]>
Commit | Line | Data |
---|---|---|
11ab5329 | 1 | .. _ospfv3: |
42fc5d26 QY |
2 | |
3 | ****** | |
4 | OSPFv3 | |
5 | ****** | |
6 | ||
c1a54c05 QY |
7 | *ospf6d* is a daemon support OSPF version 3 for IPv6 network. OSPF for IPv6 is |
8 | described in :rfc:`2740`. | |
42fc5d26 | 9 | |
11ab5329 | 10 | .. _ospf6-router: |
42fc5d26 QY |
11 | |
12 | OSPF6 router | |
13 | ============ | |
14 | ||
487df450 | 15 | .. clicmd:: router ospf6 [vrf NAME] |
42fc5d26 | 16 | |
cb762746 | 17 | .. clicmd:: ospf6 router-id A.B.C.D |
42fc5d26 | 18 | |
c1a54c05 | 19 | Set router's Router-ID. |
42fc5d26 | 20 | |
1e31580f | 21 | .. clicmd:: timers throttle spf (0-600000) (0-600000) (0-600000) |
42fc5d26 | 22 | |
c1a54c05 QY |
23 | This command sets the initial `delay`, the `initial-holdtime` |
24 | and the `maximum-holdtime` between when SPF is calculated and the | |
25 | event which triggered the calculation. The times are specified in | |
26 | milliseconds and must be in the range of 0 to 600000 milliseconds. | |
42fc5d26 | 27 | |
c1a54c05 QY |
28 | The `delay` specifies the minimum amount of time to delay SPF |
29 | calculation (hence it affects how long SPF calculation is delayed after | |
30 | an event which occurs outside of the holdtime of any previous SPF | |
31 | calculation, and also serves as a minimum holdtime). | |
42fc5d26 | 32 | |
d1e7591e | 33 | Consecutive SPF calculations will always be separated by at least |
c1a54c05 QY |
34 | 'hold-time' milliseconds. The hold-time is adaptive and initially is |
35 | set to the `initial-holdtime` configured with the above command. | |
36 | Events which occur within the holdtime of the previous SPF calculation | |
37 | will cause the holdtime to be increased by `initial-holdtime`, bounded | |
38 | by the `maximum-holdtime` configured with this command. If the adaptive | |
d1e7591e | 39 | hold-time elapses without any SPF-triggering event occurring then |
9eb95b3b QY |
40 | the current holdtime is reset to the `initial-holdtime`. |
41 | ||
42 | .. code-block:: frr | |
42fc5d26 | 43 | |
42fc5d26 QY |
44 | router ospf6 |
45 | timers throttle spf 200 400 10000 | |
a8c90e15 | 46 | |
42fc5d26 | 47 | |
c1a54c05 QY |
48 | In this example, the `delay` is set to 200ms, the initial holdtime is set |
49 | to 400ms and the `maximum holdtime` to 10s. Hence there will always be at | |
50 | least 200ms between an event which requires SPF calculation and the actual | |
51 | SPF calculation. Further consecutive SPF calculations will always be | |
d1e7591e | 52 | separated by between 400ms to 10s, the hold-time increasing by 400ms each |
c1a54c05 QY |
53 | time an SPF-triggering event occurs within the hold-time of the previous |
54 | SPF calculation. | |
42fc5d26 | 55 | |
c1a54c05 | 56 | .. clicmd:: auto-cost reference-bandwidth COST |
42fc5d26 | 57 | |
42fc5d26 | 58 | |
c1a54c05 QY |
59 | This sets the reference bandwidth for cost calculations, where this |
60 | bandwidth is considered equivalent to an OSPF cost of 1, specified in | |
61 | Mbits/s. The default is 100Mbit/s (i.e. a link of bandwidth 100Mbit/s | |
62 | or higher will have a cost of 1. Cost of lower bandwidth links will be | |
63 | scaled with reference to this cost). | |
42fc5d26 | 64 | |
c1a54c05 QY |
65 | This configuration setting MUST be consistent across all routers |
66 | within the OSPF domain. | |
42fc5d26 | 67 | |
a874b986 | 68 | .. clicmd:: maximum-paths (1-64) |
1958143e MR |
69 | |
70 | Use this command to control the maximum number of parallel routes that | |
71 | OSPFv3 can support. The default is 64. | |
72 | ||
44db98df PR |
73 | .. clicmd:: write-multiplier (1-100) |
74 | ||
75 | Use this command to tune the amount of work done in the packet read and | |
76 | write threads before relinquishing control. The parameter is the number | |
77 | of packets to process before returning. The default value of this parameter | |
78 | is 20. | |
79 | ||
f71ed6df YR |
80 | .. clicmd:: clear ipv6 ospf6 process [vrf NAME] |
81 | ||
82 | This command clears up the database and routing tables and resets the | |
83 | neighborship by restarting the interface state machine. This will be | |
84 | helpful when there is a change in router-id and if user wants the router-id | |
85 | change to take effect, user can use this cli instead of restarting the | |
86 | ospf6d daemon. | |
a874b986 | 87 | |
ad7e12b0 IR |
88 | .. clicmd:: clear ipv6 ospf6 [vrf NAME] interface [IFNAME] |
89 | ||
90 | This command restarts the interface state machine for all interfaces in the | |
91 | VRF or only for the specific interface if ``IFNAME`` is specified. | |
92 | ||
84405582 MR |
93 | ASBR Summarisation Support in OSPFv3 |
94 | ==================================== | |
95 | ||
96 | External routes in OSPFv3 are carried by type 5/7 LSA (external LSAs). | |
97 | External LSAs are generated by ASBR (Autonomous System Boundary Router). | |
98 | Large topology database requires a large amount of router memory, which | |
99 | slows down all processes, including SPF calculations. | |
100 | It is necessary to reduce the size of the OSPFv3 topology database, | |
101 | especially in a large network. Summarising routes keeps the routing | |
102 | tables smaller and easier to troubleshoot. | |
103 | ||
104 | External route summarization must be configured on ASBR. | |
105 | Stub area do not allow ASBR because they don’t allow type 5 LSAs. | |
106 | ||
107 | An ASBR will inject a summary route into the OSPFv3 domain. | |
108 | ||
109 | Summary route will only be advertised if you have at least one subnet | |
110 | that falls within the summary range. | |
111 | ||
112 | Users will be allowed an option in the CLI to not advertise range of | |
113 | ipv6 prefixes as well. | |
114 | ||
115 | The configuration of ASBR Summarisation is supported using the CLI command | |
116 | ||
117 | .. clicmd:: summary-address X:X::X:X/M [tag (1-4294967295)] [{metric (0-16777215) | metric-type (1-2)}] | |
118 | ||
119 | This command will advertise a single External LSA on behalf of all the | |
120 | prefixes falling under this range configured by the CLI. | |
121 | The user is allowed to configure tag, metric and metric-type as well. | |
122 | By default, tag is not configured, default metric as 20 and metric-type | |
123 | as type-2 gets advertised. | |
124 | A summary route is created when one or more specific routes are learned and | |
125 | removed when no more specific route exist. | |
126 | The summary route is also installed in the local system with Null0 as | |
127 | next-hop to avoid leaking traffic. | |
128 | ||
129 | .. clicmd:: no summary-address X:X::X:X/M [tag (1-4294967295)] [{metric (0-16777215) | metric-type (1-2)}] | |
130 | ||
131 | This command can be used to remove the summarisation configuration. | |
132 | This will flush the single External LSA if it was originated and advertise | |
133 | the External LSAs for all the existing individual prefixes. | |
134 | ||
135 | .. clicmd:: summary-address X:X::X:X/M no-advertise | |
136 | ||
137 | This command can be used when user do not want to advertise a certain | |
138 | range of prefixes using the no-advertise option. | |
139 | This command when configured will flush all the existing external LSAs | |
140 | falling under this range. | |
141 | ||
142 | .. clicmd:: no summary-address X:X::X:X/M no-advertise | |
143 | ||
144 | This command can be used to remove the previous configuration. | |
145 | When configured, tt will resume originating external LSAs for all the prefixes | |
146 | falling under the configured range. | |
147 | ||
148 | .. clicmd:: aggregation timer (5-1800) | |
149 | ||
150 | The summarisation command takes effect after the aggregation timer expires. | |
151 | By default the value of this timer is 5 seconds. User can modify the time | |
152 | after which the external LSAs should get originated using this command. | |
153 | ||
154 | .. clicmd:: no aggregation timer (5-1800) | |
155 | ||
156 | This command removes the timer configuration. It reverts back to default | |
157 | 5 second timer. | |
158 | ||
159 | .. clicmd:: show ipv6 ospf6 summary-address [detail] [json] | |
160 | ||
161 | This command can be used to see all the summary-address related information. | |
162 | When detail option is used, it shows all the prefixes falling under each | |
163 | summary-configuration apart from other information. | |
164 | ||
11ab5329 | 165 | .. _ospf6-area: |
42fc5d26 QY |
166 | |
167 | OSPF6 area | |
168 | ========== | |
169 | ||
7e5e3c19 IR |
170 | .. clicmd:: area A.B.C.D range X:X::X:X/M [<advertise|not-advertise|cost (0-16777215)>] |
171 | ||
172 | .. clicmd:: area (0-4294967295) range X:X::X:X/M [<advertise|not-advertise|cost (0-16777215)>] | |
173 | ||
174 | Summarize a group of internal subnets into a single Inter-Area-Prefix LSA. | |
175 | This command can only be used at the area boundary (ABR router). | |
176 | ||
177 | By default, the metric of the summary route is calculated as the highest | |
178 | metric among the summarized routes. The `cost` option, however, can be used | |
179 | to set an explicit metric. | |
180 | ||
181 | The `not-advertise` option, when present, prevents the summary route from | |
182 | being advertised, effectively filtering the summarized routes. | |
183 | ||
81e43fd9 | 184 | .. clicmd:: area A.B.C.D nssa [no-summary] [default-information-originate [metric-type (1-2)] [metric (0-16777214)]] |
fb00683a | 185 | |
6735622c | 186 | .. clicmd:: area (0-4294967295) nssa [no-summary] [default-information-originate [metric-type (1-2)] [metric (0-16777214)]] |
1e29f449 IR |
187 | |
188 | Configure the area to be a NSSA (Not-So-Stubby Area). | |
189 | ||
190 | The following functionalities are implemented as per RFC 3101: | |
191 | ||
192 | 1. Advertising Type-7 LSA into NSSA area when external route is | |
193 | redistributed into OSPFv3. | |
194 | 2. Processing Type-7 LSA received from neighbor and installing route in the | |
195 | route table. | |
196 | 3. Support for NSSA ABR functionality which is generating Type-5 LSA when | |
197 | backbone area is configured. Currently translation of Type-7 LSA to | |
198 | Type-5 LSA is enabled by default. | |
199 | 4. Support for NSSA Translator functionality when there are multiple NSSA | |
200 | ABR in an area. | |
42fc5d26 | 201 | |
8a60820f RW |
202 | An NSSA ABR can be configured with the `no-summary` option to prevent the |
203 | advertisement of summaries into the area. In that case, a single Type-3 LSA | |
204 | containing a default route is originated into the NSSA. | |
205 | ||
6735622c RW |
206 | NSSA ABRs and ASBRs can be configured with `default-information-originate` |
207 | option to originate a Type-7 default route into the NSSA area. In the case | |
208 | of NSSA ASBRs, the origination of the default route is conditioned to the | |
209 | existence of a default route in the RIB that wasn't learned via the OSPF | |
210 | protocol. | |
211 | ||
3c77bc80 RW |
212 | .. clicmd:: area A.B.C.D nssa range X:X::X:X/M [<not-advertise|cost (0-16777215)>] |
213 | ||
214 | .. clicmd:: area (0-4294967295) nssa range X:X::X:X/M [<not-advertise|cost (0-16777215)>] | |
215 | ||
216 | Summarize a group of external subnets into a single Type-7 LSA, which is | |
217 | then translated to a Type-5 LSA and avertised to the backbone. | |
218 | This command can only be used at the area boundary (NSSA ABR router). | |
219 | ||
220 | By default, the metric of the summary route is calculated as the highest | |
221 | metric among the summarized routes. The `cost` option, however, can be used | |
222 | to set an explicit metric. | |
223 | ||
224 | The `not-advertise` option, when present, prevents the summary route from | |
225 | being advertised, effectively filtering the summarized routes. | |
226 | ||
f4f0098c RW |
227 | .. clicmd:: area A.B.C.D export-list NAME |
228 | ||
229 | .. clicmd:: area (0-4294967295) export-list NAME | |
230 | ||
231 | Filter Type-3 summary-LSAs announced to other areas originated from intra- | |
232 | area paths from specified area. | |
233 | ||
234 | .. code-block:: frr | |
235 | ||
236 | router ospf6 | |
237 | area 0.0.0.10 export-list foo | |
238 | ! | |
239 | ipv6 access-list foo permit 2001:db8:1000::/64 | |
240 | ipv6 access-list foo deny any | |
241 | ||
242 | With example above any intra-area paths from area 0.0.0.10 and from range | |
243 | 2001:db8::/32 (for example 2001:db8:1::/64 and 2001:db8:2::/64) are announced | |
244 | into other areas as Type-3 summary-LSA's, but any others (for example | |
245 | 2001:200::/48) aren't. | |
246 | ||
247 | This command is only relevant if the router is an ABR for the specified | |
248 | area. | |
249 | ||
250 | .. clicmd:: area A.B.C.D import-list NAME | |
251 | ||
252 | .. clicmd:: area (0-4294967295) import-list NAME | |
253 | ||
254 | Same as export-list, but it applies to paths announced into specified area | |
255 | as Type-3 summary-LSAs. | |
256 | ||
257 | .. clicmd:: area A.B.C.D filter-list prefix NAME in | |
258 | ||
259 | .. clicmd:: area A.B.C.D filter-list prefix NAME out | |
260 | ||
261 | .. clicmd:: area (0-4294967295) filter-list prefix NAME in | |
262 | ||
263 | .. clicmd:: area (0-4294967295) filter-list prefix NAME out | |
264 | ||
265 | Filtering Type-3 summary-LSAs to/from area using prefix lists. This command | |
266 | makes sense in ABR only. | |
267 | ||
11ab5329 | 268 | .. _ospf6-interface: |
42fc5d26 QY |
269 | |
270 | OSPF6 interface | |
271 | =============== | |
272 | ||
aa47a69b IR |
273 | .. clicmd:: ipv6 ospf6 area <A.B.C.D|(0-4294967295)> |
274 | ||
275 | Enable OSPFv3 on the interface and add it to the specified area. | |
276 | ||
c1a54c05 | 277 | .. clicmd:: ipv6 ospf6 cost COST |
42fc5d26 | 278 | |
c1a54c05 QY |
279 | Sets interface's output cost. Default value depends on the interface |
280 | bandwidth and on the auto-cost reference bandwidth. | |
42fc5d26 | 281 | |
c1a54c05 | 282 | .. clicmd:: ipv6 ospf6 hello-interval HELLOINTERVAL |
42fc5d26 | 283 | |
2de01166 | 284 | Sets interface's Hello Interval. Default 10 |
42fc5d26 | 285 | |
c1a54c05 | 286 | .. clicmd:: ipv6 ospf6 dead-interval DEADINTERVAL |
42fc5d26 | 287 | |
c1a54c05 | 288 | Sets interface's Router Dead Interval. Default value is 40. |
42fc5d26 | 289 | |
0c05ceae RW |
290 | .. clicmd:: ipv6 ospf6 graceful-restart hello-delay HELLODELAYINTERVAL |
291 | ||
292 | Set the length of time during which Grace-LSAs are sent at 1-second intervals | |
293 | while coming back up after an unplanned outage. During this time, no hello | |
294 | packets are sent. | |
295 | ||
296 | A higher hello delay will increase the chance that all neighbors are notified | |
297 | about the ongoing graceful restart before receiving a hello packet (which is | |
298 | crucial for the graceful restart to succeed). The hello delay shouldn't be set | |
299 | too high, however, otherwise the adjacencies might time out. As a best practice, | |
300 | it's recommended to set the hello delay and hello interval with the same values. | |
301 | The default value is 10 seconds. | |
302 | ||
c1a54c05 | 303 | .. clicmd:: ipv6 ospf6 retransmit-interval RETRANSMITINTERVAL |
42fc5d26 | 304 | |
c1a54c05 | 305 | Sets interface's Rxmt Interval. Default value is 5. |
42fc5d26 | 306 | |
c1a54c05 | 307 | .. clicmd:: ipv6 ospf6 priority PRIORITY |
42fc5d26 | 308 | |
c1a54c05 | 309 | Sets interface's Router Priority. Default value is 1. |
42fc5d26 | 310 | |
c1a54c05 | 311 | .. clicmd:: ipv6 ospf6 transmit-delay TRANSMITDELAY |
42fc5d26 | 312 | |
c1a54c05 | 313 | Sets interface's Inf-Trans-Delay. Default value is 1. |
42fc5d26 | 314 | |
c1a54c05 | 315 | .. clicmd:: ipv6 ospf6 network (broadcast|point-to-point) |
42fc5d26 | 316 | |
d1e7591e | 317 | Set explicitly network type for specified interface. |
42fc5d26 | 318 | |
243892e0 DA |
319 | OSPF6 route-map |
320 | =============== | |
321 | ||
322 | Usage of *ospfd6*'s route-map support. | |
323 | ||
243892e0 DA |
324 | .. clicmd:: set metric [+|-](0-4294967295) |
325 | ||
326 | Set a metric for matched route when sending announcement. Use plus (+) sign | |
327 | to add a metric value to an existing metric. Use minus (-) sign to | |
328 | substract a metric value from an existing metric. | |
329 | ||
11ab5329 | 330 | .. _redistribute-routes-to-ospf6: |
42fc5d26 QY |
331 | |
332 | Redistribute routes to OSPF6 | |
333 | ============================ | |
334 | ||
476e9575 | 335 | .. clicmd:: redistribute <babel|bgp|connected|isis|kernel|openfabric|ripng|sharp|static|table> [metric-type (1-2)] [metric (0-16777214)] [route-map WORD] |
42fc5d26 | 336 | |
476e9575 RW |
337 | Redistribute routes of the specified protocol or kind into OSPFv3, with the |
338 | metric type and metric set if specified, filtering the routes using the | |
339 | given route-map if specified. | |
42fc5d26 | 340 | |
94e1125e YR |
341 | .. clicmd:: default-information originate [{always|metric (0-16777214)|metric-type (1-2)|route-map WORD}] |
342 | ||
343 | The command injects default route in the connected areas. The always | |
344 | argument injects the default route regardless of it being present in the | |
345 | router. Metric values and route-map can also be specified optionally. | |
42fc5d26 | 346 | |
71165098 RW |
347 | Graceful Restart |
348 | ================ | |
349 | ||
350 | .. clicmd:: graceful-restart [grace-period (1-1800)] | |
351 | ||
352 | ||
353 | Configure Graceful Restart (RFC 5187) restarting support. | |
354 | When enabled, the default grace period is 120 seconds. | |
355 | ||
356 | To perform a graceful shutdown, the "graceful-restart prepare ipv6 ospf" | |
357 | EXEC-level command needs to be issued before restarting the ospf6d daemon. | |
6539d9ef | 358 | |
88b3d5e5 RW |
359 | When Graceful Restart is enabled and the ospf6d daemon crashes or is killed |
360 | abruptely (e.g. SIGKILL), it will attempt an unplanned Graceful Restart once | |
361 | it restarts. | |
362 | ||
6b513b4c | 363 | .. clicmd:: graceful-restart helper enable [A.B.C.D] |
6539d9ef | 364 | |
365 | ||
366 | Configure Graceful Restart (RFC 5187) helper support. | |
367 | By default, helper support is disabled for all neighbours. | |
368 | This config enables/disables helper support on this router | |
369 | for all neighbours. | |
370 | To enable/disable helper support for a specific | |
371 | neighbour, the router-id (A.B.C.D) has to be specified. | |
372 | ||
373 | .. clicmd:: graceful-restart helper strict-lsa-checking | |
374 | ||
375 | ||
376 | If 'strict-lsa-checking' is configured then the helper will | |
377 | abort the Graceful Restart when a LSA change occurs which | |
378 | affects the restarting router. | |
379 | By default 'strict-lsa-checking' is enabled" | |
380 | ||
381 | .. clicmd:: graceful-restart helper supported-grace-time (10-1800) | |
382 | ||
383 | ||
384 | Supports as HELPER for configured grace period. | |
385 | ||
386 | .. clicmd:: graceful-restart helper planned-only | |
387 | ||
388 | ||
389 | It helps to support as HELPER only for planned | |
390 | restarts. By default, it supports both planned and | |
391 | unplanned outages. | |
392 | ||
71165098 RW |
393 | .. clicmd:: graceful-restart prepare ipv6 ospf |
394 | ||
395 | ||
396 | Initiate a graceful restart for all OSPFv3 instances configured with the | |
397 | "graceful-restart" command. The ospf6d daemon should be restarted during | |
398 | the instance-specific grace period, otherwise the graceful restart will fail. | |
399 | ||
400 | This is an EXEC-level command. | |
401 | ||
402 | ||
9b596bed AR |
403 | .. _Authentication-trailer: |
404 | ||
405 | Authentication trailer support: | |
406 | =============================== | |
407 | IPv4 version of OSPF supports authentication as part of the base RFC. | |
408 | When IPv6 version of OSPF was developed there was IPSec support for IPv6, | |
409 | Hence OSPFv3(IPv6 version of OSPF) suggest to use IPSec as authentication | |
410 | and encryption mechanism. IPSec supports authentication using AH header and | |
411 | Encryption using ESP. | |
412 | ||
413 | There are few disadvantages of using IPSec with OSPFv3. | |
414 | 1. If encryption is enabled for OSPFv3 packets, then its not | |
415 | possible to give priority to control packets. | |
416 | 2. IPSec has platform dependency and may not be supported | |
417 | in all platforms. | |
418 | 3. It is performance intensive. | |
419 | 4. Its difficult to configure. | |
420 | ||
421 | ||
422 | Some advantages of OSPFv3 authentication trailer feature. | |
423 | 1. It provides replay protection via sequence number. | |
424 | 2. It provides IPv6 source address protection. | |
425 | 3. No platform dependency. | |
426 | 4. Easy to implement and maintain. | |
427 | ||
428 | ||
429 | This feature is support for ``RFC7166``. | |
430 | ||
431 | FRR supports MD5 and SHA256 internally and relays on openssl for other hash | |
432 | algorithms. If user wants to use only MD5 and SHA256, no special action is | |
433 | required. If user wants complete support of authentication trailer with all | |
434 | hash algorithms follow below steps. | |
435 | ||
436 | ||
437 | Installing Dependencies: | |
438 | ------------------------ | |
439 | ||
440 | .. code-block:: console | |
441 | ||
442 | sudo apt update | |
443 | sudo apt-get install openssl | |
444 | ||
445 | ||
446 | Compile: | |
447 | -------- | |
448 | Follow normal compilation as mentioned in the build page. If you want to | |
449 | use all the hash algorithms then follow the steps mentioned in note before | |
450 | compiling. | |
451 | ||
452 | ||
453 | .. note:: | |
454 | ||
455 | If your platform supports ``openssl``, please make sure to add | |
456 | ``--with-crypto=openssl`` to your configure options. | |
457 | Default value is ``--with-crypto=internal`` | |
458 | ||
459 | ||
460 | CLI Configuration: | |
461 | ------------------ | |
462 | There are two ways in which authentication trailer can be configured for | |
463 | OSPFv3. These commands are mutually exclusive, only one can be configured | |
464 | at any time. | |
465 | ||
466 | 1. Using manual key configuration. | |
467 | 2. Using keychain. | |
468 | ||
469 | ||
470 | List of hash algorithms supported: | |
471 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
472 | ||
473 | Without openssl: | |
474 | ++++++++++++++++ | |
475 | ``MD5`` | |
476 | ``HMAC-SHA-256`` | |
477 | ||
478 | ||
479 | With openssl: | |
480 | +++++++++++++ | |
481 | ``MD5`` | |
482 | ``HMAC-SHA-1`` | |
483 | ``HMAC-SHA-256`` | |
484 | ``HMAC-SHA-384`` | |
485 | ``HMAC-SHA-512`` | |
486 | ||
487 | ||
488 | Example configuration of manual key: | |
489 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
490 | ||
491 | Without openssl: | |
492 | ++++++++++++++++ | |
493 | ||
494 | .. clicmd:: ipv6 ospf6 authentication key-id (1-65535) hash-algo <md5|hmac-sha-256> key WORD | |
495 | ||
496 | With openssl: | |
497 | +++++++++++++ | |
498 | ||
499 | .. clicmd:: ipv6 ospf6 authentication key-id (1-65535) hash-algo <md5|hmac-sha-256|hmac-sha-1|hmac-sha-384|hmac-sha-512> key WORD | |
500 | ||
501 | ||
502 | Example configuration of keychain: | |
503 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
504 | ||
505 | .. clicmd:: ipv6 ospf6 authentication keychain KEYCHAIN_NAME | |
506 | ||
507 | ||
508 | Running configuration: | |
509 | ---------------------- | |
510 | ||
511 | Manual key: | |
512 | ^^^^^^^^^^^ | |
513 | ||
514 | .. code-block:: frr | |
515 | ||
516 | frr# show running-config | |
517 | Building configuration... | |
518 | ||
519 | Current configuration: | |
520 | ! | |
521 | interface ens192 | |
522 | ipv6 address 2001:DB8::2/64 | |
523 | ipv6 ospf6 authentication key-id 10 hash-algo hmac-sha-256 key abhinay | |
524 | ||
525 | Keychain: | |
526 | ^^^^^^^^^ | |
527 | ||
528 | .. code-block:: frr | |
529 | ||
530 | frr# show running-config | |
531 | Building configuration... | |
532 | ||
533 | Current configuration: | |
534 | ! | |
535 | interface ens192 | |
536 | ipv6 address 2001:DB8::2/64 | |
537 | ipv6 ospf6 authentication keychain abhinay | |
538 | ||
539 | ||
540 | Example keychain config: | |
541 | ^^^^^^^^^^^^^^^^^^^^^^^^ | |
542 | ||
543 | .. code-block:: frr | |
544 | ||
545 | frr#show running-config | |
546 | Building configuration... | |
547 | ||
548 | Current configuration: | |
549 | ! | |
550 | key chain abcd | |
551 | key 100 | |
552 | key-string password | |
553 | cryptographic-algorithm sha1 | |
554 | exit | |
555 | key 200 | |
556 | key-string password | |
557 | cryptographic-algorithm sha256 | |
558 | exit | |
559 | ! | |
560 | key chain pqr | |
561 | key 300 | |
562 | key-string password | |
563 | cryptographic-algorithm sha384 | |
564 | exit | |
565 | key 400 | |
566 | key-string password | |
567 | cryptographic-algorithm sha384 | |
568 | exit | |
569 | ! | |
570 | ||
571 | Show commands: | |
572 | -------------- | |
573 | There is an interface show command that displays if authentication trailer | |
574 | is enabled or not. json output is also supported. | |
575 | ||
576 | There is support for drop counters, which will help in debugging the feature. | |
577 | ||
578 | .. code-block:: frr | |
579 | ||
580 | frr# show ipv6 ospf6 interface ens192 | |
581 | ens192 is up, type BROADCAST | |
582 | Interface ID: 5 | |
583 | Number of I/F scoped LSAs is 2 | |
584 | 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] | |
585 | 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] | |
586 | Authentication trailer is enabled with manual key ==> new info added | |
587 | Packet drop Tx 0, Packet drop Rx 0 | |
588 | ||
589 | ||
590 | OSPFv3 supports options in hello and database description packets hence | |
591 | the presence of authentication trailer needs to be stored in OSPFv3 | |
592 | neighbor info. Since RFC specifies that we need to handled sequence number | |
593 | for every ospf6 packet type, sequence number recvd in authentication header | |
594 | from the neighbor is stored in neighbor to validate the packet. | |
595 | json output is also supported. | |
596 | ||
597 | .. code-block:: frr | |
598 | ||
599 | frr# show ipv6 ospf6 neighbor 2.2.2.2 detail | |
600 | Neighbor 2.2.2.2%ens192 | |
601 | Area 1 via interface ens192 (ifindex 3) | |
602 | 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] | |
603 | 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] | |
604 | Authentication header present ==> new info added | |
605 | hello DBDesc LSReq LSUpd LSAck | |
606 | Higher sequence no 0x0 0x0 0x0 0x0 0x0 | |
607 | Lower sequence no 0x242E 0x1DC4 0x1DC3 0x23CC 0x1DDA | |
608 | ||
609 | Sent packet sequence number is maintained per ospf6 router for every packet | |
610 | that is sent out of router, so sequence number is maintained per ospf6 process. | |
611 | ||
612 | .. code-block:: frr | |
613 | ||
614 | frr# show ipv6 ospf6 | |
615 | OSPFv3 Routing Process (0) with Router-ID 2.2.2.2 | |
616 | Number of areas in this router is 1 | |
617 | Authentication Sequence number info | |
618 | Higher sequence no 3, Lower sequence no 1656 | |
619 | ||
620 | Debug command: | |
621 | -------------- | |
622 | Below command can be used to enable ospfv3 authentication trailer | |
623 | specific logs if you have to debug the feature. | |
624 | ||
625 | .. clicmd:: debug ospf6 authentication [<tx|rx>] | |
626 | ||
627 | Feature supports authentication trailer tx/rx drop counters for debugging, | |
628 | which can be used to see if packets are getting dropped due to error in | |
629 | processing authentication trailer information in OSPFv3 packet. | |
630 | json output is also supported. | |
631 | ||
632 | .. code-block:: frr | |
633 | ||
634 | frr# show ipv6 ospf6 interface ens192 | |
635 | ens192 is up, type BROADCAST | |
636 | Interface ID: 5 | |
637 | Number of I/F scoped LSAs is 2 | |
638 | 0 Pending LSAs for LSUpdate in Time 00:00:00 [thread off] | |
639 | 0 Pending LSAs for LSAck in Time 00:00:00 [thread off] | |
640 | Authentication trailer is enabled with manual key | |
641 | Packet drop Tx 0, Packet drop Rx 0 ==> new counters | |
642 | ||
643 | Clear command: | |
644 | -------------- | |
645 | Below command can be used to clear the tx/rx drop counters in interface. | |
646 | Below command can be used to clear all ospfv3 interface or specific | |
647 | interface by specifying the interface name. | |
648 | ||
649 | .. clicmd:: clear ipv6 ospf6 auth-counters interface [IFNAME] | |
650 | ||
651 | ||
652 | ||
11ab5329 | 653 | .. _showing-ospf6-information: |
42fc5d26 QY |
654 | |
655 | Showing OSPF6 information | |
656 | ========================= | |
657 | ||
487df450 | 658 | .. clicmd:: show ipv6 ospf6 [vrf <NAME|all>] [json] |
42fc5d26 | 659 | |
487df450 IR |
660 | Show information on a variety of general OSPFv3 and area state and |
661 | configuration information. JSON output can be obtained by appending 'json' | |
662 | to the end of command. | |
42fc5d26 | 663 | |
487df450 | 664 | .. clicmd:: show ipv6 ospf6 [vrf <NAME|all>] database [<detail|dump|internal>] [json] |
42fc5d26 | 665 | |
e4bacbaa YR |
666 | This command shows LSAs present in the LSDB. There are three view options. |
667 | These options helps in viewing all the parameters of the LSAs. JSON output | |
668 | can be obtained by appending 'json' to the end of command. JSON option is | |
669 | not applicable with 'dump' option. | |
670 | ||
487df450 | 671 | .. clicmd:: show ipv6 ospf6 [vrf <NAME|all>] database <router|network|inter-prefix|inter-router|as-external|group-membership|type-7|link|intra-prefix> [json] |
e4bacbaa YR |
672 | |
673 | These options filters out the LSA based on its type. The three views options | |
674 | works here as well. JSON output can be obtained by appending 'json' to the | |
675 | end of command. | |
676 | ||
487df450 | 677 | .. clicmd:: show ipv6 ospf6 [vrf <NAME|all>] database adv-router A.B.C.D linkstate-id A.B.C.D [json] |
e4bacbaa YR |
678 | |
679 | The LSAs additinally can also be filtered with the linkstate-id and | |
680 | advertising-router fields. We can use the LSA type filter and views with | |
681 | this command as well and visa-versa. JSON output can be obtained by | |
682 | appending 'json' to the end of command. | |
683 | ||
487df450 | 684 | .. clicmd:: show ipv6 ospf6 [vrf <NAME|all>] database self-originated [json] |
e4bacbaa YR |
685 | |
686 | This command is used to filter the LSAs which are originated by the present | |
687 | router. All the other filters are applicable here as well. | |
42fc5d26 | 688 | |
487df450 | 689 | .. clicmd:: show ipv6 ospf6 [vrf <NAME|all>] interface [json] |
42fc5d26 | 690 | |
f16ae8cf | 691 | To see OSPF interface configuration like costs. JSON output can be |
692 | obtained by appending "json" in the end. | |
42fc5d26 | 693 | |
487df450 | 694 | .. clicmd:: show ipv6 ospf6 [vrf <NAME|all>] neighbor [json] |
42fc5d26 | 695 | |
6a5bb300 | 696 | Shows state and chosen (Backup) DR of neighbor. JSON output can be |
697 | obtained by appending 'json' at the end. | |
42fc5d26 | 698 | |
487df450 | 699 | .. clicmd:: show ipv6 ospf6 [vrf <NAME|all>] interface traffic [json] |
ba30b376 | 700 | |
e6f83fc5 | 701 | Shows counts of different packets that have been received and transmitted |
ba30b376 | 702 | by the interfaces. JSON output can be obtained by appending "json" at the |
703 | end. | |
704 | ||
c1a54c05 | 705 | .. clicmd:: show ipv6 route ospf6 |
42fc5d26 | 706 | |
c1a54c05 | 707 | This command shows internal routing table. |
42fc5d26 | 708 | |
9ebb75c5 | 709 | .. clicmd:: show ipv6 ospf6 zebra [json] |
42fc5d26 | 710 | |
9ebb75c5 | 711 | Shows state about what is being redistributed between zebra and OSPF6. |
712 | JSON output can be obtained by appending "json" at the end. | |
42fc5d26 | 713 | |
487df450 | 714 | .. clicmd:: show ipv6 ospf6 [vrf <NAME|all>] redistribute [json] |
dd726234 | 715 | |
716 | Shows the routes which are redistributed by the router. JSON output can | |
717 | be obtained by appending 'json' at the end. | |
718 | ||
487df450 | 719 | .. clicmd:: show ipv6 ospf6 [vrf <NAME|all>] route [<intra-area|inter-area|external-1|external-2|X:X::X:X|X:X::X:X/M|detail|summary>] [json] |
eacd0828 YR |
720 | |
721 | This command displays the ospfv3 routing table as determined by the most | |
722 | recent SPF calculations. Options are provided to view the different types | |
723 | of routes. Other than the standard view there are two other options, detail | |
724 | and summary. JSON output can be obtained by appending 'json' to the end of | |
725 | command. | |
726 | ||
487df450 | 727 | .. clicmd:: show ipv6 ospf6 [vrf <NAME|all>] route X:X::X:X/M match [detail] [json] |
eacd0828 YR |
728 | |
729 | The additional match option will match the given address to the destination | |
730 | of the routes, and return the result accordingly. | |
731 | ||
487df450 | 732 | .. clicmd:: show ipv6 ospf6 [vrf <NAME|all>] interface [IFNAME] prefix [detail|<X:X::X:X|X:X::X:X/M> [<match|detail>]] [json] |
35aeb295 YR |
733 | |
734 | This command shows the prefixes present in the interface routing table. | |
735 | Interface name can also be given. JSON output can be obtained by appending | |
736 | 'json' to the end of command. | |
737 | ||
487df450 | 738 | .. clicmd:: show ipv6 ospf6 [vrf <NAME|all>] spf tree [json] |
305b639b YR |
739 | |
740 | This commands shows the spf tree from the recent spf calculation with the | |
741 | calling router as the root. If json is appended in the end, we can get the | |
742 | tree in JSON format. Each area that the router belongs to has it's own | |
743 | JSON object, with each router having "cost", "isLeafNode" and "children" as | |
744 | arguments. | |
51d0d8f3 | 745 | |
6539d9ef | 746 | .. clicmd:: show ipv6 ospf6 graceful-restart helper [detail] [json] |
747 | ||
748 | This command shows the graceful-restart helper details including helper | |
749 | configuration parameters. | |
750 | ||
df175bc8 IR |
751 | .. _ospf6-debugging: |
752 | ||
753 | OSPFv3 Debugging | |
754 | ================ | |
755 | ||
756 | The following debug commands are supported: | |
757 | ||
758 | .. clicmd:: debug ospf6 abr | |
759 | ||
760 | Toggle OSPFv3 ABR debugging messages. | |
761 | ||
762 | .. clicmd:: debug ospf6 asbr | |
763 | ||
764 | Toggle OSPFv3 ASBR debugging messages. | |
765 | ||
b25a1103 | 766 | .. clicmd:: debug ospf6 border-routers {router-id [A.B.C.D] | area-id [A.B.C.D]} |
df175bc8 | 767 | |
b25a1103 AC |
768 | Toggle OSPFv3 border router debugging messages. This can be specified for a |
769 | router with specific Router-ID/Area-ID. | |
df175bc8 IR |
770 | |
771 | .. clicmd:: debug ospf6 flooding | |
772 | ||
773 | Toggle OSPFv3 flooding debugging messages. | |
774 | ||
775 | .. clicmd:: debug ospf6 interface | |
776 | ||
777 | Toggle OSPFv3 interface related debugging messages. | |
778 | ||
779 | .. clicmd:: debug ospf6 lsa | |
780 | ||
781 | Toggle OSPFv3 Link State Advertisements debugging messages. | |
782 | ||
783 | .. clicmd:: debug ospf6 lsa aggregation | |
784 | ||
785 | Toggle OSPFv3 Link State Advertisements summarization debugging messages. | |
786 | ||
787 | .. clicmd:: debug ospf6 message | |
788 | ||
789 | Toggle OSPFv3 message exchange debugging messages. | |
790 | ||
791 | .. clicmd:: debug ospf6 neighbor | |
792 | ||
793 | Toggle OSPFv3 neighbor interaction debugging messages. | |
794 | ||
795 | .. clicmd:: debug ospf6 nssa | |
796 | ||
797 | Toggle OSPFv3 Not So Stubby Area (NSSA) debugging messages. | |
798 | ||
799 | .. clicmd:: debug ospf6 route | |
800 | ||
801 | Toggle OSPFv3 routes debugging messages. | |
802 | ||
803 | .. clicmd:: debug ospf6 spf | |
804 | ||
805 | Toggle OSPFv3 Shortest Path calculation debugging messages. | |
806 | ||
807 | .. clicmd:: debug ospf6 zebra | |
808 | ||
809 | Toggle OSPFv3 zebra interaction debugging messages. | |
810 | ||
724739e5 IR |
811 | .. clicmd:: debug ospf6 graceful-restart |
812 | ||
813 | Toggle OSPFv3 graceful-restart helper debugging messages. | |
814 | ||
b832909b QY |
815 | Sample configuration |
816 | ==================== | |
42fc5d26 QY |
817 | |
818 | Example of ospf6d configured on one interface and area: | |
819 | ||
9eb95b3b | 820 | .. code-block:: frr |
42fc5d26 | 821 | |
c1a54c05 | 822 | interface eth0 |
aa47a69b | 823 | ipv6 ospf6 area 0.0.0.0 |
c1a54c05 QY |
824 | ipv6 ospf6 instance-id 0 |
825 | ! | |
826 | router ospf6 | |
349ee664 | 827 | ospf6 router-id 212.17.55.53 |
c1a54c05 | 828 | area 0.0.0.0 range 2001:770:105:2::/64 |
c1a54c05 | 829 | ! |
b832909b QY |
830 | |
831 | ||
832 | Larger example with policy and various options set: | |
833 | ||
834 | ||
835 | .. code-block:: frr | |
836 | ||
837 | debug ospf6 neighbor state | |
838 | ! | |
839 | interface fxp0 | |
aa47a69b | 840 | ipv6 ospf6 area 0.0.0.0 |
b832909b QY |
841 | ipv6 ospf6 cost 1 |
842 | ipv6 ospf6 hello-interval 10 | |
843 | ipv6 ospf6 dead-interval 40 | |
844 | ipv6 ospf6 retransmit-interval 5 | |
845 | ipv6 ospf6 priority 0 | |
846 | ipv6 ospf6 transmit-delay 1 | |
847 | ipv6 ospf6 instance-id 0 | |
848 | ! | |
849 | interface lo0 | |
850 | ipv6 ospf6 cost 1 | |
851 | ipv6 ospf6 hello-interval 10 | |
852 | ipv6 ospf6 dead-interval 40 | |
853 | ipv6 ospf6 retransmit-interval 5 | |
854 | ipv6 ospf6 priority 1 | |
855 | ipv6 ospf6 transmit-delay 1 | |
856 | ipv6 ospf6 instance-id 0 | |
857 | ! | |
858 | router ospf6 | |
859 | router-id 255.1.1.1 | |
860 | redistribute static route-map static-ospf6 | |
b832909b QY |
861 | ! |
862 | access-list access4 permit 127.0.0.1/32 | |
863 | ! | |
864 | ipv6 access-list access6 permit 3ffe:501::/32 | |
865 | ipv6 access-list access6 permit 2001:200::/48 | |
866 | ipv6 access-list access6 permit ::1/128 | |
867 | ! | |
868 | ipv6 prefix-list test-prefix seq 1000 deny any | |
869 | ! | |
870 | route-map static-ospf6 permit 10 | |
871 | match ipv6 address prefix-list test-prefix | |
872 | set metric-type type-2 | |
873 | set metric 2000 | |
874 | ! | |
875 | line vty | |
876 | access-class access4 | |
877 | ipv6 access-class access6 | |
878 | exec-timeout 0 0 | |
879 | ! |