This document will explain the proceedure to birng the OSPFV3 between SRX and the EX switches, VC or Stand alone with default routing instance inet0 and with virtual routrers
Network Toplogy:
EX 4500 VC switch 0 <====> ae3 <====> Reth interface 0 on SRX 1400 cluster primary node (node 0 is primary for both Redundant Groups)
EX 4500VC switch 1 <====> ae4 <====> Reth interface 0 on SRX 1400 cluster secondary node (node 1 is secondary for both Redundant Groups)
EX 4500 has two routing-instances, VRF_PAC and VRF_ECB in addition to default inet0.
EX 4500 two member VC is running 11.4R1.6
SRX 1400 is running 11.4R1 with flow mode set to IPV6 using command “set security forwarding-options family inet6 mode flow-based”
In absence of inet6 flow mode, SRX will not let you commit any ipv6 configurations and returns an error message.
/(RETH0.32)—-(Vlan.32) EX-VRF_ECB
/
(RETH0.500) Default SRX——Default EX (Vlan.500)
\
\(RETH0.64)—-(Vlan.64) EX-VRF_PAC
Goal of this document is to bring up IPV6 OSPF3 between EX and SRX over default vlan.500, vlan.64 ( in VRF_PAC ) and vlan.32 ( in VRF_ECB) how ever OSPF3 neigborship is only being established on one link, either inet0 or any of the routing-instance.Remaining two stays stuck in init state as shown below.
[email protected]# run show ospf3 neighbor ID Interface State Pri Dead 108.161.240.253 vlan.500 Full 128 35 Neighbor-address fe80::210:db01:f4ff:b000 {master:0}[edit] [email protected]# run show ospf3 neighbor instance VRF_PAC ID Interface State Pri Dead 108.161.240.253 vlan.64 Init 128 35 Neighbor-address fe80::210:db00:40ff:b000 {master:0}[edit] [email protected]# run show ospf3 neighbor instance VRF_ECB ID Interface State Pri Dead 108.161.240.253 vlan.32 Init 128 36 Neighbor-address fe80::210:db00:20ff:b000
Note that OSPFV2 works fine with IPv4 and all 3 vlans have proper OSPF neighborship up as shown below.
{master:0}[edit]
[email protected]# run show ospf neighbor
Address Interface State ID Pri Dead
108.161.241.133 vlan.500 Full 108.161.240.253 128 34
{master:0}[edit]
[email protected]# run show ospf neighbor instance VRF_PAC
Address Interface State ID Pri Dead
10.240.64.1 vlan.64 Full 108.161.240.253 128 36
{master:0}[edit]
[email protected]# run show ospf neighbor instance VRF_ECB
Address Interface State ID Pri Dead
10.240.32.1 vlan.32 Full 108.161.240.253 128 32
[email protected]# run show ospf3 statistics
Packet type Total Last 5 seconds
Sent Received Sent Received
Hello 24666 24193 0 2
DbD 3 2 0 0
LSReq 1 0 0 0
LSUpdate 53 113 0 0
LSAck 108 53 0 0
DBDs retransmitted : 0, last 5 seconds : 0
LSAs flooded : 56, last 5 seconds : 0
LSAs flooded high-prio : 1, last 5 seconds : 0
LSAs retransmitted : 0, last 5 seconds : 0
LSAs transmitted to nbr: 0, last 5 seconds : 0
LSAs requested : 5, last 5 seconds : 0
LSAs acknowledged : 118, last 5 seconds : 0
Flood queue depth : 0
Total rexmit entries : 0
db summaries : 0
lsreq entries : 0
Receive errors:
None
{master:0}[edit]
[email protected]# run show ospf3 statistics instance VRF_PAC
Packet type Total Last 5 seconds
Sent Received Sent Received
Hello 24 8 0 0
DbD 0 0 0 0
LSReq 0 0 0 0
LSUpdate 0 0 0 0
LSAck 0 0 0 0
DBDs retransmitted : 0, last 5 seconds : 0
LSAs flooded : 0, last 5 seconds : 0
LSAs flooded high-prio : 0, last 5 seconds : 0
LSAs retransmitted : 0, last 5 seconds : 0
LSAs transmitted to nbr: 0, last 5 seconds : 0
LSAs requested : 0, last 5 seconds : 0
LSAs acknowledged : 0, last 5 seconds : 0
Flood queue depth : 0
Total rexmit entries : 0
db summaries : 0
lsreq entries : 0
Receive errors:
None
{master:0}[edit]
[email protected]# run show ospf3 statistics instance VRF_ECB
Packet type Total Last 5 seconds
Sent Received Sent Received
Hello 27 7 0 0
DbD 3 2 0 0
LSReq 1 1 0 0
LSUpdate 2 2 0 0
LSAck 2 1 0 0
DBDs retransmitted : 0, last 5 seconds : 0
LSAs flooded : 0, last 5 seconds : 0
LSAs flooded high-prio : 1, last 5 seconds : 0
LSAs retransmitted : 0, last 5 seconds : 0
LSAs transmitted to nbr: 1, last 5 seconds : 0
LSAs requested : 2, last 5 seconds : 0
LSAs acknowledged : 5, last 5 seconds : 0
Flood queue depth : 0
Total rexmit entries : 0
db summaries : 0
lsreq entries : 0
Receive errors:
None
{master:0}[edit]
[email protected]# run show ospf3 interface instance VRF_PAC
Interface State Area DR ID BDR ID Nbrs
vlan.64 DR 0.0.0.0 10.240.64.2 0.0.0.0 1
{master:0}[edit]
[email protected]# show routing-instances VRF_PAC
instance-type virtual-router;
interface vlan.64;
routing-options {
static {
route 0.0.0.0/0 next-hop 10.240.64.1;
}
router-id 10.240.64.2;
}
protocols {
ospf {
area 0.0.0.0 {
interface all {
passive;
}
interface vlan.64;
}
}
ospf3 {
inactive: realm ipv4-unicast {
area 0.0.0.0 {
interface all {
passive;
}
interface vlan.64;
}
}
reference-bandwidth 1m;
area 0.0.0.0 {
interface all {
passive;
}
interface vlan.64;
}
}
}
{master:0}[edit]
[email protected]#
[email protected]# show routing-instances VRF_ECB
instance-type virtual-router;
interface vlan.32;
routing-options {
router-id 10.240.32.2;
}
protocols {
ospf {
area 0.0.0.0 {
interface all {
passive;
}
interface vlan.32;
}
}
ospf3 {
inactive: realm ipv4-unicast {
area 0.0.0.0 {
interface all {
passive;
}
interface vlan.32;
}
}
reference-bandwidth 1m;
area 0.0.0.0 {
interface all {
passive;
}
interface vlan.32;
}
}
}
Note that here realm ipv4-unicast is deactivated for the purpose of illustration, however activating it still shows the same behavior.
All the vlan interfaces of the EX use the same IPV6 link local address:
[email protected]> show interfaces vlan.500
…
Destination: fe80::/64, Local: fe80::7afe:3dff:fe48:b5c1 <<<<<<
…
[email protected]> show interfaces vlan.32
…
Addresses, Flags: Is-Preferred
Destination: fe80::/64, Local: fe80::7afe:3dff:fe48:b5c1 <<<<<<
…
[email protected]> show interfaces vlan.64
…
Destination: fe80::/64, Local: fe80::7afe:3dff:fe48:b5c1 <<<<<<
Since all the vlan interfaces of the ex use the same IPV6 link local address, it causes the SRX to not be able to talk IPV6 link-local flooding while multiple EX routing instances are connect to the SRX. So, at a time only one vlan interface can form the ospf3 neighborship with ipv6 address with fulll adjacency.
Details:
======
EX configurations:
==================
{master:0}[edit]
[email protected]# run show interfaces terse | find 500
vlan.500 up up inet 108.161.241.132/25
inet6 2505:2800:4002::1/64
fe80::52c5:8dff:feae:8341/64 <<<< Same link local address for all interfaces
vlan.900 up down inet 108.161.240.241/31
inet6 fe80::52c5:8dff:feae:8341/64 <<<< Same link local address for all interfaces
vlan.901 up down inet 108.161.240.233/31
inet6 fe80::52c5:8dff:feae:8341/64 <<<< Same link local address for all interfaces
vlan.903 up down inet6 2606:2800:4002::1/64
fe80::52c5:8dff:feae:8341/64
{master:0}[edit]
[email protected]# run show interfaces terse | find vlan.32
vlan.32 up up inet 10.240.32.2/24
inet6 2325:2800:4002::1/64
fe80::52c5:8dff:feae:8341/64 <<<< Same link local address for all interfaces, even in other routing instances
vlan.64 up up inet 10.240.64.2/24
inet6 2645:2800:4002::1/64
fe80::52c5:8dff:feae:8341/64 <<<< Same link local address for all interfaces, even in other routing instances
[email protected]# run show ospf3 neighbor instance VRF_PAC
ID Interface State Pri Dead
108.161.240.253 vlan.64 Init 128 34
Neighbor-address fe80::210:db00:40ff:b000
{master:0}[edit]
[email protected]# run show ospf3 neighbor instance VRF_ECB
ID Interface State Pri Dead
108.161.240.253 vlan.32 Init 128 36
Neighbor-address fe80::210:db00:20ff:b000
{Primary:node0}[edit]
root@SRX1400# run show ospf3 neighbor
ID Interface State Pri Dead
108.161.240.252 reth0.500 Full 128 31 <<<< only one neighbor comes up with full adjancency.
Neighbor-address fe80::52c5:8dff:feae:8341
SRX Configurations:
==================
root@SRX1400# run show interfaces terse | match reth0
Interface Admin Link Proto Local Remote
reth0 up up
reth0.32 up up inet 10.240.32.1/24
inet6 fe80::210:db00:20ff:b000/64 <<<< Different link local addresses
multiservice
reth0.64 up up inet 10.240.64.1/24
inet6 fe80::210:db00:40ff:b000/64 <<<< Different link local addresses
multiservice
reth0.500 up up inet 108.161.241.133/25
inet6 2606:2800:4002::2/64
fe80::210:db01:f4ff:b000/64 <<<< Different link local addresses
multiservice
reth0.32767 up up multiservice
Manually Change the link-local addresses for each of the 3 vlan interfaces in EX, so that they appear unique links to SRX and the OSPF3 neighbors will come up just fine.
This is as per the current design.
Configuration on EX:
====================
set interfaces vlan unit 32 family inet6 address fe80::52c5:8dff:feae:8341/64 set interfaces vlan unit 64 family inet6 address fe80::52c5:8dff:feae:8343/64 set interfaces vlan unit 500 family inet6 address fe80::52c5:8dff:feae:8342/64 [email protected]# run show ospf3 neighbor ID Interface State Pri Dead 108.161.240.253 vlan.500 Full 128 32 Neighbor-address fe80::210:db01:f4ff:b000 [email protected]# run show ospf3 neighbor instance VRF_PACNET ID Interface State Pri Dead 108.161.240.253 vlan.64 Full 128 33 Neighbor-address fe80::210:db00:40ff:b000 {master:0}[edit] [email protected]# run show ospf3 neighbor instance VRF_ECBO ID Interface State Pri Dead 108.161.240.253 vlan.32 Full 128 39 Neighbor-address fe80::210:db00:20ff:b000 {master:0}[edit] [email protected]# SRX: === root@SRX1400# run show interfaces terse | match reth0 Interface Admin Link Proto Local Remote reth0.32 up up inet 10.240.32.1/24 inet6 2325:2800:4002::2/64 fe80::210:db00:20ff:b000/64 multiservice reth0.64 up up inet 10.240.64.1/24 inet6 2645:2800:4002::2/64 fe80::210:db00:40ff:b000/64 multiservice reth0.500 up up inet 108.161.241.133/25 inet6 2505:2800:4002::2/64 fe80::210:db01:f4ff:b000/64