Monday 19 March 2012

OSPFv3

OSPFv3

Enabling opsf routing for IPv6 is not as simple running "ipv6 routing ospf 1" as it says

show ipv6 ospf
%OSPFv3: Router process 1 is INACTIVE, please configure a router-id

To get ospf running you will need to add a router id in ipv4 notation

ipv6 router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes


Enable routing on each interface as follows

ipv6 ospf <process ID> area <Area ID>
ipv6 ospf 1 area 10.10.10.10


OSPFv3 LSA types 1 and 2 no longer contain route prefixes, instead they contain 32-bit IDs. Types 3 and 4 have been renamed but still fulfil the same functions as they do in OSPFv2. Types 8 and 9 are new LSAs in OSPFv3.


LSA Type LSA Name Description
0×2001 Router Originated by all routers, carries information about the router itself.
Flooding scope is area.
0×2002 Network (aka Network Link) Originated by the DR on the shared segment, carries information about the multipoint network.
Flooding scope is area.
0×2003 Inter-Area-Prefix Originated by ABR, carries information about prefixes from another area.
Flooding scope is area.
0×2004 Inter-Area-Router Originated by ABR, carries information about ASBRs from another area.
Flooding scope is area.
0×4005 AS-External Originated by ASBR, carries information about routes redistributed into OSPF (or converted from Type-7).
Flooding scope is entire OSPF domain.
0×2007 NSSA Originated by ASBR in an NSSA area, carries information about routes redistributed into OSPF.
Flooding scope is area.
0×0008 Link Originated by all routers, carries information about all router links in OSPF and associated addresses.
Flooding scope is link.
0×2009 Intra-Area-Prefix Originated by all routers, carries information about all router links in OSPF area and associated addresses.
Flooding scope is area.


A Type 8 LSA is used to give information about link-local addresses and a list of IPv6 addresses on the link. A Type 9 LSA contains prefixes for stub and transit networks in the link-state ID.

The LSAs also carry information about the flooding scope of the LSA embedded in the header.


S2 S1 Flooding Scope
0 0 Link Local                     (0x000x LSAs)
0 1 Area                               (0x200x LSAs)
1 0 Autonomous System    (0x400x LSAs)
1 1 Reserved

What does this all mean?


Consider a simple ethernet network which has four routers in a single area. R4 is the DR for both segments of this network.





Here are the LSAs that are flooded through this area

Each router in the area will send a single Router LSAs (0x2001) which describes who it is and how its connected to everyone else. This means all routers will have 4 Router LSAs in its database.

Each router on the link (ie same network cable) will send a single Link LSA (0x0008) which contains all the IPv6 prefixes assigned to this link. For example R1 will have three Link LSAs (R1's own plus one each from R4 and R2). Note R4's link LSA multicasted on the ethernet segment connecting R1, R2 & R4 will not contain any prefix details about the link between R4 and T4.

Each router in the area will send a Intra Area Prefix (0x2009) which specifies all its IPv6 prefixes for which it does not have a DR. In our example only R4 will send two LSAs one for the the link connecting R1, R2 & R4 and the other for the link between R4 and T4. You could force R1 and R2 to send this LSA by create a loopback interface and advertising it via ospf.

The DR on the broadcast segment connecting R1, R2 & R4  and R4 - T4 will send out the standard Network LSA (0x2002). Like the 0x2001 Router LSA this is also missing any ip addressing information and relies on 0x2009 Intra Area Prefix LSAs to provide this.

We will not have any of the other LSAs in the database as this network isn't connecting to anything else. So in summary each router will have the following:



0x2001 Router 0x0008 Link 0x2009 Intra Area Prefix 0x2002 Network
R1 4 (from all) 3 (From R1, R2, R4) 2 (From R4) 2 (from R4)
R2 4 (from all) 3 (From R1, R2, R4) 2 (From R4) 2 (from R4)
R4 4 (from all) 3 (From R1, R2, R4) +
2 (From R4, T4)
2 (From R4) 2 (from R4)
T4 4 (from all) 2 (From R4, T4) 2 (From R4) 2 (from R4)


Now similar ipv4 OSPF, LSA: 0x2001 Router, 0x2002 Network, 0x0008 Link, 0x2009 Intra Area Prefix are not allowed to cross over the area boundary. The ABR will convert these into 0x2003 LSAs and advertize them into area 0.

If R1 was to be an ASBR it would generate LSA 0x4005 External which the ABR would pass through to area 0. Additionally the ABR would generate LSA 0x2004 which describes the ASBR.

All the addditional rules about stub, totally stubby, NSSA and totally NSSA are the same as IPv4 ospf. The path selection is also the same.

Authentication

OSPFv3 (OSPF for IPv6) doesn't include any authentication capabilities of its own; instead, it relies entirely on IPsec to secure communications between neighbors. Below are the three different types of authentication supported by standard OSPF.

  • Null Authentication—This is also called Type 0 and it means no authentication information is included in the packet header. It is the default.
  • Plain Text Authentication—This is also called Type 1 and it uses simple clear-text passwords.
  • MD5 Authentication—This is also called Type 2 and it uses MD5 cryptographic passwords.
Authentication does not need to be set. However, if it is set, all peer routers on the same segment must have the same password and authentication method. The examples in this document demonstrate configurations for both plain text and MD5 authentication.





No comments:

Post a Comment