Dynamic routing protocols are used to signal which networks are currently connected to each of the routers. Routers communicate using routing protocols. UserGate updates the kernel routing table in accordance with the information it receives from the neighboring routers. Dynamic routing does not change how the kernel performs routing at the IP layer. The kernel keeps looking up routes to hosts and networks as well as default routes in its routing table. The only thing that changes is how routes are managed in the routing table: instead of the manual method, they are added and removed dynamically. Routes are only added to the virtual router in which the OSPF protocol is configured.
OSPF (Open Shortest Path First) is a dynamic routing protocol based on the link-state monitoring technology and using Dijkstra's algorithm to find the shortest path.
The OSPF protocol disseminates information on the available routes among the routers that operate within a single autonomous system (AS). For more details on how the OSPF protocol works, see the relevant technical documentation.
Note
When OSPF is used in an Active-Passive HA cluster, a node with the slave role automatically assigns a cost to all its interfaces and redistribution lists that is twice as high as that set on the node. This ensures that the master node has the priority in traffic routing.
To configure OSPF in UserGate, follow these steps:
|
Task |
Description |
|---|---|
|
Step 1. Select a virtual router. |
If there are several virtual routers, select the desired one. |
|
Step 2. Enable the OSPF router. |
In the UserGate console, go to the Network --> Virtual routers section, select OSPF in the menu, and configure the OSPF router. |
To configure an OSPF router, provide the following settings:
|
Name |
Description |
|---|---|
|
Enabled |
Enables or disables this OSPF router. |
|
Router ID |
The router's IP address. Must match one of the IP addresses assigned to the UserGate network interfaces that belong to this virtual router. |
|
Redistribute |
Distribute routes towards networks directly connected to UserGate (connected) or static routes added by the administrator for this virtual router (kernel) to other OSPF routers. |
|
Metric |
Set a metric for the distributed routes. |
|
Default originate |
Notify other routers that this router has a default route. |
To configure OSPF interfaces, provide these settings:
|
Name |
Description |
|---|---|
|
Enabled |
Enables or disables this interface. |
|
Interface |
Select one of the existing interfaces on which OSPF will run. Only the interfaces belonging to this virtual router are available for selection. |
|
Cost |
The link cost for this interface. This value is reported in the LSA (link-state advertisement) to the neighboring routers which use it to compute the shortest path. Default value: 1. |
|
Priority |
An integer in the range from 0 to 255. The higher the value, the higher the probability that this router will become the network's designated router for sending out LSAs. A value of 0 excludes the router from being designated. Default value: 1. |
|
Hello interval |
The time interval in seconds between hello packets sent by the router. This should be the same for all routers in an autonomous system. The default value is 10 seconds. |
|
Dead interval |
The time interval in seconds after which the neighboring router is considered offline. The time is counted from the moment of receiving the last hello packet from the neighboring router. The default value is 40 seconds. |
|
Retransmit interval |
The time interval before LSA packet retransmission. The default value is 5 seconds. |
|
Transmit delay |
The approximate time it takes to deliver a link state update to the neighboring routers. The default value is 1 second. |
|
Authentication Enabled |
Turns on mandatory authentication for each OSPF message received by the router. Authentication is normally used to prevent the injection of a fake route from illegitimate routers. |
|
Authentication type |
The options are:
The Key value can only include Latin letters, numbers, and the underscore character. Maximum length: 16 characters. |
To configure OSPF areas, provide these settings:
|
Name |
Description |
|---|---|
|
Enabled |
Enables or disables this area. |
|
Name |
The area name. |
|
Cost |
The cost of an LSA announced in the stub area. |
|
Area ID |
The ID for the area. The ID can be specified in decimal format or IP address record format. However, zone IDs are not IP addresses and can match any assigned IP address. |
|
Authentication type |
The options are:
The interface-level authentication takes precedence over zone-level authentication. |
|
Area type |
Defines the type of the area. The following area types are supported:
|
|
No summary |
Prohibits injecting summarized routes into stub-type areas. |
|
Interfaces |
Select the OSPF interfaces on which this area will be available. |
|
Virtual links |
This is a special type of connection that makes it possible, for example, to interconnect a partitioned area or connect an area to the backbone area via another area. It is configured between two ABRs. Routers can transmit OSPF packets encapsulated in IP packets over such links. This mechanism is used as a temporary solution or as a backup in case the primary connections fail. You can specify the IDs of the routers available via this zone. |