We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

Example for OSPF and RIP Configuration

  • Last updated on

The following description is meant to point out a convenient way for OSPF and RIP configuration on a Barracuda NextGen Firewall F-Series. The example assumes that a Barracuda NextGen Firewall F-Series is added to a network already configured for OSPF.

In this article:

Network Setup

Four routers are appointed to learn routes from OSPF and RIP "Clouds". Router 1 and router 2 are both attached to LAN segment 62.99.0.0/24 and belong to OSPF Area 0. Router 3 is attached to LAN segment 194.93.0.0/24 serving as OSPF router in OSPF Area 1 and as RIP router for RIP Cloud 2. Router 4 is a sole RIP router attached to LAN segment 194.93.0.0/24. Two further networks 192.168.10.0/24 and 192.168.11.0/24 live in Rip Cloud 2. 

Example setup for OSPF and RIP configuration:

Router 1OSPF learned networks from OSPF Cloud 1: 62.99.0.0/24 - -
Router 2OSPF learned networks from OSPF Cloud 1: 62.99.0.0/24 - -
Router 3RIP and OSPF learned networks from OSPF and RIP Cloud 2:194.93.0.0/24192.168.10.0/24 192.168.11.0/24
Router 4RIP learned networks from RIP Cloud 2:194.93.0.0/24 - -

OSPF Basic Setup

The network is already configured for OSPF. Several destinations are reachable through multiple paths. The newly installed Barracuda NextGen Firewall F-Series should participate in the routing and load-sharing is to be used.

Step 1: Install the OSPF/RIP Service

For more information on how to setup a virtual service, see Virtual Servers and Services.

Step 2: Add the Network Interfaces Speaking OSPF to the Server Properties

OSPF is spoken on two interfaces linking to the following networks: eth1 (62.99.0.0/24) and eth2 (194.93.0.0/24).

Configuring of addresses in the Server Properties: 

Step 3: Configure OSPF Routing Settings

Operational Setup

The Barracuda NextGen Firewall F-Series is configured to operate as "normal" router. The operation mode is set to "active-passive" (that is advertise-learn). By this means, all routes are learned and forwarded. Setting a Router ID is mandatory. It is important for easily identifying LSAs during troubleshooting. 

operational.jpg

OSPF Router Setup

Specify a Terminal Password and a Privileged Terminal Password. These passwords are needed to to access the routing engine directly via telnet. Setting Auto-Cost Ref Bandwidth to 10000 causes a more granular cost in LAN environments. The cost is calculated as ref-bandwidth divided by intf-bandwidth (MBit/s). In the example, a 1 GBit link would have a cost of 10 (10000/1000).

ospf_router.jpg

Specify the interfaces where OSPF should be enabled and where adjacencies should be built through the Network Prefix parameter. In the example, the Barracuda NextGen Firewall F-Series is made an Area Border Router (ABR) with interfaces in Area 0 and Area 1. The network 62.99.0.0/24 is part of Area 0; the network 194.93.0.0/24 is part of Area 1.

Step 4: Send Changes and Activate the configuration

The basic OSPF setup is complete. The routes learned through OSPF can now be viewed in the Barracuda NextGen Firewall F-Series's routing table: 

rt_table.jpg

A further way to see more detailed information regarding the OSPF service is to connect to the quagga engine itself with a telnet to localhost:2604 at the Command Line Interface. This mode can also be used for debugging purposes. If needed, see www.quagga.net for information about the Quagga Routing Suite. The following screenshot shows the Quagga engine output of the commands sh ip ospf neigh and ship ospf route.

[root@NF1:~]# telnet localhost 2604 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Hello, this is quagga (version 0.96.5). Copyright 1996-2002 Kunihiro Ishiguro. User Access Verification Password: NF1> en Password: NF1# sh ip ospf neigh Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL 192.168.254.3 1 Full/DR 00:00:35 194.93.0.254 eth2:194.93.0.105 0 0 0 192.168.254.2 1 Full/DR 00:00:33 62.99.0.253 eth1:62.99.0.105 0 0 0 192.168.254.1 1 Full/Backup 00:00:35 62.99.0.254 eth1:62.99.0.105 0 0 0 NF1# sh ip ospf route ============ OSPF network routing table ============ N 62.99.0.0/24 [1000] area: 0.0.0.0 directly attached to eth1 N 192.168.1.0/24 [1010] area: 0.0.0.0 via 62.99.0.253, eth1 D IA 192.168.10.0/23 Discard entry N 192.168.10.0/24 [1010] area: 0.0.0.1 via 194.93.0.254, eth2 N 192.168.11.0/24 [1010] area: 0.0.0.1 via 194.93.0.254, eth2 N 192.168.12.0/24 [1010] area: 0.0.0.1 via 194.93.0.254, eth2 N 192.168.254.1/32 [1001] area: 0.0.0.0 via 62.99.0.254, eth1 N 192.168.254.2/32 [1001] area: 0.0.0.0 via 62.99.0.253, eth1 N 192.168.254.3/32 [1001] area: 0.0.0.1 via 194.93.0.254, eth2 N 194.93.0.0/24 [1000] area: 0.0.0.1 directly attached to eth2 ============ OSPF router routing table ============= R 192.168.254.1 [1000] area: 0.0.0.0, ABR, ASBR via 62.99.0.254, eth1 R 192.168.254.2 [1000] area: 0.0.0.0, ABR via 62.99.0.253, eth1 R 192.168.254.3 [1000] area: 0.0.0.1, ABR, ASBR via 194.93.0.254, eth2 ============ OSPF external routing table =========== N E1 10.0.84.0/24 [1010] tag: 0 via 62.99.0.254, eth1 N E1 28.235.0.0/24 [1010] tag: 0 via 62.99.0.254, eth1 N E1 38.232.0.0/24 [1010] tag: 0 via 62.99.0.254, eth1 N E1 38.232.1.0/24 [1010] tag: 0 via 62.99.0.254, eth1 N E1 56.47.0.0/24 [1010] tag: 0 via 62.99.0.254, eth1 N E1 56.47.1.0/24 [1010] tag: 0 via 62.99.0.254, eth1 N E1 79.29.0.0/24 [1010] tag: 0 via 62.99.0.254, eth1 N E1 79.29.1.0/24 [1010] tag: 0 via 62.99.0.254, eth1 N E1 123.43.0.0/24 [1010] tag: 0 via 62.99.0.254, eth1 N E1 123.43.1.0/24 [1010] tag: 0 via 62.99.0.254, eth1 N E1 134.46.0.0/24 [1010] tag: 0 via 62.99.0.254, eth1 N E1 134.46.1.0/24 [1010] tag: 0 via 62.99.0.254, eth1

Redistribution of Connected Networks to OSPF

Proceed as follows to configure redistribution of connected networks: 

  1. Open the Network page (CONFIGURATION > Configuration Tree > Box).
  2. In the left menu, click IP Configuration.
  3. Click Lock.
  4. Set the parameter Advertise Route to yes.
  5. Click Send Changes and Activate.
Step 6: Configure Route Redistribution

Route Redistribution is configured in the OSPF Router tab within the OSPF Routing Settings configuration. In the example, the following values are specified for the available parameters: 

rt_redist.jpg

With these configuration settings, all networks connected to the Barracuda NextGen Firewall F-Series will be redistributed to OSPF with a cost of 10 and Metric-type External 1.

Injecting the Default Route to OSPF

Step 7: Activate OSPF Advertising

Static Routes as well are only advertised via OSPF when the Advertise Route option is set in the network configuration. This should already be done by the steps described in Step 6

Step 8: Configure Default Route Redistribution

Default Route Redistribution is configured in the OSPF Router tab within the OSPF Routing Settings configuration. In the example, the following values are specified for the available parameters: 

rt_dist.jpg

With these configuration settings, the default route (if configured) will be redistributed to OSPF with a cost of 10 and Metric-type External 1. If a default route should always be distributed unless configured or not, set parameter Originate Always to yes.

OSPF Multipath Routing

Multipath routing is configured in the OSPF Routing Settings’ OSPF Preferences view. Three options are available for Multipath Handling: 

  • ignore – No Multipath routing is used; learned Multipath routes are ignored.
  • assign internal preferences – The metric of every equal cost route is translated to different values - load-sharing is not used. Additional routes are only used as backup.
  • accept on same device – Multipath routing is enabled but it is only available when the routes are learned on the same interface. 

The example configuration uses the setting accept on same device.

OSPF Link Authentication

Two methods for OSPF authentication exist:

  • Authentication in an Area
  • Authentication on a Link 

Area authentication is configured within the OSPF Area Setup. For Link Authentication first a parameter template has to be created, and then a reference to this template has to be established. The example uses Link Authentication. Authentication configuration is done in the Network Interfaces section of the OSPF Routing configuration. Proceed as follows to configure Link Authentication:

Step 9: Configure a Parameter Template

Open the Network Interfaces section and click the Insert … button in the Parameter Template Configuration section to create a new parameter template.
The following values are defined in the example: MD5 Authentication usage with key ID 1 and authentication key Barracuda.

ospf_tmp.jpg

Step 10: Create a Reference to the Parameter Template

Click the Insert … button in Network Interface > Interfaces (Network Interfaces view) to configure link authentication on an interface. The example defines the following values:

tmp_ref.jpg

All other routers on this interface must have the same settings. Otherwise, adjacency cannot be established.

OSPF Route Summation

In large networks is it useful to summarize routes on Area or Autonomous system borders. In the example setup, two networks live in Area 1: 192.168.10.0/24 and 192.168.11.0/24. The aim is to summarize these two networks to 192.168.10.0/23. The configuration for summation of areas is done in the OSPF Area Setup. 

  • Click Insert … to create new configuration settings for Area 1. Set the value for Area ID [Int] to 1.
  • Create a new entry for parameter Summary Range IP/Mask by clicking Insert … 

A new window opens allowing for configuration of the following values:

rt_sum.jpg

Range 192.168.10.0/23 is now going to be advertised as summary route with cost 10. A router in Area 0 is going to create an entry in its routing table.

SW2#sh ip route 192.168.10.0
Routing entry for 192.168.10.0/23, supernet
Known via "ospf 1", distance 110, metric 1020, type inter area
Last update from 62.99.0.105 on Vlan111, 00:03:46 ago
Routing Descriptor Blocks:
* 62.99.0.105, from 192.168.254.10, 00:03:46 ago, via Vlan111
Route metric is 1020, traffic share count is 1

RIP Basic Setup

Basic RIP settings are to be configured within the Operational Setup, the RIP Preferences and the RIP Router Setup. In the example setup, RIP Version 2 is used and multipath routes are discarded. Therefore, the following configuration settings apply: 

  • Operational Setup – RIP is activated by setting parameter Run RIP Router to yes.
  • RIP Preferences – Parameter Multipath Handling is set to ignore.
  • RIP Router Setup – RIP Version 2 is enabled on Network Device eth2 in the Networks section. Redistribution of connected networks to RIP is configured in the Route Redistribution section. In the example, all connected networks are redistributed to RIP with a hopcount of 2. 

rip_conf.jpg

Redistribution Between RIP and OSPF

To implement redistribution between RIP and OSPF the following minimum settings must be configured:

OSPF Router Setup – To redistribute routes learned by RIP insert a new entry in the Route Redistribution Configuration section.

rip_redist.jpg

RIP Router Setup – To redistribute routes learned by OSPF insert a new entry in the Route Redistribution Configuration section.

rt_redist1.jpg

Last updated on