Neighbor Discovery Protocol (NDP) can be conceptualized as a toolbox used by IPv6 hosts to carry out various link-local operations. NDP itself does not describe a wire-level protocol or packet structure, but rather it establishes directions for accomplishing routine tasks using certain algorithms and five ICMPv6 message types.

Many of the capabilities provided by NDP are very similar to those found in IPv4's ARP and ICMPv4, while others are new implementations available only under IPv6. RFC 4861 describes the nine functions of NDP in detail, but this article should suffice as a high-level review. A packet capture of various IPv6 Neighbor Discovery functions is available if you want to follow along with Wireshark.

Router Discovery

Whereas IPv4 hosts must rely on manual configuration or DHCP to provide the address of a default gateway, IPv6 hosts can automatically locate default routers on the link. This is accomplished through the use of two ICMPv6 messages: Router Solicitation (type 133) and Router Advertisement (type 134). When first joining a link, an IPv6 host multicasts a router solicitation to the all routers multicast group, and each router active on the link responds by sending a router advertisement with its address to the all nodes group.

Router advertisements indicate paths out of the local link, but they also specify additional information necessary to assist other NDP operations.

Prefix Discovery

One of the options typically carried by a router advertisement is the Prefix Information option (type 3). Each prefix information option lists an IPv6 prefix (subnet) reachable on the local link. Remember that it is not uncommon for multiple IPv6 prefixes to reside on the same link, and routers may include more than one prefix in each advertisement. A host which knows what prefixes are reachable on the link can communicate directly with destinations in those prefixes without passing its traffic through a router.

Parameter Discovery

Another option included in router advertisements is the MTU option (type 5), which informs hosts of the IP MTU to use. For example, this value is typically set to 1500 for Ethernet networks. However, not all link types have a standardized MTU size. Including this option ensures all hosts know the correct MTU to use.

Router advertisements also specify the default value hosts should use for the IPv6 hop count. This isn't an option, but a field built into the router advertisement message header.

Address Autoconfiguration

NDP provides mechanisms for a host to automatically configure itself with an address from a prefix learned from a local router through prefix discovery. This is done by concatenating a candidate learned prefix with the EUI-64 address of the host's interface. In this manner, a host can achieve stateless autoconfiguration.

Address Resolution

The function of address resolution was handled by ARP for IPv4, but is handled by ICMPv6 for IPv6. In a process very similar to router discovery, two ICMPv6 messages are used: Neighbor Solicitation (type 135) and Neighbor Advertisement (type 136). A host seeking the link layer address of a neighbor multicasts a neighbor solicitation and the neighbor (if online) responds with its link layer address in a neighbor advertisement.

Next-Hop Determination

As in IPv4, next-hop determination is simply a procedure for performing longest-match lookups on the host routing table and, for off-link destinations, the selection of a default router.

Neighbor Unreachability Detection

NDP is able to determine the reachability of a neighbor by examining clues from upper-layer protocols (for example, received TCP acknowledgments), or by actively reperforming address resolution (via ICMPv6) when certain thresholds are reached.

Duplicate Address Detection

When a host first joins a link, it multicasts neighbor solicitations for its own IPv6 address for a short period before attempting to use that address to communicate. If it receives a neighbor advertisement in response, the host realizes that another neighbor on the link is already using that address. The host will mark the address as a duplicate and will not use it on the link.

Note that this process is similar to IPv4 gratuitous ARP requests, but NDP elegantly allows for detection of two hosts with the same address before both hosts are actively sending traffic from the address.

Redirection

A fifth type of ICMPv6 message, the Redirect (type 137), is used by routers to either point hosts toward a more preferable router, or to indicate that the destination actually resides on link. ICMPv4 provides the same capability with its own redirect message.