Configure an OSPF in Prisma SD-WAN
Table of Contents
Expand all | Collapse all
-
-
- Add a Branch
- Add a Data Center
- Add a Branch Gateway
- Configure Circuits
- Configure Internet Circuit Underlay Link Aggregation
- Configure Private WAN Underlay Link Quality Aggregation
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Manage Data Center Clusters
- Configure a Site Prefix
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Loopback Interface
- Configure a PoE Port
- Configure and Monitor LLDP Activity and Status
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
- VPN Keep-Alives
-
- Configure Prisma SD-WAN IPFIX
- Configure IPFIX Profiles and Templates
- Configure and Attach a Collector Context to a Device Interface in IPFIX
- Configure and Attach a Filter Context to a Device Interface in IPFIX
- Configure Global and Local IPFIX Prefixes
- Flow Information Elements
- Options Information Elements
- Configure the DNS Service on the Prisma SD-WAN Interface
- Configure SNMP
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure Multicast
- Create a WAN Multicast Configuration Profile
- Assign WAN Multicast Configuration Profiles to Branch Sites
- Configure a Multicast Source at a Branch Site
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- View Routing Statistics
- Prisma SD-WAN Incident Policies
-
- Prisma SD-WAN Branch HA Key Concepts
- Configure Branch HA
- Configure HA Groups
- Add ION Devices to HA Groups
- View Device Configuration of HA Groups
- Edit HA Groups and Group Membership
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
- Prisma SD-WAN Clarity Reports
- Prisma SD-WAN Incidents and Alerts
Configure an OSPF in Prisma SD-WAN
Prisma SD-WAN supports the Open Shortest Path First is an interior gateway protocol
(IGP) often used to manage network routes dynamically in large enterprise
networks.
Where Can I Use
This? | What Do I
Need? |
---|---|
|
|
Prisma SD-WAN supports the Open Shortest Path First routing protocol with
the Layer 3 switches toward the Branch sites and Aggregation Layer at the campus and
data center sites.
OSPF is an interior gateway protocol (IGP) often used to manage network
routes dynamically in large enterprise networks. It dynamically determines routes by
obtaining information from other routers and advertising routes to other routers
through Link State Advertisements (LSAs). The information gathered from the LSAs is
used to construct a network topology map. This topology map is shared across routers
in the network and used to populate the IP routing table with available routes.
Changes in the network topology are detected dynamically and used to
generate a new topology map within seconds. A shortest path tree is computed for
each route. Metrics associated with each routing interface are used to calculate the
best route. These can include distance, network throughput, link availability, etc.
Additionally, these metrics can be configured statically to direct the outcome of
the OSPF topology map.
The Palo Alto Networks implementation of OSPF fully supports the following
RFCs:
- RFC 2328 (for IPv4)
Enable Layer 3 Direct Private WAN Forwarding to allow the ION device to peer with an
OSPF router via the private WAN interface.
Enable Layer 3 Direct Private WAN Forwarding and Layer 3 LAN Forwarding to use
dynamic LAN routing.
- Log in toStrata Cloud Manager.
- Select.WorkflowsDevicesClaimed DevicesConfigure the deviceBasic Info
- EnableL3 Direct Private WAN Forwardingto allow the ION device to send underlay MPLS traffic or peer with an OSPF router on a private WAN interface. You don't need to enable this field to run OSPF on the internet or standard VPNs.
- EnableL3 LAN Forwardingto use dynamic LAN routing.You can enableLayer 3 LAN Forwardingonly when no Private Layer 2 bypass pairs are associated with any device's interfaces. If a device has Private Layer 2 interfaces, you will see a message to remove them and then enableLayer 3 LAN Forwarding.For the ION device to use dynamic LAN routing, you must enable bothL3 Private WAN ForwardingandL3 LAN Forwarding.
- Selectto configure and manage theWorkflowsDevicesClaimed DevicesConfigure the deviceRoutingOSPFOSPF Infra Settings for ION deviceEditRoute MapsandPrefix Lists.
- (Optional)Enter the ION device's IP address forRouter ID. The router ID is an IPv4 address and the ION device'sOSPF ID.
- (Optional)Enter anMD5 Key IDbetween 1 and 255 and anMD5 Secretof up to 16 characters. The MD5 password you specify will be applied to the messages exchanged with the peer.
- ConfigureLAN Prefix Advertisementin the following ways:
- Default—The device advertises only the default prefix (0.0.0.0/0). This is the default setting for LAN prefix advertisement.
- Unaggregated—The device advertises prefixes as is.
- Auto-Aggregated—The device summarizes the unaggregated prefixes into the most significant possible blocks and advertises the prefixes.
The device advertises only asdefault,unaggregated, orauto-aggregatedto the LAN. - (Optional)Enter theCostrange, which is 1 - 65535.
- TheHello Interval(sec) is the interval in seconds at which the OSPF process sends hello packets to its directly connected neighbors (the range is 1 - 65535; the default is 10).
- TheDead Counts(sec)—The number of seconds that a neighbor router waits for a hello packet from the device before declaring the router down. The range is 1-65535. Default is 40.
- TheRetransmit Interval(sec) is the length of time, in seconds, that OSPF waits to receive a Link State Advertisement (LSA) from a neighbor before retransmitting it (the range is 1 - 65535; the default is 5).
- TheTransit Delay(sec) is the length of time an LSA is delayed seconds before being sent out of an interface (range is 1 - 65535; default is 1).
- SelectCreate OSPF Configurationto create or add a new OSPF configuration.
- Enter a unique OSPF configurationNameandVRF(global or custom VRF) in theGeneraltab.(Optionally)enter a description and tags for the OSPF.The VRF will be enabled only when the associated device supports VRF. By default, it's Global.
- (Optional)Enter theRouter ID, an IPv4 address, and the ION device'sOSPF ID.
- SelectLAN Prefix Advertisement. The device advertises only the default prefix (0.0.0.0/0), the default setting for LAN prefix advertisement.(Optional)LAN Advertisement Route Map: select theRoute Mapto advertise the LAN (Only Unaggregated and Auto-Aggregated Prefixes have this setting.).
- SelectRedistribute BGPto advertise all the BGP Prefixes into OSPF.
- ToggleScopetoLocalorGlobal. Local indicates that prefixes won't be advertised.
- Select theShutdowncheck box if you don't need to use the created peer. The Shutdown check box is deselected by default.
- ConfigureArea IDandTypewith Interfaces on theArea & Interfacestab.
- Area ID: Configure the area over which the OSPF parameters can be applied. Enter an identifier for the area in the x.x.x.x format. This is the identifier that each neighbor must accept to be part of the same area.
- Type: Select one of the following options:
- Normal—There are no restrictions; the area can carry all routes.
- Stub—There is no outlet from the area. To reach a destination outside of the area, one must go through the border, which connects to other areas.
- NSSA (Not-So-Stubby Area)—it's possible to leave the area directly, but only by routes other than OSPF routes.
- Associate Area with Interfaces—Choose the interface.
- SelectOverride Global Configto override the global configurations for the selected Interface and clickApply.
- Review the OSPF configuration. TheSummarytab displays the OSPF configuration. Make changes if needed andSubmit.
Discovered Neighbors
Two OSPF-enabled routers connected by a shared network and in the same
OSPF area form a relationship and are OSPF neighbors. The connection between
these routers can be through a common broadcast domain or a point-to-point
connection. This connection is made through the exchange of hello OSPF protocol
packets. These neighbor relationships are used to exchange routing updates
between routers.
- Config Name: Displays the name of the configured OSPF.
- Status: Displays the status of the configuration.
- Neighbor ID: Displays the router ID of the router (neighbor) on the other side of the virtual link.
- Interface Name: Displays the Interface name selected for this interface.
- VRF: Displays the attached VRF.
- Area ID: Displays the Area ID associated with the OSPF.