- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: OSPF route summarization on ABR
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OSPF route summarization on ABR
Hi,
i'm stuck with the route summarization on an ospf abr.
We have a few hundred teleworkers connected via a service provider which we have a ospf coupling to.
The provider assigns every teleworker a small /29 subnet, which we learn through ospf on all routers in our internal network.
In consultation with our provider these subnets are all from an easy aggregatebale range.
What i now want to do is to summarize all these small subnets on the fortigate in one large supernet, to get rid of hundreds of small routes on every routing device in our internal network. (see attached drawing).
From what i read so far, it should be enough to set a range within the area configuration. (https://docs.fortinet.com/document/fortiswitch/6.4.2/administration-guide/865768/ospf-routing)
(https://kb.fortinet.com/kb/documentLink.do?externalID=FD30329)
(https://forum.fortinet.com/tm.aspx?m=152390)
The "config summary-address" statement seems to be only for the summary on non-OSPF Routes on an ASBR. Here is my ospf config from the fg1500d device:
config router ospf
set router-id 0.0.0.1
set restart-mode graceful-restart
config area
edit 0.0.0.0
next
edit 0.1.0.1
config range
edit 1
set prefix 10.11.192.0 255.255.240.0
next
end
next
end
config ospf-interface
edit "ospf_vrf0"
set interface "Transfer_VRF0"
set ip 10.254.7.1
set authentication text
set authentication-key <key>
set priority 100
set dead-interval 40
set hello-interval 10
next
edit "ospf_telekom-mpls"
set interface "MPLS_TCOM"
set ip 10.254.12.33
set dead-interval 40
set hello-interval 10
next
end
config network
edit 1
set prefix 10.254.7.0 255.255.255.248
next
edit 2
set prefix 10.254.12.32 255.255.255.248
set area 0.1.0.1
next
end
config redistribute "connected"
set status enable
end
config redistribute "static"
set status enable
end
config redistribute "rip"
end
config redistribute "bgp"
end
config redistribute "isis"
end
end
But when i have a look in the routing table on the core switch i see still all the small subnet routes an no entry for the summarized net at all.
DST MASK NEXT VRF/ISID COST FACE PROT AGE TYPE PRF
-----------------------------------------------------------------------------------------------------
10.11.200.8 255.255.255.248 10.254.7.1 GlobalRouter 111 606 OSPF 0 IB 120
10.11.200.9 255.255.255.255 10.254.7.1 GlobalRouter 111 606 OSPF 0 IB 120
10.11.200.16 255.255.255.248 10.254.7.1 GlobalRouter 111 606 OSPF 0 IB 120
10.11.200.17 255.255.255.255 10.254.7.1 GlobalRouter 111 606 OSPF 0 IB 120
10.11.200.24 255.255.255.248 10.254.7.1 GlobalRouter 111 606 OSPF 0 IB 120
10.11.200.25 255.255.255.255 10.254.7.1 GlobalRouter 111 606 OSPF 0 IB 120
10.11.200.32 255.255.255.248 10.254.7.1 GlobalRouter 111 606 OSPF 0 IB 120
10.11.200.33 255.255.255.255 10.254.7.1 GlobalRouter 111 606 OSPF 0 IB 120
I have no idea what i'm doing wrong, so any help would be much apprechiated.
Best regards, Tim
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tim,
your config seems correct, except for maybe the prefix used for the range command.
As it is now, it doesn't cover the routes you show (10.11.200.x), assuming those are the ones you're referring to.
In the diagram, the suggested summary is 10.11.192.0/20, that will indeed cover them.
I'd suggest you fix that first, and if that doesn't work (it should) collect on the fgt:
get router info ospf database router lsa
get router info ospf database brief
Related Posts
- Routing Issue on FortiGate 7.2.8 473 Views
- dynamic ipool change - SNAT fort... 277 Views
- VPN intermittent traffic lost, found reverse... 1044 Views
- Policy based routing questions 443 Views
- sd-wan zones for mpls and isp... 367 Views
Labels
-
FortiGate
6,766 -
FortiClient
1,345 -
5.2
801 -
5.4
639 -
FortiManager
581 -
FortiAnalyzer
425 -
6.0
416 -
5.6
362 -
FortiSwitch
347 -
FortiAP
346 -
FortiClient EMS
274 -
FortiMail
263 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
160 -
6.4
128 -
FortiNAC
113 -
FortiGuard
108 -
FortiSIEM
91 -
FortiGateCloud
88 -
IPsec
87 -
FortiCloud Products
85 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
69 -
4.0MR3
64 -
Wireless Controller
62 -
FortiProxy
47 -
FortiADC
44 -
FortiEDR
41 -
Fortivoice
41 -
FortiGate v5.4
34 -
FortiDNS
34 -
SD-WAN
34 -
FortiExtender
33 -
FortiSandbox
33 -
FortiSwitch v6.4
30 -
Firewall policy
30 -
High Availability
24 -
FortiConnect
24 -
VLAN
23 -
FortiAuthenticator
22 -
FortiWAN
22 -
FortiConverter
21 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
Certificate
16 -
SAML
15 -
FortiMonitor
14 -
BGP
14 -
DNS
14 -
Interface
14 -
Logging
14 -
FortiGate v5.0
13 -
FortiDDoS
13 -
LDAP
12 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
fortilink
11 -
RADIUS
10 -
Virtual IP
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
Authentication
9 -
SSL SSH inspection
9 -
Traffic shaping
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
SSID
8 -
FortiSOAR
8 -
SSO
8 -
Application control
8 -
RMA Information and Announcements
7 -
FortiAnalyzer v5.0
7 -
Fortigate Cloud
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
FortiBridge
6 -
SNMP
6 -
Web profile
6 -
Proxy policy
5 -
Traffic shaping policy
5 -
FortiAP profile
5 -
Web application firewall profile
5 -
FortiTester
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Packet capture
4 -
Antivirus profile
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
FortiToken Cloud
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
trunk
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Users
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.