Description

This article describes a method of controlling OSPF route preference when two OSPF neighbors have parallel (redundant) links between them. Consider the following example topology:

In the above scenario, OSPF is enabled on all interfaces of FGT1 and FGT2, and the following requirements must be met from a route advertisement perspective:

• FGT1 should learn and prefer a default route and a route to 192.168.182.0/23 via wan1.
• FGT2 should learn and prefer a route to 10.160.0.0/23 via wan1.
• For both FortiGates, wan2 should be available as a backup path to reach the other peer's network(s).
  

Scope

FortiGate, OSPF.

Solution

The solution presented in this article uses OSPF interface cost as a means of applying preference for different OSPF paths.

Step 1: Situation with existing default settings.

FGT1:

FGT1 # get router info ospf neighbor

OSPF process 0:
Neighbor ID     Pri   State           Dead Time   Address         Interface
10.2.2.2          1   Full/Backup     00:00:33    10.182.0.187    wan1
10.2.2.2          1   Full/Backup     00:00:31    10.183.0.187    wan2

FGT1 # get router info routing-table ospf

Routing table for VRF=0

O*E2    0.0.0.0/0 [110/10] via 10.183.0.187, wan2, 00:00:01
                  [110/10] via 10.182.0.187, wan1, 00:00:01
O       192.168.182.0/23 [110/20] via 10.183.0.187, wan2, 00:02:04
                         [110/20] via 10.182.0.187, wan1, 00:02:04

FGT2:

FGT2 # get router info ospf  neighbor

OSPF process 0:
Neighbor ID     Pri   State           Dead Time   Address         Interface
10.1.1.1          1   Full/DR         00:00:38    10.182.0.57     wan1
10.1.1.1          1   Full/DR         00:00:38    10.183.0.57     wan2

FGT2 # get router info routing-table ospf

Routing table for VRF=0

O       10.160.0.0/23 [110/20] via 10.183.0.57, wan2, 00:00:39
                      [110/20] via 10.182.0.57, wan1, 00:00:39

As per the above output, each FortiGate has established an OSPF adjacency to the other, and they each have installed parallel (ECMP). OSPF routes into the routing table for wan1 and wan2.

Step 2: Controlling OSPF path preference on FGT2.

To configure FGT2 to prefer wan1 over wan2, increase the OSPF cost of the wan2 interface on FGT2 to 200 (10 being the default in this situation):

config router ospf

    config ospf-interface

        edit 'WAN2_higher_cost'

            set cost 200
            set interface 'wan2'

        next

    end

end

After making this change on FGT2, checking FGT1 shows that no changes to the existing routes have occurred:

FGT1 # get router info  routing-table ospf

Routing table for VRF=0

O*E2    0.0.0.0/0 [110/10] via 10.183.0.187, wan2, 00:07:33
                  [110/10] via 10.182.0.187, wan1, 00:07:33
O       192.168.182.0/23 [110/20] via 10.183.0.187, wan2, 00:07:33
                         [110/20] via 10.182.0.187, wan1, 00:07:33

However, on FGT2, the routing table indicates that wan1 is now the sole installed route to 10.160.0.0/23:

FGT2 # get router info routing-table ospf

O       10.160.0.0/23 [110/20] via 10.182.0.57, wan1, 00:05:18

Checking the OSPF Link State Database (LSDB) on both FGT1 and FGT2 shows the cost interface reported for FGT2 (10.2.2.2):

FGT1:

FGT1 # get router info ospf database router lsa

  Router Link States (Area 0.0.0.0)

  LS age: 16
  Options: 0x2 (*|-|-|-|-|-|E|-)
  Flags: 0x0
  LS Type: router-LSA
  Link State ID: 10.1.1.1
  Advertising Router: 10.1.1.1
  LS Seq Number: 8000000f
  Checksum: 0xd97c
  Length: 60
   Number of Links: 3

    Link connected to: Stub Network
     (Link ID) Network/subnet number: 10.160.0.0
     (Link Data) Network Mask: 255.255.254.0
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.183.0.187
     (Link Data) Router Interface address: 10.183.0.57
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.182.0.187
     (Link Data) Router Interface address: 10.182.0.57
      Number of TOS metrics: 0
       TOS 0 Metric: 10

  LS age: 21
  Options: 0x2 (*|-|-|-|-|-|E|-)
  Flags: 0x2 : ASBR
  LS Type: router-LSA
  Link State ID: 10.2.2.2
  Advertising Router: 10.2.2.2
  LS Seq Number: 80000013
  Checksum: 0x48c8
  Length: 60
   Number of Links: 3

    Link connected to: Stub Network
     (Link ID) Network/subnet number: 192.168.182.0
     (Link Data) Network Mask: 255.255.254.0
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.183.0.187
     (Link Data) Router Interface address: 10.183.0.187
      Number of TOS metrics: 0
       TOS 0 Metric: 200

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.182.0.187
     (Link Data) Router Interface address: 10.182.0.187
      Number of TOS metrics: 0
       TOS 0 Metric: 10

FGT2:

FGT2 # get router info ospf database router lsa

  Router Link States (Area 0.0.0.0)

  LS age: 258
  Options: 0x2 (*|-|-|-|-|-|E|-)
  Flags: 0x0
  LS Type: router-LSA
  Link State ID: 10.1.1.1
  Advertising Router: 10.1.1.1
  LS Seq Number: 80000008
  Checksum: 0x5b07
  Length: 60
   Number of Links: 3

    Link connected to: Stub Network
     (Link ID) Network/subnet number: 10.160.0.0
     (Link Data) Network Mask: 255.255.254.0
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.183.0.57
     (Link Data) Router Interface address: 10.183.0.57
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.182.0.57
     (Link Data) Router Interface address: 10.182.0.57
      Number of TOS metrics: 0
       TOS 0 Metric: 10

  LS age: 257
  Options: 0x2 (*|-|-|-|-|-|E|-)
  Flags: 0x2 : ASBR
  LS Type: router-LSA
  Link State ID: 10.2.2.2
  Advertising Router: 10.2.2.2
  LS Seq Number: 8000000c
  Checksum: 0xc953
  Length: 60
   Number of Links: 3

    Link connected to: Stub Network
     (Link ID) Network/subnet number: 192.168.182.0
     (Link Data) Network Mask: 255.255.254.0
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.183.0.57
     (Link Data) Router Interface address: 10.183.0.187
      Number of TOS metrics: 0
       TOS 0 Metric: 200

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.182.0.57
     (Link Data) Router Interface address: 10.182.0.187
      Number of TOS metrics: 0
       TOS 0 Metric: 10

Step 3: Controlling OSPF path preference on FGT1

Just as with FGT2, increasing the OSPF cost of the wan2 interface on FGT1 to 200 will result in wan1 being preferred over wan2.

config router ospf

    config ospf-interface

        edit 'WAN2_higher_cost'

            set cost 200
            set interface 'wan2'

        next

    end

end

Rechecking the routing table on FGT1 and FGT2 shows that both now prefer wan1 for the routes advertised by their respective peer:

FGT1:

FGT1 # get router info routing-table ospf

Routing table for VRF=0

O*E2    0.0.0.0/0 [110/10] via 10.182.0.187, wan1, 00:00:40
O       192.168.182.0/23 [110/20] via 10.182.0.187, wan1, 00:00:40

FGT2:

FGT2 # get router info routing-table ospf

Routing table for VRF=0

O       10.160.0.0/23 [110/20] via 10.182.0.57, wan1, 00:09:37

Finally, checking the LSDB on FGT1 (10.1.1.1) shows the interface cost value increase for both OSPF peers now:

FGT1 # get router info  ospf  database  router lsa

  Router Link States (Area 0.0.0.0)

  LS age: 81
  Options: 0x2 (*|-|-|-|-|-|E|-)
  Flags: 0x0
  LS Type: router-LSA
  Link State ID: 10.1.1.1
  Advertising Router: 10.1.1.1
  LS Seq Number: 8000000b
  Checksum: 0xe637
  Length: 60
   Number of Links: 3

    Link connected to: Stub Network
     (Link ID) Network/subnet number: 10.160.0.0
     (Link Data) Network Mask: 255.255.254.0
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.183.0.187
     (Link Data) Router Interface address: 10.183.0.57
      Number of TOS metrics: 0
       TOS 0 Metric: 200

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.182.0.57
     (Link Data) Router Interface address: 10.182.0.57
      Number of TOS metrics: 0
       TOS 0 Metric: 10

  LS age: 83
  Options: 0x2 (*|-|-|-|-|-|E|-)
  Flags: 0x2 : ASBR
  LS Type: router-LSA
  Link State ID: 10.2.2.2
  Advertising Router: 10.2.2.2
  LS Seq Number: 8000000e
  Checksum: 0xfc9b
  Length: 60
   Number of Links: 3

    Link connected to: Stub Network
     (Link ID) Network/subnet number: 192.168.182.0
     (Link Data) Network Mask: 255.255.254.0
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.183.0.187
     (Link Data) Router Interface address: 10.183.0.187
      Number of TOS metrics: 0
       TOS 0 Metric: 200

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.182.0.57
     (Link Data) Router Interface address: 10.182.0.187
      Number of TOS metrics: 0
       TOS 0 Metric: 10

Step 4: Verifying wan2 as a backup/redundant route

When wan1 is brought down, the OSPF routes associated with wan2 are installed in the routing table:

FGT1:

FGT1 # get router info routing-table ospf

Routing table for VRF=0

O*E2    0.0.0.0/0 [110/10] via 10.183.0.187, wan2, 00:00:06
O       192.168.182.0/23 [110/210] via 10.183.0.187, wan2, 00:00:06

FGT2:

FGT2 # get router info routing-table ospf

O       10.160.0.0/23 [110/210] via 10.183.0.57, wan2, 00:00:14