Chapter 9: Ospfv3: Instructor Materials

Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 31

Chapter 9: OSPFv3

Instructor Materials

CCNP Enterprise: Advanced Routing


Chapter 9 Content
This chapter covers the following content:

• OSPFv3 Fundamentals - This section provides an overview of the OSPFv3 routing


protocol, its similarities to OSPFv2, and its configuration.

• OSPFv3 Configuration - This section explains and demonstrates how OSPFv3 is used
for exchanging IPv6 routes.

• OSPFv3 LSA Flooding Scope - This section provides a deeper view of the OSPFv3 link-
state advertisement (LSA) structure and the comparison to OSPFv2.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
OSPFv3 Fundamentals
• Open Shortest Path First version 3 (OSPFv3) is the latest version of the OSPF
protocol.
• The OSPFv3 protocol is not backward compatible with OSPFv2, but the protocol
mechanisms are essentially the same.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
OSPFv3 Fundamentals
OSPFv2 and OSPFv3 Differences
The primary differences between OSPFv2 and OSPFv3 protocols are as follows:
• Support for multiple address families - OSPFv3 supports IPv4 and IPv6 address families.
• New LSA types - New LSA types have been created to carry IPv6 prefixes.
• Removal of addressing semantics - The IP prefix information is no longer present in the OSPF
packet headers.
• LSA flooding - OSPFv3 includes a new link-state type field that is used to determine the flooding
scope of LSA, as well as the handling of unknown LSA types.
• Packet format - OSPFv3 runs directly over IPv6, and the number of fields in the packet header
has been reduced.
• Router ID - The router ID is used to identify neighbors, regardless of the network type in
OSPFv3.
• Authentication - Neighbor authentication has been removed from the OSPF protocol and is now
performed through IPsec extension headers in the IPv6 packet.
• Neighbor adjacencies - OSPFv3 inter-router communication is handled by IPv6 link-local
addressing.
• Multiple instances - OSPFv3 packets include an instance ID field that may be used to
manipulate which routers on a network segment are allowed to form adjacencies.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
OSPFv3 Fundamentals
OSPFv3 Link-State Advertisement
• The OSPF link-state database (LSDB) information is organized and advertised differently in
version 3 than in version 2. OSPFv3 modifies the structure of the router LSA (Type 1),
renames the network summary LSA to the inter-area prefix LSA, and renames the
autonomous system boundary router (ASBR) summary LSA to inter-area router LSA.

• IP address information is advertised independently by two new LSA types:


• Intra-area prefix LSA
• Link-local LSA

Advertising the IP address information using new LSA types eliminates the need for OSPF to
perform full shortest path first (SPF) tree calculations every time a new address prefix is added or
changed on an interface. The OSPFv3 LSDB creates a shortest path topology tree based on links
instead of networks.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
OSPFv3 Fundamentals
OSPFv3 LSA Types
• Table 9-2 provides a brief description of each OSPFv3 LSA type.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
OSPFv3 Fundamentals
OSPFv3 Communication
OSPFv3 packets use protocol ID 89, and
routers communicate with each other using the
local interface’s IPv6 link-local address as the
source. Depending on the packet type, the
destination address is either a unicast link-local
address or the multicast link-local scoped
address:

• FF02::05: OSPFv3 AllSPFRouters

• FF02::06: OSPFv3 AllDRouters designated


router (DR) router

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
OSPFv3 Configuration
The following section explains the process for configuring and verifying OSPFv3.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
OSPFv3 Configuration
OSPFv3 Configuration
The process for configuring OSPFv3 involves the following steps:

Step 1. Initialize the routing process by enabling ipv6 unicast-routing on the router and then configuring
OSPFv3 with the command router ospfv3 [process-id].

Step 2. Define the router ID (RID) by using the command router-id. The router ID is a 32-bit value that
does not need to match an IPv4 address. It may be any number, as long as the value is unique within
the OSPF domain. OSPFv3 uses the same algorithm as OSPFv2 for dynamically locating the RID. If
there are not any IPv4 interfaces available, the RID is set to 0.0.0.0 and does not allow adjacencies to
form.

Step 3. Initialize the address family within the routing process by using the optional command address-
family {ipv6 | ipv4} unicast. The appropriate address family is enabled automatically when OSPFv3 is
enabled on an interface.

Step 4. Use the interface command ospfv3 process-id ipv6 area area-id to enable the protocol and
assign the interface to an area.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
OSPFv3 Configuration
OSPFv3 Topology
Figure 9-1 shows a simple four-router topology to Example 9-1 provides the OSPFv3 and IPv6
demonstrate OSPFv3 configuration. Area 0 address configurations for R1.
consists of R1, R2, and R3, and Area 34
contains R3 and R4. R3 is the area border router
(ABR).

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
OSPFv3 Configuration
OSPFv3 Verification
The commands for viewing OSPFv3 settings and statuses are very similar to those used in
OSPFv2. In essence, you replace ip ospf with ospfv3. For example, to view neighbor adjacencies
use the command show ip ospfv3 neighbor. To view an OSPFv3-enabled interface status use
the command show ospfv3 interface [interface-id]

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
OSPFv3 Configuration
OSPFv3 Verification (Cont.)
The command show ospfv3 interface brief shows a brief version of the OSPFv3 interface
settings. To view the OSPFv3 IPv6 routing table use the command show ipv6 route ospf.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
OSPFv3 Configuration
Passive Interface
An interface is marked as being passive with the command passive-interface interface-id or
globally with the passive-interface default; an interface is marked as active with the command
no passive-interface interface-id.
• The command is placed under the OSPFv3 process or under the specific address family.
• Placing the command under the global process cascades the setting to both address
families.
• Example 9-6 demonstrates making the LAN interface on R1 explicitly passive and making all
interfaces passive on R4 while marking the Gi0/3 interface as active.

The active/passive state of an interface is verified by examining the OSPFv3 interface status
using the command show ospfv3 interface [interface-id] and searching for the passive
keyword.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
OSPFv3 Configuration
IPv6 Route Summarization
Summarization of internal OSPFv3 routes
follows the same rules as for OSPFv2 and
must occur on ABRs by using the command
area area-id range prefix/prefix-length.

Example 9-8 shows R3’s configuration for


summarizing these prefixes.

Example 9-9 shows R4’s IPv6 routing table


after R3 is configured to summarize the
Area 0 loopback interfaces. The summary
route is highlighted.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
OSPFv3 Configuration
Network Type
OSPFv3 supports the same OSPF network
types as OSPFv2. Example 9-10 shows
how to view the OSPFv3 network type.

Example 9-11 demonstrates changing the


OSPFv3 network type by using the interface
parameter command ospfv3 network
{point-to-point | point-to-multipoint
broadcast | nonbroadcast}.

Example 9-12 shows how to verify the new


settings. The network is now a point-to-point
link, and the interface state is indicated as
P2P as confirmation.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
OSPFv3 Configuration
OSPFv3 Authentication
OSPFv3 does not support neighbor authentication within the protocol itself. Instead, the routing
protocol utilizes IP Security (IPsec) to provide authentication. IPv6 Authentication Header (AH) or
Encapsulating Security Payload (ESP) extension headers may be added to the OSPF packets to
provide authentication, integrity, and confidentiality:

• Authentication Header (AH): Provides authentication

• Encapsulating Security Payload (ESP): Provides authentication and encryption

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
OSPFv3 Configuration
OSPFv3 Authentication (Cont.)
OSPFv3 authentication supports IPsec AH authentication using the command ospfv3
authentication or ESP authentication and encryption with the command ospfv3 encryption.

OSPFv3 neighbor authentication does not perform Internet Key Exchange (IKE) to negotiate
the IPSec security association (SA) values. Therefore, the IPsec Security Parameter Index
(SPI) hash algorithm and key must be manually defined when configuring OSPFv3
authentication.

IPsec peers cannot reuse the same SPI values.

The command show crypto ipsec sa | include spi may be used to determine the active IPsec
sessions and currently used SPI values. The full interface command ospfv3 encryption
{ipsec spi spi esp encryption-algorithm {key-encryption-type key} authentication-algorithm
{key-encryption-type key} | null} encrypts and authenticates the OSPFv3 packet in IOS using
ESP.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
OSPFv3 Configuration
OSPFv3 Interface Authentication and Encryption
Example 9-13 demonstrates how to configure encryption and authentication for OSPFv3
packets using ESP. The following fabricated values are included in the configuration to
establish the IPsec session:
• Security policy index: = 500
• Encryption algorithm: = 3des
• Encryption key: = 012345678901234567890123456789012345678901234567
• Authentication algorithm: = sha1
• Authentication key: = 0123456789012345678901234567890123456789

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
OSPFv3 Configuration
OSPFv3 Area Authentication and Encryption
(Cont.)
Example 9-14 demonstrates how to
configure area authentication and
encryption using the same IPsec settings.

Example 9-15 displays the output of the


command show ospfv3 interface [interface
id]. This show command can be used to
verify that authentication and encryption are
enabled on the interface and that a secure
connection has formed with the neighbor.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
OSPFv3 Configuration
OSPFv3 Link-Local Forwarding
Significant changes have occurred in how
OSPFv3 builds the area topology. The
OSPFv3 LSDB creates a shortest path
topology tree based on links instead of
networks. This means that transit links only
require IPv6 link-local addresses for
forwarding traffic.

Example 9-16 demonstrates the removal of


the global IPv6 unicast addresses from the
transit links on R1, R2, and R3.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
OSPFv3 Configuration
OSPFv3 Link-Local Forwarding (Cont.)
Example 9-17 shows the OSPFv3 learned
routes from R4’s perspective. Notice that
the transit networks no longer appear.

R4 still maintains full connectivity to those


networks in Example 9-17 because the
topology is built using the IPv6 link-local
address. As long as the source and
destination devices have routes to each
other, communication can still exist.

Example 9-18 demonstrates that R4 still


maintains connectivity to R1’s LAN
interface.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
OSPFv3 LSA Flooding Scope
OSPFv3 allows for three flooding scopes: link-local scope, area scope and autonomous
system scope.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
OSPFv3 LSA Flooding Scope
OSPFv3 LSA Flooding Scope
The OSPFv3 flooding scopes:
• Link-local scope - Limited to the local link
• Area scope - Contains LSA flooding to the
local area
• Autonomous system scope - Floods LSAs
throughout the entire OSPF routing domain

• The LS type field in OSPFv3 has been modified from 8 bits to 16 bits.
• Figure 9-3 shows the new LS Type field format.
• The 3 high-order bits of the new LS Type field allow for the encoding of flood information.
• The first bit, U (unrecognized), indicates how a router should handle an LSA if it is
unrecognized.
• The second and third bits, both S (scope) bits, indicate how the LSA should be flooded.
• The remaining bits of the link-state field indicate the function code of the LSA.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
OSPFv3 LSA Flooding Scope
OSPFv3 Database
The router LSA describes the router’s interface
state and cost.

Example 9-19 shows the output of the command


show ospfv3 database router[self-originate |
adv-router RID].

The optional self-originate keyword filters the


LSAs to those created by the router on which the
command is executed. The adv-router RID
keyword allows for selection of the LSAs for a
specific router’s LSAs that exist in the local
router’s LSDB.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
OSPFv3 LSA Flooding Scope
OSPFv3 Options
OSPFv3 LSAs include an options bit field that Example 9-20 shows a portion of R3’s router LSA’s
describes the router’s capabilities. Table 9-5 LSDB. The highlighted bits indicate the functionality
describes the various service options. the router can perform in each area.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
OSPFv3 LSA Flooding Scope
OSPFv3 Database Network
Example 9-21 shows the output of the command
show ospfv3 database network [self-originate].
The link LSA is responsible for providing details for the
IPv6 prefixes associated with an interface. Example 9-
22 shows the output of the command show ospfv3
database link [self-originate].

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
OSPFv3 LSA Flooding Scope
OSPFv3 LSDB
Example 9-23 shows R3’s database.
Notice that R3’s router LSA bits are set
to B, indicating that it is an ABR router.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Prepare for the Exam

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Prepare for the Exam
Key Topics for Chapter 9
Description
OSPFv3 fundamentals

OSPFv3 link-state advertisement

OSPFv3 communication
OSPFv3 configuration
OSPFv3 verification
IPv6 route summarization
Network type
OSPFv3 authentication
OSPFv3 flooding scope

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Prepare for the Exam
Command Reference for Chapter 9
Task Command Syntax
router ospfv3 [process-id]
Configure OSPFv3 on a router and enable it
interface interface-id
on an interface
ospfv3 process-id {ipv4 | ipv6} area area-id
Configure a specific OSPFv3 interface as passive passive-interface interface-id
Configure all OSPFv3 interfaces as passive passive-interface default
Summarize an IPv6 network range on an ABR area area-id range prefix/prefix-length
Configure an OSPFv3 interface as point-to-point or
ospfv3 network {point-to-point | broadcast}
broadcast network type
Display OSPFv3 interface settings show ospfv3 interface [interface-id]
Display OSPFv3 IPv6 neighbors show ospfv3 ipv6 neighbor
Display OSPFv3 router LSAs show ospfv3 database router
Display OSPFv3 network LSAs show ospfv3 database network
Display OSPFv3 link LSAs show ospfv3 database link
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30

You might also like