Configuring OSPF Monitoring

When the FW's service interface works at Layer 3 and connects to a router and OSPF runs between the FW and router, you can configure the VGMP group to monitor the OSPF neighbor status to quickly detect OSPF route faults on the network and trigger an active/standby switchover.

Prerequisites

Complete service interface configurations, such as IP address and security zone configurations.
OSPF is configured on the FWs and their downstream and upstream routers.
A security policy is configured to permit legitimate traffic.

Context

The FW's service interface works at Layer 3 and connects to a router. The FW and router run OSPF. To enable the FW to detect OSPF route faults in a timely manner to trigger an active/standby switchover, you can configure the VGMP group to monitor the OSPF neighbor status on both active and standby devices. To quickly trigger an active/standby switchover and reduce the adverse impact on services, you are advised to configure BFD-OSPF interworking, so that BFD can quickly detect link faults and notify OSPF of the faults, speeding up OSPF's response to network topology changes.

After the VGMP group is configured to monitor the OSPF neighbor status, the VGMP group priority reduces by 2 when the OSPF neighbor state changes from Full to another state on the active device, triggering an active/standby switchover. When the OSPF neighbor state changes to Full, the VGMP group priority increases by 2. As intermittent disconnection may cause OSPF neighbor relationship flapping and each neighbor relationship change will trigger an active/standby FW switchover, to prevent repeated switchovers, you are advised to run the undo hrp preempt command to disable the preemption function.

On a broadcast network, two routers whose interface state is DROther do not establish an OSPF adjacency relationship and stay in 2-way state. An active/standby switchover will be triggered when the FW detects that the OSPF neighbor state is not Full (including 2-way). Therefore, when the state of the interface connecting the FW to the neighbor is DROther, the monitored neighbor router cannot be DROther.

The function of the VGMP group monitoring the OSPF neighbor status is supported only in non-mirroring mode.

Procedure

In the user view, access the system view.
```
system-view
```
Optional: Set a hold-off period for a VGMP group to monitor the OSPF neighbor status.
```
hrp track ospf first-check-delay delay-minutes
```
The establishment of an OSPF adjacency takes time during network deployment or adjustment. To prevent an active/standby switchover from being performed before the OSPF adjacency is established, run the hrp track ospf first-check-delay command to set a new hold-off period for the VGMP group to monitor the OSPF neighbor status. During the hold-off period, any change in the OSPF neighbor status does not trigger the adjustment of the priority of the monitoring VGMP group.

By default, a VGMP group starts to monitor the OSPF neighbor status after a hold-off period of 10 minutes.
Configure a VGMP group to monitor the OSPF neighbor status.
```
hrp track ospf interface interface-type interface-number [ peer peer-address ]
```
On a multi-access network, such as the Ethernet, one interface may connect to multiple routers in one network segment. If only one OSPF neighbor needs to be monitored, you can use peer to specify the neighbor's IP address. Otherwise, the peer parameter is not required.