It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Install and Configure the OSPF/RIP/BGP Service

  • Last updated on

This article provides step-by-step information on how to install and configure dynamic routing protocols.  

Configure OSPF/RIP/BGP

To configure OSPF/RIP/BGP settings, proceed with the following steps:

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > OSPF-RIP-BGP-Service.
  2. Click Lock.
  3. In the left menu, click Operational Setup. General parameters of the dynamic routing protocols, like enabling/disabling the protocol and handling of dynamic routes, are configured.

On a Barracuda CloudGen Firewall, route selection is directly dependent on the metric of a route; routes with a lower metric are preferred to routes with a higher metric. Static routes have a metric of 1 by default. RIP routes can have a maximum metric of 15 hops, and OSPF routes will mostly have a cost of more than 20. Since OSPF routes are preferred to RIP routes, metrics can be increased artificially through defining administrative distances. The corresponding parameter Administrative Distance for RIP is set to 120 and Admin Distance related to OSPF is left empty by default. The value specified for the administrative distance will be added to every route learned through OSPF or RIP respectively.

Operational Setup

Idle Mode

If this parameter is set to yes, the OSPF/RIP/BGP wrapper gets started by the control daemon but does not start up the actual OSPF/RIP/BGP routing service.

Run OSPF Router

By setting this value, the OSPF routing functionality can be enabled or disabled.

Run RIP Router

By setting this value, the RIP routing functionality can be enabled or disabled.

Run BGP RouterBy setting this value, the BGP routing functionality can be enabled or disabled.

Hostname

Allows overriding the propagated hostname, which by default is the box hostname.

Operation Mode

The operation mode defines handling of route learning and propagation. The following settings are possible:

  • advertise-only – Routes are only advertised.
  • learn-only – Networks are not propagated, except those networks living on the interfaces configured for OSPF/RIP/BGP themselves; learned routes from other systems are still advertised.
  • advertise-learn – OSPF/BGP routes are learned and propagated.

Router ID

Every OSPF/BGP router is identified by its Router ID. This ID is defined by an IP address explicitly configured for this router.

Note that the router ID must also be set if the routing service only provides a RIP service. Although not used by RIP, you must enter any IP address.

OSPF Preferences

Log Level

Specifies the verbosity of the OSPF routing service:

  • critical
  • debugging
  • emergencies
  • errors
  • informational (default)
  • notifications
  • warnings
  • alerts
Use Special Routing TableBy setting this parameter to yes and selecting a table name below, routes learned by the OSPF service are introduced into their own routing table. Note that the routing table is not automatically introduced but has to be configured manually by introducing Policy Routes
Table NamesA list of policy routing names can be specified here. Routes learned by the routing daemon are introduced into each of the enlisted routing tables. 

Multipath Handling

  

ignore

 

Multipath routes will be discarded.

OSPF summarizes routes to multipath routes automatically if more than one next hop to a prefix exists. Use setting "ignore" with caution.

accept-on-same-deviceMultipath routes will be introduced as multipath if all next hops are reachable on the same interface.

accept-all (default)

Multipath routes will be introduced.

Ignore default route (Advanced Mode)If enabled, the learned default route is not inserted into the routing table of the Barracuda CloudGen Firewall, but at the same time is still propagated via OSPF. If you do not want the default route to be propagated, use an OSPF filter.

For more detailed information on OSPF Router configuration, see How to Configure OSPF Routers and Areas.

RIP Preferences

This section, accessible via the link in the Configuration menu, can be specified the same way. 

For more detailed information on RIP Router configuration, see How to Configure RIP Router Setup.  

For a setup example including screenshots, see Example for OSPF and RIP Configuration.

BGP Router Setup

SettingDescription
AS NumberNumber of the autonomous system this router belongs to.
Confederation Parent ASNumber of the autonomous system that internally includes multiple sub-autonomous systems (aka confederation).
Confederation PartnersSub-autonomous system numbers belonging to same confederation.
Terminal PasswordPassword to connect to the BGP router through telnet. The system is reachable on loopback TCP port 2605.
Privileged Terminal PasswordPassword to enable configuration through a telnet connection.
Networks

Enter all networks the BGP router should run on. When running an Exterior Gateway Protocol BGP router, enter your WAN network.

Make sure to enter an IP address including netmask. For example: 210.80.90.100/26

Route AggregationsEnter network addresses to perform route aggregation to decrease the size of routing tables.
Advanced settingsConfiguration of advanced BGP Settings.
  • External Distance Definition – Administrative distance for BGP external routes. External routes are the best path learned from a neighbor that is external to the AS. (default 20)
  • Internal Distance Definition – Administrative distance for BGP internal routes. Internal routes are the best path learned from other BGP speakers within the same AS. (default 200)
  • Local Distance Definition – Administrative distance for BGP local routes. Local routes are networks configured with the network command. (default 200)
  • Keep Alive Timer – Number of seconds this BGP speaker waits for a keepalive message before deciding that the connection is down. Recommended value is 1/3 of of Hold Time.
  • Administrative Distance – Number of seconds this BGP speaker waits for a keepalive, update, or notification message before deciding that the connection is down. Recommended value is 3 times of Keep Alive Timer.

BGP Preferences

SettingDescription
Log LevelLogging level of the BGP routing daemon.
Use Special Routing TableRoutes learned via BGP will not be introduced in main table, but in tables given below.
Table NamesTables must exist in network configuration.
Multipath Handling
  • ignore – Multipath routes will be discarded.
  • accept-on-same-device – Multipath routes will be introduced as multipath, if all next hops are reachable on the same device.

For more detailed information on BGP Router configuration, see How to Configure BGP Router Setup.

GUI as Text

This parameter set is only available in Advanced View mode. The configuration done with the GUI is displayed here in quagga/Cisco commands. 

  • Show as Text – Set this to yes to show created OSPF syntax configuration after Send Changes.
  • OSPF Text – Created OSPF syntax configuration. Shown, if Show as Text is set to yes.
  • RIP Text – Created RIP syntax configuration. Shown, if Show as Text is set to yes.
  • BGP Text – Created BGP syntax configuration. Shown, if Show as Text is set to yes.

Text-Based Configuration

Configure dynamic routing here if you do not want to configure it with the GUI. GUI configuration already completed will be replaced. Syntax as used for quagga or Cisco applies. 

OSPF Configuration / Free Format RIP Configuration:

  • Use Free Format – Set this to yes to use free OSPF/RIP syntax configuration.
  • Free Format Text – OSPF/RIP/BGP syntax configuration. This field applies when parameter Use Free Format is set to yes.

Routing Configuration Example

Network routes that are required for an OSPF/RIP network prefix must not be a subset of another route (see below for an explanation).

  • OSPF network prefix: 10.0.66.0/24
  • Server IP: 10.0.66.98
  • Box network route:10.0.66.0/24 via dev eth1
  • Additional box network route: 10.0.0.0/8 via dev eth0 

In this configuration example, the required box network route "10.0.66.0/24 via dev eth1" is completely included in the additional box network route (bold). This will lead to a mismatch in the OSPF configuration. OSPF will neither detect eth0 nor eth1 as OSPF enabled and therefore not work.

HA Operation

The OSPF/RIP service synchronizes externally learned routes with its HA partner. Routes cannot be introduced on the partner while this is "passive" because network routes required to do so are missing. The external routes HA information is thus stored in a file and introduced on the HA system during startup of the OSPF/RIP service. Take over and startup of the OSPF/RIP service usually take a few seconds. The HA routes are introduced as protocol "extha" (number 245). These routes are then either replaced by newly learned external OSPF or RIP routes (protocols "ospfext" or "ripext") or removed with the HA garbage collection after five minutes.