The option to configure OSPF is available only when Sophos Firewall is deployed in Gateway mode.
OSPF (Open Shortest Path First) is one of the IGPs (Interior Gateway Protocols). Compared with RIP (Routing Information Protocol), OSPF can serve many more networks and the period of convergence is very short. OSPF is widely used in large networks such as ISP backbone and enterprise networks.
The Sophos Firewall implementation of OSPF supports:
- OSPF version 2 (as described in RFC 2328)
- Plain text and Message Digest 5 (MD5) authentication
How OSPF works
OSPF keeps track of a complete topological database of all connections in the local network. It is typically divided into logical areas linked by area border routers. An area comprises a group of contiguous networks. An area border router links one or more areas to the OSPF network backbone.
Sophos Firewall participates in OSPF communications, when it has an interface in the same area. Sophos Firewall uses the OSPF Hello protocol to acquire neighbors in an area. A neighbor is any router that has an interface to the same area as the Sophos Firewall. After initial contact, the Sophos Firewall exchanges Hello packets with its OSPF neighbors at regular intervals to confirm that the neighbors can be reached.
OSPF-enabled routers generate link-state advertisements and send them to their neighbors whenever the status of a neighbor changes or a new neighbor comes online. If the OSPF the network is stable, link-state advertisements between OSPF neighbors do not occur. A Link-State Advertisement (LSA) identifies the interfaces of all OSPF-enabled routers in an area, and provides information that enables OSPF-enabled routers to select the shortest path to a destination. All LSA exchanges between OSPF-enabled routers are authenticated. The Sophos Firewall maintains a database of link-state information based on the advertisements that it receives from OSPF-enabled routers. To calculate the shortest path to a destination, the Sophos Firewall applies the Shortest Path First (SPF) algorithm to the accumulated link-state information.
The Sophos Firewall updates its routing table dynamically based on the results of the SPF calculation to ensure that an OSPF packet will be routed using the shortest path to its destination.
To remove route configuration, execute the no network command from the command prompt as shown below:
ospf(config-router)#no network ip address area area-id
Turning off OSPF
To turn off OSPF routing configuration, execute the no router command from the command prompt as shown below:
ospf(config)#no router ospf
OSPF configuration task list
OSPF must be turned on before you carry out any of the OSPF commands.
To configure OSPF, see OSPF configuration steps