For IPv6, TCP/IP uses the neighbor discovery protocol, which provides the following functions:
TCP/IP also uses multicast listener discovery (MLD), which notifies routers that nodes are ready to receive multicast packets.
Neighbor discovery and MLD are implemented using ICMPv6 packets.
When the stack is enabled for IP security for IPv6, TCP/IP performs IP filtering for these packets and denies these packets by default. You must consider these packets when configuring filter rules for IPv6. For example, if you configure permit rules for IPv6 TCP or UDP traffic over an OSA-Express QDIO interface, but do not configure permit rules for the neighbor discovery address resolution flows over the interface, the traffic will not succeed because the stack denies the ICMPv6 neighbor solicitation and neighbor advertisement packets during address resolution. Also, you must configure permit filter rules for neighbor solicitation and neighbor advertisement packets, so that the stack can perform duplicate address detection (and learn about valid duplicate addresses).
In addition, for the stack to be able to learn about neighbors, you must configure permit filter rules for outbound router solicitations and inbound router advertisements. Similarly, for the stack to be able to perform the MLD listener function, you must configure permit filter rules for outbound MLD listener reports and inbound MLD listener query packets.
For example filter rules to permit neighbor discovery and MLD packets, see the TCP/IP sample profile and policy sample.