Knowledge Search


×
 

SRX Getting Started - Configure OSPF

  [KB16570] Show Article Properties


Summary:

This article describes how to enable OSPF and configure an OSPF network.  For information on configuring OSPF filter policies, refer to KB16617 - SRX Getting Started - Configure Routing Policy to export Local, Static and Direct routes for OSPF.

For other topics, go to the SRX Getting Started main page.

Symptoms:

Enable OSPF and configure an OSPF network on an SRX Series device.

Cause:

Solution:

This section contains the following:


J-Web Configuration

For information about OSPF and how to configure an OSPF network, see the Technical Documentation section. 

The following example enables OSPF on the ge-0/0/0.0 and lo0.0 interfaces and configures an OSPF network.
  1. Select Configure>Routing>OSPF.
  2. Click Add.
  3. In the Area Id box, type the 32-bit identifier for the area (for example, 0.0.0.0)
  4. Click the Interfaces tab.
  5. For each interface to add to the area, select the Associate check box (for example, ge-0/0/0.0).
  6. Optionally, select the Associate check box for a loopback interface (for example, lo0.0) to add to the area.
  7. Select the loopback interface, and click Edit. The Edit interface settings dialog box appears.
  8. Make sure that the Enable OSPF on this interface option is selected.
  9. To specify that the direct interface addresses on the interface are advertised without running OSPF on the interface (passive mode), select the Don't run OSPF, but advertise it check box.
  10. Click OK.
  11. If there are any other interfaces that use passive mode, select each interface, and click Edit. Repeat steps 8 through 10 for each interface.
  12. In the Add Area dialog box, click OK.
  13. In the OSPF Global Settings area, click Edit. The Edit Global Settings dialog box appears.
  14. In the Router Id box, type a router identifier (for example, 192.168.1.2).
  15. Click OK.
Next, you must specify OSPF as an allowed inbound protocol for each interface that is associated with OSPF.
  1. Select Configure>Security>Zones.
  2. Click the security zone that you want to modify (for example, trust).
  3. Under Interfaces Configuration, select an interface in the zone that is associated with OSPF (for example, ge-0/0/0.0), and click Edit.
  4. In the Host Inbound Traffic Option section, under Protocols, select Allow Selected Protocols.
  5. In the Allowed Selected Protocols box, select ospf, and click Add.
  6. Click OK.
  7. To apply your changes, click Apply.
Repeat this procedure for each interface that is associated with OSPF.

If you are finished configuring the device, click Commit to commit the configuration.


CLI Configuration

For information about OSPF and how to configure an OSPF network, see the Technical Documentation section. 

The following example enables OSPF on the ge-0/0/0.0 and lo0.0 interfaces and configures an OSPF network.
  1. Enable OSPF on an interface. In this example, OSPF is enabled on ge-0/0/0.0, and a backbone area with an area ID of 0.0.0.0 is created.
  2. user@host# set protocols ospf area 0.0.0.0 interface ge-0/0/0.0

  3. Permit OSPF traffic to a security zone. In this example, OSPF is specified as an allowed inbound protocol.
  4. user@host# set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic protocols ospf

  5. Enable OSPF on a loopback interface. In this example, 192.168.1.2/32 is assigned to the lo0 interface, and OSPF is enabled on the lo0.0 interface. Passive mode specifies that the direct interface addresses on the interface are advertised without running OSPF on the interface.
  6. user@host# set interfaces lo0 unit 0 family inet address 192.168.1.2/32
    user@host# set protocols ospf area 0.0.0.0 interface lo0.0 passive         

  7. Specify a router identifier. In this example, the router identifier is 192.168.1.2. Specifying a router identifier (RID) uniquely identifies each router in the OSPF database.
  8. user@host# set routing-options router-id 192.168.1.2

  9. To specify that direct interface routes are announced, add the interface to the OSPF area in passive mode. In this example, vlan.100 is added to the OSPF area 0.0.0.0 in passive mode.
  10. user@host# set protocols ospf area 0.0.0.0 interface vlan.100 passive



Technical Documentation

OSPF Feature Guide for Security Devices


Verification

To verify the OSPF configuration, use the following operational command:

user@host> show ospf neighbor 
Address Interface State ID Pri Dead
10.222.2.2 ge-0/0/11.0 Full 192.168.36.1 128 36

For sample output, see Verifying OSPF Neighbors.



Troubleshooting

To troubleshoot OSPF issues, use the following traceoptions commands.  For more information about configuring traceoptions, see KB16108 -- Configuring Traceoptions for Debugging and Trimming Output.
  
user@host#
set protocols ospf traceoptions file ospf.debug size 5m files 5
user@host#
set protocols ospf traceoptions flag all


Use the traceroute tool on each loopback address in the network to verify that all hosts in the network are reachable from device. For more information, see Verifying Reachability of All Hosts in an OSPF Network.


Related Links: