Set up Open Shortest Path First (OSPF) protocol using FRRouting for dynamic network routing, multi-area configurations, and automatic failover in enterprise environments.
Prerequisites
- Root or sudo access
- Multiple network interfaces
- Basic understanding of IP routing
- Network connectivity between routers
What this solves
OSPF (Open Shortest Path First) is a link-state routing protocol that automatically calculates the best routes through your network and provides fast convergence during network failures. This tutorial shows you how to configure OSPF using FRRouting for enterprise networks that need dynamic routing, load balancing across multiple paths, and automatic failover when links go down.
Step-by-step configuration
Update system packages
Start by updating your package manager to ensure you get the latest versions of all packages.
sudo apt update && sudo apt upgrade -yInstall FRRouting
FRRouting is a network routing software suite that implements OSPF, BGP, RIP, and other routing protocols. Install it along with required dependencies.
sudo apt install -y frr frr-pythontoolsEnable IP forwarding
Configure the kernel to forward packets between network interfaces, which is required for routing functionality.
echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding=1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -pConfigure FRRouting daemons
Enable the OSPF daemon and configure which routing protocols FRRouting should run. This file controls which daemons start automatically.
bgpd=no
ospfd=yes
ospf6d=no
ripd=no
ripngd=no
isisd=no
pimd=no
ldpd=no
nhrpd=no
eighrpd=no
babeld=no
sharpd=no
pbrd=no
staticd=yes
vrrpd=noCreate basic OSPF configuration
Configure OSPF with a router ID, network advertisements, and basic area settings. Replace the IP addresses with your actual network ranges.
!
! FRR configuration for OSPF
!
frr version 8.1
frr defaults traditional
!
hostname router1
password zebra
enable password zebra
!
router ospf
ospf router-id 10.0.0.1
network 10.0.1.0/24 area 0
network 10.0.2.0/24 area 0
network 192.168.1.0/24 area 1
area 0 authentication message-digest
area 1 authentication message-digest
passive-interface lo
!
interface eth0
ip ospf message-digest-key 1 md5 ospf-secure-key-2024
!
interface eth1
ip ospf message-digest-key 1 md5 ospf-secure-key-2024
!
line vty
!Set proper file permissions
Configure correct ownership and permissions for FRRouting configuration files. The frr user needs read access, and the configuration should not be world-readable for security.
sudo chown frr:frr /etc/frr/frr.conf
sudo chmod 640 /etc/frr/frr.conf
sudo chown frr:frr /etc/frr/daemons
sudo chmod 644 /etc/frr/daemonsStart and enable FRRouting
Enable FRRouting to start automatically on boot and start the service immediately.
sudo systemctl enable frr
sudo systemctl start frr
sudo systemctl status frrConfigure multi-area OSPF topology
Set up a more complex OSPF configuration with multiple areas connected through the backbone area (Area 0). This example shows Area 1 and Area 2 connected through Area 0.
sudo vtysh -c "configure terminal" -c "router ospf" -c "area 1 range 192.168.1.0/24" -c "area 2 range 192.168.2.0/24" -c "area 0 range 10.0.0.0/16"Configure OSPF interface parameters
Set OSPF-specific interface parameters including hello intervals, dead intervals, and cost values for optimal convergence and load balancing.
sudo vtysh << EOF
configure terminal
interface eth0
ip ospf hello-interval 10
ip ospf dead-interval 40
ip ospf cost 100
exit
interface eth1
ip ospf hello-interval 10
ip ospf dead-interval 40
ip ospf cost 200
exit
interface eth2
ip ospf hello-interval 10
ip ospf dead-interval 40
ip ospf cost 150
exit
EOFConfigure OSPF area authentication
Enable MD5 authentication for all OSPF areas to secure routing updates and prevent unauthorized routers from joining your network.
sudo vtysh << EOF
configure terminal
router ospf
area 0 authentication message-digest
area 1 authentication message-digest
area 2 authentication message-digest
exit
interface eth0
ip ospf message-digest-key 1 md5 production-ospf-key-2024
exit
interface eth1
ip ospf message-digest-key 1 md5 production-ospf-key-2024
exit
interface eth2
ip ospf message-digest-key 1 md5 production-ospf-key-2024
exit
EOFConfigure OSPF stub areas
Configure stub areas to reduce LSA flooding and improve convergence times in areas that don't need full external routing information.
sudo vtysh << EOF
configure terminal
router ospf
area 1 stub
area 1 default-cost 100
area 2 stub no-summary
area 2 default-cost 150
exit
EOFSave configuration permanently
Write the running configuration to startup configuration so changes persist after reboots.
sudo vtysh -c "write memory"Configure OSPF monitoring and logging
Enable OSPF debugging
Configure detailed logging for OSPF events, adjacency changes, and LSA updates to help with troubleshooting and monitoring.
sudo vtysh << EOF
configure terminal
log file /var/log/frr/ospfd.log
log syslog
debug ospf event
debug ospf lsa
debug ospf zebra
exit
EOFConfigure log rotation
Set up log rotation to prevent OSPF logs from consuming too much disk space while maintaining historical data for troubleshooting.
/var/log/frr/*.log {
daily
missingok
rotate 14
compress
delaycompress
notifempty
postrotate
systemctl reload frr > /dev/null 2>&1 || true
endscript
}Implement OSPF failover scenarios
Configure equal-cost multipath routing
Enable ECMP to use multiple equal-cost paths simultaneously, providing both load balancing and automatic failover capability.
sudo vtysh << EOF
configure terminal
router ospf
maximum-paths 4
exit
EOFTest link failover behavior
Simulate a network failure to verify OSPF converges properly and reroutes traffic through alternate paths.
sudo ip link set eth1 down
sudo vtysh -c "show ip ospf neighbor"
sudo vtysh -c "show ip route ospf"
sudo ip link set eth1 upConfigure BFD for fast convergence
Enable Bidirectional Forwarding Detection to detect link failures in milliseconds rather than seconds, dramatically improving failover times.
sudo vtysh << EOF
configure terminal
interface eth0
ip ospf bfd
exit
interface eth1
ip ospf bfd
exit
interface eth2
ip ospf bfd
exit
router ospf
ospf bfd
exit
EOFVerify your setup
Check OSPF neighbor relationships, routing table, and network convergence to ensure proper operation.
sudo vtysh -c "show ip ospf neighbor"
sudo vtysh -c "show ip ospf database"
sudo vtysh -c "show ip route ospf"
sudo vtysh -c "show ip ospf interface"Verify that neighbors are in "Full" state and check that routes are being learned properly:
sudo vtysh -c "show ip ospf neighbor detail"
sudo vtysh -c "show ip ospf border-routers"
ping 192.168.1.1
traceroute 192.168.2.1Monitor OSPF convergence times and verify authentication is working:
sudo tail -f /var/log/frr/ospfd.log
sudo vtysh -c "show ip ospf database router"
sudo vtysh -c "show running-config" | grep -A 20 "router ospf"Troubleshoot OSPF adjacencies and routing loops
Debug neighbor adjacency issues
Use OSPF debugging commands to identify why neighbors aren't forming adjacencies or why the network isn't converging properly.
sudo vtysh << EOF
enable
debug ospf adj
debug ospf hello
show ip ospf neighbor detail
show ip ospf interface
EOFIdentify and resolve routing loops
Check for routing loops and suboptimal paths by examining the OSPF topology database and routing calculations.
sudo vtysh -c "show ip ospf database network"
sudo vtysh -c "show ip ospf spf-tree"
sudo vtysh -c "show ip ospf route"
traceroute -n 192.168.2.1Common issues
| Symptom | Cause | Fix |
|---|---|---|
| Neighbors stuck in Init state | Authentication mismatch or firewall blocking | Check authentication keys and allow OSPF traffic (protocol 89) |
| No routes learned via OSPF | Area configuration mismatch | Verify network statements match interface subnets and area assignments |
| Slow convergence after link failure | Default OSPF timers too conservative | Reduce hello/dead intervals and enable BFD for sub-second detection |
| FRR service fails to start | Configuration syntax error | Check syntax with sudo vtysh -f /etc/frr/frr.conf --dry-run |
| High CPU usage during convergence | Too many LSAs or frequent topology changes | Implement stub areas and area summarization to reduce LSA flooding |
| Routes flapping between paths | Equal cost paths with different metrics | Adjust interface costs or implement route dampening |
Next steps
- Set up BGP routing with FRRouting for dynamic network routing and failover
- Configure network load balancing with keepalived and VRRP for high availability failover
- Configure network traffic shaping with tc and HTB for bandwidth management and QoS
- Configure FRRouting route maps and prefix lists for advanced routing policies
- Monitor OSPF network topology with Prometheus and Grafana dashboards
Automated install script
Run this to automate the entire setup
#!/usr/bin/env bash
set -euo pipefail
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
# Default values
ROUTER_ID=""
ROUTER_HOSTNAME=""
OSPF_PASSWORD="ospf-secure-$(date +%Y-%m-%d)"
NETWORKS=()
usage() {
echo "Usage: $0 --router-id <IP> --hostname <name> [--network <network/mask>] [--password <auth_key>]"
echo "Example: $0 --router-id 10.0.0.1 --hostname router1 --network 10.0.1.0/24 --network 192.168.1.0/24"
exit 1
}
cleanup() {
echo -e "${RED}[ERROR] Installation failed. Rolling back changes...${NC}"
systemctl stop frr 2>/dev/null || true
systemctl disable frr 2>/dev/null || true
if [ -f /etc/frr/frr.conf.backup ]; then
mv /etc/frr/frr.conf.backup /etc/frr/frr.conf
fi
if [ -f /etc/frr/daemons.backup ]; then
mv /etc/frr/daemons.backup /etc/frr/daemons
fi
if [ -f /etc/sysctl.conf.backup ]; then
mv /etc/sysctl.conf.backup /etc/sysctl.conf
sysctl -p
fi
}
trap cleanup ERR
# Parse arguments
while [[ $# -gt 0 ]]; do
case $1 in
--router-id)
ROUTER_ID="$2"
shift 2
;;
--hostname)
ROUTER_HOSTNAME="$2"
shift 2
;;
--network)
NETWORKS+=("$2")
shift 2
;;
--password)
OSPF_PASSWORD="$2"
shift 2
;;
-h|--help)
usage
;;
*)
echo -e "${RED}Unknown option: $1${NC}"
usage
;;
esac
done
# Validate required arguments
if [[ -z "$ROUTER_ID" || -z "$ROUTER_HOSTNAME" ]]; then
echo -e "${RED}Error: --router-id and --hostname are required${NC}"
usage
fi
if [[ ${#NETWORKS[@]} -eq 0 ]]; then
echo -e "${YELLOW}Warning: No networks specified. You'll need to configure them manually.${NC}"
fi
# Check if running as root or with sudo
if [[ $EUID -ne 0 ]]; then
echo -e "${RED}This script must be run as root or with sudo${NC}"
exit 1
fi
echo -e "${GREEN}Starting FRRouting OSPF installation and configuration${NC}"
# Auto-detect distribution
echo -e "${YELLOW}[1/10] Detecting operating system...${NC}"
if [ -f /etc/os-release ]; then
. /etc/os-release
case "$ID" in
ubuntu|debian)
PKG_MGR="apt"
PKG_UPDATE="apt update"
PKG_INSTALL="apt install -y"
PKG_UPGRADE="apt upgrade -y"
;;
almalinux|rocky|centos|rhel|ol|fedora)
PKG_MGR="dnf"
PKG_UPDATE="dnf check-update || true"
PKG_INSTALL="dnf install -y"
PKG_UPGRADE="dnf upgrade -y"
;;
amzn)
PKG_MGR="yum"
PKG_UPDATE="yum check-update || true"
PKG_INSTALL="yum install -y"
PKG_UPGRADE="yum upgrade -y"
;;
*)
echo -e "${RED}Unsupported distribution: $ID${NC}"
exit 1
;;
esac
echo -e "${GREEN}Detected: $PRETTY_NAME${NC}"
else
echo -e "${RED}Cannot detect operating system${NC}"
exit 1
fi
# Update system packages
echo -e "${YELLOW}[2/10] Updating system packages...${NC}"
$PKG_UPDATE
$PKG_UPGRADE
# Install FRRouting
echo -e "${YELLOW}[3/10] Installing FRRouting...${NC}"
if [[ "$PKG_MGR" == "apt" ]]; then
$PKG_INSTALL frr frr-pythontools
else
$PKG_INSTALL frr frr-pythontools
fi
# Backup original configuration files
echo -e "${YELLOW}[4/10] Backing up original configurations...${NC}"
if [ -f /etc/sysctl.conf ]; then
cp /etc/sysctl.conf /etc/sysctl.conf.backup
fi
if [ -f /etc/frr/daemons ]; then
cp /etc/frr/daemons /etc/frr/daemons.backup
fi
if [ -f /etc/frr/frr.conf ]; then
cp /etc/frr/frr.conf /etc/frr/frr.conf.backup
fi
# Enable IP forwarding
echo -e "${YELLOW}[5/10] Enabling IP forwarding...${NC}"
if ! grep -q "net.ipv4.ip_forward=1" /etc/sysctl.conf; then
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
fi
if ! grep -q "net.ipv6.conf.all.forwarding=1" /etc/sysctl.conf; then
echo 'net.ipv6.conf.all.forwarding=1' >> /etc/sysctl.conf
fi
sysctl -p
# Configure FRRouting daemons
echo -e "${YELLOW}[6/10] Configuring FRRouting daemons...${NC}"
cat > /etc/frr/daemons << EOF
bgpd=no
ospfd=yes
ospf6d=no
ripd=no
ripngd=no
isisd=no
pimd=no
ldpd=no
nhrpd=no
eigrpd=no
babeld=no
sharpd=no
pbrd=no
staticd=yes
vrrpd=no
EOF
# Create OSPF configuration
echo -e "${YELLOW}[7/10] Creating OSPF configuration...${NC}"
cat > /etc/frr/frr.conf << EOF
!
! FRR configuration for OSPF
!
frr version 8.1
frr defaults traditional
!
hostname ${ROUTER_HOSTNAME}
password zebra
enable password zebra
!
router ospf
ospf router-id ${ROUTER_ID}
EOF
# Add networks to OSPF configuration
for network in "${NETWORKS[@]}"; do
echo " network ${network} area 0" >> /etc/frr/frr.conf
done
cat >> /etc/frr/frr.conf << EOF
area 0 authentication message-digest
passive-interface lo
!
EOF
# Add interface authentication (for first two interfaces if they exist)
if ip link show eth0 >/dev/null 2>&1; then
cat >> /etc/frr/frr.conf << EOF
interface eth0
ip ospf message-digest-key 1 md5 ${OSPF_PASSWORD}
!
EOF
fi
if ip link show eth1 >/dev/null 2>&1; then
cat >> /etc/frr/frr.conf << EOF
interface eth1
ip ospf message-digest-key 1 md5 ${OSPF_PASSWORD}
!
EOF
fi
echo "line vty" >> /etc/frr/frr.conf
echo "!" >> /etc/frr/frr.conf
# Set proper file permissions
echo -e "${YELLOW}[8/10] Setting file permissions...${NC}"
chown frr:frr /etc/frr/frr.conf
chmod 640 /etc/frr/frr.conf
chown frr:frr /etc/frr/daemons
chmod 644 /etc/frr/daemons
# Configure firewall if firewalld is active
if systemctl is-active firewalld >/dev/null 2>&1; then
echo -e "${YELLOW}[9/10] Configuring firewall for OSPF...${NC}"
firewall-cmd --permanent --add-protocol=ospf 2>/dev/null || true
firewall-cmd --permanent --add-port=89/tcp 2>/dev/null || true
firewall-cmd --reload 2>/dev/null || true
fi
# Start and enable FRRouting
echo -e "${YELLOW}[10/10] Starting FRRouting service...${NC}"
systemctl enable frr
systemctl start frr
# Verification checks
echo -e "${YELLOW}Performing verification checks...${NC}"
sleep 3
if systemctl is-active frr >/dev/null 2>&1; then
echo -e "${GREEN}✓ FRRouting service is running${NC}"
else
echo -e "${RED}✗ FRRouting service failed to start${NC}"
exit 1
fi
if grep -q "net.ipv4.ip_forward=1" /etc/sysctl.conf && [ "$(sysctl -n net.ipv4.ip_forward)" = "1" ]; then
echo -e "${GREEN}✓ IP forwarding is enabled${NC}"
else
echo -e "${RED}✗ IP forwarding is not properly configured${NC}"
exit 1
fi
if vtysh -c "show running-config" | grep -q "router ospf" 2>/dev/null; then
echo -e "${GREEN}✓ OSPF configuration is loaded${NC}"
else
echo -e "${YELLOW}⚠ OSPF configuration may need manual verification${NC}"
fi
echo -e "${GREEN}FRRouting OSPF installation completed successfully!${NC}"
echo -e "${YELLOW}Configuration details:${NC}"
echo " Router ID: ${ROUTER_ID}"
echo " Hostname: ${ROUTER_HOSTNAME}"
echo " Networks: ${NETWORKS[*]}"
echo " Authentication key: ${OSPF_PASSWORD}"
echo ""
echo -e "${YELLOW}Next steps:${NC}"
echo "1. Use 'sudo vtysh' to access the FRRouting shell"
echo "2. Run 'show ip ospf neighbor' to verify OSPF neighbors"
echo "3. Run 'show ip route ospf' to see OSPF learned routes"
echo "4. Configure additional networks with: vtysh -c 'configure terminal' -c 'router ospf' -c 'network <network>/<mask> area <area>'"Review the script before running. Execute with: bash install.sh