FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes the implementation of shortest path first scheduling and throttling in FortiOS.
- When an OSPF router receives an updated LSA, it does not run SPF right away but schedules it. It does so in case there is a change in the topology.
- However, the local router is probably not the only one affected so it is likely that receive more than one updated LSA. The router waits for a short while so that it only has to run SPF once for all updated LSAs.
- If the topology change is caused by a flapping link then the router would run SPF over and over again, increasing its load. To ensure this doesn’t happen, the delay before SPF runs will keep increasing if updated LSAs are still received. Fortinet allows for the configuration of SPF delay time and SPF hold time as mentioned below.
- The SPF delay_integer specifies the delay after a routing update is received until the SPF calculation is performed. The SPF hold_integer specifies the time between SPF calculations. The default in seconds is 5 for the delay_integer and 10 for the hold_integer
- If the OSPF routing environment permits, increase the delay and frequency in which SPF calculations are performed is possible.
Configure values where the first number is the delay integer and the second is the hold integer
set spf-timers “delay_integer” “hold_integer” <enter>
<delay timer>:a delay timer in seconds between receiving a change to SPF calculation <hold timer>: a hold timer in seconds between consecutive SPF calculations.
# configure router ospf set spf-timers 60 3600 end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.