Dynamic Routing (OSPF) Configuration

Open Shortest Path First (OSPF) is a link-state interior gateway protocol (IGP). OSPF routes IP packets within a single routing domain (autonomous system), like an enterprise LAN. OSPF gathers link state information from neighbor routers and constructs a network topology. The topology determines the routing table presented to the Internet Layer which makes routing decisions based solely on the destination IP address found in IP packets.

OSPF detects changes in the topology, like a link failure, and plots a new loop-free routing structure. It computes the shortest path for each route using a shortest path first algorithm. Link state data is maintained on each router and is periodically updated on all OSPF member routers.

OSPF uses a route table managed by the link cost (external metrics) defined for each routing interface. The cost could be the distance of a router (round-trip time), link throughput or link availability. Setting a cost value provides a dynamic way to load balancing traffic between routes of equal cost.

An OSPF network can be subdivided into routing areas to simplify administration and optimize traffic utilization. Areas are logical groupings of hosts and networks, including routers having interfaces connected to an included network. Each area maintains a separate link state database whose information may be summarized towards the rest of the network by the connecting router. Areas are identified by 32-bit IDs, expressed either in decimal, or octet-based dot-decimal notation. Areas can defined as:

• stub area - A stub area is an area which does not receive route advertisements external to the autonomous system (AS), and routing from within the area is based entirely on a default route.
• totally-stub - A totally stubby area does not allow summary routes and external routes. A default route is the only way to route traffic outside of the area. When there is only one route out of the area, fewer routing decisions are needed, lowering system resource utilization.
• non-stub - A non-stub area imports autonomous system external routes and sends them to other areas. However, it still cannot receive external routes from other areas.
• nssa - NSSA is an extension of a stub that allows the injection of limited external routes into a stub area. If selecting NSSA, no external routes, except a default route, enter the area.
• totally nssa - Totally nssa is an NSSA using 3 and 4 summary routes are not flooded into this type of area. It is also possible to declare an area both totally stubby and not-sostubby, which means that the area will receive only the default route from area 0.0.0.0, but can also contain an autonomous system boundary router (ASBR) that accepts external routing information and injects it into the local area, and from the local area into area 0.0.0.0.

A router running OSPF sends hello packets to discover neighbors and elect a designated router. The hello packet includes link state information and list of neighbors. OSPF is savvy with layer 2 topologies. If on a point-to-point link, OSPF knows it is sufficient, and the link stays up. If on a broadcast link, the router waits for election before determining if the link is functional.

Note

OSPF is available on the following access points: AP8432, AP8533, AP7522, AP7532, AP7562, AP82XX, AP81XX.

To define a dynamic routing configuration:

1. Select the Configuration > Devices > System Profile tab from the Web UI.
2. Expand the Network menu and select OSPF.
3. Enable/disable OSPF and provide the following dynamic routing settings:

   Enable OSPF	Select this option to enable OSPF. OSPF is disabled by default.
   Router ID	Select this option to define a router ID (numeric IP address). This ID must be established in every OSPF instance. If not explicitly configured, the highest logical IP address is duplicated as the router identifier. However, since the router identifier is not an IP address, it does not have to be a part of any routable subnet in the network.
   Auto-Cost	Select this option to specify the reference bandwidth (in Mbps) used to calculate the OSPF interface cost if OSPF is either STUB or NSSA. The default setting is 1.
   Passive Mode on All Interfaces	When selected, all layer 3 interfaces are set as an OSPF passive interface. This setting is disabled by default.
   Passive Remoded	If enabling Passive Mode on All Interfaces, use the spinner control to select VLANs (by numeric ID) as OSPF non passive interfaces. Multiple VLANs can be added to the list.
   Passive Mode	If disabling Passive Mode on All Interfaces, use the spinner control to select VLANs (by numeric ID) as OSPF passive interfaces. Multiple VLANs can be added to the list.
   VRRP State Check	Select this option to enable checking VRRP state. If the interface‘s VRRP state is not Backup, then the interface is published via OSPF.

4. Set the following OSPF Overload Protection settings:

   Number of Routes	Use the spinner controller to set the maximum number of OSPN routes permitted. The available range is from 1 - 4,294,967,295.
   Retry Count	Set the maximum number of retries (OSPF resets) permitted before the OSPF process is shut down. The available range is from 1 - 32. The default setting is 5.
   Retry Time Out	Set the duration (in seconds) the OSPF process remains off before initiating its next retry. The available range is from 1 - 3,600 seconds. The default is 60 seconds.
   Reset Time	Set the reset time (in seconds) that, when exceeded, changes the retry count is zero. The available range is from 1 - 86,400. The default is 360 seconds.

5. Set the following Default Information:

   Originate	Select this option to make the default route a distributed route. This setting is disabled by default.
   Always	Enabling this setting continuously maintains a default route, even when no routes appear in the routing table. This setting is disabled by default.
   Metric Type	Select this option to define the exterior metric type (1 or 2) used with the default route.
   Route Metric	Select this option to define route metric used with the default route. OSPF uses path cost as its routing metric. It‘s defined by the speed (bandwidth) of the interface supporting a given route.

6. Refer to the Route Redistribution table to set the types of routes that can be used by OSPF.
7. Select the + Add Row button to populate the table. Set the Route Type used to define the redistributed route. Options include connected, kernel and static.
8. Select the Metric Type option to define the exterior metric type (1 or 2) used with the route redistribution. Select the Metric option to define route metric used with the redistributed route.
9. Use the OSPF Network table to define networks (IP addresses) to connect using dynamic routes.
10. Select the + Add Row button to populate the table. Add the IP address and mask of the Network(s) participating in OSPF. Additionally, define the OSPF area (IP address) to which the network belongs.
11. Set an OSPF Default Route Priority (1 - 8,000) as the priority of the default route learnt from OSPF. The default priority is 7000.
12. Select the Area Settings tab.
    An OSPF Area contains a set of routers exchanging Link State Advertisements (LSAs) with others in the same area. Areas limit LSAs and encourage aggregate routes.
13. Review existing Area Settings configurations using:

    Area ID	Displays either the IP address or integer representing the OSPF area.
    Authentication Type	Lists the authentication schemes used to validate the credentials of dynamic route connections.
    Type	Lists the OSPF area type in each listed configuration.

14. Select Add to create a new OSPF configuration, Edit to modify an existing configuration or Delete to remove a configuration.
15. Set the OSPF Area configuration.

    Area ID	Use the drop-down menu and specify either an IP address or Integer for the OSPF area.
    Authentication Type	Select either None, simple-password or message-digest as credential validation scheme used with the OSPF dynamic route. The default setting is None.
    Type	Set the OSPF area type as either stub, totally-stub, nssa, totally-nssa or non-stub.
    Default Cost	Select this option to set the default summary cost advertised if creating a stub. Set a value from 1 - 16, 777,215.
    Translate Type	Define how messages are translated. Options include translate-candidate, translate-always and translate-never. The default setting is translatecandidate.
    Range	Specify a range of addresses for routes matching address/mask for OSPF summarization.

16. Select the OK button to save the changes to the area configuration. Select Reset to revert to the last saved configuration.
17. Select the Interface Settings tab.
18. Review existing Interface Settings.

    Name	Displays the name defined for the interface configuration.
    Type	Displays the type of interface.
    Description	Lists each interface‘s 32 character maximum description.
    Admin Status	A green check mark defines the interface as active and currently enabled with the profile. A red “X” defines the interface as currently disabled and not available for use.
    VLAN	Lists the VLAN IDs set for each listed OSPF route virtual interface.
    IP Address	Displays the IP addresses defined as virtual interfaces for dynamic OSPF routes. Zero config and DHCP can be used to generate route addresses, or a primary and secondary address can be manually provided.

19. Select the Add button to define a new set of virtual interface basic settings, or Edit to update the settings of an existing virtual interface configuration.
    The Basic Configuration screen displays by default regardless of a whether a new Virtual Interface is being created or an existing one is being modified.
20. If creating a new Virtual Interface, use the Name spinner control to define a numeric ID from 1 - 4094.
21. Define the following parameters from within the Properties field:

    Description	Provide or edit a description (up to 64 characters) for the Virtual Interface that helps differentiate it from others with similar configurations.
    Admin Status	Either select the Disabled or Enabled radio button to define this interface‘s current status within the network. When set to Enabled, the Virtual Interface is operational and available. The default value is Disabled.

22. Define the Network Address Translation (NAT) direction.
    Select either the Inside, Outside or None radio buttons.

    • Inside - The inside network is transmitting data over the network to its intended destination. On the way out, the source IP address is changed in the header and replaced by the (public) IP address.
    • Outside - Packets passing through the NAT on the way back to the LAN are searched against the records kept by the NAT engine. There the destination IP address is changed back to the specific internal private class IP address in order to reach the LAN over the network.
    • None - No NAT activity takes place. This is the default setting.
23. Set the following DHCPv6 Client Configuration. The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) provides a framework for passing configuration information.

    Stateless DHCPv6 Client	Select this option to request information from the DHCPv6 server using stateless DHCPv6. DHCPv6 is a networking protocol for configuring IPv6 hosts with IP addresses, IP prefixes or other configuration attributes required on an IPv6 network. This setting is disabled by default.
    Prefix Delegation Client	Specify a 32 character maximum request prefix for prefix delegation from a DHCPv6 server over this virtual interface. Devices use prefixes to distinguish destinations that reside on-link from those reachable using a router.
    Request DHCPv6 Options	Select this option to request DHCPv6 options on this virtual interface. DHCPv6 options provide configuration information for a node that must be booted using the network rather than locally. This setting is disabled by default.

24. Set the following MTU settings for the virtual interface:

    Maximum Transmission Unit (MTU)

    Set the PPPoE client maximum transmission unit (MTU) from 500 - 1,492. The MTU is the largest physical packet size in bytes a network can transmit. Any messages larger than the MTU are divided into smaller packets before being sent. A PPPoE client should be able to maintain its point-to-point connection for this defined MTU size. The default MTU is 1,492.

    IPv6 MTU

    Set an IPv6 MTU for this virtual interface from 1,280 - 1,500. A larger MTU provides greater efficiency because each packet carries more user data while protocol overheads, such as headers or underlying per-packet delays, remain fixed; the resulting higher efficiency means a slight improvement in bulk protocol throughput. A larger MTU results in the processing of fewer packets for the same amount of data. The default is 1,500.

25. Within the ICMP field, define whether ICMPv6 redirect messages are sent. Redirect requests data packets be sent on an alternative route. This setting is enabled by default.
26. Within the Address Autoconfiguration field, define whether to configure IPv6 addresses on this virtual interface based on the prefixes received in router advertisement messages. Router advertisements contain prefixes used for link determination, address configuration and maximum hop limits. This setting is enabled by default.
27. Set the following Router Advertisement Processingsettings for the virtual interface. Router advertisements are periodically sent to hosts or sent in response to solicitation requests. The advertisement includes IPv6 prefixes and other subnet and host information.

    Accept RA	Enable this option to allow router advertisements over this virtual interface. IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the neighbor discovery protocol via ICMPv6 router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains Internet layer configuration parameters.This setting is enabled by default.
    No Default Router	Select this option to consider routers unavailable on this interface for default router selection. This setting is disabled by default.
    No MTU	Select this option to not use the existing MTU setting for router advertisements on this virtual interface. If the value is set to zero no MTU options are sent. This setting is disabled by default.
    No Hop Count	Select this option to not use the hop count advertisement setting for router advertisements on this virtual interface. This setting is disabled by default.

28. Use the drop-down menu to define the Bonjour Gateway Discovery Policy. Bonjour is Apple‘s service discovery protocol.
29. Select OK to save the changes to the basic configuration. Select Reset to revert to the last saved configuration.
30. Select the IPv4 tab to set IPv4 settings for this virtual interface.
    IPv4 is a connectionless protocol. It operates on a best effort delivery model that does not guarantee delivery or assures proper sequencing or avoidance of duplicate delivery (unlike TCP).
31. Set the following network information from within the IPv4 Addresses field:

    Enable Zero Configuration	Zero configuration can provide a primary or secondary IP addresses for the virtual interface. Zero configuration (or zero config) is a wireless connection utility included with Microsoft Windows XP and later as a service dynamically selecting a network to connect based on a user's preferences and various default settings. Zero config can be used instead of a wireless network utility from the manufacturer of a computer's wireless networking device. This value is set to None by default.
    Primary IP Address	Define the IP address for the VLAN associated Virtual Interface.
    Use DHCP to Obtain IP	Select this option to allow DHCP to provide the IP address for the Virtual Interface. Selecting this option disables the Primary IP address field.
    Use DHCP to obtain Gateway/DNS Servers	Select this option to allow DHCP to obtain a default gateway address and DNS resource for one virtual interface. This setting is disabled by default and only available when the Use DHCP to Obtain IP option is selected.
    Secondary Addresses	Use the Secondary Addresses parameter to define additional IP addresses to associate with VLAN IDs. The address provided in this field is used if the primary IP address is unreachable.

32. Select OK to save the changes to the IPv4 configuration. Select Reset to revert to the last saved configuration.
33. Select the IPv6 tab to set IPv6 settings for this virtual interface.
    IPv6 is the latest revision of the Internet Protocol (IP) designed to replace IPv4. IPV6 provides enhanced identification and location information for computers on networks routing traffic across the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons. IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the neighbor discovery protocol via ICMPv6 router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains Internet layer configuration parameters.
34. Refer to the IPv6 Addresses field to define how IP6 addresses are created and utilized.

    IPv6 Mode	Select this option to enable IPv6 support on this virtual interface. IPv6 is disabled by default.
    IPv6 Address Static	Define up to 15 global IPv6 IP addresses that can created statically. IPv6 addresses are represented as eight groups of four hexadecimal digits separated by colons.
    IPv6 Address Static using EU164	Optionally set up to 15 global IPv6 IP addresses (in the EUI-64 format) that can created statically. The IPv6 EUI-64 format address is obtained through a 48-bit MAC address. The MAC is initially separated into two 24-bits, with one being an OUI (Organizationally Unique Identifier) and the other being client specific. A 16- bit 0xFFFE is then inserted between the two 24-bits for the 64-bit EUI address. IEEE has chosen FFFE as a reserved value which can only appear in EUI-64 generated from the an EUI-48 MAC address.
    IPv6 Address Link Local	Provide the IPv6 local link address. IPv6 requires a link local address assigned to every interface the IPv6 protocol is enabled, even when one or more routable addresses are assigned.

35. Enable the Enforce Duplicate Address option to enforce duplicate address protection when any wired port is connected and in a forwarding state. This option is enabled by default.
36. Refer to the IPv6 Address Prefix from Provider table to create IPv6 format prefix shortcuts as supplied by an ISP.
37. Select + Add Row to launch a sub screen wherein a new delegated prefix name and host ID can be defined.

    Delegated Prefix Name	Enter a 32 character maximum name for the IPv6 address prefix from provider.
    Host ID	Define the subnet ID, host ID and prefix length.

38. Select OK to save the changes to the new IPv6 prefix from provider. Select Exit to close the screen without saving the updates.
39. Refer to the IPv6 Address Prefix from Provider EUI64 table to set an (abbreviated) IP address prefix in EUI64 format.
40. Select + Add Row to launch a sub screen wherein a new delegated prefix name and host ID can be defined in EUI64 format.

    Delegated Prefix Name	Enter a 32 character maximum name for the IPv6 prefix from provider in EUI format. Using EUI64, a host can automatically assign itself a unique 64-bit IPv6 interface identifier without manual configuration or DHCP.
    Host ID	Define the subnet ID and prefix length.

41. Select OK to save the changes to the new IPv6 prefix from provider in EUI64 format. Select Exit to close the screen without saving the updates.
42. Refer to the DHCPv6 Relay table to set the address and interface of the DHCPv6 relay.
    The DHCPv6 relay enhances an extended DHCP relay agent by providing support in IPv6. DHCP relays exchange messages between a DHCPv6 server and client. A client and relay agent exist on the same link. When A DHCP request is received from the client, the relay agent creates a relay forward message and sends it to a specified server address. If no addresses are specified, the relay agent forwards the message to all DHCP server relay multicast addresses. The server creates a relay reply and sends it back to the relay agent. The relay agent then sends back the response to the client.
43. Select + Add Row to launch a sub screen wherein a new DHCPv6 relay address and interface VLAN ID can be set.

    Address

    Enter an address for the DHCPv6 relay. These DHCPv6 relay receive messages from DHCPv6 clients and forward them to DHCPv6 servers. The DHCPv6 server sends responses back to the relay, and the relay then sends these responses to the client on the local network.

    Interface

    Select this option to enable a spinner control to define a VLAN ID from 1 - 4,094 used as the virtual interface for the DHCPv6 relay. The interface designation is only required for link local and multicast addresses. A local link address is a locally derived address designed for addressing on a single link for automatic address configuration, neighbor discovery or when no routing resources are available.

44. Select OK to save the changes to the DHCPv6 relay configuration. Select Exit to close the screen without saving the updates.
45. Select the IPv6 RA Prefixes tab.
46. Use the Router Advertisement Policy drop-down menu to select and apply a policy to the virtual interface.
    Router advertisements are periodically sent to hosts or sent in response to solicitation requests. The advertisement includes IPv6 prefixes and other subnet and host information. For more information on Router Advertisement Policy, see IPv6 Router Advertisment Policy.
47. Review the configurations of existing IPv6 advertisement policies. If needed select + Add Row to define the configuration of an additional IPv6 RA prefix.
48. Set the following IPv6 RA Prefix settings:

    Prefix Type	Set the prefix delegation type used with this configuration. Options include, Prefix, and prefix-from-provider. The default setting is Prefix. A prefix allows an administrator to associate a user defined name to an IPv6 prefix. A provider assigned prefix is made available from an Internet Service Provider (ISP) to automate the process of providing and informing the prefixes used.
    Prefix or ID	Set the actual prefix or ID used with the IPv6 router advertisement.
    Site Prefix	The site prefix is added into a router advertisement prefix. The site address prefix signifies the address is only on the local link.
    Valid Lifetime Type	Set the lifetime for the prefix's validity. Options include External (fixed), decrementing and infinite. If set to External (fixed), just the Valid Lifetime Sec setting is enabled to define the exact time interval for prefix validity. If set to decrementing, use the lifetime date and time settings to refine the prefix expiry period. If the value is set for infinite, no additional date or time settings are required for the prefix and the prefix will not expire. The default setting is External (fixed).
    Valid Lifetime Sec	If the lifetime type is set to External (fixed), set the Seconds, Minutes, Hours or Days value used to measurement criteria for the prefix's expiration. 30 days, 0 hours, 0 minutes and 0 seconds is the default lifetime.
    Valid Lifetime Date	If the lifetime type is set to decrementing, set the date in MM/DD/YYYY format for the expiration of the prefix.
    Valid Lifetime Time	If the lifetime type is set to decrementing, set the time for the prefix's validity. Use the spinner controls to set the time in hours and minutes. Use the AM PM radio buttons to set the appropriate hour.
    Preferred Lifetime Type	Set the administrator preferred lifetime for the prefix's validity. Options include External (fixed), decrementing and infinite. If set to External (fixed), just the Valid Lifetime Sec setting is enabled to define the exact time interval for prefix validity. If set to decrementing, use the lifetime date and time settings to refine the prefix expiry period. If the value is set for infinite, no additional date or time settings are required for the prefix and the prefix will not expire. The default setting is External (fixed).
    Preferred Lifetime Sec	If the administrator preferred lifetime type is set to External (fixed), set the Seconds, Minutes, Hours or Days value used to measurement criteria for the prefix's expiration. 30 days, 0 hours, 0 minutes and 0 seconds is the default lifetime.
    Preferred Lifetime Date	If the administrator preferred lifetime type is set to decrementing, set the date in MM/DD/YYYY format for the expiration of the prefix.
    Preferred Lifetime Time	If the preferred lifetime type is set to decrementing, set the time for the prefix's validity. Use the spinner controls to set the time in hours and minutes. Use the AM PM radio buttons to set the appropriate hour.
    Autoconfig	Autoconfiguration includes generating a link-local address, global addresses via stateless address autoconfiguration and duplicate address detection to verify the uniqueness of the addresses on a link. This setting is enabled by default.
    On Link	Select this option to keep the IPv6 RA prefix on the local link. The default setting is enabled.

49. Select OK to save the changes to the IPv6 RA prefix configuration. Select Exit to close the screen without saving the updates.
50. Select the OK button to save the changes and overrides to the basic configuration. Select Reset to revert to the last saved configuration.
51. Select the Security tab.
52. Use the IPv4 Inbound Firewall Rules drop-down menu to select the IPv4 specific inbound firewall rules to apply to this profile‘s virtual interface configuration. Select the Create icon to define a new IPv4 firewall rule configuration or select the Edit icon to modify an existing configuration.
    IPv4 is a connectionless protocol for packet switched networking. IPv4 operates as a best effort delivery method, since it does not guarantee delivery, and does not ensure proper sequencing or duplicate delivery (unlike (TCP).

    IPv4 and IPv6 are different enough to warrant separate protocols. IPv6 devices can alternatively use stateless address autoconfiguration. IPv4 hosts can use link local addressing to provide local connectivity. For more information on IPv4 firewall rules, see Configuring IP Firewall Rules. “Configuring IP Firewall Rules” on page 724.

53. Use the IPv6 Inbound Firewall Rules drop-down menu to select the IPv6 specific inbound firewall rules to apply to this profile‘s virtual interface configuration. Select the Create icon to define a new IPv6 firewall rule configuration or select the Edit icon to modify an existing configuration.
    IPv6 is the latest revision of the Internet Protocol (IP) replacing IPv4. IPV6 provides enhanced identification and location information for systems routing traffic across the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons. For more information on IPv6 firewall rules, see Configuring IP Firewall Rules. see “Configuring IP Firewall Rules” on page 724.
54. Use the VPN Crypto Map drop-down menu to select and apply a VPN crypto map entry to apply to the OSPF dynamic route.
    Crypto Map entries are sets of configuration parameters for encrypting packets passing through the VPN Tunnel. If a Crypto Map configuration does not exist suiting the needs of this virtual interface, select the Create icon to define a new Crypto Map configuration or the Edit icon to modify an existing configuration.
55. Select OK to save the changes to the OSPF route security configuration. Select Reset to revert to the last saved configuration.