OSPF (Open Shortest Path First)

Table of Contents

OSPF configuration

Configuring OSPF in SONiC

Configure OSPF router ID

Configure OSPF area level authentication

Configure OSPF interface level authentication

Configure OSPF virtual links

Example model & SONiC version:

  • Aurora 621, Aurora 221
  • Netberg SONiC: sonic-broadcom-202411.n0

Open Shortest Path First Protocol (OSPF) is a link state interior gateway routing protocol (IGRP) as described in RFC2328.

SONiC utilizes FRR for running routing protocols, and FRR currently supports only OSPFv2 routing.

NoteThe MTU setting must be the same on both sides, or the adjacency won’t be up.

OSPFv2 capabilities supported:

  • OSPF configuration on Ethernet, loopback, VLAN, and port-channel IPv4 interfaces
  • OSPFv2 configuration on default and user-defined VRFs
  • Multiple OSPF areas and stub areas
  • Type-1 to Type-5 LSAs
  • Virtual links and Passive interfaces
  • BFD on OSPF interface sessions
  • Plain text and message digest (MD) password encryption
  • Type-3 Summary LSA prefix filtering and substitution
  • Route redistribution into OSPFv2, from route type BGP, static, connected, kernel, and default-route
  • Route-map based filtering in route redistribution
  • OSPF ECMP routes
  • 50K external route and 5K internal route prefix

Limitations:

  • The default network type is broadcast.
  • Multiple OSPF instances are not supported.

OSPF configuration

Configuration commands in FRR:

To enabled OSPF globally, default VRF:

router ospf

To enabled OSPF globally, non-default VRF:

router ospf vrf Vrf-name
Vrf-name: VRF name string

Configuring OSPF in SONiC

Figure 1. Network topology

Pre-configuration:

1. Configure OSPF:

Aurora nba621-1 

admin@nba621-1:~$ vtysh
Hello, this is FRRouting (version 10.0.1).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
nba621-1# configure
nba621-1(config)# router ospf
nba621-1(config-router)# ospf router-id 10.10.10.1
nba621-1(config-router)# network 10.0.1.0/31 area 0
nba621-1(config-router)# network 192.168.10.0/24 area 0
nba621-1(config-router)# network 192.168.20.0/24 area 0
nba621-1(config-router)# network 192.168.30.0/24 area 0

Aurora nba621-2: 

admin@nba621-2:~$ vtysh
Hello, this is FRRouting (version 10.0.1).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
nba621-2# configure
nba621-2(config)# router ospf
nba621-2(config-router)# ospf router-id 10.10.10.11
nba621-2(config-router)# network 10.0.1.0/31 area 0
nba621-2(config-router)# network 192.168.11.0/24 area 0
nba621-2(config-router)# network 192.168.21.0/24 area 0
nba621-2(config-router)# network 192.168.31.0/24 area 0

2. Check OSPF adjacency and routing tables

Aurora nba621-1 

nba621-1# show ip ospf neighbor
Neighbor ID     Pri State           Up Time         Dead Time Address         Interface                        RXmtL RqstL DBsmL
10.10.10.11       1 Full/Backup     1h23m32s          33.522s 10.0.0.1        Ethernet68:10.0.0.0                  0     0     0

Aurora nba621-2 

nba621-2# show ip ospf neighbor
Neighbor ID     Pri State           Up Time         Dead Time Address         Interface                        RXmtL RqstL DBsmL
10.10.10.1        1 Full/DR         1h23m12s          32.219s 10.0.0.0        Ethernet68:10.0.0.1                  0     0     0
nba621-1# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure
K>* 0.0.0.0/0 [0/202] via 192.168.0.1, eth0, 01:41:20
C>* 10.10.10.1/32 is directly connected, Loopback0, 01:41:20
O   10.0.0.0/31 [110/1] is directly connected, Ethernet68, weight 1, 01:41:01
C>* 10.0.0.0/31 is directly connected, Ethernet68, 01:41:12
C>* 192.168.0.0/24 is directly connected, eth0, 01:41:20
O   192.168.10.0/24 [110/10] is directly connected, Vlan10, weight 1, 00:00:01
C>* 192.168.10.0/24 is directly connected, Vlan10, 00:00:01
O>* 192.168.11.0/24 [110/11] via 10.0.0.1, Ethernet68, weight 1, 00:00:29
O   192.168.20.0/24 [110/10] is directly connected, Vlan20, weight 1, 00:00:01
C>* 192.168.20.0/24 is directly connected, Vlan20, 00:00:01
O>* 192.168.21.0/24 [110/11] via 10.0.0.1, Ethernet68, weight 1, 00:00:29
O   192.168.30.0/24 [110/10] is directly connected, Vlan30, weight 1, 00:00:01
C>* 192.168.30.0/24 is directly connected, Vlan30, 00:00:01
O>* 192.168.31.0/24 [110/11] via 10.0.0.1, Ethernet68, weight 1, 00:00:24

nba621-2# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure
K>* 0.0.0.0/0 [0/202] via 192.168.0.1, eth0, 01:42:05
C>* 10.10.10.11/32 is directly connected, Loopback0, 01:42:05
O   10.0.0.0/31 [110/1] is directly connected, Ethernet68, weight 1, 00:01:18
C>* 10.0.0.0/31 is directly connected, Ethernet68, 01:41:57
C>* 192.168.0.0/24 is directly connected, eth0, 01:42:05
O>* 192.168.10.0/24 [110/11] via 10.0.0.0, Ethernet68, weight 1, 00:00:47
O   192.168.11.0/24 [110/10] is directly connected, Vlan11, weight 1, 00:01:18
C>* 192.168.11.0/24 is directly connected, Vlan11, 00:01:31
O>* 192.168.20.0/24 [110/11] via 10.0.0.0, Ethernet68, weight 1, 00:00:38
O   192.168.21.0/24 [110/10] is directly connected, Vlan21, weight 1, 00:01:15
C>* 192.168.21.0/24 is directly connected, Vlan21, 00:01:31
O>* 192.168.30.0/24 [110/11] via 10.0.0.0, Ethernet68, weight 1, 00:00:38
O   192.168.31.0/24 [110/10] is directly connected, Vlan31, weight 1, 00:01:10
C>* 192.168.31.0/24 is directly connected, Vlan31, 00:01:31

Configure OSPF router ID

If the router ID is not configured, router ID selection happens by this logic:

  • Most recently used router ID value (this can happen when the user unconfigures the router ID).
  • FRR recommended value of Router ID. FRR chooses router ID in the following order.
    • FRR global mode configured router ID value, if any.
    • Highest IPv4 address value among SONiC physical and Loopback interface IPv4 addresses.

Router ID configuration is optional. If you configure a router ID, the software chooses that router ID as the OSPF router ID.

sonic(config-router)# ospf router-id <router-id>
sonic(config-router)# no ospf router-id <router-id>

<router-id> can be any 32-bit unsigned integer, in decimal format or dotted IPv4-like format. OSPF router ID must be unique within the entire OSPF domain.

Example:

sonic# configure
sonic(config)# router ospf
sonic(config-router)# ospf router-id 1.1.1.1

Configure OSPF area level authentication

You can configure OSPFv2 authentication type per area. When authentication is configured, all interfaces within that area use the configured authentication type. If an interface mode authentication type is configured, it takes precedence over the area-level configuration.

The authentication type is set to none when it is not configured by the user. The user can enable either plain text authentication or Message Digest authentication. Whenever the authentication type is configured for an area, the user must configure the corresponding authentication keys (passwords) on all OSPF interfaces belonging to that area.

Use this router mode command to configure or unconfigure OSPF authentication for an area.

sonic(config-router)# area <area-id> authentication [message-digest]
sonic(config-router)# no area <area-id> authentication [message-digest]

Example:

sonic# configure
sonic(config)# router ospf
sonic(config-router)# area 0 authentication
or
sonic(config-router)# no area 0 authentication message-digest

Configure OSPF interface level authentication

Individual OSPF interfaces can be configured with OSPF authentication type and passwords or authentication keys. Users can enable either plain text or Message Digest (MD5) type authentication, and must configure the corresponding keys (passwords) accordingly.

The default type is none.

Plain text authentication can be up to eight characters long. The Message Digest (MD5) authentication key can be up to 16 characters long. MD5 authentication type can accept up to 255 authentication keys per interface and interface IP. Every MD5 authentication key is uniquely identified by an authentication key-id with a value range of 1 to 255. Authentication Keys are saved in an encrypted form.

sonic(config-if)# ip ospf authentication [null | message-digest] [if-ip-addr]
sonic(config-if)# ip ospf authentication-key <key> [if-ip-addr]
sonic(config-if)# ip ospf message-digest-key <key-id> md5 <key> [if-ip-addr]
key - Authentication key password (string up to 8 or 16 characters)
key-id - MD5 authentication key Identifier (1 to 255)
if-ip-addr - Interface IP address - A.B.C.D

The no version of these commands removes authentication.

Example:

sonic# configure
sonic(config)# interface Ethernet68
sonic(config-if)# ip ospf authentication
sonic(config-if)# ip ospf authentication-key netbergospfpswd
sonic(config-if)# ip ospf authentication 10.0.0.1
sonic(config-if)# ip ospf authentication-key netbergospfpswd 10.0.0.1
sonic(config-if)# ip ospf authentication message-digest
sonic(config-if)# ip ospf message-digest-key 1 md5 netbergospfpswd
sonic(config-if)# ip ospf message-digest-key 2 md5 netbergospfpswd
sonic(config-if)# ip ospf authentication null

Configure OSPF virtual links

All areas in an OSPF autonomous system must be physically connected to the backbone area (area 0). If a physical connection is not possible, you can use a virtual link to connect to the backbone through a non-backbone area. The area through which the virtual link is configured, known as the transit area, must have full routing information. The transit area cannot be a stub area. You must configure virtual links on both end backbone routers.

Configure virtual links using OSPF router mode configurations as below. Single virtual link command provides options to configure all parameters that are related to the Virtual link. Virtual links can have a clear text password, message-digest based passwords, or no password configured at all. When a clear text and message digest password is configured, the corresponding authentication-key or message-digest-key parameters must be configured. The authentication key (password) is saved in encrypted form in the configurations. The user shall always provide the actual password while configuring authentication keys.

sonic(config-router)# area <area-id> virtual-link <remote-id> [ authentication [ null | message-digest ] | authentication-key key | message-digest-key key-id md5 key | dead-interval time-value | hello-interval time-value | retransmit-interval time-value | transmit-delay time-value ]
area-id - OSPF area ID in decimal or dotted format - A.B.C.D or 0..4294967295
remote-id - Remote router ID in dotted format - A.B.C.D

Example:

OSPF topology with virtual link

Figure 2. Network topology

Pre-configuration:

1. Configure OSPF:

Aurora nba621-1 



admin@nba621-1:~$ vtysh

Hello, this is FRRouting (version 10.0.1).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

nba621-1# configure
nba621-1(config)# router ospf
nba621-1(config-router)# ospf router-id 10.10.10.1
nba621-1(config-router)# network 10.0.1.0/31 area 0
nba621-1(config-router)# network 192.168.10.0/24 area 0
nba621-1(config-router)# network 192.168.20.0/24 area 0
nba621-1(config-router)# network 192.168.30.0/24 area 0

Aurora nba621-2: 



admin@nba621-2:~$ vtysh

Hello, this is FRRouting (version 10.0.1).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

nba621-2# configure
nba621-2(config)# router ospf
nba621-2(config-router)# ospf router-id 10.10.10.11
nba621-2(config-router)# network 10.0.1.0/31 area 0
nba621-2(config-router)# network 192.168.11.0/24 area 1
nba621-2(config-router)# network 192.168.21.0/24 area 1
nba621-2(config-router)# network 192.168.31.0/24 area 1

Aurora nba621-3: 



admin@nba621-3:~$ vtysh

Hello, this is FRRouting (version 10.0.1).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

nba621-3# configure
nba621-3(config)# router ospf
nba621-3(config-router)# ospf router-id 10.10.10.21
nba621-3(config-router)# network 192.168.11.0/24 area 1
nba621-3(config-router)# network 192.168.22.0/24 area 2
nba621-3(config-router)# network 192.168.32.0/24 area 2

2. Check the routing table on Aurora 621-1: 

nba621-1# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure
K>* 0.0.0.0/0 [0/202] via 192.168.0.1, eth0, 02:56:46
C>* 1.1.1.1/32 is directly connected, Loopback0, 02:56:44
O   10.0.0.0/31 [110/1] is directly connected, Ethernet68, weight 1, 01:53:43
C>* 10.0.0.0/31 is directly connected, Ethernet68, 02:56:37
C>* 192.168.0.0/24 is directly connected, eth0, 02:56:46
O   192.168.10.0/24 [110/10] is directly connected, Vlan10, weight 1, 00:00:54
C>* 192.168.10.0/24 is directly connected, Vlan10, 00:00:54
O>* 192.168.11.0/24 [110/11] via 10.0.0.1, Ethernet68, weight 1, 00:05:10
O   192.168.20.0/24 [110/10] is directly connected, Vlan20, weight 1, 00:00:54
C>* 192.168.20.0/24 is directly connected, Vlan20, 00:00:54
O>* 192.168.21.0/24 [110/11] via 10.0.0.1, Ethernet68, weight 1, 00:05:10
O   192.168.30.0/24 [110/10] is directly connected, Vlan30, weight 1, 00:00:54
C>* 192.168.30.0/24 is directly connected, Vlan30, 00:00:54
O>* 192.168.31.0/24 [110/11] via 10.0.0.1, Ethernet68, weight 1, 00:05:10

There is no information from area 2, as there is no direct connection.

3. Configure a virtual link between Aurora nba621-2 and nba621-3 using the corresponding router IDs. 

nba621-2# configure
nba621-2(config)# router ospf
nba621-2(config-router)# area 1 virtual-link 10.10.10.21

nba621-3# configure
nba621-3(config)# router ospf
nba621-3(config-router)# area 1 virtual-link 10.10.10.11

Recheck the routing table. We’ll see the routing information from nba621-3.

 nba621-1# show ip route
 Codes: K - kernel route, C - connected, S - static, R - RIP,
        O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
        T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
        f - OpenFabric,
        > - selected route, * - FIB route, q - queued, r - rejected, b - backup
        t - trapped, o - offload failure
 K>* 0.0.0.0/0 [0/202] via 192.168.0.1, eth0, 03:00:37
 C>* 1.1.1.1/32 is directly connected, Loopback0, 03:00:35
 O   10.0.0.0/31 [110/1] is directly connected, Ethernet68, weight 1, 01:57:34
 C>* 10.0.0.0/31 is directly connected, Ethernet68, 03:00:28
 C >* 192.168.0.0/24 is directly connected, eth0, 03:00:37
 O   192.168.10.0/24 [110/10] is directly connected, Vlan10, weight 1, 00:01:09
 C>* 192.168.10.0/24 is directly connected, Vlan10, 00:01:09
 O>* 192.168.11.0/24 [110/11] via 10.0.0.1, Ethernet68, weight 1, 00:09:01
 O   192.168.20.0/24 [110/10] is directly connected, Vlan20, weight 1, 00:01:09
 C>* 192.168.20.0/24 is directly connected, Vlan20, 00:01:09
 O>* 192.168.21.0/24 [110/11] via 10.0.0.1, Ethernet68, weight 1, 00:09:01
 O>* 192.168.22.0/24 [110/21] via 10.0.0.1, Ethernet68, weight 1, 00:00:45
 O   192.168.30.0/24 [110/10] is directly connected, Vlan30, weight 1, 00:01:09
 C>* 192.168.30.0/24 is directly connected, Vlan30, 00:01:09
 O>* 192.168.31.0/24 [110/11] via 10.0.0.1, Ethernet68, weight 1, 00:09:01
 O>* 192.168.32.0/24 [110/21] via 10.0.0.1, Ethernet68, weight 1, 00:00:45
NEWS

Latest news

Netberg releases Netberg SONiC 202411.n0: Enhanced Features & Performance

Taoyuan, Taiwan, 29th of April 2025. The latest release of SONiC 202411.n0 – an enterprise distribution of SONiC by Netberg – introduces new features and enhancements tailored to improve performance in data center, edge, and campus environments.

Netberg supports Ubuntu 24.04 Noble Numbat

Taoyuan, Taiwan, 20th of January 2025. Netberg, the leading provider of open networking solutions, announces support of Ubuntu 24.04 Noble Numbat on its Broadcom-enabled portfolio.

Netberg launches Aurora 721 and Aurora 421 programmable switches

Taoyuan city, Taiwan, 24th of June 2024. Netberg announced the new Aurora 721 100G and Aurora 421 10G switches, which feature programmable pipelines powered by Broadcom StrataXGS® Trident3 Ethernet switch chips.

Netberg announces 1G and 25G programmable switches.

Taoyuan city, Taiwan, January 24th, 2024. Netberg announced the release of two new models powered by the Broadcom StrataXGS® Trident3 series , the Netberg Aurora 221 1G switch and Aurora 621 25G switch.

2024 January EOL Notice

Effective January 12, 2024: The following products are now End of Life (EOL) - Aurora 720 and Aurora 620.

Netberg Announces SONiC 2022.11 Support on its P4-Programmable Intel Tofino IFP systems.

Taoyuan city, Taiwan, December 20th, 2023. Netberg updates its Netberg SONiC distribution to release 2022.11 on Aurora 610, Aurora 710, and Aurora 750 P4-Programmable Intel Tofino IFP systems.

Address: 10F, No. 111-3, Xiyuan Road, Zhongli District, Taoyuan City, 320 Taiwan R.O.C.
Tel: + 886-3-2609203
Email: sales@netbergtw.com