1.\" $OpenBSD: ospf6d.8,v 1.13 2010/05/24 19:44:23 jmc Exp $ 2.\" 3.\" Copyright (c) 2004, 2005, 2007 Esben Norby <norby@openbsd.org> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" 17.Dd $Mdocdate: May 24 2010 $ 18.Dt OSPF6D 8 19.Os 20.Sh NAME 21.Nm ospf6d 22.Nd "Open Shortest Path First daemon" 23.Sh SYNOPSIS 24.Nm 25.Op Fl dnv 26.Op Fl D Ar macro Ns = Ns Ar value 27.Op Fl f Ar file 28.Sh DESCRIPTION 29.Nm 30is an Open Shortest Path First 31.Pq OSPF 32daemon which manages routing tables. 33This implementation supports OSPF version 3, thus it is only capable of 34maintaining IPv6 routing tables. 35.Pp 36OSPF is an interior gateway protocol designed to supersede RIP. 37It has several advantages over RIP. 38For instance, every router has an understanding of the complete network 39topology. 40Response to changes in the network is faster. 41Furthermore, failure detection is improved. 42.Pp 43The OSPF daemon maintains a Link State Database 44.Pq LSDB 45containing information about routers and networks within an Autonomous System 46.Pq AS . 47.Pp 48Dijkstra's shortest path first algorithm is used to compute a Routing 49Information Base 50.Pq RIB 51using the LSDB as input. 52The Forwarding Information Base 53.Pq FIB , 54a.k.a. the kernel routing table, is updated with information from the RIB. 55.Pp 56OSPF routers discover one another automatically via OSPF hello packets. 57OSPF routers communicate via two multicast groups: ff02::5 (all Shortest 58Path First routers) and ff02::6 (all Designated Routers). 59OSPF runs directly on top of IP and uses neither TCP nor UDP. 60IP protocol number 89 is reserved for OSPF. 61.Pp 62All routers in an OSPF network spend most of their time keeping each others' 63LSDBs in sync. 64All routers must have the same information in the LSDB at all times. 65Every time the LSDB is updated the RIB is updated; if needed the FIB is 66also updated. 67.Pp 68In a multi-access network such as Ethernet, it is unfeasible for all routers 69to synchronize their LSDB with all other routers in the network. 70In such networks a Designated Router 71.Pq DR 72and a Backup Designated Router 73.Pq BDR 74are elected. 75The DR's responsibility is to synchronize with all routers; the BDR will 76not do much until the DR fails. 77The first router in a network is automatically elected DR, the second 78router BDR. 79All routers have a FULL adjacency with the DR and the BDR. 80Routers with FULL adjacency exchange information about their LSDBs. 81A router not elected either DR or BDR will have 2-WAY adjacency with all 82routers but the DR and BDR. 83Routers with 2-WAY adjacency recognize that they know each other, 84but do not exchange information about their LSDBs. 85If a DR or BDR fails another router is elected DR or BDR 86and all routers form FULL adjacencies with the newly elected DR or BDR. 87.Pp 88When routers are connected via point-to-point links, DR and BDR 89election is skipped since only two routers are connected to the link. 90.Pp 91To limit the impact changes in the network have on the LSDB it is possible 92to segment an OSPF network into areas. 93Area 0.0.0.0 (a.k.a. the backbone area) must always be present. 94Routers can be configured as Area Border Router 95.Pq ABR , 96being part of multiple areas. 97Every area must have direct access to the backbone area. 98ABRs not directly connected to the backbone area need to establish a 99virtual link to a router in the backbone area. 100.Pp 101AS Border Routers 102.Pq ASBR 103are connected to an OSPF network and other external networks via BGP, RIP, 104or static routing, and provide connectivity to networks outside the AS. 105.Pp 106.Nm 107is usually started at boot time, and can be enabled by 108setting the following in 109.Pa /etc/rc.conf.local : 110.Pp 111.Dl ospf6d_flags=\&"\&" 112.Pp 113See 114.Xr rc 8 115and 116.Xr rc.conf 8 117for more information on the boot process 118and enabling daemons. 119.Pp 120A running 121.Nm 122can be controlled with the 123.Xr ospf6ctl 8 124utility. 125.Pp 126The options are as follows: 127.Bl -tag -width Ds 128.It Fl D Ar macro Ns = Ns Ar value 129Define 130.Ar macro 131to be set to 132.Ar value 133on the command line. 134Overrides the definition of 135.Ar macro 136in the configuration file. 137.It Fl d 138Do not daemonize. 139If this option is specified, 140.Nm 141will run in the foreground and log to 142.Em stderr . 143.It Fl f Ar file 144Specify an alternative configuration file. 145.It Fl n 146Configtest mode. 147Only check the configuration file for validity. 148.It Fl v 149Produce more verbose output. 150.El 151.Sh FILES 152.Bl -tag -width "/var/run/ospf6d.sockXX" -compact 153.It /etc/ospf6d.conf 154Default 155.Nm 156configuration file. 157.It /var/run/ospf6d.sock 158.Ux Ns -domain 159socket used for communication with 160.Xr ospf6ctl 8 . 161.El 162.Sh SEE ALSO 163.Xr ipsec.conf 5 , 164.Xr ospf6d.conf 5 , 165.Xr ospf6ctl 8 166.Rs 167.%R RFC 5340 168.%T "OSPF for IPv6" 169.%D July 2008 170.Re 171.Rs 172.%R RFC 4552 173.%T "Authentication/Confidentiality for OSPFv3" 174.%D June 2006 175.Re 176.Sh HISTORY 177The 178.Nm 179program first appeared in 180.Ox 4.2 . 181.Sh BUGS 182Virtual links are currently not available in 183.Nm . 184.Pp 185Support for multiple areas is currently not available in 186.Nm . 187.Pp 188Unlike OSPF for IPv4, OSPF for IPv6 has no built-in support for 189authentication of OSPF packets. 190Instead, it relies on IPsec for packet authentication. 191Because OSPF uses multicast, IKE cannot be used for configuring IPsec 192flows securing OSPF traffic. 193.Nm 194is currently entirely unaware of IPsec and has no support for helping 195users setting up IPsec flows between OSPF routers. 196However, setting up IPsec flows between routers using manual keying is 197strongly recommended to protect the OSPF network against spoofing attacks. 198Note in particular that flows need to be configured for multicast groups 199ff02::5 and ff02::6. 200See 201.Xr ipsec.conf 5 . 202