Configure OSPF Areas, Ranges, and Virtual Links

You can configure several OSPF area parameters, which include setting authentication, defining stub areas, and assigning specific costs to the default summary route. You can enable up to two OSPF process instances. Each OSPF process has its own associated areas and networks. Authentication provides password-based protection against unauthorized access to an area.

Stub areas are areas into which information on external routes is not sent. Instead, there is a default external route generated by the ABR into the stub area for destinations outside the autonomous system. To take advantage of the OSPF stub area support, default routing must be used in the stub area.

Procedure

Step 1

Choose Devices > Device Management, and edit the threat defense device.

Step 2

Click Routing.

Step 3

(For a virtual-router-aware device) From the virtual routers drop-down list, choose the virtual router for which you are configuring OSPF.

Step 4

Click OSPF.

Step 5

Check the check box of Process 1. You can enable up to two OSPF process instances for each context/virtual router. You must choose an OSPF process to be able to configure the Area parameters.

If the device is using virtual routing, the ID fields display the unique process IDs generated for the chosen virtual router.

Step 6

Choose the OSPF Role from the drop-down list, and enter a description for it in the next field. The options are Internal, ABR, ASBR, and ABR & ASBR. See About OSPF for a description of the OSPF roles.

Step 7

Select Area > Add.

You can click Edit (edit icon), or use the right-click menu to cut, copy, past, insert, and delete areas.

Step 8

Configure the following area options for each OSPF process:

  • OSPF ProcessChoose the process ID. For a device using virtual routing, the drop-down lists the unique process IDs generated for the selected virtual router.

  • Area ID—Designation of the area for which routes are to be summarized.

  • Area Type—Choose one of the following:

    • Normal—(Default) Standard OSPF area.

    • Stub—A stub area does not have any routers or areas beyond it. Stub areas prevent Autonomous System (AS) External LSAs (Type 5 LSAs) from being flooded into the stub area. When you create a stub area, you can prevent summary LSAs (Types 3 and 4) from being flooded into the area by NOT checking the Summary Stub check box.

    • NSSA—Makes the area a not-so-stubby area (NSSA). NSSAs accept Type 7 LSAs. You can disable route redistribution by NOT checking the Redistribute check box and checking the Default Information Originate check box. You can prevent summary LSAs from being flooded into the area by NOT checking the Summary NSSA check box.

  • Metric Value—The metric used for generating the default route. The default value is 10. Valid metric values range from 0 through 16777214.

  • Metric Type—The metric type is the external link type that is associated with the default route that is advertised into the OSPF routing domain. The available options are 1 for a Type 1 external route or 2 for a Type 2 external route.

  • Available Network—Choose one of the available networks and click Add, or click Add (add icon) to add a new network object. See Network for the procedure for adding networks.

  • Authentication—Choose the OSPF authentication:

    • None—(Default) Disables OSPF area authentication.

    • Password—Provides a clear text password for area authentication, which is not recommended where security is a concern.

    • MD5—Allows MD5 authentication.

  • Default Cost—The default cost for the OSPF area, which is used to determine the shortest paths to the destination. Valid values range from 0 through 65535. The default value is 1.

Step 9

Click OK to save the area configuration.

Step 10

Select Range > Add.

  • Choose one of the available networks and whether to advertise, or,

  • Click Add (add icon) to add a new network object. See Network for the procedure for adding networks.

Step 11

Click OK to save the range configuration.

Step 12

Select Virtual Link, click Add (add icon), and configure the following options for each OSPF process:

  • Peer Router—Choose the IP address of the peer router. To add a new peer router, click Add (add icon). See Network for the procedure for adding networks.

  • Hello Interval—The time in seconds between the hello packets sent on an interface. The hello interval is an unsigned integer that is to be advertised in the hello packets. The value must be the same for all routers and access servers on a specific network. Valid values range from 1 through 65535. The default is 10.

    The smaller the hello interval, the faster topological changes are detected, but the more traffic is sent on the interface.

  • Transmit Delay—The estimated time in seconds that is required to send an LSA packet on the interface. The integer value must be greater than zero. Valid values range from 1 through 8192. The default is 1.

    LSAs in the update packet have their own ages incremented by this amount before transmission. If the delay is not added before transmission over a link, the time in which the LSA propagates over the link is not considered. The value assigned should take into account the transmission and propagation delays for the interface. This setting has more significance on very low-speed links.

  • Retransmit Interval—The time in seconds between LSA retransmissions for adjacencies that belong to the interface. The retransmit interval is the expected round-trip delay between any two routers on the attached network. The value must be greater than the expected round-trip delay, and can range from 1 through 65535. The default is 5.

    When a router sends an LSA to its neighbor, it keeps the LSA until it receives the acknowledgment message. If the router receives no acknowledgment, it resends the LSA. Be conservative when setting this value, or needless retransmission can result. The value should be larger for serial lines and virtual links.

  • Dead Interval—The time in seconds that hello packets are not seen before a neighbor indicates that the router is down. The dead interval is an unsigned integer. The default is four times the hello interval, or 40 seconds. The value must be the same for all routers and access servers that are attached to a common network. Valid values range from 1 through 65535.

  • Authentication—Choose the OSPF virtual link authentication from the following:

    • None—(Default) Disables virtual link area authentication.

    • Area Authentication—Enables area authentication using MD5. Click Add, and enter the key ID, key, confirm the key, and then click OK.

    • Password—Provides a clear text password for virtual link authentication, which is not recommended where security is a concern.

    • MD5—Allows MD5 authentication. Click Add, and enter the key ID, key, confirm the key, and then click OK.

      Note
      Ensure to enter only numbers as the MD5 key ID.

    • Key Chain—Allows key chain authentication. Click Add, and create the key chain, and then click Save. For detailed procedure, see Creating Key Chain Objects. Use the same authentication type (MD5 or Key Chain) and key ID for the peers to establish a successful adjacency.

Step 13

Click OK to save the virtual link configuration.

Step 14

Click Save on the Routing page to save your changes.

What to do next

Continue with Configure OSPF Redistribution.