Configure OSPF Advanced Properties

The Advanced Properties allows you to configure options, such as syslog message generation, administrative route distances, an LSA timer, and graceful restarts.

Graceful Restarts

The threat defense device may experience some known failure situations that should not affect packet forwarding across the switching platform. The Non-Stop Forwarding (NSF) capability allows data forwarding to continue along known routes, while the routing protocol information is being restored. This capability is useful when there is a scheduled hitless software upgrade. You can configure graceful restart on OSPFv2 by using either using NSF Cisco (RFC 4811 and RFC 4812) or NSF IETF (RFC 3623).

Note

NSF capability is also useful in HA mode and clustering.

Configuring the NSF graceful-restart feature involves two steps; configuring capabilities and configuring a device as NSF-capable or NSF-aware. A NSF-capable device can indicate its own restart activities to neighbors and a NSF-aware device can help a restarting neighbor.

A device can be configured as NSF-capable or NSF-aware, depending on some conditions:

  • A device can be configured as NSF-aware irrespective of the mode in which it is.

  • A device has to be in either Failover or Spanned Etherchannel (L2) cluster mode to be configured as NSF-capable.

  • For a device to be either NSF-aware or NSF-capable, it should be configured with the capability of handling opaque Link State Advertisements (LSAs)/ Link Local Signaling (LLS) block as required.

Procedure

Step 1

Choose Devices > Device Management, and edit the threat defense device.

Step 2

Click Routing.

Step 3

(For a virtual-router-aware device) From the virtual routers drop-down list, choose the virtual router for which you are configuring OSPF.

Step 4

Click OSPF > Advanced.

Step 5

Select General, and configure the following:

  • Router ID—Choose Automatic or IP Address (appears for non-cluster and a cluster in spanned etherchannel mode) or Cluster Pool (appears for a cluster in individual interface mode) for the router ID. If you choose IP address, enter the IP address in the adjacent field. If you choose Cluster Pool, choose the IPv4 cluster pool value in the adjacent drop-down field. For information on creating the cluster pool address, see Address Pools.

  • Ignore LSA MOSPF—Suppresses syslog messages when the route receives unsupported LSA Type 6 multicast OSPF (MOSPF) packets.

  • RFC 1583 Compatible—Configures RFC 1583 compatibility as the method used to calculate summary route costs. Routing loops can occur with RFC 1583 compatibility enabled. Disable it to prevent routing loops. All OSPF routers in an OSPF routing domain should have RFC compatibility set identically.

  • Adjacency Changes—Defines the adjacency changes that cause syslog messages to be sent.

    By default, a syslog message is generated when an OSPF neighbor goes up or down. You can configure the router to send a syslog message when an OSPF neighbor goes down and also a syslog for each state.

    • Log Adjacency Changes—Causes the threat defense device to send a syslog message whenever an OSPF neighbor goes up or down. This setting is checked by default.

    • Log Adjacency Change Details—Causes the threat defense device to send a syslog message whenever any state change occurs, not just when a neighbor goes up or down. This setting is unchecked by default.

  • Administrative Route Distance—Allows you to modify the settings that were used to configure administrative route distances for inter-area, intra-area, and external IPv6 routes. The administrative route distance is an integer from 1 to 254. The default is 110.

  • LSA Group Pacing—Specifies the interval in seconds at which LSAs are collected into a group and refreshed, check summed, or aged. Valid values range from 10 to 1800. The default value is 240.

  • Enable Default Information Originate—Check the Enable check box to generate a default external route into an OSPF routing domain and configure the following options:

    • Always advertise the default route—Ensures that the default route is always advertised.

    • Metric Value—Metric used for generating the default route. Valid metric values range from 0 to 16777214. The default value is 10.

    • Metric Type—The external link type that is associated with the default route that is advertised into the OSPFv3 routing domain. Valid values are 1 (Type 1 external route) and 2 (Type 2 external route). The default is Type 2 external route.

    • RouteMap—Choose the routing process that generates the default route if the route map is satisfied or click Add (add icon) to add a new one. See Configure Route Map Entry to add a new route map.

Step 6

Click OK to save the general configuration.

Step 7

Select Non Stop Forwarding, and configure Cisco NSF graceful restart for OSPFv2, for an NSF-capable or NSF-aware device:

Note

There are two graceful restart mechanisms for OSPFv2, Cisco NSF and IETF NSF. Only one of these graceful restart mechanisms can be configured at a time for an OSPF instance. An NSF-aware device can be configured as both Cisco NSF helper and IETF NSF helper but a NSF-capable device can be configured in either Cisco NSF or IETF NSF mode at a time for an OSPF instance.

  1. Check the Enable Cisco Non Stop Forwarding Capability check box.

  2. (Optional) Check the Cancel NSF restart when non-NSF-aware neighboring networking devices are detected check box if required.

  3. (Optional) Make sure the Enable Cisco Non Stop Forwarding Helper mode check box is unchecked to disable the helper mode on an NSF-aware device.

Step 8

Configure IETF NSF Graceful Restart for OSPFv2, for an NSF-capable or NSF-aware device:

  1. Check the Enable IETF Non Stop Forwarding Capability check box.

  2. In the Length of graceful restart interval (seconds) field, enter the restart interval in seconds. The default value is 120 seconds. For a restart interval below 30 seconds, graceful restart will be terminated.

  3. (Optional) Make sure the Enable IETF nonstop forwarding (NSF) for helper mode check box is unchecked to disable the IETF NSF helper mode on an NSF-aware device.

  4. Enable Strict Link State advertisement checking—When enabled, it indicates that the helper router will terminate the process of restarting the router if it detects that there is a change to a LSA that would be flooded to the restarting router, or if there is a changed LSA on the retransmission list of the restarting router when the graceful restart process is initiated.

  5. Enable IETF Non Stop Forwarding—Enables non stop forwarding, which allows for the forwarding of data packets to continue along known routes while the routing protocol information is being restored following a switchover. OSPF uses extensions to the OSPF protocol to recover its state from neighboring OSPF devices. For the recovery to work, the neighbors must support the NSF protocol extensions and be willing to act as "helpers" to the device that is restarting. The neighbors must also continue forwarding data traffic to the device that is restarting while protocol state recovery takes place.