Enabling ND proxy
ND proxy supports the NS and NA messages only.
Introduction
If a host sends an NS message requesting the hardware address of another host that is isolated from the sending host at Layer 2, the device between the hosts must be able to forward the NS message to allow Layer 3 communication between the two hosts. This process is achieved by ND proxy.
Depending on application scenarios, ND proxy falls into common ND proxy and local ND proxy.
Common ND proxy
As shown in Figure 57, VLAN-interface 1 with IPv6 address 4:1::99/64 and VLAN-interface 2 with IPv6 address 4:2::99/64 belong to different subnets. Host A and Host B reside on the same network but in different broadcast domains.
Figure 57: Application environment of common ND proxy
Because Host A's IPv6 address is on the same subnet as Host B's, Host A directly sends an NS message to obtain Host B's MAC address. However, Host B cannot receive the NS message because they belong to different broadcast domains.
To solve this problem, enable common ND proxy on VLAN-interface 1 and VLAN-interface 2 of the switch. The switch finds the matching forwarding entry according to the destination IPv6 address of the NS message and sends the message through the output interface of that entry. Upon receiving the NS message, Host B sends an NA message to the switch, which forwards it to Host A.
Local ND proxy
As shown in Figure 58, both Host A and Host B belong to VLAN 2, but they connect to GigabitEthernet 1/0/3 and GigabitEthernet 1/0/1 respectively, which are isolated at Layer 2.
Figure 58: Application environment of local ND proxy
Because Host A's IPv6 address is on the same subnet as Host B's, Host A directly sends an NS message to obtain Host B's MAC address. However, Host B cannot receive the NS message because they are isolated at Layer 2.
To solve this problem, enable local ND proxy on VLAN-interface 2 of the switch A so that the switch A can forward messages between Host A and Host B.
Local ND proxy implements Layer 3 communication for two hosts in the following cases:
The two hosts must connect to different isolated Layer 2 ports of a VLAN.
If super VLAN is used, the two hosts must belong to different sub VLANs.
If isolate-user-VLAN is used, the two hosts must belong to different secondary VLANs.
Configuration procedure
You can enable common ND proxy and local ND proxy in VLAN interface view, Layer 3 Ethernet port view.
To enable common ND proxy:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | N/A |
3. Enable common ND proxy. | proxy-nd enable | Disabled by default |
To enable local ND proxy:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | N/A |
3. Enable local ND proxy. | local-proxy-nd enable | Optional. Disabled by default. |