10.6 OSPFv3
The good news about OSPFv3 is that OSPFv2 was a mature routing protocol when development began on OSPFv3. The bad news about OSPFv3 is that it is more complex in some ways than OSPFv2. But mostly the two protocols are simply different because of the differences in the underlying Layer 3 protocol. Fortunately, RFC 2740, which defines OSPFv3, goes into quite a bit of detail in describing these differences.
10.6.1 Comparison between OSPFv2 and OSPFv3
OSPFv2 and OSPFv3 share many key concepts, including most of their basic operations and the concepts of neighbor relationships, areas, interface types, virtual links, metric calculations, and many others. However, you should understand the significant differences as well.
Key differences between OSPFv2 and OSPFv3 include these:
Configured using interface commands- Cisco IOS enables OSPFv3 using interface subcommands, instead of using the OSPFv2 method (using the network command in router configuration mode). To enable OSPFv3 process ID (PID) 1 and area 2 on a given interface, the basic command is simply ipv6 ospf 1 area 2. Issuing this command also creates the ipv6 router ospf 1 command in global configuration mode.
Advertising multiple networks on an interface- If multiple IPv6 addresses are configured on an interface, OSPFv3 advertises all of the corresponding networks.
OSPFv3 RID must be set- OSPFv3 can automatically set its 32-bit RID based on the configured IPv4 addresses, using the same rules for OSPFv2. However, if no IPv4 addresses are configured, OSPFv3 cannot automatically choose its router ID. You must manually configure the RID before OSPFv3 will start. By comparison, an OSPFv2 router ID is created automatically if any IP interfaces are configured on a router.
Flooding scope- The scope for flooding LSAs is one of three specific types in OSPFv3:
- Link-local scope-Used by the new LSA type, Link LSA.
- Area scope-For LSAs flooded throughout a single OSPFv3 area. Used by Router, Network, Inter-Area Prefix, Inter-Area Router, and Intra-Area Prefix LSA types.
- AS scope-LSAs of this type are flooded throughout the routing domain; this is used for AS External LSAs.Multiple instances per link- OSPFv3 supports multiple instances on a link. For example, suppose you have four routers on an Ethernet segment: routers A, B, 1, and 2. You want routers A and B to form adjacencies (become neighbors), and routers 1 and 2 to become neighbors, but you do not want routers A and B to form neighborships with routers 1 and 2. OSPFv3 supports this type of adjacency scoping. The range of instance numbers is 0-255, and the command format on the interface is, for example, ipv6 ospf 1 area 0 instance 33. The instance must match on all routers that are to become adjacent on a link.
Terminology- OSPFv3 uses the term link for what OSPFv2 calls a network.
Sources packets from link-local addresses- With the exception of virtual links, OSPFv3 uses link-local addresses for all communications between neighbors and sources packets from link-local addresses. On virtual links, OSPFv3 sources packets from a globally scoped IPv6 address.
Authentication- OSPFv2 natively supports three authentication types: null, simple password, and MD5. OSPFv3, however, does not itself provide authentication, because IPv6 covers this requirement with its internal support for AH and ESP protocols.
Networks in LSAs- Whereas OSPFv2 expresses networks in LSAs as [address, mask], OSPFv3 expresses networks in LSAs as [prefix, prefix length]. The default router is expressed with a prefix length of 0.
10.6.2 Virtual Links, Summarization, and Other Features
Many OSPFv3 features are conceptually identical to OSPFv2 and differ only slightly in their configuration. Some of these features include the following:
Virtual links (which point to router IDs)
Address summarization by area
Address summarization in the routing process
Stub area configuration
NSSA configuration
Advertising, or not advertising, a summary using the area range [advertise | not-advertise] command
OSPF network types and interface configuration
Router priority configuration for multiaccess networks, to influence DR and BDR elections
Most OSPF show commands
10.6.3 OSPFv3 LSA Types
Most LSA functionality in OSPFv3 is the same as that in OSPFv2, with a few changes in the LSA names. In addition, OSPFv3 has two additional LSA types.
OSPFv3 LSA types
LSA Type |
Common Name |
Description |
Flooding Scope |
---|---|---|---|
1 |
Router LSA |
Describes a router's link states and costs of its links to one area. |
Area |
2 |
Network LSA |
Generated by a DR to describe the aggregated link state and costs for all routers attached to an area. |
Area |
3 |
Inter-Area Prefix LSA for ABRs |
Originated by ABRs to describe interarea networks to routers in other areas. |
Area |
4 |
Inter-Area Router LSA for ASBRs |
Originated by ASBRs to advertise the ASBR location. |
Area |
5 |
Autonomous System External LSA |
Originated by an ASBR to describe networks learned from other protocols (redistributed routes). |
Autonomous System |
8 |
Link LSA |
Advertises link-local address and prefix(es) of a router to all other routers on the link, as well as option information. Sent only if more than one router is present on a link. |
Link |
9 |
Intra-Area Prefix LSA |
Performs one of two functions: - Associates a list of IPv6 prefixes with a transit network by pointing to a Network LSA. - Associates a list of IPv6 prefixes with a router by pointing to a Router LSA. |
Area |
10.6.4 OSPFv3 in NBMA Networks
OSPFv3 operates in NBMA networks almost exactly like OSPFv2. In particular, each interface has an OSPF network type, with that network type dictating whether OSPFv3 needs to use a DR/BDR and whether at least one router needs to have an OSPF neighbor command configured. For example, when configuring Frame Relay with the IPv6 address on a physical interface or multipoint subinterface, the OSPF network type defaults to "nonbroadcast," which requires the use of a neighbor command:
TestKing1(config-if)# ipv6 ospf neighbor 3003::1
OSPFv3 neighbor relationships over NBMA networks take a relatively long time to form (a minute or two), even on high-speed media, as they do in OSPFv2. This delay can lead to confusion and may cause you to spend time troubleshooting a nonproblem.
Invariably, at some point in your studies (or lab exams), you will configure OSPFv2 or v3 over an NBMA network and forget to include a neighbor statement. As a result, neighbors will not form and you will have to troubleshoot the problem. A useful crutch you can use to help you remember that NBMA OSPF peers require neighbor statements is the saying, "nonbroadcast needs neighbors."
10.6.5 Authentication and Encryption
One area in which OSPFv3 is simpler than OSPFv2, at the protocol operation level, is that it uses IPv6's native authentication support rather than implementing its own authentication mechanisms. OSPFv3 uses Authentication Header (AH), beginning with Cisco IOS Release 12.3(4)T, and Encapsulating Security
Payload (ESP) protocols for authentication, beginning with Cisco IOS Release 12.4(9)T. Both of these features require a Crypto feature set in the router.
To enable IPv6 OSPF authentication using AH, issue the command ipv6 ospf authentication. To enable encryption using ESP, issue the command ipv6 ospf encryption. These are interface configuration commands. Note that ESP provides both encryption and authentication. Also note that because AH and ESP are part of the IPsec protocol, you must also configure IPsec security policies to use them.
Here are three key things to know about OSPFv3 authentication and encryption:
OSPFv3 can use AH for authentication.
OSPFv3 can use ESP for authentication and encryption.
OSPFv3 authentication and encryption can be applied per area or per link (interface); per-link configuration is more secure because it creates more layers of security.