Kaspersky SD-WAN
2.2
English

Contents

Route exchange over OSPF

Kaspersky SD-WAN supports the OSPF (Open Shortest Path First) dynamic routing protocol for exchanging routing information between CPE devices and external network devices. When configuring the OSPF protocol, you can use OSPF areas and OSPF interfaces.

In this Help section

Basic OSPF settings

Managing OSPF areas

Managing OSPF interfaces
Page top
[Topic 261972]

Basic OSPF settings

You can specify basic OSPF settings in a CPE template or on a CPE device. Basic OSPF settings specified in the CPE template are automatically propagated to all CPE devices that use this CPE template.

To modify the basic OSPF settings:

  1. Specify basic OSPF settings in one of the following ways:
    • If you want to edit the basic OSPF settings in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the OSPF → General settings tab.
    • If you want to edit the basic OSPF settings on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the OSPF → General settings tab, and select the Override check box.

    The OSPF settings are displayed.

  2. In the OSPF drop-down list, select Enabled. The default value is Disabled.
  3. In the Router ID field, enter the IPv4 address that you want to assign to the router ID of the CPE device.
  4. In the Maximum paths field, enter the maximum number of entries in the routing and forwarding table of the CPE device. Range of values: 1 to 16.
  5. If you want to use the CPE device as an Area Border Router (ABR), in the ABR type drop-down list, select one of the following implementations:
    • IBM (default implementation)
    • CISCO
    • SHORTCUT
    • STANDARD
  6. In the Auto cost reference bandwidth field, enter the reference bandwidth for calculating the cost of links on the CPE device. Range of values: 1 to 4,294,967.
  7. If you want to switch all OSPF interfaces of the CPE device to passive mode, select the Passive interface default check box. In passive mode, OSPF interfaces do not exchange traffic packets. This check box is cleared by default.
  8. If you want to keep an OSPF log, select the Log adjacency changes check box. You can select the Log adjacency changes check box to keep a more verbose OSPF log. These check boxes are cleared by default.
  9. If you want to configure route redistribution in OSPF, under Route redistribution, do the following:
    1. Select the check boxes next to the route types:
      • BGP to redistribute BGP routes.
      • Connected to redistribute routes directly connected to network interfaces of CPE device.
      • Kernel to redistribute Kernel routes generated by the operating system of the CPE device.
      • Static to redistribute static routes.

      These check boxes are cleared by default.

    2. In the Route map drop-down list, select a created route map for redistributed routes.
    3. In the Metric field, enter a metric of redistributed routes. Range of values: 0 to 16,777,214.
    4. In the Metric type drop-down list, select the type of the metric:
      • Type 1 (or "internal metric")
      • Type 2 (or "external metric")
    5. Select the Filtering check box and in the Access control list drop-down list, select a created access control list for reallocated routes. This check box is cleared by default.
  10. In the Default metric field, enter the default metric of OSPF routes. Range of values: 0 to 16,777,214.
  11. If you want to configure the CPE device to advertise the default route 0.0.0.0/0 to OSPF neighbors:
    1. Select the Default originate check box. This check box is cleared by default.
    2. Select the Always check box to always advertise the default 0.0.0.0/0 route, even if it is not present in the route table of the CPE device. This check box is cleared by default.
    3. In the Metric type drop-down list, select the type of metric for the 0.0.0.0/0 default route:
      • Type 1
      • Type 2
    4. In the Metric field, enter a metric for the 0.0.0.0/0 default route. Range of values: 0 to 16,777,214.
    5. In the Route map drop-down list, select a created route map for the 0.0.0.0/0 default route.
  12. In the Distance field, enter the administrative distance for all OSPF routes. The lower the administrative distance specified for a protocol, the higher the priority its route have. For example, if you want OSPF routes to always be preferred over BGP routes, specify the administrative distance of 1 for OSPF and 2 for BGP. Range of values: 1 to 255.
  13. If you want to configure administrative distances for individual OSPF routes:
    1. Select the Distance OSPF check box. This check box is cleared by default.
    2. In the External field, enter the administrative distance for routes from external OSPF domains or routing protocols. Range of values: 1 to 255.
    3. In the Inter-area field, enter the administrative distance for routes from different OSPF areas of the same OSPF domain. Range of values: 1 to 255.
    4. In the Intra-area field, enter the administrative distance for routes from the same OSPF area. Range of values: 1 to 255.
  14. If you want to enable Graceful restart on the CPE device:
    1. Select the Graceful restart check box. This check box is cleared by default.
    2. In the Grace period (sec.) field, enter the length of time, in seconds, during which the CPE device announces its intention to restart to OSPF peers. Range of values: 1 to 1800.
  15. If you want to configure timers for the Shortest Path First (SPF) algorithm calculations:
    1. Select the Timers throttle SPF check box. This check box is cleared by default.
    2. In the Delay (sec.) field, enter the length in seconds of the delay before starting the calculations of the SPF algorithm. Range of values: 0 to 600,000.
    3. In the Initial hold-time (ms.) field, enter the minimum retention time in milliseconds between two calculations of the SPF algorithm. Range of values: 0 to 600,000.
    4. In the Maximum hold-time (ms.) field, enter the maximum retention time in milliseconds between two calculations of the SPF algorithm. Range of values: 0 to 600,000.
  16. If you want to configure Link State Advertisement (LSA) to OSPF neighbors for the CPE device:
    1. Select the Administrative check box to have the CPE device use the maximum metric in link state advertisements to OSPF neighbors.
    2. If you want to specify the time during which the CPE device must use the maximum metric in link state advertisement to OSPF neighbors when the OSPF protocol is started or restarted:
      1. Select the On startup check box. This check box is cleared by default.
      2. In the Timer (sec.) field, enter the time in seconds. Range of values: 5 to 86,400.
    3. If you want to specify the time during which the CPE device must use the maximum metric in link state advertisement to OSPF neighbors when the OSPF protocol is disabled:
      1. Select the On shutdown check box. This check box is cleared by default.
      2. In the Timer (sec.) field, enter the time in seconds. Range of values: 5 to 100.
  17. In the upper part of the settings area, click Save to save the settings of the CPE template or CPE device.
Page top
[Topic 261868]

Managing OSPF areas

The table of OSPF areas is displayed in the CPE template and on the CPE device:

  • To display the table of OSPF areas in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the OSPF → OSPF areas tab.
  • To display the table of OSPF areas on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, and select the OSPF → OSPF areas tab.

Information about OSPF areas is displayed in the following columns of the table:

  • OSPF area is the ID of the OSPF area in IPv4 address format or an integer.
  • Area type is the type of the OSPF stub area:
    • Stub
    • Stub NO-SUMMARY
    • NSSA
    • NSSA NO-SUMMARY

    This value is displayed only for stub areas.

  • OSPF ranges specifies OSPF ranges.
  • Management contains the actions that can be performed with the OSPF area.

In this section

Creating an OSPF area

Editing an OSPF area

Deleting an OSPF area
Page top
[Topic 271029]

Creating an OSPF area

You can create an OSPF area in a CPE template or on a CPE device. An OSPF are created in the CPE template is automatically created on all CPE devices to which this CPE template is applied.

To create an OSPF area:

  1. Create an OSPF area in one of the following ways:
    • If you want to create an OSPF area in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the OSPF → OSPF areas tab.
    • If you want to create an OSPF area on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the OSPF → OSPF areas tab, and select the Override check box.

    A table of OSPF areas is displayed.

  2. Click + OSPF area.
  3. This opens a window; in that window, in the OSPF area field, enter the OSPF area ID as an IPv4 address or an integer number.
  4. If you want to make the OSPF area a stub area:
    1. Select the Stub check box. This check box is cleared by default.
    2. In the Area type drop-down list, select the type of the stub OSPF area:
    3. If the Area type drop-down list, you selectedNSSA or NSSA NO-SUMMARY, if you need to prevent the advertisement of the 0.0.0.0/0 default route to the NSSA area, select the NSSA suppress FA check box. This check box is cleared by default.
    4. In the Default cost field, enter a metric for the default route or for summary routes. Range of values: 0 to 16,777,215.
  5. If you want to use the shortcut method for SPF calculations, select the Shortcut check box. This check box is cleared by default.
  6. In the Authentication drop-down list, select the OSPF authentication method:
    • Message digest to use the MD5 algorithm.
    • Simple password to use an unencrypted password. This authentication method is less secure than MD5 algorithm, however, it can provide authentication when used in a trusted network environment.
  7. If you want to specify OSPF ranges:
    1. Under OSPF ranges, click + Range.
    2. In the Range field, enter the IPv4 prefix of the routes.
    3. In the Action drop-down list, select the action to be performed with routes:
    4. If in the Action drop-down list, you selected Advertise or Substitute, in the Cost field, enter a metric for routes. Range of values: 0 to 16,777,215.

    The OSPF range is specified and displayed under OSPF ranges. You can specify multiple OSPF ranges or delete an OSPF range. To delete an OSPF range, click the delete icon next to it.

  8. If you want to connect an OSPF area to another OSPF area through a transit OSPF area, specify the virtual link:
    1. Under Virtual links, click + Virtual link.
    2. In the Address field, enter the IPv4 address of the network interface of the router in the transit area.

    The virtual link is specified and displayed under OSPF ranges. You can specify multiple virtual links or delete a virtual link. To delete a virtual link, click the delete icon next to it.

  9. If you want to configure route filtering for the OSPF area, under Filtering, do the following:
    1. Select the created access control lists:
      1. In the Export list drop-down list, select an access control list for routes that are advertised from the OSPF area to other OSPF areas.
      2. In the Import list drop-down list, select an access control list for routes that are advertised from other OSPF area to the given OSPF area.
    2. Select the created access lists:
      1. In the Outbound filter list drop-down list, select a prefix list for routes that are advertised from the OSPF area to other OSPF areas.
      2. In the Inbound filter list drop-down list, select a prefix list for routes that are advertised from other OSPF area to the given OSPF area.
  10. Click Save.

    The OSPF area is created and displayed in the table.

  11. In the upper part of the settings area, click Save to save the settings of the CPE template or CPE device.
Page top
[Topic 261916]

Editing an OSPF area

You can edit an OSPF area in a CPE template or on a device. An OSPF area edited in the CPE template is automatically edited on all CPE devices that use this CPE template.

To edit an OSPF area:

  1. Edit an OSPF area in one of the following ways:
    • If you want to edit an OSPF area in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the OSPF → OSPF areas tab.
    • If you want to edit an OSPF area on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the OSPF → OSPF areas tab, and select the Override check box.

    A table of OSPF areas is displayed.

  2. Click Edit next to the OSPF area that you want to edit.
  3. This opens a window; in that window, if necessary, edit the OSPF area settings. For a description of the settings, see the instructions for creating an OSPF area.
  4. Click Save.

    The OSPF area is modified and updated in the table.

  5. In the upper part of the settings area, click Save to save the settings of the CPE template or CPE device.
Page top
[Topic 261973]

Deleting an OSPF area

You can delete an OSPF area in a CPE template or on a CPE device. An OSPF area deleted in the CPE template is automatically deleted on all CPE devices that use this CPE template.

Deleted OSPF areas cannot be restored.

To delete an OSPF area:

  1. Delete an OSPF area in one of the following ways:
    • If you want to delete an OSPF area in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the OSPF → OSPF areas tab.
    • If you want to delete an OSPF area on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the OSPF → OSPF areas tab, and select the Override check box.

    A table of OSPF areas is displayed.

  2. Click Delete next to the OSPF area that you want to delete.
  3. In the confirmation window, click Delete.

    The OSPF area is deleted and is no longer displayed in the table.

  4. In the upper part of the settings area, click Save to save the settings of the CPE template or CPE device.
Page top
[Topic 261976]

Managing OSPF interfaces

The table of OSPF interfaces is displayed in the CPE template and on the CPE device:

  • To display the table of OSPF interfaces in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the OSPF → OSPF interface tab.
  • To display the table of OSPF interfaces on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, and select the OSPF → OSPF interface tab.

Information about OSPF interfaces is displayed in the following columns of the table:

  • Interface is the network interface used as an OSPF interface.
  • OSPF area is the ID of the OSPF area to which the OSPF interface belongs.
  • Authentication is the authentication method.
  • Network type is the type of network to which the OSPF interface is connected.
  • Management contains the actions that can be performed with the OSPF interface.

In this section

Creating an OSPF interface

Editing an OSPF interface

Deleting an OSPF interface
Page top
[Topic 271034]

Creating an OSPF interface

You can create an OSPF interface in a CPE template or on a CPE device. An OSPF interface created in the CPE template is automatically created on all CPE devices that use this CPE template.

To create an OSPF interface:

  1. Create an OSPF interface in one of the following ways:
    • If you want to create an OSPF interface in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the OSPF → OSPF interface tab.
    • If you want to create an OSPF interface on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the OSPF → OSPF interface tab, and select the Override check box.

    A table of OSPF interfaces is displayed.

  2. Click + OSPF interface.
  3. This opens a window, in that window, in the Interface drop-down list, select the created network interface which you want to use as an OSPF interface.
  4. In the OSPF area field, enter the ID of the OSPF area to which the OSPF interface belongs, as an IPv4 address or an integer number.
  5. If you want to specify OSPF authentication:
    1. In the Authentication drop-down list, select an authentication method:
      • Message digest to use the MD5 algorithm.
      • Simple password to use an unencrypted password. This authentication method is less secure than MD5 algorithm, however, it can provide authentication when used in a trusted network environment. If you select this option, enter the authentication password in the Password field.
    2. If in the Authentication drop-down list, you selected Message digest, follow these steps:
      1. In the Key ID field, enter the MD5 hash. Range of values: 1 to 255.
      2. In the Key field, enter the MD5 key.
  6. In the Cost field, enter the metric of the OSPF interface. Range of values: 1 to 65,535.
  7. In the Network type drop-down list, select the type of network to which the OSPF interface is connected:
    • Broadcast
    • Non-broadcast
    • Point-to-multipoint
    • Point-to-point
  8. In the Priority field, enter the priority of the OSPF interface. The greater the value, the higher the priority of the OSPF interface.

    The highest-priority OSPF interface becomes the designated router of the network segment. The OSPF interface with the second highest priority becomes the backup designated router.

  9. If you want to switch the OSPF interface to passive mode, select the Passive interface check box. In passive mode, OSPF interfaces do not exchange traffic packets.
  10. If you want to use the BFD protocol to detect loss of connectivity, select the BFD check box. This check box is cleared by default.
  11. If you want to configure OSPF timers:
    1. Select the OSPF timers check box. This check box is cleared by default.
    2. In the Hello (sec.) field, enter the time interval in seconds that the OSPF interface uses to send control packets to OSPF neighbors. Range of values: 1 to 65,535.
    3. In the Dead (sec.) field, enter the time interval in seconds that the OSPF interface uses to receive control packets from OSPF neighbors. If no control packets are received from an OSPF neighbor within the specified time, the OSPF interface considers this OSPF peer unavailable. Range of values: 1 to 65,535.
  12. In the Retransmit interval (sec.) field, enter the time after which the OSPF resends lost traffic packets. Range of values: 1 to 65,535.
  13. Click Create.

    The OSPF interface is created and displayed in the table.

  14. In the upper part of the settings area, click Save to save the settings of the CPE template or CPE device.
Page top
[Topic 261933]

Editing an OSPF interface

You can edit an OSPF interface in a CPE template or on a CPE device. An OSPF interface edited in the CPE template is automatically modified on all CPE devices that use this CPE template.

To edit an OSPF interface:

  1. Edit an OSPF interface in one of the following ways:
    • If you want to edit an OSPF interface in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the OSPF → OSPF interface tab.
    • If you want to edit an OSPF interface on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the OSPF → OSPF interface tab, and select the Override check box.

    A table of OSPF interfaces is displayed.

  2. Click Edit next to the OSPF interface that you want to edit.
  3. This opens a window; in that window, if necessary, edit the OSPF interface settings. For a description of the settings, see the instructions for creating an OSPF interface.
  4. Click Save.

    The OSPF interface is modified and updated in the table.

  5. In the upper part of the settings area, click Save to save the settings of the CPE template or CPE device.
Page top
[Topic 261977]

Deleting an OSPF interface

You can delete an OSPF interface in a CPE template or on a CPE device. An OSPF inerface deleted in the CPE template is automatically deleted on all CPE devices that use this CPE template.

Deleted interfaces cannot be restored.

To delete an OSPF interface:

  1. Delete an OSPF interface in one of the following ways:
    • If you want to delete an OSPF interface in a CPE template, go to the SD-WAN → CPE templates menu section, click the CPE template, and select the OSPF → OSPF interface tab.
    • If you want to delete an OSPF interface on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the OSPF → OSPF interface tab, and select the Override check box.

    A table of OSPF interfaces is displayed.

  2. Click Delete next to the OSPF interface that you want to delete.
  3. In the confirmation window, click Delete.

    The OSPF interface is deleted and is no longer displayed in the table.

  4. In the upper part of the settings area, click Save to save the settings of the CPE template or CPE device.
Page top
[Topic 261979]