Configuring OSPF

Configuration Hierarchy

The diagram illustrates the OSPF configuration hierarchy. All OSPF configuration is performed within an instance, for example, the default instance or a VPN service instance. The OSPF instance configuration hierarchy includes parameters that are generic to the respective OSPF instance. The sub-hierarchies include parameters that are specific to redistribution or authentication.

OSPF Configuration Hierarchy

Configuration Syntax and Commands

The following sections describe the OSPF configuration syntax and commands.

OSPF Instance Configuration

At this configuration hierarchy, you can configure an OSPF instance.

Syntax:

set instance <instance-name> protocol ospf

Attribute	Description
<instance-name>	Name of the OSPF instance.

Attribute

Description

<instance-name>

Name of the OSPF instance.

OSPF Address Family Configuration

At this configuration level, you configure OSPF protocol address family. IPv4 is the currently supported address family.

You must complete configuring OSPF address family on an OSPF instance before configuring other OSPF features supported.

Syntax

set instance <instance-name> protocol ospf address-family ipv4

Attribute	Description
<instance-name>	Name of the instance
ipv4 <ipv4>	Address family identifier (AFI). Supported value: IPv4.

Attribute

Description

<instance-name>

Name of the instance

ipv4 <ipv4>

Address family identifier (AFI). Supported value: IPv4.

The following example shows OSPF address family (IPv4) configuration.

Example: OSPF Instance Address Family Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4
{
  "rtbrick-config:address-family": [
    {
      "afi-type": "ipv4",
      "router-id": "198.51.100.10",
      "area": [
        {
          "area-id": "0.0.0.0",
          "interface": [
            {
              "name": "lo-0/0/0/1"
            },
            {
              "name": "ifl-0/1/2/12",
              "network-type": "p2p"
            }
          ]
        }
      ]
    }
  ]
}

OSPF Router ID Configuration

The router ID is an IP address that OSPF uses to identify a device on the network. The router ID should be configured under the address family hierarchy.

Syntax

set instance <instance-name> protocol ospf address-family ipv4 router-id <router-id>

Attribute	Description
router-id <ipv4-address>	The router ID of the routing instance. It is recommended to specify the router ID.

Attribute

Description

router-id <ipv4-address>

The router ID of the routing instance. It is recommended to specify the router ID.

Example: OSPF Router Identifier Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 router-id
{
  "rtbrick-config:router-id": "198.51.100.15"
}

OSPF Interface Configuration

Enable OSPF protocol on the router interfaces.

Syntax:

set instance <instance-name> protocol ospf address-family ipv4 area <area-id> interface <interface-name> <options>

Attribute Description

Attribute	Description
ldp-synchronization <enable \| disable>	Enable or disable LDP OSPF Synchronization. Default: Disable
metric <metric>	Specify the metric value of an OSPF interface.
network-type <broadcast \| p2p>	broadcast - Sets the network type to broadcast; p2p - Sets the network type to point-to-point. By default, the network-type is `broadcast`.
router-priority <router-priority>	Sets the router priority for an interface. Allowed range: 0 - 255, Default: 1. Routers with priority value '0' do not participate in the DR or BDR election.
segment-routing ipv4 index	Sets the prefix segment identifier (SID) index for the specified interface.
timer <hello \| dead>	Interface timer for configuring `hello` timer and `dead` timer hello: Sets interval time for sending hello packets to a neighbor and this time is identical on OSPF neighbor routers. Default: 10 seconds. dead: Sets interval time within which if the interface does not receive any hello packet from its neighbor, the interface comes to know that the neighbor is down. Default: 40 seconds.
mtu-ignore <enable \| disable>	If there is an MTU mismatch on both sides of the link where OSPF runs, the OSPF adjacency will not come up as the MTU value carried in the Database Description (DBD) packets. To avoid MTU validation in the Database Description (DBD) packets, configure `mtu-ignore` command. By default, it is disabled.
authentication <authentication-profile>	Specifies the authentication profile name used to create an attachment point at the interface level.
no-authentication-check <enable>	When enabled, OSPF packets received here will not undergo authentication validation at the interface level, even if the user has enabled authentication.

ldp-synchronization <enable | disable>

Enable or disable LDP OSPF Synchronization. Default: Disable

metric <metric>

Specify the metric value of an OSPF interface.

network-type <broadcast | p2p>

broadcast - Sets the network type to broadcast; p2p - Sets the network type to point-to-point. By default, the network-type is broadcast.

router-priority <router-priority>

Sets the router priority for an interface. Allowed range: 0 - 255, Default: 1. Routers with priority value '0' do not participate in the DR or BDR election.

segment-routing ipv4 index

Sets the prefix segment identifier (SID) index for the specified interface.

timer <hello | dead>

Interface timer for configuring hello timer and dead timer

hello: Sets interval time for sending hello packets to a neighbor and this time is identical on OSPF neighbor routers. Default: 10 seconds.
dead: Sets interval time within which if the interface does not receive any hello packet from its neighbor, the interface comes to know that the neighbor is down. Default: 40 seconds.

mtu-ignore <enable | disable>

If there is an MTU mismatch on both sides of the link where OSPF runs, the OSPF adjacency will not come up as the MTU value carried in the Database Description (DBD) packets. To avoid MTU validation in the Database Description (DBD) packets, configure mtu-ignore command. By default, it is disabled.

authentication <authentication-profile>

Specifies the authentication profile name used to create an attachment point at the interface level.

no-authentication-check <enable>

When enabled, OSPF packets received here will not undergo authentication validation at the interface level, even if the user has enabled authentication.

If an authentication profile is attached to an interface and an area, the authentication profile attached to the interface takes priority.

Example 1: OSPF Interface Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 area 0.0.0.0 interface
{
  "rtbrick-config:interface": [
    {
      "name": "198.51.100.0"
    },
    {
      "name": "ifp-0/1/2/10",
      "authentication-profile": "auth-profile1",
      "metric": 20000,
      "network-type": "p2p"
    },
    {
      "name": "ifl-0/0/1/1",
      "metric": 40000,
      "network-type": "p2p"
    },
    {
      "name": "ifl-0/0/1/100",
      "metric": 30000
    },
    {
      "name": "ifl-0/0/4/1",
      "metric": 60000
    },
    {
      "name": "lo-0/0/0/1"
    },
    {
      "name": "lo-0/0/0/2"
    }
  ]
}

Example 2: LDP OSPF Synchronization

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 area 0.0.0.0
{
  "rtbrick-config:area": [
    {
      "area-id": "0.0.0.0",
      "interface": [
        {
          "name": "ifl-0/0/1/1",
          "network-type": "p2p",
          "ldp-synchronization": "enable",
          "authentication": {
            "type": "md5",
            "key-id": 1,q
            "encrypted-text": "$2fd842673283fbff1623ba4bc2664eb5c"
          }
        }
      ]
    }
  ]
}

OSPF Area Configuration

A particular area is defined by its area ID.

set instance <instance-name> protocol ospf address-family ipv4 area <area-id> <options>

Attribute	Description
metric	Area scope metric. Range: 1 - 65535. Default: 10000.
area-type stub	A stub area is an area through which or into which AS external advertisements are not flooded.
area-type totally-stub	Totally stub area is an area in which type-3 LSAs are not allowed.
authentication-profile <authentication-profile>	Specifies the authentication profile name used to create an attachment point at the area level.
no-authentication-check <enable>	When enabled, OSPF packets received here will not undergo authentication validation, even if the user has enabled authentication. However, OSPF will continue to send authenticated packets from this interface.

Attribute

Description

metric

Area scope metric. Range: 1 - 65535. Default: 10000.

area-type stub

A stub area is an area through which or into which AS external advertisements are not flooded.

area-type totally-stub

Totally stub area is an area in which type-3 LSAs are not allowed.

authentication-profile <authentication-profile>

Specifies the authentication profile name used to create an attachment point at the area level.

no-authentication-check <enable>

When enabled, OSPF packets received here will not undergo authentication validation, even if the user has enabled authentication. However, OSPF will continue to send authenticated packets from this interface.

Example: Area Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 area 0.0.0.0
{
  "rtbrick-config:area": [
    {
      "area-id": "0.0.0.0",
      "interface": [
        {
          "name": "ifl-0/0/0/1"
        },
        {
          "name": "ifl-0/1/2/10",
          "authentication-profile": "auth-profile1",
          "metric": 20000,
          "network-type": "p2p"
        },
        {
          "name": "ifl-0/0/1/1",
          "metric": 40000,
          "network-type": "p2p"
        },
        {
          "name": "ifl-0/0/1/100",
          "metric": 30000
        },
        {
          "name": "ifl-0/0/4/1",
          "metric": 60000
        },
        {
          "name": "lo-0/0/0/1"
        },
        {
          "name": "lo-0/0/0/2"
        }
      ]
    }
  ]
}

OSPF Metric Configuration

Metric is the cost that OSPF uses to calculate and identify the best paths to other routers.

Syntax

set instance <instance-name> protocol ospf address-family ipv4 metric <metric>

Attribute

Description

metric <metric>

OSPF address-family metric. Allowed range: 1 - 65535. Default: 10000.

If you configure the metric at the address-family, it will be applicable to the configured areas of the address-family. If you configure a metric for an area, this configured metric value will take precedence over the address-family metric configurations of this area.

If you specify a metric value for an area on an interface will override any area and address-family metric configurations for this area.

Example: OSPF Metric Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 metric
{
  "rtbrick-config:metric": 1000
}

OSPF Opaque Capability Configuration

Enables opaque link-state advertisements. Routers in the OSPF network can receive and advertise Type-9, Type-10 and Type-11 opaque LSAs.

Syntax

set instance <instance-name> protocol ospf address-family ipv4 opaque-capability <options>

Attribute	Description
opaque-capability <enable \| disable>	Enable or disable opaque LSA advertisement and reception. Set as 'enable' to enable the router to receive and advertise opaque LSAs.

Attribute

Description

opaque-capability <enable | disable>

Enable or disable opaque LSA advertisement and reception. Set as 'enable' to enable the router to receive and advertise opaque LSAs.

Example: OSPF Opaque Capability Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 opaque-capability
{
  "rtbrick-config:opaque-capability": "enable"
}

Segment Routing Configuration

Enable segment routing for OSPF. For configuring segment routing, you must enable the opaque capability by defining it as 'true'. For information, see the section: "Opaque Capability Configuration".

Syntax

set instance <instance-name> protocol ospf address-family ipv4 segment-routing <options>

Attribute	Description
srgb base <value>	Specifies the segment routing global block (SRGB) in source packet routing. SRGB is used for prefix SIDs. Supported MPLS label values are 0 - 1048575. The reserved MPLS label range is 0 - 15. In RBFS, BGP uses the label range 20000 - 100000. It is recommended to assign label values outside of these reserved ranges to avoid conflicts.
srgb range <value>	OSPF system range of labels from the base label.
status <disable \| enable>	Enable or disable the segment routing feature. By default, the status is disabled.

Attribute

Description

srgb base <value>

Specifies the segment routing global block (SRGB) in source packet routing. SRGB is used for prefix SIDs.

Supported MPLS label values are 0 - 1048575. The reserved MPLS label range is 0 - 15. In RBFS, BGP uses the label range 20000 - 100000. It is recommended to assign label values outside of these reserved ranges to avoid conflicts.

srgb range <value>

OSPF system range of labels from the base label.

status <disable | enable>

Enable or disable the segment routing feature. By default, the status is disabled.

Example: Segment routing Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 segment-routing
{
  "rtbrick-config:segment-routing": {
    "status": "enable",
    "srgb": {
      "base": 1000,
      "range": 1000
    }
  }
}

OSPF Redistribution Configuration

Enable route redistribution for the routes originating from other sources or protocols such as BGP, Direct, IPoE, IS-IS, PPP, and Static.

Syntax

set instance <instance-name> protocol ospf ipv4 redistribute <options>

Attribute Description

Attribute	Description
redistribute <protocol>	Specifies the source protocol from which the routes are to be redistributed. The available options include `BGP`, `Direct`, `IPoE`, `IS-IS`, `PPP`, and `Static`.
metric <metric>	Specifies the metric value for the redistributed routes
metric-type <type 1 \| type 2>	Specifies the external metric type for the redistributed routes.
policy	Specifies the name of the policy map. The redistribute attach point allows routes from other sources to be advertised by OSPFv2.

redistribute <protocol>

Specifies the source protocol from which the routes are to be redistributed. The available options include BGP, Direct, IPoE, IS-IS, PPP, and Static.

metric <metric>

Specifies the metric value for the redistributed routes

metric-type <type 1 | type 2>

Specifies the external metric type for the redistributed routes.

policy

Specifies the name of the policy map. The redistribute attach point allows routes from other sources to be advertised by OSPFv2.

Example 1: Redistribution Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 redistribute bgp
{
  "rtbrick-config:redistribute": [
    {
      "source": "bgp",
      "metric": 2000
    }
  ]
}

Example 2: Redistribution Policy

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 redistribute
{
  "rtbrick-config:redistribute": [
    {
      "source": "direct",
      "policy": "ospf_policy_1"
    }
  ]
}

ECMP Routing Configuration

ECMP (equal-cost multiple paths) routing is a mechanism in which routers forward packets to a destination using the multiple available best paths. This mechanism can increase network bandwidth substantially by load-balancing traffic through multiple best paths.

Syntax

set instance <instance-name> protocol ospf address-family ipv4 max-load-balance <value>

Attribute	Description
<max-load-balance>	Maximum number of equal-cost multiple paths to be calculated for load balancing. Default: 16. Allowed range: 1 - 255.

Attribute

Description

<max-load-balance>

Maximum number of equal-cost multiple paths to be calculated for load balancing. Default: 16. Allowed range: 1 - 255.

Example: ECMP Routing Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 max-load-balance
{
  "rtbrick-config:max-load-balance": 100
}

OSPF Authentication Configuration

OSPF supports secure exchange of routing updates through authentication. You can enable authentication by attaching an authentication profile at the area or interface level. OSPF allows multiple keys to be attached to prevent session interruption.

OSPF supports the following authentication types:

Clear Text
HMAC-SHA-1
HMAC-SHA-256
HMAC-SHA-384
HMAC-SHA-512
MD5

To authenticate OSPF, there must be a global authentication profile present.

Configuring an Authentication Profile

set authentication-profile <attribute> <value>

Attribute	Description
<name>	Specifies the authentication profile name.
<name> key <key-id>	Specifies the message digest key identifier to be used by the neighboring routers for the OSPF password authentication. Allowed range: 1 - 255.
<name> key <key-id> type <auth-type>	Specifies the type of authentication that is being used, such as MD5, HMAC-SHA-1, and others.
<name> key <key-id> plain-text <text>	Specifies the password in plain text format.
<name> key <key-id> encrypted-text <text>	Specifies the password in an encrypted text format.
<name> key prefer-key-id <key-id>	Preferred key-id configuration will be used while sending out the packet with the specified key.

Attribute

Description

<name>

Specifies the authentication profile name.

Specifies the message digest key identifier to be used by the neighboring routers for the OSPF password authentication. Allowed range: 1 - 255.

Specifies the type of authentication that is being used, such as MD5, HMAC-SHA-1, and others.

<name> key <key-id> plain-text <text>

Specifies the password in plain text format.

<name> key <key-id> encrypted-text <text>

Specifies the password in an encrypted text format.

<name> key prefer-key-id <key-id>

Preferred key-id configuration will be used while sending out the packet with the specified key.

When an authentication profile is available, you can configure an authentication attachment point at the area or interface level.
When an authentication profile contains multiple key-IDs, and the preferred key-ID is not configured, the packet is sent using the highest key-ID.

In the example below, the authentication profile "auth-profile1" has md5, hmac-sha-1, and clear-text enabled. The preferred key-id being 20, the hmac-sha-1 method will be used for authentication.

    "rtbrick-config:instance": [
      {
        "name": "default",
        "protocol": {
          "ospf": {
            "address-family": [
              {
                "afi-type": "ipv4",
                "router-id": "198.51.100.85",
                "area": [
                  {
                    "area-id": "0.0.0.0",
                    "interface": [
                      {
                        "name": "ifl-0/1/2/10",
                        "authentication-profile": "auth-profile1"
                      },
                      {
                        "name": "ifl-0/1/2/20"
                      }
                    ]
                  }
                ]
              }
            ]
          }
        }
      }
    ],
    "rtbrick-config:authentication-profile": [
      {
        "name": "auth-profile1",
        "prefer-key-id": 20,
        "key": [
          {
            "key-id": 10,
            "type": "md5",
            "encrypted-text": "$2e439bba256caf1d623bb1094bbec0003"
          },
          {
            "key-id": 20,
            "type": "hmac-sha-1",
            "encrypted-text": "$2e439bba256caf1d623bb1094bbec0003"
          },
          {
            "key-id": 30,
            "type": "clear-text",
            "encrypted-text": "$2e439bba256caf1d623bb1094bbec0003"
          }
        ]
      }
    ]
  }