IPv6 Router Discovery

In This Section:

ICMPv6 Router Discovery Protocol is an IETF standard protocol. It lets hosts running an ICMPv6 router discovery client:

Dynamically find other IPv6 nodes.
Find available routers and Domain Name System (DNS) servers.
Learn prefixes and configuration parameters related to address configuration.
Autoconfigure addresses and make relationships between link layer addresses and IPv6 addresses of other nodes.
Find out if a neighbor is reachable and maintaining paths to other active neighbor nodes.
Find duplicated addresses.

Gaia acts as an ICMPv6 router discovery server. It can advertise itself as a candidate default router, but it will not make a router its default router using the IPv6 Router Discovery protocol.

Note - IPv6 Router Discovery and ClusterXL cannot be enabled at the same time. We recommend the VRRP clustering solution with IPv6 Router Discovery.

IPv6 Router Discovery and VRRP

To support VRRP for IPv6 interfaces, only the router in a VRRP master state sends router discovery advertisements. The master sends the advertisements with the Virtual IP address as the source address and the Virtual MAC address as the MAC address. Routers in VRRP backup status do not send router discovery advertisements. When VRRP failover occurs, the new master begins to send out router discovery advertisements.

IPv6 Discovery - Gaia Portal

Open the Advanced Routing > IPv6 Router Discovery page of the Portal.
Click Add.
The Add Interface window opens.
Select an interface on which to enable IPv6 Router Discovery.
Optional: Configure the Router Discovery parameters.
Optional: Configure how address prefix information is advertised, using the Advertise Addresses parameters.

Router Discovery Parameters

Parameter	Description
Interface	The interface on which IPv6 Router Discovery runs.
Min. Advertise interval	The minimum time (in seconds) permitted between sending unsolicited multicast ICMPv6 Router Advertisements on the interface. Unsolicited Router Advertisements are not strictly periodic. The interval between two advertisements is randomized to decrease the probability of synchronization with the advertisements from other routers on the same links. When an unsolicited advertisement is sent, the timer is reset to a random value between the Max. Advertise interval and the Min. Advertise interval. Range: Between 3 seconds and the value of the Max. Advertise interval. Default: 1/3 of the Max. Advertise interval.
Max. Advertise interval	The maximal time (in seconds) permitted between sending unsolicited multicast ICMPv6 Router advertisements on the interface. Range: 4-1800. Default: 600.
Advertisement Lifetime	The length of time (in seconds) during which a host that receives information from a Check Point router thinks of it as a valid router. This value is refreshed when the host sees a router advertisement. If a host does not see a router advertisement for a longer period than this time, the host thinks of the router as "dead" and stops using it. A value of zero means that the router must not be used as a default router. The value is placed in the Router Lifetime field of the Router Advertisements packet. Range: zero, or between Max. Advertise interval and 9000. Default: 3 * Max. Advertise interval.
Reachable timer	The time (in seconds) a node assumes a neighbor is reachable after it received a reachability confirmation. This value is used by the Neighbor Unreachability Detection. The value zero means unspecified (by this router). The reachable time is placed in the `Reachable Time` field in the router advertisement packet. Range: 0-3,600,000. Default: 0.
Retransmission Timer	The time (in seconds) between retransmitted Neighbor Solicitation messages if the node does not receive a response. This value is used by address resolution and Neighbor Unreachability Detection. The value zero means unspecified (by this router). This value is placed in the `Retrans Timer` field in the Router Advertisement packet. Range: number. Default: 0.
Hop limit	Nodes use this value in the Hop count field of the IP header for outgoing IP packets. The value zero means unspecified (by this router). The default value is placed in the `Cur Hop Limit` field in the Router Advertisement packet. Range: 0-255 Default: 64
Managed Config	Specify if hosts do stateful autoconfiguration to get addresses. The `Managed Config` flag is placed in the `managed address configuration flag` field in the router advertisement packet. Default: Not enabled.
Other Config Flag	Specify if hosts do stateful autoconfiguration to get more information (without addresses). The `Other Config` Flag is placed in the `Other stateful configuration flag` field in the router advertisement packet. Default: Not enabled.
Send MTU	If enabled, router advertisement packets include MTU options. Default: Not enabled.

Advertise Addresses Parameters

Parameter	Description
Address	Routers can use IPv6 Router Discovery to communicate address prefixes so that hosts can configure their own IPv6 addresses automatically. Check Point routers automatically configure these prefixes based on their own IPv6 address on the interface which runs IPv6 Router Discovery. The `address` field is set to be the interface address, and the prefix length sent is the mask length of the router’s interface address. Therefore, hosts configure themselves to have the same prefix or mask length as the router. For example, if the router has the interface address `2001:db8::1/32`, hosts automatically configure themselves to have an address with prefix `2001:db8::/32`.
Enable On-Link	Configure if this address prefix is available on the link. This is necessary because it is possible to have multiple prefix combinations on the same subnet in IPv6. Default: Enabled.
Enable Autonomous Address Configuration	If enabled, this prefix can be used for autonomous address configuration. Default: Enabled.
Valid Lifetime	The length of time in seconds (relative to when the packet is sent) that the prefix is valid for on-link determination. The designated value of all 1s (0xffffffff) represents infinity. This value is placed in the `Valid Lifetime` field in the `Prefix Information` option. Range: integer. Default: 2592000 seconds (30 days)
Preferred Lifetime	The length of time in seconds (from the time the packet is sent) that addresses generated from the prefix through stateless address autoconfiguration stay preferred. That means that the node can use the prefix in existing connections, but it is not valid for new connections. The designated value of all 1s (0xffffffff) represents infinity. This value is placed in the `Preferred Lifetime` field in the `Prefix Information` option. Range: integer. Default: 604800 seconds (7 days).

IPv6 Discovery - Gaia Clish (ipv6 rdisc6)

Use these commands to configure IPv6 router discovery properties for a named interface:

set ipv6 rdisc6 interface <if_name>

{on | off}

dnshost <FQDN>

{on | off}

dnshost-lifetime {<0-2147483647> | default}

dnsserver <IPv6 address>

{on | off}

dnsserver-lifetime {<0-2147483647> | default}

hop-limit {<0–255> | default}

managed-config {on | off}

max-adv-interval {<4-1800> | default}

min‑adv-interval {<3-1800> | default}

other-config {on | off}

reachable-time {<0–3600000> | default}

retransmit-timer {<0-2147483647> | default}

router-lifetime {<0-2147483647> | default}

send-mtu {on | off}

Use these commands to configure how address prefix information is advertised:

set ipv6 rdisc6 interface <if_name>

address <IPv6 address> autonomous {on | off}

address <IPv6 address> default

address <IPv6 address> on-link {on | off}

address <IPv6 address> prefix-pref-lifetime {<0-4294967295> | default}

address <IPv6 address> prefix-valid-lifetime {<0-4294967295> | default}

Parameters

Parameter	Description
`interface <`if_name>	The interface on which IPv6 Router Discovery is running.
`{on \| off}`	Whether to run ICMPv6 router discovery on a specified interface.
`min-adv-interval <3–1800>`	The minimum time (in seconds) allowed between sending unsolicited multicast ICMPv6 Router Advertisements on the interface. Unsolicited Router Advertisements are not strictly periodic. The interval between two advertisements is randomized to decrease the probability of synchronization with the advertisements from other routers on the same links. When an unsolicited advertisement is sent, the timer is reset to a random value between the Max. Advertise interval and the Min. Advertise interval.
`min-adv-interval default`	1/3 of the `max-adv-interval`.
`max-adv-interval <4–1800>`	The maximum time (in seconds) allowed between sending unsolicited multicast ICMPv6 Router advertisements on the interface.
`max-adv-interval default`	600 seconds
`hop-limit <0–255>`	Nodes use this value in the Hop count field of the IP header for outgoing IP packets. The value zero means unspecified (by this router). The default value is placed in the `Cur Hop Limit` field in the Router Advertisement packet.
`hop-limit default`	64
`managed-config {on \| off}`	Specify if hosts do stateful autoconfiguration to get addresses. The `Managed Config` flag is placed in the `managed address configuration flag` field in the router advertisement packet. Default: Off
`other-config {on \| off}`	Specify if hosts do stateful autoconfiguration to get more information (without addresses). The `Other Config` Flag is placed in the `Other stateful configuration flag` field in the router advertisement packet. Default: Off
`reachable-time <0–3600000>`	The time (in seconds) a node assumes a neighbor is reachable after having received a reachability confirmation. This value is used by the Neighbor Unreachability Detection. The value zero means unspecified (by this router). The reachable time is placed in the `Reachable Time` field in the router advertisement packet.
`reachable-time default`	Zero (0) seconds.
`retransmit-timer` <integer>	The time (in seconds) between retransmitted Neighbor Solicitation messages if the node does not receive a response. This value is used by address resolution and Neighbor Unreachability Detection. The value zero means unspecified (by this router). This value is placed in the `Retrans Timer` field in the Router Advertisement packet.
`retransmit-timer default`	Zero (0) seconds.
`router-lifetime` <integer>	The length of time (in seconds) that a host that is receiving information from a Check Point router thinks of it as a valid router. This value is refreshed when the host sees a router advertisement. If a host does not see a router advertisement for more than this time, the host thinks of the router as "dead" and stops using it. A value of zero means that the router is not to be used as a default router. The value is placed in the Router Lifetime field of the Router Advertisements packet. Range: zero, or between Max adv interval and 9000.
`router-lifetime default`	3 * `max-adv-interval`
`send-mtu {on \| off}`	If enabled, router advertisement packets include MTU options. Default: Off

Advertise Addresses Parameters

Parameter	Description
`address` <IP6 address>	Routers can use IPv6 Router Discovery to communicate address prefixes for hosts to configure their own IPv6 addresses automatically. Check Point routers automatically configure these prefixes based on their own IPv6 address on the interface running IPv6 Router Discovery. The `address` field is set to be the interface address, and the prefix length sent is the mask length of the router’s interface address. Therefore, hosts configure themselves to be the same prefix / mask length as the router. For example, if the router has the interface address `2001:db8::1/32`, hosts will automatically configure themselves to have an address with prefix `2001:db8::/32`.
`autonomous {on \| off}`	If enabled, this prefix can be used for autonomous address configuration. Default: On
`on-link {on \| off}`	Configure if this address prefix is available on the link. This is necessary because it is possible to have multiple prefix combinations on the same subnet in IPv6. Default: On
`prefix-valid-lifetime` <integer>	The length of time in seconds (relative to the time the packet is sent) that the prefix is valid for on-link determination. The designated value of all 1s (0xffffffff) represents infinity. This value is placed in the `Valid Lifetime` field in the `Prefix Information` option. Range: Integer.
`prefix-valid-lifetime default`	2592000 seconds (30 days)
`prefix-pref-lifetime` <integer>	The length of time in seconds (from the time the packet is sent) that addresses generated from the prefix through stateless address autoconfiguration stay preferred. That means that the node can use the prefix in existing connections, but it is not valid for new connections. The designated value of all 1s (0xffffffff) represents infinity. This value is placed in the `Preferred Lifetime` field in the `Prefix Information` option. Range: Integer
`prefix-pref-lifetime default`	604800 seconds (7 days).

Monitoring IPv6 Router Discovery

You can monitor IPv6 Router Discovery in the Portal and in the Clish CLI.

Monitoring IPv6 Router Discovery - Gaia Portal

In the Portal, go to the Advanced Routing > IPv6 Router Discovery page.
Click the Monitoring tab.

The page shows:

A Summary.
Settings for the Interfaces.
Statistics per interface.

Monitoring IPv6 Router Discovery - Gaia Clish

Use these Gaia Clish commands to monitor IPv6 Router Discovery:

show ipv6 rdisc6

summary

interface <if_name>

interfaces

stats

IPv6 Router Discovery commands summary

SET commands:

Note - Enter set ipv6 rdisc6 [Esc][Esc].

set ipv6 rdisc6 interface VALUE address VALUE autonomous VALUE

set ipv6 rdisc6 interface VALUE address VALUE default

set ipv6 rdisc6 interface VALUE address VALUE on-link VALUE

set ipv6 rdisc6 interface VALUE address VALUE prefix-pref-lifetime VALUE

set ipv6 rdisc6 interface VALUE address VALUE prefix-valid-lifetime VALUE

set ipv6 rdisc6 interface VALUE dnshost VALUE dnshost-lifetime VALUE

set ipv6 rdisc6 interface VALUE dnshost VALUE off

set ipv6 rdisc6 interface VALUE dnshost VALUE on

set ipv6 rdisc6 interface VALUE dnsserver VALUE dnsserver-lifetime VALUE

set ipv6 rdisc6 interface VALUE dnsserver VALUE off

set ipv6 rdisc6 interface VALUE dnsserver VALUE on

set ipv6 rdisc6 interface VALUE hop-limit VALUE

set ipv6 rdisc6 interface VALUE managed-config VALUE

set ipv6 rdisc6 interface VALUE max-adv-interval VALUE

set ipv6 rdisc6 interface VALUE min-adv-interval VALUE

set ipv6 rdisc6 interface VALUE off

set ipv6 rdisc6 interface VALUE on

set ipv6 rdisc6 interface VALUE other-config VALUE

set ipv6 rdisc6 interface VALUE reachable-time VALUE

set ipv6 rdisc6 interface VALUE retransmit-timer VALUE

set ipv6 rdisc6 interface VALUE router-lifetime VALUE

set ipv6 rdisc6 interface VALUE send-mtu VALUE

SHOW commands:

Note - Enter show ipv6 rdisc6 [Esc][Esc].

show ipv6 rdisc6 interface VALUE

show ipv6 rdisc6 interfaces

show ipv6 rdisc6 stats

show ipv6 rdisc6 summary