R3303-HP HSR6800 Routers Layer 3 - IP Routing Configuration Guide
327
Configuring BFD for OSPFv3
Bidirectional forwarding detection (BFD) provides a mechanism to quickly detect the connectivity of links
between OSPFv3 neighbors, thus to improve the convergence speed of OSPFv3.
After discovering neighbors by sending hello packets, OSPFv3 notifies BFD of the neighbor addresses,
and BFD uses these addresses to establish sessions. Before a BFD session is established, it is in the down
state. In this state, BFD control packets are sent at an interval of no less than one second to reduce BFD
control packet traffic. After the BFD session is established, BFD control packets are sent at the negotiated
interval, thereby implementing fast fault detection.
To configure BFD for OSPFv3, you need to configure OSPFv3 first.
For more information about BFD, see High Availability Configuration Guide.
To configure BFD for OSPFv3:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter OSPFv3 view.
ospfv3 [ process-id ]
N/A
3. Specify a router ID.
router-id router-id N/A
4. Quit the OSPFv3 view.
quit N/A
5. Enter interface view.
interface interface-type
interface-number
N/A
6. Enable an OSPFv3 process
on the interface.
ospfv3 process-id area area-id
[ instance instance-id ]
Not enabled by default.
7. Enable BFD on the interface.
ospfv3 bfd enable [ instance
instance-id ]
Not enabled by default.
Applying IPsec policies for OSPFv3
To protect routing information and defend attacks, OSPFv3 can authenticate protocol packets by using
an IPsec policy.
Outbound OSPFv3 packets carry the Security Parameter Index (SPI) defined in the relevant IPsec policy.
A device uses the SPI carried in a received packet to match against the configured IPsec policy. If they
match, the device accepts the packet. Otherwise, it discards the packet and will not establish a neighbor
relationship with the sending device.
You can configure an IPsec policy for an area, an interface, or a virtual link.
• To implement area-based IPsec protection, configure the same IPsec policy on the routers in the
target area.
• To implement interface-based IPsec protection, configure the same IPsec policy on the interfaces
between two neighboring routers.
• To implement virtual link-based IPsec protection, configure the same IPsec policy on the two routers
connected over the virtual link.
If an interface and its area each have an IPsec policy configured, the interface uses its own IPsec policy.
If a virtual link and area 0 each have an IPsec policy configured, the virtual link uses its own IPsec policy.