1.\" $OpenBSD: ospf6d.8,v 1.21 2023/03/02 17:09:54 jmc Exp $ 2.\" 3.\" Copyright (c) 2004, 2005, 2007 Esben Norby <norby@openbsd.org> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" 17.Dd $Mdocdate: March 2 2023 $ 18.Dt OSPF6D 8 19.Os 20.Sh NAME 21.Nm ospf6d 22.Nd Open Shortest Path First (OSPF) for IPv6 routing daemon 23.Sh SYNOPSIS 24.Nm 25.Op Fl dnv 26.Op Fl D Ar macro Ns = Ns Ar value 27.Op Fl f Ar file 28.Op Fl s Ar socket 29.Sh DESCRIPTION 30.Nm 31is an Open Shortest Path First 32.Pq OSPF 33daemon which manages routing tables. 34This implementation supports OSPF version 3, thus it is only capable of 35maintaining IPv6 routing tables. 36.Pp 37OSPF is an interior gateway protocol designed to supersede RIP. 38It has several advantages over RIP. 39For instance, every router has an understanding of the complete network 40topology. 41Response to changes in the network is faster. 42Furthermore, failure detection is improved. 43.Pp 44The OSPF daemon maintains a Link State Database 45.Pq LSDB 46containing information about routers and networks within an Autonomous System 47.Pq AS . 48.Pp 49Dijkstra's shortest path first algorithm is used to compute a Routing 50Information Base 51.Pq RIB 52using the LSDB as input. 53The Forwarding Information Base 54.Pq FIB , 55a.k.a. the kernel routing table, is updated with information from the RIB. 56.Pp 57OSPF routers discover one another automatically via OSPF hello packets. 58OSPF routers communicate via two multicast groups: ff02::5 (all Shortest 59Path First routers) and ff02::6 (all Designated Routers). 60OSPF runs directly on top of IP and uses neither TCP nor UDP. 61IP protocol number 89 is reserved for OSPF. 62.Pp 63All routers in an OSPF network spend most of their time keeping each others' 64LSDBs in sync. 65All routers must have the same information in the LSDB at all times. 66Every time the LSDB is updated, the RIB is updated; if needed, the FIB is 67also updated. 68.Pp 69In a multi-access network such as Ethernet, it is unfeasible for all routers 70to synchronize their LSDB with all other routers in the network. 71In such networks a Designated Router 72.Pq DR 73and a Backup Designated Router 74.Pq BDR 75are elected. 76The DR's responsibility is to synchronize with all routers; the BDR will 77not do much until the DR fails. 78The first router in a network is automatically elected DR, the second 79router BDR. 80All routers have a FULL adjacency with the DR and the BDR. 81Routers with FULL adjacency exchange information about their LSDBs. 82A router not elected either DR or BDR will have 2-WAY adjacency with all 83routers but the DR and BDR. 84Routers with 2-WAY adjacency recognize that they know each other, 85but do not exchange information about their LSDBs. 86If a DR or BDR fails, another router is elected DR or BDR 87and all routers form FULL adjacencies with the newly elected DR or BDR. 88.Pp 89When routers are connected via point-to-point links, DR and BDR 90election is skipped since only two routers are connected to the link. 91.Pp 92To limit the impact changes in the network have on the LSDB it is possible 93to segment an OSPF network into areas. 94Area 0.0.0.0 (a.k.a. the backbone area) must always be present. 95Routers can be configured as Area Border Router 96.Pq ABR , 97being part of multiple areas. 98Every area must have direct access to the backbone area. 99ABRs not directly connected to the backbone area need to establish a 100virtual link to a router in the backbone area. 101.Pp 102AS Border Routers 103.Pq ASBR 104are connected to an OSPF network and other external networks via BGP, RIP, 105or static routing, and provide connectivity to networks outside the AS. 106.Pp 107To have 108.Nm 109enabled at boot time, use 110.Dq rcctl enable ospf6d , 111which sets 112.Pp 113.Dl ospf6d_flags=\(dq\(dq 114.Pp 115in 116.Xr rc.conf.local 8 . 117.Pp 118A running 119.Nm 120can be controlled with the 121.Xr ospf6ctl 8 122utility. 123.Pp 124The options are as follows: 125.Bl -tag -width Ds 126.It Fl D Ar macro Ns = Ns Ar value 127Define 128.Ar macro 129to be set to 130.Ar value 131on the command line. 132Overrides the definition of 133.Ar macro 134in the configuration file. 135.It Fl d 136Do not daemonize. 137If this option is specified, 138.Nm 139will run in the foreground and log to 140.Em stderr . 141.It Fl f Ar file 142Specify an alternative configuration file. 143.It Fl n 144Configtest mode. 145Only check the configuration file for validity. 146.It Fl s Ar socket 147Use an alternate location for the default control socket. 148.It Fl v 149Produce more verbose output. 150.El 151.Sh FILES 152.Bl -tag -width "/var/run/ospf6d.sockXX" -compact 153.It Pa /etc/ospf6d.conf 154Default 155.Nm 156configuration file. 157.It Pa /var/run/ospf6d.sock 158.Ux Ns -domain 159socket used for communication with 160.Xr ospf6ctl 8 . 161.El 162.Sh SEE ALSO 163.Xr ipsec.conf 5 , 164.Xr ospf6d.conf 5 , 165.Xr ospf6ctl 8 166.Sh STANDARDS 167.Rs 168.%A M. Gupta 169.%A N. Melam 170.%D June 2006 171.%R RFC 4552 172.%T Authentication/Confidentiality for OSPFv3 173.Re 174.Pp 175.Rs 176.%A R. Coltun 177.%A D. Ferguson 178.%A J. Moy 179.%A A. Lindem 180.%D July 2008 181.%R RFC 5340 182.%T OSPF for IPv6 183.Re 184.Sh HISTORY 185The 186.Nm 187program first appeared in 188.Ox 4.2 . 189.Sh BUGS 190Virtual links are currently not available in 191.Nm . 192.Pp 193Support for multiple areas is currently not available in 194.Nm . 195.Pp 196Unlike OSPF for IPv4, OSPF for IPv6 has no built-in support for 197authentication of OSPF packets. 198Instead, it relies on IPsec for packet authentication. 199Because OSPF uses multicast, IKE cannot be used for configuring IPsec 200flows securing OSPF traffic. 201.Nm 202is currently entirely unaware of IPsec and has no support for helping 203users setting up IPsec flows between OSPF routers. 204However, setting up IPsec flows between routers using manual keying is 205strongly recommended to protect the OSPF network against spoofing attacks. 206Note in particular that flows need to be configured for multicast groups 207ff02::5 and ff02::6. 208See 209.Xr ipsec.conf 5 . 210