Basic OSPF example | Administration Guide (2024)

In this example, three FortiGate devices are configured in an OSPF network.

• Router1 is the Designated Router (DR). It has the highest priority and the lowest IP address, to ensure that it becomes the DR.

• Router2 is the Backup Designated Router (BDR). It has a high priority to ensure that it becomes the BDR.

• Router3 is the Autonomous System Border Router (ASBR). It routes all traffic to the ISP BGP router for internet access. It redistributes routes from BGP and advertises a default route to its neighbors. It can allow different types of routes, learned outside of OSPF, to be used in OSPF. Different metrics can be assigned to these routes to make them more or less preferred than regular OSPF routes. Route maps could be used to further control what prefixes are advertised or received from the ISP.

• Firewall policies are already configured to allow unfiltered traffic in both directions between all of the connected interfaces.

• The interfaces are already configured, and NAT is only used for connections to public networks. The costs for all of the interfaces is left at 0.

• The OSPF network belongs to Area 0, and is not connected to any other OSPF networks. All of the routers are part of the backbone 0.0.0.0 area, so no inter-area communications are needed.

• Router3 redistributes BGP routes into the OSPF AS and peers with the ISP BGP Router over eBGP. For information about configuring BGP, see BGP.

• The advertised networks - 10.11.101.0, 10.11.102.0, and 10.11.103.0 - are summarized by 10.11.0.0/16. Additional networks are advertised individually by the /24 subnet.

Router1

To configure Router1 in the GUI:

1. Go to Network > OSPF.

2. Set Router ID to 10.11.101.1.

3. In the Areas table, click Create New and set the following:

   Area ID	0.0.0.0
   Type	Regular
   Authentication	None

4. Click OK.

   See Also

   Basic IPv6 BGP example | Administration GuideFunctional reducibility of higher-order networksTroubleshoot Site-Publish Issues | Troubleshooting GuideCounselling for Anxiety Problems - PDF Free Download

5. In the Networks table, click Create New and set the following:

   Area	0.0.0.0
   IP/Netmask	10.11.0.0 255.255.0.0

6. Click OK.

7. In the Networks table, click Create New again and set the following:

   Area	0.0.0.0
   IP/Netmask	192.168.102.0 255.255.255.0

8. Click OK.

9. In the Interfaces table, click Create New and set the following:

   Name	Router1-Internal-DR
   Interface	port1
   Cost
   Priority	255
   Authentication	None
   Timers	Hello Interval: 10 Dead Interval: 40

10. Click OK.

11. In the Interfaces table, click Create New again and set the following:

    Name	Router1-External
    Interface	port2
    Cost
    Authentication	None
    Timers	Hello Interval: 10 Dead Interval: 40

12. Click OK.

13. Click Apply.

To configure Router1 in the CLI:

config router ospf set router-id 10.11.101.1 config area edit 0.0.0.0 next end config ospf-interface edit "Router1-Internal-DR" set interface "port1" set priority 255 set dead-interval 40 set hello-interval 10 next edit "Router1-External" set interface "port2" set dead-interval 40 set hello-interval 10 next end config network edit 1 set prefix 10.11.0.0 255.255.0.0 next edit 2 set prefix 192.168.102.0 255.255.255.0 next endend

Router2

To configure Router2 in the GUI:

1. Go to Network > OSPF.

2. Set Router ID to 10.11.101.2.

3. In the Areas table, click Create New and set the following:

   Area ID	0.0.0.0
   Type	Regular
   Authentication	None

4. Click OK.

5. In the Networks table, click Create New and set the following:

   Area	0.0.0.0
   IP/Netmask	10.11.0.0 255.255.0.0

6. Click OK.

7. In the Networks table, click Create New again and set the following:

   Area	0.0.0.0
   IP/Netmask	192.168.103.0 255.255.255.0

8. Click OK.

9. In the Interfaces table, click Create New and set the following:

   Name	Router2-Internal
   Interface	port1
   Cost
   Priority	250
   Authentication	None
   Timers	Hello Interval: 10 Dead Interval: 40

10. Click OK.

11. In the Interfaces table, click Create New again and set the following:

    Name	Router2-External
    Interface	port2
    Cost
    Authentication	None
    Timers	Hello Interval: 10 Dead Interval: 40

12. Click OK.

13. Click Apply.

To configure Router2 in the CLI:

config router ospf set router-id 10.11.101.1 config area edit 0.0.0.0 next end config ospf-interface edit "Router2-Internal" set interface "port1" set priority 250 set dead-interval 40 set hello-interval 10 next edit "Router2-External" set interface "port2" set dead-interval 40 set hello-interval 10 next end config network edit 1 set prefix 10.11.0.0 255.255.0.0 next edit 2 set prefix 192.168.103.0 255.255.255.0 next endend

Router3

To configure Router3 in the GUI:

1. Go to Network > OSPF.

2. Set Router ID to 10.11.103.3.

3. Under Default Settings, set Inject default route to Regular Areas.

   A default route must be present on Router3 to advertise it to other routers.

4. Enable Redistribute BGP and use the default settings.

5. In the Areas table, click Create New and set the following:

   Area ID	0.0.0.0
   Type	Regular
   Authentication	None

6. Click OK.

7. In the Networks table, click Create New and set the following:

   Area	0.0.0.0
   IP/Netmask	10.11.0.0 255.255.0.0

8. Click OK.

9. In the Interfaces table, click Create New and set the following:

   Name	Router3-Internal
   Interface	port1
   Cost
   Authentication	None
   Timers	Hello Interval: 10 Dead Interval: 40

10. Click OK.

11. In the Interfaces table, click Create New again and set the following:

    Name	Router3-Internal2
    Interface	port2
    Cost
    Authentication	None
    Timers	Hello Interval: 10 Dead Interval: 40

12. Click OK.

13. Click Apply.

To configure Router3 in the CLI:

config router ospf set default-information-originate enable set router-id 10.11.103.3 config area edit 0.0.0.0 next end config ospf-interface edit "Router3-Internal" set interface "port1" set dead-interval 40 set hello-interval 10 next edit "Router3-Internal2" set interface "port2" set dead-interval 40 set hello-interval 10 next end config network edit 1 set prefix 10.11.0.0 255.255.0.0 next end config redistribute "bgp" set status enable endend

To configure BGP on Router3 in the CLI:

config router bgp set as 64511 set router-id 1.1.1.1 config neighbor edit "172.20.120.5" set remote-as 64512 next end config network edit 1 set prefix 172.20.120.0 255.255.255.0 next endend

For more information on configuring BGP, see BGP.

Testing the configuration

Both the network connectivity and OSPF routing are tested. When a link goes down, routes should converge as expected.

Working state

• Router3:

  Router3 # get router info ospf neighborOSPF process 0, VRF 0:Neighbor ID Pri State Dead Time Address Interface10.11.101.1 1 Full/Backup 00:00:34 10.11.102.1 port110.11.101.2 1 Full/Backup 00:00:38 10.11.103.2 port2

  Router3 # get router info ospf status Routing Process "ospf 0" with ID 10.11.103.3 Process uptime is 18 hours 52 minutes Process bound to VRF default Conforms to RFC2328, and RFC1583Compatibility flag is disabled Supports only single TOS(TOS0) routes Supports opaque LSA Do not support Restarting This router is an ASBR (injecting external routing information) SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Refresh timer 10 secs Number of incomming current DD exchange neighbors 0/5 Number of outgoing current DD exchange neighbors 0/5 Number of external LSA 3. Checksum 0x021B78 Number of opaque AS LSA 0. Checksum 0x000000 Number of non-default external LSA 2 External LSA database is unlimited. Number of LSA originated 16 Number of LSA received 100 Number of areas attached to this router: 1 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 2(2) Number of fully adjacent neighbors in this area is 2 Area has no authentication SPF algorithm last executed 00:37:36.690 ago SPF algorithm executed 13 times Number of LSA 6. Checksum 0x03eafa

  Router3 # get router info routing-table allCodes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate defaultRouting table for VRF=0B* 0.0.0.0/0 [20/0] via 172.20.120.5, port3, 01:10:12O 10.11.101.0/24 [110/2] via 10.11.103.2, port2, 00:39:34 [110/2] via 10.11.102.1, port1, 00:39:34C 10.11.102.0/24 is directly connected, port1C 10.11.103.0/24 is directly connected, port2C 172.20.120.0/24 is directly connected, port3O 192.168.102.0/24 [110/2] via 10.11.102.1, port1, 02:24:59O 192.168.103.0/24 [110/2] via 10.11.103.2, port2, 02:14:32B 192.168.160.0/24 [20/0] via 172.20.120.5, port3, 19:08:39B 192.168.170.0/24 [20/0] via 172.20.120.5, port3, 01:10:12

• Router2:

  Router2 # get router info ospf neighborOSPF process 0, VRF 0:Neighbor ID Pri State Dead Time Address Interface10.11.101.1 255 Full/DR 00:00:35 10.11.101.1 port110.11.103.3 1 Full/DR 00:00:38 10.11.103.3 port3

  Router2 # get router info ospf status Routing Process "ospf 0" with ID 10.11.101.2 Process uptime is 2 hours 53 minutes Process bound to VRF default Conforms to RFC2328, and RFC1583Compatibility flag is disabled Supports only single TOS(TOS0) routes Supports opaque LSA Do not support Restarting SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Refresh timer 10 secs Number of incomming current DD exchange neighbors 0/5 Number of outgoing current DD exchange neighbors 0/5 Number of external LSA 3. Checksum 0x021979 Number of opaque AS LSA 0. Checksum 0x000000 Number of non-default external LSA 2 External LSA database is unlimited. Number of LSA originated 5 Number of LSA received 128 Number of areas attached to this router: 1 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 3(3) Number of fully adjacent neighbors in this area is 2 Area has no authentication SPF algorithm last executed 00:47:49.990 ago SPF algorithm executed 15 times Number of LSA 6. Checksum 0x03e8fb

  Router2 # get router info routing-table allCodes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate defaultRouting table for VRF=0O*E2 0.0.0.0/0 [110/10] via 10.11.103.3, port2, 01:03:58C 10.11.101.0/24 is directly connected, port1O 10.11.102.0/24 [110/2] via 10.11.103.3, port2, 00:49:01 [110/2] via 10.11.101.1, port1, 00:49:01C 10.11.103.0/24 is directly connected, port2O 192.168.102.0/24 [110/2] via 10.11.101.1, port1, 00:49:01C 192.168.103.0/24 is directly connected, port3O E2 192.168.160.0/24 [110/10] via 10.11.103.3, port2, 01:39:31O E2 192.168.170.0/24 [110/10] via 10.11.103.3, port2, 01:19:39

  The default route advertised by Router3 using default-information-originate is considered an OSPF E2 route. Other routes redistributed from BGP are also E2 routes.

• Router1:

  Router1 # get router info ospf neighborOSPF process 0, VRF 0:Neighbor ID Pri State Dead Time Address Interface10.11.101.2 250 Full/Backup 00:00:36 10.11.101.2 port110.11.103.3 1 Full/DR 00:00:37 10.11.102.3 port2

  Router1 # get router info ospf status Routing Process "ospf 0" with ID 10.11.101.1 Process uptime is 3 hours 7 minutes Process bound to VRF default Conforms to RFC2328, and RFC1583Compatibility flag is disabled Supports only single TOS(TOS0) routes Supports opaque LSA Do not support Restarting SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Refresh timer 10 secs Number of incomming current DD exchange neighbors 0/5 Number of outgoing current DD exchange neighbors 0/5 Number of external LSA 3. Checksum 0x02157B Number of opaque AS LSA 0. Checksum 0x000000 Number of non-default external LSA 2 External LSA database is unlimited. Number of LSA originated 2 Number of LSA received 63 Number of areas attached to this router: 1 Area 0.0.0.0 (BACKBONE) Number of interfaces in this area is 3(3) Number of fully adjacent neighbors in this area is 2 Area has no authentication SPF algorithm last executed 00:54:08.160 ago SPF algorithm executed 11 times Number of LSA 6. Checksum 0x03e6fc

  Router1 # get router info routing-table allRouting table for VRF=0Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate defaultO*E2 0.0.0.0/0 [110/10] via 10.11.102.3, port2, 01:09:48C 10.11.101.0/24 is directly connected, port1C 10.11.102.0/24 is directly connected, port2O 10.11.103.0/24 [110/2] via 10.11.102.3, port2, 00:54:49 [110/2] via 10.11.101.2, port1, 00:54:49C 192.168.102.0/24 is directly connected, port3O 192.168.103.0/24 [110/2] via 10.11.101.2, port1, 00:54:49O E2 192.168.160.0/24 [110/10] via 10.11.102.3, port2, 01:45:21O E2 192.168.170.0/24 [110/10] via 10.11.102.3, port2, 01:25:29

Link down state

If port1 is disconnected on Router3:

• Router3:

  Router3 # get router info routing-table allCodes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate defaultRouting table for VRF=0B* 0.0.0.0/0 [20/0] via 172.20.120.5, VLAN20, 01:29:25O 10.11.101.0/24 [110/2] via 10.11.103.2, port2, 00:00:09C 10.11.103.0/24 is directly connected, port2C 172.20.120.0/24 is directly connected, port3O 192.168.102.0/24 [110/3] via 10.11.103.2, port2, 00:00:09O 192.168.103.0/24 [110/2] via 10.11.103.2, port2, 02:33:45B 192.168.160.0/24 [20/0] via 172.20.120.5, port3, 19:27:52B 192.168.170.0/24 [20/0] via 172.20.120.5, port3, 01:29:25

• Router2:

  Router2 # get router info routing-table allCodes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate defaultRouting table for VRF=0O*E2 0.0.0.0/0 [110/10] via 10.11.103.3, port2, 01:16:36C 10.11.101.0/24 is directly connected, port1O 10.11.102.0/24 [110/2] via 10.11.101.1, port1, 00:02:27C 10.11.103.0/24 is directly connected, port2O 192.168.102.0/24 [110/2] via 10.11.101.1, port1, 01:01:39C 192.168.103.0/24 is directly connected, port3O E2 192.168.160.0/24 [110/10] via 10.11.103.3, port2, 01:52:09O E2 192.168.170.0/24 [110/10] via 10.11.103.3, port2, 01:32:17

• Router1:

  Router1 # get router info routing-table allRouting table for VRF=0Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate defaultO*E2 0.0.0.0/0 [110/10] via 10.11.101.2, port1, 00:05:14C 10.11.101.0/24 is directly connected, port1C 10.11.102.0/24 is directly connected, port2O 10.11.103.0/24 [110/2] via 10.11.101.2, port1, 00:05:15C 192.168.102.0/24 is directly connected, port3O 192.168.103.0/24 [110/2] via 10.11.101.2, port1, 01:03:50O E2 192.168.160.0/24 [110/10] via 10.11.101.2, port1, 00:05:14O E2 192.168.170.0/24 [110/10] via 10.11.101.2, port1, 00:05:14