OSPF Configuration
Configuration Hierarchy
The diagram illustrates the OSPF configuration hierarchy. All OSPF configuration is performed within an instance, for example, the default instance or a VPN service instance. The OSPF instance configuration hierarchy includes parameters that are generic to the respective OSPF instance. The sub-hierarchies include parameters that are specific to redistribution or authentication.
Configuration Syntax and Commands
The following sections describe the OSPF configuration syntax and commands.
OSPF Instance Configuration
At this configuration hierarchy, you can configure an OSPF instance.
Syntax:
set instance <instance-name> protocol ospf
| Attribute | Description |
|---|---|
<instance-name> |
Name of the OSPF instance. |
OSPF Address Family Configuration
At this configuration level, you configure the OSPF protocol address family.
| You must configure the OSPF address family on an OSPF instance before configuring other supported OSPF features. |
Syntax
set instance <instance-name> protocol ospf address-family <afi>
| Attribute | Description |
|---|---|
<instance-name> |
Name of the instance |
<afi> |
Specifies the Address family identifier (AFI), either IPv4 or IPv6. |
The following example shows the OSPF address family (IPv4) configuration.
Example 1: OSPF Instance Address Family IPv6 Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4
{
"rtbrick-config:ipv4": {
"router-id": "198.51.100.10",
"area": [
{
"area-id": "0.0.0.0",
"interface": [
{
"name": "ifl-0/0/0/1",
"network-type": "p2p"
},
{
"name": "lo-0/0/0/1"
}
]
}
]
}
}
<...>The following example shows the OSPF address family (IPv6) configuration.
Example 2: OSPF Instance Address Family IPv6 Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6
{
"rtbrick-config:ipv6": {
"instance-id": [
{
"instance-id": 0,
"router-id": "192.168.0.10",
"metric": 1000,
"segment-routing": {
"status": "enable",
"srgb": {
"base": 1000,
"range": 1000
}
},
"redistribute": [
{
"source": "bgp",
"metric": 2000
},
{
"source": "direct",
"policy": "ospf_policy_1"
}
],
"area": [
{
"area-id": "0.0.0.0",
"metric": 1000,
"interface": [
{
"name": "ifl-0/0/0/1",
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/0/100",
"metric": 20000,
"network-type": "p2p",
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/1/1",
"metric": 40000,
"network-type": "p2p",
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/1/100",
"metric": 30000,
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
<...>OSPF Router ID Configuration
The router ID is an IP address that OSPF uses to identify a device on the network. The router ID should be configured under the address family hierarchy.
Syntax
set instance <instance-name> protocol ospf address-family <afi> <attribute> <value>
| Attribute | Description |
|---|---|
<afi> |
Specifies the Address family identifier (AFI), either IPv4 or IPv6. |
<afi> instance-id <instance-id> |
Specifies the instance ID. When using an IPv6 address family with OSPFv3, an instance ID ranging from 0 to 31 must be specified. |
router-id <ipv4-address> |
The router ID of the routing instance. It is recommended to specify the router ID. |
Example 1: OSPF IPv4 Router Identifier Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 router-id
{
"rtbrick-config:router-id": "192.168.0.10"
}
supervisor@rtbrick>SPINE01: cfg>
Example 2: OSPF IPv6 Router Identifier Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6 instance-id 0 router-id
{
"rtbrick-config:router-id": "192.168.0.10"
}
supervisor@rtbrick>SPINE01: cfg>
OSPF Hostname Configuration
Identifying routers through Open Shortest Path First (OSPF) hostnames can simplify network management as they are easier to remember than router IDs.
Syntax
set instance <instance-name> protocol ospf address-family <afi> <attribute> <value>
| Attribute | Description |
|---|---|
<afi> |
Specifies the Address family identifier (AFI), either IPv4 or IPv6. |
<afi> instance-id <instance-id> |
Specifies the instance ID. When using an IPv6 address family with OSPFv3, an instance ID ranging from 0 to 31 must be specified. |
hostname <hostname> |
The hostname of the routing instance. |
Example 1: OSPF IPv4 Router Identifier Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 hostname
{
"rtbrick-config:hostname": "C-BNG"
}
supervisor@rtbrick>SPINE01: cfg>
Example 2: OSPF IPv6 Router Identifier Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6 instance-id 0 hostname
{
"rtbrick-config:hostname": "C-BNG"
}
supervisor@rtbrick>SPINE01: cfg>
OSPF Area Configuration
A particular area is defined by its area ID.
set instance <instance-name> protocol ospf address-family <afi> <attribute> <value>
| Attribute | Description |
|---|---|
<afi> |
Specifies the Address family identifier (AFI), either IPv4 or IPv6. |
<afi> instance-id <instance-id> |
Specifies the instance ID. When using an IPv6 address family with OSPFv3, an instance ID ranging from 0 to 31 must be specified. |
area <area-id> |
Specifies the OSPF area ID. |
area <area-id> metric |
Area scope metric. Range: 1 - 65535. Default: 10000. |
area <area-id> area-type stub |
A stub area is an area through which or into which AS external advertisements are not flooded instead type-3 LSA advertise with a default route. |
area <area-id> area-type totally-stub |
Totally stub area is an area in which type-3 LSAs are not allowed instead type-3 LSAs advertise with a default route. |
area <area-id> authentication-profile <authentication-profile> |
Specifies the authentication profile name used to create an attachment point at the area level. |
area <area-id> no-authentication-check <enable> |
When enabled, OSPF packets received here will not undergo authentication validation, even if the user has enabled authentication. However, OSPF will continue to send authenticated packets from this interface. |
Example 1: OSPF IPv4 Area Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 area 0.0.0.0
{
"rtbrick-config:area": [
{
"area-id": "0.0.0.0",
"interface": [
{
"name": "ifl-0/0/0/1",
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/0/100",
"metric": 20000,
"network-type": "p2p",
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/1/1",
"metric": 40000,
"network-type": "p2p",
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/1/100",
"metric": 30000,
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/4/1",
"metric": 60000
},
{
"name": "lo-0/0/0/1"
},
{
"name": "lo-0/0/0/2"
}
]
}
]
}Example 2: OSPF IPv6 Area Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6 instance-id 0 area 0.0.0.0
{
"rtbrick-config:area": [
{
"area-id": "0.0.0.0",
"interface": [
{
"name": "ifl-0/0/0/1",
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/0/100",
"metric": 20000,
"network-type": "p2p",
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/1/1",
"metric": 40000,
"network-type": "p2p",
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/1/100",
"metric": 30000,
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/4/1",
"metric": 60000
},
{
"name": "lo-0/0/0/1"
},
{
"name": "lo-0/0/0/2"
}
]
}
]
}OSPF Interface Configuration
Enable OSPF protocol on the router interfaces.
Syntax:
set instance <instance-name> protocol ospf address-family <afi> <attribute> <value>
| Attribute | Description |
|---|---|
<afi> |
Specifies the Address family identifier (AFI), either IPv4 or IPv6. |
<afi> instance-id <instance-id> |
Specifies the instance ID. When using an IPv6 address family with OSPFv3, an instance ID ranging from 0 to 31 must be specified. |
area <area-id> interface <interface-name> ldp-synchronization enable |
Enables LDP OSPF Synchronization. By default, LDP OSPF synchronization is disabled. |
metric <metric> |
Specify the metric value of an OSPF interface. |
network-type <broadcast | p2p> |
broadcast - Sets the network type to broadcast; p2p - Sets the network type to point-to-point. By default, the network-type is |
router-priority <router-priority> |
Sets the router priority for an interface. Allowed range: 0 - 255, Default: 1. Routers with priority value '0' do not participate in the DR or BDR election. |
segment-routing index |
Sets the prefix segment identifier (SID) index for the specified interface. |
timer <hello | dead | wait> |
Interface timer for configuring
|
mtu-ignore enable |
If there is an MTU mismatch on both sides of the link where OSPF runs, the OSPF adjacency will not come up as the MTU value carried in the Database Description (DBD) packets. To avoid MTU validation in the Database Description (DBD) packets, configure |
authentication <authentication-profile> |
Specifies the authentication profile name used to create an attachment point at the interface level. |
no-authentication-check <enable> |
When enabled, OSPF packets received here will not undergo authentication validation at the interface level, even if the user has enabled authentication. |
| If an authentication profile is attached to an interface and an area, the authentication profile attached to the interface takes priority. |
Example 1: OSPF IPv4 Interface Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 area 0.0.0.0 interface
{
"rtbrick-config:interface": [
{
"name": "ifl-0/0/0/1",
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/0/100",
"metric": 20000,
"network-type": "p2p",
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/1/1",
"metric": 40000,
"network-type": "p2p",
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/1/100",
"metric": 30000,
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/4/1",
"metric": 60000
},
{
"name": "lo-0/0/0/1"
},
{
"name": "lo-0/0/0/2"
}
]
}Example 2: OSPF IPv6 Interface Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6 instance-id 0 area 0.0.0.0 interface
{
"rtbrick-config:interface": [
{
"name": "ifl-0/0/0/1",
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/0/100",
"metric": 20000,
"network-type": "p2p",
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/1/1",
"metric": 40000,
"network-type": "p2p",
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/1/100",
"metric": 30000,
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/4/1",
"metric": 60000
},
{
"name": "lo-0/0/0/1"
},
{
"name": "lo-0/0/0/2"
}
]
}OSPF Metric Configuration
Metric is the cost that OSPF uses to calculate and identify the best paths to other routers.
Syntax
set instance <instance-name> protocol ospf address-family <afi> <attribute> <value>
| Attribute | Description | ||
|---|---|---|---|
<afi> |
Specifies the Address family identifier (AFI), either IPv4 or IPv6. |
||
<afi> instance-id <instance-id> |
Specifies the instance ID. When using an IPv6 address family with OSPFv3, an instance ID ranging from 0 to 31 must be specified. |
||
metric <metric> |
OSPF address-family metric. Allowed range: 1 - 65535. Default: 10000.
If you specify a metric value for an area on an interface will override any area and address-family metric configurations for this area. |
Example 1: OSPF IPv4 Metric Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 area 0.0.0.0 metric
{
"rtbrick-config:metric": 1000
}Example 2: OSPF IPv6 Metric Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6 instance-id 0 area 0.0.0.0 metric
{
"rtbrick-config:metric": 1000
}OSPF Opaque Capability Configuration
Enables opaque link-state advertisements. Routers in the OSPF network can receive and advertise Type-9, Type-10 and Type-11 opaque LSAs.
Syntax
set instance <instance-name> protocol ospf address-family ipv4 <attribute> <value>
| Attribute | Description |
|---|---|
opaque-capability <enable | disable> |
Enable or disable opaque LSA advertisement and reception. Set as 'enable' to enable the router to receive and advertise opaque LSAs. |
Example: OSPF Opaque Capability Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 opaque-capability
{
"rtbrick-config:opaque-capability": "enable"
}Segment Routing Configuration
Enable segment routing for OSPF. For configuring segment routing, you must enable the opaque capability by defining it as 'true'. For information, see the section: "Opaque Capability Configuration".
Syntax
set instance <instance-name> protocol ospf address-family <afi> <attribute> <value>
| Attribute | Description |
|---|---|
<afi> |
Specifies the Address family identifier (AFI), either IPv4 or IPv6. |
<afi> instance-id <instance-id> |
Specifies the instance ID. When using an IPv6 address family with OSPFv3, an instance ID ranging from 0 to 31 must be specified. |
segment-routing srgb base <value> |
Specifies the segment routing global block (SRGB) in source packet routing. SRGB is used for prefix SIDs. Supported MPLS label values are 0 - 1048575. The reserved MPLS label range is 0 - 15. In RBFS, BGP uses the label range 20000 - 100000. It is recommended to assign label values outside of these reserved ranges to avoid conflicts. |
segment-routing srgb range <value> |
OSPF system range of labels from the base label. |
segment-routing status <disable | enable> |
Enable or disable the segment routing feature. By default, the status is disabled. |
Example 1: OSPF IPv4 Segment routing Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 segment-routing
{
"rtbrick-config:segment-routing": {
"status": "enable",
"srgb": {
"base": 1000,
"range": 1000
}
}
}Example 2: OSPF IPv6 Segment routing Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6 instance-id 0 segment-routing
{
"rtbrick-config:segment-routing": {
"status": "enable",
"srgb": {
"base": 1000,
"range": 1000
}
}
}OSPF Redistribution Configuration
Enable route redistribution for the routes originating from other sources or protocols such as BGP, Direct, IPoE, IS-IS, PPP, and Static.
Syntax
set instance <instance-name> protocol ospf <afi> <attribute> <value>
| Attribute | Description |
|---|---|
<afi> |
Specifies the Address family identifier (AFI), either IPv4 or IPv6. |
<afi> instance-id <instance-id> |
Specifies the instance ID. When using an IPv6 address family with OSPFv3, an instance ID ranging from 0 to 31 must be specified. |
redistribute <protocol> |
Specifies the source protocol from which the routes are to be redistributed. The available options include |
metric <metric> |
Specifies the metric value for the redistributed routes |
metric-type <type 1 | type 2> |
Specifies the external metric type for the redistributed routes. |
policy |
Specifies the name of the policy map. The redistribute attach point allows routes from other sources to be advertised by OSPFv2. |
Example 1: OSPF IPV4 BGP Redistribution Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 redistribute bgp
{
"rtbrick-config:redistribute": [
{
"source": "bgp",
"metric": 2000
}
]
}Example 2: OSPF IPv6 Redistribution Policy
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6 instance-id 0 redistribute direct
{
"rtbrick-config:redistribute": [
{
"source": "direct",
"policy": "ospf_policy_1"
}
]
}ECMP Routing Configuration
ECMP (equal-cost multiple paths) routing is a mechanism in which routers forward packets to a destination using the multiple available best paths. This mechanism can increase network bandwidth substantially by load-balancing traffic through multiple best paths.
Syntax
set instance <instance-name> protocol ospf address-family <afi> <attribute> <value>
| Attribute | Description |
|---|---|
<afi> |
Specifies the Address family identifier (AFI), either IPv4 or IPv6. |
<afi> instance-id <instance-id> |
Specifies the instance ID. When using an IPv6 address family with OSPFv3, an instance ID ranging from 0 to 31 must be specified. |
<max-load-balance> |
Maximum number of equal-cost multiple paths to be calculated for load balancing. Default: 16. Allowed range: 1 - 255. |
Example: OSPF IPv4 ECMP Routing Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 max-load-balance
{
"rtbrick-config:max-load-balance": 100
}Example: OSPF IPv6 ECMP Routing Configuration
supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6 instance-id 0 max-load-balance
{
"rtbrick-config:max-load-balance": 100
}OSPF Authentication Configuration
OSPF supports the secure exchange of routing updates through authentication. You can enable authentication by attaching an authentication profile at the area or interface level. OSPF allows multiple keys to be attached to prevent session interruption.
The table below shows the authentication types supported by OSPFv2 and v3.
| Authentication Type | OSPFv2 | OSPFv3 |
|---|---|---|
Clear Text |
Yes |
No |
HMAC-SHA-1 |
Yes |
Yes |
HMAC-SHA-256 |
Yes |
Yes |
HMAC-SHA-384 |
Yes |
Yes |
HMAC-SHA-512 |
Yes |
Yes |
MD5 |
Yes |
No |
| To authenticate OSPF, there must be a global authentication profile present. |
Configuring an Authentication Profile
set authentication-profile <attribute> <value>
| Attribute | Description |
|---|---|
<name> |
Specifies the authentication profile name. |
<name> key <key-id> |
Specifies the message digest key identifier to be used by the neighboring routers for the OSPF password authentication. Allowed range: 1 - 255. |
<name> key <key-id> type <auth-type> |
Specifies the type of authentication that is being used, such as MD5, HMAC-SHA-1, and others. |
<name> key <key-id> plain-text <text> |
Specifies the password in plain text format. |
<name> key <key-id> encrypted-text <text> |
Specifies the password in an encrypted text format. |
<name> key prefer-key-id <key-id> |
Preferred key-id configuration will be used while sending out the packet with the specified key. |
|
In the example below, the authentication profile "auth-profile1" has md5, hmac-sha-1, and clear-text enabled. The preferred key-id being 20, the hmac-sha-1 method will be used for authentication.
"rtbrick-config:instance": [
{
"name": "default",
"address-family": [
{
"afi": "ipv4",
"safi": "unicast"
},
{
"afi": "ipv6",
"safi": "unicast"
}
],
"protocol": {
"ospf": {
"address-family": {
"ipv6": {
"instance-id": [
{
"instance-id": 0,
"router-id": "192.168.0.10",
"max-load-balance": 100,
"metric": 1000,
"segment-routing": {
"status": "enable",
"srgb": {
"base": 1000,
"range": 1000
}
},
"redistribute": [
{
"source": "bgp",
"metric": 2000
},
{
"source": "direct",
"policy": "ospf_policy_1"
}
],
"area": [
{
"area-id": "0.0.0.0",
"metric": 1000,
"interface": [
{
"name": "ifl-0/0/0/1",
"authentication-profile": "AUTH_PROFILE_SHA_512_1"
},
{
"name": "ifl-0/0/0/100",
"metric": 20000,
"network-type": "p2p",
"authentication-profile": "AUTH_PROFILE_SHA_512_1"