Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
7580
Views
5
Helpful
0
Comments

'Basic OSPFv3 Configuration Example On ASR9K'

ashirkar
Level 7
Level 7

‎05-20-2013 03:08 AM - edited ‎03-01-2019 04:55 PM

 

Introduction:

In this document you will see basic OSPv3 configuration on ASR9k.This document cover basic OSPFv3 connectivity, OSPFv3 authentication and OSPFv3 configuration using FLEX CLI on IOS XR.

Configuration Example:

I have two ASR9k as shown in the figure:

 

ospfv3112.jpg

 

1st we will configure basic IPv6 address and OSPV3 configuration on ASR9k:

ASR9K:

 

RP/0/0/CPU0:ASR9K#conf t

Sun May 19 16:53:39.120 UTC

RP/0/0/CPU0:ASR9K(config)#int lo0

RP/0/0/CPU0:ASR9K(config-if)#ipv4 address 1.1.1.1 255.255.255.255

RP/0/0/CPU0:ASR9K(config-if)#ipv6 address 2011::1/128

RP/0/0/CPU0:ASR9K(config-if)#exit

RP/0/0/CPU0:ASR9K(config)#int gig0/0/0/1

RP/0/0/CPU0:ASR9K(config-if)#ipv6 add 2001::1/64

RP/0/0/CPU0:ASR9K(config-if)#no sh

RP/0/0/CPU0:ASR9K(config-if)#commit

Sun May 19 16:53:58.179 UTC

RP/0/0/CPU0:May 19 16:53:58.839 : ifmgr[223]: %PKT_INFRA-LINK-3-UPDOWN : Interface GigabitEthernet0/0/0/1, changed state to Down

RP/0/0/CPU0:May 19 16:53:58.879 : ifmgr[223]: %PKT_INFRA-LINK-3-UPDOWN : Interface GigabitEthernet0/0/0/1, changed state to Up

RP/0/0/CPU0:ASR9K(config-if)#end

RP/0/0/CPU0:ASR9K#

 

ASR9K_R1:

RP/0/0/CPU0:ASR9K_R1#conf t

Sun May 19 16:55:25.623 UTC

RP/0/0/CPU0:ASR9K_R1(config)#int lo 0

RP/0/0/CPU0:ASR9K_R1(config-if)#ip add 2.2.2.2 255.255.255.255

RP/0/0/CPU0:ASR9K(config-if)#ipv6 address 2012::1/128

RP/0/0/CPU0:ASR9K_R1(config-if)#exit

RP/0/0/CPU0:ASR9K_R1(config)#int gig0/0/0/1

RP/0/0/CPU0:ASR9K_R1(config-if)#ipv6 add 2001::2/64

RP/0/0/CPU0:ASR9K_R1(config-if)#no sh

RP/0/0/CPU0:ASR9K_R1(config-if)#commit

Sun May 19 16:58:58.488 UTC

RP/0/0/CPU0:May 19 16:58:58.858 : ifmgr[223]: %PKT_INFRA-LINK-3-UPDOWN : Interface GigabitEthernet0/0/0/1, changed state to Down

RP/0/0/CPU0:May 19 16:58:58.918 : ifmgr[223]: %PKT_INFRA-LINK-3-UPDOWN : Interface GigabitEthernet0/0/0/1, changed state to Up

RP/0/0/CPU0:ASR9K_R1(config-if)#end

RP/0/0/CPU0:ASR9K_R1#

 

Verifying the connectivity between ASR:

RP/0/0/CPU0:ASR9K#ping 2001::2

Sun May 19 17:00:09.593 UTC

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2001::2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 9/111/489 ms

RP/0/0/CPU0:ASR9K#

 

In Cisco IOS we defined all OSPFv3 configuration like defining area and process directly under interface but in IOS XR, the configuration is used in a more “topological” way. Here you define the interfaces on which you want to run OSPV3 process under router process as shown below:

ASR9K:

 

RP/0/0/CPU0:ASR9K#conf t

Sun May 19 17:15:55.469 UTC

RP/0/0/CPU0:ASR9K(config)#router ospfv3 cisco

RP/0/0/CPU0:ASR9K(config-ospfv3)#router-id 1.1.1.1

RP/0/0/CPU0:ASR9K(config-ospfv3)#area 0

RP/0/0/CPU0:ASR9K(config-ospfv3-ar)#int gig0/0/0/1

RP/0/0/CPU0:ASR9K(config-ospfv3-ar-if)#exit

RP/0/0/CPU0:ASR9K(config-ospfv3-ar)#int lo 0

RP/0/0/CPU0:ASR9K(config-ospfv3-ar-if)#commit

Sun May 19 17:16:30.776 UTC

RP/0/0/CPU0:ASR9K(config-ospfv3-ar-if)#end

RP/0/0/CPU0:ASR9K#

 

ASR9K_R1:

RP/0/0/CPU0:ASR9K_R1#conf t

Sun May 19 17:17:17.723 UTC

RP/0/0/CPU0:ASR9K_R1(config)#router ospfv3 cisco

RP/0/0/CPU0:ASR9K_R1(config-ospfv3)#router-id 2.2.2.2

RP/0/0/CPU0:ASR9K_R1(config-ospfv3)#area 0

RP/0/0/CPU0:ASR9K_R1(config-ospfv3-ar)#int gig0/0/0/1

RP/0/0/CPU0:ASR9K_R1(config-ospfv3-ar-if)#exit

RP/0/0/CPU0:ASR9K_R1(config-ospfv3-ar)#int lo 0

RP/0/0/CPU0:ASR9K_R1(config-ospfv3-ar-if)#commit

Sun May 19 17:17:50.860 UTC

RP/0/0/CPU0:ASR9K_R1(config-ospfv3-ar-if)#end

RP/0/0/CPU0:ASR9K_R1#

Verification:

1) Verifying OSPFv3 configuration: To verify OSPFv3 configuration use “sh running-config router ospfv3”  command.

RP/0/0/CPU0:ASR9K#sh running-config router ospfv3

Sun May 19 17:18:55.596 UTC

router ospfv3 cisco

router-id 1.1.1.1

area 0

  interface Loopback0

  !

  interface GigabitEthernet0/0/0/1

  !

!

!

 

RP/0/0/CPU0:ASR9K#

 

2) Verifying OSPFv3 neighborship:

To verify OSPF neighborship use “sh ospfv3 neighbor” command .

RP/0/0/CPU0:ASR9K#sh ospfv3 neighbor

Sun May 19 17:21:02.887 UTC

 

Neighbors for OSPFv3 cisco

 

Neighbor ID     Pri   State           Dead Time   Interface ID    Interface

2.2.2.2         1     FULL/BDR        00:00:35    4               GigabitEthernet0/0/0/1

    Neighbor is up for 00:02:57

 

Total neighbor count: 1

RP/0/0/CPU0:ASR9K#

 

3) Verifying loopback route reachability learned via OSPFv3:

RP/0/0/CPU0:ASR9K#sh route ipv6 ospf

Sun May 19 17:21:45.975 UTC

 

O    2012::1/128

      [110/2] via fe80::2ab:5bff:febe:202, 00:03:39, GigabitEthernet0/0/0/1

RP/0/0/CPU0:ASR9K#

 

RP/0/0/CPU0:ASR9K#ping 2012::1 source 2011::1

Sun May 19 17:22:50.780 UTC

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2012::1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 9/15/29 ms

 

Task 2: Now we will Configure OSPFv3 authentication:

Most IPv4 routing protocols support some form of neighbor authentication, provided by either a plaintext password or MD5 HMAC. However, OSPFv3 (OSPF for IPv6) doesn't include any authentication capabilities of its own; instead, it relies entirely on IPsec to secure communications between neighbors. This is beneficial in simplifying the OSPFv3 protocol and standardizing its authentication mechanism. In classic IOS you define authentication for OSPFv3 under interface but here you will have to define to interface under router process as shown below:

ASR9K:   

 

RP/0/0/CPU0:ASR9K#conf t

Sun May 19 18:37:03.865 UTC

RP/0/0/CPU0:ASR9K(config)#router ospfv3 cisco

RP/0/0/CPU0:ASR9K(config-ospfv3)#area 0

RP/0/0/CPU0:ASR9K(config-ospfv3-ar)#int gig0/0/0/1

RP/0/0/CPU0:ASR9K(config-ospfv3-ar-if)#authentication ipsec spi 512 sha1 123456789abcdef123456789abcdef123456789a

RP/0/0/CPU0:ASR9K(config-ospfv3-ar-if)#commit

Sun May 19 18:39:15.696 UTC

RP/0/0/CPU0:ASR9K(config-ospfv3-ar-if)#end

RP/0/0/CPU0:ASR9K#

 

ASR9K_R1:

RP/0/0/CPU0:ASR9K_R1#conf t

Sun May 19 18:30:14.693 UTC

RP/0/0/CPU0:ASR9K_R1(config)#router ospfv3 cisco

RP/0/0/CPU0:ASR9K_R1(config-ospfv3)#area 0

RP/0/0/CPU0:ASR9K_R1(config-ospfv3-ar)#int gig0/0/0/1

RP/0/0/CPU0:ASR9K_R1(config-ospfv3-ar-if)#authentication ipsec spi 512 sha1 123456789abcdef123456789abcdef123456789a

RP/0/0/CPU0:ASR9K_R1(config-ospfv3-ar-if)#commit

 

Task3:OSPFv3 Configuration using FLEX CLI:

Flexible command line interface (CLI) configuration groups provide the ability to minimize repetitive configurations by defining a series of configuration statements in a configuration group, and then applying this group to multiple hierarchical levels in the router configuration tree.

Flexible CLI configuration groups utilize regular expressions that are checked for a match at multiple sub modes of the configuration tree based on where the group is applied within the hierarchy. If a match is found at a configuration sub mode, the corresponding configuration defined in the group is inherited within the matched sub mode.

From the above output you can see under router configuration looks like same entries/values are repeated. So on ASR9K_R1 we are creating groups for command parameters and applying under process as shown below.

Please refer FLEX CLI document to get more knowledge on it.

 

OSPFv3_XR.jpg

 

1st we will remove authentication on applied under interface as we need to apply authentication to all Gig interface we will put in group. 

RP/0/0/CPU0:ASR9K_R1#conf t

Sun May 19 18:30:14.693 UTC

RP/0/0/CPU0:ASR9K_R1(config)#router ospfv3 cisco

RP/0/0/CPU0:ASR9K_R1(config-ospfv3)#area 0

RP/0/0/CPU0:ASR9K_R1(config-ospfv3-ar)#int gig0/0/0/1

RP/0/0/CPU0:ASR9K_R1(config-ospfv3-ar-if)#no authentication ipsec spi 512 sha1 123456789abcdef123456789abcdef123456789a

RP/0/0/CPU0:ASR9K_R1(config-ospfv3-ar-if)#commit

 

Configuration of Config-Group:

RP/0/0/CPU0:ASR9K_R1(config)#group OSPF_INTERFACE

RP/0/0/CPU0:ASR9K_R1(config-GRP)#router ospfv3 '.*'

RP/0/0/CPU0:ASR9K_R1(config-GRP-ospfv3)#area '.*'

RP/0/0/CPU0:ASR9K_R1(config-GRP-ospfv3-ar)#mtu-ignore enable

RP/0/0/CPU0:ASR9K_R1(config-GRP-ospfv3-ar)#interface 'Gig.*'

RP/0/0/CPU0:ASR9K_R1(config-GRP-ospfv3-ar-if)# authentication ipsec spi 512 sha1 123456789abcdef123456789abcdef123456789a

RP/0/0/CPU0:ASR9K_R1(config-GRP-ospfv3-ar-if)#cost 100

RP/0/0/CPU0:ASR9K_R1(config-GRP-ospfv3-ar-if)#interface 'Lo.*'

RP/0/0/CPU0:ASR9K_R1(config-GRP-ospfv3-ar-if)#passive

RP/0/0/CPU0:ASR9K_R1(config-GRP-ospfv3-ar-if)#end-group

RP/0/0/CPU0:ASR9K_R1(config)#

 

Configuration of apply-groups:

RP/0/0/CPU0:ASR9K_R1#conf t

Mon May 20 08:27:13.533 UTC

RP/0/0/CPU0:ASR9K_R1(config)#router ospfv3 cisco

RP/0/0/CPU0:ASR9K_R1(config-ospfv3)#apply-group OSPF_INTERFACE

RP/0/0/CPU0:ASR9K_R1(config-ospfv3)#commit

Mon May 20 08:27:42.251 UTC

RP/0/0/CPU0:ASR9K_R1(config-ospfv3)#

 

Verification:

The parameters mention in group will be applied automatically once you configure Gig and Loopback interface under ospfv3 process.

1) Verifying Config-Group and OSPFv3 configuration on ASR9K_R1 router:

RP/0/0/CPU0:ASR9K_R1#sh running-config group

Mon May 20 08:33:26.447 UTC

group OSPF_INTERFACE

router ospfv3 '.*'

  area '.*'

   mtu-ignore

   interface 'Lo.*'

    passive

   !

   interface 'Gig.*'

    cost 100

    authentication ipsec spi 512 sha1 password 06575D72181B5F4E5D4E13090F002F2D757A60617745504E5A00545A5C56525F514B420C0E000B0B54

   !

  !

!

end-group

 

RP/0/0/CPU0:ASR9K_R1#sh running-config router ospfv3

Mon May 20 10:40:26.945 UTC

router ospfv3 cisco

apply-group OSPF_INTERFACE

area 0

  interface Loopback0

  !

  interface GigabitEthernet0/0/0/1

  !

!

!

 

RP/0/0/CPU0:ASR9K_R1#

 

2) As from the above output you can see that only interface applied under router process. Let’s verify OSPF configuration for interface Gig0/0/0/1.

 

RP/0/0/CPU0:ASR9K_R1#sh ospfv3 int gig0/0/0/1

Mon May 20 08:38:10.938 UTC

 

GigabitEthernet0/0/0/1 is up, line protocol is up, ipsec is up

  Link Local address fe80::2ab:5bff:febe:202, Interface ID 4

  Area 0, Process ID cisco, Instance ID 0, Router ID 2.2.2.2

  Network Type BROADCAST, Cost: 100

  AH Authentication SHA1, SPI 512

  Transmit Delay is 1 sec, State BDR, Priority 1

  Designated Router (ID) 1.1.1.1, local address fe80::2ab:5bff:febe:102

  Backup Designated router (ID) 2.2.2.2, local address fe80::2ab:5bff:febe:202

  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

    Hello due in 00:00:08

  Index 0/1/1, flood queue length 0

  Next 0(0)/0(0)/0(0)

  Last flood scan length is 1, maximum is 1

  Last flood scan time is 0 msec, maximum is 0 msec

  Neighbor Count is 1, Adjacent neighbor count is 1

    Adjacent with neighbor 1.1.1.1  (Designated Router)

  Suppress hello for 0 neighbor(s)

  Reference count is 5

RP/0/0/CPU0:ASR9K_R1#

 

Even if we don’t have any authentication, cost parameter directly under interface, it gets it from apply-group configuration.

Related Information:

Implementing OSPF on Cisco ASR 9000 Series Routers

RP/0/0/CPU0:ASR9K#conf t

Sun May 19 17:15:55.469 UTC

RP/0/0/CPU0:ASR9K(config)#router ospfv3 cisco

RP/0/0/CPU0:ASR9K(config-ospfv3)#router-id 1.1.1.1

RP/0/0/CPU0:ASR9K(config-ospfv3)#area 0

RP/0/0/CPU0:ASR9K(config-ospfv3-ar)#int gig0/0/0/1

RP/0/0/CPU0:ASR9K(config-ospfv3-ar-if)#exit

RP/0/0/CPU0:ASR9K(config-ospfv3-ar)#int lo 0

RP/0/0/CPU0:ASR9K(config-ospfv3-ar-if)#commit

Sun May 19 17:16:30.776 UTC

RP/0/0/CPU0:ASR9K(config-ospfv3-ar-if)#end

RP/0/0/CPU0:ASR9K#
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents