The option to configure OSPF is available only when Sophos Firewall is deployed in Gateway mode.
OSPF (Open Shortest Path First) is one of the IGPs (Interior Gateway Protocols). Compared to Routing Information Protocol (RIP), OSPF can serve many more networks, and the period of convergence is very short. OSPF is widely used in large networks such as ISP backbone and enterprise networks.
The Sophos Firewall implementation of OSPF supports:
- OSPF version 2 (as described in RFC 2328)
- Plain text and Message Digest 5 (MD5) authentication
How OSPF works
OSPF keeps track of a complete topological database of all connections in the local network. It's typically divided into logical areas linked by area border routers. An area comprises a group of contiguous networks. An area border router links one or more areas to the OSPF network backbone.
Sophos Firewall participates in OSPF communications when it has an interface in the same area. Sophos Firewall uses the OSPF Hello protocol to acquire neighbors in an area. A neighbor is any router with an interface in the same area as Sophos Firewall. After the initial contact, the Sophos Firewall exchanges Hello packets with its OSPF neighbors at regular intervals to confirm that the neighbors can be reached.
OSPF-enabled routers generate link-state advertisements and send them to their neighbors when the status of a neighbor changes or a new neighbor comes online. If the OSPF network is stable, link-state advertisements between OSPF neighbors don't occur. A Link-State Advertisement (LSA) identifies the interfaces of all OSPF-enabled routers in an area. It provides information that enables OSPF-enabled routers to select the shortest path to a destination. All LSA exchanges between OSPF-enabled routers are authenticated. Sophos Firewall maintains a database of link-state information based on the advertisements it receives from OSPF-enabled routers. To calculate the shortest path to a destination, Sophos Firewall applies the Shortest Path First (SPF) algorithm to the accumulated link-state information.
The Sophos Firewall updates its routing table dynamically based on the results of the SPF calculation to ensure that an OSPF packet will be routed using the shortest path to its destination.
To remove route configuration, run the no network command from the command prompt as shown below:
ospf(config-router)#no network ip address area area-id
Turning off OSPF
To turn off OSPF routing configuration, execute the no router command from the command prompt as shown below:
ospf(config)#no router ospf
OSPF configuration task list
You must turn on OSPF before you can run any OSPF commands.