IPv6- Duplicate Address Detection (DAD)

All devices in an IPv6 network are required to have a link-local unicast address, starting with FE80::/64. The device can generate the other 64bit half by the EUI-64 method or by generating random value.

But, before a device starts using the self-generating address, it needs to check if the address is being used already by any other device. This is achieved through a process called Duplicate Address Detection (DAD).

DAD leverages Neighbor Solicitation and Neighbor Advertisement messages.

Suppose, C wants to join the local network. C generates a tentative unicast link-local address using EUI-64 based on its MAC address.

• C sends a neighbor solicitation message to check if anyone else is using this address. This message has info about the destination address in the ethernet header.
• 33–33 is the prefix for solicited-node multicast. The last 48 bits are mapped from the destination IPv6 solicit-node multicast address (ff02::1:ffcc:cccc). This packet is only listened to by a device that shares the same last 24 bits in its MAC address (cc-cc-cc).
• Looking at the IPv6 header in the solicited-node multicast message, the source address is unspecified (::) because DAD is in progress.
• Destination IPv6 address is the solicited-node multicast address for C’s link-local address (ff02::1:ffcc:cccc). This address gets mapped to the Ethernet MAC address with the device sharing the last 24 bits with C’s MAC address.
• The hop limit is set to 255 by default.
• Looking at the target address inside the ICMPv6 header is the same as C’s link-local address which needs to be checked.
• C waits for a second to get any response from other devices on the network. If a duplicate is detected, C determines that the link-local address generated can’t be used and generates another random value to get a new one and checks again. If no duplication is detected the tentative address gets assigned to the device for use.

Note: Normally the chances of duplication are low unless a MAC spoofing attack is being carried out on the network.