Open Shortest Path First (OSPF)

DR and BDR election issues

You can force a particular router to become the DR and BDR by setting their priorities higher than any other OSPF routers in the area. This is a good idea when those routers have more resources to handle the traffic and extra work of the DR and BDR roles, since not all routers may be able to handle all that traffic.

However, if you set all the other routers to not have a chance at being elected, a priority of zero, you can run into problems if the DR and BDR go offline. The good part is that you will have some warning generally as the DR goes offline and the BDR is promoted to the DR position. But if the network segment with both the DR and BDR goes down, your network will have no way to send hello packets, send updates, or the other tasks the DR performs.

The solution to this is to always allow routers to have a chance at being promoted, even if you set their priority to one. In that case they would be the last choice, but if there are no other candidates you want that router to become the DR. Most networks would have already alerted you to the equipment problems, so this would be a temporary measure to keep the network traffic moving until you can find and fix the problem to get the real DR back online.

 

Basic OSPF example

This example sets up an OSPF network at a small office. There are 3 routers, all running OSPF v2. The border router connects to a BGP network.

All three routers in this example are FortiGate units. Router1 will be the designated router (DR) and router2 will be the backup DR (BDR) due to their priorities. Router3 will not be considered for either the DR or BDR elections. Instead, Router3 is the area border router (ASBR) routing all traffic to the ISP’s BGP router on its way to the Internet.

Router2 has a modem connected that provides dialup access to the Internet as well, at a reduced bandwidth. This is a PPPoE connection to a DSL modem. This provides an alternate route to the Internet if the other route goes down. The DSL connection is slow, and is charged by the amount of traffic. For these reasons OSPF will highly favor Router3’s Internet access.

The DSL connection connects to an OSPF network with the ISP, so no redistribution of routes is required. The

ISP network does have to be added to that router’s configuration however. This section includes the following topics:

  • Network layout and assumptions
  • Configuring the FortiGate units
  • Configuring OSPF on the FortiGate units
  • Configuring other networking devices
  • Testing network configuration

 

Network layout and assumptions

There are three FortiGate units acting as OSPF v2 routers on the network—Router1, Router2, and Router3. Router1 will be the designated router (DR), and Router 2 the BDR. Router3 is the area border router (ASBR) that connects to the external ISP router running BGP. Router2 has a PPPoE DSL connection that can access the Internet.

The Head Office network is connected to Router1 and Router2 on the 10.11.101.0 subnet. Router1 and Router3 are connected over the 10.11.103.0 subnet.

Router2 and Router3 are connected over the 10.11.102.0 subnet.

The following table lists the router, interface, address, and role it is assigned.

Routers, interfaces, and IP addresses for basic OSPF example network

 

Router name           Interface                  IP address               Interface is connected to:
 

Router1 (DR)

 

 

 

 

Router2 (BDR)

 

 

 

 

 

 

 

 

 

Router3 (ASBR)

 

Internal (port1)           10.11.101.1               Head office network, and Router2

 

External (port2)          10.11.102.1               Router3

 

Internal (port1)           10.11.101.2               Head office network, and Router1

 

External (port2)          10.11.103.2               Router3

 

DSL (port3)                10.12.101.2               PPPoE DSL access

 

Internal1 (port1)         10.11.102.3               Router1

 

Internal2 (port2)         10.11.103.3               Router2

 

External (port3)          172.20.120.3             ISP’s BGP network


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

One thought on “Open Shortest Path First (OSPF)

  1. Pratik

    I was configuring OSPF for Kotak Team, On fortigate firewall for Ranchi Location and I have done below things-

    • Specified Loopback Network,
    • LAN network,
    • WAN Network with local firewall Is connected to Its peer.
    • I have also configured Policy and Static route

    After that Im able to ping neighbor IP from firewall but Neighbor Is not established, Please Kind me In this case to overcome this Issue.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.