernet interface, run undo portswitch

The interface is switched to Layer 3 mode.

By default, an Ethernet interface works in Layer 2 mode.

d. Run ipv6 enable

The IPv6 function is enabled on the interface.

By default, the IPv6 function is disabled on an interface.

e. Run undo ipv6 icmp port-unreachable send

The interface is disabled from sending ICMPv6 Port Unreachable

messages.

By default, the function of sending ICMPv6 Port Unreachable messages

configured globally also takes effect on an interface.
f. Run undo ipv6 icmp hop-limit-exceeded send

The interface is disabled from sending ICMPv6 Hop Limit Exceeded

messages.

By default, the function of sending ICMPv6 Hop Limit Exceeded messages

configured globally also takes effect on an interface.

----End

Verifying the Configuration

● Run the display ipv6 interface [ interface-type interface-number | brief ]
command to check IPv6 information about a specified interface.
● Run the display icmpv6 statistics command to check ICMPv6 traffic statistics.

9.7 Configuring IPv6 Neighbor Discovery

Pre-configuration Tasks
The Neighbor Discovery Protocol (NDP) replaces the Address Resolution Protocol
(ARP) and ICMP Router Discovery on an IPv4 network. Additionally, IPv6 Neighbor
Discovery (ND) provides redirection and neighbor unreachability detection.

Before configuring IPv6 ND, perform the task of 9.5 Configuring IPv6 Addresses
for Interfaces.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 317

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

9.7.1 Configuring Static Neighbors

Context
To communicate with a destination host, a host needs to obtain the destination
host's link-layer address. The link-layer address of a neighbor node can be
obtained using the neighbor discovery mechanism, or by manually configuring
static neighbor entries. A device identifies a static neighbor entry based on the
IPv6 address of this neighbor and number of the Layer 3 interface connected to
this neighbor. To filter invalid packets, you can create static neighbor entries,
binding the destination IPv6 addresses of these packets to nonexistent MAC
addresses.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The specified interface view is displayed.

Step 3 (Optional) On an Ethernet interface, run undo portswitch

The interface is switched to Layer 3 mode.

By default, an Ethernet interface works in Layer 2 mode.

Step 4 Run ipv6 enable

The IPv6 function is enabled.

Step 5 Run the following commands to configure static neighbors based on the interface
type.
● For the Ethernet interface, run the ipv6 neighbor ipv6-address mac-address
command.
● For a VLANIF interface, run the ipv6 neighbor ipv6-address mac-address vid
vlan-id interface-type interface-number
command.

----End

9.7.2 Configuring Neighbor Discovery

Context
IPv6 NDP provides address resolution, neighbor unreachability detection, DAD,
router/prefix discovery, address autoconfiguration, and redirection.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 318

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

NOTE

After the IPv6 function is enabled on the switch, the switch automatically implements
address resolution, DAD, and redirection. Neighbor unreachability detection, router/prefix
discovery, and address autoconfiguration need to be manually configured. You can also
configure the switch to send RA packets to enable router/prefix discovery and address
autoconfiguration, and enable the automatic detection of ND entries to check whether
neighbors are reachable.

After the automatic detection of ND entries is enabled on the switch, the switch
can send NS packets to check whether neighbors are reachable before aging ND
entries. If neighbors are reachable, the switch updates ND entries; otherwise, the
switch ages ND entries.
You can enable the switch to send RA packets. After receiving the RA packets,
network nodes perform address autoconfiguration and router/prefix discovery
based on the prefix and other configuration information contained in RA packets.
After the preceding configurations are complete, NDP functions work properly. You
can also adjust ND parameters based on service requirements.

Procedure
Step 1 Enable NDP functions to work properly.
1. Run system-view
The system view is displayed.
2. Run ipv6
IPv6 packet forwarding is enabled.
By default, IPv6 packet forwarding is disabled.
3. Run interface interface-type interface-number
The specified interface view is displayed.
4. (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
5. Run ipv6 enable
The IPv6 function is enabled.
By default, the IPv6 function is disabled on an interface.
6. Run undo ipv6 nd ra halt
The system is enabled to send RA packets.
By default, the system is disabled from sending RA packets.
Step 2 (Optional) Adjust ND parameters to meet service requirements.
Run the following commands in the system view.
Run quit
Return to the system view.
● In the system view, run ipv6 nd hop-limit limit
The hop limit for IPv6 unicast packets initially sent by a device is set.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 319

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

By default, the IPv6 unicast packets initially sent by a device can travel a
maximum of 64 hops.
● In the system view, run ipv6 nd stale-timeout timeout-value
The aging time of ND entries in STALE state is set.
By default, the aging time of ND entries in STALE state is 1200 seconds.
● In the system view, run ipv6 nd learning strict
IPv6 ND strict learning is enabled.
By default, IPv6 ND strict learning is disabled.
Run the following commands on the interface.
Run interface interface-type interface-number
The specified interface view is displayed.
● Run ipv6 nd stale-timeout seconds
The aging time of ND entries in STALE state is set.
By default, the aging time of ND entries in STALE state is 1200 seconds.
● Run ipv6 nd learning strict { force-disable | force-enable | trust }
IPv6 ND strict learning is enabled.
By default, IPv6 ND strict learning is disabled.
● Run ipv6 nd ra hop-limit limit
The hop limit for RA packets is set.
By default, the hop limit for RA packets is 64.
NOTE

– If the ipv6 nd ra hop-limit command is executed on an interface, the hop limit

for RA packets is determined by the interface configuration.
– If the ipv6 nd ra hop-limit command is not executed on an interface, the hop
limit for RA packets is determined by the hop limit configured using the ipv6 nd
hop-limit command.
● Run ipv6 nd ns retrans-timer interval
The interval for sending NS packets is set.
By default, the interval for sending NS packets is 1000 ms.
● Run ipv6 nd ra { max-interval maximum-interval | min-interval minimum-
interval }
The interval for sending RA packets is set.
By default, the maximum interval is 600s and the minimum interval is 200s.
● Run ipv6 nd ra prefix { ipv6-address prefix-length | ipv6-address/prefix-
length } valid-lifetime preferred-lifetime [ no-autoconfig ] [ off-link ] or ipv6
nd ra prefix default no-advertise
Prefix information in RA packets is configured.
By default, an RA packet carries only the address prefix configured using the
ipv6 address command.
Prefixes configured using the ipv6 nd ra prefix command take precedence
over the default prefix generated based on the interface IPv6 address. An RA
packet can carry a maximum of 10 prefixes. If exactly 10 prefixes are
configured manually, the default prefix is not used.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 320

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

● Run ipv6 nd autoconfig managed-address-flag

The managed address configuration flag (M flag) for stateful
autoconfiguration in RA packets is set.
By default, the M flag in an RA packet is not set.
● Run ipv6 nd autoconfig other-flag
The other configuration flag (O flag) for stateful autoconfiguration in RA
packets is set.
By default, the O flag in an RA packet is not set.
● Run ipv6 nd nud reachable-time value
The IPv6 neighbor reachable time is set.
By default, the IPv6 neighbor reachable time is 30000 ms.
● Run ipv6 nd ra router-lifetime ra-lifetime
The time to live (TTL) is set for RA packets.
By default, the TTL of RA packets is 1800s.
● Run ipv6 nd dad attempts value
The number of times NS packets are sent when the system performs DAD is
set.
By default, the number of times NS packets are sent when the system
performs DAD is 1.
● Run ipv6 nd neighbor-limit limit-number
The maximum number of dynamic neighbor entries that can be learned by an
interface is set.
By default, the S12700 allows an interface to learn a maximum of 128000
dynamic neighbor entries.

Step 3 (Optional) Configure the default router priority and route information.

Run the following commands on the interface. If the current view is system view,
run the interface interface-type interface-number command to enter interface
view.

1. Run ipv6 nd ra preference { high | medium | low }

The default router priority is configured in RA packets.
By default, the router preference of RA packets is medium.
2. Run ipv6 nd ra route-information ipv6-address prefix-length lifetime route-
lifetime [ preference { high | medium | low } ]
Route information is configured in RA packets.
By default, there is no route information in RA packets.

----End

9.7.3 Verifying the IPv6 Neighbor Discovery Configuration

Procedure
● Run the display ipv6 interface [ interface-type interface-number | brief ]
command to check IPv6 information about a specified interface.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 321

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

● Run the display ipv6 neighbors [ ipv6-address | [ vid vid ] interface-type

interface-number | vpn-instance vpn-instance-name ] command to check
information about neighbor entries.

9.8 Disabling a Device from Packetizing ND Packets

and ND Miss Messages
Context
A device usually packetizes received ND packets and sends them to the CPU,
which improves the ND packet processing efficiency. However, packetizing causes
a delay and affects real-time services. To solve the problem, disable the
packetizing function on ND packets.

If a user sends an IPv6 packet with an irresolvable destination IPv6 address to the
device (that is, if the device has a route to the destination IPv6 address of the IPv6
packet but has no ND entry matching the next hop of the route), the device
generates an ND Miss message. By default, the device packs ND Miss messages
and sends the package to the CPU. This improves the efficiency of processing the
ND Miss messages.

When the ND Miss message packetizes function is enabled, the X series cards
cannot reply to ICMPv6 host unreachable packets. To enable these cards to reply
to ICMPv6 host unreachable packets, you can disable the ND Miss message
packing function.

NOTE

Only the X series cards support disabling packetizing ND packets and ND Miss messages.

Procedure
● Disable a device from packetizing ND packets
a. Run system-view
The system view is displayed.
b. Run nd message-cache disable
The device is disabled from packetizing ND packets.
By default, devices are enabled to packetize ND packets.
● Disable a device from packetizing ND Miss messages
a. Run system-view
The system view is displayed.
b. Run nd-miss message-cache disable
The ND Miss message packing function is disabled.
By default, the ND Miss message packing function is enabled.

----End

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 322

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Verifying the Configuration

● Run the display current-configuration | include nd message-cache
command to check the configuration of the ND packets packetizing function.
● Run the display current-configuration | include nd-miss message-cache
command to check the configuration of the ND Miss message packing
function.

9.9 Configuring the Optimized ND Reply Function

Context
When a switch functions as an access gateway, it receives a large number of ND
Request packets that request the switch to reply with its local interface MAC
address. If all these ND Request packets are sent to the CPU, the CPU usage of the
MPU increases, and other services are affected.
The optimized ND reply function addresses this issue. After this function is
enabled, the LPU receiving an ND Request packet returns an ND Reply packet if
the ND Request packet is destined for a local interface on the switch, and discards
the ND Request packets if the packets is not destined for a local interface on the
switch. The optimized ND reply function is applicable to the switch with multiple
LPUs configured.
By default, the optimized ND reply function is enabled. After receiving an ND
Request packet, the switch checks whether an ND entry corresponding to the
source IPv6 address of the ND Request packet exists.
● If the corresponding ND entry exists and the packet information is the same
as the saved ND entry information, the LPU receiving the ND Request packet
performs optimized ND reply to this ND Request packet.
● If the corresponding ND entry exists but the packet information differs from
the saved ND entry information, the LPU receiving the ND Request packet
does not perform optimized ND reply to this ND Request packet.
● If the corresponding ND entry does not exist, the LPU receiving the ND
Request packet does not perform optimized ND reply to this ND Request
packet.

Procedure
1. Run system-view
The system view is displayed.
2. Run undo nd optimized-reply disable
The optimized ND reply function is enabled.
By default, the optimized ND reply function is enabled.
– The optimized ND reply function takes effect for ND Request packets sent
by wireless users.
– The optimized ND reply function takes effect only for the Neighbor
Solicitation packets (a type of ND packets) received by VLANIF interfaces.
VLANIF interfaces of Group VLANs and Separate VLANs in MUX VLANs
and VLANIF interfaces of super-VLANs do not perform optimized ND
reply.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 323

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

– If the number of global unicast IPv6 addresses on a VLANIF interface

exceeds 1, the switch does not perform optimized ND reply to ND
Request packets received by the VLANIF interface.
– If the ND snooping function is enabled on a switch, the switch does not
perform optimized ND reply to received ND Request packets on the
corresponding LPU.
– The switch does not perform optimized ND reply to the following
received packets:

▪ Duplicate address detection (DAD) packets with the source IPv6

address ::

▪ Packets with IPv6 extension headers

Verifying the Configuration

● Run the display nd optimized-reply status command to check the status of
the optimized ND reply function.
● Run the display nd optimized-reply statistics [ slot slot-id ] command to
check statistics on optimized ND Reply packets.

9.10 Configuring the Trap Function for Hash Conflicts

of ND Entries

Context
After the trap function for hash conflicts of ND entries is configured, the switch
sends traps when a hash conflict of ND entries occurs so that you can obtain the
status of ND entries promptly. ND entry resources are key resources on the switch.
Monitoring the ND entry status effectively ensures proper running of the switch.
To improve the IPv6 forwarding performance, the switch saves ND entries using
hash links. When multiple ND entries obtain the same key based on the hash
algorithm, the ND entries cannot be saved. This is a hash conflict of ND entries.
When a hash conflict of ND entries occurs, the switch has available ND entry
space but cannot save ND entries. The switch cannot forward IPv6 traffic matching
the ND entries with a hash conflict.

Procedure
1. Run system-view
The system view is displayed.
2. Run nd trap hash-conflict enable
The trap function for hash conflicts of ND entries is enabled.
By default, the trap function for hash conflicts of ND entries is enabled.
3. (Optional) Run nd trap hash-conflict interval interval-time
The interval at which the switch reports traps when a hash conflict of ND
entries occurs is set.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 324

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

By default, a switch reports traps at an interval of 60 seconds when a hash

conflict of ND entries occurs.
4. (Optional) Run nd trap hash-conflict history history-number
The number of traps reported within each interval when a hash conflict of ND
entries occurs is set.
By default, a switch reports a maximum of 10 traps within each interval when
a hash conflict of ND entries occurs.

Verifying the Configuration

Run the display current-configuration command to check whether the trap
function for hash conflicts of ND entries is configured on the switch.

9.11 Configuring PMTU

Pre-configuration Tasks
Before configuring PMTU, perform the task of 9.5 Configuring IPv6 Addresses for
Interfaces.

9.11.1 Configuring Static PMTU

Context
Generally, PMTU is dynamically negotiated according to the IPv6 MTU value of an
interface. In special situations, to protect devices on the network and avoid attacks
from large-sized packets, you can manually configure the PMTU to a specified
destination node to control the maximum length of packets forwarded from the
device to the destination node.

NOTE

When the PMTU from the device to a specified destination node is set, the IPv6 MTU values for
interfaces on all intermediate devices cannot be smaller than the configured PMTU value.
Otherwise, packets are discarded.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 (Optional) Configure the IPv6 MTU for an interface.
1. Run interface interface-type interface-number
The specified interface view is displayed.
2. (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.
3. Run ipv6 enable
The IPv6 function is enabled on the interface.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 325

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

By default, the IPv6 function is disabled on an interface.

4. Run ipv6 mtu mtu
The MTU of IPv6 packets on an interface is set.
By default, the MTU of IPv6 packets on an interface is 1500 bytes.
NOTE

The switch supports MTU setting, so packets sent by the protocol stack are
fragmented based on the configured MTU. However, the hardware chip does not
support MTU setting, and the default MTU is 12K.
After the MTU value is changed, run the shutdown and undo shutdown commands
or the restart (interface view) command to restart the interface and allow the
changes to take effect.
5. Run quit
Return to the system view.
Step 3 Run ipv6 pathmtu ipv6-address [ vpn-instance vpn-instance-name ] [ path-mtu ]
The PMTU for a specified IPv6 address is set.
By default, the PMTU is not set.
If the parameter path-mtu is not specified, the PMTU for a specified IPv6 address
is 1500 bytes.

----End

9.11.2 Setting the Aging Time of Dynamic PMTU

Context
When the device functions as a source node and sends packets to a destination
node, the device dynamically negotiates the PMTU with the destination node
according to the IPv6 MTU values of interfaces and fragments packets based on
the PMTU. After the PMTU ages out, the dynamic PMTU is deleted. The source
node dynamically renegotiates the PMTU with the destination node.

NOTE

When both static and dynamic PMTUs are configured, only static PMTU takes effect. Static
PMTU entries never age.
The interface MTU, IPv6 interface MTU, and PMTU are valid only for packets generated on
the device, not for packets forwarded by the host.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 (Optional) Configure the IPv6 MTU for an interface.
1. Run interface interface-type interface-number
The specified interface view is displayed.
2. (Optional) On an Ethernet interface, run undo portswitch

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 326

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

The interface is switched to Layer 3 mode.

By default, an Ethernet interface works in Layer 2 mode.
3. Run ipv6 enable
The IPv6 function is enabled on the interface.
By default, the IPv6 function is disabled on an interface.
4. Run ipv6 mtu mtu
The MTU of IPv6 packets on an interface is set.
By default, the MTU of IPv6 packets on an interface is 1500 bytes.
NOTE

The switch supports MTU setting, so packets sent by the protocol stack are
fragmented based on the configured MTU. However, the hardware chip does not
support MTU setting, and the default MTU is 12K.
After the MTU value is changed, run the shutdown and undo shutdown commands
or the restart (interface view) command to restart the interface and allow the
changes to take effect.
5. Run quit
Return to the system view.

Step 3 Run ipv6 pathmtu age age-time

The aging time is set for dynamic PMTU entries.

By default, the aging time of dynamic PMTU entries is 10 minutes.

----End

9.11.3 Verifying the PMTU Configuration

Procedure
● Run the display ipv6 pathmtu [ vpn-instance vpn-instance-name ] { ipv6-
address | all | dynamic | static } command to check all PMTU entries.
● Run the display ipv6 interface [ interface-type interface-number ] command
to check the current MTU on the specified interface.

9.12 Configuring TCP6

Pre-configuration Tasks
Before configuring TCP6, configure link layer protocol parameters for interfaces to
ensure that the link layer protocol status on the interfaces is Up.

9.12.1 Setting TCP6 Timers

Context
The following TCP6 timers need to be set:

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 327

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

● SYN-Wait timer: When SYN packets are sent, the SYN-Wait timer starts. If no
response packet is received after the SYN-Wait timer expires, the TCP6
connection is terminated.
● FIN-Wait timer: When the TCP connection status changes from FIN_WAIT_1 to
FIN_WAIT_2, the FIN-Wait timer starts. If no response packet is received after
the FIN-Wait timer expires, the TCP6 connection is terminated.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run tcp ipv6 timer syn-timeout interval
The SYN-Wait timer is set for TCP6 connections.
By default, the SYN-Wait timer is set to 75s.
Step 3 Run tcp ipv6 timer fin-timeout interval
The FIN-Wait timer is set for TCP6 connections.
By default, the FIN-Wait timer is set to 600s.

----End

9.12.2 Setting the TCP6 Sliding Window Size

Context
You can set a TCP6 sliding window size to improve network performance. The
sliding window size indicates the receive or send buffer size of a TCP6 socket.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run tcp ipv6 window window-size
The receive or send buffer size of a TCP6 socket is set.
By default, the receive or send buffer size of a TCP6 socket is 8 KB. The receive or
send buffer size of a TCP6 socket ranges from 1 KB to 32 KB.

----End

9.12.3 Setting the MSS Value for a TCP6 Connection

Context
Setting a minimum Maximum Segment Size (MSS) value for a TCP6 connection
defines the smallest TCP6 packet size, preventing Denial of Service (DoS) attacks
caused by packets with small MSS values.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 328

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Setting a maximum MSS value for a TCP6 connection defines the largest TCP6
packet size, allowing TCP6 packets to be successfully forwarded by intermediate
devices when no Path MTU is available.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run tcp ipv6 min-mss mss-value
The minimum MSS value is set for a TCP6 connection.
By default, the minimum MSS value for a TCP6 connection is 216 bytes.
Step 3 Run tcp ipv6 max-mss mss-value
The maximum MSS value is set for a TCP6 connection.
By default, the maximum MSS value is not configured for TCP6 connections.

NOTE

The maximum MSS value configured using the tcp ipv6 max-mss command must be
greater than the minimum MSS value configured using the tcp ipv6 min-mss command.

----End

9.12.4 Verifying the TCP6 Configuration

Procedure
● Run the display tcp ipv6 status [ [ task-id task-id [ socket-id socket-id ] ] |
[ local-ip ipv6-address ] [ local-port local-port-number ] [ remote-ip ipv6-
address ] [ remote-port remote-port-number ] ] command to check the
status of all TCP6 connections.
● Run the display tcp ipv6 statistics command to check TCP6 traffic statistics.
● Run the display udp ipv6 statistics command to check UDP6 statistics.
● Run the display ipv6 socket [ socktype socket-type | task-id task-id socket-
id socket-id ] command to check information about a specified socket.
----End

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 329

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

9.13 Maintaining IPv6

9.13.1 Clearing IPv6 Statistics
Context

NOTICE

IPv6 statistics cannot be restored after being cleared. Therefore, exercise caution
before clearing IPv6 statistics.

Procedure
● Run the reset ipv6 attack-source overlapping-fragment command in the
user view to clear statistics on overlapping fragment attack packets.
● Run the reset ipv6 socket pktsort task-id task-id socket-id socket-id
command in the user view to clear statistics on the dual receive buffer of an
IPv6 socket.
● Run the reset rawip ipv6 statistics command in the user view to clear all
Raw IPv6 packet statistics.
● Run the reset tcp ipv6 authentication-statistics src-ip src-ip src-port src-
port dest-ip dest-ip dest-port dest-port command in the user view to clear
authentication statistics of a specified TCP6 connection.
● Run the reset ipv6 statistics command in the user view to clear IPv6 traffic
statistics.
● Run the reset tcp ipv6 statistics command in the user view to clear TCP6
statistics.
● Run the reset udp ipv6 statistics command in the user view to clear UDP6
statistics.
● Run the reset ipv6 pathmtu [ vpn-instance vpn-instance-name ] { all |
dynamic | static } command in the user view to clear PMTU entries.
● Run the reset ipv6 neighbors { all | dynamic | static | vid vlan-id [ interface-
type interface-number] | interface-type interface-number [ dynamic |
static ] } command in the user view to clear IPv6 neighbor entries.
----End

9.13.2 Monitoring IPv6 Running Status

Context
You can run the following commands in any view to check IPv6 running status.

Procedure
● Run the display ipv6 interface [ interface-type interface-number | brief ]
command to check IPv6 information about a specified interface.

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 330

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

● Run the display ipv6 statistics command to check IPv6 traffic statistics.
● Run the display icmpv6 statistics command to check ICMPv6 traffic statistics.
● Run the display tcp ipv6 status command to check the TCP6 connection
status.
● Run the display tcp ipv6 statistics command to check TCP6 traffic statistics.
● Run the display udp ipv6 statistics command to check UDP6 statistics.
● Run the display ipv6 neighbors [ ipv6-address | [ vid vid ] interface-type
interface-number | vpn-instance vpn-instance-name ] command to check
neighbor entries.
● Run the display ipv6 socket [ socktype socket-type | task-id task-id socket-
id socket-id ] command to check information about a specified socket.
● Run the display ipv6 pathmtu [ vpn-instance vpn-instance-name ] { ipv6-
address | all | dynamic | static } command to check PMTU entries.
● Run the display default-parameter tcp6 command to check the default
values of all configurable parameters on the TCP6 module.
● Run the display ipv6 attack-source overlapping-fragment command to
check source information about overlapping fragment attacks.
● Run the display rawip ipv6 statistics command to check Raw IPv6 packet
statistics.
● Run the display tcp ipv6 authentication-statistics command to check
authentication statistics of a specified TCP6 connection.

----End

9.14 Example for Configuring IPv6 Addresses for

Interfaces
Networking Requirements
In Figure 9-16, GE1/0/1 of SwitchA connects to GE1/0/1 of SwitchB. The two
interfaces correspond to their VLANIF interfaces (VLANIF 100). You need to
configure IPv6 addresses for the VLANIF interfaces and check the Layer 3
interconnection between the interfaces.

IPv6 addresses for the VLANIF interfaces are fc00:1::1/64 and fc00:1::2/64.

Figure 9-16 Networking diagram for configuring IPv6 addresses for interfaces
SwitchA SwitchB

GE1/0/1 GE1/0/1
VLANIF100 VLANIF100
fc00:1::1/64 fc00:1::2/64

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 331

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

Configuration Roadmap
The configuration roadmap is as follows:
1. Enable the IPv6 forwarding function on SwitchA and SwitchB.
2. Configure IPv6 addresses for the interfaces.

Procedure
Step 1 Enable the IPv6 forwarding function on switches.
# Configure SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] ipv6

# Configure SwitchB.
<HUAWEI> system-view
[HUAWEI] sysname SwitchB
[SwitchB] ipv6

Step 2 Configure IPv6 addresses for the interfaces.

# Configure SwitchA.
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-type hybrid
[SwitchA-GigabitEthernet1/0/1] port hybrid pvid vlan 100
[SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 100
[SwitchA-GigabitEthernet1/0/1] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ipv6 enable
[SwitchA-Vlanif100] ipv6 address fc00:1::1/64
[SwitchA-Vlanif100] quit

# Configure SwitchB.
[SwitchB] vlan 100
[SwitchB-vlan100] quit
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-type hybrid
[SwitchB-GigabitEthernet1/0/1] port hybrid pvid vlan 100
[SwitchB-GigabitEthernet1/0/1] port hybrid untagged vlan 100
[SwitchB-GigabitEthernet1/0/1] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] ipv6 enable
[SwitchB-Vlanif100] ipv6 address fc00:1::2/64
[SwitchB-Vlanif100] quit

Step 3 Verify the configuration.

# Check interface information on SwitchA.
[SwitchA] display ipv6 interface vlanif 100
Vlanif100 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::218:20FF:FE00:83
Global unicast address(es):
FC00:1::1, subnet is FC00:1::/64
Joined group address(es):
FF02::1:FF00:1
FF02::1:FF00:83
FF02::2

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 332

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
ND stale time is 1200 seconds

# Check interface information on SwitchB.

[SwitchB] display ipv6 interface vlanif 100
Vlanif100 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2E0:FCFF:FE33:11
Global unicast address(es):
FC00:1::2, subnet is FC00:1::/64
Joined group address(es):
FF02::1:FF00:2
FF02::1:FF33:11
FF02::2
FF02::1
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
ND stale time is 1200 seconds

# Ping the IPv6 address of SwitchB from SwitchA.

[SwitchA] ping ipv6 FC00:1::2
PING FC00:1::2 : 56 data bytes, press CTRL_C to break
Reply from FC00:1::2
bytes=56 Sequence=1 hop limit=64 time = 12 ms
Reply from FC00:1::2
bytes=56 Sequence=2 hop limit=64 time = 3 ms
Reply from FC00:1::2
bytes=56 Sequence=3 hop limit=64 time = 3 ms
Reply from FC00:1::2
bytes=56 Sequence=4 hop limit=64 time = 3 ms
Reply from FC00:1::2
bytes=56 Sequence=5 hop limit=64 time = 3 ms

--- FC00:1::2 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/4/12 ms

----End

Configuration File
● SwitchA configuration file
#
sysname SwitchA
#
ipv6
#
vlan batch 100
#
interface Vlanif100
ipv6 enable
ipv6 address FC00:1::1/64
#
interface GigabitEthernet1/0/1
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 333

S12700 Series Agile Switches
Configuration Guide - IP Service 9 Basic IPv6 Configuration

● SwitchB configuration file

#
sysname SwitchB
#
ipv6
#
vlan batch 100
#
interface Vlanif100
ipv6 enable
ipv6 address FC00:1::2/64
#
interface GigabitEthernet1/0/1
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return

Issue 11 (2020-11-15) Copyright © Huawei Technologies Co., Ltd. 334