Tehcnical Tip: Configuring and verifying the passive-interface over OSPFv3.

akileshc · ‎04-19-2020

Description
This article explains about advertising the network of specific interface without involving the interface to participate in OSPF neighborship process over OSPFv3, in order reduce the bandwidth utilization.

Solution
Overview.

- The 'passive-interface' option needs to be enabled over the interface, to suppress sending routing updates or hello packet via a specific interface and make sure that only desired individual interfaces where participating in OSPF adjacency.

- If the sending of routing updates on an interface are disable, the particular address prefix will continue to be advertised to other interfaces, and updates from other routers on that interface continue to be received and processed.

- OSPF for IPv6 routing information is neither sent nor received through the specified router interface.
The specified interface address appears as a stub network in the OSPF for IPv6 domain.

Network Diagram.

CLI syntax (FGT1).

# config router ospf6
    set router-id 1.1.1.1
    set passive-interface "port4"
    # config area
        edit 0.0.0.0
        next
    end
    # config ospf6-interface
        edit "1"
            set interface "port1"
        next
        edit "2"
            set interface "port4"
        next
    end

Here, the Subnets associated with both the interfaces “port1” and “port4” will be advertised to the OSPFv3 neighbor (FGT2). However, by setting “port4” to be passive interface; it suppresses sending routing updates or hello packet via port4.

Interface Configuration: (FGT1).

# config system interface
    edit "port1"
        # config ipv6
            set ip6-address 9001::1/64
             end
    next
edit "port4"
        # config ipv6
            set ip6-address 2002::2/128
       end

OSPFv3 interface output: (Before setting interface port4 to passive).

# get router info6 ospf interface
port4 is up, line protocol is up
Interface ID 6
IPv6 Prefixes
    fe80::278:65ff:fe6e:904/64 (Link-Local Address)
    2002::2/128
OSPFv3 Process (root), Area 0.0.0.0, Instance ID 0
    Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1, MTU: 1500
    Transmit Delay is 1 sec, State DR, Priority 1
    Designated Router (ID) 1.1.1.1
      Interface Address fe80::278:65ff:fe6e:904
    No backup designated router on this link
    Timer interval configured, Hello 10, Dead 40, Wait 40, Retransmit 5
      Hello due in 00:00:07
    Neighbor Count is 0, Adjacent neighbor count is 0
    Auth mode AH, auth-alg MD5, eng-alg NULL, Key roll over interval 300

OSPFv3 interface output: (After setting interface port4 to passive).

# get router info6 ospf interface
port4 is up, line protocol is up
Interface ID 6
IPv6 Prefixes
    fe80::278:65ff:fe6e:904/64 (Link-Local Address)
    2002::2/128
OSPFv3 Process (root), Area 0.0.0.0, Instance ID 0
    Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1, MTU: 1500
    Transmit Delay is 1 sec, State DR, Priority 1
    Designated Router (ID) 1.1.1.1
      Interface Address fe80::278:65ff:fe6e:904
    No backup designated router on this link
    Timer interval configured, Hello 10, Dead 40, Wait 40, Retransmit 5
      No Hellos (Passive interface)
    Neighbor Count is 0, Adjacent neighbor count is 0
    Auth mode AH, auth-alg MD5, eng-alg NULL, Key roll over interval 300

Routes received over OSPF adjacent neighbor: (Before and after setting the interface Port4 to passive).

# get router info6 routing-table database
O    *> 2002::2/128 [110/2] via fe80::278:65ff:fe6e:901, port1, 00:28:55
O    *> 9001::/64 [110/2] via fe80::278:65ff:fe6e:901, port1, 00:28:55

# get router info6 ospf route
O 2002::2/128                                        2
     via fe80::278:65ff:fe6e:901, port1, Area 0.0.0.0
O 9001::/64                                          2
     via fe80::278:65ff:fe6e:901, port1, Area 0.0.0.0