MikroTik RouterOS implements OSPF version 2 (RFC 2328). The OSPF protocol is the link-state protocol that takes care of the routes in the dynamic network structure that can employ different paths to its subnetworks. It always chooses shortest path to the subnetwork first.
To start OSPF v2 and v3 instance, first thing to do is to add the instance and the backbone area:
At this point we can add a template. Template is used to match interfaces on which OSPF should be running, it can be done either by specifying network or interface directly.
|domain-id (Hex | Address)||MPLS related parameter. Identifies OSPF domain of the instance. This value is attached to OSPF routes redistributed in BGP as VPNv4 routes as BGP extended community attribute, and used when BGP VPNv4 routes are redistributed back OSPF to determine whether to generate inter-area or AS-external LSA for that route. By default Null domain-id is used, as described in RFC 4577.|
|domain-tag (integer [0..4294967295])||if set, then used in route redistribution (as route-tag in all external LSAs generated by this router), and in route calculation (all external LSAs having this route tag are ignored). Needed for interoperability with older Cisco systems. By default not set.|
|in-filter (string)||name of the routing filter chain used for incoming prefixes|
|mpls-te-address (string)||the area used for MPLS traffic engineering. TE Opaque LSAs are generated in this area. No more than one OSPF instance can have mpls-te-area configured.|
|mpls-te-area (string)||the area used for MPLS traffic engineering. TE Opaque LSAs are generated in this area. No more than one OSPF instance can have mpls-te-area configured.|
|out-filter-chain (name)||name of the routing filter chain used for outgoing prefixes filtering|
|out-filter-select (name)||name of the routing filter select chain, used for output selection|
|router-id (IP | name; Default: main)||OSPF Router ID. Can be set explicitly as IP address, or as the name of the router-id instance.|
|version (2 | 3; Default: 2)||OSPF version this instance will be running (v2 for IPv4, v3 for IPv6).|
|vrf (name of routing table; Default: main)||the VRF table this OSPF instance operates on|
|use-dn (yes | no)||Forces to use or ignore DN bit. Useful in some CE PE scenarios to inject intra area routes into VRF. If parameter is unset then DN bit is used according to RFC. Available since v6rc12.|
OSPF protocol supports two types of metrics:
OSPF allows collections of routers to be grouped together. Such a group is called an area. Each area runs a separate copy of the basic link-state routing algorithm. This means that each area has its own link-state database and corresponding shortest path tree.
The structure of an area is invisible from other areas. This isolation of knowledge makes the protocol more scalable if multiple areas are used; routing table calculation takes less CPU resources and routing traffic is reduced.
However, multi-area setups create additional complexity. It is not recommended separate areas with fewer than 50 routers. The maximum number of routers in one area is mostly dependent on CPU power you have for routing table calculation.
|area-id (IP address; Default: 0.0.0.0)||OSPF area identifier. If the router has networks in more than one area, then an area with area-id=0.0.0.0 (the backbone) must always be present. The backbone always contains all area border routers. The backbone is responsible for distributing routing information between non-backbone areas. The backbone must be contiguous, i.e. there must be no disconnected segments. However, area border routers do not need to be physically connected to the backbone - connection to it may be simulated using a virtual link.|
|instance (name; mandatory)||Name of the OSPF instance this area belongs to.|
|no-summaries ()||Flag parameter if set then area will not flood summary LSAs in stub area.|
|name (string)||the name of the area|
|translator-role (yes | no | candidate)||Parameter indicates which ABR will be used as a translator from type7 to type5 LSA. Applicable only if area type is NSSA|
|type (default | nssa | stub; Default: default)||The area type. Read more on the area types in the OSPF case studies.|
Prefix ranges are used to aggregate routing information on area boundaries. By default, ABR creates a summary LSA for each route in specific area, and advertises it in adjacent areas.
Using ranges allows to create only one summary LSA for multiple routes and send only single advertisement into adjacent areas, or to suppress advertisements altogether.
If a range is configured with 'advertise' parameter, a single summary LSA is advertised for each range if there are any routes under the range is the specific area. Else ('advertise' parameter disabled) no summary LSAs are created and advertised outside area boundaries at all.
|advertise (yes | no; Default: yes)||Whether to create summary LSA and advertise it to the adjacent areas.|
|area (name; mandatory)||the OSPF area associated with this range|
|cost (integer [0..4294967295])||the cost of the summary LSA this range will create|
default - use the largest cost of all routes used (i.e. routes that fall within this range)
|prefix (IP prefix; mandatory)||the network prefix of this range|
Note: For an active range (i.e. one that has at least one OSPF route from the specified area falling under it), a route with type 'unreachable' is created and installed in the routing table.
Interface template defines common network and interface matchers and what parameters to assign to matched interface.
Interfaces to match. Accepts specific interface name or the name of the interface list.
|network (IP prefix)||the network prefix associated with the area. OSPF will be enabled on all interfaces that has at least one address falling within this range. Note that the network prefix of the address is used for this check (i.e. not the local address). For point-to-point interfaces this means the address of the remote endpoint.|
|area (name; mandatory)||The OSPF area to which matching interface will be associated.|
|auth (simple | md5)||Specifies authentication method for OSPF protocol messages.|
If the parameter is unset, then authentication is not used.
|auth-id (integer)||The key id is used to calculate message digest (used only when MD5 authentication is enabled). Value should match on all OSPF routers from the same region.|
|authentication-key (string)||The authentication key to be used for simple or MD5 authentication methods.|
|cost(integer [0..65535])||Interface cost expressed as link state metric.|
|dead-interval (time; Default: 40s)||Specifies the interval after which a neighbour is declared as dead. This interval is advertised in hello packets. This value must be the same for all routers on a specific network, otherwise adjacency between them will not form|
|disabled(yes | no)|
|hello-interval (time; Default: 10s)||The interval between HELLO packets that the router sends out this interface. The smaller this interval is, the faster topological changes will be detected, tradeoff is more OSPF protocol traffic. This value must be the same for all the routers on a specific network, otherwise adjacency between them will not form.|
|instance-id (integer [0..255]; Default: 0)|
|passive ()||If enabled, then do not send or receive OSPF traffic on the matching interfaces|
|prefix-list (name)||Name of the address list containing networks that should be advertised to v3 interface.|
|priority (integer: 0..255; Default: 128)||Router's priority. Used to determine the designated router in a broadcast network. The router with highest priority value takes precedence. Priority value 0 means the router is not eligible to become designated or backup designated router at all.|
|retransmit-interval (time; Default: 5s)||Time interval the lost link state advertisement will be resent. When a router sends a link state advertisement (LSA) to its neighbour, the LSA is kept until the acknowledgment is received. If the acknowledgment was not received in time (see transmit-delay), router will try to retransmit the LSA.|
|transmit-delay (time; Default: 1s)||Link state transmit delay is the estimated time it takes to transmit a link state update packet on the interface.|
|type (broadcast | nbma | ptp | ptmp | ptp-unnumbered | virtual-link; Default: broadcast)||the OSPF network type on this interface. Note that if interface configuration does not exist, the default network type is 'point-to-point' on PtP interfaces, and 'broadcast' on all other interfaces.|
|vlink-neighbor-id (IP)||Specifies the router-id of the neighbour which should be connected over the virtual link.|
|vlink-transit-area (name)||A non-backbone area the two routers have in common over which the virtual link will be established. Virtual links can not be established through stub areas.|
Read only list of all the LSAs currently in LSA database.
|age (integer)||How long ago (in seconds) the last update occurred|
|area (string)||Area this LSA belongs to.|
|checksum (string)||LSA checksum|
|dynamic (yes | no)|
|flushing (yes | no)|
|id (IP)||LSA record ID|
|instance (string)||The instance name this LSA belongs to.|
|originator (IP)||An originator of the LSA record.|
|self-originated (yes | no)||Whether LSA is originated on the router itself.|
|sequence (string)||Number of times the LSA for a link has been updated.|
Read only list of currently active OSPF neighbours.
|address (IP)||An IP address of the OSPF neighbour router|
|adjacency (time)||Elapsed time since adjacency was formed|
|bdr (string)||An IP address of the Backup Designated Router|
|dr (IP)||An IP address of the Designated Router|
|dynamic (yes | no)|
|inactive (yes | no)|
|priority (integer)||Priority configured on the neighbour|
|router-id (IP)||neighbor router's RouterID|
|state (down | attempt | init | 2-way | ExStart | Exchange | Loading | full)|
|state-changes (integer)||Total count of OSPF state changes since neighbor identification|
Static configuration of the OSPF neighbours. Required for non-broadcast multi-access networks.
|address (IP%iface; mandatory )||The unicast IP address of the neighbour.|
|area (name; mandatory )||Name of the area the neighbour belongs to.|
|disabled (yes | no)|
|instance-id (integer [0..255]; Default: 0)|
|poll-interval (time; Default: 2m)||How often to send hello messages to the neighbours which are in "down" state (i.e. there is no traffic from them)|
/routing ospf sham-link
A sham-link is required between any two VPN sites that belong to the same OSPF area and share an OSPF backdoor link. If there is no intra-area link between the CE routers, you do not need to configure an OSPF sham link.
Sham link must be configured on both sides.
For a sham link to be active, two conditions must be met:
When the sham link is active, hello packets are sent on it only until the neighbor reaches full state. After that, hello packet sending on the sham link is suppressed.
RouterOS does not support periodic LSA refresh suppression on sham-links yet.
|area (area name)||name of area that shares an OSPF backdoor link|
|cost (integer: 1..65535 )||cost of the link|
|dst-address (IP address)||loopback address of link's remote router|
|src-address (IP address)||loopback address of link's local router|