OSPF6D(8) OpenBSD System Manager's Manual OSPF6D(8)NAME
ospf6d - Open Shortest Path First daemon
SYNOPSIS
ospf6d [-dnv] [-D macro=value] [-f file]
DESCRIPTION
ospf6d is an Open Shortest Path First (OSPF) daemon which manages routing
tables. This implementation supports OSPF version 3, thus it is only
capable of maintaining IPv6 routing tables.
OSPF is an interior gateway protocol designed to supersede RIP. It has
several advantages over RIP. For instance, every router has an
understanding of the complete network topology. Response to changes in
the network is faster. Furthermore, failure detection is improved.
The OSPF daemon maintains a Link State Database (LSDB) containing
information about routers and networks within an Autonomous System (AS).
Dijkstra's shortest path first algorithm is used to compute a Routing
Information Base (RIB) using the LSDB as input. The Forwarding
Information Base (FIB), a.k.a. the kernel routing table, is updated with
information from the RIB.
OSPF routers discover one another automatically via OSPF hello packets.
OSPF routers communicate via two multicast groups: ff02::5 (all Shortest
Path First routers) and ff02::6 (all Designated Routers). OSPF runs
directly on top of IP and uses neither TCP nor UDP. IP protocol number
89 is reserved for OSPF.
All routers in an OSPF network spend most of their time keeping each
others' LSDBs in sync. All routers must have the same information in the
LSDB at all times. Every time the LSDB is updated the RIB is updated; if
needed the FIB is also updated.
In a multi-access network such as Ethernet, it is unfeasible for all
routers to synchronize their LSDB with all other routers in the network.
In such networks a Designated Router (DR) and a Backup Designated Router
(BDR) are elected. The DR's responsibility is to synchronize with all
routers; the BDR will not do much until the DR fails. The first router
in a network is automatically elected DR, the second router BDR. All
routers have a FULL adjacency with the DR and the BDR. Routers with FULL
adjacency exchange information about their LSDBs. A router not elected
either DR or BDR will have 2-WAY adjacency with all routers but the DR
and BDR. Routers with 2-WAY adjacency recognize that they know each
other, but do not exchange information about their LSDBs. If a DR or BDR
fails another router is elected DR or BDR and all routers form FULL
adjacencies with the newly elected DR or BDR.
When routers are connected via point-to-point links, DR and BDR election
is skipped since only two routers are connected to the link.
To limit the impact changes in the network have on the LSDB it is
possible to segment an OSPF network into areas. Area 0.0.0.0 (a.k.a. the
backbone area) must always be present. Routers can be configured as Area
Border Router (ABR), being part of multiple areas. Every area must have
direct access to the backbone area. ABRs not directly connected to the
backbone area need to establish a virtual link to a router in the
backbone area.
AS Border Routers (ASBR) are connected to an OSPF network and other
external networks via BGP, RIP, or static routing, and provide
connectivity to networks outside the AS.
ospf6d is usually started at boot time, and can be enabled by setting the
following in /etc/rc.conf.local:
ospf6d_flags=""
See rc(8) and rc.conf(8) for more information on the boot process and
enabling daemons.
A running ospf6d can be controlled with the ospf6ctl(8) utility.
The options are as follows:
-D macro=value
Define macro to be set to value on the command line. Overrides
the definition of macro in the configuration file.
-d Do not daemonize. If this option is specified, ospf6d will run
in the foreground and log to stderr.
-f file
Specify an alternative configuration file.
-n Configtest mode. Only check the configuration file for validity.
-v Produce more verbose output.
FILES
/etc/ospf6d.conf Default ospf6d configuration file.
/var/run/ospf6d.sock UNIX-domain socket used for communication with
ospf6ctl(8).
SEE ALSOipsec.conf(5), ospf6d.conf(5), ospf6ctl(8)
OSPF for IPv6, RFC 5340, July 2008.
Authentication/Confidentiality for OSPFv3, RFC 4552, June 2006.
HISTORY
The ospf6d program first appeared in OpenBSD 4.2.
BUGS
Virtual links are currently not available in ospf6d.
Support for multiple areas is currently not available in ospf6d.
Unlike OSPF for IPv4, OSPF for IPv6 has no built-in support for
authentication of OSPF packets. Instead, it relies on IPsec for packet
authentication. Because OSPF uses multicast, IKE cannot be used for
configuring IPsec flows securing OSPF traffic. ospf6d is currently
entirely unaware of IPsec and has no support for helping users setting up
IPsec flows between OSPF routers. However, setting up IPsec flows
between routers using manual keying is strongly recommended to protect
the OSPF network against spoofing attacks. Note in particular that flows
need to be configured for multicast groups ff02::5 and ff02::6. See
ipsec.conf(5).
OpenBSD 4.9 May 24, 2010 OpenBSD 4.9