OSPF Interface Configuration

OSPF must use one or more interfaces to announce itself to neighbors and to receive announcements from neighbors. At least one interface must be configured and active in order to locate neighbors and form an adjacency.

Warning

Dataplane NAT “outside” interfaces (ip nat outside) cannot be used as active interfaces in OSPF. Dataplane NAT prevents OSPF from properly communicating with neighbors to form a full adjacency.

This limitation does not apply to VPF NAT.

To configure an interface for use with OSPF, start in config-frr-ospf mode and use the interface <if-name> command to enter config-ospf-if mode.

tnsr(config)# route dynamic ospf
tnsr(config-frr-ospf)# interface <if-name>
tnsr(config-ospf-if)#

config-ospf-if mode contains the following commands:

ip address (*|<ip4-address>):

These commands specify how OSPF will behave for all addresses on an interface (*) for a specific IPv4 address on an interface. In most cases, the * form will be used here, but when there are multiple addresses available on an interface, a specific choice may be necessary.

area <area-id>:

This command defines the interface as a member of the given area. This is required to activate an interface for use by OSPF.

authentication [message-digest|null]:

Configures authentication for OSPF neighbors on this interface. All routers connected to this interface must have identical authentication configurations. This can also be enabled in the area settings.

When run without parameters, simple password authentication is used.

message-digest:

When set, enables MD5 HMAC authentication for this interface.

null:

When set, no authentication is used by OSPF on this interface. This is the default behavior, but may be explicitly configured with this command to override the authentication configured for this area.

authentication-key <key>:

Configures a simple password to use for authentication when that type of authentication is active. This password may only have a maximum length of 8 characters.

Warning

This method of authentication is weak, and MD5 HMAC authentication should be used instead if it is supported by all connected routers.

cost <link-cost>:

A manual cost value to apply to this interface, rather than allowing automatic cost calculation to take place.

In situations where multiple paths are possible to the same destination, this allows OSPF to prefer one path over another when all else is equal.

dead-interval <time>:

Time, in seconds from 1-65535, without communication from a neighbor on this interface before considering it dead. This is also known as the RouterDeadInterval timer in OSPF. Default value is 40. This timer should be set to the same value for all routers.

dead-interval minimal hello <multiplier>:

When active, the dead-interval is forced to a value of 1 and OSPF will instead send <multiplier> number of Hello messages each second. This allows for faster convergence, but will consume more resources.

Note

When set, this overrides the values of both dead-interval and hello-interval. Custom values configured with those commands will be ignored by OSPF.

hello-interval <interval>:

The interval, in seconds from 1-65535, at which this router will send hello messages. This is also known as the HelloInterval timer in OSPF. Default value is 10. This timer should be set to the same value for all routers.

A lower value will result in faster convergence times, but will consume more resources.

message-digest-key key-id <id> md5-key <key>:

Configures MD5 HMAC authentication for use with message-digest type authentication.

key-id <id>:

An integer value from 1-255 which identifies the secret key. This value must be identical on all routers.

md5-key <key>:

The content of the secret key identified by key-id, which is used to generate the message digest. Given as an unencrypted string, similar to a password. The maximum length of the key is 16 characters.

mtu-ignore:

When present, OSPF will ignore the MTU advertised by neighbors and can still achieve a full adjacency when peers do not have matching MTU values.

retransmit-interval <interval>:

The interval, in seconds from 1-65535, at which this router will retransmit Link State Request and Database Description messages. This is also known as the RxmtInterval timer in OSPF. Default value is 5.

priority <priority>:

A priority value, from 0-255, assigned to this router. When determining which router will become the Designated Router (DR), the router with the highest priority is more likely to be elected as the DR.

The default value is 1. The value 0 is special and will prevent this router from being chosen as DR.

transmit-delay <delay>:

The interval, in seconds from 1-65535, at which this router will transmit LSA messages. This is also known as the InfTransDelay timer in OSPF. Default value is 1.

ip bfd enabled (true|false):

Enable Bidirectional Forwarding Detection for OSPF on this interface.

ip network (broadcast|non-broadcast|point-to-multipoint|point-to-point):

Manually configures a specific type of network used on a given interface, rather than letting OSPF determine the type automatically. This controls how OSPF behaves and how it crafts messages when using an interface.

broadcast:

Broadcast networks, such as typical Ethernet networks, allow multiple routers on a segment and OSPF can use broadcast and multicast to send messages to multiple targets at once. OSPF assumes that all routers on broadcast networks are directly connected and can communicate without passing through other routers.

non-broadcast:

Non-broadcast networks support multiple routers but do not have broadcast or multicast capabilities. Due to this lack of support, neighbors must be manually configured using the neighbor command. When using this mode, OSPF simulates a broadcast network using Non-Broadcast Multi-Access (NMBA) mode, but transmits messages to known neighbors directly.

Note

WireGuard VPN interfaces are non-broadcast interfaces. See WireGuard VPN with OSPF Dynamic Routing for details.

point-to-multipoint:

Similar to non-broadcast mode, but connections to manually configured neighbors are treated as a collection of point-to-point links rather than a shared network. Similar to a point-to-point network, OSPF disables DR election.

point-to-point:

A point-to-point network links a single pair of routers. The interface is still capable of broadcast, and OSPF will dynamically discover neighbors. With this type of network, OSPF disables election of a DR.