Subnet connected by Router:

Consider the network in above figure . If host 1 wants to send a packet to host 2 or host 3, it will send it to router 1 to take care of the forwarding. As a router, router 1 will know how to deliver the packet either to host 2 or router 2, which in turn delivers it to host 3. But what happens when host 2 wants to send a packet to host 3? It only has a list of default routers that contains both router 1 and router 2, so there is a 50% chance that it will send the packet to router 1 instead of router 2. Router 1 knows that it should send the packet to router 2 to forward it to host 3 and it will do so. Router 1 also knows that host 2 and router 2 are connected to the same subnet and therefore future packets from host 2 to host 3 should be sent from host 2 directly to router 2. So it sends an ICMPv6 redirect message to host 2, telling it to send all future packets to host 3 via router 2. When host 2 receives the redirect, it stores it in its destination cache. The destination cache is effectively a routing table that gathers and updates host routes through redirect messagesin fact, depending on the implementation the destination cache is the routing table and the routes discovered are stored there and marked as dy namic. Neighbor unreachability detection ensures that outdated entries dont cause any harm: When the router associated with an entry becomes unavailable, the entry is discarded.

Stateless autoconfiguration and ICMPv6 redirects together provide redundant routing services to hosts without running a dy namic routing service on the hosts involved. Somewhat surprisingly , there are no timeouts defined for the destination cache entries: A host will discard entries if the cache grows too large, but since stale entries are detected by neighbor unreachability detection it doesnt make sense to discard entries based on a timeout.

ICMPv6 Redirect Protocol Details :

ICMPv6 redirects provide a mechanism that lets a router notify a host about a better route to a destination. In our scenario above we have discussed the case that another router is closer to the destination than the one sending the redirect. Additionally , ICMPv6 redirects may be used to notify a host that a destination is on-link, or directly connected to the same subnet. In a clean network these redirects shouldnt occur, but if y ou have multiple network prefixes configured on a subnet and different hosts for some reason have inconsistent prefix configurations, then these redirects are useful. Only hosts accept ICMPv6 redirects; routers are explicitly forbidden to listen to them. Otherwise routers could be easily manipulated to forward packets to an attacker instead of the real destination. And if the router accepted ICMPv6 redirects and subsequently sent similar ICMPv6 redirects itself, then a single bad ICMPv6 redirect could result in a self-perpetuating broken routing configuration.

Figure shows how redirects are sent. Host 2 from the example sends a packet via router 1 which then decides from its routing table that router 2 was closer to host 3 than router 1. Router 1 still forwards the packet to router 2. Then it sends an ICMPv6 redirect to the host to notify it about the better route via router 2. The IPv6 header of a redirect must have a link-local address as its source address and a hop limit of 255 when it arrives at the host; otherwise the host must discard the packet. If the hop limit was less, then the ICMPv6 redirect itself may have passed through a router, which doesnt make senseunless somebody outside tries to send spoofed redirects.