Open Shortest Path First (OSPF) Routing Protocol

Document revision 18-Jan-2003
This document applies to the MikroTik RouterOS V2.6

Overview

MikroTik RouterOS implements OSPF Version 2 (RFC 2328). The OSPF protocol is on the link-state protocol that takes care of the routes in the dynamic network structure that can employ different paths to its subnetworks. It always chooses shortest path to the subnetwork first.

OSPF distributes routing information between routers belonging to a single autonomous system (AS). An AS is a group of routers exchanging routing information via a common routing protocol.

Contents of the Manual

The following topics are covered in this manual:

Installation
Hardware Resource Usage
OSPF Description
OSPF Setup

Setting the Basic OSPF Argument Values
OSPF Areas
OSPF Network
OSPF Interfaces
OSPF Virtual Links
OSPF Neighbours
Running OSPF

OSPF Troubleshooting
Additional Resources
OSPF Application Examples
OSPF Backup without using Tunnel

OSPF_Main Router Setup
OSPF-peer-1 Router Setup
OSPF-peer-2 Router Setup
Routing Tables
Routing Tables with Revised Link Cost
Functioning of the Backup

OSPF Backup using Encrypted Tunnel through a Third Party

Installation

The OSPF feature is included in the ospf package. The package file ospf-2.6.x.npk can be downloaded from MikroTik’s web page www.mikrotik.com. To install the package, please upload it to the router with ftp and reboot.

Hardware Resource Usage

There is no significant resource usage.

OSPF Description

For OSPF description and deployment guidelines please refer to list of Additional Resources. Current document discusses OSPF configuration for MikroTik RouterOS.

When deploy the OSPF, all routers should be configured in a coordinated manner. Routers belonging to one area should have the same area ID configured. Although Mikrotik RouterOS supports multiple areas, it is not likely that you will deploy structures with many of them.

OSPF Setup

The OSPF management can be accessed under the /routing ospf submenu.

After you have divided your networks in areas, you have to configure the following settings on each OSPF router:

Change general OSPF settings of redistributing connected, static and default routes. The default route should be distributed only from border routers of your area;
Configure additional areas, if any;
If you're using encryption, you also should configure keys in /routing ospf interface command level;
Add OSPF network records for all networks you want the OSPF to run on.

The OSPF is started after adding record to the ospf network list.

Note! The OSPF protocol is started only on interfaces configured under the /routing ospf network

Setting the Basic OSPF Argument Values

To view the argument settings for OSPF, use the /routing ospf print command, for example:

[admin@MikroTik] routing ospf>
OSPF is a shortest path first or link-state protocol. OSPF is an interior
gateway protocol that distributes routing information between routers in a
single autonomous system. OSPF is described in RFC1583.

     interface  OSPF interface settings
       network  OSPF networks
          area  OSPF areas
      neighbor
  virtual-link  OSPF virtual links
         print  Show OSPF settings
           get  get value of property
           set  Change OSPF settings
        export  Export OSPF settings
[admin@MikroTik] routing ospf> print
                 router-id: 0.0.0.0
        distribute-default: never
    redistribute-connected: no
       redistribute-static: no
          redistribute-rip: no
          redistribute-bgp: no
            metric-default: 1
          metric-connected: 20
             metric-static: 20
                metric-rip: 20
                metric-bgp: 20
[admin@MikroTik] routing ospf>
[admin@MikroTik] routing ospf> set redistribute-static=as-type-2 \
\... redistribute-connected=as-type-1

Argument description:

router-id – the Router ID. If not specified (default 0.0.0.0), OSPF uses the largest IP address configured on the interfaces as its router ID
redistribute-connected – if set, the router will redistribute the information about all connected routes, i.e., routes to networks, that can be directly reached from the router (as-type-1, as-type-2, no)
redistribute-static – if set, the router will redistribute the information about all static routes added to its routing database, i.e., routes, that have been created using the /ip route add command of the router (as-type-1, as-type-2, no)
redistribute-rip – If set, the router will redistribute the information about all routes learned by the RIP protocol (as-type-1, as-type-2, no)
redistribute-bgp – If set, the router will redistribute the information about all routes learned by the BGP protocol (as-type-1, as-type-2, no)
distribute-default – Controls how to propagate the default route to other routers:

never - do not send own default route to other routers
if-installed (as type 1 or type 2) - send the default route only if it has been installed (a static default route, or route added by DHCP, PPP, etc.)
always (as type 1 or type 2)- always send the default route

metric-default - cost of the default route
metric-connected - cost of connected routes
metric-static - cost of static routes
metric-rip - cost of the routes learned by the RIP protocol
metric-bgp - cost of the routes learned by the BGP protocol

Note that within an area, only the router that is connected to an another AS (i.e. border router) should have the propagation of the default route enabled.

Note on metrics - OSPF protocol will try to use the shortest path (path with the least total cost) if available.

Note on types - OSPF protocol supports two types of metrics:

type 1 metrics are internal ('cheap') metrics

type 2 metrics are external ('expensive') metrics. Any type 2 metric is considered greater than the cost of any internal path

Usually you want to redistribute connected and static routes, if any. Therefore change the settings for these arguments and proceed to the OSPF areas and networks.

OSPF Areas

The area management can be accessed under the /routing ospf area submenu. There is one area that is configured by default - the backbone area (area ID 0.0.0.0):

[admin@MikroTik] routing ospf area> print detail
Flags: X - disabled
  0 name=backbone area-id=0.0.0.0 stub-area=no default-cost=0
    authentication=none

[admin@MikroTik] routing ospf area>

To define additional OSPF area(s) for the router, use the /routing ospf area add command:

[admin@MikroTik] routing ospf area> add area-id=0.0.10.5 name=local_10
[admin@MikroTik] routing ospf area> print
Flags: X - disabled
  0 name=backbone area-id=0.0.0.0 stub-area=no default-cost=0
    authentication=none

  1 name=local_10 area-id=0.0.10.5 stub-area=no default-cost=0
    authentication=none

[admin@MikroTik] routing ospf area>

Argument description:

name - area name. Cannot be changed for the backbone area.
area-id - area ID, must be in IP address notation. Cannot be changed for the backbone area.
default-cost - Cost for the default summary route used for a stub area. Only for area boundary router.
stub - ( yes / no ) Sets the area type.
authentication - ( md5 / none / simple ) authentication method for OSPF

none - no authentication
simple - clear text authentication
md5 - Keyed Message Digest 5 (MD5) authentication

OSPF Network

To start the OSPF protocol, you have to define the networks on which OSPF runs and the area ID for those networks. Use the /routing ospf network add command:

[admin@MikroTik] routing ospf network> add area=backbone network=10.10.1.0/24
[admin@MikroTik] routing ospf network> print
Flags: X - disabled
  #   NETWORK            AREA
  0   10.10.1.0/24       backbone
[admin@MikroTik] routing ospf>

Argument description:

area - Area to be associated with the address range
network - the network address/mask that is associated with the area. The network argument allows defining one or multiple interfaces to be associated with a specific OSPF area. Only directly connected networks of the router may be specified

Note that for P2P links here you should set exactly the same as the network address is (that is remote point IP address). In this case, the correct netmask bits should be 32

OSPF Interfaces

To run OSPF you don't have to configure interfaces. /routing ospf interface command level is only for additional configuration of OSPF specific interface parameters.

[admin@MikroTik] routing ospf> interface add interface=ether2
[admin@MikroTik] routing ospf> interface print
  0 interface=ether2 cost=1 priority=1 authentication-key=""
    retransmit-interval=5s transmit-delay=1s hello-interval=10s
    dead-interval=40s


[admin@MikroTik] routing ospf>

Argument description:

interface - interface on which rus OSPF. all sets the defaults, that will be used for all the interfaces not having specific settings
authentication-key - Authentication key to be used by neighboring routers that are using OSPF's simple password authentication
cost - Interface cost (1..65535) expressed as the link state metric.
dead-interval - Interval after which a neighbor is declared dead. The interval is advertised in the router's hello packets. This value must be the same for all routers and access servers on a specific network.
hello-interval - The interval between hello packets that the router sends on the interface. The smaller the hello interval, the faster topological changes will be detected, but more routing traffic will ensue. This value must be the same for all routers on a specific network.
priority - Router priority (0..255). It helps determine the designated router for the network. When two routers attached to a network both attempt to become the designated router, the one with the higher router priority takes precedence.
retransmit-interval - Time between retransmitting lost link state advertisements (3..65535 seconds). When a router sends a link state advertisement (LSA) to its neighbor, it keeps the LSA until it receives back the acknowledgment. If it receives no acknowledgment in seconds, it will retransmit the LSA.
transmit-delay - Link state transmit delay (1..65535 seconds) is the estimated time it takes to transmit a link state update packet on the interface

OSPF Virtual Links

Virtual links connect physically separate components of backbone area. The two endpoints of a virtual link are area border routers. The virtual link must be configured in both routers.

To add a virtual link use the /routing ospf network add command:

[admin@MikroTik] routing ospf virtual-link> add neighbor-id=10.0.0.201 \
\... transit-area=ex
[admin@MikroTik] routing ospf virtual-link> print
Flags: X - disabled, I - invalid
  #   NEIGHBOR-ID     TRANSIT-AREA
  0   10.0.0.201      ex
[admin@MikroTik] routing ospf virtual-link>

Argument description:

neighbor-id - router-id of the neighbour
transit-area - non-backbone area the two routers have in common

Note that virtual links cannot be established through stub areas

OSPF Neighbours

To see list of OSPF neighbors for router, with brief statistics, use "/routing ospf neighbor print" command.

It also shows the router itself in this list. The next is printed just after adding an OSPF network:

[admin@MikroTik] routing ospf> neighbor print
 router-id=10.0.0.204 address=10.0.0.204 priority=1 state="2-Way"
    state-changes=0 ls-retransmits=0 ls-requests=0 db-summaries=0
    dr-id=0.0.0.0 backup-dr-id=0.0.0.0


[admin@MikroTik] routing ospf>

Description of the printout:

router-id - router-id parameter of the OSPF neighbour
address - appropriate IP address of the OSPF neighbor
priority - priority of neighbor which is used in designated router elections on this network
state - state of connection:

Down - the connection is down
Attempt - sending Hallo packet
Init - Hallo packet received from the neighbour
2-Way - bidirectional communication established
ExStart - negotiating Exchange state
Exchange - exchanging with hole Link-State DataBase
Loading - receiving information from the neighbour
Full - the neighboring routers are fully adjacent (the link-state databases are completely synchronized)
state-changes - number of state changes of the connection
ls-retransmits -number of Link State retransmits
ls-requests - number of Link State requests
db-summaries - number of records in link-state database advertised by the neighbour
dr-id - router id of designated router for this neighbor
backup-dr-id - router id of backup designated router for this neighbor

Running OSPF

After configuring OSPF on a number of interconnected routers, dynamic routes should appear in the ip route print list:

[admin@MikroTik] ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
    #    DST-ADDRESS        G GATEWAY         DISTANCE INTERFACE
    0  S ;;; our default gateway
         0.0.0.0/0          r 10.0.0.1        1        ether1
    1 DC 192.168.0.0/24     r 0.0.0.0         0        ether4
    2 DO 10.10.10.0/24      r 10.10.1.1       110      ether2
    3 DC 10.10.1.0/24       r 0.0.0.0         0        ether2
    4 DC 10.0.0.0/24        r 0.0.0.0         0        ether1
[admin@MikroTik] routing ospf>

In this case, we have one one route connected through 10.10.1.1 router (item #2). As current router distributes its routes too (including default one), in 10.10.1.1 router we have:

[admin@Remote] > ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
    #    DST-ADDRESS        G GATEWAY         DISTANCE INTERFACE
    0 DO 0.0.0.0/0          r 10.10.1.2       110      ether1
    1 DO 192.168.0.0/24     r 10.10.1.2       110      ether1
    2 DC 10.10.10.0/24      r 0.0.0.0         0        radiolan1
    3 DC 10.10.1.0/24       r 0.0.0.0         0        ether1
    4 DO 10.5.5.0/24        r 10.10.1.2       110      ether1
    5 DO 10.0.0.0/24        r 10.10.1.2       110      ether1
[admin@Remote] >

OSPF Troubleshooting

OSPF does not work on point-to-point link (PPP, PPPoE, PPTP)
Make sure you include the remote address of the point-to-point link into the /router ospf network record. For example, if you have

[admin@MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
  #   ADDRESS            NETWORK         BROADCAST       INTERFACE
  0   10.7.1.3/24        10.7.1.0        10.7.1.255      backbone
  1   192.168.223.55/25  192.168.223.0   192.168.223.127 aironet
  2 D 10.2.0.7/32        10.2.0.8        0.0.0.0         pptp-out1
[admin@MikroTik] ip address>

Use /router ospf network add network=10.2.0.8/32 area=backbone.

Additional Resources

Recommended readings for guidelines on building OSPF networks:

http://www.ietf.org/rfc/rfc2328.txt
OSPF Design Guide, Cisco Systems
Designing Large-Scale IP Internetworks, Cisco Systems

OSPF Application Examples

Let us consider the following examples of OSPF protocol used for backup links:

OSPF Backup without using Tunnel
The example is for the situation, when OSPF is running both on the main and the backup routers.
OSPF Backup using Encrypted Tunnel through a Third Party
The example is for situation, when a third party link and routers are involved for backup, and you do not have control over the involved routers.

OSPF Backup without using Tunnel

This example shows how to use OSPF for backup purposes, if you are controlling all the involved routers, and you can run OSPF on them.

Let us assume that the link between the routers OSPF-Main and OSPF-peer-1 is the main one. If it goes down, we want the traffic switch over to the links going through the router OSPF-peer-2.

For this:

We introduce an OSPF area with area ID=0.0.0.1, which includes all three routers shown on the diagram.
Only the OSPF-Main router will have the default route configured. Its interfaces peer1 and peer2 will be configured for the OSPF protocol. The interface main_gw will not be used for distributing the OSPF routing information.
The routers OSPF-peer-1 and OSPF-peer-2 will distribute their connected route information, and receive the default route using the OSPF protocol.

OSPF_Main Router Setup

The IP address configuration of the [OSPF_Main] router is as follows:

[admin@OSPF-Main] interface> /ip address print
Flags: X - disabled, I - invalid, D - dynamic
  #   ADDRESS            NETWORK         BROADCAST       INTERFACE
  0   10.0.0.214/24      10.0.0.0        10.0.0.255      main_gw
  1   10.1.0.2/24        10.1.0.0        10.1.0.255      peer1
  2   10.2.0.2/24        10.2.0.0        10.2.0.255      peer2
[admin@OSPF-Main] interface>

OSPF settings:

[admin@OSPF-Main] > routing ospf print
                 router-id: 0.0.0.0
        distribute-default: if-installed-as-type-2
    redistribute-connected: as-type-1
       redistribute-static: as-type-2
          redistribute-rip: no
          redistribute-bgp: no
            metric-default: 1
          metric-connected: 0
             metric-static: 0
                metric-rip: 0
                metric-bgp: 0

[admin@OSPF-Main] > routing ospf area print
Flags: X - disabled
  0   name=backbone area-id=0.0.0.0 default-cost=0 stub=no
      authentication=none

  1   name=local_10 area-id=0.0.0.1 default-cost=0 stub=no
      authentication=none

[admin@OSPF-Main] > routing ospf network print
Flags: X - disabled
  #   NETWORK            AREA
  0   10.1.0.0/24        local_10
  1   10.2.0.0/24        local_10
[admin@OSPF-Main] >

OSPF-peer-1 Router Setup

The IP address configuration of the [OSPF-peer-1] router is as follows:

[admin@OSPF-peer-1] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
  #   ADDRESS            NETWORK         BROADCAST       INTERFACE
  0   10.1.0.1/24        10.1.0.0        10.1.0.255      main_link
  1   10.3.0.1/24        10.3.0.0        10.3.0.255      backup
  2   192.168.0.1/24     192.168.0.0     192.168.0.255   local
[admin@OSPF-peer-1] >

OSPF settings:

[admin@OSPF-peer-1] > routing ospf print
                 router-id: 0.0.0.0
        distribute-default: never
    redistribute-connected: as-type-1
       redistribute-static: no
          redistribute-rip: no
          redistribute-bgp: no
            metric-default: 1
          metric-connected: 0
             metric-static: 0
                metric-rip: 0
                metric-bgp: 0
[admin@OSPF-peer-1] > routing ospf area print
Flags: X - disabled
  0   name=backbone area-id=0.0.0.0 default-cost=0 stub=no
      authentication=none

  1   name=local_10 area-id=0.0.0.1 default-cost=0 stub=no
      authentication=none

[admin@OSPF-peer-1] > routing ospf network print
Flags: X - disabled
  #   NETWORK            AREA
  0   10.3.0.0/24        local_10
  1   10.1.0.0/24        local_10
[admin@OSPF-peer-1] >

OSPF-peer-2 Router Setup

The IP address configuration of the [OSPF-peer-2] router is as follows:

[admin@OSPF-peer-2] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
  #   ADDRESS            NETWORK         BROADCAST       INTERFACE
  0   10.2.0.1/24        10.2.0.0        10.2.0.255      main
  1   10.3.0.2/24        10.3.0.0        10.3.0.255      to-peer1
[admin@OSPF-peer-2] >

OSPF settings:

[admin@OSPF-peer-2] > routing ospf print
                 router-id: 0.0.0.0
        distribute-default: never
    redistribute-connected: as-type-1
       redistribute-static: no
          redistribute-rip: no
          redistribute-bgp: no
            metric-default: 1
          metric-connected: 0
             metric-static: 0
                metric-rip: 0
                metric-bgp: 0
[admin@OSPF-peer-2] > routing ospf area print
Flags: X - disabled
  0   name=backbone area-id=0.0.0.0 default-cost=0 stub=no
      authentication=none

  1   name=local_10 area-id=0.0.0.1 default-cost=0 stub=no
      authentication=none

[admin@OSPF-peer-2] > routing ospf network print
Flags: X - disabled
  #   NETWORK            AREA
  0   10.2.0.0/24        local_10
  1   10.3.0.0/24        local_10
[admin@OSPF-peer-2] >

Routing Tables

After the three routers have been set up as described above, and the links between them are operational, the routing tables of the three routers should look as follows:

On the main OSPF router:

[admin@OSPF-Main] > ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
    #    DST-ADDRESS        G GATEWAY         DISTANCE INTERFACE
    0  S 0.0.0.0/0          r 10.0.0.1        1        main_gw
    1 DO 192.168.0.0/24     r 10.1.0.1        110      peer1
    2 DC 10.2.0.0/24        r 0.0.0.0         0        peer2
    3 DO 10.3.0.0/24        r 10.2.0.1        110      peer2
                            r 10.1.0.1                 peer1
    4 DC 10.1.0.0/24        r 0.0.0.0         0        peer1
    5 DC 10.0.0.0/24        r 0.0.0.0         0        main_gw

[admin@OSPF-Main] >

On the Peer 1:

[admin@OSPF-peer-1] > ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
    #    DST-ADDRESS        G GATEWAY         DISTANCE INTERFACE
    0 DO 0.0.0.0/0          r 10.1.0.2        110      main_link
    1 DC 192.168.0.0/24     r 0.0.0.0         0        local
    2 DO 10.2.0.0/24        r 10.1.0.2        110      main_link
                            r 10.3.0.2                 backup
    3 DC 10.3.0.0/24        r 0.0.0.0         0        backup
    4 DC 10.1.0.0/24        r 0.0.0.0         0        main_link
    5 DO 10.0.0.0/24        r 10.1.0.2        110      main_link
[admin@OSPF-peer-1] >

On the Peer 2:

[admin@OSPF-peer-2] > ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
    #    DST-ADDRESS        G GATEWAY         DISTANCE INTERFACE
    0 DO 0.0.0.0/0          r 10.2.0.2        110      main
    1 DO 192.168.0.0/24     r 10.3.0.1        110      to-peer1
    2 DC 10.2.0.0/24        r 0.0.0.0         0        main
    3 DC 10.3.0.0/24        r 0.0.0.0         0        to-peer1
    4 DO 10.1.0.0/24        r 10.3.0.1        110      to-peer1
                            r 10.2.0.2                 main
    5 DO 10.0.0.0/24        r 10.2.0.2        110      main
[admin@OSPF-peer-2] >

Please note the three equal cost multipath routes (multiple gateways for one destination) in this setup. They have been created by the OSPF, because there is equal cost to go, for example, from the router OSPF-peer-2 to the network 10.1.0.0/24.

The cost is calculated as the sum of costs over each hop to the destination. Unless this is not specially desired, we may want to avoid such situations, i.e., and adjust the cost settings for the interfaces (links) accordingly.

Routing Tables with Revised Link Cost

Let as assume, that the link between the routers OSPF-peer-1 and OSPF-peer-2 has a higher cost (might be slower, we have to pay more for the traffic through it, etc.). Since we have left all ospf interface cost settings as default (cost=1), we need to change the following settings:

[admin@OSPF-peer-1] > routing ospf interface add interface=backup cost=50
[admin@OSPF-peer-2] > routing ospf interface add interface=to-peer2 cost=50

The revised network diagram:

After changing the cost settings, we have only one equal cost multipath route left - to the network 10.3.0.0/24 from the OSPF-Main router:

On the main OSPF router:

[admin@OSPF-Main] > ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
    #    DST-ADDRESS        G GATEWAY         DISTANCE INTERFACE
    0  S 0.0.0.0/0          r 10.0.0.1        1        main_gw
    1 DO 192.168.0.0/24     r 10.1.0.1        110      peer1
    2 DC 10.2.0.0/24        r 0.0.0.0         0        peer2
    3 DO 10.3.0.0/24        r 10.2.0.1        110      peer2
                            r 10.1.0.1                 peer1
    4 DC 10.1.0.0/24        r 0.0.0.0         0        peer1
    5 DC 10.0.0.0/24        r 0.0.0.0         0        main_gw

[admin@OSPF-Main] >

On the Peer 1:

[admin@OSPF-peer-1] > ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
    #    DST-ADDRESS        G GATEWAY         DISTANCE INTERFACE
    0 DO 0.0.0.0/0          r 10.1.0.2        110      main_link
    1 DC 192.168.0.0/24     r 0.0.0.0         0        local
    2 DO 10.2.0.0/24        r 10.1.0.2        110      main_link
    3 DC 10.3.0.0/24        r 0.0.0.0         0        backup
    4 DC 10.1.0.0/24        r 0.0.0.0         0        main_link
    5 DO 10.0.0.0/24        r 10.1.0.2        110      main_link
[admin@OSPF-peer-1] >

On the Peer 2:

[admin@OSPF-peer-2] > ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
    #    DST-ADDRESS        G GATEWAY         DISTANCE INTERFACE
    0 DO 0.0.0.0/0          r 10.2.0.2        110      main
    1 DO 192.168.0.0/24     r 10.3.0.1        110      to-peer1
    2 DC 10.2.0.0/24        r 0.0.0.0         0        main
    3 DC 10.3.0.0/24        r 0.0.0.0         0        to-peer1
    4 DO 10.1.0.0/24        r 10.2.0.2        110      main
    5 DO 10.0.0.0/24        r 10.2.0.2        110      main
[admin@OSPF-peer-2] >

Functioning of the Backup

If the link between routers OSPF-Main and OSPF-peer-1 goes down, we have the following situation:

The OSPF routing changes as follows:

On the main OSPF router:

[admin@OSPF-Main] > ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
    #    DST-ADDRESS        G GATEWAY         DISTANCE INTERFACE
    0  S 0.0.0.0/0          r 10.0.0.1        1        main_gw
    1 DO 192.168.0.0/24     r 10.2.0.1        110      peer2
    2 DC 10.2.0.0/24        r 0.0.0.0         0        peer2
    3 DO 10.3.0.0/24        r 10.2.0.1        110      peer2
    4 DC 10.1.0.0/24        r 0.0.0.0         0        peer1
    5 DC 10.0.0.0/24        r 0.0.0.0         0        main_gw

[admin@OSPF-Main] >

On the Peer 1:

[admin@OSPF-peer-1] > ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
    #    DST-ADDRESS        G GATEWAY         DISTANCE INTERFACE
    0 DO 0.0.0.0/0          r 10.3.0.2        110      backup
    1 DC 192.168.0.0/24     r 0.0.0.0         0        local
    2 DO 10.2.0.0/24        r 10.3.0.2        110      backup
    3 DC 10.3.0.0/24        r 0.0.0.0         0        backup
    4 DC 10.1.0.0/24        r 0.0.0.0         0        main_link
    5 DO 10.0.0.0/24        r 10.3.0.2        110      backup
[admin@OSPF-peer-1] >

On the Peer 2:

[admin@OSPF-peer-2] > ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
    #    DST-ADDRESS        G GATEWAY         DISTANCE INTERFACE
    0 DO 0.0.0.0/0          r 10.2.0.2        110      main
    1 DO 192.168.0.0/24     r 10.3.0.1        110      to-peer1
    2 DC 10.2.0.0/24        r 0.0.0.0         0        main
    3 DC 10.3.0.0/24        r 0.0.0.0         0        to-peer1
    4 DO 10.1.0.0/24        r 10.2.0.2        110      main
    5 DO 10.0.0.0/24        r 10.2.0.2        110      main
[admin@OSPF-peer-2] >

The change of the routing takes approximately 40 seconds (the hello-interval setting). If required, this setting can be adjusted, but it should be done on all routers within the OSPF area!

OSPF Backup using Encrypted Tunnel through a Third Party

This example shows how to use OSPF for backup purposes, if you have to use third party link for backup, and you are not controlling the routers on the backup link.

Let us assume that the link between the routers OSPF-Main and OSPF-peer-1 is the main one. When the main link goes down, the backup link should go through the ISP-2 router. Since we cannot control the ISP-2 router, we cannot run OSPF on the backup router like in the previous example with OSPF-peer-2. Therefore we have to create a tunnel between the routers OSPF-Main and OSPF-peer-1 that goes through the ISP-2 router. Thus, we will have two links between the routers, and the traffic should switch over to the backup when the main link goes down.

For this:

We create a PPTP tunnel between our two routers, which goes over the ISP-2 router. Please consult the PPTP Interface Manual on how to create PPTP tunnels.
Only the OSPF-Main router will have the default route configured. Its interfaces peer1 and pptp-in1 will be configured for the OSPF protocol. The interface main_gw will not be used for distributing the OSPF routing information.
The router OSPF-peer-1 will distribute its connected and static route information, and receive the default route from OSPF-main using the OSPF protocol.

OSPF_Main Router Setup

The PPTP static server configuration is as follows:

[OSPF-Main] >
/ip route add dst-address=10.3.0.1/32 gateway=10.2.0.1 
/ppp secret add name=ospf service=pptp password=asdf4 \
     local-address=10.4.0.2 remote-address=10.4.0.1
/interface pptp-server add name=pptp-in1 user=ospf
/interface pptp-server server set enabled=yes
/interface pptp-server print
Flags: X - disabled, D - dynamic, R - running
  #     NAME                 USER         MTU   CLIENT-ADDRESS  UPTIME   ENC...
  0     pptp-in1             ospf
[OSPF-Main] >

The IP address configuration of the [OSPF_Main] router is as follows:

[OSPF-Main] > ip address print                                                 
Flags: X - disabled, I - invalid, D - dynamic 
  #   ADDRESS            NETWORK         BROADCAST       INTERFACE             
  0   10.0.0.214/24      10.0.0.0        10.0.0.255      main_gw               
  1   10.2.0.2/24        10.2.0.0        10.2.0.255      isp2                  
  2   10.1.0.2/24        10.1.0.0        10.1.0.255      peer1                 
  3 D 10.4.0.2/32        10.4.0.1        0.0.0.0         pptp-in1             
[OSPF-Main] >

OSPF settings:

[OSPF-Main] routing ospf> print                                                
                 router-id: 0.0.0.0
        distribute-default: if-installed-as-type-1
    redistribute-connected: as-type-1
       redistribute-static: no
          redistribute-rip: no
          redistribute-bgp: no
            metric-default: 1
          metric-connected: 20
             metric-static: 20
                metric-rip: 20
                metric-bgp: 20
[OSPF-Main] routing ospf> interface add interface=pptp-in1 cost=50                       
[OSPF-Main] routing ospf> interface print                                      
  0 interface=pmi cost=150 priority=1 authentication-key="" retransmit-interval=5s 
    transmit-delay=1s hello-interval=10s dead-interval=40s 

[OSPF-Main] routing ospf> area print                                           
Flags: X - disabled, I - invalid 
  #   NAME                                        AREA-ID         STUB DEFAULT-COST AUTHENTICATION
  0   backbone                                    0.0.0.0                           none          
[OSPF-Main] routing ospf> network print                                        
Flags: X - disabled, I - invalid 
  #   NETWORK            AREA                                                                     
  0   10.1.0.0/24        backbone                                                                 
  1   10.4.0.1/32        backbone                                                                 
[OSPF-Main] routing ospf>

Note, that the OSPF is configured only for the peer1 and pptp-in1 interfaces. Since the pptp-in1 is a point-to-point interface, the network address has 32 bits.

OSPF-peer-1 Router Setup

The PPTP client configuration is as follows:

[OSPF-peer-1] >
/ip route add dst-address=10.2.0.2/32 gateway=10.3.0.2 
/interface pptp-client add name=pptp-out1 user=ospf \
    connect-to=10.2.0.2 password=asdf4 mtu=1500 mru=1500
/interface pptp-client enable pptp-out1
/interface pptp-client print
Flags: X - disabled, R - running
  0  R name="pptp-out1" mtu=1500 mru=1500 connect-to=10.2.0.2 user="ospf"
       password="asdf4" profile=default add-default-route=no

/interface pptp-client monitor pptp-out1
      status: "connected"
      uptime: 39m46s
    encoding: "none"

[OSPF-peer-1] >

The IP address configuration of the [OSPF-peer-1] router is as follows:

[OSPF-peer-1] > ip address print                                               
Flags: X - disabled, I - invalid, D - dynamic 
  #   ADDRESS            NETWORK         BROADCAST       INTERFACE             
  0   10.1.0.1/24        10.1.0.0        10.1.0.255      main_link             
  1   10.3.0.1/24        10.3.0.0        10.3.0.255      backup                
  2   192.168.0.1/24     192.168.0.0     192.168.0.255   local                 
  3 D 10.4.0.1/32        10.4.0.2        0.0.0.0         pptp-out1             
[OSPF-peer-1] >

OSPF settings:

[OSPF-peer-1] routing ospf> print                                              
                 router-id: 0.0.0.0
        distribute-default: never
    redistribute-connected: as-type-1
       redistribute-static: no
          redistribute-rip: no
          redistribute-bgp: no
            metric-default: 1
          metric-connected: 20
             metric-static: 20
                metric-rip: 20
                metric-bgp: 20
[OSPF-peer-1] routing ospf> interface add interface=pptp-out1 cost=50                    
[OSPF-peer-1] routing ospf> interface print                                    
  0 interface=pptp-out1 cost=50 priority=1 authentication-key="" 
    retransmit-interval=5s transmit-delay=1s hello-interval=10s dead-interval=40s 

[OSPF-peer-1] routing ospf> area print                                         
Flags: X - disabled, I - invalid 
  #   NAME                            AREA-ID         STUB DEFAULT-COST AUTHENTICATION
  0   backbone                        0.0.0.0                           none          

[OSPF-peer-1] routing ospf> network print                                      
Flags: X - disabled, I - invalid 
  #   NETWORK            AREA                                                         
  0   10.1.0.0/24        backbone                                                     
  1   10.4.0.2/32        backbone                                                     
[OSPF-peer-1] routing ospf>

Routing Tables

After the PPTP tunnel and OSPF protocol between two routers has been set up as described above, and the links between them are operational, the routing tables of the two routers should look as follows:

[OSPF-Main] > ip route print                                                   
Flags: X - disabled, I - invalid, D - dynamic, J - rejected, 
C - connect, S - static, R - rip, O - ospf, B - bgp 
    #    DST-ADDRESS        G GATEWAY         DISTANCE INTERFACE               
    0  S 0.0.0.0/0          r 10.0.0.1        1        main_gw                 
    1  S 10.3.0.1/32        r 10.2.0.1        1        isp2                    
    2 DO 192.168.3.0/24     r 10.1.0.1        110      peer1                   
    3 DO 192.168.0.0/24     r 10.1.0.1        110      peer1                   
    4 DO 10.4.0.2/32        r 10.1.0.1        110      peer1                   
    5 DC 10.4.0.1/32        r 0.0.0.0         0        pptp-in1                
    6 DO 10.3.0.0/24        r 10.1.0.1        110      peer1                   
    7 DC 10.2.0.0/24        r 0.0.0.0         0        isp2                    
    8 DO 10.2.0.2/32        r 10.1.0.1        110      peer1                   
    9 DC 10.1.0.0/24        r 0.0.0.0         0        peer1                   
   10 DC 10.0.0.0/24        r 0.0.0.0         0        main_gw                 
[OSPF-Main] >   
=============================================================================
[OSPF-peer-1] > ip route print                                                 
Flags: X - disabled, I - invalid, D - dynamic, J - rejected, 
C - connect, S - static, R - rip, O - ospf, B - bgp 
    #    DST-ADDRESS        G GATEWAY         DISTANCE INTERFACE               
    0  S 10.2.0.0/24        r 10.3.0.2        1        backup                  
    1  S 192.168.3.0/24     r 192.168.0.20    1        local                   
    2  S 10.2.0.2/32        r 10.3.0.2        1        backup                  
    3 DO 0.0.0.0/0          r 10.1.0.2        110      main_link               
    4 DC 192.168.0.0/24     r 0.0.0.0         0        local                   
    5 DC 10.4.0.2/32        r 0.0.0.0         0        pptp-out1               
    6 DO 10.4.0.1/32        r 10.1.0.2        110      main_link               
    7 DC 10.3.0.0/24        r 0.0.0.0         0        backup                  
    8 DC 10.1.0.0/24        r 0.0.0.0         0        main_link               
    9 DO 10.0.0.0/24        r 10.1.0.2        110      main_link               
[OSPF-peer-1] >

Functioning of the Backup

If the link between routers OSPF-Main and OSPF-peer-1 goes down, the OSPF routing changes as follows:

[OSPF-Main] > ip route print                                                   
Flags: X - disabled, I - invalid, D - dynamic, J - rejected, 
C - connect, S - static, R - rip, O - ospf, B - bgp 
    #    DST-ADDRESS        G GATEWAY         DISTANCE INTERFACE               
    0  S 0.0.0.0/0          r 10.0.0.1        1        main_gw                 
    1  S 10.3.0.1/32        r 10.2.0.1        1        isp2                    
    2 DO 192.168.3.0/24     r 10.4.0.1        110      pptp-in1                
    3 DO 192.168.0.0/24     r 10.4.0.1        110      pptp-in1                
    4 DO 10.4.0.2/32        r 10.4.0.1        110      pptp-in1                
    5 DC 10.4.0.1/32        r 0.0.0.0         0        pptp-in1                
    6 DO 10.3.0.0/24        r 10.4.0.1        110      pptp-in1                
    7 DC 10.2.0.0/24        r 0.0.0.0         0        isp2                    
    8 DO 10.2.0.2/32        r 10.4.0.1        110      pptp-in1                
    9 DC 10.1.0.0/24        r 0.0.0.0         0        peer1                   
   10 DC 10.0.0.0/24        r 0.0.0.0         0        main_gw                 
[OSPF-Main] > 
==========================================================
[OSPF-peer-1] > ip route print                                                 
Flags: X - disabled, I - invalid, D - dynamic, J - rejected, 
C - connect, S - static, R - rip, O - ospf, B - bgp 
    #    DST-ADDRESS        G GATEWAY         DISTANCE INTERFACE               
    0  S 10.2.0.0/24        r 10.3.0.2        1        backup                  
    1  S 192.168.3.0/24     r 192.168.0.20    1        local                   
    2  S 10.2.0.2/32        r 10.3.0.2        1        backup                  
    3 DO 0.0.0.0/0          r 10.4.0.2        110      pptp-out1               
    4 DC 192.168.0.0/24     r 0.0.0.0         0        local                   
    5 DC 10.4.0.2/32        r 0.0.0.0         0        pptp-out1               
    6 DO 10.4.0.1/32        r 10.4.0.2        110      pptp-out1               
    7 DC 10.3.0.0/24        r 0.0.0.0         0        backup                  
    8 DC 10.1.0.0/24        r 0.0.0.0         0        main_link               
    9 DO 10.0.0.0/24        r 10.4.0.2        110      pptp-out1               
[OSPF-peer-1] >

As we see, all routing goes through the PPTP tunnel now.