Configure OSPF Interfaces and Neighbors

You can change some interface-specific OSPFv2 parameters, if necessary. You are not required to change any of these parameters, but the following interface parameters must be consistent across all routers in an attached network: the hello interval, the dead interval, and the authentication key. If you configure any of these parameters, be sure that the configurations for all routers on your network have compatible values.

You need to define static OSPFv2 neighbors to advertise OSPFv2 routes over a point-to-point, non-broadcast network. This feature lets you broadcast OSPFv2 advertisements across an existing VPN connection without having to encapsulate the advertisements in a GRE tunnel.

Procedure

Step 1

Choose Devices > Device Management, and edit the threat defense device.

Step 2

Click Routing.

Step 3

(For a virtual-router-aware device) From the virtual routers drop-down list, choose the virtual router for which you are configuring OSPF.

Step 4

Click OSPF.

Step 5

Select Interface > Add.

You can click Edit (edit icon), or use the right-click menu to cut, copy, past, insert, and delete areas.

Step 6

Configure the following Interface options for each OSPF process:

  • Interface—The interface you are configuring.

    Note
    If the device is using virtual routing, this drop-down list displays only those interfaces that belong to the router.

  • Default Cost—The cost of sending a packet through the interface. The default value is 10.

  • Priority—The designated router for a network. Valid values range from 0 to 255. The default value is 1. Entering 0 for this setting makes the router ineligible to become the designated router or backup designated router.

    When two routers connect to a network, both attempt to become the designated router. The device with the higher router priority becomes the designated router. If there is a tie, the router with the higher router ID becomes the designated router. This setting does not apply to interfaces that are configured as point-to-point interfaces.

  • MTU Ignore—OSPF checks whether neighbors are using the same MTU on a common interface. This check is performed when neighbors exchange DBD packets. If the receiving MTU in the DBD packet is higher than the IP MTU configured on the incoming interface, OSPF adjacency is not established.

  • Database Filter—Use this setting to filter the outgoing LSA interface during synchronization and flooding. By default, OSPF floods new LSAs over all interfaces in the same area, except the interface on which the LSA arrives. In a fully meshed topology, this flooding can waste bandwidth and lead to excessive link and CPU usage. Checking this check box prevents OSPF flooding of the LSA on the selected interface.

  • Hello Interval—Specifies the interval, in seconds, between hello packets sent on an interface. Valid values range 1–8192 seconds. The default value is 10 seconds.

    The smaller the hello interval, the faster topological changes are detected, but more traffic is sent on the interface. This value must be the same for all routers and access servers on a specific interface.

  • Transmit Delay—Estimated time in seconds to send an LSA packet on the interface. Valid values range 1–65535 seconds. The default is 1 second.

    LSAs in the update packet have their ages increased by the amount specified by this field before transmission. If the delay is not added before transmission over a link, the time in which the LSA propagates over the link is not considered. The value assigned should take into account the transmission and propagation delays for the interface. This setting has more significance on very low-speed links.

  • Retransmit Interval—Time in seconds between LSA retransmissions for adjacencies that belong to the interface. The time must be greater than the expected round-trip delay between any two routers on the attached network. Valid values range from 1 to 65535 seconds. The default is 5 seconds.

    When a router sends an LSA to its neighbor, it keeps the LSA until it receives the acknowledgment message. If the router receives no acknowledgment, it resends the LSA. Be conservative when setting this value, or needless retransmission can result. The value should be larger for serial lines and virtual links.

  • Dead Interval—Time period in seconds for which hello packets must not be seen before neighbors indicate that the router is down. The value must be the same for all nodes on the network and can range 1–65535.

  • Hello Multiplier—Specifies the number of Hello packets to be sent per second. Valid values are 3–20.

  • Point-to-Point—Lets you transmit OSPF routes over VPN tunnels.

  • Authentication—Choose the OSPF interface authentication from the following:

    • None—(Default) Disables interface authentication.

    • Area Authentication—Enables interface authentication using MD5. Click Add, and enter the key ID, key, confirm the key, and then click OK.

    • Password—Provides a clear text password for virtual link authentication, which is not recommended where security is a concern.

    • MD5—Allows MD5 authentication. Click Add, and enter the key ID, key, confirm the key, and then click OK.

      Note
      Ensure to enter only numbers as the MD5 key ID.

    • Key Chain—Allows key chain authentication. Click Add, and create the key chain, and then click Save. For detailed procedure, see Creating Key Chain Objects. Use the same authentication type (MD5 or Key Chain) and key ID for the peers to establish a successful adjacency.

  • Enable BFD—Allows you to enable BFD on this interface.

  • Enter Password—The password you configure if you choose Password as the type of authentication.

  • Confirm Password—Confirm the password that you chose.

Step 7

Select Neighbor > Add.

You can click Edit (edit icon), or use the right-click menu to cut, copy, past, insert, and delete areas.

Step 8

Configure the following parameters for each OSPF process:

  • OSPF Process—Choose 1 or 2.

  • Neighbor—Choose one of the neighbors in the drop-down list, or click Add (add icon) to add a new neighbor; enter the name, description, network, whether to allow overrides, and then click Save.

  • Interface—Choose the interface associated with the neighbor.

Step 9

Click OK to save the neighbor configuration.

Step 10

Click Save on the Routing page to save your changes.