OSPF Version 2
Table of Contents
Expand all | Collapse all
OSPF Version 2
Learn how to use the openconfig-ospfv2 model with the PAN-OS openconfig plugin with these topics on OSPF Version 2 behavior and management.
When using the openconfig-ospfv2 model with PAN-OS firewalls:
- the model extends the network-instances model.
- Deadinterval maps to DeadCount and HelloTimer in openconfig-ospfv2.
PAN-OS supports the openconfig-ospfv2 model which enables you to manage OSPF
Version 2 settings on a virtual router from your client.
Enable OSPF
The following command enables OSPF and sets the router-id:
gnmic set --update "/network-instances/network-instance[name=demo_vr]/protocols/protocol[name=ospfv2]/config/enabled:::bool:::true" --update "/network-instances/network-instance[name=demo_vr]/protocols/protocol[name=ospfv2]/ospfv2/global/config/router-id:::string:::1.1.1.1"
A successful response returns:
{ "results": [ { "operation": "UPDATE", "path": "network-instances/network-instance[name=openconfig-test]/protocols/protocol[name=ospfv2]/config/enabled" }, { "operation": "UPDATE", "path": "network-instances/network-instance[name=openconfig-test]/protocols/protocol[name=ospfv2]/ospfv2/global/config/router-id" } ], "time": "2021-06-18T15:23:11.754703221-07:00", "timestamp": 1624054991754703221 }
To follow the rest of the examples, add interfaces ethernet1/4 & ethernet1/4.1 a
to virtual-router. See Network Instances for more examples.
Setting OSPF Options
The following command enables graceful-restart and helper-mode.
gnmic set --log --update-path "/network-instances/network-instance[name=demo_vr]/protocols/protocol[name=ospfv2]/ospfv2/global/graceful-restart/config" --update-file "graceful_restart.json"
The following is the contents of graceful-restart.json:
{ "enabled": true, "helper-only": true}
A successful response returns:
{ "results": [ { "operation": "UPDATE", "path": "network-instances/network-instance[name=openconfig-test]/protocols/protocol[name=ospfv2]/ospfv2/global/graceful-restart/config" } ] }
The image below shows the checked Enable Graceful Restart and
Enable Helper Mode after the commands.
The following command sets the default-metric:
gnmic set --log --update "/network-instances/network-instance[name=demo_vr]/protocols/protocol[name=ospfv2]/config/default-metric:::int:::116"
A successful response returns:
{ "results": [ { "operation": "UPDATE", "path": "network-instances/network-instance[name=openconfig-test]/protocols/protocol[name=ospfv2]/config/default-metric" } ] }
The following command sets the LSA-generation and SPF delays:
gnmic set --log --update "/network-instances/network-instance[name=demo_vr]/protocols/protocol[name=ospfv2]/ospfv2/global/timers/spf/config/initial-delay:::int:::3" --update "/network-instances/network-instance[name=demo_vr]/protocols/protocol[name=ospfv2]/ospfv2/global/timers/lsa-generation/config/initial-delay:::int:::4"
A successful response returns:
{ "results": [ { "operation": "UPDATE", "path": "network-instances/network-instance[name=openconfig-test]/protocols/protocol[name=ospfv2]/ospfv2/global/timers/spf/config/initial-delay" }, { "operation": "UPDATE", "path": "network-instances/network-instance[name=openconfig-test]/protocols/protocol[name=ospfv2]/ospfv2/global/timers/lsa-generation/config/initial-delay" } ] }
Creating an Area
The following command creates an area and adds interfaces ethernet1/4 and
ethernet1/4.1:
gnmic set --log --update-path "/network-instances/network-instance[name=demo_vr]/protocols/protocol[name=ospfv2]/ospfv2/areas/area[identifier=0.0.0.0]/interfaces" --update-file "/Users/pbadhan/oc/ospf/add_interface_to_area.json"
The following is the contents of the add_interface_to_area.json file:
{ "interface": [ { "config": { "id": "ethernet1/4", "network-type": "NON_BROADCAST_NETWORK" }, "id": "ethernet1/4", "interface-ref": { "config": { "interface": "ethernet1/4" } } }, { "config": { "id": "ethernet1/4.1", "network-type": "NON_BROADCAST_NETWORK" }, "id": "ethernet1/4.1", "interface-ref": { "config": { "interface": "ethernet1/4", "subinterface": 1 } } } ] }
The default values for network type are broadcast.
A successful response returns:
{ "results": [ { "operation": "UPDATE", "path": "network-instances/network-instance[name=openconfig-test]/protocols/protocol[name=ospfv2]/ospfv2/areas/area[identifier=0.0.0.0]/interfaces" } ] }
Configuring Neighbors and Virtual Links
The following command adds a neighbor with router-id 1.1.1.10 to interface
ethernet1/4.1:
gnmic set --log --update "/network-instances/network-instance[name=demo_vr]/protocols/protocol[name=ospfv2]/ospfv2/areas/area[identifier=0.0.0.0]/interfaces/interface[id=ethernet1/4.1]/neighbors/neighbor[router-id=1.1.1.10]/config/router-id:::string:::1.1.1.10"
A successful response returns:
{ "results": [ { "operation": "UPDATE", "path": "network-instances/network-instance[name=openconfig-test]/protocols/protocol[name=ospfv2]/ospfv2/areas/area[identifier=0.0.0.0]/interfaces/interface[id=ethernet1/4.1]/neighbors/neighbor[router-id=1.1.1.10]/config/router-id" } ] }
The following command configures a virtual link to the 1.1.1.1 area.
set --log --update "/network-instances/network-instance[name=demo_vr]/protocols/protocol[name=ospfv2]/ospfv2/areas/area[identifier=1.1.1.1]/virtual-links/virtual-link[remote-router-id=2.2.2.2]/config/remote-router-id:::string:::2.2.2.2"
A successful response returns:
{ "results": [ { "operation": "UPDATE", "path": "/network-instances/network-instance[name=demo_vr]/protocols/protocol[name=ospfv2]/ospfv2/areas/area[identifier=1.1.1.1]/virtual-links/virtual-link[remote-router-id=2.2.2.2]/config/remote-router-id:::string:::2.2.2.2" } ] }
Retrieving OSPF Settings
The following command retrieves the settings and shows all of the relevant updates
that were set using the configuration above.
gnmic -a firewall:9339 -e JSON_IETF set --update --path /network-instances/network-instance[name=openconfig-test]
PAN-OS only enables you to retrieve settings for OSPFv2 from the network instance
level.