Technical Tip: Significance of link local addresses for OSPFv3 formation over IPSec
Description
This article describes how OSPFv3 neighborship can be formed when IPSec is configured with IPv6.
Solution
In order to bring OSPFv3 up on the tunnel interface, the link-local address apart from IPv6 address is necessary.
OSPFv3 requires that a link-local address be configured.
Only link-local address are used for OSPFv3 advertisements.
Link-local addresses are automatically configured for broadcast interfaces.
This is why issue will not be noticed over broadcast interfaces.
Link-local addresses are not automatically configured for point-to-point interfaces (inter-vdom link, GRE, IPSec,...) because these interfaces do not have their own MAC addresses.
Each end-point of the tunnel must be configured with a link-local address in order to allow OSPFv3 adjacency.
IPv6 link-local addresses start with 'FE8', 'FE9', 'FEA' or 'FEB'.
Also it is unique for each tunnel, below is the example:
Example,
This article describes how OSPFv3 neighborship can be formed when IPSec is configured with IPv6.
Solution
In order to bring OSPFv3 up on the tunnel interface, the link-local address apart from IPv6 address is necessary.
OSPFv3 requires that a link-local address be configured.
Only link-local address are used for OSPFv3 advertisements.
Link-local addresses are automatically configured for broadcast interfaces.
This is why issue will not be noticed over broadcast interfaces.
Link-local addresses are not automatically configured for point-to-point interfaces (inter-vdom link, GRE, IPSec,...) because these interfaces do not have their own MAC addresses.
Each end-point of the tunnel must be configured with a link-local address in order to allow OSPFv3 adjacency.
IPv6 link-local addresses start with 'FE8', 'FE9', 'FEA' or 'FEB'.
Also it is unique for each tunnel, below is the example:
Example,
# config system interface
edit "Test" <----- Tunnel interface.
# config ipv6
set ip6-address fe80::1/64 <----- Link-Local address.
# config ip6-extra-addr
edit xyz8:0:0:93::/127
next
end
end
next
end