OSPF Configuration
Open Shortest Path First (OSPF) is a link-state routing protocol used to discover routes on a network. It is used to dynamically adjust routes on the Console Server so that subnets connected to different interfaces can reach each other by routing through the Console Server.
Support for OSPF configuration and WireGuard was added to the REST API and Config Shell at release 23.02.
Caution: Users are discouraged from editing OSPF configuration when it has been marked as managed by a Lighthouse. A warning message is displayed when an attempt is made to edit any configuration pushed down from Lighthouse through config shell. After being warned of the risk users may continue to edit configuration with a managed_by field set through config shell.
Managed Configuration Items
Certain items in the configuration can contain an optional managed_by field. Configuration items that have the managed_by field set are considered to be "managed". The managed_by field is set by a managing entity such as lighthouse, when the network plan is being managed by a remote node.
The following features can have managed configuration:
-
Firewall Zones
-
Firewall Policies
-
Routing OSPF
-
WireGuard Tunnels
If a firewall zone, policy or WireGuard tunnel is managed, this does not affect sister contexts, for example, if the WireGuard tunnel is managed, any other WireGuard tunnels configured separately by the user are not managed. However, there is only one OSPF configuration file and users will need to bypass the managed_by field in config shell in order to edit the configuration.
NEW FIELDS in REST API & CONFIG SHELL
REST API
The OSPF sub-object now has a number of new fields:
"services": {
"routing": {
"bgpd": {
"enabled": true
},
"isisd": {
"enabled": false
},
"ripd": {
"enabled": true
},
"ospfd": {
"enabled": false,
"router_id": "",
"redistribute_connected": false,
"redistribute_static": false,
"redistribute_kernel": false,
"interfaces": [],
"neighbors": [],
"networks": []
}
}
}
Config Shell
The services/routing OSPF context has new fields similar to the REST API:
config(services/routing ospfd): show
Entity services/routing field ospfd
enabled false
redistribute_connected false
redistribute_static false
router_id ""
interfaces (array)
neighbors (array)
networks (array)
| Field | Condition | Definition |
|---|---|---|
| enabled | (true / false) | When set to true, the OSPF service is started. |
| redistribute_connected | (true / false) |
If this option is enabled, any directly connected network routes will be broadcast to OSPF neighbours |
| redistribute_static | (true / false) | Network routes can be statically defined (in OSPF, not the Linux Kernel) by editing the ospfd.conf file or through vtysh. If this option is enabled, redistribute_routes broadcasts any static routes that are managed by OSPF. |
| redistribute_kernel | (true / false) | If this option is enabled, network routes that are configured in the Linux kernel via DHCP or static definition will be shared with OSPF neighbors. |
| router_id | The router id (RID) is a 32-bit number which must be expressed as a dotted quad (i.e. in the format A.B.C.D). The RID is used to identify the router. It must be unique within the OSPF network. The highest RID in the network will be used to determine which OSPF node is the designated router. |
Interfaces, Neighbors and Networks.
There are a number of sub-objects under the ospfd context: interfaces, neighbors and networks.
Interfaces CONTEXT
The services/routing OSPF interfaces context is an array in which each element holds the specific individual interface related parameters for OSPF. Each interface has the following fields:
Entity services/routing field ospfd interfaces 0
auth_method "" (required)
cost ""
priority ""
name "" (required)
non_broadcast "" (required)
passive "" (required)
Definitions of interface related parameters for OSPF:
| Parameter | Definition |
|---|---|
| auth_method |
The authentication method to use for communications on this interface. Should be one of 'no_auth', 'cleartext' or 'md5'. If authentication is enabled (i.e. not no_auth), one or multiple authentication keys can be configured depending on your authentication method chosen.
|
| cost | The link cost of the interface used in OSPF route calculations. It is normally auto-calculated, but can be specified manually in the range of 1 to 65535. |
| priority | The priority of a router on an OSPF interface mainly is used to determine the designated router/backup designated router (DR/BDR) for a network. OSPF forwards all messages to the designated router, reducing the amount of repetitive routing traffic on the network. The priority is in the range of 0 to 255. The default priority for each router is 1 unless specified. Selecting a priority of 0 makes the router unable to become a DR/BDR. The higher the priority, the higher chance a OSPF router has of winning the DR/BDR election. |
| name | The name of the interface these settings apply to. This should match the name of an interface on the device. |
| non_broadcast | May be true or false. If true, the interface will be marked as non broadcast for OSPF purposes. This would mean OSPF would not use multicast on this interface, and static neighbours would need to be defined. |
| passive | May be true or false. If true, the interface should be marked as passive for OSPF purposes. This would mean LSAs are not traded on this link. |
Neighbors CONTEXT
The services/routing OSPF neighbors context is an array where each element holds details about adjacent static neighbor devices. Neighbors must be specified for non-broadcast networks.
config(services/routing ospfd neighbors): add
config(services/routing ospfd neighbors 0): show
Entity services/routing field ospfd neighbors 0
address "" (required)
Where address is an IPv4 host address of the static neighbor.
Networks CONTEXT
The services/routing OSPF networks context is an array where each element holds IP network configurations to enable the system OSPF service for:
config(services/routing ospfd networks): add
config(services/routing ospfd networks 0): show
Entity services/routing field ospfd networks 0
address_with_mask "" (required)
area "" (required)
| network configuration | Definition |
|---|---|
| address_with_mask | An IPv4 network address with CIDR subnet mask to enable OSPF for (e.g. A.B.C.D/E). No host bits should be set. |
| area | An OSPF network can be divided into sub-domains or groupings called areas which limit the scope of route information distribution. We specify the area number/id we want the interface to be in. This can be an integer between 0.0.0.0 and 255.255.255.255 or can take a form similar to an IP address A.B.C.D. All routers inside an area must be a part of the same OSPF network and have the same area number/id to become OSPF neighbours. |
Interaction With Configuration Files
The first line of /etc/quagga/ospfd.conf controls whether the console server configuration system will overwrite the file with new content or keep custom user configuration. This supports customers who want to upload a custom configuration file for OSPF. If the first line contains only the text ! autogen, the configuration system will overwrite the file, otherwise, the configuration system will have no effect.
To verify the OSPF configuration, the configuration file generated can be found in /etc/quagga/ospfd.conf:
! autogen
! This configuration file has been autogenerated. Any changes made within
! will be overwritten. To stop this and allow for manual editing, remove
! or change the first line of this file to something other than '! autogen'.
! The behaviour can be reenabled by restoring the first line to this or by
! completely removing this contents of this file.
!
interface wg-smf-1
ip ospf network non-broadcast
!
interface net1
!
router ospf
ospf router-id 0.0.0.1
log-adjacency-changes
redistribute connected
redistribute static
network 10.0.0.0/24 area 0.0.0.0
network 192.168.41.0/24 area 0.0.0.0
neighbor 10.0.0.1
!
line vty
!
Confirm OSPF Neighbours
Use the vtysh command line tool to see if OSPF neighbours have been discovered:
root@om2200-q:~# vtysh -c 'show ip ospf neighbor'
Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
- 0 Attempt/DROther 33.007s 10.0.0.1 wg-smf-1:10.0.0.2 0 0 0
(Where wg-smf-1 is a user-named interface).