ICMPv6

Internet Control Message Protocol version 6 (ICMPv6) maintains and improves on features from ICMP for IPv4.

ICMPv6 reports the delivery of forwarding errors.

For example:

Destination unreachable
Packet too big (path MTU)
Time exceeded (fragmentation)
Parameter problem

ICMPv6 also delivers information messages such as ping, otherwise known as

Echo request
Echo reply

Important

By providing a framework for informational messages, ICMPv6 plays an important role in IPv6 features such as

Neighbor discovery (ND)
Path MTU discovery
Multicast Listener Discovery (MLD)

You can identify an IPv6 ICMP packet because the Next Header field in the IPv6 packet header is 58.

Internet Protocol Security (IPsec) with ICMPv6

You can configure IPsec with ICMPv6. For a configuration example of IPsec with ICMPv6, see IPsec with ICMPv6 configuration example.

Fragmented ICMP Packet Filtering

ICMP fragmentation distributed denial-of-service (DDoS) attacks flood the destination resources with fragmented packets and overwhelm the network because of massive volumes of traffic. With Fragmented ICMP packet filtering, the system inspects each incoming IPv6 ICMP packet to determine if it should drop the packet or forward it.

You can configure ICMP packet filtering globally, on a specific VRF, and on the following management interfaces:

Out-of-Band (OOB) management
Circuitless IP (CLIP) management
VLAN management