ospf – a family of commands for configuring the OSPF protocol

This section uses the following conventions:

• <area-id> is the OSPF area ID. Possible values: 0 to 4294967295 or an IPv4 address
• <interface-name> is the interface name
• <route-map-name> is the name of an existing route map created using the routing> route-map command.
• <access-list-name> is the name of an existing ACL created with the routing> access-list command.
• <prefix-list-name> is the name of an existing prefix list created using the routing> prefix-list command.

ospf> [no] enabled

Enable (or disable, if no) OSPF.

ospf> [no] router-id <A.B.C.D>

Set (or remove if no) the router ID for OSPF.

Example:

ngfw> ospf> router-id 1.1.1.1

ospf> [no] abr-type (standard|ibm|cisco|shortcut)

Set (or remove if no) the behavior of edge router for OSPF.

Example:

ngfw> ospf> abr-type standard

ospf> [no] auto-cost <value>

Set (or remove, if no) the reference bandwidth value in Mbps for automatic normalization when calculating route metrics. Possible values: 1 to 4294967295.

Example:

ngfw> ospf> auto-cost reference-bandwidth 10000

ospf> [no] log-adjacency-changes

Enable (or disable, if no) logging of OSPF adjacency changes.

ospf> [no] log-adjacency-detail

Enable (or disable, if no) verbose logging of OSPF adjacency changes.

ospf> [no] maximum-paths <value>

Set (or remove, if no) the maximum number of parallel routes for balancing traffic. Possible values: 1 to 64.

Example:

ngfw> ospf> maximum-paths 4

ospf> [no] passive-default

Enable (or disable, if no) the passive mode for all interfaces by default.

ospf> timers [no] enabled

Enable (or disable, if no) custom delay settings to limit the frequency of SPF metric recalculation

ospf> timers [no] delay <value>

Set (or remove, if no) the delay before SPF algorithm calculations start. Possible values: 0 to 600000.

Example:

ngfw> ospf> timers delay 100

ospf> timers [no] initial-hold-time <value>

Set (or remove, if no) the initial value of the result hold interval. Possible values: 0 to 600000.

Example:

ngfw> ospf> timers initial-hold-time 1

ospf> timers [no] maximum-hold-time <value>

Set (or remove, if no) the maximum hold time between consecutive starts of SPF recalculation. Possible values: 0 to 600000.

Example:

ngfw> ospf> timers maximum-hold-time 43

ospf> [no] max-lsa (administrative|on-shutdown|on-startup)

Enable (or disable, if no) the ability to advertise routes with an infinite metric in accordance with RFC 3137. Modes for this option:

• on-startup enables the option for a specified duration from the moment the router is turned on.
• on-shutdown enables the option for a specified duration before shutting down the router.
• administrative enables the option immediately without time limits (at the discretion of the administrator).

ospf> max-lsa=['type'] [no] enabled

Enable (or disable, if no) an option for the specified activation mode.

ospf> max-lsa=['type'] [no] lsa-timer <value>

Set (or remove if no) the delay duration. Possible values depend on the selected activation mode:

• For on-startup, 5 to 86400 seconds
• For on-shutdown, 5 to 100 seconds
• For administrative, the timeout is not applicable because this mode is activated unconditionally.

Example:

ngfw> ospf> max-lsa=['on-startup']> lsa-timer 15

ospf> [no] redistribution (bgp|connected|kernel|static)

Enable (or disable, if no) route redistribution from different sources.

ospf> redistribution=['protocol']> [no] metric <value>

Set (or remove, if no) the metric for routes from another protocol. Possible values: 0 to 16777214. Example: ngfw> ospf> redistribution bgp metric 10

ospf> redistribution=['protocol']> [no] type (1|2)

Set (or remove, if no) the metric type for routes from another protocol.

• If 1, the value of the metric has the same units as the values specified on OSPF interfaces
• If 2, the value of a type-two metric is by definition considered greater than the cost of any path within the AS.

Example:

ngfw> ospf> redistribution=['bgp']> type 1

ospf> redistribution=['protocol']> [no] route-map <route-map-name>

Apply (or do not apply, if no) a routing map for routes from another protocol.

Example:

ngfw> ospf> redistribution=['bgp']> route-map TEST

ospf> [no] default-metric <value>

Set (or remove, if no) the default metric for routes. Possible values: 0 to 16777214.

Example:

ngfw> ospf> default-metric 100

ospf> default-originate [no] enabled

Enable (or disable, if no) default route advertisement in AS-External (Type 5) LSA messages.

ospf> default-originate [no] always

Enable (or disable, if no) the ability to advertise the default route, even if it is not present in the routing and forwarding table.

ospf> default-originate [no] metric <value>

Set (or remove, if no) the metric for the default route. Possible values: 0 to 16777214.

Example:

ngfw> ospf> default-originate metric 20

ospf> default-originate [no] metric-type (1|2)

Set (or remove, if no) the metric type for routes from another protocol.

• If 1, the value of the metric has the same units as the values specified on OSPF interfaces
• If 2, the value of a type-two metric is by definition considered greater than the cost of any path within the AS.

ospf> default-originate [no] route-map <route-map-name>

Apply (or do not apply, if no) a routing map for routes from another protocol.

Example:

ngfw> ospf> default-originate route-map TEST

ospf> [no] distance <value>

Set (or remove, if no) a custom administrative distance value for routes received via OSPF.

Example:

ngfw> ospf> distance 10

ospf> distance-ex [no] enabled

Enable (or disable, if no) advanced administrative distance settings for routes received via OSPF.

Note: when this setting is enabled, at least one of the following parameters must be specified: intra-area, inter-area, external.

ospf> distance-ex [no] intra-area <value>

Set (or remove, if no) the administrative distance for routes inside a zone (intra-area). Possible values: 1 to 255.

Example:

ngfw> ospf> distance-ex intra-area 1

ospf> distance-ex [no] inter-area <value>

Set (or remove, if no) the administrative distance for routes between zones of the same AS (inter-area). Possible values: 1 to 255.

Example:

ngfw> ospf> distance-ex inter-area 1

ospf> distance-ex [no] external <value>

Set (or remove, if no) the administrative distance for routes external in relation to the AS (external). Possible values: 1 to 255.

Example:

ngfw> ospf> distance-ex external 10

ospf> [no] graceful-restart

Enable (or disable, if no) the seamless restart mode for OSPF.

ospf> [no] graceful-restart-period <period>

Set (or remove, if no) a graceful timeout during which routing and link state information must be retained. Possible values: 0 to 1800.

Example:

ngfw> ospf> graceful-restart-period 24

ospf> [no] area <area-id>

Create (or delete, if no) an OSPF area.

ospf> area=['area']> [no] type (NSSA|NSSA_NO_SUMMARY|STUB|STUB_NO_SUMMARY)

Set (or remove, if no) the type of OSPF stub area.

• STUB sets an OSPF Stub Area.
• STUB_NO_SUMMARY declares the area as a stub and disables the sending of inter-area summary LSAs to this area.
• NSSA sets an OSPF Not-So-Stubby-Area. Cannot be configured for area 0.
• NSSA_NO_SUMMARY declares the area as an NSSA and disables the sending of inter-area summary LSAs to this area.

Example:

ngfw> ospf> area=['0']> type STUB

ospf> area=['area']> [no] suppress-fa

Enable (or disable, if no) external route suppression in the NSSA area.

ospf> area=['area']> [no] default-cost <cost>

Set (or remove, if no) the default summary-LSA metric advertised to stub areas. Possible values: 0 to 16777215.

Example:

ngfw> ospf> area=['0']> default-cost 100

ospf> area=['area']> [no] shortcut

Enable (or disable, if no) the shortcut mode for the area.

ospf> area=['area']> [no] authentication (MESSAGE_DIGEST|SIMPLE_PASSWORD)

Enable (or disable, if no) authentication for this area.

• MESSAGE_DIGEST means all messages in this area must be authenticated using MD5 HMAC.
• SIMPLE_PASSWORD means all messages in this area must be authenticated with a password.

Example:

ngfw> ospf> area=['0']> authentication MESSAGE_DIGEST

ospf> area=['area']> [no] range <A.B.C.D/M>

Add (or remove, if no) an address range for the area.

Example:

ngfw> ospf> area=['0']> range 10.10.10.1/24

ospf> area=['area']> range=['range']> [no] cost <value>

Set (or remove, if no) the metric for a range of addresses in the area. Possible values: 0 to 16777215.

Example:

ngfw> ospf> area=['0']> range=['10.10.10.1/24']> cost 100

ospf> area=['area']> range=['range']> [no] action (ADVERTISE|NOT_ADVERTISE|SUBSTITUTE)

Set (or remove, if no) an action for a range of addresses in the area.

• ADVERTISE to publish only one summary LSA when advertising intra-area routes from networks in the specified prefix to other OSPF areas
• NOT_ADVERTISE to not announce information about intra-area networks from the specified prefix
• SUBSTITUTE to publish only one summary LSA to other zones for intra-area routes from the specified prefix. When publishing, advertise the value from the substitute field instead of the prefix from range.

Example:

ngfw> ospf> area=['0']> range=['10.10.10.1/24']> action ADVERTISE

ospf> area=['area']> range=['range']> [no] substitute <A.B.C.D/M>

Set (or remove, if no) the prefix for the range of addresses in the area to be used instead of range.

This attribute is used and required only if action = SUBSTITUTE.

Example:

ngfw> ospf> area=['0']> range=['10.10.10.1/24']> substitute 192.168.10.1/24

ospf> area=['area']> [no] virtual-link <A.B.C.D>

Set (or remove, if no) the IP addresses for configuring virtual connections between OSPF routers.

Example:

ngfw> ospf> area=['1']> virtual-link 10.10.10.2

ospf> area=['area']> [no] import-list <access-list-name>

Set (or remove, if no) an ACL for filtering imported routes.

Example:

ngfw> ospf> area=['1']> import-list TEST

ospf> area=['area']> [no] export-list <access-list-name>

Set (or remove, if no) an ACL for filtering exported routes.

Example:

ngfw> ospf> area=['1']> export-list TEST

ospf> area=['area']> [no] inbound-filter-list <prefix-list-name>

Set (or remove, if no) a prefix list for filtering imported routes.

Example:

ngfw> ospf> area=['1']> inbound-filter-list TEST

ospf> area=['area']> [no] outbound-filter-list <prefix-list-name>

Set (or remove, if no) a prefix list for filtering exported routes.

Example:

ngfw> ospf> area=['1']> outbound-filter-list TEST

ospf> [no] interface <interface-name>

Configure OSPF for the interface (or exclude the interface from OSPF, if no).

ospf> interface=['name']> [no] area <area-id>

Set (or remove, if no) the OSPF area on the interface.

Example:

ngfw> ospf> interface=['Ge2']> area 1

ospf> interface=['name']> auth [no] enabled

Enable (or disable, if no) authentication for the interface.

Example:

ngfw> ospf> interface=['Ge2']> auth enabled

ospf> interface=['name']> [no] auth type (MESSAGE_DIGEST|SIMPLE_PASSWORD)

Set (or remove if no) the authentication type.

• MESSAGE_DIGEST for hash (required parameters: key-id, key)
• SIMPLE_PASSWORD for password (required parameter: password).

Example:

ngfw> ospf> interface=['Ge2']> auth type MESSAGE_DIGEST

ospf> interface=['name']> [no] auth key <key>

Set (or remove, if no) the authentication key. A string not longer than 16 characters.

ospf> interface=['name']> [no] auth key-id <id>

Set (or remove, if no) the authentication key ID. Possible values: 1 to 255.

ospf> interface=['name']> [no] auth password <password>

Set (or remove, if no) the authentication password.

ospf> interface=['name']> [no] cost <cost>

Set (or remove, if no) the cost of the interface. Possible values: 0 to 65535.

Example:

ngfw> ospf> interface=['Ge2']> cost 100

ospf> interface=['name']> [no] network (BROADCAST|NON_BROADCAST|POINT_TO_POINT|POINT_TO_MULTIPOINT)

Set (or remove, if no) the network type for the interface.

• BROADCAST means OSPF uses multicast to send messages.
• NON_BROADCAST means OSPF requires peers to be specified explicitly.
• POINT_TO_POINT means OSPF does not require multicast and works directly with a single peer.
• POINT_TO_MULTIPOINT means OSPF works as in broadcast networks, but with the ability to connect to multiple devices.

Example:

ngfw> ospf> interface=['Ge2']> network POINT_TO_POINT

ospf> interface=['name']> [no] priority <priority>

Set (or remove, if no) the priority of the interface. This parameter is used when selecting the Designated Router. Possible values: 0 to 255.

Example:

ngfw> ospf> interface=['Ge2']> priority 43

ospf> interface=['name']> [no] passive-interface

Enable (or disable, if no) the passive mode for the interface.

ospf> interface=['name']> [no] bfd

Enable (or disable, if no) the BFD mode for the interface.

ospf> interface=['name']> timers [no] enabled

Enable (or disable, if no) OSPF timer settings.

ospf> interface=['name']> timers [no] hello <interval>

Set (or remove, if no) the interval for sending hello messages. Possible values: 1 to 65535. Example: ngfw> ospf> interface eth0 timers hello 10

ospf> interface=['name']> timers [no] dead <interval>

Set (or remove, if no) the interval for waiting for hello messages. Possible values: 1 to 65535. Example: ngfw> ospf> interface eth0 timers dead 40

ospf> interface=['name']> [no] retransmit <interval>

Set (or remove, if no) the delay when sending LSAs, as well as packets of the Database Description and Link State Request type, for peers on this interface. Possible values: 1 to 65535.

Example:

ngfw> ospf> interface=['Ge2']> retransmit 43

ospf> interface=['name']> [no] transmit-delay <delay>

Set (or remove, if no) the value by which the LSA age is incremented when sent through this interface. Possible values: 1 to 65535.

Example:

ngfw> ospf> interface=['Ge2']> transmit-delay 44

show ospf summary

Show OSPF summary information.

Example:

ngfw> show ospf summary
{
  "ospfInstance":1,
  "routerId":"2.2.2.2",
  "tosRoutesOnly":true,
  "rfc2328Conform":true,
  "spfScheduleDelayMsecs":0,
  "holdtimeMinMsecs":50,
  "holdtimeMaxMsecs":5000,
  "holdtimeMultplier":1,
  "spfLastExecutedMsecs":229391,
  "spfLastDurationMsecs":0,
  "lsaMinIntervalMsecs":5000,
  "lsaMinArrivalMsecs":1000,
  "writeMultiplier":20,
  "refreshTimerMsecs":10000,
  "maximumPaths":256,
  "preference":110,
  "lsaExternalCounter":1,
  "lsaExternalChecksum":19203,
  "lsaAsopaqueCounter":0,
  "lsaAsOpaqueChecksum":0,
  "attachedAreaCounter":1,
  "areas":{
    "0.0.0.0":{
      "backbone":true,
      "areaIfTotalCounter":1,
      "areaIfActiveCounter":1,
      "nbrFullAdjacentCounter":1,
      "authentication":"authenticationNone",
      "spfExecutedCounter":4,
      "lsaNumber":2,
      "lsaRouterNumber":2,
      "lsaRouterChecksum":45171,
      "lsaNetworkNumber":0,
      "lsaNetworkChecksum":0,
      "lsaSummaryNumber":0,
      "lsaSummaryChecksum":0,
      "lsaAsbrNumber":0,
      "lsaAsbrChecksum":0,
      "lsaNssaNumber":0,
      "lsaNssaChecksum":0,
      "lsaOpaqueLinkNumber":0,
      "lsaOpaqueLinkChecksum":0,
      "lsaOpaqueAreaNumber":0,
      "lsaOpaqueAreaChecksum":0
    }
  }
}

show ospf interfaces

Show information about OSPF interfaces.

Example:

ngfw> show ospf interfaces
{
  "ospfInstance":1,
  "interfaces":{
    "Ge2":{
      "ifUp":true,
      "ifIndex":8,
      "mtuBytes":1500,
      "bandwidthMbit":10000,
      "ifFlags":"<UP,BROADCAST,RUNNING>",
      "ospfEnabled":true,
      "ipAddress":"10.0.0.2",
      "ipAddressPrefixlen":30,
      "ospfIfType":"Broadcast",
      "localIfUsed":"10.0.0.3",
      "area":"0.0.0.0",
      "routerId":"2.2.2.2",
      "networkType":"POINTOPOINT",
      "cost":10,
      "transmitDelaySecs":1,
      "state":"Point-To-Point",
      "priority":1,
      "mcastMemberOspfAllRouters":true,
      "timerMsecs":10000,
      "timerDeadSecs":40,
      "timerWaitSecs":40,
      "timerRetransmitSecs":5,
      "timerHelloInMsecs":1553,
      "nbrCount":1,
      "nbrAdjacentCount":1
    }
  }
}

show ospf interface <interface-name>

Show information about an OSPF interface.

Example:

ngfw> show ospf interface Ge2
{
  "ospfInstance":1,
  "interfaces":{
    "Ge2":{
      "ifUp":true,
      "ifIndex":8,
      "mtuBytes":1500,
      "bandwidthMbit":10000,
      "ifFlags":"<UP,BROADCAST,RUNNING>",
      "ospfEnabled":true,
      "ipAddress":"10.0.0.2",
      "ipAddressPrefixlen":30,
      "ospfIfType":"Broadcast",
      "localIfUsed":"10.0.0.3",
      "area":"0.0.0.0",
      "routerId":"2.2.2.2",
      "networkType":"POINTOPOINT",
      "cost":10,
      "transmitDelaySecs":1,
      "state":"Point-To-Point",
      "priority":1,
      "mcastMemberOspfAllRouters":true,
      "timerMsecs":10000,
      "timerDeadSecs":40,
      "timerWaitSecs":40,
      "timerRetransmitSecs":5,
      "timerHelloInMsecs":4815,
      "nbrCount":1,
      "nbrAdjacentCount":1
    }
  }
}

show ospf neighbors

Show information about OSPF peers.

Example:

ngfw> show ospf neighbors
{
  "ospfInstance":1,
  "neighbors":{
    "1.1.1.1":[
      {
        "priority":128,
        "state":"Full/-",
        "nbrPriority":128,
        "nbrState":"Full/-",
        "converged":"Full",
        "role":"DROther",
        "upTimeInMsec":315139,
        "deadTimeMsecs":35150,
        "routerDeadIntervalTimerDueMsec":35150,
        "upTime":"5m15s",
        "deadTime":"35.150s",
        "address":"10.0.0.1",
        "ifaceAddress":"10.0.0.1",
        "ifaceName":"Ge2:10.0.0.2",
        "retransmitCounter":0,
        "linkStateRetransmissionListCounter":0,
        "requestCounter":0,
        "linkStateRequestListCounter":0,
        "dbSummaryCounter":0,
        "databaseSummaryListCounter":0
      }
    ]
  }
}

show ospf database

Show OSPF database.

Example:

ngfw> show ospf database
{
  "ospfInstance":1,
  "routerId":"2.2.2.2",
  "areas":{
    "0.0.0.0":{
      "routerLinkStates":[
        {
          "lsId":"1.1.1.1",
          "advertisedRouter":"1.1.1.1",
          "lsaAge":547,
          "sequenceNumber":"80000003",
          "checksum":"33e9",
          "numOfRouterLinks":2
        },
        {
          "lsId":"2.2.2.2",
          "advertisedRouter":"2.2.2.2",
          "lsaAge":546,
          "sequenceNumber":"80000004",
          "checksum":"7c8a",
          "numOfRouterLinks":2
        }
      ],
      "routerLinkStatesCount":2
    }
  },
  "asExternalLinkStates":[
    {
      "lsId":"0.0.0.0",
      "advertisedRouter":"1.1.1.1",
      "lsaAge":652,
      "sequenceNumber":"80000001",
      "checksum":"4b03",
      "metricType":"E1",
      "route":"0.0.0.0/0",
      "tag":0
    }
  ],
  "asExternalLinkStatesCount":1
}

show ospf config

Show current OSPF configuration.

Example:

ngfw> show ospf config
{
  "ngfw-ospf:ospf": {
    "enabled": true,
    "routerId": "1.1.1.1",
    "abrType": "IBM",
    "logAdjacencyChanges": {
      "enabled": false,
      "params": {
        "detail": false
      }
    },
    "passiveInterfaceDefault": {
      "enabled": false
    },
    "timersThrottleSpf": {
      "enabled": false
    },
    "defaultOriginate": {
      "enabled": false,
      "params": {
        "always": false
      }
    },
    "distanceOspf": {
      "enabled": false
    },
    "gracefulRestart": {
      "enabled": false
    },
    "ospfInterfaces": [
      {
        "interface": "port3",
        "area": 0,
        "authentication": {
          "enabled": false
        },
        "passiveInterface": {
          "enabled": false
        },
        "bfd": {
          "enabled": false
        },
        "timers": {
          "enabled": false
        }
      }
    ]
  }
}

show ospf table

Show information about the state of the OSPF table.

Example:

ngfw> show ospf table

OSPF Instance: 1

============ OSPF network routing table ============
N    10.10.2.0/24          [10000] area: 0.0.0.0
                           directly attached to port2

============ OSPF router routing table =============

============ OSPF external routing table ===========

| Prev | Home | Next |