Similar to my test lab for OSPFv2, I am testing OSPFv3 for IPv6 with the following devices: Cisco ASA, Cisco Router, Fortinet FortiGate, Juniper SSG, Palo Alto, and Quagga Router. I am showing my lab network diagram and the configuration commands/screenshots for all devices. Furthermore, I am listing some basic troubleshooting commands. In the last section, I provide a Tcpdump/Wireshark capture of an initial OSPFv3 run.
I am not going into deep details of OSPFv3 at all. But this lab should give basic hints/examples for configuring OSPFv3 for all of the listed devices.
Lab
This is my test lab. All devices are directly connected via a layer 2 switch:
General Information
- Everything takes place in area 0.0.0.0 (backbone area)
- Juniper SSG should be the DR: interface priority set to 100.
- Palo Alto should be the BDR: interface priority set to 50.
- Router-ID is always set manually according to my IPv4 sheme: 172.16.1.x, where x = the interface-ID from the IPv6 addresses (from ::1 to ::6).
- Cost for the interfaces as seen in the figure.
- Passive-interface on all user/access interfaces.
- Redistribution of the remote access VPN clients on the Cisco ASA (AnyConnect).
- No authentication is used .
The following devices are in alphabetic order. Beneath each screenshot is a detailed description of the the configuration that is shown.
During the tests, a single Cisco AnyConnect client was connected and therefore redistributed with a /128 IPv6 address prefix. The Quagga router was added to this lab after most of the listings were saved. That is: The Quagga router (172.16.1.8) is not shown on any other firewalls/routers.
Cisco ASA
The Cisco ASA 5505 is running version 9.2(4). Following are the configuration and monitoring screenshots:
This are the relevant CLI commands for the OSPFv3 config:
interface Vlan130 ipv6 address 2003:51:6012:130::1/64 ipv6 address autoconfig ipv6 enable ipv6 ospf cost 100 ipv6 ospf 1 area 0 ipv6 ospf encryption null ! ipv6 router ospf 1 router-id 172.16.1.3 passive-interface insideASA130 passive-interface insideASA131 log-adjacency-changes redistribute static metric 1000 !
While this CLI commands can be used to show the OPSFv3 runtime values:
fd-wv-fw03# show ipv6 ospf Routing Process "ospfv3 1" with ID 172.16.1.3 Event-log enabled, Maximum number of events: 1000, Mode: cyclic It is an autonomous system boundary router Redistributing External Routes from, static with metric 1000 Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 1. Checksum Sum 0x4dac Number of areas in this router is 1. 1 normal 0 stub 0 nssa Graceful restart helper support disabled Reference bandwidth unit is 100 mbps Area BACKBONE(0) Number of interfaces in this area is 2 SPF algorithm executed 11 times Number of LSA 19. Checksum Sum 0xa3f76 Number of DCbitless LSA 6 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 fd-wv-fw03# fd-wv-fw03# fd-wv-fw03# show ipv6 ospf neighbor Neighbor ID Pri State Dead Time Interface ID Interface 172.16.1.1 100 2WAY/DROTHER 0:00:36 880 outside 172.16.1.2 50 FULL/DR 0:00:34 16 outside 172.16.1.5 1 FULL/BDR 0:00:30 3 outside 172.16.1.6 1 2WAY/DROTHER 0:00:31 6 outside fd-wv-fw03# fd-wv-fw03# fd-wv-fw03# show ipv6 ospf database OSPFv3 Router with ID (172.16.1.3) (Process ID 1) Router Link States (Area 0) ADV Router Age Seq# Fragment ID Link count Bits 172.16.1.1 1608 0x80000122 1 1 None 172.16.1.2 636 0x80000124 0 1 E 172.16.1.3 1461 0x80000102 0 1 E 172.16.1.5 74 0x80000102 0 1 None 172.16.1.6 1371 0x80000122 0 1 None Net Link States (Area 0) ADV Router Age Seq# Link ID Rtr count 172.16.1.2 634 0x80000122 16 5 Link (Type-8) Link States (Area 0) ADV Router Age Seq# Link ID Interface 172.16.1.3 430 0x80000008 15 insideASA130 172.16.1.1 1653 0x8000011d 880 outside 172.16.1.2 1310 0x8000011e 16 outside 172.16.1.3 945 0x80000101 14 outside 172.16.1.5 74 0x80000101 3 outside 172.16.1.6 1441 0x8000011d 6 outside Intra Area Prefix Link States (Area 0) ADV Router Age Seq# Link ID Ref-lstype Ref-LSID 172.16.1.1 1648 0x80000242 1 0x2001 0 172.16.1.2 637 0x80000124 1 0x2001 0 172.16.1.2 629 0x80000129 458752 0x2002 16 172.16.1.2 637 0x8000011f 589824 0x2002 257 172.16.1.3 946 0x80000101 0 0x2001 0 172.16.1.5 1327 0x80000006 0 0x2001 0 172.16.1.6 1370 0x80000120 2 0x2001 0 Type-5 AS External Link States ADV Router Age Seq# Prefix 172.16.1.3 606 0x80000001 2003:51:6012:133:feed:cafe:0:10/128 fd-wv-fw03# fd-wv-fw03# fd-wv-fw03# show ipv6 ospf database self-originate OSPFv3 Router with ID (172.16.1.3) (Process ID 1) Router Link States (Area 0) ADV Router Age Seq# Fragment ID Link count Bits 172.16.1.3 1495 0x80000102 0 1 E Link (Type-8) Link States (Area 0) ADV Router Age Seq# Link ID Interface 172.16.1.3 464 0x80000008 15 insideASA130 172.16.1.3 979 0x80000101 14 outside Intra Area Prefix Link States (Area 0) ADV Router Age Seq# Link ID Ref-lstype Ref-LSID 172.16.1.3 979 0x80000101 0 0x2001 0 Type-5 AS External Link States ADV Router Age Seq# Prefix 172.16.1.3 639 0x80000001 2003:51:6012:133:feed:cafe:0:10/128 fd-wv-fw03# fd-wv-fw03#
Cisco Router
I am running a Cisco 2811 router with version 15.1(4)M9. The configuration commands are the following: (Just for fun I set the OSPF process to “17”.)
interface FastEthernet0/0 ipv6 address 2003:51:6012:101::5/64 ipv6 enable ipv6 nd ra suppress ipv6 ospf 17 area 0.0.0.0 ! interface FastEthernet0/1 ipv6 address 2003:61:6012:102::1/64 ipv6 enable ipv6 ospf 17 area 0.0.0.0 ! ipv6 router ospf 17 router-id 172.16.1.5 auto-cost reference-bandwidth 10000 passive-interface default no passive-interface FastEthernet0/0
And the show commands:
fd-wv-ro03#show ipv6 ospf Routing Process "ospfv3 17" with ID 172.16.1.5 Event-log enabled, Maximum number of events: 1000, Mode: cyclic Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 1. Checksum Sum 0x004DAC Number of areas in this router is 1. 1 normal 0 stub 0 nssa Graceful restart helper support enabled Reference bandwidth unit is 10000 mbps Area BACKBONE(0.0.0.0) Number of interfaces in this area is 2 SPF algorithm executed 23 times Number of LSA 19. Checksum Sum 0x098B75 Number of DCbitless LSA 6 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 fd-wv-ro03# fd-wv-ro03# fd-wv-ro03#show ipv6 ospf neighbor Neighbor ID Pri State Dead Time Interface ID Interface 172.16.1.1 100 FULL/DROTHER 00:00:35 880 FastEthernet0/0 172.16.1.2 50 FULL/DR 00:00:32 16 FastEthernet0/0 172.16.1.3 1 FULL/DROTHER 00:00:38 14 FastEthernet0/0 172.16.1.6 1 FULL/DROTHER 00:00:30 6 FastEthernet0/0 fd-wv-ro03# fd-wv-ro03# fd-wv-ro03#show ipv6 ospf database OSPFv3 Router with ID (172.16.1.5) (Process ID 17) Router Link States (Area 0.0.0.0) ADV Router Age Seq# Fragment ID Link count Bits 172.16.1.1 622 0x80000123 1 1 None 172.16.1.2 1455 0x80000124 0 1 E 172.16.1.3 243 0x80000103 0 1 E 172.16.1.5 892 0x80000102 0 1 None 172.16.1.6 389 0x80000123 0 1 None Net Link States (Area 0.0.0.0) ADV Router Age Seq# Link ID Rtr count 172.16.1.2 1453 0x80000122 16 5 Link (Type-8) Link States (Area 0.0.0.0) ADV Router Age Seq# Link ID Interface 172.16.1.5 131 0x80000007 4 Fa0/1 172.16.1.1 667 0x8000011E 880 Fa0/0 172.16.1.2 330 0x8000011F 16 Fa0/0 172.16.1.3 1766 0x80000101 14 Fa0/0 172.16.1.5 892 0x80000101 3 Fa0/0 172.16.1.6 459 0x8000011E 6 Fa0/0 Intra Area Prefix Link States (Area 0.0.0.0) ADV Router Age Seq# Link ID Ref-lstype Ref-LSID 172.16.1.1 662 0x80000244 1 0x2001 0 172.16.1.2 1455 0x80000124 1 0x2001 0 172.16.1.2 1448 0x80000129 458752 0x2002 16 172.16.1.2 1455 0x8000011F 589824 0x2002 257 172.16.1.3 1766 0x80000101 0 0x2001 0 172.16.1.5 131 0x80000007 0 0x2001 0 172.16.1.6 388 0x80000121 2 0x2001 0 Type-5 AS External Link States ADV Router Age Seq# Prefix 172.16.1.3 1426 0x80000001 2003:51:6012:133:FEED:CAFE:0:10/128 fd-wv-ro03# fd-wv-ro03# fd-wv-ro03#show ipv6 ospf database self-originate OSPFv3 Router with ID (172.16.1.5) (Process ID 17) Router Link States (Area 0.0.0.0) ADV Router Age Seq# Fragment ID Link count Bits 172.16.1.5 898 0x80000102 0 1 None Link (Type-8) Link States (Area 0.0.0.0) ADV Router Age Seq# Link ID Interface 172.16.1.5 137 0x80000007 4 Fa0/1 172.16.1.5 898 0x80000101 3 Fa0/0 Intra Area Prefix Link States (Area 0.0.0.0) ADV Router Age Seq# Link ID Ref-lstype Ref-LSID 172.16.1.5 137 0x80000007 0 0x2001 0 fd-wv-ro03# fd-wv-ro03# fd-wv-ro03#show ipv6 route IPv6 Routing Table - default - 15 entries Codes: C - Connected, L - Local, S - Static, U - Per-user Static route B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery l - LISP O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 S ::/0 [1/0] via 2003:51:6012:101::1 C 2003:51:6012:101::/64 [0/0] via FastEthernet0/0, directly connected L 2003:51:6012:101::5/128 [0/0] via FastEthernet0/0, receive O 2003:51:6012:110::/64 [110/200] via FE80::219:E2FF:FEA1:F98A, FastEthernet0/0 O 2003:51:6012:120::/64 [110/110] via FE80::B60C:25FF:FE05:8E10, FastEthernet0/0 O 2003:51:6012:121::/64 [110/110] via FE80::B60C:25FF:FE05:8E10, FastEthernet0/0 O 2003:51:6012:123::/64 [110/110] via FE80::B60C:25FF:FE05:8E10, FastEthernet0/0 O 2003:51:6012:124::/64 [110/110] via FE80::B60C:25FF:FE05:8E10, FastEthernet0/0 O 2003:51:6012:125::/64 [110/110] via FE80::B60C:25FF:FE05:8E10, FastEthernet0/0 O 2003:51:6012:130::/64 [110/200] via FE80::2A94:FFF:FEA8:772D, FastEthernet0/0 OE2 2003:51:6012:133:FEED:CAFE:0:10/128 [110/1000] via FE80::2A94:FFF:FEA8:772D, FastEthernet0/0 O 2003:51:6012:160::/64 [110/200] via FE80::A5B:EFF:FE3C:115D, FastEthernet0/0 C 2003:61:6012:102::/64 [0/0] via FastEthernet0/1, directly connected L 2003:61:6012:102::1/128 [0/0] via FastEthernet0/1, receive L FF00::/8 [0/0] via Null0, receive fd-wv-ro03# fd-wv-ro03#
Fortinet FortiGate
Unfortunately the FortiGate has no possibility to configure anything of OSPFv3 via the GUI. Everything must be done via the CLI. (And this is called a “Next-Generation Firewall”???)
These are the configuration commands for my lab:
config router ospf6 set auto-cost-ref-bandwidth 10000 set router-id 172.16.1.6 config area edit 0.0.0.0 next end config ospf6-interface edit "wan1" set interface "wan1" next edit "fg-trust" set interface "fg-trust" next end set passive-interface "fg-trust"
And the following shows the get commands:
fd-wv-fw04 # get router info6 ospf status Routing Process "OSPFv3 (*null*)" with ID 172.16.1.6 Process uptime is 50 days 22 hours 5 minutes SPF schedule delay 5 secs, Hold time between SPFs 10 secs Minimum LSA interval 5 secs, Minimum LSA arrival 1 secs Number of incomming current DD exchange neighbors 0/5 Number of outgoing current DD exchange neighbors 0/5 Number of external LSA 1. Checksum Sum 0x4BAD Number of AS-Scoped Unknown LSA 0 Number of LSA originated 23 Number of LSA received 37398 Number of areas in this router is 2 Area BACKBONE(0) Number of interfaces in this area is 2(2) SPF algorithm executed 15 times Number of LSA 13. Checksum Sum 0x5C289 Number of Unknown LSA 0 Area 0.0.0.51 (Inactive) Number of interfaces in this area is 0(0) SPF algorithm executed 33 times Number of LSA 0. Checksum Sum 0x0000 Number of Unknown LSA 0 fd-wv-fw04 # fd-wv-fw04 # fd-wv-fw04 # get router info6 ospf neighbor OSPFv3 Process (*null*) Neighbor ID Pri State Dead Time Interface Instance ID 172.16.1.1 100 2-Way/DROther 00:00:36 wan1 0 172.16.1.2 50 Full/DR 00:00:31 wan1 0 172.16.1.3 1 2-Way/DROther 00:00:32 wan1 0 172.16.1.5 1 Full/Backup 00:00:37 wan1 0 fd-wv-fw04 # fd-wv-fw04 # fd-wv-fw04 # get router info6 ospf database OSPFv3 Router with ID (172.16.1.6) (Process *null*) Link-LSA (Interface wan1) Link State ID ADV Router Age Seq# CkSum Prefix 0.0.3.112 172.16.1.1 1496 0x8000011e 0x6247 1 0.0.0.16 172.16.1.2 1158 0x8000011f 0x4293 1 0.0.0.14 172.16.1.3 578 0x80000102 0xf084 1 0.0.0.3 172.16.1.5 1722 0x80000101 0xf2b9 1 0.0.0.6 172.16.1.6 1287 0x8000011e 0xf486 1 Link-LSA (Interface fg-trust) Link State ID ADV Router Age Seq# CkSum Prefix 0.0.0.63 172.16.1.6 1261 0x8000011e 0xca19 1 Router-LSA (Area 0.0.0.0) Link State ID ADV Router Age Seq# CkSum Link 0.0.0.1 172.16.1.1 1451 0x80000123 0x197c 1 0.0.0.0 172.16.1.2 484 0x80000125 0x2b24 1 0.0.0.0 172.16.1.3 1073 0x80000103 0x9562 1 0.0.0.0 172.16.1.5 1722 0x80000102 0xea19 1 0.0.0.0 172.16.1.6 1217 0x80000123 0x84d4 1 Network-LSA (Area 0.0.0.0) Link State ID ADV Router Age Seq# CkSum 0.0.0.16 172.16.1.2 482 0x80000123 0xb390 Intra-Area-Prefix-LSA (Area 0.0.0.0) Link State ID ADV Router Age Seq# CkSum Prefix Reference 0.0.0.1 172.16.1.1 1491 0x80000244 0x6d9e 2 Router-LSA 0.0.0.1 172.16.1.2 484 0x80000125 0x265e 5 Router-LSA 0.7.0.0 172.16.1.2 477 0x8000012a 0xb764 1 Network-LSA 0.9.0.0 172.16.1.2 484 0x80000120 0x4fc3 1 Network-LSA 0.0.0.0 172.16.1.3 578 0x80000102 0x972f 1 Router-LSA 0.0.0.0 172.16.1.5 961 0x80000007 0x518b 1 Router-LSA 0.0.0.2 172.16.1.6 1216 0x80000121 0x422d 1 Router-LSA AS-external-LSA Link State ID ADV Router Age Seq# CkSum 0.0.0.0 172.16.1.3 321 0x80000002 0x4bad E2 fd-wv-fw04 # fd-wv-fw04 # fd-wv-fw04 # get router info6 ospf route OSPFv3 Process (*null*) Codes: C - connected, D - Discard, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 Destination Metric Next-hop C 2003:51:6012:101::/64 10 directly connected, wan1, Area 0.0.0.0 O 2003:51:6012:110::/64 110 via fe80::219:e2ff:fea1:f98a, wan1, Area 0.0.0.0 O 2003:51:6012:120::/64 20 via fe80::b60c:25ff:fe05:8e10, wan1, Area 0.0.0.0 O 2003:51:6012:121::/64 20 via fe80::b60c:25ff:fe05:8e10, wan1, Area 0.0.0.0 O 2003:51:6012:123::/64 20 via fe80::b60c:25ff:fe05:8e10, wan1, Area 0.0.0.0 O 2003:51:6012:124::/64 20 via fe80::b60c:25ff:fe05:8e10, wan1, Area 0.0.0.0 O 2003:51:6012:125::/64 20 via fe80::b60c:25ff:fe05:8e10, wan1, Area 0.0.0.0 O 2003:51:6012:130::/64 110 via fe80::2a94:fff:fea8:772d, wan1, Area 0.0.0.0 E2 2003:51:6012:133:feed:cafe:0:10/128 10/1000 via fe80::2a94:fff:fea8:772d, wan1 C 2003:51:6012:160::/64 100 directly connected, fg-trust, Area 0.0.0.0 O 2003:61:6012:102::/64 110 via fe80::21a:6cff:fea1:2b98, wan1, Area 0.0.0.0 fd-wv-fw04 # fd-wv-fw04 #
Furthermore, the GUI can at least show the routing table:
Juniper ScreenOS
My SSG 5 runs at version 6.3.0r19. Unlike OSPF for IPv4, in which the “enable” checkmark for each interface is inside the interface configuration section, OSPFv3 is completely configured inside the virtual routers menu:
The config commands via the CLI are the following:
set vrouter trust-vr protocol ospfv3 enable set vrouter trust-vr protocol ospfv3 area 0.0.0.0 set interface ethernet0/5.10 protocol ospfv3 area 0.0.0.0 set interface ethernet0/5.10 protocol ospfv3 passive set interface ethernet0/5.10 protocol ospfv3 enable set interface ethernet0/5.10 protocol ospfv3 cost 100 set interface ethernet0/6 protocol ospfv3 area 0.0.0.0 set interface ethernet0/6 protocol ospfv3 enable set interface ethernet0/6 protocol ospfv3 priority 100 set interface ethernet0/6 protocol ospfv3 cost 100
And the get commands for displaying the runtime values are this:
fd-wv-fw01-> get vrouter trust-vr protocol ospfv3 VR: trust-vr RouterId: 172.16.1.1 ---------------------------------- Status: enabled State: internal router Number of areas: 1 Number of LSA(s): 20 Number of AS-flooding-scope LSA(s): 1 Area 0.0.0.0 Total number of interfaces is 2, Active number of interfaces is 2 Intra-SPF algorithm executed 25 times Last Intra-SPF executed before 03:30:25 Number of LSA(s) is 19 Inter-SPF algorithm executed: 27 times Last Inter-SPF executed before 01:01:30 Extern-SPF algorithm executed: 28 times Last Extern-SPF executed before 01:01:30 fd-wv-fw01-> fd-wv-fw01-> fd-wv-fw01-> get vrouter trust-vr protocol ospfv3 neighbor VR: trust-vr RouterId: 172.16.1.1 ---------------------------------- Neighbor(s) on interface ethernet0/5.10 (Area 0.0.0.0) Neighbor(s) on interface ethernet0/6 (Area 0.0.0.0) RouterId Nbr-saw-DR Nbr-saw-BDR Nbr-If-Id Opt Pri State (Down, Up) ------------------------------------------------------------------------------ 172.16.1.3 172.16.1.2 172.16.1.5 0x0000000e --V6|E|R 1 2WAY (+2 -0) 172.16.1.6 172.16.1.2 172.16.1.5 0x00000006 --V6|E|R 1 2WAY (+2 -0) 172.16.1.2 172.16.1.2 172.16.1.5 0x00000010 --V6|E|R 50 FULL (+6 -0) 172.16.1.5 172.16.1.2 172.16.1.5 0x00000003 --V6|E|R 1 FULL (+6 -0) fd-wv-fw01-> fd-wv-fw01-> fd-wv-fw01-> get vrouter trust-vr protocol ospfv3 database VR: trust-vr RouterId: 172.16.1.1 ---------------------------------- As-External-LSA -------------------------------------------------------------------------------- Link-State-Id Adv-Router-Id Age Sequence# CheckSum -------------------------------------------------------------------------------- 0x00000000 172.16.1.3 1786 0x80000002 0x4bad Router-LSA for area 0.0.0.0 -------------------------------------------------------------------------------- Link-State-Id Adv-Router-Id Age Sequence# CheckSum -------------------------------------------------------------------------------- 0x00000000 172.16.1.5 1169 0x80000103 0xe81a 0x00000000 172.16.1.6 884 0x80000124 0x82d5 0x00000001 172.16.1.1 1111 0x80000124 0x177d 0x00000000 172.16.1.3 516 0x80000104 0x9363 0x00000000 172.16.1.2 149 0x80000126 0x2925 Network-LSA for area 0.0.0.0 -------------------------------------------------------------------------------- Link-State-Id Adv-Router-Id Age Sequence# CheckSum -------------------------------------------------------------------------------- 0x00000010 172.16.1.2 147 0x80000124 0xb191 Intra-Area-Prefix-LSA for area 0.0.0.0 -------------------------------------------------------------------------------- Link-State-Id Adv-Router-Id Age Sequence# CheckSum -------------------------------------------------------------------------------- 0x00000000 172.16.1.5 417 0x80000008 0x4f8c 0x00000002 172.16.1.6 884 0x80000122 0x402e 0x00000001 172.16.1.1 1152 0x80000246 0x69a0 0x00000000 172.16.1.3 13 0x80000103 0x9530 0x00000001 172.16.1.2 150 0x80000126 0x245f 0x00070000 172.16.1.2 143 0x8000012b 0xb565 0x00090000 172.16.1.2 150 0x80000121 0x4dc4 Link-LSA for link ethernet0/5.10, area 0.0.0.0 -------------------------------------------------------------------------------- Link-State-Id Adv-Router-Id Age Sequence# CheckSum -------------------------------------------------------------------------------- 0x00000368 172.16.1.1 1157 0x8000011f 0xac59 Link-LSA for link ethernet0/6, area 0.0.0.0 -------------------------------------------------------------------------------- Link-State-Id Adv-Router-Id Age Sequence# CheckSum -------------------------------------------------------------------------------- 0x00000003 172.16.1.5 1171 0x80000102 0xf0ba 0x00000006 172.16.1.6 956 0x8000011f 0xf287 0x00000370 172.16.1.1 1158 0x8000011f 0x6048 0x0000000e 172.16.1.3 14 0x80000103 0xee85 0x00000010 172.16.1.2 826 0x80000120 0x4094 ----------------------- printed 20 LSA(s). fd-wv-fw01-> fd-wv-fw01-> fd-wv-fw01-> get vrouter trust-vr protocol ospfv3 database self-originate VR: trust-vr RouterId: 172.16.1.1 ---------------------------------- Router-LSA for area 0.0.0.0 -------------------------------------------------------------------------------- Link-State-Id Adv-Router-Id Age Sequence# CheckSum -------------------------------------------------------------------------------- 0x00000001 172.16.1.1 1129 0x80000124 0x177d Intra-Area-Prefix-LSA for area 0.0.0.0 -------------------------------------------------------------------------------- Link-State-Id Adv-Router-Id Age Sequence# CheckSum -------------------------------------------------------------------------------- 0x00000001 172.16.1.1 1169 0x80000246 0x69a0 Link-LSA for link ethernet0/5.10, area 0.0.0.0 -------------------------------------------------------------------------------- Link-State-Id Adv-Router-Id Age Sequence# CheckSum -------------------------------------------------------------------------------- 0x00000368 172.16.1.1 1174 0x8000011f 0xac59 Link-LSA for link ethernet0/6, area 0.0.0.0 -------------------------------------------------------------------------------- Link-State-Id Adv-Router-Id Age Sequence# CheckSum -------------------------------------------------------------------------------- 0x00000370 172.16.1.1 1175 0x8000011f 0x6048 ----------------------- printed 4 LSA(s). fd-wv-fw01-> fd-wv-fw01-> fd-wv-fw01-> get vrouter trust-vr route protocol ospfv3 H: Host C: Connected S: Static A: Auto-Exported I: Imported R: RIP/RIPng P: Permanent D: Auto-Discovered N: NHRP iB: IBGP eB: EBGP O: OSPF/OSPFv3 E1: OSPF external type 1 E2: OSPF/OSPFv3 external type 2 trailing B: backup route Total 19/max entries ID IP-Prefix Interface Gateway P Pref Mtr Vsys -------------------------------------------------------------------------------------- 56 2003:51:6012:101::/64 eth0/6 :: O 60 100 Root * 67 2003:51:6012:133:feed:cafe:0:10/128 eth0/6 fe80::2a94:fff:fea8:772d E2 200 1000 Root 54 2003:51:6012:110::/64 eth0/5.10 :: O 60 100 Root * 57 2003:51:6012:121::/64 eth0/6 fe80::b60c:25ff:fe05:8e10 O 60 110 Root * 58 2003:51:6012:120::/64 eth0/6 fe80::b60c:25ff:fe05:8e10 O 60 110 Root * 59 2003:51:6012:123::/64 eth0/6 fe80::b60c:25ff:fe05:8e10 O 60 110 Root * 60 2003:51:6012:125::/64 eth0/6 fe80::b60c:25ff:fe05:8e10 O 60 110 Root * 61 2003:51:6012:124::/64 eth0/6 fe80::b60c:25ff:fe05:8e10 O 60 110 Root * 64 2003:51:6012:130::/64 eth0/6 fe80::2a94:fff:fea8:772d O 60 200 Root * 66 2003:61:6012:102::/64 eth0/6 fe80::21a:6cff:fea1:2b98 O 60 200 Root * 63 2003:51:6012:160::/64 eth0/6 fe80::a5b:eff:fe3c:115d O 60 200 Root Total number of ospfv3 routes: 11 fd-wv-fw01-> fd-wv-fw01->
Palo Alto
This is the Palo Alto guide. I am using a PA-200 with version 7.0.2. To my mind, this is the best OSPFv3 GUI from all firewalls in my lab. Here we go:
To show some runtime stats on the CLI, use this show commands:
weberjoh@fd-wv-fw02> show routing protocol ospfv3 summary Router ID 172.16.1.2, instance 0 in virtual router default OSPFv3 is up, oper status active ABR: no, ASBR: yes, Allow transit traffic: yes reject-default-route: yes , redist-default-route: n/a originated LSA count: 3497, received LSA count: 6676 num AS-scoped LSA: 0, AS-external LSA count: 1 num update pending: 0, num update merged: 1 SPF calc delay: 5.00, min lsa interval : 5.00 external refresh interval: 1800 weberjoh@fd-wv-fw02> weberjoh@fd-wv-fw02> weberjoh@fd-wv-fw02> show routing protocol ospfv3 neighbor Neighbor ID 172.16.1.1, in virtual router default Neighbor Link-local addr fe80:0:0:0:219:e2ff:fea1:f98a,Neighbor If ID 880 Through local Interface ethernet1/1, local IF ID 16 Area 0.0.0.0, instance ID 0, status up priority 100, state full, event count 10 Options 0x13, V6(1),E(1),MC(0),N(0),R(1),DC(0) Retransmission queue length 0, Waiting on 0 LSA request Dead time is 38 sec Graceful restart helper status: not helping, time remaining: 0 Graceful restart helper exit reason: none Neighbor ID 172.16.1.3, in virtual router default Neighbor Link-local addr fe80:0:0:0:2a94:fff:fea8:772d,Neighbor If ID 14 Through local Interface ethernet1/1, local IF ID 16 Area 0.0.0.0, instance ID 0, status up priority 1, state full, event count 6 Options 0x13, V6(1),E(1),MC(0),N(0),R(1),DC(0) Retransmission queue length 0, Waiting on 0 LSA request Dead time is 31 sec Graceful restart helper status: not helping, time remaining: 0 Graceful restart helper exit reason: none Neighbor ID 172.16.1.5, in virtual router default Neighbor Link-local addr fe80:0:0:0:21a:6cff:fea1:2b98,Neighbor If ID 3 Through local Interface ethernet1/1, local IF ID 16 Area 0.0.0.0, instance ID 0, status up priority 1, state full, event count 6 Options 0x13, V6(1),E(1),MC(0),N(0),R(1),DC(0) Retransmission queue length 0, Waiting on 0 LSA request Dead time is 37 sec Graceful restart helper status: not helping, time remaining: 0 Graceful restart helper exit reason: none Neighbor ID 172.16.1.6, in virtual router default Neighbor Link-local addr fe80:0:0:0:a5b:eff:fe3c:115d,Neighbor If ID 6 Through local Interface ethernet1/1, local IF ID 16 Area 0.0.0.0, instance ID 0, status up priority 1, state full, event count 6 Options 0x13, V6(1),E(1),MC(0),N(0),R(1),DC(0) Retransmission queue length 0, Waiting on 0 LSA request Dead time is 29 sec Graceful restart helper status: not helping, time remaining: 0 Graceful restart helper exit reason: none weberjoh@fd-wv-fw02> weberjoh@fd-wv-fw02> weberjoh@fd-wv-fw02> show routing protocol ospfv3 dumplsdb ** OSPF AS-Scope link state database VIRTUAL ROUTER: default (id 1) VR Type Adv Router ID LS id Seq ID Cksum Age Size 1 External 172.16.1.3 0.0.0.1 0x80000003 0x3FB7 638 44 Flags [External Type 2], metric 1000 2003:51:6012:133:feed:cafe:0:10/128 ** OSPF Area Scope link state database VIRTUAL ROUTER: default (id 1) VR Type Adv Router ID LS id Seq ID Cksum Age Size 1 Router 172.16.1.1 0.0.0.1 0x8000017B 0x68D4 1698 40 Options [V6, External, Router], RLA-Flags [none] Neighbor Network-ID 172.16.1.2 Neighbor Interface-ID 0.0.0.16, Interface ID 0.0.3.112 type 2, metric 100 1 Router 172.16.1.2 0.0.0.0 0x8000017D 0x7A7C 1131 40 Options [V6, External, Router], RLA-Flags [External] Neighbor Network-ID 172.16.1.2 Neighbor Interface-ID 0.0.0.16, Interface ID 0.0.0.16 type 2, metric 10 1 Router 172.16.1.3 0.0.0.0 0x80000152 0xF6B1 884 40 Options [V6, External, Router, Demand Circuit], RLA-Flags [External] Neighbor Network-ID 172.16.1.2 Neighbor Interface-ID 0.0.0.16, Interface ID 0.0.0.14 type 2, metric 100 1 Router 172.16.1.5 0.0.0.0 0x80000152 0x4A69 296 40 Options [V6, External, Router, Demand Circuit], RLA-Flags [none] Neighbor Network-ID 172.16.1.2 Neighbor Interface-ID 0.0.0.16, Interface ID 0.0.0.3 type 2, metric 100 1 Router 172.16.1.6 0.0.0.0 0x8000017C 0xD12E 68 40 Options [V6, External, Router], RLA-Flags [none] Neighbor Network-ID 172.16.1.2 Neighbor Interface-ID 0.0.0.16, Interface ID 0.0.0.6 type 2, metric 10 1 Network 172.16.1.2 0.0.0.16 0x8000017B 0x3E8 1129 44 Options [V6, External, Router, Demand Circuit] Connected Routers: 172.16.1.1 172.16.1.3 172.16.1.5 172.16.1.6 172.16.1.2 1 IntraArPfx 172.16.1.1 0.0.0.1 0x800002F4 0xC4F 1737 56 Prefixes 2: 2003:51:6012:110:0:0:0:0/64, metric 100 2003:51:6012:101:0:0:0:0/64, metric 100 1 IntraArPfx 172.16.1.2 0.0.0.1 0x8000017D 0x75B6 1131 92 Prefixes 5: 2003:51:6012:123:0:0:0:0/64, metric 10 2003:51:6012:120:0:0:0:0/64, metric 10 2003:51:6012:125:0:0:0:0/64, metric 10 2003:51:6012:121:0:0:0:0/64, metric 10 2003:51:6012:124:0:0:0:0/64, metric 10 1 IntraArPfx 172.16.1.2 0.7.0.0 0x80000182 0x7BC 1124 44 Prefixes 1: 2003:51:6012:101:0:0:0:0/64, metric 0 1 IntraArPfx 172.16.1.2 0.9.0.0 0x80000178 0x9E1C 1131 44 Prefixes 1: 2003:51:6012:120:0:0:0:0/64, metric 0 1 IntraArPfx 172.16.1.3 0.0.0.0 0x80000151 0xF87E 884 44 Prefixes 1: 2003:51:6012:130:0:0:0:0/64, metric 100 1 IntraArPfx 172.16.1.5 0.0.0.0 0x80000056 0xB2DA 1272 44 Prefixes 1: 2003:61:6012:102:0:0:0:0/64, metric 100 1 IntraArPfx 172.16.1.6 0.0.0.2 0x8000017A 0x8F86 67 44 Prefixes 1: 2003:51:6012:160:0:0:0:0/64, metric 100 ** OSPF Link Scope link state database VIRTUAL ROUTER: default (id 1) VR Type Adv Router ID LS id Seq ID Cksum Age Size 1 Link 172.16.1.1 0.0.3.112 0x80000176 0xB19F 1742 56 Options [V6, External, Router] Priority 100, Link-local address fe80:0:0:0:219:e2ff:fea1:f98a, Prefixes 1: 2003:51:6012:101:0:0:0:0/64 1 Link 172.16.1.2 0.0.0.16 0x80000178 0x8FEC 5 56 Options [V6, External, Router] Priority 50, Link-local address fe80:0:0:0:b60c:25ff:fe05:8e10, Prefixes 1: 2003:51:6012:101:0:0:0:0/64 1 Link 172.16.1.3 0.0.0.14 0x80000151 0x52D3 884 56 Options [V6, External, Router, Demand Circuit] Priority 1, Link-local address fe80:0:0:0:2a94:fff:fea8:772d, Prefixes 1: 2003:51:6012:101:0:0:0:0/64 1 Link 172.16.1.5 0.0.0.3 0x80000151 0x520A 296 56 Options [V6, External, Router, Demand Circuit] Priority 1, Link-local address fe80:0:0:0:21a:6cff:fea1:2b98, Prefixes 1: 2003:51:6012:101:0:0:0:0/64 1 Link 172.16.1.6 0.0.0.6 0x80000177 0x42DF 137 56 Options [V6, External, Router] Priority 1, Link-local address fe80:0:0:0:a5b:eff:fe3c:115d, Prefixes 1: 2003:51:6012:101:0:0:0:0/64 1 Link 172.16.1.2 0.0.1.1 0x80000178 0x92A3 5 56 Options [V6, External, Router] Priority 100, Link-local address fe80:0:0:0:b60c:25ff:fe05:8e13, Prefixes 1: 2003:51:6012:120:0:0:0:0/64 weberjoh@fd-wv-fw02> weberjoh@fd-wv-fw02> weberjoh@fd-wv-fw02> show routing route type ospf flags: A:active, ?:loose, C:connect, H:host, S:static, ~:internal, R:rip, O:ospf, B:bgp, Oi:ospf intra-area, Oo:ospf inter-area, O1:ospf ext-type-1, O2:ospf ext-type-2, E:ecmp VIRTUAL ROUTER: default (id 1) ========== destination nexthop metric flags age interface next-AS [IPv4 routes omitted] 2003:51:6012:101::/64 :: 10 Oi 675410 ethernet1/1 2003:51:6012:110::/64 fe80::219:e2ff:fea1:f98a 110 A Oi 674960 ethernet1/1 2003:51:6012:120::/64 :: 10 Oi 945349 ethernet1/4.120 2003:51:6012:121::/64 :: 10 Oi 945349 ethernet1/4.121 2003:51:6012:123::/64 :: 10 Oi 945349 ethernet1/3 2003:51:6012:124::/64 :: 10 Oi 945349 ethernet1/4.124 2003:51:6012:125::/64 :: 10 Oi 945349 ethernet1/4.125 2003:51:6012:130::/64 fe80::2a94:fff:fea8:772d 110 A Oi 672653 ethernet1/1 2003:51:6012:133:feed:cafe:0:10/128 fe80::2a94:fff:fea8:772d 1000 A O2 4598 ethernet1/1 2003:51:6012:160::/64 fe80::a5b:eff:fe3c:115d 110 A Oi 673436 ethernet1/1 2003:61:6012:102::/64 fe80::21a:6cff:fea1:2b98 110 A Oi 172024 ethernet1/1 total routes shown: 38 weberjoh@fd-wv-fw02>
Quagga Router
Finally, I plugged in a Quagga router into my lab. It is running on a Ubuntu 14.04.3 LTS 64-bit server with version 0.99.22.4.
The configuration commands inside the ospf6d are the following (I have not found the “auto-cost reference-bandwidth” command, though it is listed in the official documentation.):
interface eth0 ipv6 ospf6 cost 10 ! interface eth1 ipv6 ospf6 cost 10 ipv6 ospf6 passive ! router ospf6 router-id 172.16.1.8 interface eth0 area 0.0.0.0 interface eth1 area 0.0.0.0
The show commands are listed below. Note that all OSPFv3 related commands are executed inside the ospf6d instance, while the routing table is shown inside the zebra instance:
Quagga-OSPFv3# show ipv6 ospf6 OSPFv3 Routing Process (0) with Router-ID 172.16.1.8 Running 00:17:15 Number of AS scoped LSAs is 0 Number of areas in this router is 1 Area 0.0.0.0 Number of Area scoped LSAs is 17 Interface attached to this area: eth0 eth1 Quagga-OSPFv3# Quagga-OSPFv3# Quagga-OSPFv3# show ipv6 ospf6 neighbor Neighbor ID Pri DeadTime State/IfState Duration I/F[State] 172.16.1.1 100 00:00:34 Full/BDR 00:17:17 eth0[DROther] 172.16.1.2 50 00:00:30 Full/DR 00:17:18 eth0[DROther] 172.16.1.3 1 00:00:39 Twoway/DROther 00:17:24 eth0[DROther] 172.16.1.5 1 00:00:37 Twoway/DROther 00:17:24 eth0[DROther] 172.16.1.6 1 00:00:34 Twoway/DROther 00:17:17 eth0[DROther] Quagga-OSPFv3# Quagga-OSPFv3# Quagga-OSPFv3# show ipv6 ospf6 database Area Scoped Link State Database (Area 0.0.0.0) Type LSId AdvRouter Age SeqNum Cksm Len Duration Router 0.0.0.1 172.16.1.1 1024 80000277 6dd2 40 00:17:02 Router 0.0.0.0 172.16.1.2 1025 80000278 8179 40 00:17:03 Router 0.0.0.0 172.16.1.3 1275 8000022b 428c 40 00:17:27 Router 0.0.0.0 172.16.1.5 340 80000053 4b68 40 00:05:37 Router 0.0.0.0 172.16.1.6 613 80000270 e624 40 00:10:10 Router 0.0.0.0 172.16.1.8 1048 80000001 87f6 40 00:17:27 Network 0.0.0.16 172.16.1.2 1025 80000276 ff26 48 00:17:03 Intra-Prefix 0.0.0.1 172.16.1.1 1024 800004e5 2444 56 00:17:02 Intra-Prefix 0.0.0.1 172.16.1.2 1025 80000278 7cb3 92 00:17:03 Intra-Prefix 0.7.0.0 172.16.1.2 1025 8000027d 0eb9 44 00:17:03 Intra-Prefix 0.9.0.0 172.16.1.2 1742 8000026a b710 44 00:17:27 Intra-Prefix 0.0.0.0 172.16.1.3 1275 8000022a 4459 44 00:17:27 Intra-Prefix 0.0.0.0 172.16.1.5 340 80000132 f7b8 44 00:05:37 Intra-Prefix 0.0.0.2 172.16.1.6 612 8000026f a27d 44 00:10:09 Intra-Prefix 0.0.0.0 172.16.1.8 1048 80000003 8e38 44 00:17:27 I/F Scoped Link State Database (I/F eth0 in Area 0.0.0.0) Type LSId AdvRouter Age SeqNum Cksm Len Duration Link 0.0.3.112 172.16.1.1 1251 80000268 ca93 56 00:17:27 Link 0.0.0.16 172.16.1.2 618 8000026a a8e0 56 00:10:16 Link 0.0.0.14 172.16.1.3 1275 8000022a 9dae 56 00:17:27 Link 0.0.0.3 172.16.1.5 340 8000022b 9be5 56 00:05:37 Link 0.0.0.6 172.16.1.6 753 80000269 5bd3 56 00:12:30 Link 0.0.0.2 172.16.1.8 1055 80000001 b5ee 56 00:17:34 I/F Scoped Link State Database (I/F eth1 in Area 0.0.0.0) Type LSId AdvRouter Age SeqNum Cksm Len Duration Link 0.0.0.3 172.16.1.8 1055 80000001 75a4 56 00:17:34 AS Scoped Link State Database Type LSId AdvRouter Age SeqNum Cksm Len Duration Quagga-OSPFv3# Quagga-OSPFv3# Quagga-OSPFv3# show ipv6 ospf6 database self-originated Area Scoped Link State Database (Area 0.0.0.0) Type LSId AdvRouter Age SeqNum Cksm Len Duration Router 0.0.0.0 172.16.1.8 1365 80000001 87f6 40 00:22:45 Intra-Prefix 0.0.0.0 172.16.1.8 1365 80000003 8e38 44 00:22:45 I/F Scoped Link State Database (I/F eth0 in Area 0.0.0.0) Type LSId AdvRouter Age SeqNum Cksm Len Duration Link 0.0.0.2 172.16.1.8 1372 80000001 b5ee 56 00:22:51 I/F Scoped Link State Database (I/F eth1 in Area 0.0.0.0) Type LSId AdvRouter Age SeqNum Cksm Len Duration Link 0.0.0.3 172.16.1.8 1372 80000001 75a4 56 00:22:51 AS Scoped Link State Database Type LSId AdvRouter Age SeqNum Cksm Len Duration Quagga-OSPFv3# Quagga-OSPFv3# --------------------------------------- Quagga-Zebra# show ipv6 route Codes: K - kernel route, C - connected, S - static, R - RIPng, O - OSPFv6, I - IS-IS, B - BGP, A - Babel, > - selected route, * - FIB route K>* ::/0 via 2003:51:6012:101::1, eth0 C>* ::1/128 is directly connected, lo O 2003:51:6012:101::/64 [110/10] is directly connected, eth0, 00:24:25 C>* 2003:51:6012:101::/64 is directly connected, eth0 O>* 2003:51:6012:120::/64 [110/20] via fe80::b60c:25ff:fe05:8e10, eth0, 00:24:25 O>* 2003:51:6012:121::/64 [110/20] via fe80::b60c:25ff:fe05:8e10, eth0, 00:24:25 O>* 2003:51:6012:123::/64 [110/20] via fe80::b60c:25ff:fe05:8e10, eth0, 00:24:25 O>* 2003:51:6012:124::/64 [110/20] via fe80::b60c:25ff:fe05:8e10, eth0, 00:24:25 O>* 2003:51:6012:125::/64 [110/20] via fe80::b60c:25ff:fe05:8e10, eth0, 00:24:25 O>* 2003:51:6012:130::/64 [110/110] via fe80::2a94:fff:fea8:772d, eth0, 00:24:25 O>* 2003:51:6012:160::/64 [110/110] via fe80::a5b:eff:fe3c:115d, eth0, 00:24:25 O 2003:51:6012:180::/64 [110/10] via ::1, lo, 00:24:30 C>* 2003:51:6012:180::/64 is directly connected, eth1 O>* 2003:61:6012:102::/64 [110/110] via fe80::21a:6cff:fea1:2b98, eth0, 00:24:25 C * fe80::/64 is directly connected, eth1 C>* fe80::/64 is directly connected, eth0 Quagga-Zebra# Quagga-Zebra#
Wireshark Dump
I captured all OSPF packets while I restarted (reload) the Cisco router. The pcapng therefore contains all five types of OSPFv3 packets (Hello, DBD, LSR, LSU, LSAack). Here it is for download:
As an example, these are the messages after the Cisco router has booted (red marked area). After some database description packets (DBD), the router requested (LSR) many details. After that, the designated router (DR) sent many link-state updates (LSU) which contain the link-state advertisements (LSA). The yellow highlighted section shows a LSA for one of the intra-area-prefix LSAs: