Neighbor Discovery Protocol (NDP)
By Stephen Bucaro
Neighbor Discovery Protocol is part of the new version of the Internet Protocol (IPv6). Its function is
to resolve IPv6 addresses into valid MAC addresses (the devices unique hardware address). In IPv4, this
function was performed by the Address Resolution Protocol (ARP).
All addresses discovered by NDR are stored in a buffer known as the neighbor cache. Any device that
uses NDR manages its own neighbor cache. The neighbor cache is one of four buffers used by the NDP protocol.
The other three caches are:
The Destination cache which stores entries about all hosts on the network which have already been
sent data packets.
The Prefix List which is required because IPv6 supports multi-homing which allows the address space
to be split into different prefixes.
The Default Router List which includes all routers that regularly contact the device. Because each
router has an expiration date, only active routers are listed.
The different caches are created by ICPMv6 (Internet Control Message Protocol for IPv6). ICPMv6 has
five different kinds of network messages:
Router Advertisements (type 134 messages) - Routers periodically send out messages called router
advertisements to inform network members of their presence.
Router Solicitations (type 133 messages) - message that a host sends to request all routers on the network
requesting them to send advertisements. These then respond with a type 134 message.
Neighbor Solicitation (type 135 messages) - message that a host sends to discover the MAC address of the target host.
Neighbor Advertisement (type 136 messages) - messages that a host sends to inform other network devices
about changes in the address configuration.
Redirect Messages (type 137 messages) - messages that a router sends to inform network hosts about a better
first hop on their way to a specific destination addresses.
NDP Tasks in Summary
• Detecting the router and network prefix.
• Determining important parameters for packet transmission, such as the maximum packet size.
• Identifying the next hop.
• Resolving the MAC address in the IP address.
• Detecting expiration of a neighbor. If there has not been a data exchange with a device for a long
time, and the cache entry's validity period has expired, it is marked as outdated.
• Detecting duplicate addresses. If another host is already using the address, they respond with
a neighbor advertisement message to the multicast address. The duplicate address checking client also receives
this message, which suggests a new address.
• Informing about redirect options. The NDP gives routers with the redirect message the ability to
optimize the path from data packets to the targeted hosts.
How to Inspect the Neighbor Cache on Your System
You can use the Command Prompt to inspect the neighbor cache that was created for your system. In Windows
list your network neighbors using the netsh (network shell) program and the following command:
netsh interface ipv6 show neighbors
More Networking Protocols and Standards:
• Major Protocols in the TCP/IP Suite
• IPv6 Address Format
• Ports and Sockets
• DSL (Digital Subscriber Line)
• The OSI Application Layer
• Unicast, Multicast, Broadcast. What Does It Mean?
• What's the Difference Between a Packet and a Frame?
• Network Operating Systems
• Video Streaming Protocols
• A Simple Description of the IPv6 Header and Datagram