FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home > Online Help

> Chapter 3 - Advanced Routing > Open Shortest Path First (OSPF) > Basic OSPF example

Basic OSPF example

This example sets up an OSPF network at a small office. There are 3 routers, all running OSPF v2. The border router connects to a BGP network.

All three routers in this example are FortiGate units. Router1 will be the designated router (DR) and router2 will be the backup DR (BDR) due to their priorities. Router3 will not be considered for either the DR or BDR elections. Instead, Router3 is the area border router (ASBR) routing all traffic to the ISP’s BGP router on its way to the Internet.

Router2 has a modem connected that provides dialup access to the Internet as well, at a reduced bandwidth. This is a PPPoE connection to a DSL modem. This provides an alternate route to the Internet if the other route goes down. The DSL connection is slow, and is charged by the amount of traffic. For these reasons OSPF will highly favor Router3’s Internet access.

The DSL connection connects to an OSPF network with the ISP, so no redistribution of routes is required. The ISP network does have to be added to that router’s configuration however.

This section includes the following topics:

Network layout and assumptions

There are three FortiGate units acting as OSPF v2 routers on the network—Router1, Router2, and Router3. Router1 will be the designated router (DR), and Router 2 the BDR. Router3 is the area border router (ASBR) that connects to the external ISP router running BGP. Router2 has a PPPoE DSL connection that can access the Internet.

The Head Office network is connected to Router1 and Router2 on the 10.11.101.0 subnet.

Router1 and Router3 are connected over the 10.11.103.0 subnet.

Router2 and Router3 are connected over the 10.11.102.0 subnet.

The following table lists the router, interface, address, and role it is assigned.

Routers, interfaces, and IP addresses for basic OSPF example network
Router name Interface IP address Interface is connected to:
Router1 (DR) Internal (port1) 10.11.101.1 Head office network, and Router2
External (port2) 10.11.102.1 Router3
Router2 (BDR) Internal (port1) 10.11.101.2 Head office network, and Router1
External (port2) 10.11.103.2 Router3
DSL (port3) 10.12.101.2 PPPoE DSL access
Router3 (ASBR) Internal1 (port1) 10.11.102.3 Router1
Internal2 (port2) 10.11.103.3 Router2
External (port3) 172.20.120.3 ISP’s BGP network
Basic OSPF network topology

Note that other subnets can be added to the internal interfaces without changing the configuration.

Assumptions

  • The FortiGate units used in this example have interfaces named port1, port2, and port3.
  • All FortiGate units in this example have factory default configuration with FortiOS 5.2 firmware installed, and are in NAT/Route operation mode.
  • Basic firewalls are in place to allow unfiltered traffic between all connected interfaces in both directions.
  • This OSPF network is not connected to any other OSPF networks.
  • Both Internet connections are always available.
  • The modem connection is very slow and expensive.
  • Other devices may be on the network, but do not affect this basic configuration.
  • Router3 is responsible for redistributing all routes into and out of the OSPF AS.

Configuring the FortiGate units

Each FortiGate unit needs the interfaces, and basic system information such as hostname configured.

This section includes:

Configuring Router1

Router1 has two interfaces connected to the network—internal (port1) and external (port2). Its host name must be changed to Router1.

To configure Router1 interfaces - web-based manager
  1. Go to System > Dashboard > Status.
  2. Beside the host name, select Change.
  3. Enter a hostname of Router1, and select OK.
  4. Go to System > Network > Interfaces, edit port1, set the following information, and select OK.
Alias internal
IP/Network Mask 10.11.101.1/255.255.255.0
Administrative Access HTTPS SSH PING
Description Head office and Router2
Administrative Status Up
  1. Edit port2, set the following information, and select OK.
Alias External
IP/Network Mask 10.11.102.1/255.255.255.0
Administrative Access HTTPS SSH PING
Description Router3
Administrative Status Up

Configuring Router2

Router2 configuration is the same as Router1, except Router2 also has the DSL interface to configure.

The DSL interface is configured with a username of “user1” and a password of “ospf_example”. The default gateway will be retrieved from the ISP, and the defaults will be used for the rest of the PPPoE settings.

To configure Router2 interfaces - web-based manager
  1. Go to System > Dashboard > Status.
  2. Beside the host name, select Change.
  3. Enter a hostname of Router2, and select OK.
  4. Go to System > Network > Interfaces, edit port1, set the following information, and select OK.
Alias internal
IP/Network Mask 10.11.101.2/255.255.255.0
Administrative Access HTTPS SSH PING
Description Head office and Router1
Administrative Status Up
  1. Edit port2, set the following information, and select OK.
Alias External
IP/Network Mask 10.11.103.2/255.255.255.0
Administrative Access HTTPS SSH PING
Description Router3
Administrative Status Up
  1. Edit DSL (port3), set the following information, and select OK.
Alias DSL
Addressing Mode PPPoE
Username user1
Password ospf_example
Unnumbered IP 10.12.101.2/255.255.255.0
Retrieve default gateway from server Enable
Administrative Access HTTPS SSH PING
Description DSL
Administrative Status Up

Configuring Router3

Router3 is similar to Router1 and Router2 configurations. The main difference is the External (port3) interface connected to the ISP BGP network which has no administration access enabled for security reasons.

To configure Router3 interfaces - web-based manager
  1. Go to System > Status > Dashboard.
  2. Next to hostname, select Change.
  3. Enter a hostname of Router3, and select OK.
  4. Go to System > Network > Interfaces, edit port1, set the following information, and select OK.
Alias internal
IP/Network Mask 10.11.102.3/255.255.255.0
Administrative Access HTTPS SSH PING
Description Router1
Administrative Status Up
  1. Edit port2, set the following information, and select OK.
Alias Internal2
IP/Network Mask 10.11.103.3/255.255.255.0
Administrative Access HTTPS SSH PING
Description Router2
Administrative Status Up
  1. Edit port3, set the following information, and select OK.
Alias External
IP/Network Mask 172.20.120.3/255.255.255.0
Administrative Access HTTPS SSH PING
Description ISP BGP
Administrative Status Up

Configuring OSPF on the FortiGate units

With the interfaces configured, now the FortiGate units can be configured for OSPF on those interfaces. All routers are part of the backbone 0.0.0.0 area, so there is no inter‑area communications needed.

For a simple configuration there will be no authentication, no graceful restart or other advanced features, and timers will be left at their defaults. Also the costs for all interfaces will be left at 10, except for the modem and ISP interfaces where cost will be used to load balance traffic. Nearly all advanced features of OSPF are only available from the CLI.

The network that is defined covers all the subnets used in this example - 10.11.101.0, 10.11.102.0, and 10.11.103.0. All routes for these subnets will be advertised. If there are other interfaces on the FortiGate units that you do not want included in the OSPF routes, ensure those interfaces use a different subnet outside of the 10.11.0.0 network. If you want all interfaces to be advertised you can use an OSPF network of 0.0.0.0 .

Each router will configure:

  • Router ID
  • Area
  • Network
  • Two or three interfaces depending on the router
  • Priority for DR (Router1) and BDR (Router2)
  • Redistribute for ASBR (Router3)

This section includes:

Configuring OSPF on Router1

Router1 has a very high priority to ensure it becomes the DR for this area. Also Router1 has the lowest IP address to help ensure it will win in case there is a tie at some point. Otherwise it is a standard OSPF configuration. Setting the priority can only be done in the CLI, and it is for a specific OSPF interface.

To configure OSPF on Router1 - web-based manager
  1. Go to Router > Dynamic > OSPF.
  2. Set Router ID to 10.11.101.1 and select Apply.
  3. In Areas, select Create New, set the following information, and select OK.
Area 0.0.0.0
Type Regular
Authentication none
  1. In Networks, select Create New, set the following information, and select OK.
IP/Netmask 10.11.0.0/255.255.0.0
Area 0.0.0.0
  1. In Interfaces, select Create New, set the following information, and select OK.
Name Router1-Internal-DR
Interface port1 (Internal)
IP 0.0.0.0
Authentication none
Timers (seconds)
  Hello Interval 10
Dead Interval 40
  1. In Interfaces, select Create New, set the following information, and select OK.
Name Router1-External
Interface port2 (External)
IP 0.0.0.0
Authentication none
Timers (seconds)
  Hello Interval 10
Dead Interval 40
  1. Using the CLI, enter the following commands to set the priority for the Router1‑Internal OSPF interface to maximum, ensuring this interface becomes the DR.

config router ospf

config ospf-interface

edit Router1-Internal-DR

set priority 255

end

To configure OSPF on Router1 - CLI

config router ospf

set router-id 10.11.101.1

config area

edit 0.0.0.0

next

end

config network

edit 1

set prefix 10.11.0.0/255.255.255.0

next

end

config ospf-interface

edit "Router1-Internal"

set interface "port1"

set priority 255

next

edit "Router1-External"

set interface "port2"

next

end

end

Configuring OSPF on Router2

Router2 has a high priority to ensure it becomes the BDR for this area, and configures the DSL interface slightly differently—assume this will be a slower connection resulting in the need for longer timers, and a higher cost for this route.

Otherwise it is a standard OSPF configuration.

To configure OSPF on Router2 - web-based manager
  1. Go to Router > Dynamic > OSPF.
  2. Set Router ID to 10.11.101.2 and select Apply.
  3. In Areas, select Create New, set the following information, and select OK.
Area 0.0.0.0
Type Regular
Authentication none
  1. In Networks, select Create New, set the following information, and select OK.
IP/Netmask 10.11.0.0/255.255.0.0
Area 0.0.0.0
  1. In Interfaces, select Create New, set the following information, and select OK.
Name Router2-Internal
Interface port1 (Internal)
IP 0.0.0.0
Authentication none
Timers (seconds)
  Hello Interval 10
Dead Interval 40
  1. In Interfaces, select Create New, set the following information, and select OK.
Name Router2-External
Interface port2 (External)
IP 0.0.0.0
Authentication none
Timers (seconds)
  Hello Interval 10
Dead Interval 40
  1. In Interfaces, select Create New, set the following information, and select OK.
Name Router2-DSL
Interface port3 (DSL)
IP 0.0.0.0
Authentication none
Cost 50
Timers (seconds)
  Hello Interval 20
Dead Interval 80
  1. Using the CLI, enter the following commands to set the priority for the Router2‑Internal OSPF interface to ensure this interface will become the BDR:

config router ospf

config ospf-interface

edit Router2-Internal

set priority 250

next

end

To configure OSPF on Router2 - CLI

config router ospf

set router-id 10.11.101.2

config area

edit 0.0.0.0

next

end

config network

edit 1

set prefix 10.11.0.0/255.255.0.0

next

end

config ospf-interface

edit "Router2-Internal"

set interface "port1"

set priority 255

next

edit "Router2-External"

set interface "port2"

next

edit "Router2-DSL"

set interface "port3"

set cost 50

next

end

end

Configuring OSPF on Router3

Router3 is more complex than the other two routers. The interfaces are straightforward, but this router has to import and export routes between OSPF and BGP. That requirement makes Router3 a border router or ASBR. Also Router3 needs a lower cost on its route to encourage all traffic to the Internet to route through it.

In the advanced OSPF options, Redistribute is enabled for Router3. It allows different types of routes, learned outside of OSPF, to be used in OSPF. Different metrics are assigned to these other types of routes to make them more or less preferred to regular OSPF routes.

To configure OSPF on Router3 - web-based manager
  1. Go to Router > Dynamic > OSPF.
  2. Set Router ID to 10.11.101.2 and select Apply.
  3. Expand Advanced Options.
  4. In Redistribute, set the following information, and select OK.
Route type Redistribute Metric
Connected Enable 15
Static Enable 15
RIP Disable n/a
BGP Enable 5
  1. In Areas, select Create New, set the following information, and select OK.
Area 0.0.0.0
Type Regular
Authentication none
  1. In Networks, select Create New, set the following information, and select OK.
IP/Netmask 10.11.0.0/255.255.0.0
Area 0.0.0.0
  1. In Interfaces, select Create New, set the following information, and select OK.
Name Router3-Internal
Interface port1 (Internal)
IP 0.0.0.0
Authentication none
Timers (seconds)
  Hello Interval 10
Dead Interval 40
  1. In Interfaces, select Create New, set the following information, and select OK.
Name Router3-Internal2
Interface port2 (Internal2)
IP 0.0.0.0
Authentication none
Timers (seconds)
  Hello Interval 10
Dead Interval 40
  1. In Interfaces, select Create New, set the following information, and select OK.
Name Router3-ISP-BGP
Interface port3 (ISP-BGP)
IP 0.0.0.0
Authentication none
Cost 2
Timers (seconds)
  Hello Interval 20
Dead Interval 80
  1. Using the CLI, enter the following commands to set the priority for the Router3‑Internal OSPF interface to ensure this interface will become the BDR.

config router ospf

config ospf-interface

edit Router3-Internal

set priority 250

next

end

To configure OSPF on Router3 - CLI

config router ospf

set router-id 10.11.102.3

config area

edit 0.0.0.0

next

end

config network

edit 1

set prefix 10.11.0.0/255.255.255.0

next

edit 2

set prefix 172.20.120.0/255.255.255.0

next

end

config ospf-interface

edit "Router3-Internal"

set interface "port1"

set priority 255

next

edit "Router3-External"

set interface "port2"

next

edit “Router3-ISP-BGP”

set interface “port3”

set cost 2

next

end

end

Configuring other networking devices

The other networking devices required in this configuration are on the two ISP networks, the BGP network for the main Internet connection, and the DSL backup connection.

In both cases, the ISPs need to be notified of the OSPF network settings including router IP addresses, timer settings, and so on. The ISP will use this information to configure its routers that connect to this OSPF network.

Testing network configuration

Testing the network configuration involves two parts: testing the network connectivity, and testing the OSPF routing.

To test the network connectivity use ping, traceroute, and other network tools.

To test the OSPF routing in this example, refer to the troubleshooting outlined in Basic OSPF example.