OSPFv3 is the IPv6-enabled version of OSPF, essential for routing IPv6 traffic in enterprise networks. On the CCNA 200-301 exam, you must understand its differences from OSPFv2, how it uses link-local addresses, and how to configure and verify it. This chapter covers exam objective 3.4: Configure and verify OSPFv3 for IPv6, a topic that separates prepared candidates from the rest.
Jump to a section
Imagine a neighborhood where every house has a unique global postal address (like a global unicast IPv6 address). However, for local deliveries within the neighborhood, the postal service uses a simpler, internal code (like a link-local address). The neighborhood association (OSPFv3) maintains a directory of all houses and their global addresses, but when communicating with immediate neighbors, they use the internal codes. Now, the association has a new rule: they no longer need to include the house's street name in their directory entries—they only need the house number and the internal code. This is like OSPFv3 removing the need for IPv4 network statements; it runs directly over IPv6 link-local addresses. The association also adds a new feature: they can now carry information about multiple types of mail (multiple address families) in the same directory. This mirrors OSPFv3's ability to support both IPv6 and IPv4 (via address families). Finally, the association uses a different, more secure lockbox for their meeting minutes (authentication), which is now built into the IPv6 protocol itself (IPsec) rather than being a separate mechanism. So, OSPFv3 is like an upgraded neighborhood directory: it uses internal codes for neighbor communication, doesn't need street names in entries, can handle multiple mail types, and uses a built-in security system.
What is OSPFv3?
OSPFv3 (Open Shortest Path First version 3) is a link-state routing protocol for IPv6, defined in RFC 5340. It is the IPv6 counterpart of OSPFv2, which routes IPv4. While the fundamental operation remains the same—neighbor discovery, LSA flooding, SPF calculation—OSPFv3 introduces several key differences to accommodate IPv6's larger addresses and new features.
Why OSPFv3 Exists
IPv6 addresses are 128 bits, making it impractical to embed them in OSPF packets the way OSPFv2 embeds IPv4 addresses. OSPFv3 decouples the protocol from the network layer: it runs per-link (not per-subnet) and uses link-local IPv6 addresses (FE80::/10) for all neighbor communication. This design allows OSPFv3 to support multiple address families (IPv6 and IPv4) on a single process.
How OSPFv3 Works: Packet-Level Details
OSPFv3 uses the same packet types as OSPFv2: Hello, DBD (Database Description), LSR (Link State Request), LSU (Link State Update), and LSAck (Link State Acknowledgment). However, the packet headers are different:
OSPFv3 Header: Contains Version (3), Type, Packet Length, Router ID, Area ID, Checksum, Instance ID, and Reserved (0). The Instance ID allows multiple OSPFv3 processes on the same link.
Authentication: OSPFv3 relies on IPsec for authentication and encryption, rather than the simple authentication fields in OSPFv2.
Addressing: All OSPFv3 packets are sent to the multicast addresses FF02::5 (all OSPF routers) and FF02::6 (all DR/BDR routers). The source address is always the router's link-local IPv6 address.
OSPFv3 LSA Types
OSPFv3 modifies the LSA types and adds new ones:
Router LSA (Type 0x2001): Describes the router's interfaces and neighbors. Uses Link Data fields that are 32-bit interface IDs, not IP addresses.
Network LSA (Type 0x2002): Generated by the DR on a multi-access network. Contains the Router IDs of all attached routers.
Inter-Area Prefix LSA (Type 0x2003): Replaces OSPFv2's Type 3 summary LSA. Carries IPv6 prefixes from other areas.
Inter-Area Router LSA (Type 0x2004): Replaces OSPFv2's Type 4 summary LSA. Carries information about ASBRs.
AS-External LSA (Type 0x4005): Replaces OSPFv2's Type 5 external LSA. Carries external IPv6 prefixes.
Link LSA (Type 0x0008): New in OSPFv3. Advertises the router's link-local address and IPv6 prefixes on a link to all other routers on that link.
Intra-Area Prefix LSA (Type 0x2009): New in OSPFv3. Associates IPv6 prefixes with a Router or Network LSA.
Key States and Timers
OSPFv3 uses the same neighbor states as OSPFv2: Down, Attempt (NBMA only), Init, 2-Way, ExStart, Exchange, Loading, Full. Default Hello and Dead intervals are 10 seconds and 40 seconds (40 seconds for broadcast and point-to-point links; 30 seconds and 120 seconds for NBMA). The SPF delay is 5 seconds, with a hold time of 10 seconds.
IOS CLI Verification Commands
To verify OSPFv3 configuration, use the following commands:
show ipv6 ospf neighbor
show ipv6 ospf interface
show ipv6 ospf database
show ipv6 route ospfExample output:
R1# show ipv6 ospf neighbor
Neighbor ID Pri State Dead Time Interface ID Interface
2.2.2.2 1 FULL/DR 00:00:39 5 GigabitEthernet0/0Interaction with Other Protocols
OSPFv3 interacts with IPv6 ND (Neighbor Discovery) for link-local address resolution. It also supports multiple address families (IPv6 unicast, IPv4 unicast) using the same OSPFv3 process, enabled via the address-family ipv6 or address-family ipv4 subcommands under router ospfv3.
Enable OSPFv3 Routing Process
Enter global configuration mode and start the OSPFv3 process using `ipv6 router ospf PROCESS-ID`. The process ID is locally significant. For example: `R1(config)# ipv6 router ospf 1`. This creates the OSPFv3 routing process. Then assign a router ID using `router-id A.B.C.D`. The router ID must be a 32-bit value, typically an IPv4 address, even if IPv4 is not configured. If not set, the router will use the highest IPv4 address on a loopback or physical interface; if no IPv4 address exists, the process will not start. Always configure a router ID manually.
Configure OSPFv3 on Interfaces
OSPFv3 is enabled directly on interfaces, not via network statements. Enter interface configuration mode for the desired interface and use `ipv6 ospf PROCESS-ID area AREA-ID`. For example: `R1(config-if)# ipv6 ospf 1 area 0`. The area ID can be a number (0-4294967295) or an IPv4-like dotted decimal (e.g., 0.0.0.0). All interfaces in the same area must have consistent area assignments. The interface must have an IPv6 link-local address (automatically assigned when IPv6 is enabled) and a global unicast address (optional but needed for routing).
Verify Neighbor Adjacency
Use `show ipv6 ospf neighbor` to verify that OSPFv3 has formed adjacencies with neighboring routers. Look for the state `FULL` and the correct neighbor router ID. If the state is `INIT` or `EXSTART`, there may be a mismatch in Hello/Dead timers, area ID, or authentication. Also check that interfaces are in the same area and that the link-local addresses are reachable (use `ping FE80::...` with `-c` and `-i` options).
Check OSPFv3 Interface Configuration
Use `show ipv6 ospf interface [interface]` to verify OSPFv3 settings on an interface. This command displays the area, process ID, cost, timers, neighbor count, and state (DR/BDR/DROTHER). Example output: `GigabitEthernet0/0 is up, line protocol is up` followed by details. Ensure the interface is in the correct area and that the cost is appropriate (default cost = reference bandwidth / interface bandwidth, with reference bandwidth defaulting to 100 Mbps).
Examine the OSPFv3 Database
Use `show ipv6 ospf database` to view the LSDB. This shows all LSA types and their ages, sequence numbers, and link-state IDs. For exam purposes, know how to identify the different LSA types (Router, Network, Inter-Area Prefix, etc.). Use `show ipv6 ospf database router [adv-router ROUTER-ID]` to see detailed LSA information. This is crucial for troubleshooting missing routes.
Verify IPv6 Routing Table
Use `show ipv6 route ospf` to display OSPFv3-learned routes. Look for the code `O` (OSPF intra-area), `OI` (inter-area), `OE1`/`OE2` (external type 1/2), and `ON1`/`ON2` (NSSA external). Ensure the correct next-hop link-local address is listed. If a route is missing, check the database and neighbor states. Common issues: mismatched area IDs, passive interfaces, or filtering.
In a dual-stack enterprise network, OSPFv3 is used alongside OSPFv2 to route both IPv4 and IPv6 traffic. For example, a large university might run OSPFv2 for its legacy IPv4 infrastructure and OSPFv3 for IPv6. A common deployment is to use a single OSPFv3 process with multiple address families (IPv4 and IPv6) to simplify management. This is configured using the router ospfv3 command (different from ipv6 router ospf) and the address-family subcommand. However, many networks still use separate processes for clarity.
Another scenario is an ISP that uses OSPFv3 for internal IPv6 routing within its backbone. OSPFv3's support for multiple instances (via Instance ID) allows the ISP to run separate OSPFv3 processes for different customers on the same link, a feature not available in OSPFv2.
Performance considerations: OSPFv3 uses the same SPF algorithm, so convergence times are similar. However, the larger LSDB due to additional LSA types (Link LSA, Intra-Area Prefix LSA) can increase memory usage. In large networks, summarization and stub areas are used to reduce the LSDB size.
Common misconfigurations: Forgetting to configure a router ID (the process fails silently), using the wrong area ID, or enabling OSPFv3 on an interface without an IPv6 address. Also, mismatched MTU between neighbors can prevent adjacency (OSPFv3 checks MTU in DBD packets). In production, always verify with show ipv6 ospf neighbor and show ipv6 route ospf after changes.
On the CCNA 200-301 exam, OSPFv3 appears in the 'IP Connectivity' domain (Objective 3.4). Expect 2-4 questions on configuration verification, LSA types, and differences from OSPFv2. The exam emphasizes practical knowledge: given a show command output, identify the issue.
Common wrong answers:
1. 'OSPFv3 uses network statements like OSPFv2.' - WRONG. OSPFv3 uses interface-level configuration.
2. 'OSPFv3 requires IPv4 addresses on interfaces.' - WRONG. OSPFv3 uses link-local IPv6 addresses for neighbor communication.
3. 'OSPFv3 uses the same LSA types as OSPFv2.' - WRONG. OSPFv3 has new LSA types (Link LSA, Intra-Area Prefix LSA) and modified existing ones.
4. 'OSPFv3 authentication is configured with ip ospf authentication-key.' - WRONG. OSPFv3 uses IPsec; the command is different.
Specific values to memorize: Default Hello interval = 10 seconds, Dead interval = 40 seconds, default reference bandwidth = 100 Mbps, OSPFv3 multicast addresses: FF02::5 (all routers) and FF02::6 (DR/BDR).
Calculation traps: Cost calculation uses reference bandwidth / interface bandwidth. If reference bandwidth is changed (e.g., to 1000 Mbps), cost values change. Exam may give output with cost values and ask for bandwidth.
Decision rule for scenario questions: If the question involves IPv6 routing and OSPF, first check if the configuration uses ipv6 router ospf or interface ipv6 ospf. If it shows network commands, it's OSPFv2, not OSPFv3. If it shows ipv6 ospf on an interface, it's OSPFv3.
OSPFv3 uses link-local IPv6 addresses for neighbor communication, not global unicast addresses.
OSPFv3 is enabled on interfaces with `ipv6 ospf PROCESS-ID area AREA-ID`, not network statements.
OSPFv3 requires a manually configured router ID (32-bit value) or an IPv4 address; without it, the process fails.
New LSA types in OSPFv3: Link LSA (Type 0x0008) and Intra-Area Prefix LSA (Type 0x2009).
OSPFv3 uses IPsec for authentication, not the simple authentication in OSPFv2.
Default Hello interval is 10 seconds, Dead interval is 40 seconds for broadcast and point-to-point links.
Verification commands: `show ipv6 ospf neighbor`, `show ipv6 ospf interface`, `show ipv6 ospf database`, `show ipv6 route ospf`.
These come up on the exam all the time. Here's how to tell them apart.
OSPFv2
Runs over IPv4
Uses network statements for interface activation
Router ID must be an IPv4 address
Authentication via simple password or MD5 in OSPF header
LSA types: 1-5 (Router, Network, Summary, ASBR Summary, External)
Uses IPv4 multicast addresses 224.0.0.5 and 224.0.0.6
OSPFv3
Runs over IPv6 (link-local addresses)
Uses interface-level configuration
Router ID is a 32-bit number (often IPv4 address) but not required for operation
Authentication via IPsec (AH or ESP)
LSA types: 0x2001, 0x2002, 0x2003, 0x2004, 0x4005, plus new types 0x0008 and 0x2009
Uses IPv6 multicast addresses FF02::5 and FF02::6
Mistake
OSPFv3 uses network statements to advertise interfaces.
Correct
OSPFv3 uses interface-level configuration: `ipv6 ospf PROCESS-ID area AREA-ID`. Network statements are for OSPFv2 only.
Candidates confuse OSPFv3 with OSPFv2 because the configuration syntax differs.
Mistake
OSPFv3 requires an IPv4 address on interfaces to form adjacencies.
Correct
OSPFv3 uses link-local IPv6 addresses (FE80::/10) for neighbor communication. No IPv4 address is needed.
Many think OSPFv3 still relies on IPv4 for router ID or adjacency, but it is fully IPv6-native.
Mistake
OSPFv3 uses the same LSA types as OSPFv2.
Correct
OSPFv3 has new LSA types (Link LSA, Intra-Area Prefix LSA) and renumbered existing ones (e.g., Router LSA is Type 0x2001).
The LSA type numbers are different, and the structure is adapted for IPv6.
Mistake
OSPFv3 authentication is configured with `ip ospf authentication-key`.
Correct
OSPFv3 relies on IPsec for authentication. The command is `ipv6 ospf authentication ipsec spi` or similar, not the OSPFv2 command.
Candidates assume authentication works the same as OSPFv2, but OSPFv3 uses a different mechanism.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
OSPFv3 is designed for IPv6, while OSPFv2 is for IPv4. Key differences: OSPFv3 uses link-local addresses for neighbor communication, is enabled on interfaces (not via network statements), has new LSA types (Link LSA, Intra-Area Prefix LSA), and uses IPsec for authentication. The fundamental SPF algorithm remains the same. Exam tip: Know the configuration syntax differences and the new LSA types.
No, OSPFv3 does not require an IPv4 address. It uses IPv6 link-local addresses for all OSPF communication. However, a router ID is required, which is a 32-bit number. If no router ID is configured and no IPv4 addresses exist, the process will not start. In practice, many engineers use an IPv4 loopback as the router ID for consistency, but it is not a requirement.
OSPFv3 uses IPsec for authentication. You configure an IPsec security policy using the command `ipv6 ospf authentication ipsec spi <SPI> sha1 <key>` under interface configuration mode. Alternatively, you can use AH or ESP. There is no simple password or MD5 authentication like OSPFv2. Exam tip: You may need to recognize the correct syntax in multiple-choice questions.
OSPFv3 introduces two new LSA types: Link LSA (Type 0x0008) and Intra-Area Prefix LSA (Type 0x2009). Link LSA advertises link-local addresses and prefixes on a link to all routers on that link. Intra-Area Prefix LSA associates IPv6 prefixes with Router or Network LSAs. Additionally, existing LSA types have been renumbered (e.g., Router LSA is Type 0x2001).
The INIT state means the router has received a Hello from the neighbor but the neighbor has not seen its own router ID in the Hello packet. Common causes: mismatched Hello/Dead timers, mismatched area IDs, or the neighbor's interface is passive. Check with `show ipv6 ospf interface` to verify timers and area. Also ensure that both routers are using the same instance ID (default 0).
Yes, OSPFv3 can route both IPv6 and IPv4 using address families. With the `router ospfv3` command (note: not `ipv6 router ospf`), you can configure an address-family ipv4 or ipv6 under the same process. This is known as OSPFv3 Address Families. However, the CCNA exam focuses on OSPFv3 for IPv6 only.
Use `show ipv6 route ospf` to view OSPFv3-learned routes. The output shows the prefix, next-hop link-local address, and metric. Use `show ipv6 ospf database` to see the LSDB. For neighbor status, use `show ipv6 ospf neighbor`. These are the key verification commands for the exam.
You've just covered OSPFv3 for IPv6 — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?