Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
212
Views
4
Helpful
7
Replies

OSPFV3 With IV4 Families

jbulloch
Level 1
Level 1

‎03-07-2025 07:42 AM

Hi cisco community,

Please bare with me but i believe i am missing something in my attempting conversion to ospfv3/w IPV4. Recently, we received a new security device that does not support SHA over OSPFV2. Our network does not have IPV6 present internally, so i began to work on converting to V3 with ipv4.

 

I understand that i need IPV6 unicast enabled globally on the devices and on the interfaces for the link locals, and my current test config is up and we have Neighbours with IPV4 address on either side. However, there is still "IPV6 family" under the show Neighbours and a loopback i built into the test area to attempt to get into the routing table on the security device fails to do so.

My config:

 

router ospfv3 1
router-id 10.10.201.1
!
address-family ipv4 unicast
  router-id 10.10.201.1
  auto-cost reference-bandwidth 100000
exit-address-family
!
address-family ipv6 unicast
exit-address-family
!

 
!
interface  
description OSPF-TEST-INT
no switchport
ip address 10.10.201.1 255.255.255.252
ipv6 enable
ospfv3 encryption ipsec spi  xxxx esp aes-cbc 128 7  <key> sha1 7  <key>
ospfv3 hello-interval 1
ospfv3 dead-interval 5
ospfv3 1 ipv6 area 99

ospfv3 1 ipv4 area 99

ospfv3 1 ipv4 area 99 instance 64

 

However, while we are able to Neighbour with these IPV4 addresses, show neighbours shows ipv6 family. If i remove the ipv6 from the area the connection will drop. I also can't find the route (another 10 rfc address on a loopback) propagating from my cisco to the security device. Am i missing something simple in my config here?

 

 

 

 

 

 

Labels:
0 Helpful
7 Replies 7

David Ruess
VIP
VIP

‎03-07-2025 11:45 AM

Hello,

 

OSPFv3 uses IPv6 as its transport for IPv4 and IPv6. I'd have to lab it, but can you provide the output of the OSPF neighbor command: show ospf neighbor as you've aid you cna still see IPv4 neighbors?

 

-David

jbulloch
Level 1
Level 1
In response to David Ruess

‎03-07-2025 12:39 PM - edited ‎03-07-2025 12:42 PM

Hi david, 

 

Correct ospfv3 uses ipv6 link local and ipsec for authentication and encryption.

To be clear, my neighbourship appears to be working fine:

 

OSPFv3 1 address-family ipv6 (router-id 10.10.201.1)

Neighbor ID Pri State Dead Time Interface ID Interface
10.10.201.2 1 FULL/DR 00:00:04 65 GigabitEthernet4/0/1

 

It is just reporting ipv6 family even with ipv4 address and does not appear to be exchanging routes. I receive no errors with debug enabled. 

 

0 Helpful

David Ruess
VIP
VIP
In response to jbulloch

‎03-07-2025 07:02 PM

Can you provide the config for both devices please?

You also need to make sure your RIDs are different. I only saw one device configuration.

 

-David

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎03-08-2025 08:23 AM - edited ‎03-08-2025 08:26 AM

Hello @jbulloch ,

what you see is normal OSPFv3 with address families or realms relies  on the instance ID field to discriminate between instances for ipv6 unicast, instances for IPv4 unicast, instances IDs for ipv6 multicast and instance IDs for ipv4 multicast.

The one byte/ one octet Instance ID that is present in OSPFv3 hellos and other type of packets is partitioned in 4 subsets.

However, you cannot expect to see an IPv4 OSPF neighbor but an IPv6 neighbor with instance ID 64 that should be advertising IPV4 prefixes.

Try to see what happens without any form of authentication to create a baseline and to validate the OSPFv3 configuration.

As noted by @David Ruess  OSPF RIDs have to be different in the two nodes in order to accept LSAs from neighbor.

This is true also for OSPFv2

Edit:

about the support of OSPFv3 with address  families or realms this is not supported in NX OS it is supported in Cisco IOS XE and Cisco IOS XR.

Hope to help

Giuseppe

 

0 Helpful

Harold Ritter
Spotlight
Spotlight
In response to Giuseppe Larosa

‎03-09-2025 11:00 AM

Hi @Giuseppe Larosa ,

Hope you are doing well my friend.

it is supported in Cisco IOS XE and Cisco IOS XR.

There is still not support for address family ipv4 in ospfv3 in XR.

Regards,

Harold

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Harold Ritter

‎03-10-2025 01:51 AM

Hello @Harold Ritter ,

thanks for your correction I have answered on the fly.

Best Regards

Giuseppe

 

0 Helpful

Harold Ritter
Spotlight
Spotlight

‎03-09-2025 09:04 AM - edited ‎03-09-2025 09:07 AM

Hi @jbulloch ,

However, while we are able to Neighbour with these IPV4 addresses, show neighbours shows ipv6 family

You see the address-family ipv6 unicast in the "show ospfv3 neighbor" output because you enabled this address family on the interface. Remove "ospfv3 1 ipv6 area 99" from the interface and address-family ipv6 unicast will disappear from the "show ospfv3 neighbor" output.

I also can't find the route (another 10 rfc address on a loopback) propagating from my cisco to the security device

You need to enable ospfv3 on the loopback interface so that the loopback ipv4 address is advertised ospfv3.

int lo0

ipv6 enabled

ospfv3 1 ipv4 area 99

Regards,

Harold

Regards,
Harold Ritter, CCIE #4168 (EI, SP)
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card