Basic OSPF example

In this example, three FortiGate devices are configured in an OSPF network.

  • Router1 is the Designated Router (DR). It has the highest priority and the lowest IP address, to ensure that it becomes the DR.

  • Router2 is the Backup Designated Router (BDR). It has a high priority to ensure that it becomes the BDR.

  • Router3 is the Autonomous System Border Router (ASBR). It routes all traffic to the ISP BGP router for internet access. It redistributes routes from BGP and advertises a default route to its neighbors. It can allow different types of routes, learned outside of OSPF, to be used in OSPF. Different metrics can be assigned to these routes to make them more or less preferred than regular OSPF routes. Route maps could be used to further control what prefixes are advertised or received from the ISP.

FortiGate

Interface

IP address

Router1 (DR)

 

port1

10.11.101.1

port2

10.11.102.1

port3

192.168.102.1

Router2 (BDR)

port1

10.11.101.2

port2

10.11.103.2

port3

192.168.103.2

Router3 (ASBR)

port1

10.11.102.3

port2

10.11.103.3

port3

172.20.120.3

  • Firewall policies are already configured to allow unfiltered traffic in both directions between all of the connected interfaces.

  • The interfaces are already configured, and NAT is only used for connections to public networks. The costs for all of the interfaces is left at 0.

  • The OSPF network belongs to Area 0, and is not connected to any other OSPF networks. All of the routers are part of the backbone 0.0.0.0 area, so no inter-area communications are needed.

  • Router3 redistributes BGP routes into the OSPF AS and peers with the ISP BGP Router over eBGP. For information about configuring BGP, see BGP.

  • The advertised networks - 10.11.101.0, 10.11.102.0, and 10.11.103.0 - are summarized by 10.11.0.0/16. Additional networks are advertised individually by the /24 subnet.

Router1

To configure Router1 in the GUI:
  1. Go to Network > OSPF.

  2. Set Router ID to 10.11.101.1.

  3. In the Areas table, click Create New and set the following:

    Area ID

    0.0.0.0

    Type

    Regular

    Authentication

    None

  4. Click OK.

  5. In the Networks table, click Create New and set the following:

    Area

    0.0.0.0

    IP/Netmask

    10.11.0.0 255.255.0.0

  6. Click OK.

  7. In the Networks table, click Create New again and set the following:

    Area

    0.0.0.0

    IP/Netmask

    192.168.102.0 255.255.255.0

  8. Click OK.