Sample OSPF Routing Configuration File (FRR)
To use the OSPF dynamic routing protocol with Fireware, you must type OSPF configuration commands or import a configuration file on the Network > Dynamic Routing page. This topic includes a sample configuration file. To use this configuration file as a starting point for your OSPF configuration, copy the text into a text editor application and edit the parameters to meet your business requirements.
In Fireware v12.9 or higher, Fireware uses the Free Range Routing (FRR) routing engine, which replaces Quagga. If your configuration includes Quagga commands for dynamic routing, those commands work after you upgrade. Some FRR commands appear in a different section than in Quagga.
For information about OSPF requirements and how to configure OSPF, go to Configure IPv4 Routing with OSPF.
In Fireware v12.8.x or lower, Fireware uses the Quagga routing engine. For a sample routing configuration file for Fireware v12.8.x or lower, go to Sample OSPF Routing Configuration File (Quagga). For a list of Quagga commands, go to OSPF Commands (Quagga).
Sample
This configuration sample shows how to configure some common OSPF commands that you might include in your OSPF configuration in Fireware v12.9 or higher. Your configuration file might include other commands.
For descriptions of common commands, sgo to OSPF Commands (FRR). For a complete list of FRR commands, go to the FRRouting User Guide.
! SECTION 1: Configure interface properties.
! Set properties for interface eth1.
interface eth1
!
! Set simple authentication password (SHAREDKEY) between 1 and 8 characters in length.
ip ospf authentication-key SHAREDKEY
!
! Set MD5 authentication key ID (10) and MD5 authentication key (AUTHKEY).
ip ospf message-digest-key 10 md5 AUTHKEY
!
! Set link cost to 1000 (1-65535) on interface eth1 for OSPF link cost table.
ip ospf cost 1000
!
! Set hello interval to 5 seconds (1-65535); default is 10 seconds.
ip ospf hello-interval 5
!
! Set dead-interval to 15 seconds (1-65535); default is 40 seconds.
ip ospf dead-interval 15
!
! Set interval between link-state advertisements (LSA) retransmissions to 10 seconds (1-65535); default is 5 seconds.
ip ospf retransmit-interval 10
!
! Set LSA update interval to 3 seconds (1-3600); default is 1 second.
ip ospf transmit-delay 3
!
! Set high priority (0-255) to increase eligibility to become the designated router (DR).
ip ospf priority 255
! SECTION 2: Start OSPF and set daemon properties.
! Enable OSPF daemon. Must be enabled for all OSPF configurations.
router ospf
!
! Set the router ID manually to 203.0.113.20. If not set, the firewall will set its own ID based on an interface IP address.
ospf router-id 203.0.113.20
!
! Set area border router (ABR) type to cisco, ibm, shortcut, or standard. More information about ABR types is in draft-ietf-ospf-abr-alt-05.txt.
ospf abr-type cisco
! Enable RFC 1583 compatibility (increases probability of routing loops).
ospf rfc1583compatibility
!
! Disable OSPF announcement on interface eth0.
passive-interface eth0
!
! Set the SPF initial delay (from first change received until the SPF calculation), initial hold time between consecutive SPF calculations, and ! maximum hold time. All values are in milliseconds.
timers throttle spf (0-600000) (0-600000) (0-600000)
!
! Set global cost to 1000 Mbits/s (0-4294967).
auto-cost reference-bandwidth 1-4294967
!
! SECTION 3: Set network and area properties. Set areas with W.X.Y.Z or Z notation.
! Announce OSPF on network 192.168.253.0/24 network for area 0.0.0.0.
network 192.168.253.0/24 area 0.0.0.0
!
! Create area 0.0.0.1 and set a classful network range (172.16.254.0/24) for the area (range and interface network settings must match).
area 0.0.0.1 range 172.16.254.0/24
!
! Set virtual link neighbor (172.16.254.1) for area 0.0.0.1.
area 0.0.0.1 virtual-link 172.16.254.1
!
! Set area 0.0.0.1 as a stub on all routers in area 0.0.0.1.
area 0.0.0.1 stub
!
area 0.0.0.2 stub no-summary
!
! Enable simple password authentication for area 0.0.0.0.
area 0.0.0.0 authentication
!
! Enable MD5 authentication for area 0.0.0.1.
area 0.0.0.1 authentication message-digest
! Share route of last resort (default route) from kernel routing table with OSPF peers.
default-information originate
!
! Redistribute static routes to OSPF.
redistribute static
!
! Redistribute routes from all interfaces to OSPF.
redistribute connected
redistribute connected route-map
! Redistribute routes from RIP and BGP to OSPF.
redistribute rip
redistribute bgp
! SECTION 4: Configure route redistribution filters with access lists and route maps.
! Create an access list to only allow redistribution of 10.0.2.0/24.
access-list LISTNAME permit 10.0.2.0/24
access-list LISTNAME deny any
!
! Create a route map with name MAPNAME and allow with a priority of 10 (1-199).
route-map MAPNAME permit 10
match ip address LISTNAME