D-Link NetDefendOS User Manual page 163

Private interface IPv6 addresses cannot be used for management access or as the source address
for logging but they can be used for responding to ICMP ping messages when a cluster is active
or for sending such messages when the cluster is inactive.
See Section 11.3, "Setting Up HA" for further discussion of using IP6 HA Address objects with an HA
cluster.
IPv6 and Transparent Mode
Transparent Mode in NetDefendOS does not directly support IPv6 since Switched Routes cannot
be defined for IPv6 networks (see Section 4.8, "Transparent Mode").
However, it is possible to split networks transparently in the same way that Proxy ARP is used for
this with IPv4. Doing this for IPv4 is explained in Section 4.2.6, "Proxy ARP". The only difference
with IPv6 is that Neighbor Discovery (ND) is used instead of proxy ARP. The method is otherwise
the same and the two can be used alongside each other to split both IPv4 and IPv6 networks at
the same time.
Tunneling IPv6 Across IPv4 Networks
NetDefendOS allows the tunneling of IPv6 traffic across networks that only support IPv4. This is
done using an IP6in4 Tunnel object. This is described further in Section 3.4.8, "6in4 Tunnels".
Using Neighbor Discovery Advanced Settings
This section will look more closely at configuring Neighbor Discovery (ND) for IPv6. In particular, it
examines the NetDefendOS neighbor discovery cache.
Neighbor discovery handling in NetDefendOS resembles ARP handling in that a cache is
maintained in local memory of IPv6 hosts, retaining information about external host's link-layer
and IP address tuples. Below is a summary of the NetDefendOS ND cache states (these are also
defined in RFC 4861):
• INCOMPLETE
Address resolution is in progress and the link-layer address of the neighbor has not yet been
determined.
• REACHABLE
The neighbor is known to have been reachable recently (within the last tens of seconds).
• STALE
The neighbor is no longer known to be reachable but until traffic is sent, no attempt will be
made to verify its reachability.
• DELAY
The neighbor is no longer known to be reachable and traffic has recently been sent. Before
probing reachability, wait for a short time to allow reachability confirmation.
• PROBE
The neighbor is no longer known to be reachable and unicast neighbor solicitation probes
are being sent to verify reachability.
Neighbor entries appear in the cache for the following reasons:
163
Chapter 3: Fundamentals