OSPF Interface Configuration¶
OSPF must use one or more interfaces to announce itself to neighbors and to receive announcements from neighbors. At least one interface must be configured and active in order to locate neighbors and form an adjacency.
Warning
Dataplane NAT “outside” interfaces (
ip nat outside
) cannot be used as active interfaces in OSPF. Dataplane NAT prevents OSPF from properly communicating with neighbors to form a full adjacency.This limitation does not apply to VPF NAT.
To configure an interface for use with OSPF, start in config-frr-ospf
mode
and use the interface <if-name>
command to enter config-ospf-if
mode.
tnsr(config)# route dynamic ospf
tnsr(config-frr-ospf)# interface <if-name>
tnsr(config-ospf-if)#
config-ospf-if
mode contains the following commands:
- ip address (*|<ip4-address>):
These commands specify how OSPF will behave for all addresses on an interface (
*
) for a specific IPv4 address on an interface. In most cases, the*
form will be used here, but when there are multiple addresses available on an interface, a specific choice may be necessary.- area <area-id>:
This command defines the interface as a member of the given area. This is required to activate an interface for use by OSPF.
- authentication [message-digest|null]:
Configures authentication for OSPF neighbors on this interface. All routers connected to this interface must have identical authentication configurations. This can also be enabled in the area settings.
When run without parameters, simple password authentication is used.
- message-digest:
When set, enables MD5 HMAC authentication for this interface.
- null:
When set, no authentication is used by OSPF on this interface. This is the default behavior, but may be explicitly configured with this command to override the authentication configured for this area.
- authentication-key <key>:
Configures a simple password to use for authentication when that type of authentication is active. This password may only have a maximum length of 8 characters.
Warning
This method of authentication is weak, and MD5 HMAC authentication should be used instead if it is supported by all connected routers.
- cost <link-cost>:
A manual cost value to apply to this interface, rather than allowing automatic cost calculation to take place.
In situations where multiple paths are possible to the same destination, this allows OSPF to prefer one path over another when all else is equal.
- dead-interval <time>:
Time, in seconds from
1-65535
, without communication from a neighbor on this interface before considering it dead. This is also known as theRouterDeadInterval
timer in OSPF. Default value is40
. This timer should be set to the same value for all routers.- dead-interval minimal hello <multiplier>:
When active, the
dead-interval
is forced to a value of1
and OSPF will instead send<multiplier>
number of Hello messages each second. This allows for faster convergence, but will consume more resources.Note
When set, this overrides the values of both
dead-interval
andhello-interval
. Custom values configured with those commands will be ignored by OSPF.- hello-interval <interval>:
The interval, in seconds from
1-65535
, at which this router will send hello messages. This is also known as theHelloInterval
timer in OSPF. Default value is10
. This timer should be set to the same value for all routers.A lower value will result in faster convergence times, but will consume more resources.
- message-digest-key key-id <id> md5-key <key>:
Configures MD5 HMAC authentication for use with
message-digest
type authentication.- key-id <id>:
An integer value from
1-255
which identifies the secret key. This value must be identical on all routers.- md5-key <key>:
The content of the secret key identified by
key-id
, which is used to generate the message digest. Given as an unencrypted string, similar to a password. The maximum length of the key is 16 characters.
- mtu-ignore:
When present, OSPF will ignore the MTU advertised by neighbors and can still achieve a full adjacency when peers do not have matching MTU values.
- retransmit-interval <interval>:
The interval, in seconds from
1-65535
, at which this router will retransmit Link State Request and Database Description messages. This is also known as theRxmtInterval
timer in OSPF. Default value is5
.- priority <priority>:
A priority value, from
0-255
, assigned to this router. When determining which router will become the Designated Router (DR), the router with the highest priority is more likely to be elected as the DR.The default value is
1
. The value0
is special and will prevent this router from being chosen as DR.- transmit-delay <delay>:
The interval, in seconds from
1-65535
, at which this router will transmit LSA messages. This is also known as theInfTransDelay
timer in OSPF. Default value is1
.
- ip bfd enabled (true|false):
Enable Bidirectional Forwarding Detection for OSPF on this interface.
- ip network (broadcast|non-broadcast|point-to-multipoint|point-to-point):
Manually configures a specific type of network used on a given interface, rather than letting OSPF determine the type automatically. This controls how OSPF behaves and how it crafts messages when using an interface.
- broadcast:
Broadcast networks, such as typical Ethernet networks, allow multiple routers on a segment and OSPF can use broadcast and multicast to send messages to multiple targets at once. OSPF assumes that all routers on broadcast networks are directly connected and can communicate without passing through other routers.
- non-broadcast:
Non-broadcast networks support multiple routers but do not have broadcast or multicast capabilities. Due to this lack of support, neighbors must be manually configured using the
neighbor
command. When using this mode, OSPF simulates a broadcast network using Non-Broadcast Multi-Access (NMBA) mode, but transmits messages to known neighbors directly.
Note
WireGuard VPN interfaces are non-broadcast interfaces. See WireGuard VPN with OSPF Dynamic Routing for details.
- point-to-multipoint:
Similar to
non-broadcast
mode, but connections to manually configured neighbors are treated as a collection of point-to-point links rather than a shared network. Similar to a point-to-point network, OSPF disables DR election.- point-to-point:
A point-to-point network links a single pair of routers. The interface is still capable of broadcast, and OSPF will dynamically discover neighbors. With this type of network, OSPF disables election of a DR.