The topology was also changed for the simplicity sake and now is as following:
At first only basic configs:
R1:
ipv6 unicast-routing #It is required for IPv6 dynamic routing protocols to work.
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255 #If you don't have any IPv4 interface in the Up/Up state, you will need to manually configure router-id under the router configuration or routing process won't start.
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ipv6 address 2001::1/64
ipv6 ospf 1 area 1 #You don't have to specify "network" command anymore. Such a relief for someone.
!
interface FastEthernet0/0.12
encapsulation dot1Q 12
ipv6 address 2012::1/64
ipv6 ospf 1 area 2
!
interface FastEthernet0/0.13
encapsulation dot1Q 13
ipv6 address 2013::1/64
ipv6 ospf hello-interval 5 #OSPF hello and dead intervlas are configured almost the same as for OSPFv2.
ipv6 ospf dead-interval 10 #And both parameters still have to match on both ends of the link.
ipv6 ospf 1 area 1
!
ipv6 router ospf 1 #Process number is still only locally significant. (Each router will use different process-id).
log-adjacency-changes
auto-cost reference-bandwidth 1000 #I changed the reference-bandwidth in order to decrease metric values in the routing table.
passive-interface default
no passive-interface FastEthernet0/0.12
no passive-interface FastEthernet0/0.13
R2:
ipv6 unicast-routing
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ipv6 address 2002::1/64
ipv6 ospf 2 area 2
!
interface FastEthernet0/0.12
encapsulation dot1Q 12
ipv6 address 2012::2/64
ipv6 ospf 2 area 2
!
interface FastEthernet0/0.24
encapsulation dot1Q 24
ipv6 address 2024::2/64
!
ipv6 router ospf 2
log-adjacency-changes
auto-cost reference-bandwidth 1000
passive-interface FastEthernet0/0.2
passive-interface FastEthernet0/0.24
R3:
ipv6 unicast-routing
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ipv6 address 2003::1/64
ipv6 ospf 3 area 0
!
interface FastEthernet0/0.13
encapsulation dot1Q 13
ipv6 address 2013::3/64
ipv6 ospf hello-interval 5 #The same timers as on R1.
ipv6 ospf dead-interval 10
ipv6 ospf 3 area 1
!
interface FastEthernet0/0.34
encapsulation dot1Q 34
ipv6 address 2034::3/64
ipv6 mtu 1400 #As with OSPFv2 MTU mismatch can cause unexpected results.
ipv6 ospf 3 area 3
!
interface FastEthernet0/0.35
encapsulation dot1Q 35
ipv6 address 2035::3/64
ipv6 ospf network point-to-point #Network types logically the same.
ipv6 ospf 3 area 0
!
ipv6 router ospf 3
log-adjacency-changes
auto-cost reference-bandwidth 1000R4:
ipv6 unicast-routing
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0.4
encapsulation dot1Q 4
ipv6 address 2004::1/64
ipv6 ospf 4 area 3
!
interface FastEthernet0/0.24
encapsulation dot1Q 24
ipv6 address 2024::4/64
!
interface FastEthernet0/0.34
encapsulation dot1Q 34
ipv6 address 2034::4/63
ipv6 mtu 1400
ipv6 ospf 4 area 3
!
interface FastEthernet0/0.46
encapsulation dot1Q 46
ipv6 address 2046::4/64
ipv6 ospf network non-broadcast #This prevents OSPF multicast on the interface, which requires static neighbor specification. See below.
ipv6 ospf neighbor FE80::C002:15FF:FE18:0 #You can use only Link-Local address for neighbors.
ipv6 ospf 4 area 4
!
ipv6 router ospf 4
log-adjacency-changes
auto-cost reference-bandwidth 1000
R5:
ipv6 unicast-routing
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0.5
encapsulation dot1Q 5
ipv6 address 2005::1/64
ipv6 ospf 5 area 0
!
interface FastEthernet0/0.35
encapsulation dot1Q 35
ipv6 address 2035::5/64
ipv6 ospf network point-to-point
ipv6 ospf 5 area 0
!
interface FastEthernet0/0.56
encapsulation dot1Q 56
ipv6 address 2056::5/64
ipv6 ospf 5 area 4
!
ipv6 router ospf 5
router-id 55.55.55.55 #Notice that RID was changed although interface loopback 0 was preconfigured. This kind of reconfiguraation requires process clearing.
log-adjacency-changes
auto-cost reference-bandwidth 1000
R6:
ipv6 unicast-routing
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface FastEthernet0/0.6
encapsulation dot1Q 6
ipv6 address 2006::1/64
ipv6 ospf cost 1 #You also can change the metric of the route by adjusting the bandwidth.
ipv6 ospf 6 area 4
!
interface FastEthernet0/0.46
encapsulation dot1Q 46
ipv6 address 2046::6/64
ipv6 ospf network non-broadcast
ipv6 ospf priority 200 #Even though network type non-broadcast prevents dynamic neighbor discovery, they still form DR/BDR relationship.
ipv6 ospf neighbor FE80::C000:15FF:FE18:0
ipv6 ospf 6 area 4
!
interface FastEthernet0/0.56
encapsulation dot1Q 56
ipv6 address 2056::6/64
ipv6 ospf 6 area 4
!
ipv6 router ospf 6
log-adjacency-changes
auto-cost reference-bandwidth 1000
maximum-paths 13 #It is still the same and depend on the platform.
While I was performing this basic configuration I noticed that at least my IOS (12.4) doesn't support "max-lsa" command. Maybe they think that low-end routers wouldn't use OSPFv3.1
Just to check that everything is working as expected:
R3#show ipv6 route ospf
O 2001::/64 [110/20]
via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
O 2001::1/128 [110/10]
via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
O 2004::/64 [110/20]
via FE80::C000:15FF:FE18:0, FastEthernet0/0.34
O 2005::/64 [110/20]
via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
OI 2006::/64 [110/21]
via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
O 2034::/63 [110/10]
via ::, FastEthernet0/0.34
OI 2046::/64 [110/30]
via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
OI 2056::/64 [110/20]
via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
At this point area 2 is orphaned (no 2002::/64 prefix), let's create a virtual link for it:
R1:
ipv6 router ospf 1
area 1 virtual-link 3.3.3.3 authentication ipsec spi 256 md5 ABCDEFABCDEFABCDEFABCDEFABCDEFAB
R3:
ipv6 router ospf 3
area 1 virtual-link 1.1.1.1 authentication ipsec spi 256 md5 ABCDEFABCDEFABCDEFABCDEFABCDEFAB
You can use IPSec stack for either authentication or encryption but not both.
R3#show ipv6 ospf 3 neighbor
Neighbor ID Pri State Dead Time Interface ID Interface
1.1.1.1 1 FULL/ - - 31 OSPFv3_VL0
55.55.55.55 1 FULL/ - 00:00:35 27 FastEthernet0/0.35
1.1.1.1 1 FULL/BDR 00:00:09 28 FastEthernet0/0.13
4.4.4.4 1 FULL/BDR 00:00:31 28 FastEthernet0/0.34
R3#show ipv6 route ospf
O 2001::/64 [110/20]
via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
O 2001::1/128 [110/10]
via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
OI 2002::/64 [110/30]
via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
O 2004::/64 [110/20]
via FE80::C000:15FF:FE18:0, FastEthernet0/0.34
O 2005::/64 [110/20]
via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
OI 2012::/64 [110/20]
via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
O 2034::/63 [110/10]
via ::, FastEthernet0/0.34
OI 2056::/64 [110/20]
via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
2002::/64 is now here.
OSPFv3 doesn't support useless clear text authentication, it relies on IPSec instead. But the implementation is pretty complicated unlike EIGRP for IPv6. So let's try other features.
Route summarization.
There are two options for it - summary on ABR and ASBR. There is no ASBR yet, so let's implement summarization on R5:
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ipv6 address 2100::1/64
ipv6 ospf network point-to-point #Without this network type statement these prefixes will be advertised as /128.
ipv6 ospf 5 area 4
!
interface Loopback1
no ip address
ipv6 address 2101::1/64
ipv6 ospf network point-to-point
ipv6 ospf 5 area 4
R3#show ipv6 route ospf
<output omitted>
OI 2100::/64 [110/11]
via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
OI 2101::/64 [110/11]
via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
Both prefixes are here now. Back to R5:
ipv6 router ospf 5
area 4 range 2100::/15
R3#show ipv6 route ospf
<output omitted>
OI 2100::/15 [110/11]
via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
So there are no more specific prefixes.
Now let's make R1 ASBR by adding a couple of loopback into the RIPng:
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ipv6 address 2200::1/64
ipv6 rip RIP enable
!
interface Loopback1
no ip address
ipv6 address 2201::1/64
ipv6 rip RIP enable
!
ipv6 router ospf 1
redistribute rip RIP include-connected #Interestingly, by default IPv6 IGPs don't redistribute connected networks. In this case it would lead to that OSPFv3 won't redistribute any RIPng prefixes.
R3#show ipv6 route ospf
<output omitted>
OE2 2200::/64 [110/20]
via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
OE2 2201::/64 [110/20]
via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
And after summarization on ASBR:
ipv6 router ospf 1
summary-prefix 2200::/15
R3#show ipv6 route ospf
<output omitted>
OE2 2200::/15 [110/20]
via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
Also notice that OSPFv3 as OSPFv2 has a default metric value for redistributed prefixes.
Route filtering.
At first let's try distribute list. It is not exactly route filtering (actual LSAs are still in the LSDB, but particular prefix won't be installed in the routing table).
Before:
R4#show ipv6 route 2200::/15
OE2 2200::/15 [110/20]
via FE80::C005:15FF:FE18:0, FastEthernet0/0.34
And after:
ipv6 router ospf 4
distribute-list prefix-list no2200::/15 in #Only prefix lists are supported.
!
ipv6 prefix-list no2200::/15 seq 5 deny 2200::/15
ipv6 prefix-list no2200::/15 seq 10 permit ::/0 le 128
R4#show ipv6 route 2200::/15
% Route not found
But the LSA is still in the LSDB:
R4#show ipv6 ospf database | begin External
Type-5 AS External Link States
ADV Router Age Seq# Prefix
1.1.1.1 635 0x80000001 2200::/15
In OSPFv2 world you are able to filter LSA 3, 5 and 7 with filter lists. But you cannot do it with OSPFv3, which is pretty strange. The only design option is using stub areas with the default route.
Stub areas.
There are not so much routers in my topology, so I will combine area types.
Let's make area 3 stub area, which will lead to absence of LSA 5.
R4 actually has a link in the area 4 which have to be shutdown to prevent LSA5 leak.
interface FastEthernet0/0.46
shutdown
!
R4#show ipv6 ospf database | begin External
Type-5 AS External Link States
ADV Router Age Seq# Prefix
1.1.1.1 1778 0x80000003 2200::/15
After making area 3 stub:
R3:
ipv6 router ospf 3
area 3 stub
R4:
ipv6 router ospf 4
area 3 stub
R4#show ipv6 ospf database external
OSPFv3 Router with ID (4.4.4.4) (Process ID 4)
R4#
Ok, now let's make this area totally stubby (just add "no-summary" on the ABR):
R4#show ipv6 ospf database | begin Inter
Inter Area Prefix Link States (Area 3)
ADV Router Age Seq# Prefix
3.3.3.3 464 0x8000000C 2013::/64
3.3.3.3 464 0x8000000C 2035::/64
3.3.3.3 1497 0x80000009 2003::/64
3.3.3.3 464 0x80000008 2005::/64
3.3.3.3 464 0x80000008 2056::/64
3.3.3.3 985 0x80000004 2100::/15
3.3.3.3 464 0x80000004 2001::/64
3.3.3.3 464 0x80000004 2001::1/128
3.3.3.3 464 0x80000004 2035::3/128
3.3.3.3 464 0x80000004 2012::/64
3.3.3.3 464 0x80000004 2002::/64
3.3.3.3 269 0x80000001 ::/0
3.3.3.3 57 0x80000001 2046::/64
3.3.3.3 57 0x80000001 2006::/64
R3:
ipv6 router ospf 3
area 3 stub no-summary
R4#show ipv6 ospf database
OSPFv3 Router with ID (4.4.4.4) (Process ID 4)
Router Link States (Area 3)
ADV Router Age Seq# Fragment ID Link count Bits
3.3.3.3 62 0x8000001B 0 1 B
4.4.4.4 22 0x80000023 0 1 None
Net Link States (Area 3)
ADV Router Age Seq# Link ID Rtr count
3.3.3.3 259 0x80000001 28 2
Inter Area Prefix Link States (Area 3)
ADV Router Age Seq# Prefix
3.3.3.3 80 0x80000002 ::/0
Link (Type-8) Link States (Area 3)
ADV Router Age Seq# Link ID Interface
3.3.3.3 393 0x8000000A 28 Fa0/0.34
4.4.4.4 56 0x8000000F 28 Fa0/0.34
4.4.4.4 62 0x80000001 26 Fa0/0.4
Intra Area Prefix Link States (Area 3)
ADV Router Age Seq# Link ID Ref-lstype Ref-LSID
3.3.3.3 259 0x80000001 28672 0x2002 28
4.4.4.4 56 0x80000010 0 0x2001 0
No more LSA3 there. And R4 receives a default route:
R4#show ipv6 route ospf
<output omitted>
OI ::/0 [110/11]
via FE80::C005:15FF:FE18:0, FastEthernet0/0.34
Area 5 is a great candidate for NSSA area type, because it already has ASBR, but stubby area cannot be a transit area for virtual links:
R3(config-rtr)#area 1 nssa
% OSPFv3: Area cannot be nssa as it contains a virtual link
So let's redistribute something into OSPFv3 from RIPng on R6:
interface Loopback0
ip address 6.6.6.6 255.255.255.255
ipv6 address 2300::1/64
ipv6 rip RIP2 enable
!
interface Loopback1
no ip address
ipv6 address 2301::1/64
ipv6 rip RIP2 enable
!
ipv6 router ospf 6
redistribute rip RIP2 include-connected
!
ipv6 router rip RIP2
R3#show ipv6 route ospf
<output omitted>
OE2 2300::/64 [110/20]
via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
OE2 2301::/64 [110/20]
via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
Now let's make area 4 NSSA:
Before:
R6#show ipv6 ospf database | begin External
Type-5 AS External Link States
ADV Router Age Seq# Prefix
1.1.1.1 990 0x80000004 2200::/15
6.6.6.6 357 0x80000001 2300::/64
6.6.6.6 357 0x80000001 2301::/64
After:
ipv6 router ospf 4
area 4 nssa
ipv6 router ospf 5
area 4 nssa
ipv6 router ospf 6
area 4 nssa
R6#show ipv6 ospf database external
OSPFv3 Router with ID (6.6.6.6) (Process ID 6)
R6#
And routers inside the NSSA area don't receive default route (as with OSPFv2):
R6#show ipv6 route ::/0
% Route not found
And the final step - make area 4 totally NSSA.
Before:
R6#show ipv6 ospf database
OSPFv3 Router with ID (6.6.6.6) (Process ID 6)
Router Link States (Area 4)
ADV Router Age Seq# Fragment ID Link count Bits
4.4.4.4 169 0x8000001D 0 1 None
6.6.6.6 48 0x80000179 0 2 E
55.55.55.55 44 0x8000021F 0 1 EB
Net Link States (Area 4)
ADV Router Age Seq# Link ID Rtr count
6.6.6.6 196 0x80000001 27 2
55.55.55.55 44 0x8000020B 28 2
Inter Area Prefix Link States (Area 4)
ADV Router Age Seq# Prefix
55.55.55.55 335 0x8000000A 2035::/64
55.55.55.55 335 0x8000000A 2003::/64
55.55.55.55 335 0x8000000A 2005::/64
55.55.55.55 335 0x8000000A 2034::/64
55.55.55.55 335 0x8000000A 2013::/64
55.55.55.55 335 0x80000006 2001::/64
55.55.55.55 335 0x80000006 2001::1/128
55.55.55.55 335 0x80000006 2035::3/128
55.55.55.55 335 0x80000006 2012::/64
55.55.55.55 335 0x80000006 2002::/64
55.55.55.55 335 0x80000003 2034::/63
55.55.55.55 335 0x80000003 2004::/64
Type-7 AS External Link States (Area 4)
ADV Router Age Seq# Prefix
6.6.6.6 337 0x80000001 2300::/64
6.6.6.6 337 0x80000001 2301::/64
Link (Type-8) Link States (Area 4)
ADV Router Age Seq# Link ID Interface
4.4.4.4 334 0x80000001 29 Fa0/0.46
6.6.6.6 339 0x80000001 27 Fa0/0.46
6.6.6.6 339 0x80000001 26 Fa0/0.6
6.6.6.6 333 0x8000000A 28 Fa0/0.56
55.55.55.55 340 0x80000009 28 Fa0/0.56
Intra Area Prefix Link States (Area 4)
ADV Router Age Seq# Link ID Ref-lstype Ref-LSID
6.6.6.6 196 0x8000001A 0 0x2001 0
6.6.6.6 196 0x80000001 27648 0x2002 27
55.55.55.55 45 0x80000123 0 0x2001 0
55.55.55.55 45 0x8000020B 28672 0x2002 28
After:
R5:
ipv6 router ospf 5
area 4 nssa no-summary
R6#show ipv6 ospf database
OSPFv3 Router with ID (6.6.6.6) (Process ID 6)
Router Link States (Area 4)
ADV Router Age Seq# Fragment ID Link count Bits
4.4.4.4 427 0x80000020 0 1 None
6.6.6.6 21 0x80000189 0 2 E
55.55.55.55 18 0x80000235 0 1 EB
Net Link States (Area 4)
ADV Router Age Seq# Link ID Rtr count
4.4.4.4 456 0x80000001 29 2
55.55.55.55 18 0x8000021F 28 2
Inter Area Prefix Link States (Area 4)
ADV Router Age Seq# Prefix
55.55.55.55 23 0x80000001 ::/0
Type-7 AS External Link States (Area 4)
ADV Router Age Seq# Prefix
6.6.6.6 482 0x80000001 2300::/64
6.6.6.6 482 0x80000001 2301::/64
Link (Type-8) Link States (Area 4)
ADV Router Age Seq# Link ID Interface
4.4.4.4 981 0x80000001 29 Fa0/0.46
6.6.6.6 483 0x80000001 27 Fa0/0.46
6.6.6.6 483 0x80000001 26 Fa0/0.6
6.6.6.6 477 0x8000000B 28 Fa0/0.56
55.55.55.55 989 0x80000009 28 Fa0/0.56
Intra Area Prefix Link States (Area 4)
ADV Router Age Seq# Link ID Ref-lstype Ref-LSID
4.4.4.4 456 0x80000001 29696 0x2002 29
6.6.6.6 466 0x8000001C 0 0x2001 0
55.55.55.55 18 0x80000137 0 0x2001 0
55.55.55.55 18 0x8000021F 28672 0x2002 28
No LSA 3 and 5 any more but the default route instead:
R6#show ipv6 route ::/0
OI ::/0 [110/11]
via FE80::C001:15FF:FE18:0, FastEthernet0/0.56
And the last feature - default route propagation:
R5:
ipv6 route ::/0 Loopback0
ipv6 router ospf 5
default-information originate
R2#show ipv6 route ::/0
OE2 ::/0 [110/1], tag 5
via FE80::C003:15FF:FE18:0, FastEthernet0/0.12
In conclusion, differences between OSPFv3 and OSPFv2:
- distribute-lists support only prefix-lists for route filtering;
- IOS doesn't support filter lists for LSA filtering;
- IOS doesn't support max-lsa command.
No comments:
Post a Comment