OSPF configuration

The option to configure OSPF is available only when Sophos XG Firewall is deployed in Gateway mode.

OSPF (Open Shortest Path First) is one of the IGPs (Interior Gateway Protocols). Compared with RIP (Routing Information Protocol), OSPF can serve many more networks and the period of convergence is very short. OSPF is widely used in large networks such as ISP backbone and enterprise networks.

The Sophos XG Firewall implementation of OSPF supports:

  • OSPF version 2 (as described in RFC 2328)
  • Plain text and Message Digest 5 (MD5) authentication

How OSPF works

OSPF keeps track of a complete topological database of all connections in the local network. It is typically divided into logical areas linked by area border routers. An area comprises a group of contiguous networks. An area border router links one or more areas to the OSPF network backbone.

Sophos XG Firewall participates in OSPF communications, when it has an interface in the same area. Sophos XG Firewall uses the OSPF Hello protocol to acquire neighbors in an area. A neighbor is any router that has an interface to the same area as the Sophos XG Firewall. After initial contact, the Sophos XG Firewall exchanges Hello packets with its OSPF neighbors at regular intervals to confirm that the neighbors can be reached.

OSPF-enabled routers generate link-state advertisements and send them to their neighbors whenever the status of a neighbor changes or a new neighbor comes online. If the OSPF the network is stable, link-state advertisements between OSPF neighbors do not occur. A Link-State Advertisement (LSA) identifies the interfaces of all OSPF-enabled routers in an area, and provides information that enables OSPF-enabled routers to select the shortest path to a destination. All LSA exchanges between OSPF-enabled routers are authenticated. The Sophos XG Firewall maintains a database of link-state information based on the advertisements that it receives from OSPF-enabled routers. To calculate the shortest path to a destination, the Sophos XG Firewall applies the Shortest Path First (SPF) algorithm to the accumulated link-state information.

The Sophos XG Firewall updates its routing table dynamically based on the results of the SPF calculation to ensure that an OSPF packet will be routed using the shortest path to its destination.

Removing routes

To remove route configuration, execute the no network command from the command prompt as shown below:

ospf(config-router)#no network ip address area area-id

Turning off OSPF

To turn off OSPF routing configuration, execute the no router command from the command prompt as shown below:

ospf(config)#no router ospf

OSPF configuration task list

OSPF must be turned on before you carry out any of the OSPF commands.

To configure OSPF, see OSPF configuration steps