Similar to my test lab for OSPFv2, I am testing OSPFv3 for IPv6 with the following devices: Cisco ASA, Cisco Router, Fortinet FortiGate, Juniper SSG, and Palo Alto. I am showing my lab network diagram and the configuration commands/screenshots for all devices. Furthermore, I am listing some basic troubleshooting commands. In the last section, I provide a Tcpdump/Wireshark capture of an initial OSPFv3 run.
I am not going into deep details of OSPFv3 at all. But this lab should give basic hints for configuring OSPFv3 for all of the listed devices.
Lab
This is my test lab. All devices are directly connected via a layer 2 switch:
General Information
- Everything takes place in area 0.0.0.0 (backbone area)
- Juniper SSG should be the DR: interface priority set to 100.
- Palo Alto should be the BDR: interface priority set to 50.
- Router-ID is always set manually according to my IPv4 sheme: 172.16.1.x, where x = the interface-ID from the IPv6 addresses (from ::1 to ::6).
- Cost for the interfaces as seen in the figure.
- Passive-interface on all user/access interfaces.
- Redistribution of the remote access VPN clients on the Cisco ASA (AnyConnect).
- No authentication is used .
The following devices are in alphabetic order. Beneath each screenshot is a detailed description of the the configuration that is shown.
During the tests, a single Cisco AnyConnect client was connected and therefore redistributed with a /128 IPv6 address prefix.
Cisco ASA
The Cisco ASA 5505 is running version 9.2(4). Following are the configuration and monitoring screenshots:
This are the relevant CLI commands for the OSPFv3 config:
interface Vlan130 ipv6 address 2003:51:6012:130::1/64 ipv6 address autoconfig ipv6 enable ipv6 ospf cost 100 ipv6 ospf 1 area 0 ipv6 ospf encryption null ! ipv6 router ospf 1 router-id 172.16.1.3 passive-interface insideASA130 passive-interface insideASA131 log-adjacency-changes redistribute static metric 1000 !
While this CLI commands can be used to show the OPSFv3 runtime values:
fd-wv-fw03# show ipv6 ospf
Routing Process "ospfv3 1" with ID 172.16.1.3
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
It is an autonomous system boundary router
Redistributing External Routes from,
static with metric 1000
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 1. Checksum Sum 0x4dac
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Graceful restart helper support disabled
Reference bandwidth unit is 100 mbps
Area BACKBONE(0)
Number of interfaces in this area is 2
SPF algorithm executed 11 times
Number of LSA 19. Checksum Sum 0xa3f76
Number of DCbitless LSA 6
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
fd-wv-fw03#
fd-wv-fw03#
fd-wv-fw03# show ipv6 ospf neighbor
Neighbor ID Pri State Dead Time Interface ID Interface
172.16.1.1 100 2WAY/DROTHER 0:00:36 880 outside
172.16.1.2 50 FULL/DR 0:00:34 16 outside
172.16.1.5 1 FULL/BDR 0:00:30 3 outside
172.16.1.6 1 2WAY/DROTHER 0:00:31 6 outside
fd-wv-fw03#
fd-wv-fw03#
fd-wv-fw03# show ipv6 ospf database
OSPFv3 Router with ID (172.16.1.3) (Process ID 1)
Router Link States (Area 0)
ADV Router Age Seq# Fragment ID Link count Bits
172.16.1.1 1608 0x80000122 1 1 None
172.16.1.2 636 0x80000124 0 1 E
172.16.1.3 1461 0x80000102 0 1 E
172.16.1.5 74 0x80000102 0 1 None
172.16.1.6 1371 0x80000122 0 1 None
Net Link States (Area 0)
ADV Router Age Seq# Link ID Rtr count
172.16.1.2 634 0x80000122 16 5
Link (Type-8) Link States (Area 0)
ADV Router Age Seq# Link ID Interface
172.16.1.3 430 0x80000008 15 insideASA130
172.16.1.1 1653 0x8000011d 880 outside
172.16.1.2 1310 0x8000011e 16 outside
172.16.1.3 945 0x80000101 14 outside
172.16.1.5 74 0x80000101 3 outside
172.16.1.6 1441 0x8000011d 6 outside
Intra Area Prefix Link States (Area 0)
ADV Router Age Seq# Link ID Ref-lstype Ref-LSID
172.16.1.1 1648 0x80000242 1 0x2001 0
172.16.1.2 637 0x80000124 1 0x2001 0
172.16.1.2 629 0x80000129 458752 0x2002 16
172.16.1.2 637 0x8000011f 589824 0x2002 257
172.16.1.3 946 0x80000101 0 0x2001 0
172.16.1.5 1327 0x80000006 0 0x2001 0
172.16.1.6 1370 0x80000120 2 0x2001 0
Type-5 AS External Link States
ADV Router Age Seq# Prefix
172.16.1.3 606 0x80000001 2003:51:6012:133:feed:cafe:0:10/128
fd-wv-fw03#
fd-wv-fw03#
fd-wv-fw03# show ipv6 ospf database self-originate
OSPFv3 Router with ID (172.16.1.3) (Process ID 1)
Router Link States (Area 0)
ADV Router Age Seq# Fragment ID Link count Bits
172.16.1.3 1495 0x80000102 0 1 E
Link (Type-8) Link States (Area 0)
ADV Router Age Seq# Link ID Interface
172.16.1.3 464 0x80000008 15 insideASA130
172.16.1.3 979 0x80000101 14 outside
Intra Area Prefix Link States (Area 0)
ADV Router Age Seq# Link ID Ref-lstype Ref-LSID
172.16.1.3 979 0x80000101 0 0x2001 0
Type-5 AS External Link States
ADV Router Age Seq# Prefix
172.16.1.3 639 0x80000001 2003:51:6012:133:feed:cafe:0:10/128
fd-wv-fw03#
fd-wv-fw03#
Cisco Router
I am running a Cisco 2811 router with version 15.1(4)M9. The configuration commands are the following: (Just for fun I set the OSPF process to “17”.)
interface FastEthernet0/0 ipv6 address 2003:51:6012:101::5/64 ipv6 enable ipv6 nd ra suppress ipv6 ospf 17 area 0.0.0.0 ! interface FastEthernet0/1 ipv6 address 2003:61:6012:102::1/64 ipv6 enable ipv6 ospf 17 area 0.0.0.0 ! ipv6 router ospf 17 router-id 172.16.1.5 auto-cost reference-bandwidth 10000 passive-interface default no passive-interface FastEthernet0/0
And the show commands:
fd-wv-ro03#show ipv6 ospf
Routing Process "ospfv3 17" with ID 172.16.1.5
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 1. Checksum Sum 0x004DAC
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Graceful restart helper support enabled
Reference bandwidth unit is 10000 mbps
Area BACKBONE(0.0.0.0)
Number of interfaces in this area is 2
SPF algorithm executed 23 times
Number of LSA 19. Checksum Sum 0x098B75
Number of DCbitless LSA 6
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
fd-wv-ro03#
fd-wv-ro03#
fd-wv-ro03#show ipv6 ospf neighbor
Neighbor ID Pri State Dead Time Interface ID Interface
172.16.1.1 100 FULL/DROTHER 00:00:35 880 FastEthernet0/0
172.16.1.2 50 FULL/DR 00:00:32 16 FastEthernet0/0
172.16.1.3 1 FULL/DROTHER 00:00:38 14 FastEthernet0/0
172.16.1.6 1 FULL/DROTHER 00:00:30 6 FastEthernet0/0
fd-wv-ro03#
fd-wv-ro03#
fd-wv-ro03#show ipv6 ospf database
OSPFv3 Router with ID (172.16.1.5) (Process ID 17)
Router Link States (Area 0.0.0.0)
ADV Router Age Seq# Fragment ID Link count Bits
172.16.1.1 622 0x80000123 1 1 None
172.16.1.2 1455 0x80000124 0 1 E
172.16.1.3 243 0x80000103 0 1 E
172.16.1.5 892 0x80000102 0 1 None
172.16.1.6 389 0x80000123 0 1 None
Net Link States (Area 0.0.0.0)
ADV Router Age Seq# Link ID Rtr count
172.16.1.2 1453 0x80000122 16 5
Link (Type-8) Link States (Area 0.0.0.0)
ADV Router Age Seq# Link ID Interface
172.16.1.5 131 0x80000007 4 Fa0/1
172.16.1.1 667 0x8000011E 880 Fa0/0
172.16.1.2 330 0x8000011F 16 Fa0/0
172.16.1.3 1766 0x80000101 14 Fa0/0
172.16.1.5 892 0x80000101 3 Fa0/0
172.16.1.6 459 0x8000011E 6 Fa0/0
Intra Area Prefix Link States (Area 0.0.0.0)
ADV Router Age Seq# Link ID Ref-lstype Ref-LSID
172.16.1.1 662 0x80000244 1 0x2001 0
172.16.1.2 1455 0x80000124 1 0x2001 0
172.16.1.2 1448 0x80000129 458752 0x2002 16
172.16.1.2 1455 0x8000011F 589824 0x2002 257
172.16.1.3 1766 0x80000101 0 0x2001 0
172.16.1.5 131 0x80000007 0 0x2001 0
172.16.1.6 388 0x80000121 2 0x2001 0
Type-5 AS External Link States
ADV Router Age Seq# Prefix
172.16.1.3 1426 0x80000001 2003:51:6012:133:FEED:CAFE:0:10/128
fd-wv-ro03#
fd-wv-ro03#
fd-wv-ro03#show ipv6 ospf database self-originate
OSPFv3 Router with ID (172.16.1.5) (Process ID 17)
Router Link States (Area 0.0.0.0)
ADV Router Age Seq# Fragment ID Link count Bits
172.16.1.5 898 0x80000102 0 1 None
Link (Type-8) Link States (Area 0.0.0.0)
ADV Router Age Seq# Link ID Interface
172.16.1.5 137 0x80000007 4 Fa0/1
172.16.1.5 898 0x80000101 3 Fa0/0
Intra Area Prefix Link States (Area 0.0.0.0)
ADV Router Age Seq# Link ID Ref-lstype Ref-LSID
172.16.1.5 137 0x80000007 0 0x2001 0
fd-wv-ro03#
fd-wv-ro03#
fd-wv-ro03#show ipv6 route
IPv6 Routing Table - default - 15 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery
l - LISP
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
S ::/0 [1/0]
via 2003:51:6012:101::1
C 2003:51:6012:101::/64 [0/0]
via FastEthernet0/0, directly connected
L 2003:51:6012:101::5/128 [0/0]
via FastEthernet0/0, receive
O 2003:51:6012:110::/64 [110/200]
via FE80::219:E2FF:FEA1:F98A, FastEthernet0/0
O 2003:51:6012:120::/64 [110/110]
via FE80::B60C:25FF:FE05:8E10, FastEthernet0/0
O 2003:51:6012:121::/64 [110/110]
via FE80::B60C:25FF:FE05:8E10, FastEthernet0/0
O 2003:51:6012:123::/64 [110/110]
via FE80::B60C:25FF:FE05:8E10, FastEthernet0/0
O 2003:51:6012:124::/64 [110/110]
via FE80::B60C:25FF:FE05:8E10, FastEthernet0/0
O 2003:51:6012:125::/64 [110/110]
via FE80::B60C:25FF:FE05:8E10, FastEthernet0/0
O 2003:51:6012:130::/64 [110/200]
via FE80::2A94:FFF:FEA8:772D, FastEthernet0/0
OE2 2003:51:6012:133:FEED:CAFE:0:10/128 [110/1000]
via FE80::2A94:FFF:FEA8:772D, FastEthernet0/0
O 2003:51:6012:160::/64 [110/200]
via FE80::A5B:EFF:FE3C:115D, FastEthernet0/0
C 2003:61:6012:102::/64 [0/0]
via FastEthernet0/1, directly connected
L 2003:61:6012:102::1/128 [0/0]
via FastEthernet0/1, receive
L FF00::/8 [0/0]
via Null0, receive
fd-wv-ro03#
fd-wv-ro03#
Fortinet FortiGate
Unfortunately the FortiGate has no possibility to configure anything of OSPFv3 via the GUI. Everything must be done via the CLI. (And this is called a “Next-Generation Firewall”???)
These are the configuration commands for my lab:
config router ospf6
set auto-cost-ref-bandwidth 10000
set router-id 172.16.1.6
config area
edit 0.0.0.0
next
end
config ospf6-interface
edit "wan1"
set interface "wan1"
next
edit "fg-trust"
set interface "fg-trust"
next
end
set passive-interface "fg-trust"And the following shows the get commands:
fd-wv-fw04 # get router info6 ospf status
Routing Process "OSPFv3 (*null*)" with ID 172.16.1.6
Process uptime is 50 days 22 hours 5 minutes
SPF schedule delay 5 secs, Hold time between SPFs 10 secs
Minimum LSA interval 5 secs, Minimum LSA arrival 1 secs
Number of incomming current DD exchange neighbors 0/5
Number of outgoing current DD exchange neighbors 0/5
Number of external LSA 1. Checksum Sum 0x4BAD
Number of AS-Scoped Unknown LSA 0
Number of LSA originated 23
Number of LSA received 37398
Number of areas in this router is 2
Area BACKBONE(0)
Number of interfaces in this area is 2(2)
SPF algorithm executed 15 times
Number of LSA 13. Checksum Sum 0x5C289
Number of Unknown LSA 0
Area 0.0.0.51 (Inactive)
Number of interfaces in this area is 0(0)
SPF algorithm executed 33 times
Number of LSA 0. Checksum Sum 0x0000
Number of Unknown LSA 0
fd-wv-fw04 #
fd-wv-fw04 #
fd-wv-fw04 # get router info6 ospf neighbor
OSPFv3 Process (*null*)
Neighbor ID Pri State Dead Time Interface Instance ID
172.16.1.1 100 2-Way/DROther 00:00:36 wan1 0
172.16.1.2 50 Full/DR 00:00:31 wan1 0
172.16.1.3 1 2-Way/DROther 00:00:32 wan1 0
172.16.1.5 1 Full/Backup 00:00:37 wan1 0
fd-wv-fw04 #
fd-wv-fw04 #
fd-wv-fw04 # get router info6 ospf database
OSPFv3 Router with ID (172.16.1.6) (Process *null*)
Link-LSA (Interface wan1)
Link State ID ADV Router Age Seq# CkSum Prefix
0.0.3.112 172.16.1.1 1496 0x8000011e 0x6247 1
0.0.0.16 172.16.1.2 1158 0x8000011f 0x4293 1
0.0.0.14 172.16.1.3 578 0x80000102 0xf084 1
0.0.0.3 172.16.1.5 1722 0x80000101 0xf2b9 1
0.0.0.6 172.16.1.6 1287 0x8000011e 0xf486 1
Link-LSA (Interface fg-trust)
Link State ID ADV Router Age Seq# CkSum Prefix
0.0.0.63 172.16.1.6 1261 0x8000011e 0xca19 1
Router-LSA (Area 0.0.0.0)
Link State ID ADV Router Age Seq# CkSum Link
0.0.0.1 172.16.1.1 1451 0x80000123 0x197c 1
0.0.0.0 172.16.1.2 484 0x80000125 0x2b24 1
0.0.0.0 172.16.1.3 1073 0x80000103 0x9562 1
0.0.0.0 172.16.1.5 1722 0x80000102 0xea19 1
0.0.0.0 172.16.1.6 1217 0x80000123 0x84d4 1
Network-LSA (Area 0.0.0.0)
Link State ID ADV Router Age Seq# CkSum
0.0.0.16 172.16.1.2 482 0x80000123 0xb390
Intra-Area-Prefix-LSA (Area 0.0.0.0)
Link State ID ADV Router Age Seq# CkSum Prefix Reference
0.0.0.1 172.16.1.1 1491 0x80000244 0x6d9e 2 Router-LSA
0.0.0.1 172.16.1.2 484 0x80000125 0x265e 5 Router-LSA
0.7.0.0 172.16.1.2 477 0x8000012a 0xb764 1 Network-LSA
0.9.0.0 172.16.1.2 484 0x80000120 0x4fc3 1 Network-LSA
0.0.0.0 172.16.1.3 578 0x80000102 0x972f 1 Router-LSA
0.0.0.0 172.16.1.5 961 0x80000007 0x518b 1 Router-LSA
0.0.0.2 172.16.1.6 1216 0x80000121 0x422d 1 Router-LSA
AS-external-LSA
Link State ID ADV Router Age Seq# CkSum
0.0.0.0 172.16.1.3 321 0x80000002 0x4bad E2
fd-wv-fw04 #
fd-wv-fw04 #
fd-wv-fw04 # get router info6 ospf route
OSPFv3 Process (*null*)
Codes: C - connected, D - Discard, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
Destination Metric
Next-hop
C 2003:51:6012:101::/64 10
directly connected, wan1, Area 0.0.0.0
O 2003:51:6012:110::/64 110
via fe80::219:e2ff:fea1:f98a, wan1, Area 0.0.0.0
O 2003:51:6012:120::/64 20
via fe80::b60c:25ff:fe05:8e10, wan1, Area 0.0.0.0
O 2003:51:6012:121::/64 20
via fe80::b60c:25ff:fe05:8e10, wan1, Area 0.0.0.0
O 2003:51:6012:123::/64 20
via fe80::b60c:25ff:fe05:8e10, wan1, Area 0.0.0.0
O 2003:51:6012:124::/64 20
via fe80::b60c:25ff:fe05:8e10, wan1, Area 0.0.0.0
O 2003:51:6012:125::/64 20
via fe80::b60c:25ff:fe05:8e10, wan1, Area 0.0.0.0
O 2003:51:6012:130::/64 110
via fe80::2a94:fff:fea8:772d, wan1, Area 0.0.0.0
E2 2003:51:6012:133:feed:cafe:0:10/128 10/1000
via fe80::2a94:fff:fea8:772d, wan1
C 2003:51:6012:160::/64 100
directly connected, fg-trust, Area 0.0.0.0
O 2003:61:6012:102::/64 110
via fe80::21a:6cff:fea1:2b98, wan1, Area 0.0.0.0
fd-wv-fw04 #
fd-wv-fw04 #
Furthermore, the GUI can at least show the routing table:
Juniper ScreenOS
My SSG 5 runs at version 6.3.0r19. Unlike OSPF for IPv4, in which the “enable” checkmark for each interface is inside the interface configuration section, OSPFv3 is completely configured inside the virtual routers menu:
The config commands via the CLI are the following:
set vrouter trust-vr protocol ospfv3 enable set vrouter trust-vr protocol ospfv3 area 0.0.0.0 set interface ethernet0/5.10 protocol ospfv3 area 0.0.0.0 set interface ethernet0/5.10 protocol ospfv3 passive set interface ethernet0/5.10 protocol ospfv3 enable set interface ethernet0/5.10 protocol ospfv3 cost 100 set interface ethernet0/6 protocol ospfv3 area 0.0.0.0 set interface ethernet0/6 protocol ospfv3 enable set interface ethernet0/6 protocol ospfv3 priority 100 set interface ethernet0/6 protocol ospfv3 cost 100
And the get commands for displaying the runtime values are this:
fd-wv-fw01-> get vrouter trust-vr protocol ospfv3
VR: trust-vr RouterId: 172.16.1.1
----------------------------------
Status: enabled
State: internal router
Number of areas: 1
Number of LSA(s): 20
Number of AS-flooding-scope LSA(s): 1
Area 0.0.0.0
Total number of interfaces is 2, Active number of interfaces is 2
Intra-SPF algorithm executed 25 times
Last Intra-SPF executed before 03:30:25
Number of LSA(s) is 19
Inter-SPF algorithm executed: 27 times
Last Inter-SPF executed before 01:01:30
Extern-SPF algorithm executed: 28 times
Last Extern-SPF executed before 01:01:30
fd-wv-fw01->
fd-wv-fw01->
fd-wv-fw01-> get vrouter trust-vr protocol ospfv3 neighbor
VR: trust-vr RouterId: 172.16.1.1
----------------------------------
Neighbor(s) on interface ethernet0/5.10 (Area 0.0.0.0)
Neighbor(s) on interface ethernet0/6 (Area 0.0.0.0)
RouterId Nbr-saw-DR Nbr-saw-BDR Nbr-If-Id Opt Pri State (Down, Up)
------------------------------------------------------------------------------
172.16.1.3 172.16.1.2 172.16.1.5 0x0000000e --V6|E|R 1 2WAY (+2 -0)
172.16.1.6 172.16.1.2 172.16.1.5 0x00000006 --V6|E|R 1 2WAY (+2 -0)
172.16.1.2 172.16.1.2 172.16.1.5 0x00000010 --V6|E|R 50 FULL (+6 -0)
172.16.1.5 172.16.1.2 172.16.1.5 0x00000003 --V6|E|R 1 FULL (+6 -0)
fd-wv-fw01->
fd-wv-fw01->
fd-wv-fw01-> get vrouter trust-vr protocol ospfv3 database
VR: trust-vr RouterId: 172.16.1.1
----------------------------------
As-External-LSA
--------------------------------------------------------------------------------
Link-State-Id Adv-Router-Id Age Sequence# CheckSum
--------------------------------------------------------------------------------
0x00000000 172.16.1.3 1786 0x80000002 0x4bad
Router-LSA for area 0.0.0.0
--------------------------------------------------------------------------------
Link-State-Id Adv-Router-Id Age Sequence# CheckSum
--------------------------------------------------------------------------------
0x00000000 172.16.1.5 1169 0x80000103 0xe81a
0x00000000 172.16.1.6 884 0x80000124 0x82d5
0x00000001 172.16.1.1 1111 0x80000124 0x177d
0x00000000 172.16.1.3 516 0x80000104 0x9363
0x00000000 172.16.1.2 149 0x80000126 0x2925
Network-LSA for area 0.0.0.0
--------------------------------------------------------------------------------
Link-State-Id Adv-Router-Id Age Sequence# CheckSum
--------------------------------------------------------------------------------
0x00000010 172.16.1.2 147 0x80000124 0xb191
Intra-Area-Prefix-LSA for area 0.0.0.0
--------------------------------------------------------------------------------
Link-State-Id Adv-Router-Id Age Sequence# CheckSum
--------------------------------------------------------------------------------
0x00000000 172.16.1.5 417 0x80000008 0x4f8c
0x00000002 172.16.1.6 884 0x80000122 0x402e
0x00000001 172.16.1.1 1152 0x80000246 0x69a0
0x00000000 172.16.1.3 13 0x80000103 0x9530
0x00000001 172.16.1.2 150 0x80000126 0x245f
0x00070000 172.16.1.2 143 0x8000012b 0xb565
0x00090000 172.16.1.2 150 0x80000121 0x4dc4
Link-LSA for link ethernet0/5.10, area 0.0.0.0
--------------------------------------------------------------------------------
Link-State-Id Adv-Router-Id Age Sequence# CheckSum
--------------------------------------------------------------------------------
0x00000368 172.16.1.1 1157 0x8000011f 0xac59
Link-LSA for link ethernet0/6, area 0.0.0.0
--------------------------------------------------------------------------------
Link-State-Id Adv-Router-Id Age Sequence# CheckSum
--------------------------------------------------------------------------------
0x00000003 172.16.1.5 1171 0x80000102 0xf0ba
0x00000006 172.16.1.6 956 0x8000011f 0xf287
0x00000370 172.16.1.1 1158 0x8000011f 0x6048
0x0000000e 172.16.1.3 14 0x80000103 0xee85
0x00000010 172.16.1.2 826 0x80000120 0x4094
-----------------------
printed 20 LSA(s).
fd-wv-fw01->
fd-wv-fw01->
fd-wv-fw01-> get vrouter trust-vr protocol ospfv3 database self-originate
VR: trust-vr RouterId: 172.16.1.1
----------------------------------
Router-LSA for area 0.0.0.0
--------------------------------------------------------------------------------
Link-State-Id Adv-Router-Id Age Sequence# CheckSum
--------------------------------------------------------------------------------
0x00000001 172.16.1.1 1129 0x80000124 0x177d
Intra-Area-Prefix-LSA for area 0.0.0.0
--------------------------------------------------------------------------------
Link-State-Id Adv-Router-Id Age Sequence# CheckSum
--------------------------------------------------------------------------------
0x00000001 172.16.1.1 1169 0x80000246 0x69a0
Link-LSA for link ethernet0/5.10, area 0.0.0.0
--------------------------------------------------------------------------------
Link-State-Id Adv-Router-Id Age Sequence# CheckSum
--------------------------------------------------------------------------------
0x00000368 172.16.1.1 1174 0x8000011f 0xac59
Link-LSA for link ethernet0/6, area 0.0.0.0
--------------------------------------------------------------------------------
Link-State-Id Adv-Router-Id Age Sequence# CheckSum
--------------------------------------------------------------------------------
0x00000370 172.16.1.1 1175 0x8000011f 0x6048
-----------------------
printed 4 LSA(s).
fd-wv-fw01->
fd-wv-fw01->
fd-wv-fw01-> get vrouter trust-vr route protocol ospfv3
H: Host C: Connected S: Static A: Auto-Exported
I: Imported R: RIP/RIPng P: Permanent D: Auto-Discovered
N: NHRP
iB: IBGP eB: EBGP O: OSPF/OSPFv3 E1: OSPF external type 1
E2: OSPF/OSPFv3 external type 2 trailing B: backup route
Total 19/max entries
ID IP-Prefix Interface
Gateway P Pref Mtr Vsys
--------------------------------------------------------------------------------------
56 2003:51:6012:101::/64 eth0/6
:: O 60 100 Root
* 67 2003:51:6012:133:feed:cafe:0:10/128 eth0/6
fe80::2a94:fff:fea8:772d E2 200 1000 Root
54 2003:51:6012:110::/64 eth0/5.10
:: O 60 100 Root
* 57 2003:51:6012:121::/64 eth0/6
fe80::b60c:25ff:fe05:8e10 O 60 110 Root
* 58 2003:51:6012:120::/64 eth0/6
fe80::b60c:25ff:fe05:8e10 O 60 110 Root
* 59 2003:51:6012:123::/64 eth0/6
fe80::b60c:25ff:fe05:8e10 O 60 110 Root
* 60 2003:51:6012:125::/64 eth0/6
fe80::b60c:25ff:fe05:8e10 O 60 110 Root
* 61 2003:51:6012:124::/64 eth0/6
fe80::b60c:25ff:fe05:8e10 O 60 110 Root
* 64 2003:51:6012:130::/64 eth0/6
fe80::2a94:fff:fea8:772d O 60 200 Root
* 66 2003:61:6012:102::/64 eth0/6
fe80::21a:6cff:fea1:2b98 O 60 200 Root
* 63 2003:51:6012:160::/64 eth0/6
fe80::a5b:eff:fe3c:115d O 60 200 Root
Total number of ospfv3 routes: 11
fd-wv-fw01->
fd-wv-fw01->
Palo Alto
Finally, this is the Palo Alto guide. I am using a PA-200 with version 7.0.2. To my mind, this is the best OSPFv3 GUI from all firewalls in my lab. Here we go:
To show some runtime stats on the CLI, use this show commands:
weberjoh@fd-wv-fw02> show routing protocol ospfv3 summary
Router ID 172.16.1.2, instance 0 in virtual router default
OSPFv3 is up, oper status active
ABR: no, ASBR: yes, Allow transit traffic: yes
reject-default-route: yes , redist-default-route: n/a
originated LSA count: 3497, received LSA count: 6676
num AS-scoped LSA: 0, AS-external LSA count: 1
num update pending: 0, num update merged: 1
SPF calc delay: 5.00, min lsa interval : 5.00
external refresh interval: 1800
weberjoh@fd-wv-fw02>
weberjoh@fd-wv-fw02>
weberjoh@fd-wv-fw02> show routing protocol ospfv3 neighbor
Neighbor ID 172.16.1.1, in virtual router default
Neighbor Link-local addr fe80:0:0:0:219:e2ff:fea1:f98a,Neighbor If ID 880
Through local Interface ethernet1/1, local IF ID 16
Area 0.0.0.0, instance ID 0, status up
priority 100, state full, event count 10
Options 0x13, V6(1),E(1),MC(0),N(0),R(1),DC(0)
Retransmission queue length 0, Waiting on 0 LSA request
Dead time is 38 sec
Graceful restart helper status: not helping, time remaining: 0
Graceful restart helper exit reason: none
Neighbor ID 172.16.1.3, in virtual router default
Neighbor Link-local addr fe80:0:0:0:2a94:fff:fea8:772d,Neighbor If ID 14
Through local Interface ethernet1/1, local IF ID 16
Area 0.0.0.0, instance ID 0, status up
priority 1, state full, event count 6
Options 0x13, V6(1),E(1),MC(0),N(0),R(1),DC(0)
Retransmission queue length 0, Waiting on 0 LSA request
Dead time is 31 sec
Graceful restart helper status: not helping, time remaining: 0
Graceful restart helper exit reason: none
Neighbor ID 172.16.1.5, in virtual router default
Neighbor Link-local addr fe80:0:0:0:21a:6cff:fea1:2b98,Neighbor If ID 3
Through local Interface ethernet1/1, local IF ID 16
Area 0.0.0.0, instance ID 0, status up
priority 1, state full, event count 6
Options 0x13, V6(1),E(1),MC(0),N(0),R(1),DC(0)
Retransmission queue length 0, Waiting on 0 LSA request
Dead time is 37 sec
Graceful restart helper status: not helping, time remaining: 0
Graceful restart helper exit reason: none
Neighbor ID 172.16.1.6, in virtual router default
Neighbor Link-local addr fe80:0:0:0:a5b:eff:fe3c:115d,Neighbor If ID 6
Through local Interface ethernet1/1, local IF ID 16
Area 0.0.0.0, instance ID 0, status up
priority 1, state full, event count 6
Options 0x13, V6(1),E(1),MC(0),N(0),R(1),DC(0)
Retransmission queue length 0, Waiting on 0 LSA request
Dead time is 29 sec
Graceful restart helper status: not helping, time remaining: 0
Graceful restart helper exit reason: none
weberjoh@fd-wv-fw02>
weberjoh@fd-wv-fw02>
weberjoh@fd-wv-fw02> show routing protocol ospfv3 dumplsdb
** OSPF AS-Scope link state database
VIRTUAL ROUTER: default (id 1)
VR Type Adv Router ID LS id Seq ID Cksum Age Size
1 External 172.16.1.3 0.0.0.1 0x80000003 0x3FB7 638 44
Flags [External Type 2], metric 1000
2003:51:6012:133:feed:cafe:0:10/128
** OSPF Area Scope link state database
VIRTUAL ROUTER: default (id 1)
VR Type Adv Router ID LS id Seq ID Cksum Age Size
1 Router 172.16.1.1 0.0.0.1 0x8000017B 0x68D4 1698 40
Options [V6, External, Router], RLA-Flags [none]
Neighbor Network-ID 172.16.1.2
Neighbor Interface-ID 0.0.0.16, Interface ID 0.0.3.112
type 2, metric 100
1 Router 172.16.1.2 0.0.0.0 0x8000017D 0x7A7C 1131 40
Options [V6, External, Router], RLA-Flags [External]
Neighbor Network-ID 172.16.1.2
Neighbor Interface-ID 0.0.0.16, Interface ID 0.0.0.16
type 2, metric 10
1 Router 172.16.1.3 0.0.0.0 0x80000152 0xF6B1 884 40
Options [V6, External, Router, Demand Circuit], RLA-Flags [External]
Neighbor Network-ID 172.16.1.2
Neighbor Interface-ID 0.0.0.16, Interface ID 0.0.0.14
type 2, metric 100
1 Router 172.16.1.5 0.0.0.0 0x80000152 0x4A69 296 40
Options [V6, External, Router, Demand Circuit], RLA-Flags [none]
Neighbor Network-ID 172.16.1.2
Neighbor Interface-ID 0.0.0.16, Interface ID 0.0.0.3
type 2, metric 100
1 Router 172.16.1.6 0.0.0.0 0x8000017C 0xD12E 68 40
Options [V6, External, Router], RLA-Flags [none]
Neighbor Network-ID 172.16.1.2
Neighbor Interface-ID 0.0.0.16, Interface ID 0.0.0.6
type 2, metric 10
1 Network 172.16.1.2 0.0.0.16 0x8000017B 0x3E8 1129 44
Options [V6, External, Router, Demand Circuit]
Connected Routers:
172.16.1.1
172.16.1.3
172.16.1.5
172.16.1.6
172.16.1.2
1 IntraArPfx 172.16.1.1 0.0.0.1 0x800002F4 0xC4F 1737 56
Prefixes 2:
2003:51:6012:110:0:0:0:0/64, metric 100
2003:51:6012:101:0:0:0:0/64, metric 100
1 IntraArPfx 172.16.1.2 0.0.0.1 0x8000017D 0x75B6 1131 92
Prefixes 5:
2003:51:6012:123:0:0:0:0/64, metric 10
2003:51:6012:120:0:0:0:0/64, metric 10
2003:51:6012:125:0:0:0:0/64, metric 10
2003:51:6012:121:0:0:0:0/64, metric 10
2003:51:6012:124:0:0:0:0/64, metric 10
1 IntraArPfx 172.16.1.2 0.7.0.0 0x80000182 0x7BC 1124 44
Prefixes 1:
2003:51:6012:101:0:0:0:0/64, metric 0
1 IntraArPfx 172.16.1.2 0.9.0.0 0x80000178 0x9E1C 1131 44
Prefixes 1:
2003:51:6012:120:0:0:0:0/64, metric 0
1 IntraArPfx 172.16.1.3 0.0.0.0 0x80000151 0xF87E 884 44
Prefixes 1:
2003:51:6012:130:0:0:0:0/64, metric 100
1 IntraArPfx 172.16.1.5 0.0.0.0 0x80000056 0xB2DA 1272 44
Prefixes 1:
2003:61:6012:102:0:0:0:0/64, metric 100
1 IntraArPfx 172.16.1.6 0.0.0.2 0x8000017A 0x8F86 67 44
Prefixes 1:
2003:51:6012:160:0:0:0:0/64, metric 100
** OSPF Link Scope link state database
VIRTUAL ROUTER: default (id 1)
VR Type Adv Router ID LS id Seq ID Cksum Age Size
1 Link 172.16.1.1 0.0.3.112 0x80000176 0xB19F 1742 56
Options [V6, External, Router]
Priority 100, Link-local address fe80:0:0:0:219:e2ff:fea1:f98a,
Prefixes 1:
2003:51:6012:101:0:0:0:0/64
1 Link 172.16.1.2 0.0.0.16 0x80000178 0x8FEC 5 56
Options [V6, External, Router]
Priority 50, Link-local address fe80:0:0:0:b60c:25ff:fe05:8e10,
Prefixes 1:
2003:51:6012:101:0:0:0:0/64
1 Link 172.16.1.3 0.0.0.14 0x80000151 0x52D3 884 56
Options [V6, External, Router, Demand Circuit]
Priority 1, Link-local address fe80:0:0:0:2a94:fff:fea8:772d,
Prefixes 1:
2003:51:6012:101:0:0:0:0/64
1 Link 172.16.1.5 0.0.0.3 0x80000151 0x520A 296 56
Options [V6, External, Router, Demand Circuit]
Priority 1, Link-local address fe80:0:0:0:21a:6cff:fea1:2b98,
Prefixes 1:
2003:51:6012:101:0:0:0:0/64
1 Link 172.16.1.6 0.0.0.6 0x80000177 0x42DF 137 56
Options [V6, External, Router]
Priority 1, Link-local address fe80:0:0:0:a5b:eff:fe3c:115d,
Prefixes 1:
2003:51:6012:101:0:0:0:0/64
1 Link 172.16.1.2 0.0.1.1 0x80000178 0x92A3 5 56
Options [V6, External, Router]
Priority 100, Link-local address fe80:0:0:0:b60c:25ff:fe05:8e13,
Prefixes 1:
2003:51:6012:120:0:0:0:0/64
weberjoh@fd-wv-fw02>
weberjoh@fd-wv-fw02>
weberjoh@fd-wv-fw02> show routing route type ospf
flags: A:active, ?:loose, C:connect, H:host, S:static, ~:internal, R:rip, O:ospf, B:bgp,
Oi:ospf intra-area, Oo:ospf inter-area, O1:ospf ext-type-1, O2:ospf ext-type-2, E:ecmp
VIRTUAL ROUTER: default (id 1)
==========
destination nexthop metric flags age interface next-AS
[IPv4 routes omitted]
2003:51:6012:101::/64 :: 10 Oi 675410 ethernet1/1
2003:51:6012:110::/64 fe80::219:e2ff:fea1:f98a 110 A Oi 674960 ethernet1/1
2003:51:6012:120::/64 :: 10 Oi 945349 ethernet1/4.120
2003:51:6012:121::/64 :: 10 Oi 945349 ethernet1/4.121
2003:51:6012:123::/64 :: 10 Oi 945349 ethernet1/3
2003:51:6012:124::/64 :: 10 Oi 945349 ethernet1/4.124
2003:51:6012:125::/64 :: 10 Oi 945349 ethernet1/4.125
2003:51:6012:130::/64 fe80::2a94:fff:fea8:772d 110 A Oi 672653 ethernet1/1
2003:51:6012:133:feed:cafe:0:10/128 fe80::2a94:fff:fea8:772d 1000 A O2 4598 ethernet1/1
2003:51:6012:160::/64 fe80::a5b:eff:fe3c:115d 110 A Oi 673436 ethernet1/1
2003:61:6012:102::/64 fe80::21a:6cff:fea1:2b98 110 A Oi 172024 ethernet1/1
total routes shown: 38
weberjoh@fd-wv-fw02>
Wireshark Dump
I captured all OSPF packets while I restarted (reload) the Cisco router. The pcapng therefore contains all five types of OSPFv3 packets (Hello, DBD, LSR, LSU, LSAack). Here it is for download:
OSPFv3 Capture 41.66 KB
As an example, these are the messages after the Cisco router has booted (red marked area). After some database description packets (DBD), the router requested (LSR) many details. After that, the designated router (DR) sent many link-state updates (LSU) which contain the link-state advertisements (LSA). The yellow highlighted section shows a LSA for one of the intra-area-prefix LSAs:
