This documentation has been moved
Implementing OSPF for IPv6
Downloads: This chapterpdf (PDF - 476.0KB) The complete bookPDF (PDF - 7.45MB) | Feedback

Implementing OSPFv3

Table Of Contents

Implementing OSPFv3

Finding Feature Information

Contents

Prerequisites for Implementing OSPFv3

Restrictions for Implementing OSPFv3

Information About Implementing OSPFv3

How OSPFv3 Works

Comparison of OSPF version 3 and OSPF Version 2

OSPFv3 Address Families

LSA Types for OSPFv3

NBMA in OSPFv3

OSPFv3 Max-Metric Router LSA

Force SPF in OSPFv3

Fast Convergence—LSA and SPF Throttling

Load Balancing in OSPFv3

Address Import into OSPFv3

OSPFv3 Customization

OSPFv3 Authentication Support with IPsec

OSPFv3 Virtual Links

OSPFv3 Cost Calculation

OSPFv3 External Path Preference Option

OSPFv3 Graceful Restart

BFD Support for OSPFv3

How to Implement OSPFv3

Configuring the OSPFv3 Router Process

Configuring the IPv6 Address Family in OSPFv3

Configuring the IPv4 Address Family in OSPFv3

Configuring Route Redistribution in OSPFv3

Enabling OSPFv3 on an Interface

Defining an OSPFv3 Area Range for the IPv6 or IPv4 Address Family

Prerequisites

Defining an OSPFv3 Area Range

Configuring IPsec on OSPFv3

Defining Authentication on an Interface

Defining Encryption on an Interface

Defining Authentication in an OSPFv3 Area

Defining Encryption in an OSPFv3 Area

Defining Authentication and Encryption for a Virtual Link in an OSPFv3 Area

Configuring NBMA Interfaces in OSPFv3

Prerequisites

Restrictions

Configuring the OSPFv3 Max-Metric Router LSA

Tuning LSA and SPF Timers for OSPFv3 Fast Convergence

Configuring LSA and SPF Throttling for OSPFv3 Fast Convergence

Enabling Event Logging

Enabling Event Logging in Releases Prior to Cisco IOS Release 15.1(3)S amd 15.2(1)T

Clearing the Content of an Event Log

Calculating OSPFv3 External Path Preferences per RFC 5340

Enabling OSPFv3 Graceful Restart

Enabling OSPFv3 Graceful Restart on a Graceful-Restart-Capable Router

Enabling OSPFv3 Graceful Restart on a Graceful-Restart-Aware Router

Forcing an SPF Calculation

Verifying OSPFv3 Configuration and Operation

Verifying OSPFv3 Configuration and Operation

Examples

Configuration Examples for Implementing OSPFv3

Example: Enabling OSPFv3 on an Interface Configuration

Example: Defining an OSPFv3 Area Range

Example: Defining Authentication on an Interface

Example: Defining Authentication in an OSPFv3 Area

Example: Configuring NBMA Interfaces Configuration

Example: Configuring LSA and SPF Throttling for OSPFv3 Fast Convergence

Example: Forcing SPF Configuration

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Feature Information for Implementing OSPFv3


Implementing OSPFv3


First Published: March 17, 2003
Last Updated: September 26, 2011

The Implementing OSPFv3 module expands on Open Shortest Path First version 3 (OSPFv3) to provide support for IPv6 routing prefixes.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Implementing OSPFv3" section.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for Implementing OSPFv3

Restrictions for Implementing OSPFv3

Information About Implementing OSPFv3

How to Implement OSPFv3

Configuration Examples for Implementing OSPFv3

Additional References

Feature Information for Implementing OSPFv3

Prerequisites for Implementing OSPFv3

Before you enable OSPFv3 on an interface, you must do the following:

Complete the OSPFv3 network strategy and planning for your IPv6 network. For example, you must decide whether multiple areas are required.

Enable IPv6 unicast routing.

Enable IPv6 on the interface.

Configure the IP Security (IPsec) secure socket application program interface (API) on OSPFv3 in order to enable authentication and encryption.

To use the IPv4 unicast address families (AF) in OSPFv3, you must enable IPv6 on a link, although the link may not be participating in IPv6 unicast AF.

With the OSPFv3 Address Families feature, users may have two router processes per interface, but only one process per AF. If the AF is IPv4, an IPv4 address must first be configured on the interface, but IPv6 must be enabled on the interface.

Restrictions for Implementing OSPFv3

When running a dual-stack IP network with OSPF version 2 for IPv4 and OSPFv3, be careful when changing the defaults for commands used to enable OSPFv3. Changing these defaults may affect your OSPFv3 network, possibly adversely.

Authentication is supported as of Cisco IOS Release 12.3(4)T.

ESP authentication and encryption are supported as of Cisco IOS Release 12.4(9)T.

A packet will be rejected on a router if the packet is coming from an IPv6 address that is found on any interface on the same router.

Information About Implementing OSPFv3

How OSPFv3 Works

Comparison of OSPF version 3 and OSPF Version 2

LSA Types for OSPFv3

Force SPF in OSPFv3

Fast Convergence—LSA and SPF Throttling

Load Balancing in OSPFv3

Address Import into OSPFv3

OSPFv3 Customization

OSPFv3 Authentication Support with IPsec

OSPFv3 External Path Preference Option

OSPFv3 Graceful Restart

BFD Support for OSPFv3

How OSPFv3 Works

OSPF is a routing protocol for IP. It is a link-state protocol, as opposed to a distance-vector protocol. Think of a link as being an interface on a networking device. A link-state protocol makes its routing decisions based on the states of the links that connect source and destination machines. The state of a link is a description of that interface and its relationship to its neighboring networking devices. The interface information includes the IPv6 prefix of the interface, the network mask, the type of network it is connected to, the routers connected to that network, and so on. This information is propagated in various type of link-state advertisements (LSAs).

A router's collection of LSA data is stored in a link-state database. The contents of the database, when subjected to the Dijkstra algorithm, result in the creation of the OSPF routing table. The difference between the database and the routing table is that the database contains a complete collection of raw data; the routing table contains a list of shortest paths to known destinations via specific router interface ports.

OSPF version 3, which is described in RFC 5340, supports IPv6 and IPv4 unicast AFs.

Comparison of OSPF version 3 and OSPF Version 2

Much of OSPF version 3 is the same as in OSPF version 2. OSPFv3, which is described in RFC 5340, expands on OSPF version 2 to provide support for IPv6 routing prefixes and the larger size of IPv6 addresses.

In OSPFv3, a routing process does not need to be explicitly created. Enabling OSPFv3 on an interface will cause a routing process, and its associated configuration, to be created.

In OSPFv3, each interface must be enabled using commands in interface configuration mode. This feature is different from OSPF version 2, in which interfaces are indirectly enabled using the router configuration mode.

When using a nonbroadcast multiaccess (NBMA) interface in OSPFv3, users must manually configure the router with the list of neighbors. Neighboring routers are identified by their router ID.

In IPv6, users can configure many address prefixes on an interface. In OSPFv3, all address prefixes on an interface are included by default. Users cannot select some address prefixes to be imported into OSPFv3; either all address prefixes on an interface are imported, or no address prefixes on an interface are imported.

Unlike OSPF version 2, multiple instances of OSPFv3 can be run on a link.

OSPF automatically prefers a loopback interface over any other kind, and it chooses the highest IP address among all loopback interfaces. If no loopback interfaces are present, the highest IP address in the router is chosen. You cannot tell OSPF to use any particular interface.

OSPFv3 Address Families

The OSPFv3 address families feature enables both IPv4 and IPv6 unicast traffic to be supported. With this feature, users may have two router processes per interface, but only one process per AF. If the IPv4 AF is used, an IPv4 address must first be configured on the interface, but IPv6 must be enabled on the interface. A single IPv4 or IPv6 OSPFv3 process running multiple instances on the same interface is not supported.

Users with an IPv6 network that uses OSPFv3 as its IGP may want to use the same IGP to help carry and install IPv4 routes. All routers on this network have an IPv6 forwarding stack. Some (or all) of the links on this network may be allowed to do IPv4 forwarding and be configured with IPv4 addresses. Pockets of IPv4-only routers exist around the edges running an IPv4 static or dynamic routing protocol. In this scenario, users need the ability to forward IPv4 traffic between these pockets without tunneling overhead, which means that any IPv4 transit router has both IPv4 and IPv6 forwarding stacks (e.g., is dual stack).

This feature allows a separate (possibly incongruent) topology to be constructed for the IPv4 AF. It installs Pv4 routes in IPv4 RIB, and then the forwarding occurs natively. The OSPFv3 process fully supports an IPv4 AF topology and can redistribute routes from and into any other IPv4 routing protocol.

An OSPFv3 process can be configured to be either IPv4 or IPv6. The address-family command is used to determine which AF will run in the OSPFv3 process, and only one address family can be configured per instance. Once the AF is selected, users can enable multiple instances on a link and enable address-family-specific commands.

Different instance ID ranges are used for each AF. Each AF establishes different adjacencies, has a different link state database, and computes a different shortest path tree. The AF then installs the routes in AF-specific RIB. LSAs that carry IPv6 unicast prefixes are used without any modification in different instances to carry each AFs' prefixes.

The IPv4 subnets configured on OSPFv3-enabled interfaces are advertised through intra-area prefix LSAs, just as any IPv6 prefixes. External LSAs are used to advertise IPv4 routes redistributed from any IPv4 routing protocol, including connected and static. The IPv4 OSPFv3 process runs the SPF calculations and finds the shortest path to those IPv4 destinations. These computed routes are then inserted in the IPv4 RIB (computed routes are inserted into an IPv6 RIB for an IPv6 AF).

Because the IPv4 OSPFv3 process allocates a unique pdbindex in the IPv4 RIB, all other IPv4 routing protocols can redistribute routes from it. The parse chain for all protocols is same, so the ospfv3 keyword added to the list of IPv4 routing protocols causes OSPFv3 to appear in the redistribute command from any IPv4 routing protocol. With the ospfv3 keyword, IPv4 OSPFv3 routes can be redistributed into any other IPv4 routing protocol as defined in the redistribute ospfv3 command.

The OSPFv3 address families feature is supported as of Cisco IOS Release 15.1(3)S and Cisco IOS Release 15.2(1)T. Cisco routers that run software older than these releases and third-party routers will not neighbor with routers running the AF feature for the IPv4 AF because they do not set the AF bit. Therefore, those routers will not participate in the IPv4 AF SPF calculations and will not install the IPv4 OSPFv3 routes in the IPv6 RIB.

LSA Types for OSPFv3

The following list describes LSA types, each of which has a different purpose:

Router LSAs (Type 1)—Describes the link state and costs of a router's links to the area. These LSAs are flooded within an area only. The LSA indicates if the router is an Area Border Router (ABR) or Autonomous System Boundary Router (ASBR), and if it is one end of a virtual link. Type 1 LSAs are also used to advertise stub networks. In OSPFv3, these LSAs have no address information and are network-protocol-independent. In OSPFv3, router interface information may be spread across multiple router LSAs. Receivers must concatenate all router LSAs originated by a given router when running the SPF calculation.

Network LSAs (Type 2)—Describes the link-state and cost information for all routers attached to the network. This LSA is an aggregation of all the link-state and cost information in the network. Only a designated router tracks this information and can generate a network LSA. In OSPFv3, network LSAs have no address information and are network-protocol-independent.

Interarea-prefix LSAs for ABRs (Type 3)—Advertises internal networks to routers in other areas (interarea routes). Type 3 LSAs may represent a single network or a set of networks summarized into one advertisement. Only ABRs generate summary LSAs. In OSPFv3, addresses for these LSAs are expressed as prefix, prefix length instead of address, mask. The default route is expressed as a prefix with length 0.

Interarea-router LSAs for ASBRs (Type 4)—Advertises the location of an ASBR. Routers that are trying to reach an external network use these advertisements to determine the best path to the next hop. Type 4 LSAs are generated by ABRs on behalf of ASBRs.

Autonomous system external LSAs (Type 5)—Redistributes routes from another AS, usually from a different routing protocol into OSPFv3. In OSPFv3, addresses for these LSAs are expressed as prefix, prefix length instead of address, mask. The default route is expressed as a prefix with length 0.

Link LSAs (Type 8)—Have local-link flooding scope and are never flooded beyond the link with which they are associated. Link LSAs provide the link-local address of the router to all other routers attached to the link, inform other routers attached to the link of a list of prefixes to associate with the link, and allow the router to assert a collection of Options bits to associate with the network LSA that will be originated for the link.

Intra-Area-Prefix LSAs (Type 9)—A router can originate multiple intra-area-prefix LSAs for each router or transit network, each with a unique link-state ID. The link-state ID for each intra-area-prefix LSA describes its association to either the router LSA or the network LSA and contains prefixes for stub and transit networks.

An address prefix occurs in almost all newly defined LSAs. The prefix is represented by three fields: PrefixLength, PrefixOptions, and Address Prefix. In OSPFv3, addresses for these LSAs are expressed as prefix, prefix length instead of address, mask. The default route is expressed as a prefix with length 0. Type 3 and Type 9 LSAs carry all prefix (subnet) information that, in OSPFv2, is included in router LSAs and network LSAs. The Options field in certain LSAs (router LSAs, network LSAs, interarea-router LSAs, and link LSAs) has been expanded to 24 bits to provide support for OSPFv3.

In OSPFv3, the sole function of link-state ID in interarea-prefix LSAs, interarea-router LSAs, and autonomous-system external LSAs is to identify individual pieces of the link-state database. All addresses or router IDs that are expressed by the link-state ID in OSPF version 2 are carried in the body of the LSA in OSPFv3.

The link-state ID in network LSAs and link LSAs is always the interface ID of the originating router on the link being described. For this reason, network LSAs and link LSAs are now the only LSAs whose size cannot be limited. A network LSA must list all routers connected to the link, and a link LSA must list all of the address prefixes of a router on the link.

NBMA in OSPFv3

On NBMA networks, the designated router (DR) or backup DR (BDR) performs the LSA flooding. On point-to-point networks, flooding simply goes out an interface directly to a neighbor.

Routers that share a common segment (Layer 2 link between two interfaces) become neighbors on that segment. OSPFv3 uses the Hello protocol, periodically sending hello packets out each interface. Routers become neighbors when they see themselves listed in the neighbor's hello packet. After two routers become neighbors, they may proceed to exchange and synchronize their databases, which creates an adjacency. Not all neighboring routers have an adjacency.

On point-to-point and point-to-multipoint networks, the software floods routing updates to immediate neighbors. There is no DR or BDR; all routing information is flooded to each networking device.

On broadcast or NBMA segments only, OSPFv3 minimizes the amount of information being exchanged on a segment by choosing one router to be a DR and one router to be a BDR. Thus, the routers on the segment have a central point of contact for information exchange. Instead of each router exchanging routing updates with every other router on the segment, each router exchanges information with the DR and BDR. The DR and BDR relay the information to the other routers.

The software looks at the priority of the routers on the segment to determine which routers will be the DR and BDR. The router with the highest priority is elected the DR. If there is a tie, then the router with the higher router ID takes precedence. After the DR is elected, the BDR is elected the same way. A router with a router priority set to zero is ineligible to become the DR or BDR.

When using NBMA in OSPFv3, you cannot automatically detect neighbors. On an NBMA interface, you must configure your neighbors manually using interface configuration mode.

OSPFv3 Max-Metric Router LSA

The OSPFv3 max-metric router LSA feature enables OSPFv3 to advertise its locally generated router LSAs with a maximum metric. The feature allows OSPFv3 processes to converge but not attract transit traffic through the router if there are better alternate paths. After a specified timeout or a notification from BGP, OSPFv3 advertises the LSAs with normal metrics.

The max-metric LSA control places the OSPFv3 router into the stub router role using its LSA advertisement. A stub router only forwards packets destined to go to its directly connected links. In OSPFv3 networks, a router could become a stub router by advertising large metrics for its connected links, so that the cost of a path through this router becomes larger than that of an alternative path. OSPFv3 stub router advertisement allows a router to advertise the infinity metric (0xFFFF) for its connected links in router LSAs and advertise normal interface cost if the link is a stub network.

Force SPF in OSPFv3

When the process keyword is used with the clear ipv6 ospf command, the OSPFv3 database is cleared and repopulated, and then the SPF algorithm is performed. When the force-spf keyword is used with the clear ipv6 ospf command, the OSPFv3 database is not cleared before the SPF algorithm is performed.

Fast Convergence—LSA and SPF Throttling

The OSPFv3 LSA and SPF throttling feature provides a dynamic mechanism to slow down link-state advertisement updates in OSPFv3 during times of network instability. It also allows faster OSPFv3 convergence by providing LSA rate limiting in milliseconds.

Previously, OSPFv3 used static timers for rate-limiting SPF calculation and LSA generation. Although these timers are configurable, the values used are specified in seconds, which poses a limitation on OSPFv3 convergence. LSA and SPF throttling achieves subsecond convergence by providing a more sophisticated SPF and LSA rate-limiting mechanism that is able to react quickly to changes and also provide stability and protection during prolonged periods of instability.

Load Balancing in OSPFv3

When a router learns multiple routes to a specific network via multiple routing processes (or routing protocols), it installs the route with the lowest administrative distance in the routing table. Sometimes the router must select a route from among many learned via the same routing process with the same administrative distance. In this case, the router chooses the path with the lowest cost (or metric) to the destination. Each routing process calculates its cost differently and the costs may need to be manipulated in order to achieve load balancing.

OSPFv3 performs load balancing automatically in the following way. If OSPFv3 finds that it can reach a destination through more than one interface and each path has the same cost, it installs each path in the routing table. The only restriction on the number of paths to the same destination is controlled by the maximum-paths command. The default maximum paths is 16, and the range is from 1 to 64.

Address Import into OSPFv3

When importing the set of addresses specified on an interface on which OSPFv3 is running into OSPFv3, users cannot select specific addresses to be imported. Either all addresses are imported, or no addresses are imported.

OSPFv3 Customization

You can customize OSPFv3 for your network, but you likely will not need to do so. The defaults for OSPFv3 are set to meet the requirements of most customers and features. If you must change the defaults, refer to the IPv6 command reference to find the appropriate syntax.


Caution Be careful when changing the defaults. Changing defaults will affect your OSPFv3 network, possibly adversely.

OSPFv3 Authentication Support with IPsec

In order to ensure that OSPFv3 packets are not altered and re-sent to the router, causing the router to behave in a way not desired by its managers, OSPFv3 packets must be authenticated. OSPFv3 uses the IP Security (IPsec) secure socket application program interface (API) to add authentication to OSPFv3 packets. This API has been extended to provide support for IPv6.

OSPFv3 requires the use of IPsec to enable authentication. Crypto images are required to use authentication, because only crypto images include the IPsec API needed for use with OSPFv3.

In OSPFv3, authentication fields have been removed from OSPFv3 packet headers. When OSPFv3 runs on IPv6, OSPFv3 requires the IPv6 authentication header (AH) or IPv6 ESP header to ensure integrity, authentication, and confidentiality of routing exchanges. IPv6 AH and ESP extension headers can be used to provide authentication and confidentiality to OSPFv3.

To use the IPsec AH, you must enable the ipv6 ospf authentication command. To use the IPsec ESP, you must enable the ipv6 ospf encryption command. The ESP header may be applied alone or in combination with the AH, and when ESP is used, both encryption and authentication are provided. Security services can be provided between a pair of communicating hosts, between a pair of communicating security gateways, or between a security gateway and a host.

To configure IPsec, users configure a security policy, which is a combination of the security policy index (SPI) and the key (the key is used to create and validate the hash value). IPsec for OSPFv3 can be configured on an interface or on an OSPFv3 area. For higher security, users should configure a different policy on each interface configured with IPsec. If a user configures IPsec for an OSPFv3 area, the policy is applied to all of the interfaces in that area, except for the interfaces that have IPsec configured directly. Once IPsec is configured for OSPFv3, IPsec is invisible to the user.

The secure socket API is used by applications to secure traffic. The API needs to allow the application to open, listen, and close secure sockets. The binding between the application and the secure socket layer also allows the secure socket layer to inform the application of changes to the socket, such as connection open and close events. The secure socket API is able to identify the socket; that is, it can identify the local and remote addresses, masks, ports, and protocol that carry the traffic requiring security.

Each interface has a secure socket state, which can be one of the following:

NULL: Do not create a secure socket for the interface if authentication is configured for the area.

DOWN: IPsec has been configured for the interface (or the area that contains the interface), but OSPFv3 either has not requested IPsec to create a secure socket for this interface, or there is an error condition.

GOING UP: OSPFv3 has requested a secure socket from IPsec and is waiting for a CRYPTO_SS_SOCKET_UP message from IPsec.

UP: OSPFv3 has received a CRYPTO_SS_SOCKET_UP message from IPsec.

CLOSING: The secure socket for the interface has been closed. A new socket may be opened for the interface, in which case the current secure socket makes the transition to the DOWN state. Otherwise, the interface will become UNCONFIGURED.

UNCONFIGURED: Authentication is not configured on the interface.

OSPFv3 will not send or accept packets while in the DOWN state.

For further information on IPsec, refer to the Implementing IPsec in IPv6 Security document.

OSPFv3 Virtual Links

For each virtual link, a master security information datablock is created for the virtual link. Because a secure socket must be opened on each interface, there will be a corresponding security information datablock for each interface in the transit area. The secure socket state is kept in the interface's security information datablock. The state field in the master security information datablock reflects the status of all of the secure sockets opened for the virtual link. If all of the secure sockets are UP, then the security state for the virtual link will be set to UP.

Packets sent on a virtual link with IPsec must use predetermined source and destination addresses. The first local area address found in the router's intra-area-prefix LSA for the area is used as the source address. This source address is saved in the area data structure and used when secure sockets are opened and packets sent over the virtual link. The virtual link will not transition to the point-to-point state until a source address is selected. Also, when the source or destination address changes, the previous secure sockets must be closed and new secure sockets opened.


Note Virtual links are not supported for the IPv4 AF.


OSPFv3 Cost Calculation

Because cost components can change rapidly, it might be necessary to dampen the volume of changes to reduce network-wide churn. The recommended values for S2, S3, and S4 are based on network simulations that may reduce the rate of network changes. The recommended value for S1 is 0 to eliminate this variable from the route cost calculation.

The overall link cost is computed using the following formula shown in Figure 1.

Figure 1 Overall Link Cost Formula

Table 1 defines the symbols used in the OSPFv3 cost calculation.

Table 1 OSPFv3 Cost Calculation Definitions

Cost Component
Component Definition

OC

The "default OSPFv3 cost." Calculated from reference bandwidth using reference_bw / (MDR*1000), where reference_bw=10^8.

A through D

Various radio-specific data-based formulas that produce results in the 0 through 64,000 range.

A

CDR- and MDR-related formula:

(2^16 * (100 - (CDR * 100 / MDR)))/100

B

Resources related formula:

((100 - RESOURCES)^3 * 2^16 / 10^6)

C

Latency as reported by the radio, already in the 0 through 64K range when reported (LATENCY).

D

RLF-related formula:

((100 - RLF) * 2^16)/100

S1 through S4

Scalar weighting factors input from the command-line interface (CLI). These scalars scale down the values as computed by A through D.

The value of 0 disables and value of 100 enables full 0 through 64,000 range for one component.


Because each network might have unique characteristics that require different settings to optimize actual network performance, these are recommended values intended as a starting point for optimizing an OSPFv3 network. Table 2 lists the recommended value settings for OSPFv3 cost metrics.

Table 2 Recommended Value Settings for OSPFv3 Cost Metrics

Setting
Metric Description
Default Value
Recommended Value

S1

ipv6 ospf dynamic weight throughout

100

0

S2

ipv6 ospf dynamic weight resources

100

29

S3

ipv6 ospf dynamic weight latency

100

29

S4

ipv6 ospf dynamic weight L2 factor

100

29


The default path costs were calculated using this formula, as noted in the following list. If these values do not suit your network, you can use your own method of calculating path costs.

56-kbps serial link—Default cost is 1785.

64-kbps serial link—Default cost is 1562.

T1 (1.544-Mbps serial link)—Default cost is 64.

E1 (2.048-Mbps serial link)—Default cost is 48.

4-Mbps Token Ring—Default cost is 25.

Ethernet—Default cost is 10.

16-Mbps Token Ring—Default cost is 6.

FDDI—Default cost is 1.

X25—Default cost is 5208.

Asynchronous—Default cost is 10,000.

ATM—Default cost is 1.

To illustrate these settings, the following example shows how OSPFv3 cost metrics might be defined for a VMI interface:

interface vmi1
 ipv6 ospf cost dynamic weight throughput 0
 ipv6 ospf cost dynamic weight resources 29
 ipv6 ospf cost dynamic weight latency 29
 ipv6 ospf cost dynamic weight L2-factor 29

OSPFv3 External Path Preference Option

Per RFC 5340, the following rules indicate which paths are preferred when multiple intra-AS paths are available to ASBRs or forwarding addresses:

Intra-area paths using non-backbone areas are always the most preferred.

The other paths, intra-area backbone paths and inter-area paths, are of equal preference.

These rules apply when the same ASBR is reachable through multiple areas, or when trying to decide which of several AS-external-LSAs should be preferred. In the former case the paths all terminate at the same ASBR, while in the latter the paths terminate at separate ASBRs or forwarding addresses. In either case, each path is represented by a separate routing table entry. This feature only applies when RFC 1583 compatibility is set to disabled using the no compatibility rfc1583 command (RFC 5340 provides an update to RFC 1583).


Caution To minimize the chance of routing loops, all OSPF routers in an OSPF routing domain should have RFC compatibility set identically.

OSPFv3 Graceful Restart

The graceful restart feature in OSPFv3 allows nonstop data forwarding along routes that are already known while the OSPFv3 routing protocol information is being restored. A router can participate in graceful restart either in restart mode (such as in a graceful-restart-capable router) or in helper mode (such as in a graceful-restart-aware router).

To perform the graceful restart function, a router must be in high availability (HA) stateful switchover (SSO) mode (that is, dual RP). A router capable of graceful restart will perform the graceful restart function when the following failures occur:

A Route Processor (RP) failure that results in switchover to standby RP

A planned RP switchover to standby RP

The graceful restart feature requires that neighboring routers be graceful-restart aware.

For further information about SSO and nonstop forwarding (NSF), see the Stateful Switchover and Cisco Nonstop Forwarding documents.

BFD Support for OSPFv3

Bidirectional Forwarding Detection (BFD) supports OSPFv3. For information on how to configure BFD for OSPFv3, see the Implementing Bidirectional Forwarding Detection for IPv6 module.

How to Implement OSPFv3

Configuring the OSPFv3 Router Process

Configuring the IPv6 Address Family in OSPFv3

Configuring the IPv4 Address Family in OSPFv3

Configuring Route Redistribution in OSPFv3

Enabling OSPFv3 on an Interface

Defining an OSPFv3 Area Range for the IPv6 or IPv4 Address Family

Configuring IPsec on OSPFv3

Configuring NBMA Interfaces in OSPFv3

Configuring the OSPFv3 Max-Metric Router LSA

Tuning LSA and SPF Timers for OSPFv3 Fast Convergence

Configuring LSA and SPF Throttling for OSPFv3 Fast Convergence

Enabling Event Logging

Calculating OSPFv3 External Path Preferences per RFC 5340

Enabling OSPFv3 Graceful Restart

Forcing an SPF Calculation

Verifying OSPFv3 Configuration and Operation

Configuring the OSPFv3 Router Process

Once you have completed step 3 and entered OSPFv3 router configuration mode, you can perform any of the subsequent steps in this task as needed to configure OSPFv3 router configuration.

This task can be performed in Cisco IOS Release 15.1(3)S and 15.2(1)T and later releases.

SUMMARY STEPS

1. enable

2. configure terminal

3. router ospfv3 [process-id]

4. area area-ID [default-cost | nssa | stub]

5. auto-cost reference-bandwidth Mbps

6. bfd all-interfaces

7. default {area area-ID [range ipv6-prefix | virtual-link router-id]} [default-information originate [always | metric | metric-type | route-map] | distance | distribute-list prefix-list prefix-list-name {in | out} [interface] | maximum-paths paths | redistribute protocol | summary-prefix ipv6-prefix]

8. ignore lsa mospf

9. interface-id snmp-if-index

10. log-adjacency-changes [detail]

11. passive-interface [default | interface-type interface-number]

12. queue-depth {hello | update} {queue-size | unlimited}

13. router-id {router-id}

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router ospfv3 [process-id]

Example:

Router(config)# router ospfv3 1

Enables OSPFv3 router configuration mode for the IPv4 or IPv6 address family.

Step 4 

area area-ID [default-cost | nssa | stub]

Example:
Router(config-router)# area 1

Configures the OSPFv3 area.

Step 5 

auto-cost reference-bandwidth Mbps

Example:

Router(config-router)# auto-cost reference-bandwidth 1000

Controls the reference value OSPFv3 uses when calculating metrics for interfaces in an IPv4 OSPFv3 process.

Step 6 

bfd all-interfaces

Example:

Router(config-router)# bfd all-interfaces

Enables BFD for an OSPFv3 routing process

Step 7 

default {area area-ID [range ipv6-prefix | virtual-link router-id]} [default-information originate [always | metric | metric-type | route-map] | distance | distribute-list prefix-list prefix-list-name {in | out} [interface] | maximum-paths paths | redistribute protocol | summary-prefix ipv6-prefix]

Example:
Router(config-router)# default area 1

Returns an OSPFv3 parameter to its default value.

Step 8 

ignore lsa mospf

Example:

Router(config-router)# ignore lsa mospf

Suppresses the sending of syslog messages when the router receives LSA Type 6 multicast OSPFv3 packets, which are unsupported.

Step 9 

interface-id snmp-if-index

Example:

Router(config-router)# interface-id snmp-if-index

Configures OSPFv3 interfaces with Simple Network Management Protocol (SNMP) MIB-II interface Index (ifIndex) identification numbers in IPv4 and IPv6.

Step 10 

log-adjacency-changes [detail]

Example:
Router(config-router)# log-adjacency-changes 

Configures the router to send a syslog message when an OSPFv3 neighbor goes up or down.

Step 11 

passive-interface [default | interface-type interface-number]

Example:
Router(config-router)# passive-interface 
default 

Suppresses sending routing updates on an interface when using an IPv4 OSPFv3 process.

Step 12 

queue-depth {hello | update} {queue-size | unlimited}

Example:

Router(config-router)# queue-depth update 1500

Configures the number of incoming packets that the IPv4 OSPFv3 process can keep in its queue.

Step 13 

router-id {router-id}

Example:
Router(config-router)# router-id 10.1.1.1 

Use a fixed router ID.

Configuring the IPv6 Address Family in OSPFv3

Perform this task to configure the IPv6 address family in OSPFv3. Once you have completed step  4 and entered IPv6 address-family configuration mode, you can perform any of the subsequent steps in this task as needed to configure the IPv6 AF.

The task can be performed in Cisco IOS Release 15.1(3)S and 15.2(1)T and later releases.

SUMMARY STEPS

1. enable

2. configure terminal

3. router ospfv3 [process-id]

4. address-family ipv6 unicast

5. area area-ID range ipv6-prefix/prefix-length

6. default {area area-ID [range ipv6-prefix | virtual-link router-id]} [default-information originate [always | metric | metric-type | route-map] | distance | distribute-list prefix-list prefix-list-name {in | out} [interface] | maximum-paths paths | redistribute protocol | summary-prefix ipv6-prefix]

7. default-information originate [always | metric metric-value | metric-type type-value | route-map map-name]

8. default-metric metric-value

9. distance distance

10. distribute-list prefix-list list-name {in [interface-type interface-number] | out routing-process [as-number]}

11. maximum-paths number-paths

12. summary-prefix prefix [not-advertise | tag tag-value]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router ospfv3 [process-id]

Example:

Router(config)# router ospfv3 1

Enables OSPFv3 router configuration mode for the IPv4 or IPv6 address family.

Step 4 

address-family ipv6 unicast

or

address-family ipv4 unicast

Example:

Router(config-router)# address-family ipv6 unicast

or

Router(config-router)# address-family ipv4 unicast

Enters IPv6 address family configuration mode for OSPFv3.

or

Enters IPv4 address family configuration mode for OSPFv3.

Step 5 

area area-ID range ipv6-prefix/prefix-length

Example:

Router(config-router-af)# area 1 range 2001:DB8:0:0::0/128

Configures OSPFv3 area parameters.

Step 6 

default {area area-ID [range ipv6-prefix | virtual-link router-id]} [default-information originate [always | metric | metric-type | route-map] | distance | distribute-list prefix-list prefix-list-name {in | out} [interface] | maximum-paths paths | redistribute protocol | summary-prefix ipv6-prefix]

Example:
Router(config-router-af)# default area 1

Returns an OSPFv3 parameter to its default value.

Step 7 

default-information originate [always | metric metric-value | metric-type type-value | route-map map-name]

Example:
Router(config-router-af)# default-information 
originate always metric 100 metric-type 2 

Generates a default external route into an OSPFv3 for a routing domain.

Step 8 

default-metric metric-value

Example:

Router(config-router-af)# default-metric 10

Sets default metric values for IPv4 and IPv6 routes redistributed into the OSPFv3 routing protocol.

Step 9 

distance distance

Example:

Router(config-router-af)# distance 200

Configures an administrative distance for OSPFv3 routes inserted into the routing table.

Step 10 

distribute-list prefix-list list-name {in [interface-type interface-number] | out routing-process [as-number]}

Example:

Router(config-router-af)# distribute-list prefix-list PL1 in Ethernet0/0

Applies a prefix list to OSPFv3 routing updates that are received or sent on an interface.

Step 11 

maximum-paths number-paths

Example:

Router(config-router-af)# maximum-paths 4

Controls the maximum number of equal-cost routes that a process for OSPFv3 routing can support.

Step 12 

summary-prefix prefix [not-advertise | tag tag-value]

Example:
Router(config-router-af)# summary-prefix 
FEC0::/24 

Configures an IPv6 summary prefix in OSPFv3.

Configuring the IPv4 Address Family in OSPFv3

Perform this task to configure the IPv4 address family in OSPFv3. Once you have completed step  4 and entered IPv4 address-family configuration mode, you can perform any of the subsequent steps in this task as needed to configure the IPv4 AF.

The task can be performed in Cisco IOS Release 15.1(3)S and 15.2(1)T and later releases.

SUMMARY STEPS

1. enable

2. configure terminal

3. router ospfv3 [process-id]

4. address-family ipv4 unicast

5. area area-id range ip-address ip-address-mask [advertise | not-advertise] [cost cost]

6. default {area area-ID [range ipv6-prefix | virtual-link router-id]} [default-information originate [always | metric | metric-type | route-map] | distance | distribute-list prefix-list prefix-list-name {in | out} [interface] | maximum-paths paths | redistribute protocol | summary-prefix ipv6-prefix]

7. default-information originate [always | metric metric-value | metric-type type-value | route-map map-name]

8. default-metric metric-value

9. distance distance

10. distribute-list prefix-list list-name {in [interface-type interface-number] | out routing-process [as-number]}

11. maximum-paths number-paths

12. summary-prefix prefix [not-advertise | tag tag-value]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router ospfv3 [process-id]

Example:

Router(config)# router ospfv3 1

Enables OSPFv3 router configuration mode for the IPv4 or IPv6 address family.

Step 4 

address-family ipv4 unicast

Example:

Router(config-router)# address-family ipv4 unicast

Enters IPv4 address family configuration mode for OSPFv3.

Step 5 

area area-id range ip-address ip-address-mask [advertise | not-advertise] [cost cost]

Example:

Router(config-router-af)# area 0 range 192.168.110.0 255.255.0.0

Consolidates and summarizes routes at an area boundary.

Step 6 

default {area area-ID [range ipv6-prefix | virtual-link router-id]} [default-information originate [always | metric | metric-type | route-map] | distance | distribute-list prefix-list prefix-list-name {in | out} [interface] | maximum-paths paths | redistribute protocol | summary-prefix ipv6-prefix]

Example:
Router(config-router-af)# default area 1

Returns an OSPFv3 parameter to its default value.

Step 7 

default-information originate [always | metric metric-value | metric-type type-value | route-map map-name]

Example:
Router(config-router-af)# default-information 
originate always metric 100 metric-type 2 

Generates a default external route into an OSPFv3 for a routing domain.

Step 8 

default-metric metric-value

Example:

Router(config-router-af)# default-metric 10

Sets default metric values for IPv4 and IPv6 routes redistributed into the OSPFv3 routing protocol.

Step 9 

distance distance

Example:

Router(config-router-af)# distance 200

Configures an administrative distance for OSPFv3 routes inserted into the routing table.

Step 10 

distribute-list prefix-list list-name {in [interface-type interface-number] | out routing-process [as-number]}

Example:

Router(config-router-af)# distribute-list prefix-list PL1 in Ethernet0/0

Applies a prefix list to OSPFv3 routing updates that are received or sent on an interface.

Step 11 

maximum-paths number-paths

Example:

Router(config-router-af)# maximum-paths 4

Controls the maximum number of equal-cost routes that a process for OSPFv3 routing can support.

Step 12 

summary-prefix prefix [not-advertise | tag tag-value]

Example:
Router(config-router-af)# summary-prefix 
FEC0::/24 

Configures an IPv6 summary prefix in OSPFv3.

Configuring Route Redistribution in OSPFv3

The task can be performed in Cisco IOS Release 15.1(3)S and 15.2(1)T and later releases.

SUMMARY STEPS

1. enable

2. configure terminal

3. router ospfv3 [process-id]

4. address-family ipv6 unicast

or

address-family ipv4 unicast

5. redistribute source-protocol [process-id] [options]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router ospfv3 [process-id]

Example:

Router(config)# router ospfv3 1

Enables OSPFv3 router configuration mode for the IPv4 or IPv6 address family.

Step 4 

address-family ipv6 unicast

or

address-family ipv4 unicast

Example:

Router(config-router)# address-family ipv6 unicast

or

Router(config-router)# address-family ipv4 unicast

Enters IPv6 address family configuration mode for OSPFv3.

or

Enters IPv4 address family configuration mode for OSPFv3.

Step 5 

redistribute source-protocol [process-id] [options]

Example:

Redistributes IPv6 and IPv4 routes from one routing domain into another routing domain.

Enabling OSPFv3 on an Interface

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. ospfv3 process-id area area-ID {ipv4 | ipv6} [instance instance-id]

or

ipv6 ospf process-id area area-id [instance instance-id]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

Router(config)# interface ethernet 0/0

Specifies an interface type and number, and places the router in interface configuration mode.

Step 4 

ospfv3 process-id area area-ID {ipv4 | ipv6} [instance instance-id]

or

ipv6 ospf process-id area area-id [instance instance-id]

Example:
Router(config-if)# ospfv3 1 area 1 ipv4
 
        

or

Router(config-if)# ipv6 ospf 1 area 0 

Enables OSPFv3 on an interface with the IPv4 or IPv6 AF.

or

Enables OSPFv3 on an interface.

Defining an OSPFv3 Area Range for the IPv6 or IPv4 Address Family

The cost of the summarized routes will be the highest cost of the routes being summarized. For example, if the following routes are summarized:

OI  2001:DB8:0:7::/64 [110/20]
     via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0
OI  2001:DB8:0:8::/64 [110/100]
     via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0
OI  2001:DB8:0:9::/64 [110/20]
     via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0
 
   

They become one summarized route, as follows:

OI  2001:DB8::/48 [110/100]
     via FE80::A8BB:CCFF:FE00:6F00, Ethernet0/0
 
   

The task can be performed in Cisco IOS Release 15.1(3)S and 15.2(1)T and later releases.

Prerequisites

OSPFv3 routing must be enabled.

SUMMARY STEPS

1. enable

2. configure terminal

3. router ospfv3 [process-id]

4. address-family ipv6 unicast

or

address-family ipv4 unicast

5. area area-ID range ipv6-prefix

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router ospfv3 [process-id]

Example:

Router(config)# router ospfv3 1

Enables OSPFv3 router configuration mode for the IPv4 or IPv6 address family.

Step 4 

address-family ipv6 unicast

or

address-family ipv4 unicast

Example:

Router(config-router)# address-family ipv6 unicast

or

Router(config-router)# address-family ipv4 unicast

Enters IPv6 address family configuration mode for OSPFv3.

or

Enters IPv4 address family configuration mode for OSPFv3.

Step 5 

area area-ID range ipv6-prefix

Example:
Router(config-router-af)# area 1 range 
2001:DB8:0:0::0/128

Configures OSPFv3 area parameters.

Defining an OSPFv3 Area Range

The task can be performed in releases prior to Cisco IOS Release 15.1(3)S and 15.2(1)T.

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 router ospf process-id

4. area area-id range ipv6-prefix/prefix-length [advertise | not-advertise] [cost cost]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ipv6 router ospf process-id

Example:

Router(config)# ipv6 router ospf 1

Enables OSPFv3 router configuration mode.

Step 4 

area area-id range ipv6-prefix/prefix-length [advertise | not-advertise] [cost cost]

Example:
Router(config-rtr)# area 1 range 2001:DB8::/48

Consolidates and summarizes routes at an area boundary.

Configuring IPsec on OSPFv3

Once you have configured OSPFv3 and decided on your authentication, you must define the security policy on each of the routers within the group. The security policy consists of the combination of the key and the SPI. To define a security policy, you must define an SPI and a key.

You can configure an authentication or encryption policy either on an interface or for an OSPFv3 area. When you configure for an area, the security policy is applied to all of the interfaces in the area. For higher security, use a different policy on each interface.

You can configure authentication and encryption on virtual links.

Defining Authentication on an Interface

Defining Encryption on an Interface

Defining Authentication in an OSPFv3 Area

Defining Encryption in an OSPFv3 Area

Defining Authentication and Encryption for a Virtual Link in an OSPFv3 Area

Defining Authentication on an Interface

Prerequisites

Before you configure IPsec on an interface, you must configure OSPFv3 on that interface.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. ospfv3 authentication {ipsec spi} {md5 | sha1} {key-encryption-type key} | null

or

ipv6 ospf authentication ipsec spi spi md5 [key-encryption-type {key | null}]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

Router(config)# interface ethernet 0/0

Specifies an interface type and number, and places the router in interface configuration mode.

Step 4 

ospfv3 authentication {ipsec spi} {md5 | sha1} {key-encryption-type key} | null

or

ipv6 ospf authentication ipsec spi spi md5 [key-encryption-type {key | null}]

Example:
Router(config-if)# ospfv3 authentication md5 0 
27576134094768132473302031209727
 
        

or

Router(config-if)# ipv6 ospf authentication 
ipsec spi 500 md5 
1234567890abcdef1234567890abcdef

Specifies the authentication type for an interface.

Defining Encryption on an Interface

Prerequisites

Before you configure IPsec on an interface, you must configure OSPFv3 on that interface.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. ospfv3 encryption {ipsec spi spi esp encryption-algorithm {key-encryption-type key} authentication-algorithm {key-encryption-type key} | null}

or

ipv6 ospf encryption {ipsec spi spi esp encryption-algorithm [[key-encryption-type] key] authentication-algorithm [key-encryption-type] key | null}

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

Router(config)# interface ethernet 0/0

Specifies an interface type and number, and places the router in interface configuration mode.

Step 4 

ospfv3 encryption {ipsec spi spi esp encryption-algorithm {key-encryption-type key} authentication-algorithm {key-encryption-type key} | null}

 
        

or

ipv6 ospf encryption {ipsec spi spi esp 
encryption-algorithm [[key-encryption-type] 
key] authentication-algorithm 
[key-encryption-type] key | null}
Example:
Router(config-if)# ospfv3 encryption ipsec spi 
1001 esp null md5 0 
27576134094768132473302031209727

or

Router(config-if) ipv6 ospf encryption ipsec spi 1001 esp null sha1 123456789A123456789B123456789C123456789D

Specifies the encryption type for an interface.

Defining Authentication in an OSPFv3 Area

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 router ospf process-id

4. area area-id authentication ipsec spi spi md5 [key-encryption-type] key

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ipv6 router ospf process-id

Example:

Router(config)# ipv6 router ospf 1

Enables OSPFv3 router configuration mode.

Step 4 

area area-id authentication ipsec spi spi md5 [key-encryption-type] key

Example:
Router(config-rtr)# area 1 authentication ipsec 
spi 678 md5 1234567890ABCDEF1234567890ABCDEF

Enables authentication in an OSPFv3 area.

Defining Encryption in an OSPFv3 Area

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 router ospf process-id

4. area area-id encryption ipsec spi spi esp encryption-algorithm [[key-encryption-type] key] authentication-algorithm [key-encryption-type] key

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ipv6 router ospf process-id

Example:

Router(config)# ipv6 router ospf 1

Enables OSPFv3 router configuration mode.

Step 4 

area area-id encryption ipsec spi spi esp encryption-algorithm [[key-encryption-type] key] authentication-algorithm [key-encryption-type] key

Example:
Router(config-rtr)# area 1 encryption ipsec spi 
500 esp null md5 
1aaa2bbb3ccc4ddd5eee6fff7aaa8bbb

Enables encryption in an OSPFv3 area.

Defining Authentication and Encryption for a Virtual Link in an OSPFv3 Area

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 router ospf process-id

4. area area-id virtual-link router-id authentication ipsec spi spi authentication-algorithm [key-encryption-type] key

5. area area-id virtual-link router-id encryption ipsec spi spi esp encryption-algorithm [[key-encryption-type] key] authentication-algorithm [key-encryption-type] key

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ipv6 router ospf process-id

Example:

Router(config)# ipv6 router ospf 1

Enables OSPFv3 router configuration mode.

Step 4 

area area-id virtual-link router-id authentication ipsec spi spi authentication-algorithm [key-encryption-type] key

Example:
Router(config-rtr)# area 1 virtual-link 
10.0.0.1 authentication ipsec spi 940 md5 
1234567890ABCDEF1234567890ABCDEF 

Enables authentication for virtual links in an OSPFv3 area.

Step 5 

area area-id virtual-link router-id encryption ipsec spi spi esp encryption-algorithm [[key-encryption-type] key] authentication-algorithm [key-encryption-type] key

Example:
Router(config-rtr)# area 1 virtual-link 
10.1.0.1 hello-interval 2 dead-interval 10 
encryption ipsec spi 3944 esp null sha1 
123456789A123456789B123456789C123456789D

Enables encryption for virtual links in an OSPFv3 area.

Configuring NBMA Interfaces in OSPFv3

You can customize OSPFv3 in your network to use NBMA interfaces. OSPFv3 cannot automatically detect neighbors over NBMA interfaces. On an NBMA interface, you must configure your neighbors manually using interface configuration mode.

Prerequisites

Before you configure NBMA interfaces, you must perform the following tasks:

Configure your network to be an NBMA network

Identify each neighbor

Restrictions

You cannot automatically detect neighbors when using NBMA interfaces. You must manually configure your router to detect neighbors when using an NBMA interface.

When configuring the ipv6 ospf neighbor command, the IPv6 address used must be the link-local address of the neighbor.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. frame-relay map ipv6 ipv6-address dlci [broadcast] [cisco] [ietf] [payload-compression {packet-by-packet | frf9 stac [hardware-options] | data-stream stac [hardware-options]}]

5. ipv6 ospf neighbor ipv6-address [priority number] [poll-interval seconds] [cost number] [database-filter all out]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

Router(config)# interface serial 0

Specifies an interface type and number, and places the router in interface configuration mode.

Step 4 

frame-relay map ipv6 ipv6-address dlci [broadcast] [cisco] [ietf] [payload-compression {packet-by-packet | frf9 stac [hardware-options] | data-stream stac [hardware-options]}]

Example:

Router(config-if)#  frame-relay map ipv6 FE80::A8BB:CCFF:FE00:C01 120

Defines the mapping between a destination IPv6 address and the data-link connection identifier (DLCI) used to connect to the destination address.

In this example, the NBMA link is frame relay. For other kinds of NBMA links, different mapping commands are used.

Step 5 

ipv6 ospf neighbor ipv6-address [priority number] [poll-interval seconds] [cost number] [database-filter all out]

Example:
Router(config-if) ipv6 ospf neighbor 
FE80::A8BB:CCFF:FE00:C01

Configures an OSPFv3 neighboring router.

Configuring the OSPFv3 Max-Metric Router LSA

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 router ospf process-id

4. max-metric router-lsa [external-lsa [max-metric-value]] [include-stub] [inter-area-lsas [max-metric-value]] [on-startup {seconds | wait-for-bgp}] [prefix-lsa] [stub-prefix-lsa [max-metric-value]] [summary-lsa [max-metric-value]]

5. exit

6. show ospfv3 [process-id] [address-family] max-metric

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ipv6 router ospf process-id

Example:

Router(config)# ipv6 router ospf 1

Enables OSPFv3 router configuration mode.

Step 4 

max-metric router-lsa [external-lsa [max-metric-value]] [include-stub] [inter-area-lsas [max-metric-value]] [on-startup {seconds | wait-for-bgp}] [prefix-lsa] [stub-prefix-lsa [max-metric-value]] [summary-lsa [max-metric-value]]

Example:

Router(config-router)# max-metric router-lsa on-startup wait-for-bgp

Configures a router that is running the OSPFv3 protocol to advertise a maximum metric so that other routers do not prefer the router as an intermediate hop in their SPF calculations.

Step 5 

exit

Example:

Router(config-router)# exit

Leaves the current configuration mode.

In this step, enable the Exit command twice to reach privileged EXEC mode.

Step 6 

show ospfv3 [process-id] max-metric

Example:

Router# show ospfv3 max-metric

Displays OSPFv3 maximum metric origination information.

Tuning LSA and SPF Timers for OSPFv3 Fast Convergence

The task can be performed in Cisco IOS Release 15.1(3)S and 15.2(1)T and later releases.

SUMMARY STEPS

1. enable

2. configure terminal

3. router ospfv3 [process-id]

4. timers lsa arrival milliseconds

5. timers pacing flood milliseconds

6. timers pacing lsa-group seconds

7. timers pacing retransmission milliseconds

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router ospfv3 [process-id]

Example:

Router(config)# router ospfv3 1

Enables OSPFv3 router configuration mode for the IPv4 or IPv6 address family.

Step 4 

timers lsa arrival milliseconds 
Example:

Router(config-rtr)# timers lsa arrival 300

Sets the minimum interval at which the software accepts the same LSA from OSPFv3 neighbors.

Step 5 

timers pacing flood milliseconds
Example:

Router(config-rtr)# timers pacing flood 30

Configures LSA flood packet pacing.

Step 6 

timers pacing lsa-group seconds

Example:
Router(config-router)# timers pacing lsa-group 
300 

Changes the interval at which OSPFv3 LSAs are collected into a group and refreshed, checksummed, or aged.

Step 7 

timers pacing retransmission milliseconds

Example:
Router(config-router)# timers pacing 
retransmission 100 

Configures LSA retransmission packet pacing in IPv4 OSPFv3.

Configuring LSA and SPF Throttling for OSPFv3 Fast Convergence

The task can be performed in releases prior to Cisco IOS Release 15.1(3)S and 15.2(1)T.

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 router ospf process-id

4. timers throttle spf spf-start spf-hold spf-max-wait

5. timers throttle lsa start-interval hold-interval max-interval

6. timers lsa arrival milliseconds

7. timers pacing flood milliseconds

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ipv6 router ospf process-id

Example:

Router(config)# ipv6 router ospf 1

Enables OSPFv3 router configuration mode.

Step 4 

timers throttle spf spf-start spf-hold 
spf-max-wait 
Example:

Router(config-rtr)# timers throttle spf 200 200 200

Turns on SPF throttling.

Step 5 

timers throttle lsa start-interval 
hold-interval max-interval
Example:
Router(config-rtr)# timers throttle lsa 300 300 
300

Sets rate-limiting values for OSPFv3 LSA generation.

Step 6 

timers lsa arrival milliseconds 
Example:

Router(config-rtr)# timers lsa arrival 300

Sets the minimum interval at which the software accepts the same LSA from OSPFv3 neighbors.

Step 7 

timers pacing flood milliseconds
Example:

Router(config-rtr)# timers pacing flood 30

Configures LSA flood packet pacing.

Enabling Event Logging

This task can be performed in Cisco IOS Release 15.1(3)S and 15.2(1)T and later releases.

SUMMARY STEPS

1. enable

2. configure terminal

3. router ospfv3 [process-id]

4. address-family ipv6 unicast

or

address-family ipv4 unicast

5. event-log [one-shot | pause | size number-of-events]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router ospfv3 [process-id]

Example:

Router(config)# router ospfv3 1

Enables OSPFv3 router configuration mode for the IPv4 or IPv6 address family.

Step 4 

address-family ipv6 unicast

or

address-family ipv4 unicast

Example:

Router(config-router)# address-family ipv6 unicast

or

Router(config-router)# address-family ipv4 unicast

Enters IPv6 address family configuration mode for OSPFv3.

or

Enters IPv4 address family configuration mode for OSPFv3.

Step 5 

event-log [one-shot | pause | size number-of-events]

Example:

Router(config-router)# event-log

Enable OSPFv3 event logging in an IPv4 OSPFv3 process.

Enabling Event Logging in Releases Prior to Cisco IOS Release 15.1(3)S amd 15.2(1)T

This task can be performed in releases prior to Cisco IOS Release 15.1(3)S and 15.2(1)T.

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 router ospf process-id

4. event-log [size [number of events]] [one-shot] [pause]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ipv6 router ospf process-id

Example:

Router(config)# ipv6 router ospf 1

Enables OSPFv3 router configuration mode.

Step 4 

event-log [size [number of events]] [one-shot] [pause]

Example:

Router(config-router)# event-log size 10000 one-shot

Enables event logging.

Clearing the Content of an Event Log

SUMMARY STEPS

1. enable

2. clear ipv6 ospf [process-id] events

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

clear ipv6 ospf [process-id] events

Example:
Router# clear ipv6 ospf 1 events 

Clears the OSPFv3 event log content based on the OSPFv3 routing process ID.

Calculating OSPFv3 External Path Preferences per RFC 5340

SUMMARY STEPS

1. enable

2. configure terminal

3. router ospfv3 [process-id]

4. no compatible rfc1583

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router ospfv3 [process-id]

Example:

Router(config)# router ospfv3 1

Enables OSPFv3 router configuration mode for the IPv4 or IPv6 address family.

Step 4 

no compatible rfc1583

Example:
Router(config-router)# no compatible rfc1583

Changes the method used to calculate external path preferences per RFC 5340.

Enabling OSPFv3 Graceful Restart

Enabling OSPFv3 Graceful Restart on a Graceful-Restart-Capable Router

Enabling OSPFv3 Graceful Restart on a Graceful-Restart-Aware Router

Enabling OSPFv3 Graceful Restart on a Graceful-Restart-Capable Router

The task can be performed in Cisco IOS Release 15.1(3)S and 15.2(1)T and later releases.

SUMMARY STEPS

1. enable

2. configure terminal

3. router ospfv3 [process-id]

4. graceful-restart [restart-interval interval]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router ospfv3 [process-id]

Example:

Router(config)# router ospfv3 1

Enables OSPFv3 router configuration mode for the IPv4 or IPv6 address family.

Step 4 

graceful-restart [restart-interval interval]

Example:

Router(config-rtr)# graceful-restart

Enables the OSPFv3 graceful restart feature on a graceful-restart-capable router.

Enabling OSPFv3 Graceful Restart on a Graceful-Restart-Capable Router

The task can be performed in releases prior to Cisco IOS Release 15.1(3)S and 15.2(1)T.

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 router ospf process-id

4. graceful-restart [restart-interval interval]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ipv6 router ospf process-id

Example:

Router(config)# ipv6 router ospf 1

Enables OSPFv3 router configuration mode.

Step 4 

graceful-restart [restart-interval interval]

Example:

Router(config-rtr)# graceful-restart

Enables the OSPFv3 graceful restart feature on a graceful-restart-capable router.

Enabling OSPFv3 Graceful Restart on a Graceful-Restart-Aware Router

The task can be performed in Cisco IOS Release 15.1(3)S and 15.2(1)T and later releases.

SUMMARY STEPS

1. enable

2. configure terminal

3. router ospfv3 [process-id]

4. graceful-restart helper {disable | strict-lsa-checking}

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router ospfv3 [process-id]

Example:

Router(config)# router ospfv3 1

Enables OSPFv3 router configuration mode for the IPv4 or IPv6 address family.

Step 4 

graceful-restart helper {disable | strict-lsa-checking}

Example:

Router(config-rtr)# graceful-restart helper strict-lsa-checking

Enables the OSPFv3 graceful restart feature on a graceful-restart-aware router.

Enabling OSPFv3 Graceful Restart on a Graceful-Restart-Aware Router

The task can be performed in releases prior to Cisco IOS Release 15.1(3)S and 15.2(1)T.

SUMMARY STEPS

1. enable

2. configure terminal

3. ipv6 router ospf process-id

4. graceful-restart helper {disable | strict-lsa-checking}

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ipv6 router ospf process-id

Example:

Router(config)# ipv6 router ospf 1

Enables OSPFv3 router configuration mode.

Step 4 

graceful-restart helper {disable | strict-lsa-checking}

Example:

Router(config-rtr)# graceful-restart helper strict-lsa-checking

Enables the OSPFv3 graceful restart feature on a graceful-restart-aware router.

Forcing an SPF Calculation

SUMMARY STEPS

1. enable

2. clear ospfv3 [process-id] force-spf

3. clear ospfv3 [process-id] process

4. clear ospfv3 [process-id] redistribution

5. clear ipv6 ospf [process-id] {process | force-spf | redistribution}

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

clear ospfv3 [process-id] force-spf
Example:
Router# clear ospfv3 1 force-spf

Runs SPF calculations for an OSPFv3 process.

If the clear ospfv3 force-spf command is configured, it overwrites the clear ipv6 ospf configuration.

Once the clear ospfv3 force-spf command has been used, the clear ipv6 ospf command cannot be used.

Step 3 

clear ospfv3 [process-id] process

Example:
Router# clear ospfv3 2 process

Resets an OSPFv3 process.

If the clear ospfv3 force-spf command is configured, it overwrites the clear ipv6 ospf configuration.

Once the clear ospfv3 force-spf command has been used, the clear ipv6 ospf command cannot be used.

Step 4 

clear ospfv3 [process-id] redistribution

Example:
Router# clear ospfv3 redistribution

Clears OSPFv3 route redistribution.

If the clear ospfv3 force-spf command is configured, it overwrites the clear ipv6 ospf configuration.

Once the clear ospfv3 force-spf command has been used, the clear ipv6 ospf command cannot be used.

Step 5 

clear ipv6 ospf [process-id] {process | 
force-spf | redistribution}
Example:

Router# clear ipv6 ospf force-spf

Clears the OSPFv3 state based on the OSPFv3 routing process ID, and forces the start of the SPF algorithm.

If the clear ospfv3 force-spf command is configured, it overwrites the clear ipv6 ospf configuration.

Once the clear ospfv3 force-spf command has been used, the clear ipv6 ospf command cannot be used.

Verifying OSPFv3 Configuration and Operation

This task is optional. The commands in this task are available in Cisco IOS Release 15.1(3)S and 15.2(1)T and later releases.

SUMMARY STEPS

1. enable

2. show ospfv3 [process-id] [address-family] border-routers

3. show ospfv3 [process-id [area-id]] [address-family] database [database-summary | internal | external [ipv6-prefix] [link-state-id] | grace | inter-area prefix [ipv6-prefix | link-state-id] | inter-area router [destination-router-id | link-state-id] | link [interface interface-name | link-state-id] | network [link-state-id] | nssa-external [ipv6-prefix] [link-state-id] | prefix [ref-lsa {router | network} | link-state-id] | promiscuous | router [link-state-id] | unknown [{area | as | link} [link-state-id]] [adv-router router-id] [self-originate]

4. show ospfv3 [process-id] [address-family] events [generic | interface | lsa | neighbor | reverse | rib | spf]

5. show ospfv3 [process-id] [area-id] [address-family] flood-list interface-type interface-number

6. show ospfv3 [process-id] [address-family] graceful-restart

7. show ospfv3 [process-id] [area-id] [address-family] interface [type number] [brief]

8. show ospfv3 [process-id] [area-id] [address-family] neighbor [interface-type interface-number] [neighbor-id] [detail]

9. show ospfv3 [process-id] [area-id] [address-family] request-list [neighbor] [interface] [interface-neighbor]

10. show ospfv3 [process-id] [area-id] [address-family] retransmission-list [neighbor] [interface] [interface-neighbor]

11. show ospfv3 [process-id] [address-family] statistic [detail]

12. show ospfv3 [process-id] [address-family] summary-prefix

13. show ospfv3 [process-id] [address-family] timers rate-limit

14. show ospfv3 [process-id] [address-family] traffic [interface-type interface-number]

15. show ospfv3 [process-id] [address-family] virtual-links

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

show ospfv3 [process-id] [address-family] border-routers

Example:
Router# show ospfv3 border-routers 

Displays the internal OSPFv3 routing table entries to an ABR and ASBR.

Step 3 

show ospfv3 [process-id [area-id]] [address-family] database [database-summary | internal | external [ipv6-prefix] [link-state-id] | grace | inter-area prefix [ipv6-prefix | link-state-id] | inter-area router [destination-router-id | link-state-id] | link [interface interface-name | link-state-id] | network [link-state-id] | nssa-external [ipv6-prefix] [link-state-id] | prefix [ref-lsa {router | network} | link-state-id] | promiscuous | router [link-state-id] | unknown [{area | as | link} [link-state-id]] [adv-router router-id] [self-originate]

Example:

Router# show ospfv3 database

Displays lists of information related to the OSPFv3 database for a specific router.

Step 4 

show ospfv3 [process-id] [address-family] events [generic | interface | lsa | neighbor | reverse | rib | spf]

Example:
Router# show ospfv3 events 

Displays detailed information about OSPFv3 events.

Step 5 

show ospfv3 [process-id] [area-id] [address-family] flood-list interface-type interface-number

Example:
Router# show ospfv3 flood-list 

Displays a list of OSPFv3 LSAs waiting to be flooded over an interface.

Step 6 

show ospfv3 [process-idS[address-family] graceful-restart

Example:
Router# show ospfv3 graceful-restart

Displays OSPFv3 graceful restart information.

Step 7 

show ospfv3 [process-id] [area-id] [address-family] interface [type number] [brief]

Example:
Router# show ospfv3 interface

Displays OSPFv3-related interface information.

Step 8 

show ospfv3 [process-id] [area-id] [address-family] neighbor [interface-type interface-number] [neighbor-id] [detail]

Example:
Router# show ospfv3 neighbor 

Displays OSPFv3 neighbor information on a per-interface basis.

Step 9 

show ospfv3 [process-id] [area-id] [address-family] request-list [neighbor] [interface] [interface-neighbor]

Example:
Router# show ospfv3 request-list 

Displays a list of all LSAs requested by a router.

Step 10 

show ospfv3 [process-id] [area-id] [address-family] retransmission-list [neighbor] [interface] [interface-neighbor]

Example:
Router# show ospfv3 retransmission-list 

Displays a list of all LSAs waiting to be re-sent.

Step 11 

show ospfv3 [process-id] [address-family] statistic [detail]

Example:
Router# show ospfv3 statistics

Displays OSPFv3 SPF calculation statistics.

Step 12 

show ospfv3 [process-id] [address-family] summary-prefix

Example:
Router# show ospfv3 summary-prefix

Displays a list of all summary address redistribution information configured under an OSPFv3 process.

Step 13 

show ospfv3 [process-id] [address-family] timers rate-limit

Example:
Router# show ospfv3 timers rate-limit

Displays all of the LSAs in the rate limit queue.

Step 14 

show ospfv3 [process-id] [address-family] traffic [interface-type interface-number]

Example:
Router# show ospfv3 traffic 

Displays OSPFv3 traffic statistics.

Step 15 

show ospfv3 [process-id] [address-family] virtual-links

Example:
Router# show ospfv3 virtual-links 

Displays parameters and the current state of OSPFv3 virtual links.

Verifying OSPFv3 Configuration and Operation

SUMMARY STEPS

1. enable

2. show ipv6 ospf [process-id] [area-id] interface [interface-type interface-number]

3. show ipv6 ospf [process-id] [area-id]

4. show crypto ipsec policy [name policy-name]

5. show crypto ipsec sa [map map-name | address | identity | interface type number | peer [vrf fvrf-name] address | vrf ivrf-name | ipv6 [interface-type interface-number]] [detail]

6. show ipv6 ospf [process-ID] event [generic | interface | lsa | neighbor | reverse | rib | spf]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

show ipv6 ospf [process-id] [area-id] interface [interface-type interface-number]

Example:
Router# show ipv6 ospf interface

Displays OSPFv3-related interface information.

Step 3 

show ipv6 ospf [process-id] [area-id]

Example:
Router# show ipv6 ospf

Displays general information about OSPFv3 routing processes.

Step 4 

show crypto ipsec policy [name policy-name]

Example:
Router# show crypto ipsec policy 

Displays the parameters for each IPsec parameter.

Step 5 

show crypto ipsec sa [map map-name | address | identity | interface type number | peer [vrf fvrf-name] address | vrf ivrf-name | ipv6 [interface-type interface-number]] [detail]

Example:
Router# show crypto ipsec sa ipv6

Displays the settings used by current security associations (SAs).

Step 6 

show ipv6 ospf [process-ID] event [generic | interface | lsa | neighbor | reverse | rib | spf]

Example:

Router# show ipv6 ospf event spf

Displays detailed information about OSPFv3 events.

Examples

Sample Output from the show ipv6 ospf interface Command

Sample Output from the show ipv6 ospf Command

Sample Output from the show crypto ipsec policy Command

Sample Output from the show crypto ipsec sa ipv6 Command

Sample Output from the show ipv6 ospf graceful-restart Command

Sample Output from the show ipv6 ospf interface Command

The following is sample output from the show ipv6 ospf interface command with regular interfaces and a virtual link that are protected by encryption and authentication:

Router# show ipv6 ospf interface 
 
   
OSPFv3_VL1 is up, line protocol is up
   Interface ID 69
   Area 0, Process ID 1, Instance ID 0, Router ID 10.0.0.1
   Network Type VIRTUAL_LINK, Cost: 64
   Configured as demand circuit.
   Run as demand circuit.
   DoNotAge LSA allowed.
   NULL encryption SHA-1 auth SPI 3944, secure socket UP (errors: 0)
   Transmit Delay is 1 sec, State POINT_TO_POINT,
   Timer intervals configured, Hello 2, Dead 10, Wait 40, Retransmit 5
     Hello due in 00:00:00
   Index 1/3/5, flood queue length 0
   Next 0x0(0)/0x0(0)/0x0(0)
   Last flood scan length is 1, maximum is 1
   Last flood scan time is 0 msec, maximum is 0 msec
   Neighbor Count is 1, Adjacent neighbor count is 1
     Adjacent with neighbor 10.2.0.1  (Hello suppressed)
   Suppress hello for 1 neighbor(s)
OSPFv3_VL0 is up, line protocol is up
   Interface ID 67
   Area 0, Process ID 1, Instance ID 0, Router ID 10.0.0.1
   Network Type VIRTUAL_LINK, Cost: 128
   Configured as demand circuit.
   Run as demand circuit.
   DoNotAge LSA allowed.
   MD5 authentication SPI 940, secure socket UP (errors: 0)
   Transmit Delay is 1 sec, State POINT_TO_POINT,
   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
     Hello due in 00:00:09
   Index 1/2/4, flood queue length 0
   Next 0x0(0)/0x0(0)/0x0(0)
   Last flood scan length is 1, maximum is 10
   Last flood scan time is 0 msec, maximum is 0 msec
   Neighbor Count is 1, Adjacent neighbor count is 1
     Adjacent with neighbor 10.1.0.1  (Hello suppressed)
   Suppress hello for 1 neighbor(s)
Ethernet1/0 is up, line protocol is up
   Link Local Address FE80::A8BB:CCFF:FE00:6601, Interface ID 6
   Area 0, Process ID 1, Instance ID 0, Router ID 10.0.0.1
   Network Type BROADCAST, Cost: 10
   Transmit Delay is 1 sec, State DR, Priority 1
   Designated Router (ID) 10.0.0.1, local address FE80::A8BB:CCFF:FE00:6601
   No backup designated router on this network
   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
     Hello due in 00:00:09
   Index 1/1/1, flood queue length 0
   Next 0x0(0)/0x0(0)/0x0(0)
   Last flood scan length is 0, maximum is 0
   Last flood scan time is 0 msec, maximum is 0 msec
   Neighbor Count is 0, Adjacent neighbor count is 0
   Suppress hello for 0 neighbor(s)
Serial12/0 is up, line protocol is up
   Link Local Address FE80::A8BB:CCFF:FE00:6600, Interface ID 50
   Area 1, Process ID 1, Instance ID 0, Router ID 10.0.0.1
   Network Type POINT_TO_POINT, Cost: 64
   AES-CBC encryption SHA-1 auth SPI 2503, secure socket UP (errors: 0)
   authentication NULL
   Transmit Delay is 1 sec, State POINT_TO_POINT,
   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
     Hello due in 00:00:09
   Index 1/2/3, flood queue length 0
   Next 0x0(0)/0x0(0)/0x0(0)
   Last flood scan length is 1, maximum is 5
   Last flood scan time is 0 msec, maximum is 0 msec
   Neighbor Count is 1, Adjacent neighbor count is 1
     Adjacent with neighbor 10.2.0.1
   Suppress hello for 0 neighbor(s)
Serial11/0 is up, line protocol is up
   Link Local Address FE80::A8BB:CCFF:FE00:6600, Interface ID 46
   Area 1, Process ID 1, Instance ID 0, Router ID 10.0.0.1
   Network Type POINT_TO_POINT, Cost: 64
   MD5 authentication (Area) SPI 500, secure socket UP (errors: 0)
   Transmit Delay is 1 sec, State POINT_TO_POINT,
   Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
     Hello due in 00:00:09
   Index 1/1/2, flood queue length 0
   Next 0x0(0)/0x0(0)/0x0(0)
   Last flood scan length is 1, maximum is 5
   Last flood scan time is 0 msec, maximum is 0 msec
   Neighbor Count is 1, Adjacent neighbor count is 1
     Adjacent with neighbor 10.0.0.1
   Suppress hello for 0 neighbor(s)

Sample Output from the show ipv6 ospf Command

The following is sample output from the show ipv6 ospf command:

Router# show ipv6 ospf
 
   
Routing Process "ospfv3 1" with ID 172.16.3.3
 It is an autonomous system boundary router
 Redistributing External Routes from,
    static
 SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
 Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
 LSA group pacing timer 240 secs
 Interface flood pacing timer 33 msecs
 Retransmission pacing timer 66 msecs
 Number of external LSA 1. Checksum Sum 0x218D  
 Number of areas in this router is 1. 1 normal 0 stub 0 nssa
    Area 1
        Number of interfaces in this area is 2
        SPF algorithm executed 9 times
        Number of LSA 15. Checksum Sum 0x67581 
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

Sample Output from the show crypto ipsec policy Command

The following is sample output from the show crypto ipsec policy command:

Router# show crypto ipsec policy
 
   
Crypto IPsec client security policy data
 
   
Policy name:     OSPFv3-1-1000
Policy refcount: 1
Inbound  AH SPI: 1000 (0x3E8)
Outbound AH SPI: 1000 (0x3E8)
Inbound  AH Key: 1234567890ABCDEF1234567890ABCDEF
Outbound AH Key: 1234567890ABCDEF1234567890ABCDEF
Transform set:   ah-md5-hmac

Sample Output from the show crypto ipsec sa ipv6 Command

The following is sample output from the show crypto ipsec sa ipv6 command:

Router# show crypto ipsec sa ipv6
 
   
IPv6 IPsec SA info for interface Ethernet0/0
 
   
   protected policy name:OSPFv3-1-1000
   IPsec created ACL name:Ethernet0/0-ipsecv6-ACL
 
   
   local  ident (addr/prefixlen/proto/port):(FE80::/10/89/0)
   remote ident (addr/prefixlen/proto/port):(::/0/89/0)
   current_peer:::
     PERMIT, flags={origin_is_acl,}
    #pkts encaps:21, #pkts encrypt:0, #pkts digest:21
    #pkts decaps:20, #pkts decrypt:0, #pkts verify:20
    #pkts compressed:0, #pkts decompressed:0
    #pkts not compressed:0, #pkts compr. failed:0
    #pkts not decompressed:0, #pkts decompress failed:0
    #send errors 0, #recv errors 0
 
   
    local crypto endpt. ::, remote crypto endpt. ::
    path mtu 1500, media mtu 1500
    current outbound spi:0x3E8(1000)
 
   
     inbound ESP SAs:
 
   
     inbound AH SAs:
      spi:0x3E8(1000)
        transform:ah-md5-hmac ,
        in use settings ={Transport, }
        slot:0, conn_id:2000, flow_id:1, crypto map:N/R
        no sa timing (manual-keyed)
        replay detection support:N
 
   
     inbound PCP SAs:
 
   
     outbound ESP SAs:
 
   
     outbound AH SAs:
      spi:0x3E8(1000)
        transform:ah-md5-hmac ,
        in use settings ={Transport, }
        slot:0, conn_id:2001, flow_id:2, crypto map:N/R
        no sa timing (manual-keyed)
        replay detection support:N
 
   
     outbound PCP SAs:

Sample Output from the show ipv6 ospf graceful-restart Command

The following is sample output from the show crypto ipsec sa ipv6 command:

Router# show ipv6 ospf graceful-restart 
 
   
Routing Process "ospf 1"
 Graceful Restart enabled
    restart-interval limit: 120 sec, last restart 00:00:15 ago (took 36 secs)
  Graceful Restart helper support enabled
  Router status : Active
  Router is running in SSO mode
  OSPF restart state : NO_RESTART 
  Router ID 10.1.1.1, checkpoint Router ID 10.0.0.0

Configuration Examples for Implementing OSPFv3

Example: Enabling OSPFv3 on an Interface Configuration

Example: Defining an OSPFv3 Area Range

Example: Defining Authentication on an Interface

Example: Defining Authentication in an OSPFv3 Area

Example: Configuring NBMA Interfaces Configuration

Example: Configuring LSA and SPF Throttling for OSPFv3 Fast Convergence

Example: Forcing SPF Configuration

Example: Enabling OSPFv3 on an Interface Configuration

The following example configures an OSPFv3 routing process 109 to run on the interface and puts it in area 1:

ipv6 ospf 109 area 1

Example: Defining an OSPFv3 Area Range

The following example specifies an OSPFv3 area range:

interface Ethernet7/0
 ipv6 address 2001:DB8:0:7::/64 eui-64
 ipv6 enable
 ipv6 ospf 1 area 1
!
interface Ethernet8/0
 ipv6 address 2001:DB8:0:8::/64 eui-64
 ipv6 enable
 ipv6 ospf 1 area 1
!
interface Ethernet9/0
 ipv6 address 2001:DB8:0:9::/64 eui-64
 ipv6 enable
 ipv6 ospf 1 area 1
!
ipv6 router ospf 1
 router-id 10.11.11.1
 area 1 range 2001:DB8::/48

Example: Defining Authentication on an Interface

The following example defines authentication on the Ethernet 0/0 interface:

interface Ethernet0/0
 ipv6 enable
 ipv6 ospf 1 area 0
 ipv6 ospf authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
 
   
interface Ethernet0/0
 ipv6 enable
 ipv6 ospf authentication null
 ipv6 ospf 1 area 0

Example: Defining Authentication in an OSPFv3 Area

The following example defines authentication on OSPFv3 area 0:

ipv6 router ospf 1
 router-id 10.11.11.1
 area 0 authentication ipsec spi 1000 md5 1234567890ABCDEF1234567890ABCDEF

Example: Configuring NBMA Interfaces Configuration

The following example configures an OSPFv3 neighboring router with the IPv6 address of FE80::A8BB:CCFF:FE00:C01.

interface serial 0
 ipv6 enable
 ipv6 ospf 1 area 0
 encapsulation frame-relay
 frame-relay map ipv6 FE80::A8BB:CCFF:FE00:C01 120
 ipv6 ospf neighbor FE80::A8BB:CCFF:FE00:C0

Example: Configuring LSA and SPF Throttling for OSPFv3 Fast Convergence

The following example displays the configuration values for SPF and LSA throttling timers:

Router# show ipv6 ospf

Routing Process "ospfv3 1" with ID 10.9.4.1

Event-log enabled, Maximum number of events: 1000, Mode: cyclic

It is an autonomous system boundary router

Redistributing External Routes from,

ospf 2

Initial SPF schedule delay 5000 msecs

Minimum hold time between two consecutive SPFs 10000 msecs

Maximum wait time between two consecutive SPFs 10000 msecs

 Minimum LSA interval 5 secs

Minimum LSA arrival 1000 msecs

Example: Forcing SPF Configuration

The following example triggers SPF to redo the SPF and repopulate the routing tables:

clear ipv6 ospf force-spf

Additional References

Related Documents

Related Topic
Document Title

Configuring a router ID in OSPF

"Configuring OSPF," Cisco IOS IP Routing Protocols Configuration Guide

Cisco IOS IP Routing Protocols Command Reference

OSPFv3 commands

Cisco IOS IPv6 Command Reference

IPv6 supported feature list

"Start Here: Cisco IOS Software Release Specifics for IPv6 Features," Cisco IOS IPv6 Configuration Guide

Implementing basic IPv6 connectivity

"Implementing IPv6 Addressing and Basic Connectivity," Cisco IOS IPv6 Configuration Guide

IPsec for IPv6

"Implementing IPsec for IPv6 Security," Cisco IOS IPv6 Configuration Guide

BFD support for OSPFv3

"Implementing Bidirectional Forwarding Detection for IPv6," Cisco IOS IPv6 Configuration Guide

Stateful switchover

"Stateful Switchover," Cisco IOS High Availability Configuration Guide

Cisco nonstop forwarding

"Cisco Nonstop Forwarding," Cisco IOS High Availability Configuration Guide


Standards

Standards
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.


MIBs

MIBs
MIBs Link

CISCO-IETF-IP-FORWARD-MIB

CISCO-IETF-IP-MIB

To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFCs
Title

RFC 1583

OSPF version 2

RFC 2401

Security Architecture for the Internet Protocol

RFC 2402

IP Authentication Header

RFC 2406

IP Encapsulating Security Payload (ESP)

RFC 3137

OSPF Stub Router Advertisement

RFC 4552

Authentication/Confidentiality for OSPFv3

RFC 5187

OSPFv3 Graceful Restart

RFC 5340

OSPF for IPv6

RFC 5838

Support of Address Families in OSPFv3


Technical Assistance

Description
Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html


Feature Information for Implementing OSPFv3

Table 3 lists the features in this module and provides links to specific configuration information.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.


Note Table 3 lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.


Table 3 Feature Information for Implementing OSPFv3

Feature Name
Releases
Feature Information

IPv6 Routing—Fast Convergence—LSA and SPF Throttling

12.2(33)SB
12.2(33)SRC
12.2(33)XNE
15.0(1)M
15.0(1)SY

The OSPFv3 LSA and SPF throttling feature provides a dynamic mechanism to slow down link-state advertisement updates in OSPFv3 during times of network instability.

The following sections provide information about this feature:

Fast Convergence—LSA and SPF Throttling

Configuring LSA and SPF Throttling for OSPFv3 Fast Convergence

Enabling Event Logging

Clearing the Content of an Event Log

Example: Configuring LSA and SPF Throttling for OSPFv3 Fast Convergence

IPv6 Routing—Force SPF in OSPFv3

12.0(24)S
12.2(18)S
12.2(28)SB
12.2(15)T
12.3
12.3(2)T
12.4
12.4(2)T

This feature enables the OSPFv3 database to be cleared and repopulated, and then the SPF algorithm is performed.

The following sections provide information about this feature:

Force SPF in OSPFv3

Enabling OSPFv3 Graceful Restart

IPv6 Routing—Load Balancing in OSPFv3

12.0(24)S
12.2(18)S
12.2(28)SB
12.2(15)T
12.3
12.3(2)T
12.4
12.4(2)T

OSPFv3 performs load balancing automatically.

The following section provides information about this feature:

Load Balancing in OSPFv3

IPv6 Routing—LSA Types in OSPFv3

12.0(24)S
12.2(18)S
12.2(28)SB
12.2(15)T
12.3
12.3(2)T
12.4
12.4(2)T

A router's collection of LSA data is stored in a link-state database. The contents of the database, when subjected to the Dijkstra algorithm, result in the creation of the OSPFv3 routing table.

The following sections provide information about this feature:

How OSPFv3 Works

LSA Types for OSPFv3

IPv6 Routing—NBMA Interfaces in OSPFv3

12.0(24)S
12.2(18)S
12.2(28)SB
12.2(15)T
12.3
12.3(2)T
12.4
12.4(2)T

On NBMA networks, the DR or backup DR performs the LSA flooding.

The following sections provide information about this feature:

NBMA in OSPFv3

Configuring NBMA Interfaces in OSPFv3

IPv6 Routing—OSPF for IPv6 (OSPFv3)

12.0(24)S
12.2(18)S
12.2(28)SB
12.2(25)SG
12.2(33)SRA
12.2(15)T
12.3
12.3(2)T
12.4
12.4(2)T
15.0(1)M
15.0(1)S

OSPF version 3 for IPv6 expands on OSPF version 2 to provide support for IPv6 routing prefixes and the larger size of IPv6 addresses.

This entire document provides information about this feature.

IPv6 Routing—OSPF for IPv6 Authentication Support with IPsec

12.3(4)T
12.4
12.4(2)T

OSPF for IPv6 uses the IPsec secure socket API to add authentication to OSPFv3 packets.

The following sections provide information about this feature:

OSPFv3 Authentication Support with IPsec

Configuring IPsec on OSPFv3

Defining Authentication on an Interface

Defining Authentication in an OSPFv3 Area

IPv6 Routing—OSPF IPv6 (OSPFv3) IPsec ESP Encryption and Authentication

12.4(9)T

IPv6 ESP extension headers can be used to provide authentication and confidentiality to OSPFv3.

The following sections provide information about this feature:

Restrictions for Implementing OSPFv3

OSPFv3 Authentication Support with IPsec

Defining Encryption on an Interface

Defining Encryption in an OSPFv3 Area

Defining Authentication and Encryption for a Virtual Link in an OSPFv3 Area

OSPFv3 Address Families

15.1(3)S
15.2(1)T

The OSPFv3 address families feature enables IPv4 and IPv6 unicast traffic to be supported with a single network topology.

The following sections provide information about this feature:

OSPFv3 Address Families

Configuring the OSPFv3 Router Process

Configuring the IPv6 Address Family in OSPFv3

Configuring the IPv4 Address Family in OSPFv3

Configuring Route Redistribution in OSPFv3

Enabling OSPFv3 on an Interface

Defining an OSPFv3 Area Range for the IPv6 or IPv4 Address Family

Example: Enabling OSPFv3 on an Interface Configuration

Example: Defining an OSPFv3 Area Range

OSPFv3 Dynamic Interface Cost Support

12.4(15)T

OSPFv3 dynamic interface cost support provides enhancements to the OSPFv3 cost metric for supporting mobile ad hoc networking.

The following section provides information about this feature:

OSPFv3 Cost Calculation

OSPFv3 External Path Preference Option

15.1(3)S
15.2(1)T

This feature is provides a way to calculate external path preferences per RFC 5340.

The following sections provide information about this feature:

OSPFv3 External Path Preference Option

Calculating OSPFv3 External Path Preferences per RFC 5340

OSPFv3 for BFD

12.2(33)SRE
15.0(1)S
15.0(1)SY
15.1(2)T

BFD supports the dynamic routing protocol OSPFv3.

The following section provides information about this feature:

BFD Support for OSPFv3

OSPFv3 Graceful Restart

12.2(33)SRE
12.2(33)XNE
12.2(58)SE
15.0(1)M
15.0(1)SY

The graceful restart feature in OSPFv3 allows nonstop data forwarding along routes that are already known while the OSPFv3 routing protocol information is being restored.

The following sections provide information about this feature:

OSPFv3 Graceful Restart

Enabling OSPFv3 Graceful Restart

OSPFv3 Max-Metric Router LSA

15.1(3)S
15.2(1)T

The OSPFv3 max-mtric router LSA feature enables OSPF to advertise its locally generated router LSAs with a maximum metric.

The following sections provide information about this feature:

OSPFv3 Max-Metric Router LSA

Configuring the OSPFv3 Max-Metric Router LSA