Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


OSPF Protocol Configuration Overview


The OSPF routing protocol operates within a single autonomous system (AS). A router running OSPF distributes its state information (such as usable interfaces and neighbor reachability) by periodically flooding link-state advertisements (LSAs) throughout the AS.

Each OSPF router uses LSAs from neighboring routers to maintain a linkstate database, a listing of topology and state information for the surrounding networks. The constant distribution of LSAs throughout the routing domain enables all routers in an AS to maintain identical link-state databases. OSPF uses the link-state database to determine the best path to any network within the AS by generating a shortest-path tree (a graphical representation of the shortest path to any network within the AS). While all routers have the same link-state database, they all have unique shortest-path trees because a router always generates the tree with itself at the top of the tree.

To enable OSPF on a security device, you must first enable OSPF on a virtual router, and then enable OSPF on individual interfaces. You can also configure optional OSPF settings, such as the following:

  • Global settings, such as virtual links, that are set at the VR level for the OSPF protocol.

  • Interface settings, such as authentication, that are set on a per-interface basis for the OSPF protocol. When you configure an OSPF parameter at the interface level, the parameter setting affects the OSPF operation only on the specific interface.

Additionally, you can set security-related OSPF settings at either the VR level or on a per-interface basis. The following topics detail how to enable OSPF and configure all optional parameters.