- Interfaces,OSPF multi-VRF gives you the ability to segment parts of your network and configure those segments to perform specific functions while still maintaining correct routing information.
- Routing tables
- Forwarding tables
CLI syntaxconfig system interfaceWhere vrf is a value of 0 to 31. FortiOS supports 32 VRFs (numbered 0 to 31) per VDOM.
edit <name>
set vrf <VRF ID>
next
end
Verifying the OSPF Multi-VRF Configurationget router info ospf neighbor
get router info ospf interface
get router info routing-table ospf
Example for Core /Hub Firewall Interface:config system interfaceOSPF Configuration:
edit "VPN-OSPF" ---> VPN Tunnel interface
set vdom "root"
set vrf 20
set ip 10.20.10.2 255.255.255.255
set type tunnel
set remote-ip 10.20.10.1 255.255.255.255
set snmp-index 15
set interface "port2"
next
end
edit "port3"
set vdom "root"
set ip 172.31.139.173 255.255.240.0
set allowaccess ping https ssh http telnet
set type physical
set explicit-web-proxy enable
set security-mode captive-portal
set snmp-index 3
config ipv6
set ip6-address fd01::1/64
set ip6-allowaccess ping
set ip6-send-adv enable
end
next
endconfig router ospfDiagnose output:
set router-id 4.4.4.4
config area
edit 0.0.0.0
next
end
config ospf-interface
edit "Spoke1"
set interface "port3" -->Port 1 interface belongs to VRF 0
set dead-interval 40
set hello-interval 10
next
edit "Spoke2"
set interface " VPN-OSPF " --> VPN-OSPF interface belongs to VRF 20
set dead-interval 40
set hello-interval 10
next
end
config network
edit 2
set prefix 172.31.139.0 255.255.255.0
next
edit 3
set prefix 192.168.1.1 255.255.255.255
next
edit 4
set prefix 10.20.10.0 255.255.255.0
next
endget router info ospf neighbor
OSPF process 0, VRF 0:
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 1 Full/DR 00:00:39 172.31.132.177 port3
1.1.1.1 1 Full/Backup 00:00:30 172.31.133.44 port3
OSPF process 20, VRF 20:
Neighbor ID Pri State Dead Time Address Interface
5.5.5.5 1 Full/ - 00:00:36 10.20.10.1 VPN-OSPF
# get router info routing-table ospf
Routing table for VRF=0
O E2 1.1.1.1/32 [110/10] via 172.31.133.44, port3, 00:02:05
[110/10] via 172.31.132.177, port3, 00:02:05
O E2 10.10.10.2/32 [110/10] via 172.31.133.44, port3, 00:02:05
O E2 10.10.10.3/32 [110/10] via 172.31.132.177, port3, 00:02:05
O E2 10.146.0.0/20 [110/10] via 172.31.133.44, port3, 00:02:05
[110/10] via 172.31.132.177, port3, 00:02:05
O E2 169.254.1.1/32 [110/10] via 172.31.133.44, port3, 00:02:05
Routing table for VRF=20
O E2 10.5.48.0/20 [110/10] via 10.20.10.1, VPN-OSPF, 00:02:09
get router info ospf interface
port3 is up, line protocol is up
Internet Address 172.31.139.173/20, Area 0.0.0.0, MTU 1500
Process ID 0, VRF 0, Router ID 4.4.4.4, Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State DROther, Priority 1
Designated Router (ID) 3.3.3.3, Interface Address 172.31.132.177
Backup Designated Router (ID) 1.1.1.1, Interface Address 172.31.133.44
Timer intervals configured, Hello 10.000, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:05
Neighbor Count is 2, Adjacent neighbor count is 2
Crypt Sequence Number is 350803
Hello received 52 sent 27, DD received 8 sent 8
LS-Req received 2 sent 3, LS-Upd received 11 sent 4
LS-Ack received 7 sent 7, Discarded 6
VPN-OSPF is up, line protocol is up
Internet Address 10.20.10.2/32, Area 0.0.0.0, MTU 1438
Process ID 20, VRF 20, Router ID 4.4.4.4, Network Type POINTOPOINT, Cost: 100
Transmit Delay is 1 sec, State Point-To-Point
Timer intervals configured, Hello 10.000, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:08
Neighbor Count is 1, Adjacent neighbor count is 1
Crypt Sequence Number is 350803
Hello received 26 sent 27, DD received 3 sent 4
LS-Req received 0 sent 1, LS-Upd received 1 sent 1
LS-Ack received 1 sent 1, Discarded 0
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.