06-Layer 3 - IP Routing Configuration Guide

HomeSupportResource CenterRoutersH3C SR8800 Series RoutersH3C SR8800Technical DocumentsConfigureConfiguration GuideH3C SR8800 Configuration Guide-Release3347-6W10306-Layer 3 - IP Routing Configuration Guide
10-OSPFv3 Configuration
Title Size Download
10-OSPFv3 Configuration 331.67 KB

Contents

Configuring OSPFv3· 1

Introduction to OSPFv3· 1

OSPFv3 overview·· 1

OSPFv3 packets 1

OSPFv3 LSA types 2

OSPFv3 timers 2

OSPFv3 features supported· 3

Protocols and standards 3

OSPFv3 configuration task list 3

Enabling OSPFv3· 4

Configuration prerequisites 4

Enabling OSPFv3· 4

Configuring OSPFv3 area parameters 5

Configuration prerequisites 5

Configuring an OSPFv3 stub area· 5

Configuring an OSPFv3 virtual link· 6

Configuring OSPFv3 network types 6

Configuration prerequisites 7

Configuring the OSPFv3 network type for an interface· 7

Configuring an NBMA or P2MP neighbor 7

Configuring OSPFv3 routing information control 7

Configuration prerequisites 7

Configuring OSPFv3 route summarization· 8

Configuring OSPFv3 inbound route filtering· 8

Configuring an OSPFv3 cost for an interface· 8

Configuring the maximum number of OSPFv3 load-balanced routes 9

Configuring a priority for OSPFv3· 9

Configuring OSPFv3 route redistribution· 10

Tuning and optimizing OSPFv3 networks 10

Configuration prerequisites 11

Configuring OSPFv3 timers 11

Configuring a DR priority for an interface· 12

Ignoring MTU check for DD packets 12

Disabling interfaces from receiving and sending OSPFv3 packets 12

Enabling the logging of neighbor state changes 13

Configuring OSPFv3 GR· 13

Configuring GR Restarter 14

Configuring GR Helper 14

Configuring BFD for OSPFv3· 14

Applying IPsec policies for OSPFv3· 15

Displaying and maintaining OSPFv3· 16

OSPFv3 configuration examples 17

Configuring OSPFv3 areas 17

Configuring OSPFv3 DR election· 21

Configuring OSPFv3 route redistribution· 24

Configuring OSPFv3 GR· 27

Configuring BFD for OSPFv3· 29

Configuring OSPFv3 IPsec policies 32

Troubleshooting OSPFv3 configuration· 35

No OSPFv3 neighbor relationship established· 35

Incorrect routing information· 36

 


Configuring OSPFv3

 

 

NOTE:

The term router in this document refers to both routers and Layer 3 switches.

 

Introduction to OSPFv3

OSPFv3 overview

Open Shortest Path First version 3 (OSPFv3) supports IPv6 and complies with RFC 2740 (OSPF for IPv6).

OSPFv3 and OSPFv2 have the following similarities:

·           32 bits router ID and area ID

·           Packets, including Hello, DD (Data Description), LSR (Link State Request), LSU (Link State Update), LSAck (Link State Acknowledgment)

·           Mechanism for finding neighbors and establishing adjacencies

·           Mechanism for LSA flooding and aging

OSPFv3 and OSPFv2 have the following differences:

·           OSPFv3 runs on a per-link basis, instead of on a per-IP-subnet basis.

·           OSPFv3 supports multiple instances per link.

·           OSPFv3 identifies neighbors by Router ID, and OSPFv2 by IP address.

OSPFv3 packets

OSPFv3 has the following packet types: hello, DD, LSR, LSU, and LSAck. These packets have the same packet header, which is different from the OSPFv2 packet header. The OSPFv3 packet header is only 16 bytes in length, and has no authentication field, but is added with an Instance ID field to support VPN per link.

Figure 1 OSPFv3 packet header

 

Major fields:

·           Version #—Version of OSPF, which is 3 for OSPFv3.

·           Type—Type of OSPF packet; types 1 to 5 are hello, DD, LSR, LSU, and LSAck respectively.

·           Packet Length—Packet length in bytes, including header.

·           Instance ID—Instance ID for a link.

·           0—Reserved. It must be 0.

OSPFv3 LSA types

OSPFv3 sends routing information in LSAs, which as defined in RFC 2740 have the following types:

·           Router-LSA—Originated by all routers. This LSA describes the collected states of the router's interfaces to an area, and is flooded throughout a single area only.

·           Network-LSA—Originated for broadcast and NBMA networks by the Designated Router. This LSA contains the list of routers connected to the network, and is flooded throughout a single area only.

·           Inter-Area-Prefix-LSA—Similar to Type 3 LSA of OSPFv2, originated by ABRs (Area Border Routers), and flooded throughout the LSA's associated area. Each Inter-Area-Prefix-LSA describes a route with IPv6 address prefix to a destination outside the area, yet still inside the AS (an inter-area route).

·           Inter-Area-Router-LSA—Similar to Type 4 LSA of OSPFv2, originated by ABRs and flooded throughout the LSA's associated area. Each Inter-Area-Router-LSA describes a route to ASBR (Autonomous System Boundary Router).

·           AS-external-LSA—Originated by ASBRs, and flooded throughout the AS (except Stub and NSSA areas). Each AS-external-LSA describes a route to another Autonomous System. A default route can be described by an AS external LSA.

·           Link-LSA—A router originates a separate Link-LSA for each attached link. Link-LSAs have link-local flooding scope. Each Link-LSA describes the IPv6 address prefix of the link and Link-local address of the router.

·           Intra-Area-Prefix-LSAEach Intra-Area-Prefix-LSA contains IPv6 prefix information on a router, stub area or transit area information, and has area flooding scope. It was introduced because Router-LSAs and Network-LSAs contain no address information now.

RFC 5187 defines the Type 11 LSA, Grace-LSA. A Grace-LSA is generated by a GR (Graceful Restart) Restarter at reboot and transmitted on the local link. The restarter describes the cause and interval of the reboot in the Grace-LSA to tell its neighbors that it performs a GR operation.

OSPFv3 timers

OSPFv3 includes the following timers:

·           OSPFv3 packet timer

·           LSA delay timer

·           SPF timer

·           GR timer

OSPFv3 packet timer

Hello packets are sent periodically between neighboring routers for finding and maintaining neighbor relationships, or for DR/BDR election. The hello interval must be identical on neighboring interfaces. The smaller the hello interval, the faster the network convergence speed and the bigger the network load.

If a router receives no hello packet from a neighbor within a given period, it will declare the peer as down. The period is the dead interval.

After sending an LSA to its adjacency, a router waits for an acknowledgment from the adjacency. If no response is received after the retransmission interval elapses, the router will send the LSA again. The retransmission interval must be longer than the round-trip time of the LSA.

LSA delay timer

Each LSA has an age in the local LSDB (incremented by 1 per second), but an LSA does not age on transmission. You must add an LSA delay time into the age time before transmission, which is important for low-speed networks.

SPF timer

Whenever the LSDB changes, an SPF calculation happens. If recalculations become more frequent, a large amount of resources will be occupied. You can adjust the SPF calculation interval and delay time to protect networks from being overloaded due to frequent changes.

GR timer

If a failure to establish adjacencies occurs during a GR, the router will be in the GR process for a long time. To avoid this, you can configure the GR timer for the router to exit the GR process when the timer expires.

OSPFv3 features supported

·           Basic features defined in RFC 2740

·           OSPFv3 stub area

·           OSPFv3 multi-process

·           VPN instances

·           OSPFv3 GR

·           BFD

Protocols and standards

·           RFC 2740, OSPF for IPv6

·           RFC 2328, OSPF Version 2

·           RFC 5187, OSPFv3 Graceful Restart

OSPFv3 configuration task list

Complete the following tasks to configure OSPFv3:

 

Task

Remarks

Enabling OSPFv3

Required

Configuring OSPFv3 area parameters

Configuring an OSPFv3 stub area

Optional

Configuring an OSPFv3 virtual link

Optional

Configuring OSPFv3 network types

Configuring the OSPFv3 network type for an interface

Optional

Configuring an NBMA or P2MP neighbor

Optional

Configuring OSPFv3 routing information control

Configuring OSPFv3 route summarization

Optional

Configuring OSPFv3 inbound route filtering

Optional

Configuring an OSPFv3 cost for an interface

Optional

Configuring the maximum number of OSPFv3 load-balanced routes

Optional

Configuring a priority for OSPFv3

Optional

Configuring OSPFv3 route redistribution

Optional

Tuning and optimizing OSPFv3 networks

Configuring OSPFv3 timers

Optional

Configuring a DR priority for an interface

Optional

Ignoring MTU check for DD packets

Optional

Disabling interfaces from receiving and sending OSPFv3 packets

Optional

Enabling the logging of neighbor state changes

Optional

Configuring OSPFv3 GR

Configuring GR Restarter

Optional

Configuring GR Helper

Optional

Configuring BFD for OSPFv3

Optional

Applying IPsec policies for OSPFv3

Optional

 

Enabling OSPFv3

Configuration prerequisites

Before you enable OSPFv3, complete the following tasks:

·           Make neighboring nodes accessible with each other at the network layer.

·           Enable IPv6.

Enabling OSPFv3

To enable an OSPFv3 process on a router, you must enable the OSPFv3 process globally, assign the OSPFv3 process a router ID, and enable the OSPFv3 process on  related interfaces.

A router ID uniquely identifies a router within an AS. You must specify a unique router ID for each OSPFv3 router within the AS to ensure normal operation. If a router runs multiple OSPFv3 processes, specify a unique router ID for each process.

An OSPFv3 process ID has only local significance. Process 1 on a router can exchange packets with process 2 on another router.

To enable OSPFv3:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enable an OSPFv3 process and enter its view.

ospfv3 [ process-id ] [ vpn-instance vpn-instance-name ]

By default, no OSPFv3 process is enabled.

3.     Specify a router ID.

router-id router-id

N/A

4.     Enter interface view.

interface interface-type interface-number

N/A

5.     Enable an OSPFv3 process on the interface.

ospfv3 process-id area area-id [ instance instance-id ]

Not enabled by default.

 

 

NOTE:

For more information about VPN instances, see MPLS Configuration Guide.

 

Configuring OSPFv3 area parameters

The stub area and virtual link features of OSPFv3 are the same as OSPFv2.

Splitting an OSPFv3 AS into multiple areas reduces the number of LSAs and extends OSPFv3 applications. For those non-backbone areas residing on the AS boundary, you can configure them as stub areas to further reduce the size of routing tables and the number of LSAs.

Non-backbone areas exchange routing information via the backbone area. The backbone and non-backbone areas—including the backbone itself—must be contiguous. In practice, necessary physical links may not be available for this connectivity. You can configure virtual links to address the problem.

Configuration prerequisites

Before you configue OSPFv3 area parameters, complete the following tasks:

·           Enable IPv6.

·           Configure OSPFv3 basic functions.

Configuring an OSPFv3 stub area

To configure an OSPFv3 stub area:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

3.     Enter OSPFv3 area view.

area area-id

N/A

4.     Configure the area as a stub area.

stub [ no-summary ]

Not configured by default.

5.     Specify a cost for the default route advertised to the stub area.

default-cost value

Optional.

The default setting is 1.

 

 

NOTE:

·       You cannot remove an OSPFv3 area directly. Only when you remove all configurations in area view and all interfaces attached to the area become down, can the area be removed.

·       All the routers attached to a stub area must be configured with the stub command. The keyword no-summary is only available on the ABR of the stub area.

·       If you use the stub command with the keyword no-summary on an ABR, the ABR advertises a default route in a Summary-LSA into the stub area. No AS-external-LSA, Inter-Area-Prefix-LSA or Inter-Area-Router-LSA is advertised in the area. The stub area of this kind is also known as a “totally stub area.”

 

Configuring an OSPFv3 virtual link

You can configure a virtual link to maintain connectivity between a non-backbone area and the backbone, or in the backbone itself.

To configure a virtual link:

 

Step

Command

1.     Enter system view.

system-view

2.     Enter OSPFv3 view.

ospfv3 [ process-id ]

3.     Enter OSPFv3 area view.

area area-id

4.     Configure a virtual link.

vlink-peer router-id [ hello seconds | retransmit seconds | trans-delay seconds | dead seconds | instance instance-id ] *

 

 

NOTE:

·       Both ends of a virtual link are ABRs that must be configured with the vlink-peer command.

·       Do not configure virtual links in the areas of a GR-capable process.

 

Configuring OSPFv3 network types

OSPFv3 classifies networks into the following types by the link layer protocol:

By default, the default OSPFv3 interface network types vary with the link layer protocols of the interfaces:

·           When the link layer protocol is PPP, OSPFv3 considers the network type as P2P by default.

·           When the link layer protocol is Ethernet, OSPFv3 considers the network type as broadcast by default.

You can change the network type of an OSPFv3 interface as needed. For example:

·           An NBMA network must be fully connected. Any two routers in the network must be directly reachable to each other through a virtual circuit. In the event no such direct link is available, you must change the network type through a command.

·           If direct connections are not available between some routers in an NBMA network, the type of interfaces associated should be configured as P2MP, or as P2P for interfaces with only one neighbor.

Configuration prerequisites

Before you configure OSPFv3 network types, complete the following tasks:

·           Configure IPv6 functions.

·           Configure OSPFv3 basic functions.

Configuring the OSPFv3 network type for an interface

To configure the OSPFv3 network type for an interface:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Configure a network type for the OSPFv3 interface.

ospfv3 network-type { broadcast | nbma | p2mp [ non-broadcast ] | p2p } [ instance instance-id ]

Optional.

The network type of an interface depends on the media type of the interface.

 

Configuring an NBMA or P2MP neighbor

For NBMA and P2MP interfaces (only when in unicast mode), you must specify the link-local IP addresses of their neighbors because such interfaces cannot find neighbors via broadcasting Hello packets. You can also specify DR priorities for neighbors.

To configure an NBMA or P2MP (unicast) neighbor and its DR priority:

 

Step

Command

1.     Enter system view.

system-view

2.     Enter interface view.

interface interface-type interface-number

3.     Specify an NBMA or P2MP (unicast) neighbor and its DR priority.

ospfv3 peer ipv6-address [ dr-priority dr-priority ] [ instance instance-id ]

 

Configuring OSPFv3 routing information control

This section describes how to configure the control of OSPF routing information advertisement and reception, and redistribution from other protocols.

Configuration prerequisites

Before you configure OSPFv3 routing information control, complete the following tasks:

·           Enable IPv6.

·           Configure OSPFv3 basic functions.

Configuring OSPFv3 route summarization

If contiguous network segments exist in an area, you can use the abr-summary command to summarize them into one network segment on the ABR. The ABR will advertise only the summary route. Any LSA falling into the specified network segment will not be advertised, reducing the LSDB size in other areas.

To configure route summarization:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

3.     Enter OSPFv3 area view.

area area-id

N/A

4.     Configure a summary route.

abr-summary ipv6-address prefix-length [ not-advertise ]

Not configured by default

 

 

NOTE:

The abr-summary command takes effect on ABRs only.

 

Configuring OSPFv3 inbound route filtering

You can configure OSPFv3 to filter routes that are computed from received LSAs according to some rules.

To configure OSPFv3 inbound route filtering:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

3.     Configure inbound route filtering.

filter-policy { acl-number | ipv6-prefix ipv6-prefix-name } import

Not configured by default

 

 

NOTE:

Use of the filter-policy import command can only filter routes computed by OSPFv3. Only routes not filtered out can be added into the local routing table.

 

Configuring an OSPFv3 cost for an interface

You can configure an OSPFv3 cost for an interface with one of the following methods:

·           Configure the cost value in interface view.

·           Configure a bandwidth reference value for the interface, and OSPFv3 computes the cost automatically based on the bandwidth reference value: Interface OSPFv3 cost = Bandwidth reference value ÷ Interface bandwidth. If the calculated cost is greater than 65535, the value of 65535 is used.

If the cost value is not configured for an interface, OSPFv3 computes the interface cost value automatically

To configure an OSPFv3 cost for an interface:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Configure an OSPFv3 cost for the interface.

ospfv3 cost value [ instance instance-id ]

Optional.

By default, OSPFv3 computes an interface’s cost according to its bandwidth.

The cost value defaults to 1 for VLAN interfaces and defaults to 0 for loopback interfaces.

 

To configure a bandwidth reference value:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

3.     Configure a bandwidth reference value.

bandwidth-reference value

Optional

100 Mbps by default

 

Configuring the maximum number of OSPFv3 load-balanced routes

If multiple equal-cost routes to a destination are available, enabling load balancing among these routes can improve link utilization.

To configure the maximum number of load-balanced routes:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

3.     Specify the maximum number of load-balanced routes.

maximum load-balancing maximum

Optional

 

Configuring a priority for OSPFv3

A router may run multiple routing protocols. The system assigns a priority for each protocol. When these routing protocols find the same route, the route found by the protocol with the highest priority is selected.

To configure a priority for OSPFv3:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

3.     Configure a priority for OSPFv3.

preference [ ase ] [ route-policy route-policy-name ] preference

Optional.

By default, the priority of OSPFv3 internal routes is 10, and priority of OSPFv3 external routes is 150.

 

Configuring OSPFv3 route redistribution

To configure OSPFv3 route redistribution:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

3.     Specify a default cost for redistributed routes.

default cost value

Optional.

The default setting is 1.

4.     Redistribute routes from another protocol, or another OSPFv3 process.

import-route protocol [ process-id | allow-ibgp ] [ cost value | route-policy route-policy-name | type type ] *

Not configured by default.

5.     Inject a default route.

default-route-advertise [ always | cost value | type type | route-policy route-policy-name ] *

Optional.

Not injected by default.

6.     Filter redistributed routes.

filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ isisv6 process-id | ospfv3 process-id | ripng process-id | bgp4+ | direct | static ]

Optional

Not configured by default.

 

 

NOTE:

·       Executing the import-route or default-route-advertise command on a router makes it become an ASBR.

·       You can only inject and advertise a default route using the default-route-advertise command.

·       Since OSPFv3 is a link state routing protocol, it cannot directly filter LSAs to be advertised. You must filter redistributed routes first. Only routes that are not filtered out can be advertised in LSAs into the routing domain.

·       Using the filter-policy export command filters routes redistributed with the import-route command. If the import-route command is not configured, executing the filter-policy export command does not take effect.

 

Tuning and optimizing OSPFv3 networks

This section describes configurations of OSPFv3 timers, interface DR priority, MTU check ignorance for DD packets, and disabling interfaces from sending OSPFv3 packets.

The following are OSPFv3 timers:

·           Packet timer—Specified to adjust topology convergence speed and network load.

·           LSA delay timer—Specified especially for low-speed links.

·           SPF timer—Specified to protect networks from being over-loaded due to frequent network changes.

For a broadcast network, you can configure DR priorities for interfaces to affect DR/BDR election.

After an interface is disabled from sending OSPFv3 packets, other routers cannot obtain any information from the interface.

Configuration prerequisites

Before you tune and optimize OSPFv3 networks, complete the following tasks:

·           Enable IPv6.

·           Configure OSPFv3 basic functions.

Configuring OSPFv3 timers

To configure OSPFv3 timers:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Configure the hello interval.

ospfv3 timer hello seconds [ instance instance-id ]

Optional.

Defaults to 10 seconds on P2P, broadcast interfaces.

4.     Specify the poll interval.

ospfv3 timer poll seconds [ instance instance-id ]

Optional.

The poll interval defaults to 120 seconds.

5.     Configure the dead interval.

ospfv3 timer dead seconds [ instance instance-id ]

Optional.

Defaults to 40 seconds on P2P, broadcast interfaces.

6.     Configure the LSA retransmission interval.

ospfv3 timer retransmit interval [ instance instance-id ]

Optional.

Defaults to 5 seconds.

7.     Configure the LSA transmission delay.

ospfv3 trans-delay seconds [ instance instance-id ]

Optional.

By default, the LSA transmission delay is 1 second.

8.     Return to system view.

quit

N/A

9.     Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

10.   Configure the SPF timers.

spf timers delay-interval hold-interval

Optional.

By default, delay-interval is 5 seconds, and hold-interval is 10 seconds.

 

 

NOTE:

·       The dead interval set on neighboring interfaces cannot be too short. Otherwise, a neighbor is easily considered down.

·       The LSA retransmission interval cannot be too short; otherwise, unnecessary retransmissions occur.

 

Configuring a DR priority for an interface

To configure a DR priority for an interface:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Configure a DR priority.

ospfv3 dr-priority priority [ instance instance-id ]

Optional.

By default, the DR priority is 1.

 

 

NOTE:

The DR priority of an interface determines the interface’s qualification in DR election. Interfaces having the priority 0 cannot become a DR or BDR.

 

Ignoring MTU check for DD packets

When LSAs are few in DD packets, it is unnecessary to check the MTU in DD packets in order to improve efficiency.

To ignore MTU check for DD packets:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Ignore MTU check for DD packets.

ospfv3 mtu-ignore [ instance instance-id ]

Not ignored by default

 

Disabling interfaces from receiving and sending OSPFv3 packets

To disable interfaces from receiving and sending OSPFv3 packets:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

3.     Disable interfaces from receiving and sending OSPFv3 packets.

silent-interface { interface-type interface-number | all }

Not disabled by default

 

 

NOTE:

·       Multiple OSPFv3 processes can disable the same interface from receiving and sending OSPFv3 packets. Using the silent-interface command disables only the interfaces associated with the current process.

·       After an OSPF interface is set to silent, direct routes of the interface can still be advertised in Intra-Area-Prefix-LSAs via other interfaces, but other OSPFv3 packets cannot be advertised. No neighboring relationship can be established on the interface. This feature can enhance the adaptability of OSPFv3 networking.

 

Enabling the logging of neighbor state changes

To enable the logging of neighbor state changes:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

3.     Enable the logging of neighbor state changes.

log-peer-change

Enabled by default

 

Configuring OSPFv3 GR

 

 

NOTE:

You cannot configure OSPFv3 GR after configuring OSPFv3 virtual links, because they are not supported at the same time.

 

Graceful Restart ensures the continuity of packet forwarding when a routing protocol restarts or an active/standby switchover occurs:

·           GR Restarter—Graceful restarting router. It must be Graceful Restart capable.

·           GR Helper—The neighbor of the GR Restarter. It helps the GR Restarter to complete the GR process.

To prevent service interruption after a master/backup switchover, a GR Restarter running OSPFv3 must complete the following tasks:

·           Keep the GR Restarter forwarding entries stable during reboot.

·           Establish all adjacencies and obtain complete topology information after reboot.

After the active/standby switchover, the GR Restarter sends a Grace-LSA to tell its neighbors that it performs a GR. Upon receiving the Grace-LSA, the neighbors with the GR Helper capability enter the helper mode (and are called “GR Helpers”). Then, the GR Restarter retrieves its adjacencies and LSDB with the help of the GR Helpers.

Configuring GR Restarter

You can configure the GR Restarter capability on a GR Restarter.

To configure GR Restarter:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

3.     Enable the GR capability.

graceful-restart enable

Disabled by default

4.     Configure the GR interval.

graceful-restart interval interval-value

Optional

120 seconds by default

 

Configuring GR Helper

You can configure the GR Helper capability on a GR Helper.

To configure GR Helper

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

3.     Enable the GR Helper capability.

graceful-restart helper enable

Optional

Enabled by default

4.     Enable strict LSA checking.

graceful-restart helper strict-lsa-checking

Optional

Disabled by default

 

Configuring BFD for OSPFv3

Bidirectional forwarding detection (BFD) provides a mechanism to quickly detect the connectivity of links between OSPFv3 neighbors, thus to improve the convergence speed of OSPFv3.

After discovering neighbors by sending hello packets, OSPFv3 notifies BFD of the neighbor addresses, and BFD uses these addresses to establish sessions. Before a BFD session is established, it is in down state. In this state, BFD control packets are sent at an interval of no less than one second to reduce BFD control packet traffic. After the BFD session is established, BFD control packets are sent at the negotiated interval, thereby implementing fast fault detection.

To configure BFD for OSPFv3, you must configure OSPFv3 first.

To configure BFD for OSPFv3:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

3.     Specify a router ID.

router-id router-id

N/A

4.     Quit the OSPFv3 view.

quit

N/A

5.     Enter interface view.

interface interface-type interface-number

N/A

6.     Enable an OSPFv3 process on the interface.

ospfv3 process-id area area-id [ instance instance-id ]

Not enabled by default

7.     Enable BFD on the interface.

ospfv3 bfd enable [ instance instance-id ]

Not enabled by default

 

 

NOTE:

For more information about BFD, see High Availability Configuration Guide.

 

Applying IPsec policies for OSPFv3

To protect routing information and defend attacks, OSPFv3 can authenticate protocol packets by using an IPsec policy.

Outbound OSPFv3 packets carry the Security Parameter Index (SPI) defined in the relevant IPsec policy. A router uses the SPI carried in a received packet to match against the configured IPsec policy. If they match, the router accepts the packet; otherwise, it discards the packet and will not establish a neighbor relationship with the sending router. 

You can configure an IPsec policy for an area, an interface or a virtual link.

·           To implement area-based IPsec protection, you need to configure the same IPsec policy on the routers in the target area.

·           To implement interface-based IPsec protection, you need to configure the same IPsec policy on the interfaces between two neighboring routers.

·           To implement virtual link-based IPsec protection, you need to configure the same IPsec policy on the two routers connected over the virtual link.

If an interface and its area each have an IPsec policy configured, the interface uses its own IPsec policy. If a virtual link and area 0 each have an IPsec policy configured, the virtual link uses its own IPsec policy.

Configuration prerequisites

Before you apply an IPsec policy for OSPFv3, complete the following tasks.

·           Create an IPsec proposal.

·           Create an IPsec policy.

For more information about IPsec policy configuration, see Security Configuration Guide.

Configuration procedure

To apply an IPsec policy in an area:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

3.     Enter OSPF area view.

area area-id

N/A

4.     Apply an IPsec policy in the area.

enable ipsec-policy policy-name

Not configured by default

 

To apply an IPsec policy on an interface:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter interface view.

interface interface-type interface-number

N/A

3.     Apply an IPsec policy on the interface.

ospfv3 ipsec-policy policy-name [ instance instance-id ]

Not configured by default

 

To apply an IPsec policy on a virtual link:

 

Step

Command

Remarks

1.     Enter system view.

system-view

N/A

2.     Enter OSPFv3 view.

ospfv3 [ process-id ]

N/A

3.     Enter OSPF area view.

area area-id

N/A

4.     Apply an IPsec policy on a virtual link.

vlink-peer router-id [ hello seconds | retransmit seconds | trans-delay seconds | dead seconds | instance instance-id | ipsec-policy policy-name ] *

Not configured by default

 

 

NOTE:

An IPsec policy used for OSPFv3 can only be in manual mode. For more information, see Security Configuration Guide.

 

Displaying and maintaining OSPFv3

 

Task

Command

Remarks

Display OSPFv3 process brief information.

display ospfv3 [ process-id ] [ | { begin | exclude | include } regular-expression ]

Available in any view

Display OSPFv3 interface information.

display ospfv3 interface [ interface-type interface-number | statistic ] [ | { begin | exclude | include } regular-expression ]

Available in any view

Display OSPFv3 LSDB information.

display ospfv3 [ process-id ] lsdb [ [ external | inter-prefix | inter-router | intra-prefix | link | network | router | grace ] [ link-state-id ] [ originate-router router-id ] | total ] [ | { begin | exclude | include } regular-expression ]

Available in any view

Display OSPFv3 LSDB statistics.

display ospfv3 lsdb statistic [ | { begin | exclude | include } regular-expression ]

Available in any view

Display OSPFv3 neighbor information.

display ospfv3 [ process-id ] [ area area-id ] peer [ [ interface-type interface-number ] [ verbose ] | peer-router-id ] [ | { begin | exclude | include } regular-expression ]

Available in any view

Display OSPFv3 neighbor statistics.

display ospfv3 peer statistic [ | { begin | exclude | include } regular-expression ]

Available in any view

Display OSPFv3 routing table information.

display ospfv3 [ process-id ] routing [ ipv6-address prefix-length | ipv6-address/prefix-length | abr-routes | asbr-routes | all | statistics ] [ | { begin | exclude | include } regular-expression ]

Available in any view

Display OSPFv3 area topology information.

display ospfv3 [ process-id ] topology [ area area-id ] [ | { begin | exclude | include } regular-expression ]

Available in any view

Display OSPFv3 virtual link information.

display ospfv3 [ process-id ] vlink [ | { begin | exclude | include } regular-expression ]

Available in any view

Display OSPFv3 next hop information.

display ospfv3 [ process-id ] next-hop [ | { begin | exclude | include } regular-expression ]

Available in any view

Display OSPFv3 link state request list information.

display ospfv3 [ process-id ] request-list [ { external | inter-prefix | inter-router | intra-prefix | link | network | router | grace } [ link-state-id ] [ originate-router ip-address ] | statistics ] [ | { begin | exclude | include } regular-expression ]

Available in any view

Display OSPFv3 link state retransmission list information.

display ospfv3 [ process-id ] retrans-list [ { external | inter-prefix | inter-router | intra-prefix | link | network | router | grace } [ link-state-id ] [ originate-router ip-address ] | statistics ] [ | { begin | exclude | include } regular-expression ]

Available in any view

Display OSPFv3 statistics.

display ospfv3 statistic [ | { begin | exclude | include } regular-expression ]

Available in any view

Display the GR status of the specified OSPFv3 process.

display ospfv3 [ process-id ] graceful-restart status [ | { begin | exclude | include } regular-expression ]

Available in any view

 

OSPFv3 configuration examples

Configuring OSPFv3 areas

Network requirements

In Figure 3, all routers run OSPFv3. The AS is split into three areas, in which, Router B and Router C act as ABRs to forward routing information between areas.

You are required to configure Area 2 as a stub area in order to reduce LSAs in the area without affecting route reachability.

Figure 2 Network diagram

 

Configuration procedure

1.      Configure IPv6 addresses for interfaces. (Details not shown)

2.      Configure OSPFv3 basic functions:

# Configure Router A

<RouterA> system-view

[RouterA] ipv6

[RouterA] ospfv3 1

[RouterA-ospfv3-1] router-id 1.1.1.1

[RouterA-ospfv3-1] quit

[RouterA] interface GigabitEthernet 1/1/1

[RouterA-GigabitEthernet1/1/1] ospfv3 1 area 1

[RouterA-GigabitEthernet1/1/1] quit

[RouterA] interface POS 3/1/2

[RouterA-POS3/1/2] ospfv3 1 area 1

[RouterA-POS3/1/2] quit

# Configure Router B

<RouterB> system-view

[RouterB] ipv6

[RouterB] ospfv3 1

[RouterB-ospf-1] router-id 2.2.2.2

[RouterB-ospf-1] quit

[RouterB] interface POS 3/1/1

[RouterB-POS3/1/1] ospfv3 1 area 0

[RouterB-POS3/1/1] quit

[RouterB] interface POS 3/1/2

[RouterB-POS3/1/2] ospfv3 1 area 1

[RouterB-POS3/1/2] quit

# Configure Router C

<RouterC> system-view

[RouterC] ipv6

[RouterC] ospfv3 1

[RouterC-ospfv3-1] router-id 3.3.3.3

[RouterC-ospfv3-1] quit

[RouterC] interface POS 3/1/1

[RouterC-POS3/1/1] ospfv3 1 area 0

[RouterC-POS3/1/1] quit

[RouterC] interface POS 3/1/2

[RouterC-POS3/1/2] ospfv3 1 area 2

[RouterC-POS3/1/2] quit

# Configure Router D

<RouterD> system-view

[RouterD] ipv6

[RouterD] ospfv3 1

[RouterD-ospfv3-1] router-id 4.4.4.4

[RouterD-ospfv3-1] quit

[RouterD] interface POS 3/1/2

[RouterD-POS3/1/2] ospfv3 1 area 2

[RouterD-POS3/1/2] quit

# Display OSPFv3 neighbor information on Router B.

[RouterB] display ospfv3 peer

 

            OSPFv3 Area ID 0.0.0.0 (Process 1)

 ----------------------------------------------------------------------

Neighbor ID     Pri   State            Dead Time   Interface      Instance ID

3.3.3.3         1     Full/Backup      00:00:34    POS3/1/1        0

 

            OSPFv3 Area ID 0.0.0.1 (Process 1)

 ----------------------------------------------------------------------

Neighbor ID     Pri   State            Dead Time   Interface      Instance ID

1.1.1.1         1     Full/DR          00:00:35    POS3/1/2        0            

 

# Display OSPFv3 neighbor information on Router C.

[RouterC] display ospfv3 peer

 

            OSPFv3 Area ID 0.0.0.0 (Process 1)

 ----------------------------------------------------------------------

Neighbor ID     Pri   State            Dead Time   Interface      Instance ID

2.2.2.2         1    Full/DR           00:00:35    POS3/1/1         0

 

            OSPFv3 Area ID 0.0.0.2 (Process 1)

 ----------------------------------------------------------------------

Neighbor ID     Pri   State            Dead Time   Interface      Instance ID

4.4.4.4         1     Full/Backup      00:00:36    POS3/1/2         0

 

# Display OSPFv3 routing information on Router D.

[RouterD] display ospfv3 routing

 

E1 - Type 1 external route,    IA - Inter area route,    I  - Intra area route

E2 - Type 2 external route,    *  - Seleted route

 

            OSPFv3 Router with ID (4.4.4.4) (Process 1)

------------------------------------------------------------------------

 *Destination: 2001::/64

  Type       : IA                                        Cost     : 2

  NextHop    : FE80::F40D:0:93D0:1                       Interface: POS3/1/2

 

 *Destination: 2001:1::/64

  Type       : IA                                        Cost     : 3

  NextHop    : FE80::F40D:0:93D0:1                       Interface: POS3/1/2

 

 *Destination: 2001:2::/64

  Type       : I                                         Cost     : 1

  NextHop    : directly-connected                        Interface: POS3/1/2

 

 *Destination: 2001:3::/64

  Type       : IA                                        Cost     : 4

  NextHop    : FE80::F40D:0:93D0:1                       Interface: POS3/1/2

3.      Configure Area 2 as a stub area:

# Configure Router D.

[RouterD] ospfv3

[RouterD-ospfv3-1] area 2

[RouterD-ospfv3-1-area-0.0.0.2] stub

# Configure Router C, and specify the cost of the default route sent to the stub area as 10.

[RouterC] ospfv3

[RouterC-ospfv3-1] area 2

[RouterC-ospfv3-1-area-0.0.0.2] stub

[RouterC-ospfv3-1-area-0.0.0.2] default-cost 10

# Display OSPFv3 routing information on Router D. You can find a default route is added and its cost is the cost of a direct route plus the configured cost.

[RouterD] display ospfv3 routing

 

E1 - Type 1 external route,    IA - Inter area route,    I  - Intra area route

E2 - Type 2 external route,    *  - Seleted route

 

            OSPFv3 Router with ID (4.4.4.4) (Process 1)

 ------------------------------------------------------------------------

 *Destination: ::/0

  Type       : IA                                        Cost     : 11

  NextHop    : FE80::F40D:0:93D0:1                       Interface: POS3/1/2

 

 *Destination: 2001::/64

  Type       : IA                                        Cost     : 2

  NextHop    : FE80::F40D:0:93D0:1                       Interface: POS3/1/2

 

 *Destination: 2001:1::/64

  Type       : IA                                        Cost     : 3

  NextHop    : FE80::F40D:0:93D0:1                       Interface: POS3/1/2

 

 *Destination: 2001:2::/64

  Type       : I                                         Cost     : 1

  NextHop    : directly-connected                        Interface: POS3/1/2

 

 *Destination: 2001:3::/64

  Type       : IA                                        Cost     : 4

  NextHop    : FE80::F40D:0:93D0:1                       Interface: POS3/1/2

4.      Configure Area 2 as a totally stub area to reduce the stub area routing table size:

# Configure Area 2 as a totally stub area on Router C.

[RouterC-ospfv3-1-area-0.0.0.2] stub no-summary

# Display OSPFv3 routing table information on Router D. You can find route entries are reduced. All non-direct routes are removed except the default route.

[RouterD] display ospfv3 routing

 

E1 - Type 1 external route,    IA - Inter area route,    I  - Intra area route

E2 - Type 2 external route,    *  - Seleted route

 

            OSPFv3 Router with ID (4.4.4.4) (Process 1)

 ------------------------------------------------------------------------

 *Destination: ::/0

  Type       : IA                                        Cost     : 11

  NextHop    : FE80::F40D:0:93D0:1                       Interface: POS3/1/2

 

 *Destination: 2001:2::/64

  Type       : I                                         Cost     : 1

  NextHop    : directly-connected                        Interface: POS3/1/2

Configuring OSPFv3 DR election

Network requirements

In Figure 3:

·           The priority of Router A is 100, the highest priority on the network, so it will be the DR.

·           The priority of RouterC is 2, the second highest priority on the network, so it will be the BDR.

·           The priority of RouterB is 0, so it cannot become a DR.

·           RouterD has the default priority 1.

Figure 3 Network diagram

 

Configuration procedure

1.      Configure IPv6 addresses for interfaces. (Details not shown)

2.      Configure OSPFv3 basic functions:

# Configure Router A.

<RouterA> system-view

[RouterA] ipv6

[RouterA] ospfv3

[RouterA-ospfv3-1] router-id 1.1.1.1

[RouterA-ospfv3-1] quit

[RouterA] interface GigabitEthernet 1/1/1

[RouterA-GigabitEthernet1/1/1] ospfv3 1 area 0

[RouterA-GigabitEthernet1/1/1] quit

# Configure Router B.

<RouterB> system-view

[RouterB] ipv6

[RouterB] ospfv3

[RouterB-ospfv3-1] router-id 2.2.2.2

[RouterB-ospfv3-1] quit

[RouterB] interface GigabitEthernet 1/1/1

[RouterB-GigabitEthernet1/1/1] ospfv3 1 area 0

[RouterB-GigabitEthernet1/1/1] quit

# Configure Router C.

<RouterC> system-view

[RouterC] ipv6

[RouterC] ospfv3

[RouterC-ospfv3-1] router-id 3.3.3.3

[RouterC-ospfv3-1] quit

[RouterC] interface GigabitEthernet 1/1/1

[RouterC-GigabitEthernet1/1/1] ospfv3 1 area 0

[RouterC-GigabitEthernet1/1/1] quit

# Configure Router D.

<RouterD> system-view

[RouterD] ipv6

[RouterD] ospfv3

[RouterD-ospfv3-1] router-id 4.4.4.4

[RouterD-ospfv3-1] quit

[RouterD] interface GigabitEthernet 1/1/1

[RouterD-GigabitEthernet1/1/1] ospfv3 1 area 0

[RouterD-GigabitEthernet1/1/1] quit

# Display neighbor information on Router A. You can find routers have the same default DR priority 1. Then, Router D (the router with the highest Router ID) is elected as the DR, and Router C is the BDR.

[RouterA] display ospfv3 peer

            OSPFv3 Area ID 0.0.0.0 (Process 1)

 ----------------------------------------------------------------------

Neighbor ID     Pri   State            Dead Time   Interface      Instance ID

2.2.2.2        1     2-Way/DROther     00:00:36    GE1/1/1         0

3.3.3.3        1     Full/Backup       00:00:35    GE1/1/1         0

4.4.4.4        1     Full/DR           00:00:33    GE1/1/1         0

# Display neighbor information on Router D. You can find the neighbor states of Router D are all full.

[RouterD] display ospfv3 peer

            OSPFv3 Area ID 0.0.0.0 (Process 1)

 ----------------------------------------------------------------------

Neighbor ID     Pri   State            Dead Time   Interface      Instance ID

1.1.1.1         1     Full/DROther     00:00:30    GE1/1/1         0

2.2.2.2         1     Full/DROther     00:00:37    GE1/1/1         0

3.3.3.3         1     Full/Backup      00:00:31    GE1/1/1         0

3.      Configure DR priorities for interfaces:

# Configure the DR priority of GigabitEthernet 1/1/1 of Router A as 100.

[RouterA] interface GigabitEthernet 1/1/1

[RouterA-GigabitEthernet1/1/1] ospfv3 dr-priority 100

[RouterA-GigabitEthernet1/1/1] quit

# Configure the DR priority of GigabitEthernet 1/1/1 as 0 on Router B.

[RouterB] interface GigabitEthernet 1/1/1

[RouterB-GigabitEthernet1/1/1] ospfv3 dr-priority 0

[RouterB-GigabitEthernet1/1/1] quit

# Configure the DR priority of GigabitEthernet 1/1/1 as 2 on Router C.

[RouterC] interface GigabitEthernet 1/1/1

[RouterC-GigabitEthernet1/1/1] ospfv3 dr-priority 2

[RouterC-GigabitEthernet1/1/1] quit

# Display neighbor information on Router A. You can find DR priorities have been updated, but the DR and BDR are not changed.

[RouterA] display ospfv3 peer

            OSPFv3 Area ID 0.0.0.0 (Process 1)

 ----------------------------------------------------------------------

Neighbor ID     Pri   State            Dead Time   Interface      Instance ID

2.2.2.2         0     2-Way/DROther    00:00:38    GE1/1/1         0

3.3.3.3         2     Full/Backup      00:00:32    GE1/1/1         0

4.4.4.4         1     Full/DR          00:00:36    GE1/1/1         0

# Display neighbor information on Router D. You can find Router D is still the DR.

[RouterD] display ospfv3 peer

            OSPFv3 Area ID 0.0.0.0 (Process 1)

 ----------------------------------------------------------------------

Neighbor ID     Pri   State            Dead Time   Interface      Instance ID

1.1.1.1         100   Full/DROther     00:00:33    GE1/1/1         0

2.2.2.2         0     Full/DROther     00:00:36    GE1/1/1         0

3.3.3.3         2     Full/Backup      00:00:40    GE1/1/1         0

4.      Restart DR/BDR election:

# Use the shutdown and undo shutdown commands on interfaces to restart DR/BDR election. (Details not shown)

# Display neighbor information on Router A. You can find Router C becomes the BDR.

[RouterA] display ospfv3 peer

            OSPFv3 Area ID 0.0.0.0 (Process 1)

 ----------------------------------------------------------------------

Neighbor ID     Pri   State            Dead Time   Interface      Instance ID

2.2.2.2         0     Full/DROther     00:00:31    GE1/1/1         0

3.3.3.3         2     Full/Backup      00:00:39    GE1/1/1         0

4.4.4.4         1     Full/DROther     00:00:37    GE1/1/1         0

# Display neighbor information on Router D. You can find Router A becomes the DR.

[RouterD] display ospfv3 peer

            OSPFv3 Area ID 0.0.0.0 (Process 1)

 ----------------------------------------------------------------------

Neighbor ID     Pri   State            Dead Time   Interface      Instance ID

1.1.1.1         100   Full/DR          00:00:34    GE1/1/1         0

2.2.2.2         0     2-Way/DROther    00:00:34    GE1/1/1         0

3.3.3.3         2     Full/Backup      00:00:32    GE1/1/1         0

Configuring OSPFv3 route redistribution

Network requirements

·           Router A, Router B, and Router C are in Area 2.

·           OSPFv3 process 1 and OSPFv3 process 2 are enabled on Router B. Router B communicates with Router A and Router C through OSPFv3 process 1 and OSPFv3 process 2 respectively.

·           Configure OSPFv3 process 2 to redistribute direct routes and the routes from OSPFv3 process 1 on Router B and set the default metric for redistributed routes to 3. Then, Router C can learn the routes destined for 1::0/64 and 2::0/64, and Router A cannot learn the routes destined for 3::0/64 or 4::0/64.

Figure 4 Network diagram

 

Configuration procedure

1.      Configure IPv6 addresses for interfaces. (Details not shown)

2.      Configure OSPFv3 basic functions:

# Enable OSPFv3 process 1 on Router A.

<RouterA> system-view

[RouterA] ipv6

[RouterA] ospfv3 1

[RouterA-ospfv3-1] router-id 1.1.1.1

[RouterA-ospfv3-1] quit

[RouterA] interface GigabitEthernet 3/1/2

[RouterA-GigabitEthernet3/1/2] ospfv3 1 area 2

[RouterA-GigabitEthernet3/1/2] quit

[RouterA] interface GigabitEthernet 3/1/1

[RouterA-GigabitEthernet3/1/1] ospfv3 1 area 2

[RouterA-GigabitEthernet3/1/1] quit

# Enable OSPFv3 process 1 and OSPFv3 process 2 on Router B.

<RouterB> system-view

[RouterB] ipv6

[RouterB] ospfv3 1

[RouterB-ospfv3-1] router-id 2.2.2.2

[RouterB-ospfv3-1] quit

[RouterB] interface GigabitEthernet 3/1/2

[RouterB-GigabitEthernet3/1/2] ospfv3 1 area 2

[RouterB-GigabitEthernet3/1/2] quit

[RouterB] ospfv3 2

[RouterB-ospfv3-2] router-id 3.3.3.3

[RouterB-ospfv3-2] quit

[RouterB] interface GigabitEthernet 3/1/1

[RouterB-GigabitEthernet3/1/1] ospfv3 2 area 2

[RouterB-GigabitEthernet3/1/1] quit

# Enable OSPFv3 process 2 on Router C.

<RouterC> system-view

[RouterC] ipv6

[RouterC] ospfv3 2

[RouterC-ospfv3-2] router-id 4.4.4.4

[RouterC-ospfv3-2] quit

[RouterC] interface GigabitEthernet 3/1/2

[RouterC-GigabitEthernet3/1/2] ospfv3 2 area 2

[RouterC-GigabitEthernet3/1/2] quit

[RouterC] interface GigabitEthernet 3/1/1

[RouterC-GigabitEthernet3/1/1] ospfv3 2 area 2

[RouterC-GigabitEthernet3/1/1] quit

# Display the routing table of Router C.

[RouterC] display ipv6 routing-table

Routing Table :

         Destinations : 6        Routes : 6

 

Destination: ::1/128                                     Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 3::/64                                      Protocol  : Direct

NextHop    : 3::2                                        Preference: 0

Interface  : GE3/1/2                                     Cost      : 0

 

Destination: 3::2/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 4::/64                                      Protocol  : Direct

NextHop    : 4::1                                        Preference: 0

Interface  : GE3/1/1                                     Cost      : 0

 

Destination: 4::1/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: FE80::/10                                   Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : NULL0                                       Cost      : 0

3.      Configure OSPFv3 route redistribution:

# Configure OSPFv3 process 2 to redistribute direct routes and the routes from OSPFv3 process 1 on Router B.

[RouterB] ospfv3 2

[RouterB-ospfv3-2] default cost 3

[RouterB-ospfv3-2] import-route ospfv3 1

[RouterB-ospfv3-2] import-route direct

[RouterB-ospfv3-2] quit

# Display the routing table of Router C.

[RouterC] display ipv6 routing-table

Routing Table :

         Destinations : 8        Routes : 8

 

Destination: ::1/128                                     Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 1::/64                                      Protocol  : OSPFv3

NextHop    : FE80::200:CFF:FE01:1C03                     Preference: 150

Interface  : GE3/1/2                                     Cost      : 3

 

Destination: 2::/64                                      Protocol  : OSPFv3

NextHop    : FE80::200:CFF:FE01:1C03                     Preference: 150

Interface  : GE3/1/2                                     Cost      : 3

 

Destination: 3::/64                                      Protocol  : Direct

NextHop    : 3::2                                        Preference: 0

Interface  : GE3/1/2                                     Cost      : 0

 

Destination: 3::2/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 4::/64                                      Protocol  : Direct

NextHop    : 4::1                                        Preference: 0

Interface  : GE3/1/1                                     Cost      : 0

 

Destination: 4::1/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: FE80::/10                                   Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : NULL0                                       Cost      : 0

Configuring OSPFv3 GR

Network requirements

·           As shown in Figure 5, Router A, Router B and Router C that belong to the same AS and the same OSPFv3 routing domain are GR capable.

·           Router A acts as the GR Restarter. Router B and Router C are the GR Helpers and synchronize their LSDBs with Router A through out-of-band (OOB) communication of GR.

Figure 5 Network diagram

 

Configuration procedure

1.      Configure IPv6 addresses for interfaces. (Details not shown)

2.      Configure OSPFv3 basic functions:

# On Router A, enable OSPFv3 process 1, enable GR and set the router ID to 1.1.1.1.

<RouterA> system-view

[RouterA] ipv6

[RouterA] ospfv3 1

[RouterA-ospfv3-1] router-id 1.1.1.1

[RouterA-ospfv3-1] graceful-restart enable

[RouterA-ospfv3-1] quit

[RouterA] interface GigabitEthernet 3/1/1

[RouterA-GigabitEthernet 3/1/1] ospfv3 1 area 1

[RouterA-GigabitEthernet 3/1/1] quit

# Enable OSPFv3 on Router B and set the router ID to 2.2.2.2. (By default, GR helper is enabled on a router).

<RouterB> system-view

[RouterB] ipv6

[RouterB] ospfv3 1

[RouterB-ospfv3-1] router-id 2.2.2.2

[RouterB-ospfv3-1] quit

[RouterB] interface GigabitEthernet 3/1/1

[RouterB-GigabitEthernet 3/1/1] ospfv3 1 area 1

[RouterB-GigabitEthernet 3/1/1] quit

# Enable OSPFv3 on Router C and set the router ID to 3.3.3.3. (By default, GR helper is enabled on a router).

<RouterC> system-view

[RouterC] ipv6

[RouterC] ospfv3 1

[RouterC-ospfv3-1] router-id 3.3.3.3

[RouterC-ospfv3-1] quit

[RouterC] interface GigabitEthernet 3/1/1

[RouterC-GigabitEthernet 3/1/1] ospfv3 1 area 1

[RouterC-GigabitEthernet 3/1/1] quit

3.      Verify the configuration;

# After all routers function properly, perform a master/backup switchover on Router A to trigger a OSPFv3 GR operation.

Configuring BFD for OSPFv3

Network requirements

As shown in Figure 6:

·           Configure OSPFv3 on Router A, Router B and Router C and configure BFD over the link Router A<—>L2 Switch<—>Router B.

·           After the link Router A<—>L2 Switch<—>Router B fails, BFD can quickly detect the failure and notify OSPFv3 of the failure. Then Router A and Router B communicate through Router C.

Figure 6 Network diagram

Device

Interface

IPv6 address

Device

Interface

IPv6 address

Router A

GE3/1/1

2001::1/64

Router B

GE3/1/1

2001::2/64

 

GE3/1/2

2001:2::1/64

 

GE3/1/2

2001:3::2/64

Router C

GE3/1/1

2001:2::2/64

 

 

 

 

GE3/1/2

2001:3::1/64

 

 

 

 

Configuration procedure

1.      Configure IP addresses for the interfaces. (Details not shown)

2.      Configure OSPF basic functions:

# Configure Router A. Enable OSPFv3 and configure the router ID as 1.1.1.1.

<RouterA> system-view

[RouterA] ipv6

[RouterA] ospfv3 1

[RouterA-ospfv3-1] router-id 1.1.1.1

[RouterA-ospfv3-1] quit

[RouterA] interface GigabitEthernet 3/1/1

[RouterA-GigabitEthernet3/1/1] ospfv3 1 area 0

[RouterA-GigabitEthernet3/1/1] quit

[RouterA] interface GigabitEthernet 3/1/2

[RouterA-GigabitEthernet3/1/2] ospfv3 1 area 0

[RouterA-GigabitEthernet3/1/2] quit

# Configure Router B. Enable OSPFv3 and configure the router ID as 2.2.2.2.

<RouterB> system-view

[RouterB] ipv6

[RouterB] ospfv3 1

[RouterB-ospf-1] router-id 2.2.2.2

[RouterB-ospf-1] quit

[RouterB] interface GigabitEthernet 3/1/1

[RouterB-GigabitEthernet3/1/1] ospfv3 1 area 0

[RouterB-GigabitEthernet3/1/1] quit

[RouterB] interface GigabitEthernet 3/1/2

[RouterB-GigabitEthernet3/1/2] ospfv3 1 area 0

[RouterB-GigabitEthernet3/1/2] quit

# Configure Router C. Enable OSPFv3 and configure the router ID as 3.3.3.3.

<RouterC> system-view

[RouterC] ipv6

[RouterC] ospfv3 1

[RouterC-ospfv3-1] router-id 3.3.3.3

[RouterC-ospfv3-1] quit

[RouterC] interface GigabitEthernet 3/1/1

[RouterC-GigabitEthernet3/1/1] ospfv3 1 area 0

[RouterC-GigabitEthernet3/1/1] quit

[RouterC] interface GigabitEthernet 3/1/2

[RouterC-GigabitEthernet3/1/2] ospfv3 1 area 0

[RouterC-GigabitEthernet3/1/2] quit

3.      Configure BFD:

# Enable BFD on Router A and configure BFD parameters.

[RouterA] bfd session init-mode active

[RouterA] interface GigabitEthernet 3/1/1

[RouterA-GigabitEthernet3/1/1] ospfv3 bfd enable

[RouterA-GigabitEthernet3/1/1] bfd min-transmit-interval 500

[RouterA-GigabitEthernet3/1/1] bfd min-receive-interval 500

[RouterA-GigabitEthernet3/1/1] bfd detect-multiplier 7

[RouterA-GigabitEthernet3/1/1] return

# Enable BFD on Router B and configure BFD parameters.

[RouterB] bfd session init-mode active

[RouterB] interface GigabitEthernet 3/1/1

[RouterB-GigabitEthernet3/1/1] ospfv3 bfd enable

[RouterB-GigabitEthernet3/1/1] bfd min-transmit-interval 500

[RouterB-GigabitEthernet3/1/1] bfd min-receive-interval 500

[RouterB-GigabitEthernet3/1/1] bfd detect-multiplier 6

4.      Verify the configuration:

The following operations are performed on Router A. The operations on Router B are similar, and thus are not shown.

# Display the BFD information of Router A.

<RouterA> display bfd session

Total Session Num: 1            Init Mode: Active

 

 IPv6 Session Working Under Ctrl Mode:

 

     Local Discr: 1441                Remote Discr: 1450

       Source IP: FE80::20F:FF:FE00:1202 (link-local address of GigabitEthernet 3/1/1 on Router A)

  Destination IP: FE80::20F:FF:FE00:1200 (link-local address of GigabitEthernet 3/1/1 on Router B)

   Session State: Up                     Interface: GE3/1/1

       Hold Time:    /

# Display routes to 2001:2::0/64 on Router A, and you can see that Router A communicates with Router B through the Layer 2 switch.

<RouterA> display ipv6 routing-table 2001:4::0 64 verbose

Routing Table :

Summary Count : 2

 

 Destination  : 2001:4::0                               PrefixLength : 64

 NextHop      : 2001::2                                 Preference   : 10

 RelayNextHop : ::                                      Tag          : 0H

 Neighbor     : ::                                      ProcessID    : 0

 Interface    : GigabitEthernet3/1/1                    Protocol     : OSPFv3

 State        : Active Adv                              Cost         : 1

 Tunnel ID    : 0x0                                     Label        : NULL

 Age          : 4538sec

 

 Destination  : 2001:4::0                               PrefixLength : 64

 NextHop      : 2001:2::2                               Preference   : 10

 RelayNextHop : ::                                      Tag          : 0H

 Neighbor     : ::                                      ProcessID    : 0

 Interface    : GigabitEthernet3/1/2                             Protocol     : OSPFv3

 State        : Invalid Adv                             Cost         : 2

 Tunnel ID    : 0x0                                     Label        : NULL

 Age          : 4515sec

# Enable BFD debugging on Router A.

<RouterA> debugging bfd scm

<RouterA> debugging bfd event

<RouterA> debugging ospfv3 event bfd

<RouterA> terminal debugging

# After the link between Router B and the Layer 2 switch fails, Router A quickly detects the change on Router B.

%Nov  5 11:37:43:062 2009 RouterA BFD/5/BFD_CHANGE_FSM: Sess[FE80::20F:FF:FE00:1202/ FE80::20F:FF:FE00:1200,15/15,GE3/1/1,Ctrl], Sta: UP->DOWN, Diag: 1

%Nov  5 11:37:43:062 2009 RouterA OSPFV3/5/OSPFv3_NBR_CHG: OSPFv3 1 Neighbor 2.2.2.2(GigabitEthernet3/1/1) from Full to Down.

*Nov  5 11:37:43:062 2009 RouterA RM/6/RMDEBUG: OSPFv3 OSPFv3-BFD: Message Type rcv BFD down, Connect Type direct-connect, Src IP Address FE80::20F:FF:FE00:1202, Dst IP Address FE80::20F:FF:FE00:1200.

*Nov  5 11:37:43:062 2009 RouterA RM/6/RMDEBUG: OSPFv3 OSPFv3-BFD: Message Type delete session, Connect Type direct-connect, Src IP Address FE80::20F:FF:FE00:1202, Dst IP Address FE80::20F:FF:FE00:1200.

# Display the BFD information of Router A. You can see that Router A has removed its neighbor relationship with Router B and therefore no information is output.

<RouterA> display bfd session

# Display routes to 1200::0/64 on Router A, and you can see that Router A communicates with Router B through Router C.

<RouterA> display ipv6 routing-table 2001:2::0 64 verbose

Routing Table :

Summary Count : 1

 

 Destination  : 2001:4::0                               PrefixLength : 64

 NextHop      : 2001:2::2                               Preference   : 10

 RelayNextHop : ::                                      Tag          : 0H

 Neighbor     : ::                                      ProcessID    : 0

 Interface    : GigabitEthernet3/1/2                    Protocol     : OSPFv3

 State        : Invalid Adv                             Cost         : 2

 Tunnel ID    : 0x0                                     Label        : NULL

 Age          : 4610sec

Configuring OSPFv3 IPsec policies

Network requirements

As shown in Figure 7,

·           Configure OSPFv3 on the routers. The AS is divided into two areas.

·           Configure IPsec policies on the routers to authenticate and encrypt protocol packets.

Figure 7 Network diagram

 

Configuration procedure

1.      Configure IPv6 addresses for interfaces. (Details not shown)

2.      Configure OSPFv3 basic functions:

# Configure Router A: enable OSPFv3 and configure the Router ID as 1.1.1.1.

<RouterA> system-view

[RouterA] ipv6

[RouterA] ospfv3 1

[RouterA-ospfv3-1] router-id 1.1.1.1

[RouterA-ospfv3-1] quit

[RouterA] interface GigabitEthernet 3/1/2

[RouterA-GigabitEthernet3/1/2] ospfv3 1 area 1

[RouterA-GigabitEthernet3/1/2] quit

# Configure Router B: enable OSPFv3 and configure the Router ID as 2.2.2.2.

<RouterB> system-view

[RouterB] ipv6

[RouterB] ospfv3 1

[RouterB-ospfv3-1] router-id 2.2.2.2

[RouterB-ospfv3-1] quit

[RouterB] interface GigabitEthernet 3/1/2

[RouterB-GigabitEthernet3/1/2] ospfv3 1 area 1

[RouterB-GigabitEthernet3/1/2] quit

[RouterB] interface GigabitEthernet 3/1/1

[RouterB-GigabitEthernet3/1/1] ospfv3 1 area 0

[RouterB-GigabitEthernet3/1/1] quit

# Configure Router C: enable OSPFv3 and configure the Router ID as 3.3.3.3.

<RouterC> system-view

[RouterC] ipv6

[RouterC] ospfv3 1

[RouterC-ospfv3-1] router-id 3.3.3.3

[RouterC-ospfv3-1] quit

[RouterC] interface GigabitEthernet 3/1/1

[RouterC-GigabitEthernet3/1/1] ospfv3 1 area 0

[RouterC-GigabitEthernet3/1/1] quit

3.      Configure OSPFv3 IPsec policies:

# On Router A, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1; create an IPsec policy named policy001, specify the manual mode for it, reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the keys for the inbound and outbound SAs using ESP to abcdefg.

[RouterA] ipsec proposal tran1

[RouterA-ipsec-proposal-tran1] encapsulation-mode transport

[RouterA-ipsec-proposal-tran1] transform esp

[RouterA-ipsec-proposal-tran1] esp encryption-algorithm des

[RouterA-ipsec-proposal-tran1] esp authentication-algorithm sha1

[RouterA-ipsec-proposal-tran1] quit

[RouterA] ipsec policy policy001 10 manual

[RouterA-ipsec-policy-manual-policy001-10] proposal tran1

[RouterA-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345

[RouterA-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345

[RouterA-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg

[RouterA-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg

[RouterA-ipsec-policy-manual-policy001-10] quit

# On Router B, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1; create an IPsec policy named policy001, specify the manual mode for it, reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the keys for the inbound and outbound SAs using ESP to abcdefg; create an IPsec proposal named tran2, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1; create an IPsec policy named policy002, specify the manual mode for it, reference IPsec proposal tran2, set the SPIs of the inbound and outbound SAs to 54321, and the keys for the inbound and outbound SAs using ESP to gfedcba.

[RouterB] ipsec proposal tran1

[RouterB-ipsec-proposal-tran1] encapsulation-mode transport

[RouterB-ipsec-proposal-tran1] transform esp

[RouterB-ipsec-proposal-tran1] esp encryption-algorithm des

[RouterB-ipsec-proposal-tran1] esp authentication-algorithm sha1

[RouterB-ipsec-proposal-tran1] quit

[RouterB] ipsec policy policy001 10 manual

[RouterB-ipsec-policy-manual-policy001-10] proposal tran1

[RouterB-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345

[RouterB-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345

[RouterB-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg

[RouterB-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg

[RouterB-ipsec-policy-manual-policy001-10] quit

[RouterB] ipsec proposal tran2

[RouterB-ipsec-proposal-tran2] encapsulation-mode transport

[RouterB-ipsec-proposal-tran2] transform esp

[RouterB-ipsec-proposal-tran2] esp encryption-algorithm des

[RouterB-ipsec-proposal-tran2] esp authentication-algorithm sha1

[RouterB-ipsec-proposal-tran2] quit

[RouterB] ipsec policy policy002 10 manual

[RouterB-ipsec-policy-manual-policy002-10] proposal tran2

[RouterB-ipsec-policy-manual-policy002-10] sa spi outbound esp 54321

[RouterB-ipsec-policy-manual-policy002-10] sa spi inbound esp 54321

[RouterB-ipsec-policy-manual-policy002-10] sa string-key outbound esp gfedcba

[RouterB-ipsec-policy-manual-policy002-10] sa string-key inbound esp gfedcba

[RouterB-ipsec-policy-manual-policy002-10] quit

# On Router C, create an IPsec proposal named tran2, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1; create an IPsec policy named policy002, specify the manual mode for it, reference IPsec proposal tran2, set the SPIs of the inbound and outbound SAs to 54321, and the keys for the inbound and outbound SAs using ESP to gfedcba.

[RouterC] ipsec proposal tran2

[RouterC-ipsec-proposal-tran2] encapsulation-mode transport

[RouterC-ipsec-proposal-tran2] transform esp

[RouterC-ipsec-proposal-tran2] esp encryption-algorithm des

[RouterC-ipsec-proposal-tran2] esp authentication-algorithm sha1

[RouterC-ipsec-proposal-tran2] quit

[RouterC] ipsec policy policy002 10 manual

[RouterC-ipsec-policy-manual-policy002-10] proposal tran2

[RouterC-ipsec-policy-manual-policy002-10] sa spi outbound esp 54321

[RouterC-ipsec-policy-manual-policy002-10] sa spi inbound esp 54321

[RouterC-ipsec-policy-manual-policy002-10] sa string-key outbound esp gfedcba

[RouterC-ipsec-policy-manual-policy002-10] sa string-key inbound esp gfedcba

[RouterC-ipsec-policy-manual-policy002-10] quit

4.      Apply the IPsec policies in areas:

# Configure Router A.

[RouterA] ospfv3 1

[RouterA-ospfv3-1] area 1

[RouterA-ospfv3-1-area-0.0.0.1] enable ipsec-policy policy001

[RouterA-ospfv3-1-area-0.0.0.1] quit

[RouterA-ospfv3-1] quit

# Configure Router B.

[RouterB] ospfv3 1

[RouterB-ospfv3-1] area 0

[RouterB-ospfv3-1-area-0.0.0.0] enable ipsec-policy policy002

[RouterB-ospfv3-1-area-0.0.0.0] quit

[RouterB-ospfv3-1] area 1

[RouterB-ospfv3-1-area-0.0.0.1] enable ipsec-policy policy001

[RouterB-ospfv3-1-area-0.0.0.1] quit

[RouterB-ospfv3-1] quit

# Configure Router C.

[RouterC] ospfv3 1

[RouterC-ospfv3-1] area 0

[RouterC-ospfv3-1-area-0.0.0.0] enable ipsec-policy policy002

[RouterC-ospfv3-1-area-0.0.0.0] quit

[RouterC-ospfv3-1] quit

5.      Verify the configuration:

OSPFv3 traffic between Routers A, B and C is protected by IPsec.

Troubleshooting OSPFv3 configuration

No OSPFv3 neighbor relationship established

Symptom

No OSPF neighbor relationship can be established.

Analysis

If the physical link and lower protocol function properly, check OSPF parameters configured on interfaces. The two neighboring interfaces must have the same parameters, such as the area ID, network segment and mask and network type. If the network type is broadcast, at least one interface must have a DR priority higher than 0.

Solution

1.      Display neighbor information using the display ospfv3 peer command.

2.      Display OSPFv3 interface information using the display ospfv3 interface command.

3.      Ping the neighbor router’s IP address to check connectivity.

4.      Check OSPF timers. The dead interval on an interface must be at least four times the hello interval.

5.      On a broadcast network, at least one interface must have a DR priority higher than 0.

Incorrect routing information

Symptom

OSPFv3 cannot find routes to other areas.

Analysis

The backbone area must maintain connectivity to all other areas. If a router connects to more than one area, at least one area must be connected to the backbone. The backbone cannot be configured as a Stub area.

In a Stub area, all routers cannot receive external routes, and all interfaces connected to the Stub area must be associated with the Stub area.

Solution

1.      Use the display ospfv3 peer command to display OSPFv3 neighbors.

2.      Use the display ospfv3 interface command to display OSPFv3 interface information.

3.      Use the display ospfv3 lsdb command to display Link State Database information to check integrity.

4.      Display information about area configuration using the display current-configuration configuration command. If more than two areas are configured, at least one area is connected to the backbone.

5.      In a Stub area, all routers are configured with the stub command.

6.      If a virtual link is configured, use the display ospf vlink command to check the neighbor state.