Basic OSPF example

In this example, three FortiGate devices are configured in an OSPF network.

  • Router1 is the Designated Router (DR). It has the highest priority and the lowest IP address, to ensure that it becomes the DR.

  • Router2 is the Backup Designated Router (BDR). It has a high priority to ensure that it becomes the BDR.

  • Router3 is the Autonomous System Border Router (ASBR). It routes all traffic to the ISP BGP router for internet access. It redistributes routes from BGP and advertises a default route to its neighbors. It can allow different types of routes, learned outside of OSPF, to be used in OSPF. Different metrics can be assigned to these routes to make them more or less preferred than regular OSPF routes. Route maps could be used to further control what prefixes are advertised or received from the ISP.

FortiGate

Interface

IP address

Router1 (DR)

 

port1

10.11.101.1

port2

10.11.102.1

port3

192.168.102.1

Router2 (BDR)

port1

10.11.101.2

port2

10.11.103.2

port3

192.168.103.2

Router3 (ASBR)

port1

10.11.102.3

port2

10.11.103.3

port3

172.20.120.3

  • Firewall policies are already configured to allow unfiltered traffic in both directions between all of the connected interfaces.

  • The interfaces are already configured, and NAT is only used for connections to public networks. The costs for all of the interfaces is left at 0.

  • The OSPF network belongs to Area 0, and is not connected to any other OSPF networks. All of the routers are part of the backbone 0.0.0.0 area, so no inter-area communications are needed.

  • Router3 redistributes BGP routes into the OSPF AS and peers with the ISP BGP Router over eBGP. For information about configuring BGP, see BGP.

  • The advertised networks - 10.11.101.0, 10.11.102.0, and 10.11.103.0 - are summarized by 10.11.0.0/16. Additional networks are advertised individually by the /24 subnet.

Router1

To configure Router1 in the GUI:
  1. Go to Network > OSPF.

  2. Set Router ID to 10.11.101.1.

  3. In the Areas table, click Create New and set the following:

    Area ID

    0.0.0.0

    Type

    Regular

    Authentication

    None

  4. Click OK.

  5. In the Networks table, click Create New and set the following:

    Area

    0.0.0.0

    IP/Netmask

    10.11.0.0 255.255.0.0

  6. Click OK.

  7. In the Networks table, click Create New again and set the following:

    Area

    0.0.0.0

    IP/Netmask

    192.168.102.0 255.255.255.0

  8. Click OK.

  9. In the Interfaces table, click Create New and set the following:

    Name

    Router1-Internal-DR

    Interface

    port1

    Cost

    0

    Priority

    255

    Authentication

    None

    Timers

    • Hello Interval: 10

    • Dead Interval: 40

  10. Click OK.

  11. In the Interfaces table, click Create New again and set the following:

    Name

    Router1-External

    Interface

    port2

    Cost

    0

    Authentication

    None

    Timers

    • Hello Interval: 10

    • Dead Interval: 40

  12. Click OK.

  13. Click Apply.

To configure Router1 in the CLI:
config router ospf
    set router-id 10.11.101.1
    config area
        edit 0.0.0.0
        next
    end
    config ospf-interface
        edit "Router1-Internal-DR"
            set interface "port1"
            set priority 255
            set dead-interval 40
            set hello-interval 10
        next
        edit "Router1-External"
            set interface "port2"
            set dead-interval 40
            set hello-interval 10
        next
    end
    config network
        edit 1
            set prefix 10.11.0.0 255.255.0.0
        next
        edit 2
            set prefix 192.168.102.0 255.255.255.0
        next
    end
end

Router2

To configure Router2 in the GUI:
  1. Go to Network > OSPF.

  2. Set Router ID to 10.11.101.2.

  3. In the Areas table, click Create New and set the following:

    Area ID

    0.0.0.0

    Type

    Regular

    Authenticati