Prefix Management Table

After enabled the ND snooping, the device captures RA messages sent from the trusted port and generates a prefix management table. An entry includes information about prefix, prefix length, port, VLAN ID, valid- time, prefix-type.

Entry Creation and Update Mechanism of Prefix Management Table

After ND snooping is enabled, a trusted port receives an RA message and checks whether the prefix of the message exists.

• If the prefix does not exist, the system creates a new prefix management table entry.

• If the prefix exists, the device updates the entries according to the RA message and forwards.

When the untrusted port receives a RA message, it will discard the message. If the port receives the NS/NA/RS message, it will process the entries then decide forward or not.

Aging Mechanism of Prefix Management Table Entries

When the valid time in the prefix table expires, the entry will be deleted.

ND Snooping Dynamic Binding Table

After ND snooping enabled, the device establishes the ND snooping dynamic binding table, and the device can filter spoofed messages by checking NA, NS, and RS messages against dynamic binding table entry. An entry includes information about IPv6 address, MAC address, input port, VLAN ID, lease.

Entry Creation and Update Mechanism of Dynamic Binding Table

After ND snooping enabled, the device receives a DAD NS message, it will check whether there is a corresponding prefix management table entry based on the Target Address.

The creation and update mechanism of the dynamic binding table in ND snooping is as follows:

Receiving DAD Messages

If entry does not exist, the message will be discarded.

If the entry exists, it then checks whether there is a ND snooping dynamic binding table entry based on Target Address.

• If no such entry exists, the device creates a new ND snooping dynamic binding table entry and forwards the message.

• If the entry exists, the device checks whether the source MAC address, input port, and VLAN of the DAD NS message are the same with the entry.

  • If they are consistent, it updates the address lease of the corresponding entry.

  • If the MAC addresses are consistent but other information is not, it updates other fields in the entry and forwards the message.

  • If the MAC addresses are different, the device retains the entry and forwards the message.

Receiving NS or RS Messages

When the device receives a common NS or RS message, it checks if there is a corresponding dynamic binding entry based on source IP address. If no such entry exists, the message will be discarded. If an entry exists, the device checks if the MAC address, input port, and VLAN of the NS/RS message are the same with the entry.

• If all the information is consistent, the device updates lease.

• If the information is different, the device discards the message.

Receiving NA Messages

When the device receives a NA message, it checks if there is a corresponding dynamic binding entry based on source IP address. If no such entry exists, the NA message will be discarded. If an entry exists, the device then checks if the MAC address, port, and VLAN in the NA message are the same.

• If all the information is same, the device will update lease.

• If the MAC address is the same but other information are not, the device will update data and forward the message.

• If the MAC address is different, the device discards the message.

Aging Mechanism of Dynamic Binding Table Entries

If the lease time of a user address expires, the table entry ages automatically.

When the device receives a new or updated entry from NS message, the detailed description is as follows.

If it receives a response NA message notifying that the user's address has been used from other users within a certain period, the device will delete the entry.

If the device receives a response NA message notifying that the user's address has been used from other users beyond this period, the device does not delete the entry.