OSPF WITH DIFFERENT VENDORS

In this blog, we will experiment with configuring OSPF between Pali Alto, FortiGate and Cisco. This is something done out of curiosity. Additionally, I will explore important aspects to form adjacencies between different devices.

Harchit

2/28/20243 min read

OSPF is being configured between a FortiGate, Palo Alto, and Cisco router. Command-line interfaces are utilized for configuring OSPF on the FortiGate and Cisco router, while the Palo Alto firewall's GUI is leveraged for ease of configuration.

Within a single-area OSPF configuration, routers meticulously exchange Link State Advertisements (LSAs), encapsulating the network's topology. LSAs come in various types, with Type 1 LSAs (Router LSAs) representing individual routers' links and Type 2 LSAs (Network LSAs) delineating multi-access network segments. These LSAs gracefully delineate router roles and interconnections, fostering a hierarchical structure essential for scalability and efficient routing for single area OSPF.

As routers exchange Hellos and form neighbor adjacencies, the network converges into a cohesive unit.

en

OSPF On Palo Alto through GUI

  1. Configuration of the interfaces into layer3 and assigning them with Ip addresses as well as the virtual router "Default" for OSPF routing.

  1. Configuring default virtual router with router id and then adding AREA ID as well as the interfaces taking part in OSPF. These screenshots are the result configuration.

  1. AFTER OSPF CONFIGURATION ON PALO-ALTO, FORTIGATE AND CISCO, WE CAN CONFIRM THE ADJACENCIES THROUGH CLI:

;:

Important Configurations for OSPF Adjacencies:

  1. Area ID: Neighboring routers must be in the same OSPF area to form adjacencies

  2. Network Type: Routers connected through the same network type (e.g., broadcast, point-to-point) will establish adjacencies accordingly

  3. Hello and Dead Intervals: Matching hello and dead intervals ensure timely neighbor detection and adjacency formation

  4. MTU Size: Consistent MTU sizes on both sides of the OSPF link prevent issues in forming full adjacencies

  5. Network Address and Wildcard Mask: Correctly configuring network addresses and wildcard masks is crucial for OSPF neighbor adjacency

    Let's have a look at a hello packet in the OSPF adjacency through Wireshark.

  1. Area ID is 0 or 0.0.0.0 (backbone area) since it is single area OSPF

  2. OSPF type is configured broadcast type for all the router, The Router dead interval is 40 and hello interval is 10 which is also the same in the devices