Open Shortest Path First (OSPF)

Configuring other networking devices

All network devices on this network are running OSPF routing. The user networks (Accounting, R&D, and Network Administration) are part of one of the three areas.

The ISP needs to be notified of your network configuration for area 2.2.2.2. Your ISP will not advertise your areas externally as they are intended as internal areas. External areas have assigned unique numbers. The area numbers used in this example are similar to the 10.0.0.0 and 192.168.0.0 subnets used in internal networking.

 

Testing network configuration

There are two main areas to test in this network configuration; network connectivity, and OSPF routing.

To test the network connectivity, see if computers on the Accounting or R&D networks can access the Internet. If you need to troubleshoot network connectivity, see the FortiOS Handbook Troubleshooting chapter.

To test the OSPF routing, check the routing tables on the FortiGate units to ensure the expected OSPF routes are present. If you need help troubleshooting OSPF routing, see Advanced inter-area OSPF example on page 404.

 

Controlling redundant links by cost

In this scenario, two FortiGate units have redundant links: one link between their WAN1 interfaces and another between their WAN2 interfaces.

FortiGate 1 should learn the route to network 192.168.182.0 and FortiGate 2 should learn the route to network 10.160.0.0. Under normal conditions, they should learn these routes through the WAN1 link. The WAN2 link should be used only as a backup.

With the default settings, each FortiGate unit learns these routes from both WAN1 and WAN2.

FortiGate 1:

FGT1 # get router info ospf neighbor

OSPF process 0:

Neighbor ID Pri State Dead Time Address Interface

10.2.2.2 1 Full/Backup 00:00:33 10.182.0.187 wan1

10.2.2.2 1 Full/Backup 00:00:31 10.183.0.187 wan2

FGT1 # get router info routing-table ospf

O*E2 0.0.0.0/0 [110/10] via 10.183.0.187, wan2, 00:00:01 [110/10] via 10.182.0.187, wan1, 00:00:01

O 192.168.182.0/23 [110/20] via 10.183.0.187, wan2, 00:02:04 [110/20] via 10.182.0.187, wan1, 00:02:04

 

FortiGate 2:

FGT2 # get router info ospf neighbor

OSPF process 0:

Neighbor ID Pri State Dead Time Address Interface

10.1.1.1 1 Full/DR 00:00:38 10.182.0.57 wan1

10.1.1.1 1 Full/DR 00:00:38 10.183.0.57 wan2

FGT2 # get router info routing-table ospf

O 10.160.0.0/23 [110/20] via 10.183.0.57, wan2, 00:00:39 [110/20] via 10.182.0.57, wan1, 00:00:39

 

Adjusting the route costs

On both FortiGate units, the cost of the route through WAN2 is adjusted higher so that this route will only be used if the route through WAN1 is unavailable. The default cost is 10. The WAN2 route will be changed to a cost of 200.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

One thought on “Open Shortest Path First (OSPF)

  1. Pratik

    I was configuring OSPF for Kotak Team, On fortigate firewall for Ranchi Location and I have done below things-

    • Specified Loopback Network,
    • LAN network,
    • WAN Network with local firewall Is connected to Its peer.
    • I have also configured Policy and Static route

    After that Im able to ping neighbor IP from firewall but Neighbor Is not established, Please Kind me In this case to overcome this Issue.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.