Prefix Suppression Support for OSPFv3
This feature enables Open Shortest Path First version 3 (OSPFv3) to hide the IPv4 and IPv6 prefixes of connected networks from link-state advertisements (LSAs). When OSPFv3 is deployed in large networks, limiting the number of IPv4 and IPv6 prefixes that are carried in the OSPFv3 LSAs can speed up OSPFv3 convergence.
This feature can also be utilized to enhance the security of an OSPFv3 network by allowing the network administrator to prevent IP routing toward internal nodes.
Prerequisites for Prefix Suppression Support for OSPFv3
Before you can use the mechanism to exclude IPv4 and IPv6 prefixes from LSAs, the OSPFv3 routing protocol must be configured.
Information About Prefix Suppression Support for OSPFv3
OSPFv3 Prefix Suppression Support
The OSPFv3 Prefix Suppression Support feature allows you to hide IPv4 and IPv6 prefixes that are configured on interfaces running OSPFv3.
In OSPFv3, addressing semantics have been removed from the OSPF protocol packets and the main LSA types, leaving a network-protocol-independent core. This means that Router-LSAs and network-LSAs no longer contain network addresses, but simply express topology information. The process of hiding prefixes is simpler in OSPFv3 and suppressed prefixes are simply removed from the intra-area-prefix-LSA. Prefixes are also propagated in OSPFv3 via link LSAs
The OSPFv3 Prefix Suppression feature provides a number of benefits.The exclusion of certain prefixes from adverstisements means that there is more memory available for LSA storage, bandwidth and buffers for LSA flooding, and CPU cycles for origination and flooding of LSAs and for SPF computation. Prefixes are also filtered from link LSAs. A device only filters locally configured prefixes, not prefixes learnt via link LSAs. In addition, security has been improved by reducing the possiblity of remote attack with the hiding of transit-only networks.
Globally Suppress IPv4 and IPv6 Prefix Advertisements by Configuring the OSPFv3 Process
You can reduce OSPFv3 convergence time by configuring the OSPFv3 process on a device to prevent the advertisement of all IPv4 and IPv6 prefixes by using the prefix-suppression command in router configuration mode or address-family configuration mode.
Note |
Prefixes that are associated with loopbacks, secondary IP addresses, and passive interfaces are not suppressed by the router mode or the address-family configuration commands because typical network designs require prefixes to remain reachable. |
Suppress IPv4 and IPv6 Prefix Advertisements on a Per-Interface Basis
You can explicitly configure an OSPFv3 interface not to advertise its IP network to its neighbors by using the ipv6 ospf prefix-suppression command or the ospfv3 prefix-suppression command in interface configuration mode.
Note |
If you have globally suppressed IPv4 and IPv6 prefixes from connected IP networks by configuring the prefix-suppression router configuration command, the interface configuration command takes precedence over the router configuration command. |
How to Configure Prefix Suppression Support for OSPFv3
Configuring Prefix Suppression Support of the OSPFv3 Process
SUMMARY STEPS
- enable
- configure terminal
- router ospfv3 process-id [vrf vpn-name ]
- prefix-suppression
- end
- show ospfv3
DETAILED STEPS
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode.
|
||
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
||
Step 3 |
router ospfv3 process-id [vrf vpn-name ] Example:
|
Configures an OSPFv3 routing process and enters router configuration mode. |
||
Step 4 |
prefix-suppression Example:
|
Prevents OSPFv3 from advertising all IPv4 and IPv6 prefixes, except prefixes that are associated with loopbacks, secondary IP addresses, and passive interfaces. |
||
Step 5 |
end Example:
|
Returns to privileged EXEC mode. |
||
Step 6 |
show ospfv3 Example:
|
Displays general information about OSPFv3 routing processes.
|
Configuring Prefix Suppression Support of the OSPFv3 Process in Address-Family Configuration Mode
SUMMARY STEPS
- enable
- configure terminal
- router ospfv3 process-id [vrf vpn-name ]
- address-family ipv6 unicast
- prefix-suppression
- end
- show ospfv3
DETAILED STEPS
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode.
|
||
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
||
Step 3 |
router ospfv3 process-id [vrf vpn-name ] Example:
|
Configures an OSPFv3 routing process and enters router configuration mode. |
||
Step 4 |
address-family ipv6 unicast Example:
|
Enters IPv6 address family configuration mode for OSPFv3. |
||
Step 5 |
prefix-suppression Example:
|
Prevents OSPFv3 from advertising all IPv4 and IPv6 prefixes, except prefixes that are associated with loopbacks, secondary IP addresses, and passive interfaces. |
||
Step 6 |
end Example:
|
Returns to privileged EXEC mode. |
||
Step 7 |
show ospfv3 Example:
|
Displays general information about OSPFv3 routing processes.
|
Configuring Prefix Suppression Support on a Per-Interface Basis
SUMMARY STEPS
- enable
- configure terminal
- interface type number
- Do one of the following:
- ipv6 ospf prefix-suppression [disable ]
- ospfv3 prefix-suppression disable
- end
- show ospfv3 interface
DETAILED STEPS
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode.
|
||
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
||
Step 3 |
interface type number Example:
|
Configures an interface type and enters interface configuration mode. |
||
Step 4 |
Do one of the following:
Example:
Example:
|
Prevents OSPFv3 from advertising IPv4 and IPv6 prefixes that belong to a specific interface, except those that are associated with secondary IP addresses.
|
||
Step 5 |
end Example:
|
Returns to privileged EXEC mode. |
||
Step 6 |
show ospfv3 interface Example:
|
Displays OSPFv3-related interface information.
|
Troubleshooting IPv4 and IPv6 Prefix Suppression
SUMMARY STEPS
- enable
- debug ospfv3 lsa-generation
- debug condition interface interface-type interface-number [dlci dlci ] [vc {vci | vpi | vci }]
- show debugging
- show logging [slot slot-number | summary ]
DETAILED STEPS
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode.
|
Step 2 |
debug ospfv3 lsa-generation Example:
|
Displays informations about each OSPFv3 LSA that is generated. |
Step 3 |
debug condition interface interface-type interface-number [dlci dlci ] [vc {vci | vpi | vci }] Example:
|
Limits output for some debug commands on the basis of the interface or virtual circuit. |
Step 4 |
show debugging Example:
|
Displays information about the types of debugging that are enabled for your device. |
Step 5 |
show logging [slot slot-number | summary ] Example:
|
Displays the state of syslog and the contents of the standard system logging buffer. |
Prefix Suppression Support for OSPFv3
Example: Configuring Prefix Suppression Support for OSPFv3
The following example shows how to configure prefix suppression support for OSPFv3 in router configuration mode:
router ospfv3 1
prefix-suppression
!
address-family ipv6 unicast
router-id 0.0.0.6
exit-address-family
The following example shows how to configure prefix suppression support for OSPFv3 in address-family configuration mode:
router ospfv3 1
!
address-family ipv6 unicast
router-id 10.0.0.6
prefix-suppression
exit-address-family
The following example shows how to configure prefix suppression support for OSPFv3 in interface configuration mode:
interface Ethernet0/0
ip address 10.0.0.1 255.255.255.0
ipv6 address 2001:201::201/64
ipv6 enable
ospfv3 prefix-suppression
ospfv3 1 ipv4 area 0
ospfv3 1 ipv6 area 0
end
Feature Information for Prefix Suppression Support for OSPFv3
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Releases |
Feature Information |
---|---|
Cisco IOS XE Fuji 16.8.1a |
The feature was introduced. |