ICMPv6 - Internet Control Message Protocol Version 6

What is ICMPv6?

ICMPv6 stands for Internet Control Message Protocol for IPv6. It is the version of ICMP designed specifically for IPv6 networks, used to report errors, perform diagnostics, and support essential IPv6 functions like Neighbor Discovery and Multicast Listener Discovery.

Why is ICMPv6 useful?

  • Reports errors and unreachable destinations

  • Supports ping and traceroute for IPv6

  • Enables Neighbor Discovery Protocol (NDP), which replaces ARP in IPv6

  • Helps manage router discovery, address autoconfiguration, and duplicate address detection

How it works?

  • Device sends a message – For example, a ping using ICMPv6 Echo Request.

  • Target responds – The destination replies with an Echo Reply if reachable.

  • Routers and hosts use it – To send messages like Destination Unreachable or Packet Too Big.

  • Neighbor Discovery – Devices use ICMPv6 to find each other and configure addresses automatically.

Where is ICMPv6 used?

  • IPv6 diagnostics – Tools like ping6 and traceroute6.

  • Router discovery – Devices find routers on the network.

  • Address configuration – Stateless address autoconfiguration (SLAAC).

  • Network troubleshooting – Identifying connectivity and routing issues.

Which OSI layer does this protocol belong to?

  • Works closely with the IPv6 protocol.

  • Handles routing, error reporting, and neighbor discovery.

  • Operates below the transport and application layers.

Topics in this section,

  • In this section, you are going to learn

  • Terminology

  • Version Info

Version & RFC Details

ICMPv6 Version

RFC Version

Year

Core Idea / Contribution

ICMPv6

RFC 1885

1995

Original specification of ICMPv6 (now obsolete).

RFC 2463

1998

Updated ICMPv6 specification (also obsolete).

RFC 4443

2006

Current base specification of ICMPv6. Defines message formats, types, and codes for error reporting and diagnostics. Obsoletes RFC 2463.

RFC 4861

2007

Defines Neighbor Discovery Protocol (NDP), which uses ICMPv6 for router discovery, address resolution, and reachability detection.

RFC 4890

2007

Provides firewall filtering recommendations for ICMPv6 to balance functionality and security.

RFC 6275

2011

Specifies Mobile IPv6, including ICMPv6 messages for home agent discovery and mobile prefix advertisement.

RFC 6550

2012

Introduces RPL (Routing Protocol for Low-Power and Lossy Networks), which uses ICMPv6 for control messages.

RFC 8335

2018

Defines Extended Echo Request/Reply messages for enhanced diagnostics.

RFC 8883

2020

Adds new ICMPv6 codes for extension header errors and header chain issues.

Testcase 1: Basic IPv6 Ping Test

  • Step-1 : Launch GNS3 and Create Network Topology

    Note

    • Use GNS3 to simulate two Ubuntu virtual machines.

    • Connect both VMs using a virtual Ethernet cable.

    1. Open GNS3

    2. Add two Ubuntu VMs to the canvas

    3. Connect the VMs using an Ethernet link

    4. Start both virtual machines

  • Step-2 : Assign Static IPv6 Addresses

    VM1:~$ sudo ip -6 addr add 2001:db8:1::10/64 dev enp0s8
VM1:~$ sudo ip link set enp0s8 up

VM2:~$ sudo ip -6 addr add 2001:db8:1::20/64 dev enp0s8
VM2:~$ sudo ip link set enp0s8 up

    Note

    • Replace enp0s8 with your actual interface name (check using ip a)

    • Both machines must be on the same IPv6 subnet (2001:db8:1::/64)

  • Step-3 : Verify Interface Configuration

    VM1:~$ ip -6 addr show dev enp0s8
VM2:~$ ip -6 addr show dev enp0s8

    • expected output :

      inet6 2001:db8:1::10/64 (on VM1)

      inet6 2001:db8:1::20/64 (on VM2)

  • Step-4 : Start Wireshark Capture in GNS3

    • Right-click the Ethernet link between VM1 and VM2

    • Click Start Capture

  • Step-5 : ICMPv6 Ping Test

    VM2:~$ ping6 2001:db8:1::10

PING 2001:db8:1::10(2001:db8:1::10) 56 data bytes
64 bytes from 2001:db8:1::10: icmp_seq=1 ttl=64 time=0.425 ms
64 bytes from 2001:db8:1::10: icmp_seq=2 ttl=64 time=0.410 ms
64 bytes from 2001:db8:1::10: icmp_seq=3 ttl=64 time=0.417 ms
64 bytes from 2001:db8:1::10: icmp_seq=4 ttl=64 time=0.408 ms
64 bytes from 2001:db8:1::10: icmp_seq=5 ttl=64 time=0.405 ms

--- 2001:db8:1::10 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4004ms
rtt min/avg/max/mdev = 0.405/0.413/0.425/0.008 ms

    Note

    • This test verifies ICMPv6 Echo Request/Reply over static IPv6.

    • Successful ping indicates end-to-end IPv6 connectivity.

    • You should observe:

      • ICMPv6 Echo Request from VM2 (2001:db8:1::20) to VM1 (2001:db8:1::10)

      • ICMPv6 Echo Reply from VM1 to VM2

Testcase 2: Jumbo Packet Ping Test (ICMPv6)

  • Step-1 : Launch GNS3 and Create Network Topology

    Note

    • Use GNS3 to simulate two Ubuntu virtual machines.

    • Connect both VMs using a virtual Ethernet cable.

    1. Open GNS3

    2. Add two Ubuntu VMs to the canvas

    3. Connect the VMs using an Ethernet link

    4. Start both virtual machines

  • Step-2 : Assign Static IPv6 Addresses

    VM1:~$ sudo ip -6 addr add 2001:db8:1::10/64 dev enp0s8
VM1:~$ sudo ip link set enp0s8 up

VM2:~$ sudo ip -6 addr add 2001:db8:1::20/64 dev enp0s8
VM2:~$ sudo ip link set enp0s8 up

    Note

    • Replace enp0s8 with your actual interface name.

    • Both machines must belong to the same IPv6 subnet.

  • Step-3 : Verify Interface Configuration

    VM1:~$ ip -6 addr show dev enp0s8
VM2:~$ ip -6 addr show dev enp0s8

  • expected output :

    inet6 2001:db8:1::10/64 (on VM1)

    inet6 2001:db8:1::20/64 (on VM2)

  • Step-4 : Start Wireshark Capture in GNS3

    • Right-click the Ethernet link between VM1 and VM2

    • Click Start Capture

  • Step-5 : ICMPv6 Jumbo Packet Ping Test

    VM2:~$ ping6 -s 4000 2001:db8:1::10

PING 2001:db8:1::10(2001:db8:1::10) 4000 data bytes
4008 bytes from 2001:db8:1::10: icmp_seq=1 ttl=64 time=0.890 ms
4008 bytes from 2001:db8:1::10: icmp_seq=2 ttl=64 time=0.856 ms
4008 bytes from 2001:db8:1::10: icmp_seq=3 ttl=64 time=0.849 ms
4008 bytes from 2001:db8:1::10: icmp_seq=4 ttl=64 time=0.832 ms
4008 bytes from 2001:db8:1::10: icmp_seq=5 ttl=64 time=0.828 ms
4008 bytes from 2001:db8:1::10: icmp_seq=6 ttl=64 time=0.825 ms

--- 2001:db8:1::10 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5007ms
rtt min/avg/max/mdev = 0.825/0.846/0.890/0.023 ms

    Note

    • -s 4000 sends an ICMPv6 Echo Request with 4000 bytes of payload.

    • This exceeds the standard Ethernet MTU (1500 bytes), so fragmentation occurs.

    • IPv6 requires source-host fragmentation (not router-based).

    • You should observe the following in Wireshark:

      • Two IPv6 fragments with Fragment Headers (Next Header = 44)

      • ICMPv6 Echo Request reconstructed at the destination

      • Echo Reply may also be fragmented, depending on payload size

    • This test validates fragmentation, reassembly, and large payload delivery.

Testcase 3: Neighbor Solicitation / Advertisement (NDP)

  • Step-1 : Launch GNS3 and Create Network Topology

    Note

    • Use GNS3 to simulate two Ubuntu virtual machines.

    • Connect both VMs using a virtual Ethernet cable.

    1. Open GNS3

    2. Add two Ubuntu VMs to the canvas

    3. Connect the VMs using an Ethernet link

    4. Start both virtual machines

  • Step-2 : Assign Static IPv6 Addresses

    VM1:~$ sudo ip -6 addr add 2001:db8:1::10/64 dev enp0s8
VM1:~$ sudo ip link set enp0s8 up

VM2:~$ sudo ip -6 addr add 2001:db8:1::20/64 dev enp0s8
VM2:~$ sudo ip link set enp0s8 up

    Note

    • Replace enp0s8 with the actual interface name on your VMs.

    • Both systems must be within the same IPv6 subnet.

  • Step-3 : Start Wireshark Capture in GNS3

    • Right-click on the Ethernet link between VM1 and VM2

    • Select Start Capture

  • Step-4 : Trigger Neighbor Discovery Protocol (NDP)

    VM2:~$ ping6 2001:db8:1::10

PING 2001:db8:1::10(2001:db8:1::10) 56 data bytes
64 bytes from 2001:db8:1::10: icmp_seq=1 ttl=64 time=0.429 ms
64 bytes from 2001:db8:1::10: icmp_seq=2 ttl=64 time=0.420 ms
64 bytes from 2001:db8:1::10: icmp_seq=3 ttl=64 time=0.417 ms
64 bytes from 2001:db8:1::10: icmp_seq=4 ttl=64 time=0.409 ms

--- 2001:db8:1::10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3012ms
rtt min/avg/max/mdev = 0.409/0.418/0.429/0.007 ms

    Note

    • This test triggers Neighbor Discovery Protocol (NDP) as part of the first ping.

    • NDP is used to resolve the IPv6 address of the destination to its MAC address (similar to ARP in IPv4).

    • The NDP exchange consists of:

      • Neighbor Solicitation (NS): Sent by VM2 to find the MAC of VM1.

      • Neighbor Advertisement (NA): Response from VM1 providing its MAC.

      • Followed by ICMPv6 Echo Request/Reply.

    Note

    • You will observe the following packet sequence:

      • ICMPv6 Neighbor Solicitation from VM2 to ff02::1:ff00:10

      • ICMPv6 Neighbor Advertisement from VM1 to VM2

      • ICMPv6 Echo Request from VM2 to VM1

      • ICMPv6 Echo Reply from VM1 to VM2

Testcase 4: Router Solicitation / Advertisement (RS/RA)

  • Step-1 : Launch GNS3 and Create Network Topology

    Note

    • Use GNS3 to simulate two Ubuntu virtual machines.

    • Connect both VMs using a virtual Ethernet cable.

    1. Open GNS3

    2. Add two Ubuntu VMs to the canvas

    3. Connect the VMs using an Ethernet link

    4. Start both virtual machines

  • Step-2 : Configure Router Advertisement Daemon on VM1

    VM1:~$ sudo apt update
VM1:~$ sudo apt install radvd
VM1:~$ sudo nano /etc/radvd.conf

    interface enp0s8 {
  AdvSendAdvert on;
  prefix 2001:db8:1::/64 {
    AdvOnLink on;
    AdvAutonomous on;
  };
};

    VM1:~$ sudo systemctl enable radvd
VM1:~$ sudo systemctl restart radvd

    Note

    • This config enables IPv6 Router Advertisements from VM1 on interface enp0s8

    • The prefix 2001:db8:1::/64 will be advertised for SLAAC (Stateless Address Auto Configuration)

  • Step-3 : Trigger Router Solicitation on VM2

    VM2:~$ sudo ip -6 addr flush dev enp0s8
VM2:~$ sudo ifconfig enp0s8 down
VM2:~$ sudo ifconfig enp0s8 up

    Note

    • These steps reset the IPv6 configuration on VM2, prompting it to send a Router Solicitation (RS)

  • Step-4 : Start Wireshark Capture in GNS3

    • Right-click on the Ethernet link between VM1 and VM2

    • Select Start Capture

  • Step-5 : Test IPv6 Connectivity Using SLAAC Address

    VM2:~$ ping6 2001:db8:1::10

PING 2001:db8:1::10(2001:db8:1::10) 56 data bytes
64 bytes from 2001:db8:1::10: icmp_seq=1 ttl=64 time=0.430 ms
64 bytes from 2001:db8:1::10: icmp_seq=2 ttl=64 time=0.426 ms
64 bytes from 2001:db8:1::10: icmp_seq=3 ttl=64 time=0.420 ms
64 bytes from 2001:db8:1::10: icmp_seq=4 ttl=64 time=0.418 ms
64 bytes from 2001:db8:1::10: icmp_seq=5 ttl=64 time=0.416 ms
64 bytes from 2001:db8:1::10: icmp_seq=6 ttl=64 time=0.413 ms

--- 2001:db8:1::10 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5010ms
rtt min/avg/max/mdev = 0.413/0.420/0.430/0.006 ms

    Note

    • This test demonstrates dynamic IPv6 address assignment via Router Advertisement (RA)

    • VM2 sends Router Solicitation (Type 133) to ff02::2 (all-routers multicast)

    • VM1 responds with Router Advertisement (Type 134) containing prefix 2001:db8:1::/64

    • VM2 autoconfigures its IPv6 address using SLAAC

    • Then, it successfully pings VM1 using the assigned global IPv6 address

    Note

    • You will observe the following packet sequence:

      • ICMPv6 Router Solicitation (Type 133) from VM2 to ff02::2

      • ICMPv6 Router Advertisement (Type 134) from VM1 with prefix information

      • ICMPv6 Echo Request from VM2 to VM1

      • ICMPv6 Echo Reply from VM1 to VM2

Testcase 5: ICMPv6 Flood Ping Test

  • Step-1 : Launch GNS3 and Create Network Topology

    Note

    • Use GNS3 to simulate two Ubuntu virtual machines.

    • Connect both VMs using a virtual Ethernet cable.

    1. Open GNS3

    2. Add two Ubuntu VMs to the canvas

    3. Connect the VMs using an Ethernet link

    4. Start both virtual machines

  • Step-2 : Assign Static IPv6 Addresses

    VM1:~$ sudo ip -6 addr add 2001:db8:1::10/64 dev enp0s8
VM1:~$ sudo ip link set enp0s8 up

VM2:~$ sudo ip -6 addr add 2001:db8:1::20/64 dev enp0s8
VM2:~$ sudo ip link set enp0s8 up

    Note

    • Replace enp0s8 with the actual network interface name.

    • Ensure both VMs are in the same IPv6 subnet.

  • Step-3 : Verify Interface Configuration

    VM1:~$ ip -6 addr show dev enp0s8
VM2:~$ ip -6 addr show dev enp0s8

    • expected output :

      inet6 2001:db8:1::10/64 (on VM1)

      inet6 2001:db8:1::20/64 (on VM2)

  • Step-4 : Start Wireshark Capture in GNS3

    • Right-click the Ethernet link between VM1 and VM2

    • Click Start Capture

  • Step-5 : ICMPv6 Flood Ping Test (Rate Limiting Observation)

    VM2:~$ ping6 -f 2001:db8:1::10

PING 2001:db8:1::10(2001:db8:1::10) 56 data bytes
...........................................................
--- 2001:db8:1::10 ping statistics ---
19730 packets transmitted, 19730 received, 0% packet loss, time 10001ms

    Note

    • -f enables flood ping mode, sending ICMPv6 Echo Requests as fast as possible.

    • This test is used for stress testing and observing ICMPv6 rate limiting behavior.

    • If the target (VM1) has rate limiting enabled, ICMPv6 replies may slow down or get dropped temporarily.

    • Despite high rate, no packet loss observed indicates a stable local link.

    Note

    • You will observe the following:

      • High-frequency ICMPv6 Echo Requests from VM2 (2001:db8:1::20) to VM1 (2001:db8:1::10)

      • Corresponding ICMPv6 Echo Replies from VM1 back to VM2

      • Short inter-packet gap (IPG), low round-trip times

      • Possible signs of rate limiting if capture duration is extended

Testcase 6: ICMPv6 Multicast Echo Request

  • Step-1 : Launch GNS3 and Create Network Topology

    Note

    • Use GNS3 to simulate two Ubuntu virtual machines.

    • Connect both VMs using a virtual Ethernet cable.

    1. Open GNS3

    2. Add two Ubuntu VMs to the canvas

    3. Connect the VMs using an Ethernet link

    4. Start both virtual machines

  • Step-2 : Assign Static IPv6 Addresses

    VM1:~$ sudo ip -6 addr add 2001:db8:1::10/64 dev enp0s8
VM1:~$ sudo ip link set enp0s8 up

VM2:~$ sudo ip -6 addr add 2001:db8:1::20/64 dev enp0s8
VM2:~$ sudo ip link set enp0s8 up

    Note

    • Replace enp0s8 with the correct interface name.

    • Ensure both VMs are in the same IPv6 subnet and have link-local addresses configured automatically.

  • Step-3 : Verify IPv6 and Link-Local Addresses

    VM1:~$ ip -6 addr show dev enp0s8
VM2:~$ ip -6 addr show dev enp0s8

    • expected output :

      inet6 2001:db8:1::10/64 (on VM1)

      inet6 fe80::xxxx:xxxx:xxxx:xxxx/64 (link-local)

      inet6 2001:db8:1::20/64 (on VM2)

      inet6 fe80::xxxx:xxxx:xxxx:xxxx/64 (link-local)

  • Step-4 : Start Wireshark Capture in GNS3

    • Right-click the Ethernet link between VM1 and VM2

    • Click Start Capture

  • Step-5 : ICMPv6 Multicast Ping Test

    VM2:~$ ping6 ff02::1%enp0s8

PING ff02::1%enp0s8(ff02::1%enp0s8) 56 data bytes
64 bytes from fe80::a00:27ff:fe87:a121%enp0s8: icmp_seq=1 ttl=64 time=0.420 ms
64 bytes from fe80::a00:27ff:fe48:8f52%enp0s8: icmp_seq=1 ttl=64 time=0.421 ms
64 bytes from fe80::a00:27ff:fe87:a121%enp0s8: icmp_seq=2 ttl=64 time=0.419 ms
64 bytes from fe80::a00:27ff:fe48:8f52%enp0s8: icmp_seq=2 ttl=64 time=0.418 ms
64 bytes from fe80::a00:27ff:fe87:a121%enp0s8: icmp_seq=3 ttl=64 time=0.418 ms
64 bytes from fe80::a00:27ff:fe48:8f52%enp0s8: icmp_seq=3 ttl=64 time=0.417 ms

--- ff02::1%enp0s8 ping statistics ---
6 packets transmitted, 6 received, +6 duplicates, 0% packet loss
rtt min/avg/max/mdev = 0.417/0.419/0.421/0.002 ms

    Note

    • ff02::1 is the all-nodes IPv6 multicast address (link-local scope).

    • %enp0s8 specifies the interface on which to send the multicast request.

    • All active IPv6 hosts on the link should respond.

    • This test validates basic multicast reachability and ICMPv6 support.

    Note

    • You will observe:

      • ICMPv6 Echo Request to multicast address ff02::1

      • ICMPv6 Echo Replies from each host with a valid link-local address

      • Source addresses of replies are of the form fe80::xxxx:xxxx:xxxx:xxxx

      • May see duplicate responses per sequence due to multiple hosts replying

ICMPv6 Destination Unreachable Packet

S.No

Protocol Packets

Description

Size(bytes)

1

Destination Unreachable Message

Routing or delivery failure

Type

Set to 1 for Destination Unreachable

1

Code

Specifies the reason for the error

1

Checksum

Error-checking for the ICMP message

2

Unused

Reserved, must be zero

4

ICMPv6 Packet Too Big Packet

S.No

Protocol Packets

Description

Size(bytes)

2

Packet Too Big

MTU exceeded

Type

Set to 2 for Packet Too Big

1

Code

Always 0 for this message type

1

Checksum

Error-checking for the ICMP message

2

Unused

Maximum Transmission Unit of the next-hop link

4

Data

As much of the original packet as possible (without exceeding the minimum

variable

IPv6 MTU of 1280 bytes)

ICMPv6 Time Exceeded Packet

S.No

Protocol Packets

Description

Size(bytes)

3

Time Exceeded

TTL expired

Type

Set to 3 for Time Exceeded

1

Code

Indicates the specific reason

1

Checksum

Error-checking for the ICMP message

2

Unused

Reserved, must be zero

4

Data

As much of the original packet as possible (without exceeding the minimum

variable

IPv6 MTU of 1280 bytes)

ICMPv6 Echo Request Packet

S.No

Protocol Packets

Description

Size(bytes)

4

Echo Request

Ping request

Type

Set to 128 for Echo Request

1

Code

Always 0

1

Checksum

Error-checking for the ICMP message

2

Identifier

Used to match requests and replies

2

Sequence Number

Used to track the order of messages

2

Data

Optional payload data (e.g., timestamp, pattern)

variable

ICMPv6 Echo Reply Packet

S.No

Protocol Packets

Description

Size(bytes)

5

Echo Reply

Ping response

Type

Set to 129 for Echo Reply

1

Code

Always 0

1

Checksum

Error-checking for the ICMP message

2

Identifier

Matches the request to the reply

2

Sequence Number

Matches the request to the reply

2

Data

Optional payload (copied from the Echo Request)

variable

ICMPv6 Router Solicitation Packet

S.No

Protocol Packets

Description

Size(bytes)

6

Router Solicitation

Request for router advertisement

Type

Set to 133 for Router Solicitation

1

Code

Always 0

1

Checksum

Error-checking for the ICMP message

2

Reserved

Must be zero

4

Options

Optional link-layer address of the sender (e.g., Source Link-Layer

variable

Address option)

ICMPv6 Router Advertisement Packet

S.No

Protocol Packets

Description

Size(bytes)

7

Router Advertisement

Router info broadcast

Type

Set to 134 for Router Advertisement

1

Code

Always 0

1

Checksum

Error-checking for the ICMP message

2

Cur Hop Limit

Suggested Hop Limit for outgoing packets

1

M/O Flags

Managed (M) and Other (O) configuration flags

1

Router Lifetime

Time (in seconds) this router is a default router

2

Reachable Time

Time (ms) a node assumes a neighbor is reachable

4

Retrans Timer

Time (ms) between retransmitted NS messages

4

Options

Includes Prefix Info, MTU, Source Link-Layer Address, etc.

variable

ICMPv6 Neighbor Solicitation Packet

S.No

Protocol Packets

Description

Size(bytes)

8

Neighbor Solicitation

Address resolution (like ARP)

Type

Set to 135 for Neighbor Solicitation

1

Code

Always 0

1

Checksum

Error-checking for the ICMP message

2

Reserved

Must be zero

4

Target Address

IPv6 address of the target node

32

Options

Typically includes the Source Link-Layer Address option

variable

ICMPv6 Neighbor Advertisement Packet

S.No

Protocol Packets

Description

Size(bytes)

9

Neighbor Advertisement

Response to solicitation

Type

Set to 136 for Neighbor Advertisement

1

Code

Always 0

1

Checksum

Error-checking for the ICMP message

2

Flags

R (Router), S (Solicited), O (Override)

4

Target Address

IPv6 address of the node sending the advertisement

32

Options

Typically includes the Target Link-Layer Address option

variable

ICMPv6 - Use Cases

S.no

Use Case

Description

1

Error Reporting

ICMPv6 reports issues like unreachable destinations, packet too big, or time exceeded, helping diagnose network problems.

2

Path MTU Discovery

Uses “Packet Too Big” messages to determine the maximum packet size that can be sent without fragmentation.

3

Neighbor Discovery Protocol (NDP)

Replaces ARP in IPv6. ICMPv6 is used for address resolution, router discovery, and reachability detection.

4

Router Discovery

Hosts use ICMPv6 to discover routers on the local network via Router Advertisement and Solicitation messages.

5

Duplicate Address Detection (DAD)

Ensures no two devices on the same network use the same IPv6 address.

6

Redirect Messages

Routers use ICMPv6 to inform hosts of a better next-hop address for a destination.

7

Mobile IPv6 Support

ICMPv6 supports mobility features like home agent discovery and mobile prefix advertisement.

8

Multicast Listener Discovery (MLD)

Used by IPv6 routers to discover multicast listeners on a directly attached link.

9

Extended Echo for Diagnostics

Enhanced echo request/reply messages (RFC 8335) provide more detailed network diagnostics.

ICMPv6 - Basic Features

S.no

Features

Description

1

Integrated with IPv6

ICMPv6 is a core part of the IPv6 protocol suite, unlike ICMPv4 which is more standalone.

2

Supports NDP

Enables critical IPv6 functions like address resolution, router discovery, and prefix advertisement.

3

Error and Informational Messages

Includes both error messages (e.g., Destination Unreachable) and informational messages (e.g., Echo Request/Reply).

4

Multicast-Based Communication

Uses multicast instead of broadcast for efficiency and scalability in IPv6 networks.

5

Security-Aware Design

Designed to work with IPsec for secure communication and message authentication.

6

Extensible Message Format

Supports future extensions and new message types without breaking compatibility.

7

No Fragmentation Support

ICMPv6 helps manage MTU issues since IPv6 routers do not fragment packets.

8

Rate Limiting

ICMPv6 messages are rate-limited to prevent abuse and denial-of-service attacks.

Integrated with IPv6 - Testcases

Integrated with IPv6 - Test Cases

#

Test Case

Description

Expected Result

1

ICMPv6 Echo Request

Send ICMPv6 Type 128

Echo Reply (Type 129) received

2

ICMPv6 Echo Reply

Receive ICMPv6 Type 129

Matches Echo Request

3

Destination Unreachable

ICMPv6 Type 1

Error message received

4

Packet Too Big

ICMPv6 Type 2

MTU info received

5

Time Exceeded

ICMPv6 Type 3

TTL expired message received

6

Parameter Problem

ICMPv6 Type 4

Header issue reported

7

Neighbor Solicitation

ICMPv6 Type 135

Target receives solicitation

8

Neighbor Advertisement

ICMPv6 Type 136

Solicitor receives advertisement

9

Router Solicitation

ICMPv6 Type 133

Router responds with advertisement

10

Router Advertisement

ICMPv6 Type 134

Host receives router info

11

Redirect Message

ICMPv6 Type 137

Host updates route

12

Multicast Listener Query

ICMPv6 Type 130

Host responds if subscribed

13

Multicast Listener Report

ICMPv6 Type 131

Sent by host to join group

14

Multicast Listener Done

ICMPv6 Type 132

Sent by host to leave group

15

Duplicate Address Detection

Use NS/NA

Conflicting address detected

16

Stateless Address Autoconfiguration

Use RA

Host configures IPv6 address

17

Path MTU Discovery

Receive Packet Too Big

Host adjusts MTU

18

Hop Limit Exceeded

TTL = 0

Time Exceeded message received

19

Header Field Error

Send malformed header

Parameter Problem received

20

Unrecognized Next Header

Use unknown protocol

Parameter Problem received

21

Unreachable No Route

Send to unreachable prefix

Destination Unreachable received

22

Unreachable Admin Prohibited

Blocked by policy

Destination Unreachable received

23

Unreachable Beyond Scope

Send to link-local from global

Destination Unreachable received

24

Unreachable Address

Send to unused address

Destination Unreachable received

25

Unreachable Port

Send to closed UDP port

Destination Unreachable received

26

Echo Request with Payload

Send with data

Echo Reply includes same data

27

Echo Request to Multicast

Send to ff02::1

Replies from all reachable nodes

28

Echo Request to Link-Local

Send to fe80::/10

Reply from local node

29

Echo Request with Flow Label

Set flow label

Echo Reply received

30

Echo Request with Extension Header

Add EH

Echo Reply received

31

Echo Request with Fragment Header

Fragmented packet

Echo Reply received

32

Echo Request with Authentication Header

Use AH

Echo Reply received if valid

33

Echo Request with ESP

Use ESP

Echo Reply received if decrypted

34

Echo Request with Hop-by-Hop Options

Add HBH

Echo Reply received

35

Echo Request with Routing Header

Add RH

Echo Reply received

36

Echo Request with Jumbo Payload

Send > 1500 bytes

Echo Reply received or error

37

Echo Request with Invalid Checksum

Corrupt checksum

Packet discarded

38

Echo Request with Invalid Type

Use undefined type

Packet discarded

39

Echo Request with Invalid Code

Use undefined code

Packet discarded

40

Echo Request with Truncated Header

Incomplete header

Packet discarded

41

Echo Request with Spoofed Source

Use fake source IP

Reply sent to spoofed address

42

Neighbor Discovery with Spoofed MAC

Use fake MAC

Host may update cache incorrectly

43

Router Advertisement with Invalid Prefix

Use invalid prefix

Host ignores prefix

44

Router Advertisement with High Lifetime

Set max lifetime

Host accepts if valid

45

Router Advertisement with Multiple Prefixes

Advertise multiple

Host configures multiple addresses

46

Router Advertisement with MTU Option

Include MTU

Host updates MTU

47

Router Advertisement with RDNSS Option

Include DNS info

Host updates DNS settings

48

Redirect with Invalid Target

Use unreachable target

Host ignores redirect

49

Redirect with Valid Target

Use reachable target

Host updates route

50

ICMPv6 Filtering

Block ICMPv6

IPv6 functions like ND fail

Supports NDP - Testcases

Supports NDP - Test Cases

#

Test Case

Description

Expected Result

1

Send Neighbor Solicitation

ICMPv6 Type 135

Target receives solicitation

2

Receive Neighbor Advertisement

ICMPv6 Type 136

Solicitor receives advertisement

3

Send Router Solicitation

ICMPv6 Type 133

Router responds with advertisement

4

Receive Router Advertisement

ICMPv6 Type 134

Host receives router info

5

Send Redirect Message

ICMPv6 Type 137

Host updates route

6

Duplicate Address Detection

Send NS for own address

Conflict detected if address in use

7

Stateless Address Autoconfiguration

Use RA with prefix

Host configures IPv6 address

8

Prefix Discovery

RA includes prefix info

Host adds prefix to routing table

9

MTU Discovery via RA

RA includes MTU option

Host updates MTU

10

Default Router Discovery

RA includes router lifetime

Host sets default gateway

11

RDNSS Option in RA

RA includes DNS info

Host updates DNS settings

12

DNSSL Option in RA

RA includes search list

Host updates domain search list

13

NS with SLLAO

Include Source Link-Layer Address Option

Target updates neighbor cache

14

NA with TLLAO

Include Target Link-Layer Address Option

Solicitor updates neighbor cache

15

NS without SLLAO

Omit SLLAO

Target may not update cache

16

NA with Override Flag

Set O flag

Cache entry replaced

17

NA with Router Flag

Set R flag

Entry marked as router

18

NA with Solicited Flag

Set S flag

Confirms reachability

19

NS to Multicast Address

Send to solicited-node multicast

Target responds with NA

20

NS to Unicast Address

Send directly to target

Target responds with NA

21

NA to Multicast Address

Send unsolicited NA

All nodes update cache

22

NA to Unicast Address

Send solicited NA

Solicitor updates cache

23

RS to All-Routers Multicast

Send to ff02::2

Routers respond with RA

24

RA to All-Nodes Multicast

Send to ff02::1

All hosts receive RA

25

RA with Multiple Prefixes

Include multiple PIOs

Host configures multiple addresses

26

RA with On-Link Flag

Set L flag in PIO

Prefix treated as on-link

27

RA with Autonomous Flag

Set A flag in PIO

Prefix used for SLAAC

28

RA with Zero Lifetime

Set router lifetime to 0

Host removes default route

29

RA with High Lifetime

Set long router lifetime

Host retains default route

30

Redirect with Valid Target

Target is reachable

Host updates route

31

Redirect with Invalid Target

Target unreachable

Host ignores redirect

32

NS with Invalid Checksum

Corrupt checksum

Packet discarded

33

NA with Invalid Target

Target address mismatch

Packet ignored

34

RS with Invalid Source

Source not link-local

Packet discarded

35

RA with Invalid Prefix

Prefix length > 128

Prefix ignored

36

RA with Invalid MTU

MTU < 1280

MTU option ignored

37

RA with Invalid Lifetime

Lifetime > 9000s

Lifetime capped or ignored

38

NS with Spoofed MAC

Use fake MAC address

Target may update cache incorrectly

39

NA with Spoofed IP

Use fake IP address

Host may update cache incorrectly

40

RA with Spoofed Router

Fake router advertises prefix

Host may accept if not secured

41

Redirect with Spoofed Gateway

Use fake gateway

Host may update route incorrectly

42

NS Rate Limiting

Send many NS packets

Host rate-limits responses

43

NA Rate Limiting

Send many NA packets

Host rate-limits updates

44

RA Rate Limiting

Send frequent RAs

Host processes within limits

45

Redirect Rate Limiting

Send frequent redirects

Host limits updates

46

NDP Cache Timeout

Wait for entry to expire

Entry removed from cache

47

NDP Cache Refresh

Send NS before timeout

Entry refreshed

48

NDP Cache Overwrite

Send NA with override

Entry updated

49

NDP with VLAN

Send over VLAN

NDP functions correctly

50

NDP with VRF

Send in VRF context

NDP scoped to VRF

Error and Informational Messages - Testcases

Error and Informational Messages - Test Cases

#

Test Case

Description

Expected Result

1

Echo Request

Send ICMPv6 Type 128

Echo Reply (Type 129) received

2

Echo Reply

Receive ICMPv6 Type 129

Matches Echo Request

3

Destination Unreachable - No Route

ICMPv6 Type 1 Code 0

Error message received

4

Destination Unreachable - Admin Prohibited

ICMPv6 Type 1 Code 1

Error message received

5

Destination Unreachable - Beyond Scope

ICMPv6 Type 1 Code 2

Error message received

6

Destination Unreachable - Address Unreachable

ICMPv6 Type 1 Code 3

Error message received

7

Destination Unreachable - Port Unreachable

ICMPv6 Type 1 Code 4

Error message received

8

Packet Too Big

ICMPv6 Type 2

MTU info received

9

Time Exceeded - Hop Limit

ICMPv6 Type 3 Code 0

TTL expired message received

10

Time Exceeded - Fragment Reassembly

ICMPv6 Type 3 Code 1

Reassembly timeout message

11

Parameter Problem - Erroneous Header

ICMPv6 Type 4 Code 0

Header issue reported

12

Parameter Problem - Unknown Next Header

ICMPv6 Type 4 Code 1

Error message received

13

Parameter Problem - Unrecognized Option

ICMPv6 Type 4 Code 2

Error message received

14

Echo Request with Payload

Send with data

Echo Reply includes same data

15

Echo Request to Multicast

Send to ff02::1

Replies from reachable nodes

16

Echo Request to Link-Local

Send to fe80::/10

Reply from local node

17

Echo Request with Flow Label

Set flow label

Echo Reply received

18

Echo Request with Extension Header

Add EH

Echo Reply received

19

Echo Request with Fragment Header

Fragmented packet

Echo Reply received

20

Echo Request with Jumbo Payload

Send > 1500 bytes

Echo Reply or error

21

Echo Request with Invalid Checksum

Corrupt checksum

Packet discarded

22

Echo Request with Invalid Type

Use undefined type

Packet discarded

23

Echo Request with Invalid Code

Use undefined code

Packet discarded

24

Echo Request with Truncated Header

Incomplete header

Packet discarded

25

Echo Request with Spoofed Source

Use fake source IP

Reply sent to spoofed address

26

Destination Unreachable with UDP

Send to closed port

Port Unreachable received

27

Destination Unreachable with TCP

Send to unreachable host

Address Unreachable received

28

Packet Too Big with DF Set

Send large packet

MTU info received

29

Time Exceeded with TTL = 1

TTL expires

Time Exceeded message

30

Parameter Problem with Unknown Header

Use unsupported header

Error message received

31

Parameter Problem with Invalid Option

Use malformed option

Error message received

32

Echo Request with Hop-by-Hop Options

Add HBH

Echo Reply received

33

Echo Request with Routing Header

Add RH

Echo Reply received

34

Echo Request with Authentication Header

Use AH

Echo Reply received if valid

35

Echo Request with ESP

Use ESP

Echo Reply received if decrypted

36

Echo Request with Jumbo Option

Use jumbo payload option

Echo Reply received

37

Echo Request with Invalid MTU

MTU < 1280

Packet Too Big generated

38

Echo Request with Invalid Source

Use multicast source

Packet discarded

39

Echo Request with Invalid Destination

Use invalid address

Destination Unreachable

40

Echo Request with Loopback

Send to ::1

Reply received locally

41

Echo Request with Broadcast

Send to all-nodes multicast

Replies from all nodes

42

Echo Request with VLAN

Send over VLAN

Echo Reply received

43

Echo Request with VRF

Send in VRF

Echo Reply scoped to VRF

44

Echo Request with NAT66

Send through NAT66

Echo Reply translated

45

Echo Request with Firewall

ICMPv6 allowed

Echo Reply received

46

Echo Request with ACL

ICMPv6 blocked

No reply received

47

Echo Request with Logging

Enable logging

ICMPv6 events logged

48

Echo Request with SNMP Monitoring

Monitor ICMPv6

Stats updated

49

Echo Request with Rate Limiting

Send many requests

Excess packets dropped

50

Echo Request with Packet Capture

Use Wireshark

ICMPv6 packets visible

Multicast-Based Communication - Testcases

Multicast-Based Communication - Test Cases

#

Test Case

Description

Expected Result

1

NS to Solicited-Node Multicast

Send NS to ff02::1:ffXX:XXXX

Target responds with NA

2

NA to Unicast

Send NA to soliciting node

Solicitor updates neighbor cache

3

RS to All-Routers Multicast

Send RS to ff02::2

Routers respond with RA

4

RA to All-Nodes Multicast

Send RA to ff02::1

All hosts receive RA

5

Redirect to Unicast

Send redirect to host

Host updates route

6

Echo Request to Multicast

Send to ff02::1

Replies from all reachable nodes

7

Echo Request to ff02::2

Send to all routers

Routers respond

8

MLD Query to ff02::1

Send MLD query

Hosts respond with reports

9

MLD Report to ff02::16

Send report

Routers update group membership

10

MLD Done to ff02::2

Send done message

Routers prune group

11

NS with SLLAO

Include Source Link-Layer Address Option

Target updates cache

12

NA with TLLAO

Include Target Link-Layer Address Option

Solicitor updates cache

13

RA with Prefix Info

Include PIO

Hosts configure address

14

RA with MTU Option

Include MTU

Hosts update MTU

15

RA with RDNSS Option

Include DNS info

Hosts update DNS settings

16

RA with DNSSL Option

Include search list

Hosts update domain search list

17

Multicast Scope - Link-Local

Use ff02::1

Only link-local nodes respond

18

Multicast Scope - Site-Local

Use ff05::1

Site-local nodes respond

19

Multicast Scope - Organization

Use ff08::1

Org-wide nodes respond

20

Multicast Scope - Global

Use ff0e::1

Global nodes respond (if allowed)

21

NS to Multicast with Invalid MAC

Use wrong MAC

No NA received

22

NA to Multicast

Send unsolicited NA

All nodes update cache

23

RS to Multicast with Invalid Source

Use non-link-local source

Packet discarded

24

RA to Multicast with Invalid Prefix

Use invalid prefix

Hosts ignore prefix

25

MLD Query with Invalid Group

Use invalid group address

Hosts ignore query

26

MLD Report with Invalid Scope

Use invalid scope

Routers ignore report

27

MLD Done with No Membership

Send done without join

Routers ignore

28

Multicast Join via MLD

Host joins group

MLD report sent

29

Multicast Leave via MLD

Host leaves group

MLD done sent

30

Multicast Listener Discovery

Enable MLDv2

Group membership tracked

31

Multicast with VLAN

Send over VLAN

Multicast functions correctly

32

Multicast with VRF

Send in VRF

Scoped to VRF

33

Multicast with QoS

Set DSCP bits

QoS preserved

34

Multicast with Fragmentation

Send large packet

Reassembled correctly

35

Multicast with Extension Headers

Add EH

Packet processed correctly

36

Multicast with Hop-by-Hop Options

Add HBH

Packet processed correctly

37

Multicast with Routing Header

Add RH

Packet processed correctly

38

Multicast with Authentication Header

Add AH

Packet accepted if valid

39

Multicast with ESP

Add ESP

Packet decrypted if valid

40

Multicast with Invalid Checksum

Corrupt checksum

Packet discarded

41

Multicast with Invalid Type

Use undefined type

Packet discarded

42

Multicast with Invalid Code

Use undefined code

Packet discarded

43

Multicast with Truncated Header

Incomplete header

Packet discarded

44

Multicast with Spoofed Source

Use fake source IP

Replies sent to spoofed address

45

Multicast Flooding

Send excessive multicast

Host rate-limits processing

46

Multicast Filtering

Block multicast in firewall

No packets received

47

Multicast Logging

Enable logging

Multicast events logged

48

Multicast with Packet Capture

Use Wireshark

Multicast packets visible

49

Multicast with SNMP Monitoring

Monitor ICMPv6

Multicast stats visible

50

Multicast with Rate Limiting

Apply ICMPv6 rate limit

Excess multicast packets dropped

Security-Aware Design - Testcases

Security-Aware Design - Test Cases

#

Test Case

Description

Expected Result

1

Validate ICMPv6 Checksum

Send packet with invalid checksum

Packet discarded

2

Validate Message Type

Use undefined ICMPv6 type

Packet discarded

3

Validate Message Code

Use undefined code

Packet discarded

4

Validate Header Length

Send truncated header

Packet discarded

5

Validate Payload Length

Send oversized payload

Packet discarded

6

Validate Source Address

Use multicast source

Packet discarded

7

Validate Destination Address

Use invalid destination

Packet discarded

8

Validate Scope of Multicast

Use global scope for local message

Packet discarded

9

Validate Router Solicitation Source

Use non-link-local source

RS discarded

10

Validate Router Advertisement Prefix

Use invalid prefix length

Prefix ignored

11

Validate MTU Option

Use MTU < 1280

MTU option ignored

12

Validate Redirect Target

Use unreachable target

Redirect ignored

13

Validate NS with SLLAO

Use invalid MAC address

Target ignores NS

14

Validate NA with TLLAO

Use spoofed MAC address

Host ignores NA

15

Validate NA Flags

Use invalid flag combination

NA ignored

16

Validate RA Lifetime

Use excessive router lifetime

Lifetime capped

17

Validate RA Prefix Lifetime

Use invalid prefix lifetime

Prefix ignored

18

Validate RDNSS Option

Use invalid DNS address

Option ignored

19

Validate DNSSL Option

Use malformed domain list

Option ignored

20

Validate Fragment Header

Use invalid offset

Packet discarded

21

Validate Routing Header

Use deprecated RH type

Packet discarded

22

Validate Hop-by-Hop Options

Use malformed HBH

Packet discarded

23

Validate Authentication Header

Use invalid AH

Packet discarded

24

Validate ESP Header

Use invalid ESP

Packet discarded

25

Validate Jumbo Payload Option

Use invalid jumbo length

Packet discarded

26

Validate ICMPv6 Rate Limit

Send excessive messages

Excess packets dropped

27

Validate NS Rate Limit

Send frequent NS

Host rate-limits responses

28

Validate NA Rate Limit

Send frequent NA

Host rate-limits updates

29

Validate RA Rate Limit

Send frequent RA

Host rate-limits processing

30

Validate Redirect Rate Limit

Send frequent redirects

Host limits updates

31

Validate MLD Query Rate

Send frequent MLD queries

Hosts limit responses

32

Validate MLD Report Rate

Send frequent reports

Routers limit processing

33

Validate MLD Done Rate

Send frequent done messages

Routers ignore excess

34

Validate Duplicate Address Detection

Send NS for own address

Conflict detected securely

35

Validate SLAAC Prefix

Use unauthorized prefix

Host ignores prefix

36

Validate RA Source

Use unauthorized router

Host ignores RA

37

Validate Redirect Source

Use unauthorized gateway

Host ignores redirect

38

Validate NS Spoofing

Use spoofed source IP

Host ignores NS

39

Validate NA Spoofing

Use spoofed target IP

Host ignores NA

40

Validate RA Spoofing

Use fake router info

Host ignores RA

41

Validate Redirect Spoofing

Use fake redirect

Host ignores redirect

42

Validate Replay Protection

Replay old ICMPv6 messages

Host ignores duplicates

43

Validate Message Integrity

Use tampered message

Host discards packet

44

Validate IPsec Integration

Use IPsec with ICMPv6

Message authenticated

45

Validate Firewall Filtering

Block ICMPv6 types

Messages dropped securely

46

Validate ACL Enforcement

Apply access control

ICMPv6 filtered as per policy

47

Validate VRF Isolation

Send in VRF

ICMPv6 scoped to VRF

48

Validate VLAN Isolation

Send over VLAN

ICMPv6 scoped to VLAN

49

Validate Logging

Enable logging

ICMPv6 events recorded

50

Validate SNMP Monitoring

Monitor ICMPv6 stats

Alerts on anomalies

Extensible Message Format - Testcases

Extensible Message Format - Test Cases

#

Test Case

Description

Expected Result

1

Validate EMF header presence

Send ICMPv6 packet with EMF

EMF header is correctly identified

2

Validate EMF header absence

Send ICMPv6 packet without EMF

EMF header is not present

3

Validate EMF version field

Send EMF with version = 1

Version field is parsed as 1

4

Invalid EMF version

Send EMF with version = 255

Packet is dropped or flagged

5

Validate EMF length field

Send EMF with correct length

Length is parsed correctly

6

Invalid EMF length

Send EMF with incorrect length

Packet is rejected

7

Validate EMF checksum

Send EMF with valid checksum

Checksum is verified

8

Invalid EMF checksum

Send EMF with corrupted checksum

Packet is discarded

9

Validate multiple TLVs

Send EMF with multiple TLVs

All TLVs are parsed correctly

10

Validate unknown TLV type

Send EMF with unknown TLV

TLV is ignored, rest processed

11

Validate TLV length mismatch

TLV length doesn’t match data

Packet is flagged

12

Validate nested TLVs

Send nested TLVs in EMF

Nested TLVs are parsed

13

Validate TLV padding

Send TLVs with padding

Padding is ignored

14

Validate TLV alignment

Send misaligned TLVs

Packet is flagged

15

Validate TLV order

Send TLVs in random order

Order is preserved

16

Validate TLV duplication

Duplicate TLVs in EMF

All instances are parsed

17

Validate TLV truncation

Truncated TLV in EMF

Packet is dropped

18

Validate TLV overflow

TLV length exceeds EMF length

Packet is rejected

19

Validate TLV underflow

TLV length less than actual

Packet is flagged

20

Validate TLV with zero length

TLV with length = 0

TLV is ignored

21

Validate TLV with max length

TLV with max allowed length

TLV is accepted

22

Validate EMF with no TLVs

EMF header only

Packet is accepted

23

Validate EMF with invalid type

EMF type not recognized

Packet is dropped

24

Validate EMF with reserved fields

Reserved fields set

Packet is flagged

25

Validate EMF with future version

Version > current

Packet is ignored or logged

26

Validate EMF in Echo Request

Send Echo Request with EMF

EMF is parsed

27

Validate EMF in Echo Reply

Send Echo Reply with EMF

EMF is parsed

28

Validate EMF in Router Solicitation

Send RS with EMF

EMF is parsed

29

Validate EMF in Router Advertisement

Send RA with EMF

EMF is parsed

30

Validate EMF in Neighbor Solicitation

Send NS with EMF

EMF is parsed

31

Validate EMF in Neighbor Advertisement

Send NA with EMF

EMF is parsed

32

Validate EMF in Redirect

Send Redirect with EMF

EMF is parsed

33

Validate EMF in Parameter Problem

Send Parameter Problem with EMF

EMF is parsed

34

Validate EMF in Time Exceeded

Send Time Exceeded with EMF

EMF is parsed

35

Validate EMF in Packet Too Big

Send Packet Too Big with EMF

EMF is parsed

36

Validate EMF with extension headers

EMF after extension headers

EMF is parsed correctly

37

Validate EMF with fragmentation

Fragmented packet with EMF

EMF is reassembled and parsed

38

Validate EMF with jumbo payload

Jumbo payload with EMF

EMF is parsed

39

Validate EMF with encryption

Encrypted payload with EMF

EMF is not parsed (encrypted)

40

Validate EMF with authentication

Authenticated packet with EMF

EMF is parsed post-authentication

41

Validate EMF with malformed TLV

Corrupted TLV structure

Packet is dropped

42

Validate EMF with unsupported TLV

TLV type not implemented

TLV is ignored

43

Validate EMF with vendor-specific TLV

Custom TLV type

TLV is parsed if supported

44

Validate EMF with experimental TLV

Experimental TLV type

TLV is parsed or ignored

45

Validate EMF with duplicate headers

Two EMF headers

Packet is dropped

46

Validate EMF with trailing data

Extra data after TLVs

Data is ignored

47

Validate EMF with compressed TLVs

Compressed TLV format

TLVs are decompressed and parsed

48

Validate EMF with invalid encoding

Non-UTF8 TLV data

Packet is flagged

49

Validate EMF with large number of TLVs

100+ TLVs in EMF

All TLVs are parsed

50

Validate EMF performance

High throughput EMF traffic

No packet loss or delay

No Fragmentation Support - Testcases

No Fragmentation Support - Test Cases

#

Test Case

Description

Expected Result

1

Send oversized IPv6 packet

Send a packet larger than MTU without fragmentation

Packet dropped, ICMPv6 “Packet Too Big” sent

2

Send packet equal to MTU

Send a packet exactly equal to MTU

Packet delivered successfully

3

Send packet smaller than MTU

Send a small packet

Packet delivered successfully

4

Fragmented packet from sender

Send a fragmented packet

Packet dropped, ICMPv6 error generated

5

Intermediate router fragmentation

Router attempts to fragment

Packet dropped, ICMPv6 error sent

6

Verify ICMPv6 “Packet Too Big” code

Check ICMPv6 error code correctness

Code is 2 (Packet Too Big)

7

Verify MTU in ICMPv6 message

Check MTU field in ICMPv6 message

MTU field correctly populated

8

Send packet with DF bit set

Send packet with Don’t Fragment bit

Packet dropped, ICMPv6 error sent

9

Send packet with DF bit unset

DF bit ignored in IPv6

Packet processed normally

10

Send packet with extension headers

Include headers that increase size

Packet dropped if size > MTU

11

Test with tunnel encapsulation

Encapsulate IPv6 in IPv6

Outer packet size checked

12

Test with IPsec ESP

Use IPsec ESP headers

Packet dropped if size > MTU

13

Test with IPsec AH

Use IPsec AH headers

Packet dropped if size > MTU

14

Send packet with jumbo payload

Use jumbo payload option

Packet dropped if unsupported

15

Send packet to unreachable MTU path

Path MTU < packet size

ICMPv6 “Packet Too Big” sent

16

Path MTU discovery

Trigger PMTUD

ICMPv6 message received

17

PMTUD with ICMPv6 filtering

Block ICMPv6 messages

PMTUD fails, connection stalls

18

PMTUD with ICMPv6 allowed

Allow ICMPv6

PMTUD succeeds

19

Send packet with hop-by-hop header

Add hop-by-hop header

Packet dropped if size > MTU

20

Send packet with routing header

Add routing header

Packet dropped if size > MTU

21

Send packet with destination options

Add destination options

Packet dropped if size > MTU

22

Send packet with unknown extension

Use unknown header

Packet dropped

23

Send packet with multiple headers

Combine headers

Packet dropped if size > MTU

24

Send packet with padding

Add padding to exceed MTU

Packet dropped

25

Send packet with compressed header

Use header compression

Packet delivered if size ? MTU

26

Send packet with fragmented UDP payload

Fragment UDP manually

Packet dropped

27

Send packet with fragmented TCP payload

Fragment TCP manually

Packet dropped

28

Send packet with fragmented ICMPv6 payload

Fragment ICMPv6

Packet dropped

29

Send packet with fragmented SCTP payload

Fragment SCTP

Packet dropped

30

Send packet with fragmented GRE tunnel

Fragment GRE

Packet dropped

31

Send packet with fragmented MPLS

Fragment MPLS

Packet dropped

32

Send packet with fragmented L2TP

Fragment L2TP

Packet dropped

33

Send packet with fragmented VXLAN

Fragment VXLAN

Packet dropped

34

Send packet with fragmented GTP

Fragment GTP

Packet dropped

35

Send packet with fragmented DNS payload

Fragment DNS

Packet dropped

36

Send packet with fragmented HTTP payload

Fragment HTTP

Packet dropped

37

Send packet with fragmented HTTPS payload

Fragment HTTPS

Packet dropped

38

Send packet with fragmented FTP payload

Fragment FTP

Packet dropped

39

Send packet with fragmented SMTP payload

Fragment SMTP

Packet dropped

40

Send packet with fragmented SNMP payload

Fragment SNMP

Packet dropped

41

Send packet with fragmented VoIP payload

Fragment VoIP

Packet dropped

42

Send packet with fragmented video stream

Fragment video

Packet dropped

43

Send packet with fragmented audio stream

Fragment audio

Packet dropped

44

Send packet with fragmented gaming traffic

Fragment game data

Packet dropped

45

Send packet with fragmented IoT data

Fragment IoT packet

Packet dropped

46

Send packet with fragmented telemetry

Fragment telemetry

Packet dropped

47

Send packet with fragmented syslog

Fragment syslog

Packet dropped

48

Send packet with fragmented NetFlow

Fragment NetFlow

Packet dropped

49

Send packet with fragmented sFlow

Fragment sFlow

Packet dropped

50

Send packet with fragmented BGP update

Fragment BGP

Packet dropped

Rate Limiting - Testcases

Rate Limiting - Test Cases

#

Test Case

Description

Expected Result

1

Basic Echo Request

Send a single ICMPv6 Echo Request

Echo Reply received

2

Burst Echo Requests

Send 100 Echo Requests in 1 second

Some replies dropped due to rate limiting

3

Sustained Echo Requests

Send 10 Echo Requests per second for 1 minute

Replies throttled after threshold

4

Echo Request from Multiple Sources

Send Echo Requests from 5 different IPs

Rate limiting applied per source

5

Echo Request to Multiple Destinations

Send Echo Requests to 5 different destinations

Rate limiting applied per destination

6

Fragmented ICMPv6 Packets

Send fragmented Echo Requests

Rate limiting still applies

7

Malformed ICMPv6 Packet

Send malformed ICMPv6 packet

Packet dropped, no reply

8

ICMPv6 Redirect Flood

Send 100 Redirect messages in 1 second

Most redirects dropped

9

ICMPv6 Parameter Problem Flood

Send 100 Parameter Problem messages

Rate limiting enforced

10

ICMPv6 Packet Too Big Flood

Send 100 Packet Too Big messages

Rate limiting enforced

11

ICMPv6 Time Exceeded Flood

Send 100 Time Exceeded messages

Rate limiting enforced

12

Rate Limit Recovery

Send burst, wait, then send again

Replies resume after cooldown

13

Rate Limit Logging

Check logs after flood

Logs show rate limiting events

14

Rate Limit Threshold Test

Send just below threshold

All replies received

15

Rate Limit Threshold Breach

Send just above threshold

Some replies dropped

16

ICMPv6 Rate Limit Config Check

Verify system config

Rate limit values match expected

17

ICMPv6 Rate Limit Disabled

Disable rate limiting

All packets replied

18

ICMPv6 Rate Limit Enabled

Enable rate limiting

Excess packets dropped

19

ICMPv6 Rate Limit per Interface

Test on multiple interfaces

Rate limiting per interface

20

ICMPv6 Rate Limit per Protocol Type

Test Echo vs Redirect

Separate limits enforced

21

ICMPv6 Rate Limit with QoS

Apply QoS to ICMPv6

High-priority packets still limited

22

ICMPv6 Rate Limit with Firewall

Enable firewall

Rate limiting still applies

23

ICMPv6 Rate Limit with NAT

Test behind NAT

Rate limiting applies to internal IPs

24

ICMPv6 Rate Limit with VPN

Test over VPN tunnel

Rate limiting applies

25

ICMPv6 Rate Limit with IPv4 Tunnel

ICMPv6 over IPv4 tunnel

Rate limiting applies

26

ICMPv6 Rate Limit with IPv6 Tunnel

ICMPv6 over IPv6 tunnel

Rate limiting applies

27

ICMPv6 Rate Limit with Extension Headers

Add headers

Rate limiting still applies

28

ICMPv6 Rate Limit with Jumbo Frames

Send large packets

Rate limiting applies

29

ICMPv6 Rate Limit with Multicast

Send to multicast address

Rate limiting applies

30

ICMPv6 Rate Limit with Broadcast

Send to all-nodes address

Rate limiting applies

31

ICMPv6 Rate Limit with SLAAC

Trigger SLAAC messages

Rate limiting applies

32

ICMPv6 Rate Limit with Router Advertisements

Send RAs rapidly

Rate limiting enforced

33

ICMPv6 Rate Limit with Router Solicitations

Send RS rapidly

Rate limiting enforced

34

ICMPv6 Rate Limit with Neighbor Solicitation

Send NS rapidly

Rate limiting enforced

35

ICMPv6 Rate Limit with Neighbor Advertisement

Send NA rapidly

Rate limiting enforced

36

ICMPv6 Rate Limit with Duplicate Address Detection

Trigger DAD

Rate limiting does not interfere

37

ICMPv6 Rate Limit with Link-Local Address

Use link-local source

Rate limiting applies

38

ICMPv6 Rate Limit with Global Address

Use global source

Rate limiting applies

39

ICMPv6 Rate Limit with Unspecified Address

Use :: as source

Packet dropped

40

ICMPv6 Rate Limit with Loopback Address

Use ::1

Rate limiting applies

41

ICMPv6 Rate Limit with Hop Limit = 1

Send with low hop limit

Packet dropped before rate limiting

42

ICMPv6 Rate Limit with Hop Limit = 255

Send with max hop limit

Rate limiting applies

43

ICMPv6 Rate Limit with DSCP Marking

Mark packets

Rate limiting applies regardless

44

ICMPv6 Rate Limit with Fragmentation Attack

Send overlapping fragments

Packet dropped

45

ICMPv6 Rate Limit with Replay Attack

Replay old packets

Rate limiting applies

46

ICMPv6 Rate Limit with Spoofed Source

Use fake IPs

Rate limiting applies

47

ICMPv6 Rate Limit with Legitimate Traffic

Mix good and bad traffic

Only excess ICMPv6 dropped

48

ICMPv6 Rate Limit with CPU Load

High CPU load

Rate limiting still enforced

49

ICMPv6 Rate Limit with Memory Pressure

Low memory

Rate limiting still enforced

50

ICMPv6 Rate Limit with System Reboot

Reboot system

Rate limiting resets

  • Reference links