OSPF Configuration

Configuration Hierarchy

The diagram illustrates the OSPF configuration hierarchy. All OSPF configuration is performed within an instance, for example, the default instance or a VPN service instance. The OSPF instance configuration hierarchy includes parameters that are generic to the respective OSPF instance. The sub-hierarchies include parameters that are specific to redistribution or authentication.

OSPF Configuration Hierarchy

Configuration Syntax and Commands

The following sections describe the OSPF configuration syntax and commands.

OSPF Instance Configuration

At this configuration hierarchy, you can configure an OSPF instance.

Syntax:

set instance <instance-name> protocol ospf

Attribute Description

<instance-name>

Name of the OSPF instance.

OSPF Address Family Configuration

At this configuration level, you configure the OSPF protocol address family.

You must configure the OSPF address family on an OSPF instance before configuring other supported OSPF features.
Syntax

set instance <instance-name> protocol ospf address-family <afi>

Attribute Description

<instance-name>

Name of the instance

<afi>

Specifies the Address family identifier (AFI), either IPv4 or IPv6.

The following example shows the OSPF address family (IPv4) configuration.

Example 1: OSPF Instance Address Family IPv6 Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4
{
  "rtbrick-config:ipv4": {
    "router-id": "198.51.100.10",
    "area": [
      {
        "area-id": "0.0.0.0",
        "interface": [
          {
            "name": "ifl-0/0/0/1",
            "network-type": "p2p"
          },
          {
            "name": "lo-0/0/0/1"
          }
        ]
      }
    ]
  }
}
<...>

The following example shows the OSPF address family (IPv6) configuration.

Example 2: OSPF Instance Address Family IPv6 Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6
{
  "rtbrick-config:ipv6": {
    "instance-id": [
      {
        "instance-id": 0,
        "router-id": "192.168.0.10",
        "metric": 1000,
        "segment-routing": {
          "status": "enable",
          "srgb": {
            "base": 1000,
            "range": 1000
          }
        },
        "redistribute": [
          {
            "source": "bgp",
            "metric": 2000
          },
          {
            "source": "direct",
            "policy": "ospf_policy_1"
          }
        ],
        "area": [
          {
            "area-id": "0.0.0.0",
            "metric": 1000,
            "interface": [
              {
                "name": "ifl-0/0/0/1",
                "authentication-profile": "AUTH_PROFILE_SHA_512_1"
              },
              {
                "name": "ifl-0/0/0/100",
                "metric": 20000,
                "network-type": "p2p",
                "authentication-profile": "AUTH_PROFILE_SHA_512_1"
              },
              {
                "name": "ifl-0/0/1/1",
                "metric": 40000,
                "network-type": "p2p",
                "authentication-profile": "AUTH_PROFILE_SHA_512_1"
              },
              {
                "name": "ifl-0/0/1/100",
                "metric": 30000,
                "authentication-profile": "AUTH_PROFILE_SHA_512_1"
<...>

OSPF Router ID Configuration

The router ID is an IP address that OSPF uses to identify a device on the network. The router ID should be configured under the address family hierarchy.

Syntax

set instance <instance-name> protocol ospf address-family <afi> <attribute> <value>

Attribute Description

<afi>

Specifies the Address family identifier (AFI), either IPv4 or IPv6.

<afi> instance-id <instance-id>

Specifies the instance ID. When using an IPv6 address family with OSPFv3, an instance ID ranging from 0 to 31 must be specified.

router-id <ipv4-address>

The router ID of the routing instance. It is recommended to specify the router ID.

Example 1: OSPF IPv4 Router Identifier Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 router-id
{
  "rtbrick-config:router-id": "192.168.0.10"
}
supervisor@rtbrick>SPINE01: cfg>

Example 2: OSPF IPv6 Router Identifier Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6 instance-id 0 router-id
{
  "rtbrick-config:router-id": "192.168.0.10"
}
supervisor@rtbrick>SPINE01: cfg>

OSPF Hostname Configuration

Identifying routers through Open Shortest Path First (OSPF) hostnames can simplify network management as they are easier to remember than router IDs.

Syntax

set instance <instance-name> protocol ospf address-family <afi> <attribute> <value>

Attribute Description

<afi>

Specifies the Address family identifier (AFI), either IPv4 or IPv6.

<afi> instance-id <instance-id>

Specifies the instance ID. When using an IPv6 address family with OSPFv3, an instance ID ranging from 0 to 31 must be specified.

hostname <hostname>

The hostname of the routing instance.

Example 1: OSPF IPv4 Router Identifier Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 hostname
{
  "rtbrick-config:hostname": "C-BNG"
}
supervisor@rtbrick>SPINE01: cfg>

Example 2: OSPF IPv6 Router Identifier Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6 instance-id 0 hostname
{
  "rtbrick-config:hostname": "C-BNG"
}
supervisor@rtbrick>SPINE01: cfg>

OSPF Area Configuration

A particular area is defined by its area ID.

set instance <instance-name> protocol ospf address-family <afi> <attribute> <value>

Attribute Description

<afi>

Specifies the Address family identifier (AFI), either IPv4 or IPv6.

<afi> instance-id <instance-id>

Specifies the instance ID. When using an IPv6 address family with OSPFv3, an instance ID ranging from 0 to 31 must be specified.

area <area-id>

Specifies the OSPF area ID.

area <area-id> metric

Area scope metric. Range: 1 - 65535. Default: 10000.

area <area-id> area-type stub

A stub area is an area through which or into which AS external advertisements are not flooded instead type-3 LSA advertise with a default route.

area <area-id> area-type totally-stub

Totally stub area is an area in which type-3 LSAs are not allowed instead type-3 LSAs advertise with a default route.

area <area-id> authentication-profile <authentication-profile>

Specifies the authentication profile name used to create an attachment point at the area level.

area <area-id> no-authentication-check <enable>

When enabled, OSPF packets received here will not undergo authentication validation, even if the user has enabled authentication. However, OSPF will continue to send authenticated packets from this interface.

Example 1: OSPF IPv4 Area Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 area 0.0.0.0
{
  "rtbrick-config:area": [
    {
      "area-id": "0.0.0.0",
      "interface": [
        {
          "name": "ifl-0/0/0/1",
          "authentication-profile": "AUTH_PROFILE_SHA_512_1"
        },
        {
          "name": "ifl-0/0/0/100",
          "metric": 20000,
          "network-type": "p2p",
          "authentication-profile": "AUTH_PROFILE_SHA_512_1"
        },
        {
          "name": "ifl-0/0/1/1",
          "metric": 40000,
          "network-type": "p2p",
          "authentication-profile": "AUTH_PROFILE_SHA_512_1"
        },
        {
          "name": "ifl-0/0/1/100",
          "metric": 30000,
          "authentication-profile": "AUTH_PROFILE_SHA_512_1"
        },
        {
          "name": "ifl-0/0/4/1",
          "metric": 60000
        },
        {
          "name": "lo-0/0/0/1"
        },
        {
          "name": "lo-0/0/0/2"
        }
      ]
    }
  ]
}

Example 2: OSPF IPv6 Area Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6 instance-id 0 area 0.0.0.0
{
  "rtbrick-config:area": [
    {
      "area-id": "0.0.0.0",
      "interface": [
        {
          "name": "ifl-0/0/0/1",
          "authentication-profile": "AUTH_PROFILE_SHA_512_1"
        },
        {
          "name": "ifl-0/0/0/100",
          "metric": 20000,
          "network-type": "p2p",
          "authentication-profile": "AUTH_PROFILE_SHA_512_1"
        },
        {
          "name": "ifl-0/0/1/1",
          "metric": 40000,
          "network-type": "p2p",
          "authentication-profile": "AUTH_PROFILE_SHA_512_1"
        },
        {
          "name": "ifl-0/0/1/100",
          "metric": 30000,
          "authentication-profile": "AUTH_PROFILE_SHA_512_1"
        },
        {
          "name": "ifl-0/0/4/1",
          "metric": 60000
        },
        {
          "name": "lo-0/0/0/1"
        },
        {
          "name": "lo-0/0/0/2"
        }
      ]
    }
  ]
}

OSPF Interface Configuration

Enable OSPF protocol on the router interfaces.

Syntax:

set instance <instance-name> protocol ospf address-family <afi> <attribute> <value>

Attribute Description

<afi>

Specifies the Address family identifier (AFI), either IPv4 or IPv6.

<afi> instance-id <instance-id>

Specifies the instance ID. When using an IPv6 address family with OSPFv3, an instance ID ranging from 0 to 31 must be specified.

area <area-id> interface <interface-name> ldp-synchronization enable

Enables LDP OSPF Synchronization. By default, LDP OSPF synchronization is disabled.

metric <metric>

Specify the metric value of an OSPF interface.

network-type <broadcast | p2p>

broadcast - Sets the network type to broadcast; p2p - Sets the network type to point-to-point. By default, the network-type is broadcast.

router-priority <router-priority>

Sets the router priority for an interface. Allowed range: 0 - 255, Default: 1. Routers with priority value '0' do not participate in the DR or BDR election.

segment-routing index

Sets the prefix segment identifier (SID) index for the specified interface.

timer <hello | dead | wait>

Interface timer for configuring hello, dead, and wait timers.

  • hello: Sets interval time for sending hello packets to a neighbor and this time is identical on OSPF neighbor routers. Default: 10 seconds.

  • dead: Sets interval time within which if the interface does not receive any hello packet from its neighbor, the interface comes to know that the neighbor is down. Default: 40 seconds.

  • wait: Sets wait time to delay to trigger the DR/BDR election. It cannot be more than the time set for the dead interval. Default: 40 seconds.

mtu-ignore enable

If there is an MTU mismatch on both sides of the link where OSPF runs, the OSPF adjacency will not come up as the MTU value carried in the Database Description (DBD) packets. To avoid MTU validation in the Database Description (DBD) packets, configure mtu-ignore command. By default, it is disabled.

authentication <authentication-profile>

Specifies the authentication profile name used to create an attachment point at the interface level.

no-authentication-check <enable>

When enabled, OSPF packets received here will not undergo authentication validation at the interface level, even if the user has enabled authentication.

If an authentication profile is attached to an interface and an area, the authentication profile attached to the interface takes priority.

Example 1: OSPF IPv4 Interface Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 area 0.0.0.0 interface
{
  "rtbrick-config:interface": [
    {
      "name": "ifl-0/0/0/1",
      "authentication-profile": "AUTH_PROFILE_SHA_512_1"
    },
    {
      "name": "ifl-0/0/0/100",
      "metric": 20000,
      "network-type": "p2p",
      "authentication-profile": "AUTH_PROFILE_SHA_512_1"
    },
    {
      "name": "ifl-0/0/1/1",
      "metric": 40000,
      "network-type": "p2p",
      "authentication-profile": "AUTH_PROFILE_SHA_512_1"
    },
    {
      "name": "ifl-0/0/1/100",
      "metric": 30000,
      "authentication-profile": "AUTH_PROFILE_SHA_512_1"
    },
    {
      "name": "ifl-0/0/4/1",
      "metric": 60000
    },
    {
      "name": "lo-0/0/0/1"
    },
    {
      "name": "lo-0/0/0/2"
    }
  ]
}

Example 2: OSPF IPv6 Interface Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6 instance-id 0 area 0.0.0.0 interface
{
  "rtbrick-config:interface": [
    {
      "name": "ifl-0/0/0/1",
      "authentication-profile": "AUTH_PROFILE_SHA_512_1"
    },
    {
      "name": "ifl-0/0/0/100",
      "metric": 20000,
      "network-type": "p2p",
      "authentication-profile": "AUTH_PROFILE_SHA_512_1"
    },
    {
      "name": "ifl-0/0/1/1",
      "metric": 40000,
      "network-type": "p2p",
      "authentication-profile": "AUTH_PROFILE_SHA_512_1"
    },
    {
      "name": "ifl-0/0/1/100",
      "metric": 30000,
      "authentication-profile": "AUTH_PROFILE_SHA_512_1"
    },
    {
      "name": "ifl-0/0/4/1",
      "metric": 60000
    },
    {
      "name": "lo-0/0/0/1"
    },
    {
      "name": "lo-0/0/0/2"
    }
  ]
}

OSPF Metric Configuration

Metric is the cost that OSPF uses to calculate and identify the best paths to other routers.

Syntax

set instance <instance-name> protocol ospf address-family <afi> <attribute> <value>

Attribute Description

<afi>

Specifies the Address family identifier (AFI), either IPv4 or IPv6.

<afi> instance-id <instance-id>

Specifies the instance ID. When using an IPv6 address family with OSPFv3, an instance ID ranging from 0 to 31 must be specified.

metric <metric>

OSPF address-family metric. Allowed range: 1 - 65535. Default: 10000.

If you configure the metric at the address family, it will be applicable to the configured areas of the address-family. If you configure a metric for an area, this configured metric value will take precedence over the address-family metric configurations of this area.

If you specify a metric value for an area on an interface will override any area and address-family metric configurations for this area.

Example 1: OSPF IPv4 Metric Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 area 0.0.0.0 metric
{
  "rtbrick-config:metric": 1000
}

Example 2: OSPF IPv6 Metric Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6 instance-id 0 area 0.0.0.0 metric
{
  "rtbrick-config:metric": 1000
}

OSPF Opaque Capability Configuration

Enables opaque link-state advertisements. Routers in the OSPF network can receive and advertise Type-9, Type-10 and Type-11 opaque LSAs.

Syntax

set instance <instance-name> protocol ospf address-family ipv4 <attribute> <value>

Attribute Description

opaque-capability <enable | disable>

Enable or disable opaque LSA advertisement and reception. Set as 'enable' to enable the router to receive and advertise opaque LSAs.

Example: OSPF Opaque Capability Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 opaque-capability
{
  "rtbrick-config:opaque-capability": "enable"
}

Segment Routing Configuration

Enable segment routing for OSPF. For configuring segment routing, you must enable the opaque capability by defining it as 'true'. For information, see the section: "Opaque Capability Configuration".

Syntax

set instance <instance-name> protocol ospf address-family <afi> <attribute> <value>

Attribute Description

<afi>

Specifies the Address family identifier (AFI), either IPv4 or IPv6.

<afi> instance-id <instance-id>

Specifies the instance ID. When using an IPv6 address family with OSPFv3, an instance ID ranging from 0 to 31 must be specified.

segment-routing srgb base <value>

Specifies the segment routing global block (SRGB) in source packet routing. SRGB is used for prefix SIDs.

Supported MPLS label values are 0 - 1048575. The reserved MPLS label range is 0 - 15. In RBFS, BGP uses the label range 20000 - 100000. It is recommended to assign label values outside of these reserved ranges to avoid conflicts.

segment-routing srgb range <value>

OSPF system range of labels from the base label.

segment-routing status <disable | enable>

Enable or disable the segment routing feature. By default, the status is disabled.

Example 1: OSPF IPv4 Segment routing Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 segment-routing
{
  "rtbrick-config:segment-routing": {
    "status": "enable",
    "srgb": {
      "base": 1000,
      "range": 1000
    }
  }
}

Example 2: OSPF IPv6 Segment routing Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6 instance-id 0 segment-routing
{
  "rtbrick-config:segment-routing": {
    "status": "enable",
    "srgb": {
      "base": 1000,
      "range": 1000
    }
  }
}

OSPF Redistribution Configuration

Enable route redistribution for the routes originating from other sources or protocols such as BGP, Direct, IPoE, IS-IS, PPP, and Static.

Syntax

set instance <instance-name> protocol ospf <afi> <attribute> <value>

Attribute Description

<afi>

Specifies the Address family identifier (AFI), either IPv4 or IPv6.

<afi> instance-id <instance-id>

Specifies the instance ID. When using an IPv6 address family with OSPFv3, an instance ID ranging from 0 to 31 must be specified.

redistribute <protocol>

Specifies the source protocol from which the routes are to be redistributed. The available options include BGP, Direct, IPoE, IS-IS, PPP, and Static.

metric <metric>

Specifies the metric value for the redistributed routes

metric-type <type 1 | type 2>

Specifies the external metric type for the redistributed routes.

policy

Specifies the name of the policy map. The redistribute attach point allows routes from other sources to be advertised by OSPFv2.

Example 1: OSPF IPV4 BGP Redistribution Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 redistribute bgp
{
  "rtbrick-config:redistribute": [
    {
      "source": "bgp",
      "metric": 2000
    }
  ]
}

Example 2: OSPF IPv6 Redistribution Policy

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6 instance-id 0 redistribute direct
{
  "rtbrick-config:redistribute": [
    {
      "source": "direct",
      "policy": "ospf_policy_1"
    }
  ]
}

ECMP Routing Configuration

ECMP (equal-cost multiple paths) routing is a mechanism in which routers forward packets to a destination using the multiple available best paths. This mechanism can increase network bandwidth substantially by load-balancing traffic through multiple best paths.

Syntax

set instance <instance-name> protocol ospf address-family <afi> <attribute> <value>

Attribute Description

<afi>

Specifies the Address family identifier (AFI), either IPv4 or IPv6.

<afi> instance-id <instance-id>

Specifies the instance ID. When using an IPv6 address family with OSPFv3, an instance ID ranging from 0 to 31 must be specified.

<max-load-balance>

Maximum number of equal-cost multiple paths to be calculated for load balancing. Default: 16. Allowed range: 1 - 255.

Example: OSPF IPv4 ECMP Routing Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv4 max-load-balance
{
  "rtbrick-config:max-load-balance": 100
}

Example: OSPF IPv6 ECMP Routing Configuration

supervisor@rtbrick>SPINE01: cfg> show config instance default protocol ospf address-family ipv6 instance-id 0 max-load-balance
{
  "rtbrick-config:max-load-balance": 100
}

OSPF Authentication Configuration

OSPF supports the secure exchange of routing updates through authentication. You can enable authentication by attaching an authentication profile at the area or interface level. OSPF allows multiple keys to be attached to prevent session interruption.

The table below shows the authentication types supported by OSPFv2 and v3.

Authentication Type OSPFv2 OSPFv3

Clear Text

Yes

No

HMAC-SHA-1

Yes

Yes

HMAC-SHA-256

Yes

Yes

HMAC-SHA-384

Yes

Yes

HMAC-SHA-512

Yes

Yes

MD5

Yes

No

To authenticate OSPF, there must be a global authentication profile present.

Configuring an Authentication Profile

set authentication-profile <attribute> <value>

Attribute Description

<name>

Specifies the authentication profile name.

<name> key <key-id>

Specifies the message digest key identifier to be used by the neighboring routers for the OSPF password authentication. Allowed range: 1 - 255.

<name> key <key-id> type <auth-type>

Specifies the type of authentication that is being used, such as MD5, HMAC-SHA-1, and others.

<name> key <key-id> plain-text <text>

Specifies the password in plain text format.

<name> key <key-id> encrypted-text <text>

Specifies the password in an encrypted text format.

<name> key prefer-key-id <key-id>

Preferred key-id configuration will be used while sending out the packet with the specified key.

  • When an authentication profile is available, you can configure an authentication attachment point at the area or interface level.

  • When an authentication profile contains multiple key-IDs, and the preferred key-ID is not configured, the packet is sent using the highest key-ID.

In the example below, the authentication profile "auth-profile1" has md5, hmac-sha-1, and clear-text enabled. The preferred key-id being 20, the hmac-sha-1 method will be used for authentication.

    "rtbrick-config:instance": [
      {
        "name": "default",
        "address-family": [
          {
            "afi": "ipv4",
            "safi": "unicast"
          },
          {
            "afi": "ipv6",
            "safi": "unicast"
          }
        ],
        "protocol": {
          "ospf": {
            "address-family": {
              "ipv6": {
                "instance-id": [
                  {
                    "instance-id": 0,
                    "router-id": "192.168.0.10",
                    "max-load-balance": 100,
                    "metric": 1000,
                    "segment-routing": {
                      "status": "enable",
                      "srgb": {
                        "base": 1000,
                        "range": 1000
                      }
                    },
                    "redistribute": [
                      {
                        "source": "bgp",
                        "metric": 2000
                      },
                      {
                        "source": "direct",
                        "policy": "ospf_policy_1"
                      }
                    ],
                    "area": [
                      {
                        "area-id": "0.0.0.0",
                        "metric": 1000,
                        "interface": [
                          {
                            "name": "ifl-0/0/0/1",
                            "authentication-profile": "AUTH_PROFILE_SHA_512_1"
                          },
                          {
                            "name": "ifl-0/0/0/100",
                            "metric": 20000,
                            "network-type": "p2p",
                            "authentication-profile": "AUTH_PROFILE_SHA_512_1"