OSI layer of Neighbor Discovery Protocol












5














NDP operates using ICMPv6 and, even though ICMPv6 messages are encapsulated in payload field of IPv6 datagram, ICMPv6 and ICMP are usually considered as network layer protocols. At least, on Wikipedia they are network layer protocols.



So I thought that NDP, thus, is also network layer protocol. However, on Wikipedia it is directly stated that it is a link layer protocol:




The Neighbor Discovery Protocol (NDP, ND)[1] is a protocol in the Internet protocol suite used with Internet Protocol Version 6 (IPv6). It operates at the Link Layer of the Internet model (RFC 1122), and is responsible for gathering various information required for internet communication, including the configuration of local connections and the domain name servers and gateways used to communicate with more distant systems. [https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol]




So my hypothesis is that NDP is considered as a link layer protocol because ICMPv6 messages used by NDP (Neighbor Solicitations, Router Advertisements, Redirects and so on) never leave the local network -- the same as ARP messages never leave the local network. Am I right?



Thank you for attention.



UPDATE 1:



Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?



UPDATE 2:



Though it looks like nothing can actually prevent me from sending Neighbor Solicitation to any host in the Internet. ICMPv6 is routable. So I can choose any destination IPv6 including that which is outside my network.










share|improve this question









New contributor




JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    5














    NDP operates using ICMPv6 and, even though ICMPv6 messages are encapsulated in payload field of IPv6 datagram, ICMPv6 and ICMP are usually considered as network layer protocols. At least, on Wikipedia they are network layer protocols.



    So I thought that NDP, thus, is also network layer protocol. However, on Wikipedia it is directly stated that it is a link layer protocol:




    The Neighbor Discovery Protocol (NDP, ND)[1] is a protocol in the Internet protocol suite used with Internet Protocol Version 6 (IPv6). It operates at the Link Layer of the Internet model (RFC 1122), and is responsible for gathering various information required for internet communication, including the configuration of local connections and the domain name servers and gateways used to communicate with more distant systems. [https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol]




    So my hypothesis is that NDP is considered as a link layer protocol because ICMPv6 messages used by NDP (Neighbor Solicitations, Router Advertisements, Redirects and so on) never leave the local network -- the same as ARP messages never leave the local network. Am I right?



    Thank you for attention.



    UPDATE 1:



    Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?



    UPDATE 2:



    Though it looks like nothing can actually prevent me from sending Neighbor Solicitation to any host in the Internet. ICMPv6 is routable. So I can choose any destination IPv6 including that which is outside my network.










    share|improve this question









    New contributor




    JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      5












      5








      5


      2





      NDP operates using ICMPv6 and, even though ICMPv6 messages are encapsulated in payload field of IPv6 datagram, ICMPv6 and ICMP are usually considered as network layer protocols. At least, on Wikipedia they are network layer protocols.



      So I thought that NDP, thus, is also network layer protocol. However, on Wikipedia it is directly stated that it is a link layer protocol:




      The Neighbor Discovery Protocol (NDP, ND)[1] is a protocol in the Internet protocol suite used with Internet Protocol Version 6 (IPv6). It operates at the Link Layer of the Internet model (RFC 1122), and is responsible for gathering various information required for internet communication, including the configuration of local connections and the domain name servers and gateways used to communicate with more distant systems. [https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol]




      So my hypothesis is that NDP is considered as a link layer protocol because ICMPv6 messages used by NDP (Neighbor Solicitations, Router Advertisements, Redirects and so on) never leave the local network -- the same as ARP messages never leave the local network. Am I right?



      Thank you for attention.



      UPDATE 1:



      Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?



      UPDATE 2:



      Though it looks like nothing can actually prevent me from sending Neighbor Solicitation to any host in the Internet. ICMPv6 is routable. So I can choose any destination IPv6 including that which is outside my network.










      share|improve this question









      New contributor




      JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      NDP operates using ICMPv6 and, even though ICMPv6 messages are encapsulated in payload field of IPv6 datagram, ICMPv6 and ICMP are usually considered as network layer protocols. At least, on Wikipedia they are network layer protocols.



      So I thought that NDP, thus, is also network layer protocol. However, on Wikipedia it is directly stated that it is a link layer protocol:




      The Neighbor Discovery Protocol (NDP, ND)[1] is a protocol in the Internet protocol suite used with Internet Protocol Version 6 (IPv6). It operates at the Link Layer of the Internet model (RFC 1122), and is responsible for gathering various information required for internet communication, including the configuration of local connections and the domain name servers and gateways used to communicate with more distant systems. [https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol]




      So my hypothesis is that NDP is considered as a link layer protocol because ICMPv6 messages used by NDP (Neighbor Solicitations, Router Advertisements, Redirects and so on) never leave the local network -- the same as ARP messages never leave the local network. Am I right?



      Thank you for attention.



      UPDATE 1:



      Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?



      UPDATE 2:



      Though it looks like nothing can actually prevent me from sending Neighbor Solicitation to any host in the Internet. ICMPv6 is routable. So I can choose any destination IPv6 including that which is outside my network.







      ip ipv6 osi icmpv6 ndp






      share|improve this question









      New contributor




      JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited Dec 26 at 16:50





















      New contributor




      JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked Dec 26 at 15:35









      JenyaKh

      706




      706




      New contributor




      JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          4 Answers
          4






          active

          oldest

          votes


















          4














          First of all: In every "model" you will find some aspects that do not describe the reality correctly. This is true for "models" in computer science, financial theory, politics or any other field of science. As the word already says, the "OSI model" is a "model" so it does not describe the reality correctly in all aspects.



          Especially the question "what layer is the protocol XYZ" often has no definite answer: Think about tunneling IP packets in HTTPS connections in a VPN session.



          However, the so-called "TCP/IP model" (which is a simplified alternative to the OSI model) sees ICMP packets in the layer corresponding to OSI layer 3, not layer 2.



          This model does not see ICMP as own layer-3 protocol, but as part of the IP protocol (which is clearly layer 3):



          Placing NDP in any other layer than layer-3 would imply that this protocol works together with any layer-3 protocol (e.g. NDP can be used together with IPv4). However this is not the case.



          It would have been possible to place NDP between layer-2 and layer-3:



          ARP for example is placed "between" layer-2 and layer-3 (Wikipedia says "layer 2.5") to indicate that this protocol will only work together with certain combinations of layer-2 and layer-3 protocols. (As far as I know ARP only works with the combination IPv4 and Ethernet).



          However this is not true in the case of NDP: NDP should work with every layer-2 protocol.




          Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?






          1. This criterion is not sufficient to say that a protocol is on layer 2:



            DHCP also never leaves the local network - however DHCP covers OSI layers 5-7.




          2. There is at least one case I know where NDP messages travel around the world:



            When using IPv6 using Teredo!








          share|improve this answer





















          • Thank you for the answer!
            – JenyaKh
            Dec 26 at 17:21










          • "ARP only works with the combination IPv4 and Ethernet" -- 802.11, too.
            – JoL
            Dec 26 at 20:49










          • DHCP can be forwarded by routers. This is done when an organization has a central DHCP server for all subnets.
            – Barmar
            Dec 26 at 21:41










          • @JoL Technically that is correct. However WLAN seems to have been designed in a way to be 1:1 compatible to Ethernet; so every Ethernet frame can be converted to a WLAN frame and vice versa. This would not be the case for PPP, which uses completely different packet type identifiers.
            – Martin Rosenau
            Dec 27 at 6:48



















          6














          The OSI model is a conceptual idea -- it doesn't relate to anything that people actually built. Moreover, IPv4 and IPv6 were developed without the OSI model in mind, so there is no direct correlation between them. Many IPv4 protocols don't really fit the model, and the same is true of IPv6.



          People spend endless hours debating at what layer a particular protocol resides. Your reasoning is as good as any.



          See this questions and answer for more information on the OSI model and networking protocols.






          share|improve this answer





















          • I see. But am I right that NDP ICMPv6 messages never leave the bounds of local network so this is why we can say that NDP is link layer even though ICMPv6 is network layer?
            – JenyaKh
            Dec 26 at 16:26










          • Yes, I suppose.
            – Ron Trunk
            Dec 26 at 16:30










          • Thank you for the answer!
            – JenyaKh
            Dec 26 at 16:31



















          3














          NDP belongs to the L3 network layer, it is an essential part of IPv6. Just like IPv6 it is encapsulated in L2 frames, so it uses - or operates on top of - the data link layer (most often Ethernet).






          share|improve this answer





























            3














            I also want to answer my own question. The answer concerns particularly the two UPDATES which I appended to the initial question. I wondered what will happen if I try to send any NDP ICMPv6 message to a host outside my local network. This sounds like a security problem. So I found that the problem is solved in the following way in RFC-4861
            [https://tools.ietf.org/html/rfc4861]:




            11.2. Securing Neighbor Discovery Messages



            The protocol reduces the exposure to the above threats in the absence
            of authentication by ignoring ND packets received from off-link
            senders. The Hop Limit field of all received packets is verified to
            contain 255, the maximum legal value. Because routers decrement the
            Hop Limit on all packets they forward, received packets containing a
            Hop Limit of 255 must have originated from a neighbor.




            and




            3.1. Comparison with IPv4



            By setting the Hop Limit to 255, Neighbor Discovery is immune to
            off-link senders that accidentally or intentionally send ND
            messages. In IPv4, off-link senders can send both ICMP Redirects
            and Router Advertisement messages.




            So in each of the sections of this RFC-4861, corresponding to each type of NDP messages, --



            6.1.1.  Validation of Router Solicitation Messages
            6.1.2. Validation of Router Advertisement Messages
            7.1.1. Validation of Neighbor Solicitations
            7.1.2. Validation of Neighbor Advertisements
            8.1. Validation of Redirect Messages


            -- there is the following phrase:




            A host MUST silently discard any received message that does not satisfy all of the following validity checks:




            • The IP Hop Limit field has a value of 255, i.e., the packet could not possibly have been forwarded by a router.


            • ...





            So normally NDP messages have capability to travel only locally in the network and should not be routed.






            share|improve this answer








            New contributor




            JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.


















              Your Answer








              StackExchange.ready(function() {
              var channelOptions = {
              tags: "".split(" "),
              id: "496"
              };
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using("snippets", function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: 'answer',
              autoActivateHeartbeat: false,
              convertImagesToLinks: false,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: null,
              bindNavPrevention: true,
              postfix: "",
              imageUploader: {
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              },
              noCode: true, onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              });


              }
              });






              JenyaKh is a new contributor. Be nice, and check out our Code of Conduct.










              draft saved

              draft discarded


















              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f55682%2fosi-layer-of-neighbor-discovery-protocol%23new-answer', 'question_page');
              }
              );

              Post as a guest















              Required, but never shown

























              4 Answers
              4






              active

              oldest

              votes








              4 Answers
              4






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes









              4














              First of all: In every "model" you will find some aspects that do not describe the reality correctly. This is true for "models" in computer science, financial theory, politics or any other field of science. As the word already says, the "OSI model" is a "model" so it does not describe the reality correctly in all aspects.



              Especially the question "what layer is the protocol XYZ" often has no definite answer: Think about tunneling IP packets in HTTPS connections in a VPN session.



              However, the so-called "TCP/IP model" (which is a simplified alternative to the OSI model) sees ICMP packets in the layer corresponding to OSI layer 3, not layer 2.



              This model does not see ICMP as own layer-3 protocol, but as part of the IP protocol (which is clearly layer 3):



              Placing NDP in any other layer than layer-3 would imply that this protocol works together with any layer-3 protocol (e.g. NDP can be used together with IPv4). However this is not the case.



              It would have been possible to place NDP between layer-2 and layer-3:



              ARP for example is placed "between" layer-2 and layer-3 (Wikipedia says "layer 2.5") to indicate that this protocol will only work together with certain combinations of layer-2 and layer-3 protocols. (As far as I know ARP only works with the combination IPv4 and Ethernet).



              However this is not true in the case of NDP: NDP should work with every layer-2 protocol.




              Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?






              1. This criterion is not sufficient to say that a protocol is on layer 2:



                DHCP also never leaves the local network - however DHCP covers OSI layers 5-7.




              2. There is at least one case I know where NDP messages travel around the world:



                When using IPv6 using Teredo!








              share|improve this answer





















              • Thank you for the answer!
                – JenyaKh
                Dec 26 at 17:21










              • "ARP only works with the combination IPv4 and Ethernet" -- 802.11, too.
                – JoL
                Dec 26 at 20:49










              • DHCP can be forwarded by routers. This is done when an organization has a central DHCP server for all subnets.
                – Barmar
                Dec 26 at 21:41










              • @JoL Technically that is correct. However WLAN seems to have been designed in a way to be 1:1 compatible to Ethernet; so every Ethernet frame can be converted to a WLAN frame and vice versa. This would not be the case for PPP, which uses completely different packet type identifiers.
                – Martin Rosenau
                Dec 27 at 6:48
















              4














              First of all: In every "model" you will find some aspects that do not describe the reality correctly. This is true for "models" in computer science, financial theory, politics or any other field of science. As the word already says, the "OSI model" is a "model" so it does not describe the reality correctly in all aspects.



              Especially the question "what layer is the protocol XYZ" often has no definite answer: Think about tunneling IP packets in HTTPS connections in a VPN session.



              However, the so-called "TCP/IP model" (which is a simplified alternative to the OSI model) sees ICMP packets in the layer corresponding to OSI layer 3, not layer 2.



              This model does not see ICMP as own layer-3 protocol, but as part of the IP protocol (which is clearly layer 3):



              Placing NDP in any other layer than layer-3 would imply that this protocol works together with any layer-3 protocol (e.g. NDP can be used together with IPv4). However this is not the case.



              It would have been possible to place NDP between layer-2 and layer-3:



              ARP for example is placed "between" layer-2 and layer-3 (Wikipedia says "layer 2.5") to indicate that this protocol will only work together with certain combinations of layer-2 and layer-3 protocols. (As far as I know ARP only works with the combination IPv4 and Ethernet).



              However this is not true in the case of NDP: NDP should work with every layer-2 protocol.




              Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?






              1. This criterion is not sufficient to say that a protocol is on layer 2:



                DHCP also never leaves the local network - however DHCP covers OSI layers 5-7.




              2. There is at least one case I know where NDP messages travel around the world:



                When using IPv6 using Teredo!








              share|improve this answer





















              • Thank you for the answer!
                – JenyaKh
                Dec 26 at 17:21










              • "ARP only works with the combination IPv4 and Ethernet" -- 802.11, too.
                – JoL
                Dec 26 at 20:49










              • DHCP can be forwarded by routers. This is done when an organization has a central DHCP server for all subnets.
                – Barmar
                Dec 26 at 21:41










              • @JoL Technically that is correct. However WLAN seems to have been designed in a way to be 1:1 compatible to Ethernet; so every Ethernet frame can be converted to a WLAN frame and vice versa. This would not be the case for PPP, which uses completely different packet type identifiers.
                – Martin Rosenau
                Dec 27 at 6:48














              4












              4








              4






              First of all: In every "model" you will find some aspects that do not describe the reality correctly. This is true for "models" in computer science, financial theory, politics or any other field of science. As the word already says, the "OSI model" is a "model" so it does not describe the reality correctly in all aspects.



              Especially the question "what layer is the protocol XYZ" often has no definite answer: Think about tunneling IP packets in HTTPS connections in a VPN session.



              However, the so-called "TCP/IP model" (which is a simplified alternative to the OSI model) sees ICMP packets in the layer corresponding to OSI layer 3, not layer 2.



              This model does not see ICMP as own layer-3 protocol, but as part of the IP protocol (which is clearly layer 3):



              Placing NDP in any other layer than layer-3 would imply that this protocol works together with any layer-3 protocol (e.g. NDP can be used together with IPv4). However this is not the case.



              It would have been possible to place NDP between layer-2 and layer-3:



              ARP for example is placed "between" layer-2 and layer-3 (Wikipedia says "layer 2.5") to indicate that this protocol will only work together with certain combinations of layer-2 and layer-3 protocols. (As far as I know ARP only works with the combination IPv4 and Ethernet).



              However this is not true in the case of NDP: NDP should work with every layer-2 protocol.




              Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?






              1. This criterion is not sufficient to say that a protocol is on layer 2:



                DHCP also never leaves the local network - however DHCP covers OSI layers 5-7.




              2. There is at least one case I know where NDP messages travel around the world:



                When using IPv6 using Teredo!








              share|improve this answer












              First of all: In every "model" you will find some aspects that do not describe the reality correctly. This is true for "models" in computer science, financial theory, politics or any other field of science. As the word already says, the "OSI model" is a "model" so it does not describe the reality correctly in all aspects.



              Especially the question "what layer is the protocol XYZ" often has no definite answer: Think about tunneling IP packets in HTTPS connections in a VPN session.



              However, the so-called "TCP/IP model" (which is a simplified alternative to the OSI model) sees ICMP packets in the layer corresponding to OSI layer 3, not layer 2.



              This model does not see ICMP as own layer-3 protocol, but as part of the IP protocol (which is clearly layer 3):



              Placing NDP in any other layer than layer-3 would imply that this protocol works together with any layer-3 protocol (e.g. NDP can be used together with IPv4). However this is not the case.



              It would have been possible to place NDP between layer-2 and layer-3:



              ARP for example is placed "between" layer-2 and layer-3 (Wikipedia says "layer 2.5") to indicate that this protocol will only work together with certain combinations of layer-2 and layer-3 protocols. (As far as I know ARP only works with the combination IPv4 and Ethernet).



              However this is not true in the case of NDP: NDP should work with every layer-2 protocol.




              Well, I realized that the point which is most interesting to me is -- if it is right that NDP ICMPv6 messages never leave the bounds of local network?






              1. This criterion is not sufficient to say that a protocol is on layer 2:



                DHCP also never leaves the local network - however DHCP covers OSI layers 5-7.




              2. There is at least one case I know where NDP messages travel around the world:



                When using IPv6 using Teredo!









              share|improve this answer












              share|improve this answer



              share|improve this answer










              answered Dec 26 at 17:09









              Martin Rosenau

              7807




              7807












              • Thank you for the answer!
                – JenyaKh
                Dec 26 at 17:21










              • "ARP only works with the combination IPv4 and Ethernet" -- 802.11, too.
                – JoL
                Dec 26 at 20:49










              • DHCP can be forwarded by routers. This is done when an organization has a central DHCP server for all subnets.
                – Barmar
                Dec 26 at 21:41










              • @JoL Technically that is correct. However WLAN seems to have been designed in a way to be 1:1 compatible to Ethernet; so every Ethernet frame can be converted to a WLAN frame and vice versa. This would not be the case for PPP, which uses completely different packet type identifiers.
                – Martin Rosenau
                Dec 27 at 6:48


















              • Thank you for the answer!
                – JenyaKh
                Dec 26 at 17:21










              • "ARP only works with the combination IPv4 and Ethernet" -- 802.11, too.
                – JoL
                Dec 26 at 20:49










              • DHCP can be forwarded by routers. This is done when an organization has a central DHCP server for all subnets.
                – Barmar
                Dec 26 at 21:41










              • @JoL Technically that is correct. However WLAN seems to have been designed in a way to be 1:1 compatible to Ethernet; so every Ethernet frame can be converted to a WLAN frame and vice versa. This would not be the case for PPP, which uses completely different packet type identifiers.
                – Martin Rosenau
                Dec 27 at 6:48
















              Thank you for the answer!
              – JenyaKh
              Dec 26 at 17:21




              Thank you for the answer!
              – JenyaKh
              Dec 26 at 17:21












              "ARP only works with the combination IPv4 and Ethernet" -- 802.11, too.
              – JoL
              Dec 26 at 20:49




              "ARP only works with the combination IPv4 and Ethernet" -- 802.11, too.
              – JoL
              Dec 26 at 20:49












              DHCP can be forwarded by routers. This is done when an organization has a central DHCP server for all subnets.
              – Barmar
              Dec 26 at 21:41




              DHCP can be forwarded by routers. This is done when an organization has a central DHCP server for all subnets.
              – Barmar
              Dec 26 at 21:41












              @JoL Technically that is correct. However WLAN seems to have been designed in a way to be 1:1 compatible to Ethernet; so every Ethernet frame can be converted to a WLAN frame and vice versa. This would not be the case for PPP, which uses completely different packet type identifiers.
              – Martin Rosenau
              Dec 27 at 6:48




              @JoL Technically that is correct. However WLAN seems to have been designed in a way to be 1:1 compatible to Ethernet; so every Ethernet frame can be converted to a WLAN frame and vice versa. This would not be the case for PPP, which uses completely different packet type identifiers.
              – Martin Rosenau
              Dec 27 at 6:48











              6














              The OSI model is a conceptual idea -- it doesn't relate to anything that people actually built. Moreover, IPv4 and IPv6 were developed without the OSI model in mind, so there is no direct correlation between them. Many IPv4 protocols don't really fit the model, and the same is true of IPv6.



              People spend endless hours debating at what layer a particular protocol resides. Your reasoning is as good as any.



              See this questions and answer for more information on the OSI model and networking protocols.






              share|improve this answer





















              • I see. But am I right that NDP ICMPv6 messages never leave the bounds of local network so this is why we can say that NDP is link layer even though ICMPv6 is network layer?
                – JenyaKh
                Dec 26 at 16:26










              • Yes, I suppose.
                – Ron Trunk
                Dec 26 at 16:30










              • Thank you for the answer!
                – JenyaKh
                Dec 26 at 16:31
















              6














              The OSI model is a conceptual idea -- it doesn't relate to anything that people actually built. Moreover, IPv4 and IPv6 were developed without the OSI model in mind, so there is no direct correlation between them. Many IPv4 protocols don't really fit the model, and the same is true of IPv6.



              People spend endless hours debating at what layer a particular protocol resides. Your reasoning is as good as any.



              See this questions and answer for more information on the OSI model and networking protocols.






              share|improve this answer





















              • I see. But am I right that NDP ICMPv6 messages never leave the bounds of local network so this is why we can say that NDP is link layer even though ICMPv6 is network layer?
                – JenyaKh
                Dec 26 at 16:26










              • Yes, I suppose.
                – Ron Trunk
                Dec 26 at 16:30










              • Thank you for the answer!
                – JenyaKh
                Dec 26 at 16:31














              6












              6








              6






              The OSI model is a conceptual idea -- it doesn't relate to anything that people actually built. Moreover, IPv4 and IPv6 were developed without the OSI model in mind, so there is no direct correlation between them. Many IPv4 protocols don't really fit the model, and the same is true of IPv6.



              People spend endless hours debating at what layer a particular protocol resides. Your reasoning is as good as any.



              See this questions and answer for more information on the OSI model and networking protocols.






              share|improve this answer












              The OSI model is a conceptual idea -- it doesn't relate to anything that people actually built. Moreover, IPv4 and IPv6 were developed without the OSI model in mind, so there is no direct correlation between them. Many IPv4 protocols don't really fit the model, and the same is true of IPv6.



              People spend endless hours debating at what layer a particular protocol resides. Your reasoning is as good as any.



              See this questions and answer for more information on the OSI model and networking protocols.







              share|improve this answer












              share|improve this answer



              share|improve this answer










              answered Dec 26 at 15:45









              Ron Trunk

              34.6k23171




              34.6k23171












              • I see. But am I right that NDP ICMPv6 messages never leave the bounds of local network so this is why we can say that NDP is link layer even though ICMPv6 is network layer?
                – JenyaKh
                Dec 26 at 16:26










              • Yes, I suppose.
                – Ron Trunk
                Dec 26 at 16:30










              • Thank you for the answer!
                – JenyaKh
                Dec 26 at 16:31


















              • I see. But am I right that NDP ICMPv6 messages never leave the bounds of local network so this is why we can say that NDP is link layer even though ICMPv6 is network layer?
                – JenyaKh
                Dec 26 at 16:26










              • Yes, I suppose.
                – Ron Trunk
                Dec 26 at 16:30










              • Thank you for the answer!
                – JenyaKh
                Dec 26 at 16:31
















              I see. But am I right that NDP ICMPv6 messages never leave the bounds of local network so this is why we can say that NDP is link layer even though ICMPv6 is network layer?
              – JenyaKh
              Dec 26 at 16:26




              I see. But am I right that NDP ICMPv6 messages never leave the bounds of local network so this is why we can say that NDP is link layer even though ICMPv6 is network layer?
              – JenyaKh
              Dec 26 at 16:26












              Yes, I suppose.
              – Ron Trunk
              Dec 26 at 16:30




              Yes, I suppose.
              – Ron Trunk
              Dec 26 at 16:30












              Thank you for the answer!
              – JenyaKh
              Dec 26 at 16:31




              Thank you for the answer!
              – JenyaKh
              Dec 26 at 16:31











              3














              NDP belongs to the L3 network layer, it is an essential part of IPv6. Just like IPv6 it is encapsulated in L2 frames, so it uses - or operates on top of - the data link layer (most often Ethernet).






              share|improve this answer


























                3














                NDP belongs to the L3 network layer, it is an essential part of IPv6. Just like IPv6 it is encapsulated in L2 frames, so it uses - or operates on top of - the data link layer (most often Ethernet).






                share|improve this answer
























                  3












                  3








                  3






                  NDP belongs to the L3 network layer, it is an essential part of IPv6. Just like IPv6 it is encapsulated in L2 frames, so it uses - or operates on top of - the data link layer (most often Ethernet).






                  share|improve this answer












                  NDP belongs to the L3 network layer, it is an essential part of IPv6. Just like IPv6 it is encapsulated in L2 frames, so it uses - or operates on top of - the data link layer (most often Ethernet).







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Dec 26 at 16:58









                  Zac67

                  26k21352




                  26k21352























                      3














                      I also want to answer my own question. The answer concerns particularly the two UPDATES which I appended to the initial question. I wondered what will happen if I try to send any NDP ICMPv6 message to a host outside my local network. This sounds like a security problem. So I found that the problem is solved in the following way in RFC-4861
                      [https://tools.ietf.org/html/rfc4861]:




                      11.2. Securing Neighbor Discovery Messages



                      The protocol reduces the exposure to the above threats in the absence
                      of authentication by ignoring ND packets received from off-link
                      senders. The Hop Limit field of all received packets is verified to
                      contain 255, the maximum legal value. Because routers decrement the
                      Hop Limit on all packets they forward, received packets containing a
                      Hop Limit of 255 must have originated from a neighbor.




                      and




                      3.1. Comparison with IPv4



                      By setting the Hop Limit to 255, Neighbor Discovery is immune to
                      off-link senders that accidentally or intentionally send ND
                      messages. In IPv4, off-link senders can send both ICMP Redirects
                      and Router Advertisement messages.




                      So in each of the sections of this RFC-4861, corresponding to each type of NDP messages, --



                      6.1.1.  Validation of Router Solicitation Messages
                      6.1.2. Validation of Router Advertisement Messages
                      7.1.1. Validation of Neighbor Solicitations
                      7.1.2. Validation of Neighbor Advertisements
                      8.1. Validation of Redirect Messages


                      -- there is the following phrase:




                      A host MUST silently discard any received message that does not satisfy all of the following validity checks:




                      • The IP Hop Limit field has a value of 255, i.e., the packet could not possibly have been forwarded by a router.


                      • ...





                      So normally NDP messages have capability to travel only locally in the network and should not be routed.






                      share|improve this answer








                      New contributor




                      JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                      Check out our Code of Conduct.























                        3














                        I also want to answer my own question. The answer concerns particularly the two UPDATES which I appended to the initial question. I wondered what will happen if I try to send any NDP ICMPv6 message to a host outside my local network. This sounds like a security problem. So I found that the problem is solved in the following way in RFC-4861
                        [https://tools.ietf.org/html/rfc4861]:




                        11.2. Securing Neighbor Discovery Messages



                        The protocol reduces the exposure to the above threats in the absence
                        of authentication by ignoring ND packets received from off-link
                        senders. The Hop Limit field of all received packets is verified to
                        contain 255, the maximum legal value. Because routers decrement the
                        Hop Limit on all packets they forward, received packets containing a
                        Hop Limit of 255 must have originated from a neighbor.




                        and




                        3.1. Comparison with IPv4



                        By setting the Hop Limit to 255, Neighbor Discovery is immune to
                        off-link senders that accidentally or intentionally send ND
                        messages. In IPv4, off-link senders can send both ICMP Redirects
                        and Router Advertisement messages.




                        So in each of the sections of this RFC-4861, corresponding to each type of NDP messages, --



                        6.1.1.  Validation of Router Solicitation Messages
                        6.1.2. Validation of Router Advertisement Messages
                        7.1.1. Validation of Neighbor Solicitations
                        7.1.2. Validation of Neighbor Advertisements
                        8.1. Validation of Redirect Messages


                        -- there is the following phrase:




                        A host MUST silently discard any received message that does not satisfy all of the following validity checks:




                        • The IP Hop Limit field has a value of 255, i.e., the packet could not possibly have been forwarded by a router.


                        • ...





                        So normally NDP messages have capability to travel only locally in the network and should not be routed.






                        share|improve this answer








                        New contributor




                        JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                        Check out our Code of Conduct.





















                          3












                          3








                          3






                          I also want to answer my own question. The answer concerns particularly the two UPDATES which I appended to the initial question. I wondered what will happen if I try to send any NDP ICMPv6 message to a host outside my local network. This sounds like a security problem. So I found that the problem is solved in the following way in RFC-4861
                          [https://tools.ietf.org/html/rfc4861]:




                          11.2. Securing Neighbor Discovery Messages



                          The protocol reduces the exposure to the above threats in the absence
                          of authentication by ignoring ND packets received from off-link
                          senders. The Hop Limit field of all received packets is verified to
                          contain 255, the maximum legal value. Because routers decrement the
                          Hop Limit on all packets they forward, received packets containing a
                          Hop Limit of 255 must have originated from a neighbor.




                          and




                          3.1. Comparison with IPv4



                          By setting the Hop Limit to 255, Neighbor Discovery is immune to
                          off-link senders that accidentally or intentionally send ND
                          messages. In IPv4, off-link senders can send both ICMP Redirects
                          and Router Advertisement messages.




                          So in each of the sections of this RFC-4861, corresponding to each type of NDP messages, --



                          6.1.1.  Validation of Router Solicitation Messages
                          6.1.2. Validation of Router Advertisement Messages
                          7.1.1. Validation of Neighbor Solicitations
                          7.1.2. Validation of Neighbor Advertisements
                          8.1. Validation of Redirect Messages


                          -- there is the following phrase:




                          A host MUST silently discard any received message that does not satisfy all of the following validity checks:




                          • The IP Hop Limit field has a value of 255, i.e., the packet could not possibly have been forwarded by a router.


                          • ...





                          So normally NDP messages have capability to travel only locally in the network and should not be routed.






                          share|improve this answer








                          New contributor




                          JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.









                          I also want to answer my own question. The answer concerns particularly the two UPDATES which I appended to the initial question. I wondered what will happen if I try to send any NDP ICMPv6 message to a host outside my local network. This sounds like a security problem. So I found that the problem is solved in the following way in RFC-4861
                          [https://tools.ietf.org/html/rfc4861]:




                          11.2. Securing Neighbor Discovery Messages



                          The protocol reduces the exposure to the above threats in the absence
                          of authentication by ignoring ND packets received from off-link
                          senders. The Hop Limit field of all received packets is verified to
                          contain 255, the maximum legal value. Because routers decrement the
                          Hop Limit on all packets they forward, received packets containing a
                          Hop Limit of 255 must have originated from a neighbor.




                          and




                          3.1. Comparison with IPv4



                          By setting the Hop Limit to 255, Neighbor Discovery is immune to
                          off-link senders that accidentally or intentionally send ND
                          messages. In IPv4, off-link senders can send both ICMP Redirects
                          and Router Advertisement messages.




                          So in each of the sections of this RFC-4861, corresponding to each type of NDP messages, --



                          6.1.1.  Validation of Router Solicitation Messages
                          6.1.2. Validation of Router Advertisement Messages
                          7.1.1. Validation of Neighbor Solicitations
                          7.1.2. Validation of Neighbor Advertisements
                          8.1. Validation of Redirect Messages


                          -- there is the following phrase:




                          A host MUST silently discard any received message that does not satisfy all of the following validity checks:




                          • The IP Hop Limit field has a value of 255, i.e., the packet could not possibly have been forwarded by a router.


                          • ...





                          So normally NDP messages have capability to travel only locally in the network and should not be routed.







                          share|improve this answer








                          New contributor




                          JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.









                          share|improve this answer



                          share|improve this answer






                          New contributor




                          JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.









                          answered Dec 26 at 18:45









                          JenyaKh

                          706




                          706




                          New contributor




                          JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.





                          New contributor





                          JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.






                          JenyaKh is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.






















                              JenyaKh is a new contributor. Be nice, and check out our Code of Conduct.










                              draft saved

                              draft discarded


















                              JenyaKh is a new contributor. Be nice, and check out our Code of Conduct.













                              JenyaKh is a new contributor. Be nice, and check out our Code of Conduct.












                              JenyaKh is a new contributor. Be nice, and check out our Code of Conduct.
















                              Thanks for contributing an answer to Network Engineering Stack Exchange!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.





                              Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                              Please pay close attention to the following guidance:


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function () {
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f55682%2fosi-layer-of-neighbor-discovery-protocol%23new-answer', 'question_page');
                              }
                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown







                              Popular posts from this blog

                              Сан-Квентин

                              8-я гвардейская общевойсковая армия

                              Алькесар