Configuring OSPFv2
About OSPFv2
OSPFv2 and the Unicast RIB
Authentication
- Simple Password Authentication
- Cryptographic Authentication
  - MD5 Authentication
  - HMAC-SHA Authentication
Advanced Features
Prerequisites for OSPFv2
Guidelines and Limitations for OSPFv2
Default Settings for OSPFv2
Configuring Basic OSPFv2
Configuring Advanced OSPFv2
Verifying the OSPFv2 Configuration
Monitoring OSPFv2
Configuration Examples for OSPFv2
- OSPF RFC Compatibility Mode Example
Additional References
- Related Documents for OSPFv2
- MIBs

Configuring OSPFv2

This chapter describes how to configure Open Shortest Path First version 2 (OSPFv2) for IPv4 networks on the Cisco NX-OS device.

This chapter includes the following sections:

About OSPFv2

OSPFv2 is an IETF link-state protocol (see the Link-State Protocols section) for IPv4 networks. An OSPFv2 router sends a special message, called a hello packet, out each OSPF-enabled interface to discover other OSPFv2 neighbor routers. Once a neighbor is discovered, the two routers compare information in the Hello packet to determine if the routers have compatible configurations. The neighbor routers try to establish adjacency, which means that the routers synchronize their link-state databases to ensure that they have identical OSPFv2 routing information. Adjacent routers share link-state advertisements (LSAs) that include information about the operational state of each link, the cost of the link, and any other neighbor information. The routers then flood these received LSAs out every OSPF-enabled interface so that all OSPFv2 routers eventually have identical link-state databases. When all OSPFv2 routers have identical link-state databases, the network is converged (see the Convergence section). Each router then uses Dijkstra’s Shortest Path First (SPF) algorithm to build its route table.

You can divide OSPFv2 networks into areas. Routers send most LSAs only within one area, which reduces the CPU and memory requirements for an OSPF-enabled router.

OSPFv2 supports IPv4, while OSPFv3 supports IPv6. For more information, see Configuring OSPFv3.

Note

OSPFv2 on Cisco NX-OS supports RFC 2328. This RFC introduced a different method to calculate route summary costs which is not compatible with the calculation used by RFC1583. RFC 2328 also introduced different selection criteria for AS-external paths. It is important_ to ensure that all routers support the same RFC. RFC. Use the rfc1583compatibility command if your network includes routers that are only compliant with RFC1583. The default supported RFC standard for OSPFv2 may be different for Cisco NX-OS and Cisco IOS. You must make adjustments to set the values identically. See the OSPF RFC Compatibility Mode Example section for more information.

OSPFv2 and the Unicast RIB

OSPFv2 runs the Dijkstra shortest path first algorithm on the link-state database. This algorithm selects the best path to each destination based on the sum of all the link costs for each link in the path. The resultant shortest path for each destination is then put in the OSPFv2 route table. When the OSPFv2 network is converged, this route table feeds into the unicast RIB. OSPFv2 communicates with the unicast RIB to do the following:

Add or remove routes
Handle route redistribution from other protocols
Provide convergence updates to remove stale OSPFv2 routes and for stub router advertisements (see the OSPFv2 Stub Router Advertisements section)

OSPFv2 also runs a modified Dijkstra algorithm for fast recalculation for summary and external (type 3, 4, 5, and 7) LSA changes.

Authentication

You can configure authentication on OSPFv2 messages to prevent unauthorized or invalid routing updates in your network. Cisco NX-OS supports two authentication methods:

Simple password authentication
MD5 authentication digest

You can configure the OSPFv2 authentication for an OSPFv2 area or per interface.

Simple Password Authentication

Simple password authentication uses a simple clear-text password that is sent as part of the OSPFv2 message. The receiving OSPFv2 router must be configured with the same clear-text password to accept the OSPFv2 message as a valid route update. Because the password is in clear text, anyone who can watch traffic on the network can learn the password.

Cryptographic Authentication

Cryptographic authentication uses an encrypted password for OSPFv2 authentication. The transmitter computes a code using the packet to be transmitted and the key string, inserts the code and the key ID in the packet, and transmits the packet. The receiver validates the code in the packet by computing the code locally using the received packet and the key string (corresponding to the key ID in the packet) configured locally.

Both message digest 5 (MD5) and hash-based message authentication code secure hash algorithm (HMAC-SHA) cryptographic authentication are supported.

MD5 Authentication

You should use MD5 authentication to authenticate OSPFv2 messages. You configure a password that is shared at the local router and all remote OSPFv2 neighbors. For each OSPFv2 message, Cisco NX-OS creates an MD5 one-way message digest based on the message itself and the encrypted password. The interface sends this digest with the OSPFv2 message. The receiving OSPFv2 neighbor validates the digest using the same encrypted password. If the message has not changed, the digest calculation is identical and the OSPFv2 message is considered valid.

MD5 authentication includes a sequence number with each OSPFv2 message to ensure that no message is replayed in the network.

HMAC-SHA Authentication

Starting with Cisco NX-OS Release 7.0(3)I3(1), OSPFv2 supports RFC 5709 to allow the use of HMAC-SHA algorithms, which offer more security than MD5. The HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384. and HMAC-SHA-512 algorithms are supported for OSPFv2 authentication.

Advanced Features

Cisco NX-OS supports advanced OSPFv3 features that enhance the usability and scalability of OSPFv2 in the network.

Stub Area

You can limit the amount of external routing information that floods an area by making it a stub area. A stub area is an area that does not allow AS External (type 5) LSAs (see the Link-State Advertisement section). These LSAs are usually flooded throughout the local autonomous system to propagate external route information. Stub areas have the following requirements:

All routers in the stub area are stub routers. See the Stub Routing section.
No ASBR routers exist in the stub area.
You cannot configure virtual links in the stub area.

The following figure shows an example of an OSPFv2 autonomous system where all routers in area 0.0.0.10 have to go through the ABR to reach external autonomous systems. Area 0.0.0.10 can be configured as a stub area.

Stub areas use a default route for all traffic that needs to go through the backbone area to the external autonomous system. The default route is 0.0.0.0 for IPv4.

Not So Stubby Area

A Not-so-Stubby Area (NSSA) is similar to a stub area, except that an NSSA allows you to import autonomous system external routes within an NSSA using redistribution. The NSSA ASBR redistributes these routes and generates NSSA External (type 7) LSAs that it floods throughout the NSSA. You can optionally configure the ABR that connects the NSSA to other areas to translate this NSSA External LSA to AS External (type 5) LSAs. The ABR then floods these AS External LSAs throughout the OSPFv2 autonomous system. Summarization and filtering are supported during the translation. See the Link-State Advertisement section for information about NSSA External LSAs.

You can, for example, use NSSA to simplify administration if you are connecting a central site using OSPFv2 to a remote site that is using a different routing protocol. Before NSSA, the connection between the corporate site border router and a remote router could not be run as an OSPFv2 stub area because routes for the remote site could not be redistributed into a stub area. With NSSA, you can extend OSPFv2 to cover the remote connection by defining the area between the corporate router and remote router as an NSSA (see the Configuring NSSA section).

The backbone Area 0 cannot be an NSSA.

Note

Beginning with Cisco NX-OS Release 9.2(4), OSPF became compliant with RFC 3101 section 2.5(3). When an Area Border Router attached to a Not-so-Stubby Area receives a default route LSA with P-bit clear, it should be ignored. OSPF had been previously adding the default route under these conditions.

If you have already designed your networks with RFC non-compliant behavior and expect a default route to be added on NSSA ABR, you will see a change in behavior when you upgrade to Cisco NX-OS Release 9.2(4) and later.

Virtual Links

Virtual links allow you to connect an OSPFv2 area ABR to a backbone area ABR when a direct physical connection is not available. The figure shows a virtual link that connects Area 3 to the backbone area through Area 5.

You can also use virtual links to temporarily recover from a partitioned area, which occurs when a link within the area fails, isolating part of the area from reaching the designated ABR to the backbone area.

Route Redistribution

OSPFv2 can learn routes from other routing protocols by using route redistribution. See the Route Redistribution Overview section.You configure OSPFv2 to assign a link cost for these redistributed routes or a default link cost for all redistributed routes.

Route redistribution uses route maps to control which external routes are redistributed. You must configure a route map with the redistribution to control which routes are passed into OSPFv2. A route map allows you to filter routes based on attributes such as the destination, origination protocol, route type, route tag, and so on. You can use route maps to modify parameters in the AS External (type 5) and NSSA External (type 7) LSAs before these external routes are advertised in the local OSPFv2 autonomous system. See Configuring Route Policy Manager, for information about configuring route maps.

Route Summarization

Because OSPFv2 shares all learned routes with every OSPF-enabled router, you might want to use route summarization to reduce the number of unique routes that are flooded to every OSPF-enabled router. Route summarization simplifies route tables by replacing more-specific addresses with an address that represents all the specific addresses. For example, you can replace 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24 with one summary address, 10.1.0.0/16.

Typically, you would summarize at the boundaries of area border routers (ABRs). Although you could configure summarization between any two areas, it is better to summarize in the direction of the backbone so that the backbone receives all the aggregate addresses and injects them, already summarized, into other areas. The two types of summarization are as follows

Inter-area route summarization
External route summarization

You configure inter-area route summarization on ABRs, summarizing routes between areas in the autonomous system. To take advantage of summarization, you should assign network numbers in areas in a contiguous way to be able to lump these addresses into one range.

External route summarization is specific to external routes that are injected into OSPFv2 using route redistribution. You should make sure that external ranges that are being summarized are contiguous. Summarizing overlapping ranges from two different routers could cause packets to be sent to the wrong destination. Configure external route summarization on ASBRs that are redistributing routes into OSPF.

When you configure a summary address, Cisco NX-OS automatically configures a discard route for the summary address to prevent routing black holes and route loops.

High Availability and Graceful Restart

Cisco NX-OS provides a multilevel high-availability architecture. OSPFv2 supports stateful restart, which is also referred to as non-stop routing (NSR). If OSPFv2 experiences problems, it attempts to restart from its previous run-time state. The neighbors do not register any neighbor event in this case. If the first restart is not successful and another problem occurs, OSPFv2 attempts a graceful restart.

A graceful restart, or nonstop forwarding (NSF), allows OSPFv2 to remain in the data forwarding path through a process restart. When OSPFv2 needs to perform a graceful restart, it sends a link-local opaque (type 9) LSA, called a grace LSA. This restarting OSPFv2 platform is called NSF capable.

The grace LSA includes a grace period, which is a specified time that the neighbor OSPFv2 interfaces hold onto the LSAs from the restarting OSPFv2 interface. (Typically, OSPFv2 tears down the adjacency and discards all LSAs from a down or restarting OSPFv2 interface.) The participating neighbors, which are called NSF helpers, keep all LSAs that originate from the restarting OSPFv2 interface as if the interface was still adjacent.

When the restarting OSPFv2 interface is operational again, it rediscovers its neighbors, establishes adjacency, and starts sending its LSA updates again. At this point, the NSF helpers recognize that the graceful restart has finished.

Stateful restart is used in the following scenarios:

First recovery attempt after the process experiences problems
User-initiated switchover using the system switchover command

Graceful restart is used in the following scenarios:

Second recovery attempt after the process experiences problems within a 4-minute interval
Manual restart of the process using the restart ospf command
Active supervisor removal
Active supervisor reload using the reload module active-sup command

OSPFv2 Stub Router Advertisements

You can configure an OSPFv2 interface to act as a stub router using the OSPFv2 Stub Router Advertisements feature. Use this feature when you want to limit the OSPFv2 traffic through this router, such as when you want to introduce a new router to the network in a controlled manner or limit the load on a router that is already overloaded. You might also want to use this feature for various administrative or traffic engineering reasons.

OSPFv2 stub router advertisements do not remove the OSPFv2 router from the network topology, but they do prevent other OSPFv2 routers from using this router to route traffic to other parts of the network. Only the traffic that is destined for this router or directly connected to this router is sent.

OSPFv2 stub router advertisements mark all stub links (directly connected to the local router) to the cost of the local OSPFv2 interface. All remote links are marked with the maximum cost (0xFFFF).

Multiple OSPFv2 Instances

Cisco NX-OS supports multiple instances of the OSPFv2 protocol that run on the same node. You cannot configure multiple instances over the same interface. By default, every instance uses the same system router ID. You must manually configure the router ID for each instance if the instances are in the same OSPFv2 autonomous system. For the number of supported OSPFv2 instances, see the Cisco Nexus 9000 Series NX-OS Verified Scalability Guide.

SPF Optimization

Cisco NX-OS optimizes the SPF algorithm in the following ways:

Partial SPF for Network (type 2) LSAs, Network Summary (type 3) LSAs, and AS External (type 5) LSAs—When there is a change on any of these LSAs, Cisco NX-OS performs a faster partial calculation rather than running the whole SPF calculation.
SPF timers—You can configure different timers for controlling SPF calculations. These timers include exponential backoff for subsequent SPF calculations. The exponential backoff limits the CPU load of multiple SPF calculations.

BFD

This feature supports bidirectional forwarding detection (BFD). BFD is a detection protocol that provides fast forwarding-path failure detection times. BFD provides subsecond failure detection between two adjacent devices and can be less CPU-intensive than protocol hello messages, because some of the BFD load can be distributed onto the data plane on supported modules. See the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide for more information.

Virtualization Support for OSPFv2

Cisco NX-OS supports multiple process instances for OSPFv3. Each OSPF instance can support multiple virtual routing and forwarding (VRF) instances, up to the system limit. For the number of supported OSPFv2 instances, see the Cisco Nexus 9000 Series NX-OS Verified Scalability Guide.

Prerequisites for OSPFv2

OSPFv2 has the following prerequisites:

You must be familiar with routing fundamentals to configure OSPF.
You are logged on to the switch.
You have configured at least one interface for IPv4 that can communicate with a remote OSPFv2 neighbor.
You have completed the OSPFv2 network strategy and planning for your network. For example, you must decide whether multiple areas are required.
You have enabled the OSPF feature (see the Enabling OSPFv2 section).

Guidelines and Limitations for OSPFv2

OSPFv2 has the following configuration guidelines and limitations:

The graceful-restart planned-only command under OSPFv2 on reload converts to the graceful-restart command.

This is not causing any impact on the functionality. If the graceful-restart planned-only is not in the configuration, this problem is not applicable for that device.

This occurs when the Cisco NX-OS release is 9.3(2) and CSCvs57583 is not included in the release. A workaround is to unconfigure the graceful-restart command and reconfigure the old command.
Names in the prefix-list are case-insensitive. We recommend using unique names. Do not use the same name by modifying uppercase and lowercase characters. For example, CTCPrimaryNetworks and CtcPrimaryNetworks are not two different entries.
If you enter the no graceful-restart planned only command, graceful restart is disabled.
Cisco NX-OS displays areas in dotted decimal notation regardless of whether you enter the area in decimal or dotted decimal notation.
All OSPFv2 routers must operate in the same RFC compatibility mode. OSPFv2 for Cisco NX-OS complies with RFC 2328. Use the rfc1583compatibility command in router configuration mode if your network includes routers that support only RFC 1583.
In scaled scenarios, when the number of interfaces and link-state advertisements in an OSPF process is large, the snmp-walk on OSPF MIB objects is expected to time out with a small-values timeout at the SNMP agent. If your observe a timeout on the querying SNMP agent while polling OSPF MIB objects, increase the timeout value on the polling SNMP agent.
The following guidelines and limitations apply to the administrative distance feature:
- When an OSPF route has two or more equal cost paths, configuring the administrative distance is non-deterministic for the match ip route-source command.
- Configuring the administrative distance is supported only for the match route-type , match ip address prefix-list , and match ip route-source prefix-list commands. The other match statements are ignored.
- There is no preference among the match route-type , match ip address , and match ip route-source commands for setting the administrative distance of OSPF routes. In this way, the behavior of the table map for setting the administrative distance in Cisco NX-OS OSPF is different from that in Cisco IOS OSPF.
- The discard route is always assigned an administrative distance of 220. No configuration in the table map applies to OSPF discard routes.
If you configure the delay restore seconds command in vPC configuration mode and if the VLANs on the multichassis EtherChannel trunk (MCT) are announced by OSPFv2 or OSPFv3 using switch virtual interfaces (SVIs), those SVIs are announced with MAX_LINK_COST on the vPC secondary node during the configured time. As a result, all route or host programming completes after the vPC synchronization operation (on a peer reload of the secondary vPC node) before attracting traffic. This behavior allows for minimal packet loss for any north-to-south traffic.

For N9K-X9636C-R and N9K-X9636Q-R line cards and the N9K-C9508-FM-R fabric module, the output of the show run ospf command might show the default values for some OSPF commands.

Note

If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.

If you use the network ip address mask command under OSPF, an error message will be displayed, and you will be prompted to enable OSPF under an interface with area area id command.
It is recommended that you use the OSPF default timers (hello-interval:10 and dead-interval:40). For better convergence time, you can use the BFD along with OSPF. This combination will give sub-second link/adjacency flaps detection and very low convergence time.
While OSPF support are aggressive timers, these are not commended as aggressive timers will bring the adjancency down quickly as well as cause CPU churn. We recommend you to use the default timers and use BFD (Bidirectional Forwarding Detection) to get sub-second failure detection.
Beginning with Cisco NX-OS Release 10.3(1)F, OSPFv2 is supported on the Cisco Nexus 9808 switches.
Beginning with Cisco NX-OS Release 10.4(1)F, OSPFv2 is supported on the Cisco Nexus 9804 switches.
Beginning with Cisco NX-OS Release 10.3(3)F, OSPFv2 supports Type-6 keychain encryption for OSPFv2 user password on the Cisco NX-OS switches.
Beginning with Cisco NX-OS Release 10.4(1)F, OSPFv2 is supported on Cisco Nexus X98900CD-A and X9836DM-A line cards with Cisco Nexus 9808 and 9804 switches.

Default Settings for OSPFv2

The table lists the default settings for OSPFv2 parameters.

Table 1. Default OSPFv2 Parameters
Parameters	Default
Administrative distance	110
Hello interval	10 seconds
Dead interval	40 seconds
Discard routes	Enabled
Graceful restart grace period	60 seconds
OSPFv2 feature	Disabled
Stub router advertisement announce time	600 seconds
Reference bandwidth for link cost calculation	40 Gb/s
LSA minimal arrival time	1000 milliseconds
LSA group pacing	10 seconds
SPF calculation initial delay time	200 milliseconds
SPF minimum hold time	5000 milliseconds
SPF calculation initial delay time	1000 milliseconds

Configuring Basic OSPFv2

Configure OSPFv2 after you have designed your OSPFv2 network.

Enabling OSPFv2

You must enable the OSPFv2 feature before you can configure OSPFv2.

SUMMARY STEPS

configure terminal
feature ospf
(Optional) show feature
(Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	feature ospf Example: `switch(config)# feature ospf` Example:	Enables the OSPFv2 feature.
Step 3	(Optional) show feature Example: `switch(config)# show feature`	(Optional) Displays enabled and disabled features.
Step 4	(Optional) copy running-config startup-config Example: `switch(config)# copy running-config startup-config`	(Optional) Copies the running configuration to the startup configuration.

Example

To disable the OSPFv2 feature and remove all associated configuration, use the no feature ospf command in global configuration mode:


Command	Purpose
no feature ospf Example: `switch(config)# no feature ospf`	Disables the OSPFv2 feature and removes all associated configuration.

Creating an OSPFv2 Instance

The first step in configuring OSPFv2 is to create an OSPFv2 instance. You assign a unique instance tag for this OSPFv2 instance. The instance tag can be any string.

For more information about OSPFv2 instance parameters, see the Configuring Advanced OSPFv2 section.

Before you begin

Ensure that you have enabled the OSPF feature (see the Enabling OSPFv2 section).

Use the show ip ospf instance-tag command to verify that the instance tag is not in use.

OSPFv2 must be able to obtain a router identifier (for example, a configured loopback address) or you must configure the router ID option.

SUMMARY STEPS

configure terminal
[no]router ospf instance-tag
(Optional) router-id ip-address
(Optional) show ip ospf instance-tag
(Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	[no]router ospf `instance-tag` Example: `switch(config)# router ospf 201 switch(config-router)`	Creates a new OSPFv2 instance with the configured instance tag.
Step 3	(Optional) router-id `ip-address` Example: `switch(config-router)# router-id 192.0.2.1`	(Optional) Configures the OSPFv2 router ID. This IP address identifies this OSPFv2 instance and must exist on a configured interface in the system.
Step 4	(Optional) show ip ospf `instance-tag` Example: `switch(config-router)# show ip ospf 201`	(Optional) Displays OSPF information.
Step 5	(Optional) copy running-config startup-config Example: `switch(config)# copy running-config startup-config`	(Optional) Copies the running configuration to the startup configuration.

Example

To remove the OSPFv2 instance and all associated configuration, use the no router ospf command in global configuration mode.


Command	Purpose
no router ospf `instance-tag` Example: `switch(config)# no router ospf 201`	Deletes the OSPF instance and the associated configuration.

Note

This command does not remove the OSPF configuration in interface mode. You must manually remove any OSPFv2 commands configured in interface mode.

Configuring Optional Parameters on an OSPFv2 Instance

You can configure optional parameters for OSPF, see the Configuring Advanced OSPFv2 section.

You can configure the following optional parameters for OSPFv2 in router configuration mode:

Before you begin

Ensure that you have enabled the OSPF feature, (see the Enabling OSPFv2 section).

OSPFv2 must be able to obtain a router identifier (for example, a configured loopback address) or you must configure the router ID option.

SUMMARY STEPS

distance number
log-adjacency-changes [detail]
maximum-paths path-number
distance number
log-adjacency-changes [detail]
maximum-paths path-number
passive-interface default
(Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	distance `number` Example: `switch(config-router)# distance 25`	Configures the administrative distance for this OSPFv2 instance. The range is from 1 to 255. The default is 110.
Step 2	log-adjacency-changes [detail] Example: `switch(config-router)# log-adjacency-changes`	Generates a system message whenever a neighbor changes state.
Step 3	maximum-paths `path-number` Example: `switch(config-router)# maximum-paths 4`	Configures the maximum number of equal OSPFv2 paths to a destination in the route table. This command is used for load balancing. The range is from 1 to 16. The default is 8.
Step 4	distance `number` Example: `switch(config-router)# distance 25`	Configures the administrative distance for this OSPFv2 instance. The range is from 1 to 255. The default is 110.
Step 5	log-adjacency-changes [detail] Example: `switch(config-router)# log-adjacency-changes`	Generates a system message whenever a neighbor changes state.
Step 6	maximum-paths `path-number` Example: `switch(config-router)# maximum-paths 4`	Configures the maximum number of equal OSPFv2 paths to a destination in the route table. This command is used for load balancing. The range is from 1 to 16. The default is 8.
Step 7	passive-interface default Example: `switch(config-router)# passive-interface default`	Suppresses routing updates on all interfaces. This command is overridden by the VRF or interface command mode configuration.
Step 8	(Optional) copy running-config startup-config Example: `switch(config-router)# copy running-config startup-config`	(Optional) Saves this configuration change.

Example

This example shows how to create an OSPFv2 instance:

switch# configure terminal
switch(config)# router ospf 201
switch(config-router)# copy running-config startup-config

Configuring Networks in OSPFv2

You can configure a network to OSPFv2 by associating it through the interface that the router uses to connect to that network (see the Neighbors section). You can add all networks to the default backbone area (Area 0), or you can create new areas using any decimal number or an IP address.

Note

All areas must connect to the backbone area either directly or through a virtual link.

Note

OSPF is not enabled on an interface until you configure a valid IP address for that interface.

Before you begin

Ensure that you have enabled the OSPF feature (see the Enabling OSPFv2 section).

SUMMARY STEPS

configure terminal
interface interface-type slot/port
ip address ip-prefix/length
ip router ospf instance-tag area area-id [secondaries none]
(Optional) show ip ospf instance-tag interface interface-type slot/port
copy running-config startup-config
(Optional) ip ospf cost number
(Optional) ip ospf dead-interval seconds
(Optional) ip ospf hello-interval seconds
(Optional) ip ospf mtu-ignore
(Optional) [default | no] ip ospf passive-interface
(Optional) ip ospf priority number
(Optional) ip ospf shutdown

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	interface `interface-type slot/port` Example: `switch(config)# interface ethernet 1/2 switch(config-if)#`	Enters interface configuration mode.
Step 3	ip address `ip-prefix/length` Example: `switch(config-if)# ip address 192.0.2.1/16`	Assigns an IP address and subnet mask to this interface.
Step 4	ip router ospf `instance-tag` area `area-id` [secondaries none] Example: `switch(config-if)# ip router ospf 201 area 0.0.0.15`	Adds the interface to the OSPFv2 instance and area.
Step 5	(Optional) show ip ospf `instance-tag` interface `interface-type slot/port` Example: `switch(config-if)# show ip ospf 201 interface ethernet 1/2`	(Optional) Displays OSPF information.
Step 6	copy running-config startup-config Example: `switch(config-if)# copy running-config startup-config`	Saves this configuration change.
Step 7	(Optional) ip ospf cost `number` Example: `switch(config-if)# ip ospf cost 25`	(Optional) Configures the OSPFv2 cost metric for this interface. The default is to calculate cost metric, based on reference bandwidth and interface bandwidth. The range is from 1 to 65535.
Step 8	(Optional) ip ospf dead-interval `seconds` Example: `switch(config-if)# ip ospf dead-interval 50`	(Optional) Configures the OSPFv2 dead interval, in seconds. The range is from 1 to 65535. The default is four times the hello interval, in seconds.
Step 9	(Optional) ip ospf hello-interval `seconds` Example: `switch(config-if)# ip ospf hello-interval 25`	(Optional) Configures the OSPFv2 hello interval, in seconds. The range is from 1 to 65535. The default is 10 seconds.
Step 10	(Optional) ip ospf mtu-ignore Example: `switch(config-if)# ip ospf mtu-ignore`	(Optional) Configures OSPFv2 to ignore any IP MTU mismatch with a neighbor. The default is to not establish adjacency if the neighbor MTU does not match the local interface MTU.
Step 11	(Optional) [default \| no] ip ospf passive-interface Example: `switch(config-if)# ip ospf passive-interface`	(Optional) Suppresses routing updates on the interface. This command overrides the router or VRF command mode configuration. The default option removes this interface mode command and reverts to the router or VRF configuration, if present.
Step 12	(Optional) ip ospf priority `number` Example: `switch(config-if)# ip ospf priority 25`	(Optional) Configures the OSPFv2 priority, used to determine the DR for an area. The range is from 0 to 255. The default is 1. See the Designated Routers section.
Step 13	(Optional) ip ospf shutdown Example: `switch(config-if)# ip ospf shutdown`	(Optional) Shuts down the OSPFv2 instance on this interface.

Example

This example shows how to add a network area 0.0.0.10 in OSPFv2 instance 201:

switch# configure terminal
switch(config)# interface ethernet 1/2
switch(config-if)# ip address 192.0.2.1/16
switch(config-if)# ip router ospf 201 area 0.0.0.10
switch(config-if)# copy running-config startup-config

Use the show ip ospf interface command to verify the interface configuration. Use the show ip ospf neighbor command to see the neighbors for this interface.

Configuring Authentication for an Area

You can configure authentication for all networks in an area or for individual interfaces in the area. Interface authentication configuration overrides area authentication.

Before you begin

Ensure that you have enabled the OSPF feature , see the Enabling OSPFv2 section.

Ensure that all neighbors on an interface share the same authentication configuration, including the shared authentication key.

Create the key chain for this authentication configuration. See the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.

Note

For OSPFv2, the key identifier in the key key-id command supports values from 0 to 255 only.

SUMMARY STEPS

configure terminal
router ospf instance-tag
area area-id authentication [message-digest]
interface interface-type slot/port
(Optional) ip ospf authentication-key [0 | 3] key
(Optional) ip ospf message-digest-key key-id md5 [0 | 3] key
(Optional) show ip ospf instance-tag interface interface-type slot/port
(Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	router ospf `instance-tag` Example: `switch(config)# router ospf 201 switch(config-router)#`	Creates a new OSPFv2 instance with the configured instance tag.
Step 3	area `area-id` authentication [message-digest] Example: `switch(config-router)# area 0.0.0.10 authentication`	Configures the authentication mode for an area.
Step 4	interface `interface-type slot/port` Example: `switch(config-router)# interface ethernet 1/2 switch(config-if)#`	Enters interface configuration mode.
Step 5	(Optional) ip ospf authentication-key [0 `\|` 3] `key` Example: `switch(config-if)# ip ospf authentication-key 0 mypass`	(Optional) Configures simple password authentication for this interface. Use this command if the authentication is not set to key-chain or message-digest. 0 configures the password in clear text. 3 configures the password as 3DES encrypted.
Step 6	(Optional) ip ospf message-digest-key `key-id` md5 [0 `\|` 3] `key` Example: `switch(config-if)# ip ospf message-digest-key 21 md5 0 mypass`	(Optional) Configures message digest authentication for this interface. Use this command if the authentication is set to message-digest. The key-id range is from 1 to 255. The MD5 option 0 configures the password in clear text and 3 configures the pass key as 3DES encrypted.
Step 7	(Optional) show ip ospf `instance-tag` interface `interface-type slot/port` Example: `switch(config-if)# show ip ospf 201 interface ethernet 1/2`	(Optional) Displays OSPF information.
Step 8	(Optional) copy running-config startup-config Example: `switch(config)# copy running-config startup-config`	(Optional) Copies the running configuration to the startup configuration.

Configuring Authentication for an Interface

You can configure authentication for all networks in an area or for individual interfaces in the area. Interface authentication configuration overrides area authentication.

Before you begin

Ensure that you have enabled the OSPF feature (see the Enabling OSPFv2 section).

Ensure that all neighbors on an interface share the same authentication configuration, including the shared authentication key.

Create the key chain for this authentication configuration. See the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.

Note

For OSPFv2, the key identifier in the key key-id command supports values from 0 to 255 only.

In Keychain, only key 0-255 will be supported by OSPFv2.

SUMMARY STEPS

configure terminal
interface interface-type slot/port
ip ospf authentication [message-digest]
(Optional) ip ospf authentication key-chain key-id
(Optional) ip ospf authentication-key [0 | 3 | 7] key
(Optional) ip ospf message-digest-key key-id md5 [0 | 3 | 7] key
(Optional) show ip ospf instance-tag interface interface-type slot/port
(Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	interface `interface-type slot/port` Example: `switch(config)# interface ethernet 1/2 switch(config-if)#`	Enters interface configuration mode.
Step 3	ip ospf authentication [message-digest] Example: `switch(config-if)# ip ospf authentication`	Enables interface authentication mode for OSPFv2 for either cleartext or message-digest type. Overrides area-based authentication for this interface. All neighbors must share this authentication type.
Step 4	(Optional) ip ospf authentication key-chain `key-id` Example: `switch(config-if)# ip ospf authentication key-chain Test1`	(Optional) Configures interface authentication to use key chains for OSPFv2. See the Cisco NX-OS Series NX-OS Security Configuration Guide, for details on key chains.
Step 5	(Optional) ip ospf authentication-key [0 `\|` 3 `\|` 7] `key` Example: `switch(config-if)# ip ospf authentication-key 0 mypass`	(Optional) Configures simple password authentication for this interface. Use this command if the authentication is not set to key-chain or message-digest. The options are as follows: 0—Configures the password in clear text. 3—Configures the pass key as 3DES encrypted. 7—Configures the key as Cisco type 7 encrypted.
Step 6	(Optional) ip ospf message-digest-key `key-id` md5 [0 `\|` 3 `\|` 7] `key` Example: `switch(config-if)# ip ospf message-digest-key 21 md5 0 mypass`	(Optional) Configures message digest authentication for this interface. Use this command if the authentication is set to message-digest. The key-id range is from 1 to 255. The MD5 options are as follows: 0—Configures the password in clear text. 3—Configures the pass key as 3DES encrypted. 7—Configures the key as Cisco type 7 encrypted.
Step 7	(Optional) show ip ospf `instance-tag` interface `interface-type slot/port` Example: `switch(config-if)# show ip ospf 201 interface ethernet 1/2`	(Optional) Displays OSPF information.
Step 8	(Optional) copy running-config startup-config Example: `switch(config)# copy running-config startup-config`	(Optional) Copies the running configuration to the startup configuration.

Example

This example shows how to set an interface for simple, unencrypted passwords and set the password for Ethernet interface 1/2:

switch# configure terminal
switch(config)# router ospf 201
switch(config-router)# exit
switch(config)# interface ethernet 1/2
switch(config-if)# ip router ospf 201 area 0.0.0.10
switch(config-if)# ip ospf authentication 
switch(config-if)# ip ospf authentication-key 0 mypass
switch(config-if)# copy running-config startup-config

This example shows how to configure OSPFv2 HMAC-SHA-1 and MD5 cryptographic authentication:


switch# configure terminal
switch(config)# key chain chain1
switch(config-keychain)# key 1
switch(config-keychain-key)# key-string 7 070724404206
switch(config-keychain-key)# accept-lifetime 01:01:01 Jan 01 2015 infinite
switch(config-keychain-key)# send-lifetime 01:01:01 Jan 01 2015 infinite
switch(config-keychain-key)# cryptographic-algorithm HMAC-SHA-1
switch(config-keychain-key)# exit
switch(config-keychain)# key 2
switch(config-keychain-key)# key-string 7 070e234f1f5b4a
switch(config-keychain-key)# accept-lifetime 10:51:01 Jul 24 2015 infinite
switch(config-keychain-key)# send-lifetime 10:51:01 Jul 24 2015 infinite
switch(config-keychain-key)# cryptographic-algorithm MD5
switch(config-keychain-key)# exit
switch(config-keychain)# exit

switch(config)# interface ethernet 1/1
switch(config-if)# ip router ospf 1 area 0.0.0.0
switch(config-if)# ip ospf authentication message-digest
switch(config-if)# ip ospf authentication key-chain chain1

switch(config-if)# show key chain chain1
Key-Chain chain1
Key 1 -- text 7 “070724404206”
cryptographic-algorithm HMAC-SHA-1
accept lifetime UTC (01:01:01 Jan 01 2015)-(always valid) [active]
send lifetime UTC (01:01:01 Jan 01 2015)-(always valid) [active]
Key 2 -- text 7 “070e234f1f5b4a”
cryptographic-algorithm MD
accept lifetime UTC (10:51:00 Jul 24 2015)-(always valid) [active]
send lifetime UTC (10:51:00 Jul 24 2015)-(always valid) [active]

switch(config-if)# show ip ospf interface ethernet 1/1
Ethernet1/1 is up, line protocol is up
IP address 11.11.11.1/24
Process ID 1 VRF default, area 0.0.0.3
Enabled by interface configuration
State BDR, Network type BROADCAST, cost 40
Index 6, Transmit delay 1 sec, Router Priority 1
Designated Router ID: 33.33.33.33, address: 11.11.11.3
Backup Designated Router ID: 1.1.1.1, address: 11.11.11.1
2 Neighbors, flooding to 2, adjacent with 2
Timer intervals: Hello 10, Dead 40, Wait 40, Retransmit 5
Hello timer due in 00:00:08
Message-digest authentication, using keychain key1 (ready)
Sending SA: Key id 2, Algorithm MD5
Number of opaque link LSAs: 0, checksum sum 0

Configuring Advanced OSPFv2

Configure OSPFv2 after you have designed your OSPFv2 network.

Configuring Filter Lists for Border Routers

You can separate your OSPFv2 domain into a series of areas that contain related networks. All areas must connect to the backbone area through an area border router (ABR). OSPFv2 domains can connect to external domains as well, through an autonomous system border router (ASBR). See the Areas section.

ABRs have the following optional configuration parameters:

Area range—Configures route summarization between areas. See the Configuring Route Summarization section.
Filter list—Filters the Network Summary (type 3) LSAs that are allowed in from an external area.

ASBRs also support filter lists.

Before you begin

Ensure that you have enabled the OSPF feature. See the Enabling OSPFv2 section).

Create the route map that the filter list uses to filter IP prefixes in incoming or outgoing Network Summary (type 3) LSAs. See Configuring Route Policy Manager. See theAreas section.

SUMMARY STEPS

configure terminal
router ospf instance-tag
area area-id filter-list route-map map-name {in | out}
(Optional) show ip ospf policy statistics area id filter-list {in | out}
(Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	router ospf `instance-tag` Example: `switch(config)# router ospf 201 switch(config-router)#`	Creates a new OSPFv2 instance with the configured instance tag.
Step 3	area `area-id` filter-list route-map `map-name` {in \| out} Example: `switch(config-router)# area 0.0.0.10 filter-list route-map FilterLSAs in`	Filters incoming or outgoing Network Summary (type 3) LSAs on an ABR.
Step 4	(Optional) show ip ospf policy statistics area `id` filter-list {in \| out} Example: `switch(config-router)# show ip ospf policy statistics area 0.0.0.10 filter-list in`	(Optional) Displays OSPF policy information.
Step 5	(Optional) copy running-config startup-config Example: `switch(config)# copy running-config startup-config`	(Optional) Copies the running configuration to the startup configuration.

Example

This example shows how to configure a filter list in area 0.0.0.10:

switch# configure terminal
switch(config)# router ospf 201
switch(config-router)# area 0.0.0.10 filter-list route-map FilterLSAs in
switch(config-router)# copy running-config startup-config

Configuring Stub Areas

You can configure a stub area for part of an OSPFv2 domain where external traffic is not necessary. Stub areas block AS External (type 5) LSAs and limit unnecessary routing to and from selected networks. See the Stub Area section. You can optionally block all summary routes from going into the stub area.

Before you begin

Ensure that you have enabled the OSPF feature. (see the Enabling OSPFv2 section).

Ensure that there are no virtual links or ASBRs in the proposed stub area.

SUMMARY STEPS

configure terminal
router ospf instance-tag
area area-id stub
(Optional) area area-id default-cost cost
(Optional) show ip ospf instance-tag
(Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	router ospf `instance-tag` Example: `switch(config)# router ospf 201 switch(config-router)#`	Creates a new OSPFv2 instance with the configured instance tag.
Step 3	area `area-id` stub Example: `switch(config-router)# area 0.0.0.10 stub`	Creates this area as a stub area.
Step 4	(Optional) area `area-id` default-cost `cost` Example: `switch(config-router)# area 0.0.0.10 default-cost 25`	(Optional) Sets the cost metric for the default summary route sent into this stub area. The range is from 0 to 16777215. The default is 1.
Step 5	(Optional) show ip ospf `instance-tag` Example: `switch(config-router)# show ip ospf 201`	(Optional) Displays OSPF information.
Step 6	(Optional) copy running-config startup-config Example: `switch(config)# copy running-config startup-config`	(Optional) Copies the running configuration to the startup configuration.

Example

This example shows how to create a stub area:

switch# configure terminal
switch(config)# router ospf 201
switch(config-router)# area 0.0.0.10 stub 
switch(config-router)# copy running-config startup-config

Configuring a Totally Stubby Area

You can create a totally stubby area and prevent all summary route updates from going into the stub area.

To create a totally stubby area, use the following command in router configuration mode:

SUMMARY STEPS

area area-id stub no-summary

DETAILED STEPS

Command or Action Purpose

Command or Action	Purpose
area `area-id` stub no-summary Example: `switch(config-router)# area 20 stub no-summary`	Creates this area as a totally stubby area.

area area-id stub no-summary

Example:

switch(config-router)# area 20 stub
no-summary

Creates this area as a totally stubby area.

Configuring NSSA

You can configure an NSSA for part of an OSPFv2 domain where limited external traffic is required. You can optionally translate this external traffic to an AS External (type 5) LSA and flood the OSPFv2 domain with this routing information. An NSSA can be configured with the following optional parameters:

No redistribution—Redistributed routes bypass the NSSA and are redistributed to other areas in the OSPFv2 autonomous system. Use this option when the NSSA ASBR is also an ABR.
Default information originate—Generates an NSSA External (type 7) LSA for a default route to the external autonomous system. Use this option on an NSSA ASBR if the ASBR contains the default route in the routing table. This option can be used on an NSSA ABR whether or not the ABR contains the default route in the routing table.
Route map—Filters the external routes so that only those routes that you want are flooded throughout the NSSA and other areas.
No summary—Blocks all summary routes from flooding the NSSA. Use this option on the NSSA ABR.

Translate—Translates NSSA External LSAs to AS External LSAs for areas outside the NSSA. Use this command on an NSSA ABR to flood the redistributed routes throughout the OSPFv2 autonomous system. You can optionally suppress the forwarding address in these AS External LSAs. If you choose this option, the forwarding address is set to 0.0.0.0.

Note

The translate option requires a separate area area-id nssa command, preceded by the area area-id nssa command that creates the NSSA and configures the other options.

Note

You can use command area 0.0.0.2 NSSA translate type7 to enable translate. Ensure that you configure command area 0.0.0.2 NSSA to designate Area 2 as NSSA.

Before you begin

Ensure that you have enabled the OSPF feature (see the Enabling OSPFv2 section).

Ensure that there are no virtual links in the proposed NSSA and that it is not the backbone area.

SUMMARY STEPS

configure terminal
router ospf instance-tag
area area-id nssa [no-redistribution] [default-information-originate]originate [route-map map-name]] [no-summary]
(Optional) area area-id nssa translate type7 {always | never} [suppress-fa]
(Optional) area area-id default-cost cost
(Optional) show ip ospf instance-tag
(Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	router ospf `instance-tag` Example: `switch(config)# router ospf 201 switch(config-router)#`	Creates a new OSPFv2 instance with the configured instance tag.
Step 3	area `area-id` nssa [no-redistribution] [default-information-originate]originate [route-map `map-name`]] [no-summary] Example: `switch(config-router)# area 0.0.0.10 nssa no-redistribution`	Creates this area as an NSSA.
Step 4	(Optional) area `area-id` nssa translate type7 {always \| never} [suppress-fa] Example: `switch(config-router)# area 0.0.0.10 nssa translate type7 always`	(Optional) Configures the NSSA to translate AS External (type 7) LSAs to NSSA External (type 5) LSAs.
Step 5	(Optional) area `area-id` default-cost `cost` Example: `switch(config-router)# area 0.0.0.10 default-cost 25`	(Optional) Sets the cost metric for the default summary route sent into this NSSA.
Step 6	(Optional) show ip ospf `instance-tag` Example: `switch(config-router)# show ip ospf 201`	(Optional) Displays OSPF information.
Step 7	(Optional) copy running-config startup-config Example: `switch(config)# copy running-config startup-config`	(Optional) Copies the running configuration to the startup configuration.

Example

This example shows how to create an NSSA that blocks all summary route updates:

switch# configure terminal
switch(config)# router ospf 201
switch(config-router)# area 0.0.0.10 nssa no-summary
switch(config-router)# copy running-config startup-config

This example shows how to create an NSSA that generates a default route:

switch# configure terminal
switch(config)# router ospf 201
switch(config-router)# area 0.0.0.10 nssa default-info-originate
switch(config-router)# copy running-config startup-config

This example shows how to create an NSSA that filters external routes and blocks all summary route updates:

switch# configure terminal
switch(config)# router ospf 201
switch(config-router)# area 0.0.0.10 nssa route-map ExternalFilter no-summary
switch(config-router)# copy running-config startup-config

This example shows how to create an NSSA and then configure the NSSA to always translate AS External (type 7) LSAs to NSSA External (type 5) LSAs:

switch# configure terminal
switch(config)# router ospf 201
switch(config-router)# area 0.0.0.10 nssa
switch(config-router)# area 0.0.0.10 nssa translate type 7 always
switch(config-router)# copy running-config startup-config

Configuring Multi-Area Adjacency

You can add more than one area to an existing OSPFv2 interface. The additional logical interfaces support multi-area adjacency.

Before you begin

You must enable OSPFv2 (see the Enabling OSPFv2 section).

Ensure that you have configured a primary area for the interface (see the Configuring Networks in OSPFv2 section).

SUMMARY STEPS

configure terminal
interface interface-type slot/port
ip router ospf [instance-tag] multi-area area-id
(Optional) show ip ospf instance-tag interface interface-type slot/port
(Optional) copy running-config startup-config

DETAILED STEPS

Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

interface interface-type slot/port

Example:

switch(config)# interface ethernet 1/2
switch(config-if)#

Enters interface configuration mode.

Step 3

ip router ospf [instance-tag] multi-area area-id

Example:

switch(config-if)# ip router ospf 201 multi-area 3

Adds the interface to another area.

Note

Beginning with Cisco NX-OS Release 7.0(3)I5(1), the instance-tag argument is optional. If you do not specify an instance, the multi-area configuration is applied to the same instance that is configured for the primary area on that interface.

Step 4

(Optional) show ip ospf instance-tag interface interface-type slot/port

Example:

switch(config-if)# show ip ospf 201 interface ethernet 1/2

(Optional)

Displays OSPFv2 information.

Step 5

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config

(Optional)

Saves this configuration change.

Example

This example shows how to add a second area to an OSPFv2 interface:

switch# configure terminal
switch(config)# interface ethernet 1/2
switch(config-if)# ip address 192.0.2.1/16
switch(config-if)# ip router ospf 201 area 0.0.0.10
switch(config-if)# ip router ospf 201 multi-area 20
switch(config-if)# copy running-config startup-config

Configuring Virtual Links

A virtual link connects an isolated area to the backbone area through an intermediate area. See the Virtual Links section.You can configure the following optional parameters for a virtual link:

Authentication—Sets a simple password or MD5 message digest authentication and associated keys.
Dead interval—Sets the time that a neighbor waits for a Hello packet before declaring the local router as dead and tearing down adjacencies.
Hello interval—Sets the time between successive Hello packets.
Retransmit interval—Sets the estimated time between successive LSAs.
Transmit delay—Sets the estimated time to transmit an LSA to a neighbor.

Note

You must configure the virtual link on both routers involved before the link becomes active.

You cannot add a virtual link to a stub area.

Before you begin

Ensure that you have enabled the OSPF feature (see the Enabling OSPFv2 section).

SUMMARY STEPS

configure terminal
router ospf instance-tag
area area-id virtual link router-id
(Optional) show ip ospf virtual-link [brief]
(Optional) copy running-config startup-config
(Optional) authentication [key-chain key-id message-digest | null]
(Optional) authentication-key [0 | 3] key
(Optional) dead-interval seconds
(Optional) hello-interval seconds
(Optional) message-digest-key key-id md5 [0 | 3] key
(Optional) retransmit-interval seconds
(Optional) transmit-delay seconds

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	router ospf `instance-tag` Example: `switch(config)# router ospf 201 switch(config-router)#`	Creates a new OSPFv2 instance with the configured instance tag.
Step 3	area `area-id` virtual link `router-id` Example: `switch(config-router)# area 0.0.0.10 virtual-link 10.1.2.3 switch(config-router-vlink)#`	Creates one end of a virtual link to a remote router. You must create the virtual link on that remote router to complete the link.
Step 4	(Optional) show ip ospf virtual-link [brief] Example: `switch(config-router-vlink)# show ip ospf virtual-link`	(Optional) Displays OSPF virtual link information.
Step 5	(Optional) copy running-config startup-config Example: `switch(config)# copy running-config startup-config`	(Optional) Copies the running configuration to the startup configuration.
Step 6	(Optional) authentication [key-chain `key-id` message-digest `\|` null] Example: `switch(config-router-vlink)# authentication message-digest`	(Optional) Overrides area-based authentication for this virtual link.
Step 7	(Optional) authentication-key [0 `\|` 3] `key` Example: `switch(config-router-vlink)# authentication-key 0 mypass`	(Optional) Configures a simple password for this virtual link. Use this command if the authentication is not set to key-chain or message-digest. 0 configures the password in clear text. 3 configures the password as 3DES encrypted.
Step 8	(Optional) dead-interval `seconds` Example: `switch(config-router-vlink)# dead-interval 50`	(Optional) Configures the OSPFv2 dead interval, in seconds. The range is from 1 to 65535. The default is four times the hello interval, in seconds.
Step 9	(Optional) hello-interval `seconds` Example: `switch(config-router-vlink)# hello-interval 25`	(Optional) Configures the OSPFv2 hello interval, in seconds. The range is from 1 to 65535. The default is 10 seconds.
Step 10	(Optional) message-digest-key `key-id` md5 [0 `\|` 3] `key` Example: `switch(config-router-vlink)# message-digest-key 21 md5 0 mypass`	(Optional) Configures message digest authentication for this virtual link. Use this command if the authentication is set to message-digest. 0 configures the password in clear text. 3 configures the pass key as 3DES encrypted.
Step 11	(Optional) retransmit-interval `seconds` Example: `switch(config-router-vlink)# retransmit-interval 50`	(Optional) Configures the OSPFv2 retransmit interval, in seconds. The range is from 1 to 65535. The default is 5.
Step 12	(Optional) transmit-delay `seconds` Example: `switch(config-router-vlink)# transmit-delay 2`	(Optional) Configures the OSPFv2 transmit-delay, in seconds. The range is from 1 to 450. The default is 1.

Example

Note

For OSPFv2, the key identifier in the key key-id command supports values from 0 to 255 only.

In Keychain only key 0-255 will be supported by OSPFv2.

This example shows how to create a simple virtual link between two ABRs.

The configuration for ABR 1 (router ID 27.0.0.55) is as follows:

switch# configure terminal
switch(config)# router ospf 201
switch(config-router)# area 0.0.0.10 virtual-link 10.1.2.3
switch(config-router)# copy running-config startup-config

The configuration for ABR 2 (Router ID 10.1.2.3) is as follows:

switch# configure terminal
switch(config)# router ospf 101
switch(config-router)# area 0.0.0.10 virtual-link 27.0.0.55
switch(config-router)# copy running-config startup-config

Configuring Redistribution

You can redistribute routes that are learned from other routing protocols into an OSPFv2 autonomous system through the ASBR.

For redistributing the default route, you must specify the following parameter:

default-information originate - Creates a default route into this OSPF domain if the default route exists in the RIB.

Note

Beginning with Cisco NX-OS Release 7.0(3)I7(6), if you redistribute default routes into OSPF, Cisco NX-OS requires the default-information originate command to successfully advertise the default route.

For non-default routes, you can configure the following optional parameters for route redistribution in OSPF:

default-metric - Sets all redistributed routes to the same cost metric.

Before you begin

Enable the OSPF feature. SeeEnabling OSPFv2.

Create the necessary route maps used for redistribution.

SUMMARY STEPS

configure terminal
router ospf instance-tag
redistribute {bgp id | direct | eigrp id | isis id | ospf id | rip id | static} route-map map-name
default-information originate [always] [route-map map-name]
default-metric [cost]
(Optional) copy running-config startup-config

DETAILED STEPS

Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

router ospf instance-tag

Example:

switch(config)# router ospf 201
switch(config-router)#

Creates a new OSPFv2 instance with the configured instance tag.

Step 3

redistribute {bgp id | direct | eigrp id | isis id | ospf id | rip id | static} route-map map-name

Example:

switch(config-router)# redistribute bgp
route-map FilterExternalBGP

Redistributes the selected protocol into OSPF through the configured route map.

Note

Step 4

default-information originate [always] [route-map map-name]

Example:

switch(config-router)# 
default-information-originate route-map
DefaultRouteFilter

Creates a default route into this OSPF domain if the default route exists in the RIB. Use the following optional keywords:

always —Always generate the default route of 0.0.0. even if the route does not exist in the RIB.
route-map —Generate the default route if the route map returns true.

Note

This command ignores match statements in the route map.

Step 5

default-metric [cost]

Example:

switch(config-router)# default-metric 25

Sets the cost metric for the redistributed routes. This command does not apply to directly connected routes. Use a route map to set the default metric for directly connected routes.

Step 6

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config

(Optional)

Copies the running configuration to the startup configuration.

Example

This example shows how to redistribute the Border Gateway Protocol (BGP) into OSPF:

switch# configure terminal
switch(config)# router ospf 201
switch(config-router)# redistribute bgp route-map FilterExternalBGP
switch(config-router)# copy running-config startup-config

Limiting the Number of Redistributed Routes

Route redistribution can add many routes to the OSPFv2 route table. You can configure a maximum limit to the number of routes accepted from external protocols. OSPFv2 provides the following options to configure redistributed route limits:

Fixed limit—Logs a message when OSPFv2 reaches the configured maximum. OSPFv2 does not accept any more redistributed routes. You can optionally configure a threshold percentage of the maximum where OSPFv2 logs a warning when that threshold is passed.
Warning only—Logs a warning only when OSPFv2 reaches the maximum. OSPFv2 continues to accept redistributed routes.
Withdraw—Starts the timeout period when OSPFv2 reaches the maximum. After the timeout period, OSPFv2 requests all redistributed routes if the current number of redistributed routes is less than the maximum limit. If the current number of redistributed routes is at the maximum limit, OSPFv2 withdraws all redistributed routes. You must clear this condition before OSPFv2 accepts more redistributed routes.
You can optionally configure the timeout period.

Before you begin

Ensure that you have enabled the OSPF feature (see the Enabling OSPFv2 section).

SUMMARY STEPS

configure terminal
router ospf instance-tag
redistribute {bgp id | direct | eigrp id | isis id | ospf id | rip id | static} route-map map-name
redistribute maximum-prefix max [threshold] [warning-only | withdraw [num-retries timeout]]
(Optional) show running-config ospf
(Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	router ospf `instance-tag` Example: `switch(config)# router ospf 201 switch(config-router)#`	Creates a new OSPFv2 instance with the configured instance tag.
Step 3	redistribute {bgp `id` `\|` direct `\|` eigrp `id` `\|` isis `id` `\|` ospf `id` `\|` rip `id` `\|` static} route-map `map-name` Example: `switch(config-router)# redistribute bgp route-map FilterExternalBGP`	Redistributes the selected protocol into OSPF through the configured route map.
Step 4	redistribute maximum-prefix `max` [`threshold`] [warning-only \| withdraw [`num-retries timeout`]] Example: `switch(config-router)# redistribute maximum-prefix 1000 75 warning-only`	Specifies a maximum number of prefixes that OSPFv2 distributes. The range is from 0 to 65536. Optionally specifies the following: `threshold` —Percentage of maximum prefixes that trigger a warning message. warning-only —Logs a warning message when the maximum number of prefixes is exceeded. withdraw —Withdraws all redistributed routes. Optionally tries to retrieve the redistributed routes. The `num-retries` range is from 1 to 12. The `timeout` range is 60 to 600 seconds. The default is 300 seconds. Use the clear ip ospf redistribution command if all routes are withdrawn.
Step 5	(Optional) show running-config ospf Example: `switch(config-router)# show running-config ospf`	(Optional) Displays the OSPFv2 configuration.
Step 6	(Optional) copy running-config startup-config Example: `switch(config)# copy running-config startup-config`	(Optional) Copies the running configuration to the startup configuration.

Example

This example shows how to limit the number of redistributed routes into OSPF:

switch# configure terminal
switch(config)# router ospf 201
switch(config-router)# redistribute bgp route-map FilterExternalBGP
switch(config-router)# redistribute maximum-prefix 1000 75

Configuring Route Summarization

You can configure route summarization for inter-area routes by configuring an address range that is summarized. You can also configure route summarization for external, redistributed routes by configuring a summary address for those routes on an ASBR. For more information, see the Route Summarization section.

Before you begin

Ensure that you have enabled the OSPF feature (see the Enabling OSPFv2 section).

SUMMARY STEPS

configure terminal
router ospf instance-tag
area area-id range ip-prefix/length [no-advertise] [cost cost]
summary-address ip-prefix/length [no-advertise | tag tag]
(Optional) show ip ospf summary-address
(Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	router ospf `instance-tag` Example: `switch(config)# router ospf 201 switch(config-router)#`	Creates a new OSPFv2 instance with the configured instance tag.
Step 3	area `area-id` range `ip-prefix/length` [no-advertise] [cost `cost`] Example: `switch(config-router)# area 0.0.0.10 range 10.3.0.0/16`	Creates a summary address on an ABR for a range of addresses and optionally does not advertise this summary address in a Network Summary (type 3) LSA. The `cost` range is from 0 to 16777215.
Step 4	summary-address `ip-prefix/length` [no-advertise \| tag `tag`] Example: `switch(config-router)# summary-address 10.5.0.0/16 tag 2`	Creates a summary address on an ASBR for a range of addresses and optionally assigns a tag for this summary address that can be used for redistribution with route maps.
Step 5	(Optional) show ip ospf summary-address Example: `switch(config-router)# show ip ospf summary-address`	(Optional) Displays information about OSPF summary addresses.
Step 6	(Optional) copy running-config startup-config Example: `switch(config)# copy running-config startup-config`	(Optional) Copies the running configuration to the startup configuration.

Example

This example shows how to create summary addresses between areas on an ABR:

switch# configure terminal
switch(config)# router ospf 201
switch(config-router)#  area 0.0.0.10 range 10.3.0.0/16
switch(config-router)# copy running-config startup-config

This example shows how to create summary addresses on an ASBR:

switch# configure terminal
switch(config)# router ospf 201
switch(config-router)# summary-address 10.5.0.0/16
switch(config-router)# copy running-config startup-config

Configuring Stub Route Advertisements

Use stub route advertisements when you want to limit the OSPFv2 traffic through this router for a short time. For more information, see the OSPFv2 Stub Router Advertisements section.

Stub route advertisements can be configured with the following optional parameters:

On startup—Sends stub route advertisements for the specified announce time.
Wait for BGP—Sends stub router advertisements until BGP converges.

Note

You should not save the running configuration of a router when it is configured for a graceful shutdown because the router continues to advertise a maximum metric after it is reloaded.

Before you begin

Ensure that you have enabled the OSPF feature (see the Enabling OSPFv2 section).

SUMMARY STEPS

configure terminal
router ospf instance-tag
max-metric router-lsa [external-lsa [max-metric-value]] [include-stub] [on-startup {seconds | wait-for bgp tag}] [summary-lsa [max-metric-value}]
(Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	router ospf `instance-tag` Example: `switch(config)# router ospf 201 switch(config-router)#`	Creates a new OSPFv2 instance with the configured instance tag.
Step 3	max-metric router-lsa [external-lsa [`max-metric-value`]] [include-stub] [on-startup {`seconds` \| wait-for bgp `tag`}] [summary-lsa [`max-metric-value`}] Example: `switch(config-router)# max-metric router-lsa`	Configures OSPFv2 stub route advertisements.
Step 4	(Optional) copy running-config startup-config Example: `switch(config)# copy running-config startup-config`	(Optional) Copies the running configuration to the startup configuration.

Example

This example shows how to enable the stub router advertisements on startup for the default 600 seconds:

switch# configure terminal
switch(config)# router ospf 201
switch(config-router)# max-metric router-lsa on-startup 
switch(config-router)# copy running-config startup-config

Configuring the Administrative Distance of Routes

You can set the administrative distance of routes added by OSPFv2 into the RIB.

The administrative distance is a rating of the trustworthiness of a routing information source. A higher value indicates a lower trust rating. Typically, a route can be learned through more than one routing protocol. The administrative distance is used to discriminate between routes learned from more than one routing protocol. The route with the lowest administrative distance is installed in the IP routing table.

OSPF supports a table map to filter and change the distances of IPv4 and IPv6 prefixes.

Before you begin

Ensure that you have enabled OSPF (see the Enabling OSPFv2 section).

See the guidelines and limitations for this feature in the Guidelines and Limitations for OSPFv2 section.

SUMMARY STEPS

configure terminal
router ospf instance-tag
[no] table-map map-name
exit
route-map map-name [permit | deny ] [seq ]
match route-type route-type
match ip route-source prefix-list name
match ip address prefix-list name
set distance value
(Optional) copy running-config startup-config

DETAILED STEPS

Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

router ospf instance-tag

Example:

switch(config)# router ospf 201
switch(config-router)#

Creates a new OSPFv2 instance with the configured instance tag.

Step 3

[no] table-map map-name

Example:

switch(config-router)# table-map foo

Configures the policy for filtering or modifying OSPFv2 routes before sending them to the RIB. You can enter up to 63 alphanumeric characters for the map name.

Step 4

exit

Example:

switch(config-router)# exit
switch(config)#

Exits router configuration mode.

Step 5

route-map map-name [permit | deny ] [seq ]

Example:

switch(config)# route-map foo permit 10
switch(config-route-map)#

Creates a route map or enters route-map configuration mode for an existing route map. Use seq to order the entries in a route map.

Note

The permit option enables you to set the distance. If you use the deny option, the default distance is applied.

Step 6

match route-type route-type

Example:

switch(config-route-map)# match
route-type external

Matches against one of the following route types:

external—The external route (BGP, EIGRP, and OSPF type 1 or 2)
inter-area—OSPF inter-area route
internal—The internal route (including the OSPF intra- or inter-area)
intra-area—OSPF intra-area route
nssa-external—The NSSA external route (OSPF type 1 or 2)
type-1—The OSPF external type 1 route
type-2—The OSPF external type 2 route

Step 7

match ip route-source prefix-list name

Example:

switch(config-route-map)# match
ip route-source prefix-list p1

Matches the IPv4 route source address or router ID of a route to one or more IP prefix lists. Use the ip prefix-list command to create the prefix list.

Step 8

match ip address prefix-list name

Example:

switch(config-route-map)# match
ip address prefix-list p1

Matches against one or more IPv4 prefix lists. Use the ip prefix-list command to create the prefix list.

Step 9

set distance value

Example:

switch(config-route-map)# set distance
150

Sets the administrative distance of routes for OSPFv2. The range is from 1 to 255.

Step 10

(Optional) copy running-config startup-config

Example:

switch(config-route-map)# copy running-config
startup-config

(Optional)

Saves this configuration change.

Example

This example shows how to configure the OSPFv2 administrative distance for inter-area routes to 150, for external routes to 200, and for all prefixes in prefix list p1 to 190:

switch# configure terminal
switch(config)# router ospf 201
switch(config-router)# table-map foo
switch(config-router)# exit
switch(config)# route-map foo permit 10
switch(config-route-map)# match route-type inter-area
switch(config-route-map)# set distance 150
switch(config-route-map)# exit
switch(config)# route-map foo permit 20
switch(config-route-map)# match route-type external
switch(config-route-map)# set distance 200
switch(config-route-map)# exit
switch(config)# route-map foo permit 30
switch(config-route-map)# match ip route-source prefix-list p1
switch(config-route-map)# match ip address prefix-list p1
switch(config-route-map)# set distance 190

Modifying the Default Timers

OSPFv2 includes a number of timers that control the behavior of protocol messages and shortest path first (SPF) calculations. OSPFv2 includes the following optional timer parameters:

LSA arrival time—Sets the minimum interval allowed between LSAs that arrive from a neighbor. LSAs that arrive faster than this time are dropped.
Pacing LSAs—Sets the interval at which LSAs are collected into a group and refreshed, checksummed, or aged. This timer controls how frequently LSA updates occur and optimizes how many are sent in an LSA update message (see the Flooding and LSA Group Pacing section).
Throttle LSAs—Sets the rate limits for generating LSAs. This timer controls how frequently LSAs are generated after a topology change occurs.
Throttle SPF calculation—Controls how frequently the SPF calculation is run.

At the interface level, you can also control the following timers:

Retransmit interval—Sets the estimated time between successive LSAs
Transmit delay—Sets the estimated time to transmit an LSA to a neighbor.

See the Configuring Networks in OSPFv2 section for information about the hello interval and dead timer.

Before you begin

Ensure that you have enabled the OSPF feature (see the Enabling OSPFv2 section).

SUMMARY STEPS

configure terminal
router ospf instance-tag
timers lsa-arrival msec
timers lsa-group-pacing seconds
timers throttle lsa start-time hold-interval max-time
timers throttle spf delay-time hold-time max-wait
interface type slot/port
ip ospf hello-interval seconds
ip ospf dead-interval seconds
ip ospf retransmit-interval seconds
ip ospf transmit-delay seconds
(Optional) show ip ospf
(Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	router ospf `instance-tag` Example: `switch(config)# router ospf 201 switch(config-router)#`	Creates a new OSPFv2 instance with the configured instance tag.
Step 3	timers lsa-arrival `msec` Example: `switch(config-router)# timers lsa-arrival 2000`	Sets the LSA arrival time in milliseconds. The range is from 10 to 600000. The default is 1000 milliseconds.
Step 4	timers lsa-group-pacing `seconds` Example: `switch(config-router)# timers lsa-group-pacing 1800`	Sets the interval in seconds for grouping LSAs. The range is from 1 to 1800. The default is 240 seconds.
Step 5	timers throttle lsa `start-time hold-interval max-time` Example: `switch(config-router)# timers throttle lsa 3000 6000 6000`	Sets the rate limit in milliseconds for generating LSAs with the following timers: `start-time` —The range is from 0 to 5000 milliseconds. The default value is 0 milliseconds. `hold-interval` —The range is from 50 to 30,000 milliseconds. The default value is 5000 milliseconds. `max-time` —The range is from 50 to 30,000 milliseconds. The default value is 5000 milliseconds.
Step 6	timers throttle spf `delay-time hold-time max-wait` Example: `switch(config-router)# timers throttle spf 3000 2000 4000`	Sets the SPF best path schedule in seconds between SPF best path calculations with the following timers: `delay-time` —The range is from 1 to 600,000 milliseconds. The default value is 200 milliseconds. `hold-time` —The range is from 1 to 600,000 milliseconds. The default value is 1000 milliseconds. `max-wait` —The range is from 1 to 600,000 milliseconds. The default value is 5000 milliseconds.
Step 7	interface `type slot/port` Example: `switch(config)# interface ethernet 1/2 switch(config-if)`	Enters interface configuration mode.
Step 8	ip ospf hello-interval `seconds` Example: `switch(config-if)# ip ospf hello-interval 30`	Sets the hello interval for this interface. The range is from 1 to 65535. The default is 10.
Step 9	ip ospf dead-interval `seconds` Example: `switch(config-if)# ip ospf dead-interval 30`	Sets the dead interval for this interface. The range is from 1 to 65535.
Step 10	ip ospf retransmit-interval `seconds` Example: `switch(config-if)# ip ospf retransmit-interval 30`	Sets the estimated time in seconds between LSAs transmitted from this interface. The range is from 1 to 65535. The default is 5.
Step 11	ip ospf transmit-delay `seconds` Example: `switch(config-if)# ip ospf transmit-delay 450 switch(config-if)#`	Sets the estimated time in seconds to transmit an LSA to a neighbor. The range is from 1 to 450. The default is 1.
Step 12	(Optional) show ip ospf Example: `switch(config-if)# show ip ospf`	(Optional) Displays information about OSPF.
Step 13	(Optional) copy running-config startup-config Example: `switch(config)# copy running-config startup-config`	(Optional) Copies the running configuration to the startup configuration.

Example

This example shows how to control LSA flooding with the lsa-group-pacing option:

switch# configure terminal
switch(config)# router ospf 201
switch(config-router)# timers lsa-group-pacing 300
switch(config-router)# copy running-config startup-config

Configuring Graceful Restart

Graceful restart is enabled by default. You can configure the following optional parameters for graceful restart in an OSPFv2 instance:

Grace period—Configures how long neighbors should wait after a graceful restart has started before tearing down adjacencies.
Helper mode disabled—Disables helper mode on the local OSPFv2 instance. OSPFv2 does not participate in the graceful restart of a neighbor.
Planned graceful restart only—Configures OSPFv2 to support graceful restart only in the event of a planned restart.

Before you begin

Ensure that you have enabled OSPF (see the Enabling OSPFv2 section).

Ensure that all neighbors are configured for graceful restart with matching optional parameters set.

SUMMARY STEPS

configure terminal
router ospf instance-tag
graceful-restart
(Optional) graceful-restart grace-period seconds
(Optional) graceful-restart helper-disable
(Optional) graceful-restart planned-only
(Optional) show ip ospf instance-tag
(Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	router ospf `instance-tag` Example: `switch(config)# router ospf 201 switch(config-router)#`	Creates a new OSPFv2 instance with the configured instance tag.
Step 3	graceful-restart Example: `switch(config-router)# graceful-restart`	Enables a graceful restart. A graceful restart is enabled by default.
Step 4	(Optional) graceful-restart grace-period `seconds` Example: `switch(config-router)# graceful-restart grace-period 120`	(Optional) Sets the grace period, in seconds. The range is from 5 to 1800. The default is 60 seconds.
Step 5	(Optional) graceful-restart helper-disable Example: `switch(config-router)# graceful-restart helper-disable`	(Optional) Disables helper mode. This feature is enabled by default.
Step 6	(Optional) graceful-restart planned-only Example: `switch(config-router)# graceful-restart planned-only`	(Optional) Configures a graceful restart for planned restarts only.
Step 7	(Optional) show ip ospf `instance-tag` Example: `switch(config-router)# show ip ospf 201`	(Optional) Displays OSPF information.
Step 8	(Optional) copy running-config startup-config Example: `switch(config)# copy running-config startup-config`	(Optional) Copies the running configuration to the startup configuration.

Example

This example shows how to enable a graceful restart if it has been disabled and set the grace period to 120 seconds:

switch# configure terminal
switch(config)# router ospf 201
switch(config-router)# graceful-restart
switch(config-router)# graceful-restart grace-period 120
switch(config-router)# copy running-config startup-config

Restarting an OSPFv2 Instance

You can restart an OSPv2 instance. This action clears all neighbors for the instance.

To restart an OSPFv2 instance and remove all associated neighbors, use the following command:

SUMMARY STEPS

restart ospf instance-tag

DETAILED STEPS

Command or Action Purpose

Command or Action	Purpose
restart ospf `instance-tag` Example: `switch(config)# restart ospf 201`	Restarts the OSPFv2 instance and removes all neighbors.

restart ospf instance-tag

Example:

switch(config)# restart ospf 201

Restarts the OSPFv2 instance and removes all neighbors.

Configuring OSPFv2 with Virtualization

You can create multiple OSPFv2 instances. You can also create multiple VRFs and use the same or multiple OSPFv2 instances in each VRF. You can assign an OSPFv2 interface to a VRF.

Note

Configure all other parameters for an interface after you configure the VRF for an interface. Configuring a VRF for an interface deletes all the configuration for that interface.

Before you begin

Ensure that you have enabled the OSPF feature (see the Enabling OSPFv2 section).

SUMMARY STEPS

configure terminal
vrf context vrf-name
router ospf instance-tag
vrf vrf-name
(Optional) maximum-paths path
interface interface-type slot/port
vrf member vrf-name
ip address ip-prefix/length
ip router ospf instance-tag area area-id
(Optional) copy running-config startup-config

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	vrf context `vrf-name` Example: `switch(config)# vrf context RemoteOfficeVRF switch(config-vrf)#`	Creates a new VRF and enters VRF configuration mode.
Step 3	router ospf `instance-tag` Example: `switch(config-vrf)# router ospf 201 switch(config-router)#`	Creates a new OSPFv2 instance with the configured instance tag.
Step 4	vrf `vrf-name` Example: `switch(config-router)# vrf RemoteOfficeVRF switch(config-router-vrf)#`	Enters VRF configuration mode.
Step 5	(Optional) maximum-paths `path` Example: `switch(config-router-vrf)# maximum-paths 4`	(Optional) Configures the maximum number of equal OSPFv2 paths to a destination in the route table for this VRF. This feature is used for load balancing.
Step 6	interface `interface-type slot/port` Example: `switch(config-router-vrf)# interface ethernet 1/2 switch(config-if)#`	Enters interface configuration mode.
Step 7	vrf member `vrf-name` Example: `switch(config-if)# vrf member RemoteOfficeVRF`	Adds this interface to a VRF.
Step 8	ip address `ip-prefix/length` Example: `switch(config-if)# ip address 192.0.2.1/16`	Configures an IP address for this interface. You must do this step after you assign this interface to a VRF.
Step 9	ip router ospf `instance-tag` area `area-id` Example: `switch(config-if)# ip router ospf 201 area 0`	Assigns this interface to the OSPFv2 instance and area configured.
Step 10	(Optional) copy running-config startup-config Example: `switch(config)# copy running-config startup-config`	(Optional) Copies the running configuration to the startup configuration.

Example

This example shows how to create a VRF and add an interface to the VRF:

switch# configure terminal
switch(config)# vrf context NewVRF
switch(config)# router ospf 201
switch(config)# interface ethernet 1/2
switch(config-if)# vrf member NewVRF
switch(config-if)# ip address 192.0.2.1/16
switch(config-if)# ip router ospf 201 area 0
switch(config-if)# copy running-config startup-config

Verifying the OSPFv2 Configuration

To display the OSPFv2 configuration, perform one of the following tasks:


Command	Purpose
show ip ospf [`instance-tag`] [vrf `vrf-name`]	Displays information about one or more OSPF routing instances. The output includes the following area-level counts: Interfaces in this area—A count of all interfaces added to this area (configured interfaces). Active interfaces—A count of all interfaces considered to be in router link states and SPF (UP interfaces). Passive interfaces—A count of all interfaces considered to be OSPF passive (no adjacencies will be formed). Loopback interfaces—A count of all local loopback interfaces.
show ip ospf border-routers [ vrf { `vrf-name` \| all \| default \| management }]	Displays the OSPFv2 border router configuration.
show ip ospf database [ vrf { `vrf-name` \| all \| default \| management}]	Displays the OSPFv2 link-state database summary.
show ip ospf interface `number` [ vrf { `vrf-name` \| all \| default \| management }]	Displays OSPFv2-related interface information.
show ip ospf lsa-content-changed-list `neighbor-id interface - type number` [ vrf { `vrf-name` \| all \| default \| management }]	Displays the OSPFv2 LSAs that have changed.
show ip ospf neighbors [ `neighbor-id` ] [ detail ] [ `interface - type number` ] [ vrf { `vrf-name` \| all \| default \| management }] [ summary ]	Displays the list of OSPFv2 neighbors.
show ip ospf request-list `neighbor-id interface - type number` [ vrf {`vrf-name` \| all \| default \| management }]	Displays the list of OSPFv2 link-state requests.
show ip ospf retransmission-list `neighbor-id interface - type number` [ vrf { `vrf-name` \| all \| default \| management }]	Displays the list of OSPFv2 link-state retransmissions.
show ip ospf route [ `ospf-route` ] [ summary ] [ vrf { `vrf-name` \| all \| default \| management }]	Displays the internal OSPFv2 routes.
show ip ospf summary-address [ vrf { `vrf-name` \| all \| default \| management }]	Displays information about the OSPFv2 summary addresses.
show ip ospf virtual-links [ brief ] [ vrf { `vrf-name` \| all \| default \| management }]	Displays information about OSPFv2 virtual links.
show ip ospf vrf { `vrf-name` \| all \| default \| management }	Displays information about the VRF-based OSPFv2 configuration.
show running-configuration ospf	Displays the current running OSPFv2 configuration.

Monitoring OSPFv2

To display OSPFv2 statistics, use the following commands:


Command	Purpose
show ip ospf policy statistics area `area-id` filter list {in \| out} [vrf {`vrf-name` \| all \| default \| management}]	Displays the OSPFv2 route policy statistics for an area.
show ip policy statistics redestribute {bgp `id` \| direct \| eigrp `id` \| isis `id` \| ospf `id`\| rip`id`\| static} [vrf {`vrf-name` \| all \| default \| management}]	Displays the OSPFv2 route policy statistics.
show ip ospf statistics [vrf {`vrf-name` \| all \| default \| management}]	Displays the OSPFv2 event counters.
show ip ospf traffic [`interface-type number`] [vrf {`vrf-name` \| all \| default \| management}]	Displays the OSPFv2 packet counters.

Configuration Examples for OSPFv2

The following example shows how to configure OSPFv2:

feature ospf
router ospf 201
 router-id 290.0.2.1
interface ethernet 1/2
 ip router ospf 201 area 0.0.0.10
 ip ospf authentication
 ip ospf authentication-key 0 mypass

OSPF RFC Compatibility Mode Example

The following example shows how to configure OSPF to be compatible with routers that comply with RFC 1583:

Note

You must configure RFC 1583 compatibility on any VRF that connects to routers running only RFC 1583 compatible OSPF.

switch# configure terminal
switch(config)# feature ospf
switch(config)# router ospf Test1
switch(config-router)# rfc1583compatibility
switch(config-router)# vrf A
switch(config-router-vrf)# rfc1583compatibility

Additional References

For additional information related to implementing OSPF, see the following sections:

Related Topic	Document Title
Keychains	Cisco Nexus 9000 Series NX-OS Security Configuration Guide
OSPFv3 for IPv6 networks	Configuring OSPFv3
Route maps	Configuring Route Policy Manager

MIBs


MIBs	MIBs Link
MIBs related to OSPFv2	To locate and download supported MIBs, go to the following URL: ftp://ftp.cisco.com/pub/mibs/supportlists/nexus9000/Nexus9000MIBSupportList.html

Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide, Release 10.5(x)

Bias-Free Language

Results

Chapter: Configuring OSPFv2

Configuring OSPFv2

About OSPFv2

OSPFv2 and the Unicast RIB

Authentication

Simple Password Authentication

Cryptographic Authentication

MD5 Authentication

HMAC-SHA Authentication

Advanced Features

Stub Area

Not So Stubby Area

Virtual Links

Route Redistribution

Route Summarization

High Availability and Graceful Restart

OSPFv2 Stub Router Advertisements

Multiple OSPFv2 Instances

SPF Optimization

BFD

Virtualization Support for OSPFv2

Prerequisites for OSPFv2

Guidelines and Limitations for OSPFv2

Default Settings for OSPFv2

Configuring Basic OSPFv2

Enabling OSPFv2

SUMMARY STEPS

DETAILED STEPS

Example:

Example:

Example:

Example:

Example:

Example

Creating an OSPFv2 Instance

Before you begin

SUMMARY STEPS

DETAILED STEPS

Example:

Example:

Example:

Example:

Example:

Example

Configuring Optional Parameters on an OSPFv2 Instance

Before you begin

SUMMARY STEPS

DETAILED STEPS

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example

Configuring Networks in OSPFv2

Before you begin

SUMMARY STEPS

DETAILED STEPS

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example

Configuring Authentication for an Area

Before you begin