HP VPN Firewall Appliances Network Management Configuration Guide
778
Configuring BFD for OSPFv3
The following matrix shows the feature and hardware compatibility:
Hardware Com
p
atibilit
y
F1000-A-EI/F1000-S-EI No
F1000-E No
F5000 Yes
F5000-S/F5000-C No
VPN firewall modules No
20-Gbps VPN firewall modules No
Bidirectional forwarding detection (BFD) provides a mechanism to quickly detect the connectivity of links
between OSPFv3 neighbors, improving the convergence speed of OSPFv3. For more information about
BFD, see High Availability Configuration Guide.
After discovering neighbors by sending hello packets, OSPFv3 notifies BFD of the neighbor addresses,
and BFD uses these addresses to establish sessions. Before a BFD session is established, it is in the down
state. In this state, BFD control packets are sent at an interval of no less than 1 second to reduce BFD
control packet traffic. After the BFD session is established, BFD control packets are sent at the negotiated
interval, thereby implementing fast fault detection.
To configure BFD for OSPFv3, you need to configure OSPFv3 first.
To configure BFD for OSPFv3:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter OSPFv3 view.
ospfv3 [ process-id ]
N/A
3. Specify a router ID.
router-id router-id N/A
4. Quit the OSPFv3 view.
quit N/A
5. Enter interface view.
interface interface-type
interface-number
N/A
6. Enable an OSPFv3
process on the interface.
ospfv3 process-id area area-id
[ instance instance-id ]
By default, OSPFv3 is not enabled on
an interface.
7. Enable BFD on the
interface.
ospfv3 bfd enable [ instance
instance-id ]
By default, BFD is not enabled on an
OSPFv3 interface.
Applying IPsec policies for OSPFv3
To protect routing information and defend attacks, OSPFv3 can authenticate protocol packets by using
an IPsec policy.
Outbound OSPFv3 packets carry the Security Parameter Index (SPI) defined in the relevant IPsec policy.
A device uses the SPI carried in a received packet to match against the configured IPsec policy. If they