Fortinet black logo

Administration Guide

Basic OSPF example

In this example, three FortiGate devices are configured in an OSPF network.

  • Router1 is the Designated Router (DR). It has the highest priority and the lowest IP address, to ensure that it becomes the DR.

  • Router2 is the Backup Designated Router (BDR). It has a high priority to ensure that it becomes the BDR.

  • Router3 is the Autonomous System Border Router (ASBR). It routes all traffic to the ISP BGP router for internet access. It redistributes routes from BGP and advertises a default route to its neighbors. It can allow different types of routes, learned outside of OSPF, to be used in OSPF. Different metrics can be assigned to these routes to make them more or less preferred than regular OSPF routes. Route maps could be used to further control what prefixes are advertised or received from the ISP.

FortiGate

Interface

IP address

Router1 (DR)

port1

10.11.101.1

port2

10.11.102.1

port3

192.168.102.1

Router2 (BDR)

port1

10.11.101.2

port2

10.11.103.2

port3

192.168.103.2

Router3 (ASBR)

port1

10.11.102.3

port2

10.11.103.3

port3

172.20.120.3

  • Firewall policies are already configured to allow unfiltered traffic in both directions between all of the connected interfaces.

  • The interfaces are already configured, and NAT is only used for connections to public networks. The costs for all of the interfaces is left at 0.

  • The OSPF network belongs to Area 0, and is not connected to any other OSPF networks. All of the routers are part of the backbone 0.0.0.0 area, so no inter-area communications are needed.

  • Router3 redistributes BGP routes into the OSPF AS and peers with the ISP BGP Router over eBGP. For information about configuring BGP, see BGP.

  • The advertised networks - 10.11.101.0, 10.11.102.0, and 10.11.103.0 - are summarized by 10.11.0.0/16. Additional networks are advertised individually by the /24 subnet.

Router1

To configure Router1 in the GUI:
  1. Go to Network > OSPF.

  2. Set Router ID to 10.11.101.1.

  3. In the Areas table, click Create New and set the following:

    Area ID

    0.0.0.0

    Type

    Regular

    Authentication

    None

  4. Click OK.

  5. In the Networks table, click Create New and set the following:

    Area

    0.0.0.0

    IP/Netmask

    10.11.0.0 255.255.0.0

  6. Click OK.

  7. In the Networks table, click Create New again and set the following:

    Area

    0.0.0.0

    IP/Netmask

    192.168.102.0 255.255.255.0

  8. Click OK.

  9. In the Interfaces table, click Create New and set the following:

    Name

    Router1-Internal-DR

    Interface

    port1

    Cost

    0

    Priority

    255

    Authentication

    None

    Timers

    • Hello Interval: 10

    • Dead Interval: 40

  10. Click OK.

  11. In the Interfaces table, click Create New again and set the following:

    Name

    Router1-External

    Interface

    port2

    Cost

    0

    Authentication

    None

    Timers

    • Hello Interval: 10

    • Dead Interval: 40

  12. Click OK.

  13. Click Apply.

To configure Router1 in the CLI:
config router ospf
    set router-id 10.11.101.1
    config area
        edit 0.0.0.0
        next
    end
    config ospf-interface
        edit "Router1-Internal-DR"
            set interface "port1"
            set priority 255
            set dead-interval 40
            set hello-interval 10
        next
        edit "Router1-External"
            set interface "port2"
            set dead-interval 40
            set hello-interval 10
        next
    end
    config network
        edit 1
            set prefix 10.11.0.0 255.255.0.0
        next
        edit 2
            set prefix 192.168.102.0 255.255.255.0
        next
    end
end

Router2

To configure Router2 in the GUI:
  1. Go to Network > OSPF.

  2. Set Router ID to 10.11.101.2.

  3. In the Areas table, click Create New and set the following:

    Area ID

    0.0.0.0

    Type

    Regular

    Authentication

    None

  4. Click OK.

  5. In the Networks table, click Create New and set the following:

    Area

    0.0.0.0

    IP/Netmask

    10.11.0.0 255.255.0.0

  6. Click OK.

  7. In the Networks table, click Create New again and set the following:

    Area

    0.0.0.0

    IP/Netmask

    192.168.103.0 255.255.255.0

  8. Click OK.

  9. In the Interfaces table, click Create New and set the following:

    Name

    Router2-Internal

    Interface

    port1

    Cost

    0

    Priority

    250

    Authentication

    None

    Timers

    • Hello Interval: 10

    • Dead Interval: 40

  10. Click OK.

  11. In the Interfaces table, click Create New again and set the following:

    Name

    Router2-External

    Interface

    port2

    Cost

    0

    Authentication

    None

    Timers

    • Hello Interval: 10

    • Dead Interval: 40

  12. Click OK.

  13. Click Apply.

To configure Router2 in the CLI:
config router ospf
    set router-id 10.11.101.1
    config area
        edit 0.0.0.0
        next
    end
    config ospf-interface
        edit "Router2-Internal"
            set interface "port1"
            set priority 250
            set dead-interval 40
            set hello-interval 10
        next
        edit "Router2-External"
            set interface "port2"
            set dead-interval 40
            set hello-interval 10
        next
    end
    config network
        edit 1
            set prefix 10.11.0.0 255.255.0.0
        next
        edit 2
            set prefix 192.168.103.0 255.255.255.0
        next
    end
end

Router3

To configure Router3 in the GUI:
  1. Go to Network > OSPF.

  2. Set Router ID to 10.11.103.3.

  3. Under Default Settings, set Inject default route to Regular Areas.

    A default route must be present on Router3 to advertise it to other routers.

  4. Enable Redistribute BGP and use the default settings.

  5. In the Areas table, click Create New and set the following:

    Area ID

    0.0.0.0

    Type

    Regular

    Authentication

    None

  6. Click OK.

  7. In the Networks table, click Create New and set the following:

    Area

    0.0.0.0

    IP/Netmask

    10.11.0.0 255.255.0.0

  8. Click OK.

  9. In the Interfaces table, click Create New and set the following:

    Name

    Router3-Internal

    Interface

    port1

    Cost

    0

    Authentication

    None

    Timers

    • Hello Interval: 10

    • Dead Interval: 40

  10. Click OK.

  11. In the Interfaces table, click Create New again and set the following:

    Name

    Router3-Internal2

    Interface

    port2

    Cost

    0

    Authentication

    None

    Timers

    • Hello Interval: 10

    • Dead Interval: 40

  12. Click OK.

  13. Click Apply.

To configure Router3 in the CLI:
config router ospf
    set default-information-originate enable
    set router-id 10.11.103.3
    config area
        edit 0.0.0.0
        next
    end
    config ospf-interface
        edit "Router3-Internal"
            set interface "port1"
            set dead-interval 40
            set hello-interval 10
        next
        edit "Router3-Internal2"
            set interface "port2"
            set dead-interval 40
            set hello-interval 10
        next
    end
    config network
        edit 1
            set prefix 10.11.0.0 255.255.0.0
        next
    end
    config redistribute "bgp"
        set status enable
    end
end
To configure BGP on Router3 in the CLI:
config router bgp
    set as 64511
    set router-id 1.1.1.1
    config neighbor
        edit "172.20.120.5"
            set remote-as 64512
        next
    end
    config network
        edit 1
            set prefix 172.20.120.0 255.255.255.0
        next
    end
end

For more information on configuring BGP, see BGP.

Testing the configuration

Both the network connectivity and OSPF routing are tested. When a link goes down, routes should converge as expected.

Working state

  • Router3:

    Router3 # get router info ospf neighbor
    OSPF process 0, VRF 0:
    Neighbor ID     Pri   State           Dead Time   Address         Interface
    10.11.101.1       1   Full/Backup     00:00:34    10.11.102.1     port1
    10.11.101.2       1   Full/Backup     00:00:38    10.11.103.2     port2
    
    Router3 # get router info ospf status
     Routing Process "ospf 0" with ID 10.11.103.3
     Process uptime is 18 hours 52 minutes
     Process bound to VRF default
     Conforms to RFC2328, and RFC1583Compatibility flag is disabled
     Supports only single TOS(TOS0) routes
     Supports opaque LSA
     Do not support Restarting
     This router is an ASBR (injecting external routing information)
     SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
     Refresh timer 10 secs
     Number of incomming current DD exchange neighbors 0/5
     Number of outgoing current DD exchange neighbors 0/5
     Number of external LSA 3. Checksum 0x021B78
     Number of opaque AS LSA 0. Checksum 0x000000
     Number of non-default external LSA 2
     External LSA database is unlimited.
     Number of LSA originated 16
     Number of LSA received 100
     Number of areas attached to this router: 1
        Area 0.0.0.0 (BACKBONE)
            Number of interfaces in this area is 2(2)
            Number of fully adjacent neighbors in this area is 2
            Area has no authentication
            SPF algorithm last executed 00:37:36.690 ago
            SPF algorithm executed 13 times
            Number of LSA 6. Checksum 0x03eafa
    
    Router3 # get router info routing-table all
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    Routing table for VRF=0
    B*      0.0.0.0/0 [20/0] via 172.20.120.5, port3, 01:10:12
    O       10.11.101.0/24 [110/2] via 10.11.103.2, port2, 00:39:34
                           [110/2] via 10.11.102.1, port1, 00:39:34
    C       10.11.102.0/24 is directly connected, port1
    C       10.11.103.0/24 is directly connected, port2
    C       172.20.120.0/24 is directly connected, port3
    O       192.168.102.0/24 [110/2] via 10.11.102.1, port1, 02:24:59
    O       192.168.103.0/24 [110/2] via 10.11.103.2, port2, 02:14:32
    B       192.168.160.0/24 [20/0] via 172.20.120.5, port3, 19:08:39
    B       192.168.170.0/24 [20/0] via 172.20.120.5, port3, 01:10:12
    
  • Router2:

    Router2 # get router info ospf neighbor
    OSPF process 0, VRF 0:
    Neighbor ID     Pri   State           Dead Time   Address         Interface
    10.11.101.1     255   Full/DR         00:00:35    10.11.101.1     port1
    10.11.103.3       1   Full/DR         00:00:38    10.11.103.3     port3
    
    Router2 # get router info ospf status
     Routing Process "ospf 0" with ID 10.11.101.2
     Process uptime is 2 hours 53 minutes
     Process bound to VRF default
     Conforms to RFC2328, and RFC1583Compatibility flag is disabled
     Supports only single TOS(TOS0) routes
     Supports opaque LSA
     Do not support Restarting
     SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
     Refresh timer 10 secs
     Number of incomming current DD exchange neighbors 0/5
     Number of outgoing current DD exchange neighbors 0/5
     Number of external LSA 3. Checksum 0x021979
     Number of opaque AS LSA 0. Checksum 0x000000
     Number of non-default external LSA 2
     External LSA database is unlimited.
     Number of LSA originated 5
     Number of LSA received 128
     Number of areas attached to this router: 1
        Area 0.0.0.0 (BACKBONE)
            Number of interfaces in this area is 3(3)
            Number of fully adjacent neighbors in this area is 2
            Area has no authentication
            SPF algorithm last executed 00:47:49.990 ago
            SPF algorithm executed 15 times
            Number of LSA 6. Checksum 0x03e8fb
    
    Router2 # get router info routing-table all
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    Routing table for VRF=0
    O*E2    0.0.0.0/0 [110/10] via 10.11.103.3, port2, 01:03:58
    C       10.11.101.0/24 is directly connected, port1
    O       10.11.102.0/24 [110/2] via 10.11.103.3, port2, 00:49:01
                           [110/2] via 10.11.101.1, port1, 00:49:01
    C       10.11.103.0/24 is directly connected, port2
    O       192.168.102.0/24 [110/2] via 10.11.101.1, port1, 00:49:01
    C       192.168.103.0/24 is directly connected, port3
    O E2    192.168.160.0/24 [110/10] via 10.11.103.3, port2, 01:39:31
    O E2    192.168.170.0/24 [110/10] via 10.11.103.3, port2, 01:19:39
    

    The default route advertised by Router3 using default-information-originate is considered an OSPF E2 route. Other routes redistributed from BGP are also E2 routes.

  • Router1:

    Router1 # get router info ospf neighbor
    OSPF process 0, VRF 0:
    Neighbor ID     Pri   State           Dead Time   Address         Interface
    10.11.101.2     250   Full/Backup     00:00:36    10.11.101.2     port1
    10.11.103.3       1   Full/DR         00:00:37    10.11.102.3     port2
    
    Router1 # get router info ospf status
     Routing Process "ospf 0" with ID 10.11.101.1
     Process uptime is 3 hours 7 minutes
     Process bound to VRF default
     Conforms to RFC2328, and RFC1583Compatibility flag is disabled
     Supports only single TOS(TOS0) routes
     Supports opaque LSA
     Do not support Restarting
     SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
     Refresh timer 10 secs
     Number of incomming current DD exchange neighbors 0/5
     Number of outgoing current DD exchange neighbors 0/5
     Number of external LSA 3. Checksum 0x02157B
     Number of opaque AS LSA 0. Checksum 0x000000
     Number of non-default external LSA 2
     External LSA database is unlimited.
     Number of LSA originated 2
     Number of LSA received 63
     Number of areas attached to this router: 1
        Area 0.0.0.0 (BACKBONE)
            Number of interfaces in this area is 3(3)
            Number of fully adjacent neighbors in this area is 2
            Area has no authentication
            SPF algorithm last executed 00:54:08.160 ago
            SPF algorithm executed 11 times
            Number of LSA 6. Checksum 0x03e6fc
    
    Router1 # get router info routing-table all
    Routing table for VRF=0
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    O*E2    0.0.0.0/0 [110/10] via 10.11.102.3, port2, 01:09:48
    C       10.11.101.0/24 is directly connected, port1
    C       10.11.102.0/24 is directly connected, port2
    O       10.11.103.0/24 [110/2] via 10.11.102.3, port2, 00:54:49
                           [110/2] via 10.11.101.2, port1, 00:54:49
    C       192.168.102.0/24 is directly connected, port3
    O       192.168.103.0/24 [110/2] via 10.11.101.2, port1, 00:54:49
    O E2    192.168.160.0/24 [110/10] via 10.11.102.3, port2, 01:45:21
    O E2    192.168.170.0/24 [110/10] via 10.11.102.3, port2, 01:25:29
    

Link down state

If port1 is disconnected on Router3:

  • Router3:

    Router3 # get router info routing-table all
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    Routing table for VRF=0
    B*      0.0.0.0/0 [20/0] via 172.20.120.5, VLAN20, 01:29:25
    O       10.11.101.0/24 [110/2] via 10.11.103.2, port2, 00:00:09
    C       10.11.103.0/24 is directly connected, port2
    C       172.20.120.0/24 is directly connected, port3
    O       192.168.102.0/24 [110/3] via 10.11.103.2, port2, 00:00:09
    O       192.168.103.0/24 [110/2] via 10.11.103.2, port2, 02:33:45
    B       192.168.160.0/24 [20/0] via 172.20.120.5, port3, 19:27:52
    B       192.168.170.0/24 [20/0] via 172.20.120.5, port3, 01:29:25
    
  • Router2:

    Router2 # get router info routing-table all
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    Routing table for VRF=0
    O*E2    0.0.0.0/0 [110/10] via 10.11.103.3, port2, 01:16:36
    C       10.11.101.0/24 is directly connected, port1
    O       10.11.102.0/24 [110/2] via 10.11.101.1, port1, 00:02:27
    C       10.11.103.0/24 is directly connected, port2
    O       192.168.102.0/24 [110/2] via 10.11.101.1, port1, 01:01:39
    C       192.168.103.0/24 is directly connected, port3
    O E2    192.168.160.0/24 [110/10] via 10.11.103.3, port2, 01:52:09
    O E2    192.168.170.0/24 [110/10] via 10.11.103.3, port2, 01:32:17
    
  • Router1:

    Router1 # get router info routing-table all
    Routing table for VRF=0
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    O*E2    0.0.0.0/0 [110/10] via 10.11.101.2, port1, 00:05:14
    C       10.11.101.0/24 is directly connected, port1
    C       10.11.102.0/24 is directly connected, port2
    O       10.11.103.0/24 [110/2] via 10.11.101.2, port1, 00:05:15
    C       192.168.102.0/24 is directly connected, port3
    O       192.168.103.0/24 [110/2] via 10.11.101.2, port1, 01:03:50
    O E2    192.168.160.0/24 [110/10] via 10.11.101.2, port1, 00:05:14
    O E2    192.168.170.0/24 [110/10] via 10.11.101.2, port1, 00:05:14
    

In this example, three FortiGate devices are configured in an OSPF network.

  • Router1 is the Designated Router (DR). It has the highest priority and the lowest IP address, to ensure that it becomes the DR.

  • Router2 is the Backup Designated Router (BDR). It has a high priority to ensure that it becomes the BDR.

  • Router3 is the Autonomous System Border Router (ASBR). It routes all traffic to the ISP BGP router for internet access. It redistributes routes from BGP and advertises a default route to its neighbors. It can allow different types of routes, learned outside of OSPF, to be used in OSPF. Different metrics can be assigned to these routes to make them more or less preferred than regular OSPF routes. Route maps could be used to further control what prefixes are advertised or received from the ISP.

FortiGate

Interface

IP address

Router1 (DR)

port1

10.11.101.1

port2

10.11.102.1

port3

192.168.102.1

Router2 (BDR)

port1

10.11.101.2

port2

10.11.103.2

port3

192.168.103.2

Router3 (ASBR)

port1

10.11.102.3

port2

10.11.103.3

port3

172.20.120.3

  • Firewall policies are already configured to allow unfiltered traffic in both directions between all of the connected interfaces.

  • The interfaces are already configured, and NAT is only used for connections to public networks. The costs for all of the interfaces is left at 0.

  • The OSPF network belongs to Area 0, and is not connected to any other OSPF networks. All of the routers are part of the backbone 0.0.0.0 area, so no inter-area communications are needed.

  • Router3 redistributes BGP routes into the OSPF AS and peers with the ISP BGP Router over eBGP. For information about configuring BGP, see BGP.

  • The advertised networks - 10.11.101.0, 10.11.102.0, and 10.11.103.0 - are summarized by 10.11.0.0/16. Additional networks are advertised individually by the /24 subnet.

Router1

To configure Router1 in the GUI:
  1. Go to Network > OSPF.

  2. Set Router ID to 10.11.101.1.

  3. In the Areas table, click Create New and set the following:

    Area ID

    0.0.0.0

    Type

    Regular

    Authentication

    None

  4. Click OK.

  5. In the Networks table, click Create New and set the following:

    Area

    0.0.0.0

    IP/Netmask

    10.11.0.0 255.255.0.0

  6. Click OK.

  7. In the Networks table, click Create New again and set the following:

    Area

    0.0.0.0

    IP/Netmask

    192.168.102.0 255.255.255.0

  8. Click OK.

  9. In the Interfaces table, click Create New and set the following:

    Name

    Router1-Internal-DR

    Interface

    port1

    Cost

    0

    Priority

    255

    Authentication

    None

    Timers

    • Hello Interval: 10

    • Dead Interval: 40

  10. Click OK.

  11. In the Interfaces table, click Create New again and set the following:

    Name

    Router1-External

    Interface

    port2

    Cost

    0

    Authentication

    None

    Timers

    • Hello Interval: 10

    • Dead Interval: 40

  12. Click OK.

  13. Click Apply.

To configure Router1 in the CLI:
config router ospf
    set router-id 10.11.101.1
    config area
        edit 0.0.0.0
        next
    end
    config ospf-interface
        edit "Router1-Internal-DR"
            set interface "port1"
            set priority 255
            set dead-interval 40
            set hello-interval 10
        next
        edit "Router1-External"
            set interface "port2"
            set dead-interval 40
            set hello-interval 10
        next
    end
    config network
        edit 1
            set prefix 10.11.0.0 255.255.0.0
        next
        edit 2
            set prefix 192.168.102.0 255.255.255.0
        next
    end
end

Router2

To configure Router2 in the GUI:
  1. Go to Network > OSPF.

  2. Set Router ID to 10.11.101.2.

  3. In the Areas table, click Create New and set the following:

    Area ID

    0.0.0.0

    Type

    Regular

    Authentication

    None

  4. Click OK.

  5. In the Networks table, click Create New and set the following:

    Area

    0.0.0.0

    IP/Netmask

    10.11.0.0 255.255.0.0

  6. Click OK.

  7. In the Networks table, click Create New again and set the following:

    Area

    0.0.0.0

    IP/Netmask

    192.168.103.0 255.255.255.0

  8. Click OK.

  9. In the Interfaces table, click Create New and set the following:

    Name

    Router2-Internal

    Interface

    port1

    Cost

    0

    Priority

    250

    Authentication

    None

    Timers

    • Hello Interval: 10

    • Dead Interval: 40

  10. Click OK.

  11. In the Interfaces table, click Create New again and set the following:

    Name

    Router2-External

    Interface

    port2

    Cost

    0

    Authentication

    None

    Timers

    • Hello Interval: 10

    • Dead Interval: 40

  12. Click OK.

  13. Click Apply.

To configure Router2 in the CLI:
config router ospf
    set router-id 10.11.101.1
    config area
        edit 0.0.0.0
        next
    end
    config ospf-interface
        edit "Router2-Internal"
            set interface "port1"
            set priority 250
            set dead-interval 40
            set hello-interval 10
        next
        edit "Router2-External"
            set interface "port2"
            set dead-interval 40
            set hello-interval 10
        next
    end
    config network
        edit 1
            set prefix 10.11.0.0 255.255.0.0
        next
        edit 2
            set prefix 192.168.103.0 255.255.255.0
        next
    end
end

Router3

To configure Router3 in the GUI:
  1. Go to Network > OSPF.

  2. Set Router ID to 10.11.103.3.

  3. Under Default Settings, set Inject default route to Regular Areas.

    A default route must be present on Router3 to advertise it to other routers.

  4. Enable Redistribute BGP and use the default settings.

  5. In the Areas table, click Create New and set the following:

    Area ID

    0.0.0.0

    Type

    Regular

    Authentication

    None

  6. Click OK.

  7. In the Networks table, click Create New and set the following:

    Area

    0.0.0.0

    IP/Netmask

    10.11.0.0 255.255.0.0

  8. Click OK.

  9. In the Interfaces table, click Create New and set the following:

    Name

    Router3-Internal

    Interface

    port1

    Cost

    0

    Authentication

    None

    Timers

    • Hello Interval: 10

    • Dead Interval: 40

  10. Click OK.

  11. In the Interfaces table, click Create New again and set the following:

    Name

    Router3-Internal2

    Interface

    port2

    Cost

    0

    Authentication

    None

    Timers

    • Hello Interval: 10

    • Dead Interval: 40

  12. Click OK.

  13. Click Apply.

To configure Router3 in the CLI:
config router ospf
    set default-information-originate enable
    set router-id 10.11.103.3
    config area
        edit 0.0.0.0
        next
    end
    config ospf-interface
        edit "Router3-Internal"
            set interface "port1"
            set dead-interval 40
            set hello-interval 10
        next
        edit "Router3-Internal2"
            set interface "port2"
            set dead-interval 40
            set hello-interval 10
        next
    end
    config network
        edit 1
            set prefix 10.11.0.0 255.255.0.0
        next
    end
    config redistribute "bgp"
        set status enable
    end
end
To configure BGP on Router3 in the CLI:
config router bgp
    set as 64511
    set router-id 1.1.1.1
    config neighbor
        edit "172.20.120.5"
            set remote-as 64512
        next
    end
    config network
        edit 1
            set prefix 172.20.120.0 255.255.255.0
        next
    end
end

For more information on configuring BGP, see BGP.

Testing the configuration

Both the network connectivity and OSPF routing are tested. When a link goes down, routes should converge as expected.

Working state

  • Router3:

    Router3 # get router info ospf neighbor
    OSPF process 0, VRF 0:
    Neighbor ID     Pri   State           Dead Time   Address         Interface
    10.11.101.1       1   Full/Backup     00:00:34    10.11.102.1     port1
    10.11.101.2       1   Full/Backup     00:00:38    10.11.103.2     port2
    
    Router3 # get router info ospf status
     Routing Process "ospf 0" with ID 10.11.103.3
     Process uptime is 18 hours 52 minutes
     Process bound to VRF default
     Conforms to RFC2328, and RFC1583Compatibility flag is disabled
     Supports only single TOS(TOS0) routes
     Supports opaque LSA
     Do not support Restarting
     This router is an ASBR (injecting external routing information)
     SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
     Refresh timer 10 secs
     Number of incomming current DD exchange neighbors 0/5
     Number of outgoing current DD exchange neighbors 0/5
     Number of external LSA 3. Checksum 0x021B78
     Number of opaque AS LSA 0. Checksum 0x000000
     Number of non-default external LSA 2
     External LSA database is unlimited.
     Number of LSA originated 16
     Number of LSA received 100
     Number of areas attached to this router: 1
        Area 0.0.0.0 (BACKBONE)
            Number of interfaces in this area is 2(2)
            Number of fully adjacent neighbors in this area is 2
            Area has no authentication
            SPF algorithm last executed 00:37:36.690 ago
            SPF algorithm executed 13 times
            Number of LSA 6. Checksum 0x03eafa
    
    Router3 # get router info routing-table all
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    Routing table for VRF=0
    B*      0.0.0.0/0 [20/0] via 172.20.120.5, port3, 01:10:12
    O       10.11.101.0/24 [110/2] via 10.11.103.2, port2, 00:39:34
                           [110/2] via 10.11.102.1, port1, 00:39:34
    C       10.11.102.0/24 is directly connected, port1
    C       10.11.103.0/24 is directly connected, port2
    C       172.20.120.0/24 is directly connected, port3
    O       192.168.102.0/24 [110/2] via 10.11.102.1, port1, 02:24:59
    O       192.168.103.0/24 [110/2] via 10.11.103.2, port2, 02:14:32
    B       192.168.160.0/24 [20/0] via 172.20.120.5, port3, 19:08:39
    B       192.168.170.0/24 [20/0] via 172.20.120.5, port3, 01:10:12
    
  • Router2:

    Router2 # get router info ospf neighbor
    OSPF process 0, VRF 0:
    Neighbor ID     Pri   State           Dead Time   Address         Interface
    10.11.101.1     255   Full/DR         00:00:35    10.11.101.1     port1
    10.11.103.3       1   Full/DR         00:00:38    10.11.103.3     port3
    
    Router2 # get router info ospf status
     Routing Process "ospf 0" with ID 10.11.101.2
     Process uptime is 2 hours 53 minutes
     Process bound to VRF default
     Conforms to RFC2328, and RFC1583Compatibility flag is disabled
     Supports only single TOS(TOS0) routes
     Supports opaque LSA
     Do not support Restarting
     SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
     Refresh timer 10 secs
     Number of incomming current DD exchange neighbors 0/5
     Number of outgoing current DD exchange neighbors 0/5
     Number of external LSA 3. Checksum 0x021979
     Number of opaque AS LSA 0. Checksum 0x000000
     Number of non-default external LSA 2
     External LSA database is unlimited.
     Number of LSA originated 5
     Number of LSA received 128
     Number of areas attached to this router: 1
        Area 0.0.0.0 (BACKBONE)
            Number of interfaces in this area is 3(3)
            Number of fully adjacent neighbors in this area is 2
            Area has no authentication
            SPF algorithm last executed 00:47:49.990 ago
            SPF algorithm executed 15 times
            Number of LSA 6. Checksum 0x03e8fb
    
    Router2 # get router info routing-table all
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    Routing table for VRF=0
    O*E2    0.0.0.0/0 [110/10] via 10.11.103.3, port2, 01:03:58
    C       10.11.101.0/24 is directly connected, port1
    O       10.11.102.0/24 [110/2] via 10.11.103.3, port2, 00:49:01
                           [110/2] via 10.11.101.1, port1, 00:49:01
    C       10.11.103.0/24 is directly connected, port2
    O       192.168.102.0/24 [110/2] via 10.11.101.1, port1, 00:49:01
    C       192.168.103.0/24 is directly connected, port3
    O E2    192.168.160.0/24 [110/10] via 10.11.103.3, port2, 01:39:31
    O E2    192.168.170.0/24 [110/10] via 10.11.103.3, port2, 01:19:39
    

    The default route advertised by Router3 using default-information-originate is considered an OSPF E2 route. Other routes redistributed from BGP are also E2 routes.

  • Router1:

    Router1 # get router info ospf neighbor
    OSPF process 0, VRF 0:
    Neighbor ID     Pri   State           Dead Time   Address         Interface
    10.11.101.2     250   Full/Backup     00:00:36    10.11.101.2     port1
    10.11.103.3       1   Full/DR         00:00:37    10.11.102.3     port2
    
    Router1 # get router info ospf status
     Routing Process "ospf 0" with ID 10.11.101.1
     Process uptime is 3 hours 7 minutes
     Process bound to VRF default
     Conforms to RFC2328, and RFC1583Compatibility flag is disabled
     Supports only single TOS(TOS0) routes
     Supports opaque LSA
     Do not support Restarting
     SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
     Refresh timer 10 secs
     Number of incomming current DD exchange neighbors 0/5
     Number of outgoing current DD exchange neighbors 0/5
     Number of external LSA 3. Checksum 0x02157B
     Number of opaque AS LSA 0. Checksum 0x000000
     Number of non-default external LSA 2
     External LSA database is unlimited.
     Number of LSA originated 2
     Number of LSA received 63
     Number of areas attached to this router: 1
        Area 0.0.0.0 (BACKBONE)
            Number of interfaces in this area is 3(3)
            Number of fully adjacent neighbors in this area is 2
            Area has no authentication
            SPF algorithm last executed 00:54:08.160 ago
            SPF algorithm executed 11 times
            Number of LSA 6. Checksum 0x03e6fc
    
    Router1 # get router info routing-table all
    Routing table for VRF=0
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    O*E2    0.0.0.0/0 [110/10] via 10.11.102.3, port2, 01:09:48
    C       10.11.101.0/24 is directly connected, port1
    C       10.11.102.0/24 is directly connected, port2
    O       10.11.103.0/24 [110/2] via 10.11.102.3, port2, 00:54:49
                           [110/2] via 10.11.101.2, port1, 00:54:49
    C       192.168.102.0/24 is directly connected, port3
    O       192.168.103.0/24 [110/2] via 10.11.101.2, port1, 00:54:49
    O E2    192.168.160.0/24 [110/10] via 10.11.102.3, port2, 01:45:21
    O E2    192.168.170.0/24 [110/10] via 10.11.102.3, port2, 01:25:29
    

Link down state

If port1 is disconnected on Router3:

  • Router3:

    Router3 # get router info routing-table all
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    Routing table for VRF=0
    B*      0.0.0.0/0 [20/0] via 172.20.120.5, VLAN20, 01:29:25
    O       10.11.101.0/24 [110/2] via 10.11.103.2, port2, 00:00:09
    C       10.11.103.0/24 is directly connected, port2
    C       172.20.120.0/24 is directly connected, port3
    O       192.168.102.0/24 [110/3] via 10.11.103.2, port2, 00:00:09
    O       192.168.103.0/24 [110/2] via 10.11.103.2, port2, 02:33:45
    B       192.168.160.0/24 [20/0] via 172.20.120.5, port3, 19:27:52
    B       192.168.170.0/24 [20/0] via 172.20.120.5, port3, 01:29:25
    
  • Router2:

    Router2 # get router info routing-table all
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    Routing table for VRF=0
    O*E2    0.0.0.0/0 [110/10] via 10.11.103.3, port2, 01:16:36
    C       10.11.101.0/24 is directly connected, port1
    O       10.11.102.0/24 [110/2] via 10.11.101.1, port1, 00:02:27
    C       10.11.103.0/24 is directly connected, port2
    O       192.168.102.0/24 [110/2] via 10.11.101.1, port1, 01:01:39
    C       192.168.103.0/24 is directly connected, port3
    O E2    192.168.160.0/24 [110/10] via 10.11.103.3, port2, 01:52:09
    O E2    192.168.170.0/24 [110/10] via 10.11.103.3, port2, 01:32:17
    
  • Router1:

    Router1 # get router info routing-table all
    Routing table for VRF=0
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
    O*E2    0.0.0.0/0 [110/10] via 10.11.101.2, port1, 00:05:14
    C       10.11.101.0/24 is directly connected, port1
    C       10.11.102.0/24 is directly connected, port2
    O       10.11.103.0/24 [110/2] via 10.11.101.2, port1, 00:05:15
    C       192.168.102.0/24 is directly connected, port3
    O       192.168.103.0/24 [110/2] via 10.11.101.2, port1, 01:03:50
    O E2    192.168.160.0/24 [110/10] via 10.11.101.2, port1, 00:05:14
    O E2    192.168.170.0/24 [110/10] via 10.11.101.2, port1, 00:05:14