OSPF¶
OSPF is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS). It is defined as OSPF Version 2 in RFC 2328 (1998) for IPv4. Updates for IPv6 are specified as OSPF Version 3 in RFC 5340 (2008). OSPF supports the CIDR addressing model.
OSPF is a widely used IGP in large enterprise networks.
OSPFv2 (IPv4)¶
General Configuration¶
VyOS does not have a special command to start the OSPF process. The OSPF process starts when the first ospf enabled interface is configured.
This command specifies the OSPF enabled interface(s). If the interface has an address from defined range then the command enables OSPF on this interface so router can provide network information to the other ospf routers via this interface.
This command is also used to enable the OSPF process. The area number can be specified in decimal notation in the range from 0 to 4294967295. Or it can be specified in dotted decimal notation similar to ip address.
Optional Configuration¶
always keyword is given then the default is always
advertised, even when there is no default present in the routing table.
The argument route-map specifies to advertise the default route
if the route map is satisfied.This command change distance value of OSPF. The arguments are the distance values for external routes, inter-area routes and intra-area routes respectively. The distance range is 1 to 255.
Note
Routes with a distance of 255 are effectively disabled and not installed into the kernel.
detail argument, all changes in adjacency status are shown.
Without detail, only changes to full or regressions are shown.This enables RFC 3137 support, where the OSPF process describes its transit links in its router-LSA as having infinite distance so that other routers will avoid calculating transit paths through the router while still being able to reach networks through the router.
This support may be enabled administratively (and indefinitely) with the
administrative command. It may also be enabled conditionally.
Conditional enabling of max-metric router-lsas can be for a period of
seconds after startup with the on-startup <seconds> command
and/or for a period of seconds prior to shutdown with the
on-shutdown <seconds> command. The time range is 5 to 86400.
This command selects ABR model. OSPF router supports four ABR models:
cisco – a router will be considered as ABR if it has several configured links to the networks in different areas one of which is a backbone area. Moreover, the link to the backbone area should be active (working). ibm – identical to “cisco” model but in this case a backbone area link may not be active. standard – router has several active links to different areas. shortcut – identical to “standard” but in this model a router is allowed to use a connected areas topology without involving a backbone area for inter-area connections.
Detailed information about “cisco” and “ibm” models differences can be found in RFC 3509. A “shortcut” model allows ABR to create routes between areas based on the topology of the areas connected to this router but not using a backbone area in case if non-backbone route will be cheaper. For more information about “shortcut” model, see ospf-shortcut-abr-02.txt
RFC 2328, the successor to RFC 1583, suggests according to section G.2 (changes) in section 16.4.1 a change to the path preference algorithm that prevents possible routing loops that were possible in the old version of OSPFv2. More specifically it demands that inter-area paths and intra-area backbone path are now of equal preference but still both preferred to external paths.
This command should NOT be set normally.
passive-interface-exclude command.passive-interface default was configured.delay sets the
initial SPF schedule delay in milliseconds. The default value is 200 ms.
initial-holdtime sets the minimum hold time between two
consecutive SPF calculations. The default value is 1000 ms.
max-holdtime sets the maximum wait time between two
consecutive SPF calculations. The default value is 10000 ms.Areas Configuration¶
cost specifies the aggregated link metric. The metric range is 0
to 16777215.This parameter allows to “shortcut” routes (non-backbone) for inter-area routes. There are three modes available for routes shortcutting:
default – this area will be used for shortcutting only if ABR does not have a link to the backbone area or this link was lost. enable – the area will be used for shortcutting every time the route that goes through it is cheaper. disable – this area is never used by ABR for routes shortcutting.
Provides a backbone area coherence by virtual link establishment.
In general, OSPF protocol requires a backbone area (area 0) to be coherent and fully connected. I.e. any backbone area router must have a route to any other backbone area router. Moreover, every ABR must have a link to backbone area. However, it is not always possible to have a physical link to a backbone area. In this case between two ABR (one of them has a link to the backbone area) in the area (not stub area) a virtual link is organized.
<number> – area identifier through which a virtual link goes. <A.B.C.D> – ABR router-id with which a virtual link is established. Virtual link must be configured on both routers.
Formally, a virtual link looks like a point-to-point network connecting two ABR from one area one of which physically connected to a backbone area. This pseudo-network is considered to belong to a backbone area.
Interfaces Configuration¶
This command sets OSPF authentication key to a simple password. After setting, all OSPF packets are authenticated. Key has length up to 8 chars.
Simple text password authentication is insecure and deprecated in favour of MD5 HMAC authentication.
This command allows to specify the distribution type for the network connected to this interface:
broadcast – broadcast IP addresses distribution. non-broadcast – address distribution in NBMA networks topology. point-to-multipoint – address distribution in point-to-multipoint networks. point-to-point – address distribution in point-to-point networks.
Manual Neighbor Configuration¶
OSPF routing devices normally discover their neighbors dynamically by listening to the broadcast or multicast hello packets on the network. Because an NBMA network does not support broadcast (or multicast), the device cannot discover its neighbors dynamically, so you must configure all the neighbors statically.
Redistribution Configuration¶
Operational Mode Commands¶
Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
10.0.13.1 1 Full/DR 38.365s 10.0.13.1 eth0:10.0.13.3 0 0 0
10.0.23.2 1 Full/Backup 39.175s 10.0.23.2 eth1:10.0.23.3 0 0 0
Neighbor 10.0.13.1, interface address 10.0.13.1
In the area 0.0.0.0 via interface eth0
Neighbor priority is 1, State is Full, 5 state changes
Most recent state change statistics:
Progressive change 11m55s ago
DR is 10.0.13.1, BDR is 10.0.13.3
Options 2 *|-|-|-|-|-|E|-
Dead timer due in 34.854s
Database Summary List 0
Link State Request List 0
Link State Retransmission List 0
Thread Inactivity Timer on
Thread Database Description Retransmision off
Thread Link State Request Retransmission on
Thread Link State Update Retransmission on
Neighbor 10.0.23.2, interface address 10.0.23.2
In the area 0.0.0.1 via interface eth1
Neighbor priority is 1, State is Full, 4 state changes
Most recent state change statistics:
Progressive change 41.193s ago
DR is 10.0.23.3, BDR is 10.0.23.2
Options 2 *|-|-|-|-|-|E|-
Dead timer due in 35.661s
Database Summary List 0
Link State Request List 0
Link State Retransmission List 0
Thread Inactivity Timer on
Thread Database Description Retransmision off
Thread Link State Request Retransmission on
Thread Link State Update Retransmission on
eth0 is up
ifindex 2, MTU 1500 bytes, BW 4294967295 Mbit <UP,BROADCAST,RUNNING,MULTICAST>
Internet Address 10.0.13.3/24, Broadcast 10.0.13.255, Area 0.0.0.0
MTU mismatch detection: enabled
Router ID 10.0.23.3, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State Backup, Priority 1
Backup Designated Router (ID) 10.0.23.3, Interface Address 10.0.13.3
Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
Hello due in 4.470s
Neighbor Count is 1, Adjacent neighbor count is 1
eth1 is up
ifindex 3, MTU 1500 bytes, BW 4294967295 Mbit <UP,BROADCAST,RUNNING,MULTICAST>
Internet Address 10.0.23.3/24, Broadcast 10.0.23.255, Area 0.0.0.1
MTU mismatch detection: enabled
Router ID 10.0.23.3, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Backup Designated Router (ID) 10.0.23.2, Interface Address 10.0.23.2
Saved Network-LSA sequence number 0x80000002
Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
Hello due in 4.563s
Neighbor Count is 1, Adjacent neighbor count is 1
============ OSPF network routing table ============
N IA 10.0.12.0/24 [3] area: 0.0.0.0
via 10.0.13.3, eth0
N 10.0.13.0/24 [1] area: 0.0.0.0
directly attached to eth0
N IA 10.0.23.0/24 [2] area: 0.0.0.0
via 10.0.13.3, eth0
N 10.0.34.0/24 [2] area: 0.0.0.0
via 10.0.13.3, eth0
============ OSPF router routing table =============
R 10.0.23.3 [1] area: 0.0.0.0, ABR
via 10.0.13.3, eth0
R 10.0.34.4 [2] area: 0.0.0.0, ASBR
via 10.0.13.3, eth0
============ OSPF external routing table ===========
N E2 172.16.0.0/24 [2/20] tag: 0
via 10.0.13.3, eth0
The table consists of following data:
OSPF network routing table – includes a list of acquired routes for all accessible networks (or aggregated area ranges) of OSPF system. “IA” flag means that route destination is in the area to which the router is not connected, i.e. it’s an inter-area path. In square brackets a summary metric for all links through which a path lies to this network is specified. “via” prefix defines a router-gateway, i.e. the first router on the way to the destination (next hop). OSPF router routing table – includes a list of acquired routes to all accessible ABRs and ASBRs. OSPF external routing table – includes a list of acquired routes that are external to the OSPF process. “E” flag points to the external link metric type (E1 – metric type 1, E2 – metric type 2). External link metric is printed in the “<metric of the router which advertised the link>/<link metric>” format.
OSPF Router with ID (10.0.13.1)
Router Link States (Area 0.0.0.0)
Link ID ADV Router Age Seq# CkSum Link count
10.0.13.1 10.0.13.1 984 0x80000005 0xd915 1
10.0.23.3 10.0.23.3 1186 0x80000008 0xfe62 2
10.0.34.4 10.0.34.4 1063 0x80000004 0x4e3f 1
Net Link States (Area 0.0.0.0)
Link ID ADV Router Age Seq# CkSum
10.0.13.1 10.0.13.1 994 0x80000003 0x30bb
10.0.34.4 10.0.34.4 1188 0x80000001 0x9411
Summary Link States (Area 0.0.0.0)
Link ID ADV Router Age Seq# CkSum Route
10.0.12.0 10.0.23.3 1608 0x80000001 0x6ab6 10.0.12.0/24
10.0.23.0 10.0.23.3 981 0x80000003 0xe232 10.0.23.0/24
AS External Link States
Link ID ADV Router Age Seq# CkSum Route
172.16.0.0 10.0.34.4 1063 0x80000001 0xc40d E2 172.16.0.0/24 [0x0]
This command displays a database contents for a specific link advertisement type.
The type can be the following: asbr-summary, external, network, nssa-external, opaque-area, opaque-as, opaque-link, router, summary.
[A.B.C.D] – link-state-id. With this specified the command displays portion of the network environment that is being described by the advertisement. The value entered depends on the advertisement’s LS type. It must be entered in the form of an IP address.
adv-router <A.B.C.D>– router id, which link advertisements need to be reviewed.
self-originatedisplays only self-originated LSAs from the local router.
OSPF Router with ID (10.0.13.1)
Router Link States (Area 0.0.0.0)
LS age: 1213
Options: 0x2 : *|-|-|-|-|-|E|-
LS Flags: 0x3
Flags: 0x0
LS Type: router-LSA
Link State ID: 10.0.13.1
Advertising Router: 10.0.13.1
LS Seq Number: 80000009
Checksum: 0xd119
Length: 36
Number of Links: 1
Link connected to: a Transit Network
(Link ID) Designated Router address: 10.0.13.1
(Link Data) Router Interface address: 10.0.13.1
Number of TOS metrics: 0
TOS 0 Metric: 1
Configuration Example¶
Below you can see a typical configuration using 2 nodes, redistribute loopback address and the node 1 sending the default route:
Node 1
set interfaces loopback lo address 10.1.1.1/32
set protocols ospf area 0 network 192.168.0.0/24
set protocols ospf default-information originate always
set protocols ospf default-information originate metric 10
set protocols ospf default-information originate metric-type 2
set protocols ospf log-adjacency-changes
set protocols ospf parameters router-id 10.1.1.1
set protocols ospf redistribute connected metric-type 2
set protocols ospf redistribute connected route-map CONNECT
set policy route-map CONNECT rule 10 action permit
set policy route-map CONNECT rule 10 match interface lo
Node 2
set interfaces loopback lo address 10.2.2.2/32
set protocols ospf area 0 network 192.168.0.0/24
set protocols ospf log-adjacency-changes
set protocols ospf parameters router-id 10.2.2.2
set protocols ospf redistribute connected metric-type 2
set protocols ospf redistribute connected route-map CONNECT
set policy route-map CONNECT rule 10 action permit
set policy route-map CONNECT rule 10 match interface lo
OSPFv3 (IPv6)¶
General Configuration¶
VyOS does not have a special command to start the OSPFv3 process. The OSPFv3 process starts when the first ospf enabled interface is configured.
Optional Configuration¶
Areas Configuration¶
Interfaces Configuration¶
This command allows to specify the distribution type for the network connected to this interface:
broadcast – broadcast IP addresses distribution. point-to-point – address distribution in point-to-point networks.
Redistribution Configuration¶
Operational Mode Commands¶
prefix this command shows connected prefixes to advertise.Configuration Example¶
A typical configuration using 2 nodes.
Node 1:
set protocols ospfv3 area 0.0.0.0 interface eth1
set protocols ospfv3 area 0.0.0.0 range 2001:db8:1::/64
set protocols ospfv3 parameters router-id 192.168.1.1
set protocols ospfv3 redistribute connected
Node 2:
set protocols ospfv3 area 0.0.0.0 interface eth1
set protocols ospfv3 area 0.0.0.0 range 2001:db8:2::/64
set protocols ospfv3 parameters router-id 192.168.2.1
set protocols ospfv3 redistribute connected
To see the redistributed routes:
show ipv6 ospfv3 redistribute
Note
You cannot easily redistribute IPv6 routes via OSPFv3 on a WireGuard interface link. This requires you to configure link-local addresses manually on the WireGuard interfaces, see T1483.
Example configuration for WireGuard interfaces:
Node 1
set interfaces wireguard wg01 address 'fe80::216:3eff:fe51:fd8c/64'
set interfaces wireguard wg01 address '192.168.0.1/24'
set interfaces wireguard wg01 peer ospf02 allowed-ips '::/0'
set interfaces wireguard wg01 peer ospf02 allowed-ips '0.0.0.0/0'
set interfaces wireguard wg01 peer ospf02 endpoint '10.1.1.101:12345'
set interfaces wireguard wg01 peer ospf02 pubkey 'ie3...='
set interfaces wireguard wg01 port '12345'
set protocols ospfv3 parameters router-id 192.168.1.1
set protocols ospfv3 area 0.0.0.0 interface 'wg01'
set protocols ospfv3 area 0.0.0.0 interface 'lo'
Node 2
set interfaces wireguard wg01 address 'fe80::216:3eff:fe0a:7ada/64'
set interfaces wireguard wg01 address '192.168.0.2/24'
set interfaces wireguard wg01 peer ospf01 allowed-ips '::/0'
set interfaces wireguard wg01 peer ospf01 allowed-ips '0.0.0.0/0'
set interfaces wireguard wg01 peer ospf01 endpoint '10.1.1.100:12345'
set interfaces wireguard wg01 peer ospf01 pubkey 'NHI...='
set interfaces wireguard wg01 port '12345'
set protocols ospfv3 parameters router-id 192.168.1.2
set protocols ospfv3 area 0.0.0.0 interface 'wg01'
set protocols ospfv3 area 0.0.0.0 interface 'lo'
Status
vyos@ospf01:~$ sh ipv6 ospfv3 neighbor
Neighbor ID Pri DeadTime State/IfState Duration I/F[State]
192.168.0.2 1 00:00:37 Full/PointToPoint 00:18:03 wg01[PointToPoint]
vyos@ospf02# run sh ipv6 ospfv3 neighbor
Neighbor ID Pri DeadTime State/IfState Duration I/F[State]
192.168.0.1 1 00:00:39 Full/PointToPoint 00:19:44 wg01[PointToPoint]