Web: Example for Configuring OSPF DR Election
You can configure DR priorities of routers for DR election on a broadcast or non-broadcast network. Generally, the router with high performance and reliability is elected as a DR/BDR.
Networking Requirements
As shown in Figure 1, FW_A has the highest priority of 100 on the network and is elected as the DR; FW_C has the second highest priority and is elected as the BDR. FW_B has the priority of 0 and cannot be elected as a DR; no priority is configured for FW_D and therefore FW_D uses the default value (1).
Configuration Roadmap
The configuration roadmap is as follows:
- On each FW, configure a router ID, enable OSPF, and specify a network segment.
- Check the DR/BDR status of each FW with the default priority.
- Configure DR priorities for interfaces and check the DR/BDR status of the interfaces.
Data Planning
To implement the configuration, you need to collect the following data:
- Router ID (1.1.1.1) and DR priority (100) of FW_A
- Router ID (2.2.2.2) and DR priority (0) of FW_B
- Router ID (3.3.3.3) and DR priority (2) of FW_C
- Router ID (4.4.4.4) and DR priority (1) of FW_D
Procedure
- Configure FW_A.
- Set interface IP addresses and assign the interfaces to security zones.
- Choose .
Click
of GE0/0/1 and set required parameters.Zone
trust
IPv4
IP Address
192.168.1.1/24
- Click OK.
- Configure basic OSPF functions.
Choose .
Click Add to create an OSPF process.
Configure the area where network segment 192.168.1.0 resides as Area 0.
- Click
of the created OSPF process. - In the OSPFv2 Process ID:1 navigation tree, choose .
- Click Add and configure the area where network segment 192.168.1.0 resides as Area 0.
- Click OK.
- Click
- Configure a DR priority for an interface.
- In the OSPFv2 Process ID:1 navigation tree, choose .
- Click of GE 1/0/0.
- Select Advanced Settings and set the DR priority to 100.
- Click OK.
- Set interface IP addresses and assign the interfaces to security zones.
- Configure FW_B.
- By referring to Step 4 of FW_A, configure a DR priority for the interface.
- By referring to Step 4 of FW_A, configure a DR priority for the interface.
- Configure FW_C.
- By referring to Step 4 of FW_A, configure a DR priority for the interface.
- By referring to Step 4 of FW_A, configure a DR priority for the interface.
- Configure FW_D.
Verification
Before a DR priority is configured:
# Check the DR/BDR status.
[FW_A] display ospf peer OSPF Process 1 with Router ID 1.1.1.1 Neighbors Area 0.0.0.0 interface 192.168.1.1(GigabitEthernet0/0/1)'s neighbors Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way Mode:Nbr is Master Priority: 1 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0 Dead timer due in 32 sec Neighbor is up for 00:04:21 Authentication Sequence: [ 0 ] Router ID: 3.3.3.3 Address: 192.168.1.3 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0 Dead timer due in 37 sec Neighbor is up for 00:04:06 Authentication Sequence: [ 0 ] Router ID: 4.4.4.4 Address: 192.168.1.4 GR State: Normal State: Full Mode:Nbr is Master Priority: 1 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0 Dead timer due in 37 sec Neighbor is up for 00:03:53 Authentication Sequence: [ 0 ]
Check the OSPF neighbors of FW_A. You can view the DR priorities (the default value is 1) and status of the neighbors. FW_D is a DR, and FW_C is a BDR.
After a DR priority is configured:
# Check the DR/BDR status.
<FW_D> display ospf peer OSPF Process 1 with Router ID 4.4.4.4 Neighbors Area 0.0.0.0 interface 192.168.1.4(GigabitEthernet0/0/1)'s neighbors Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode:Nbr is Slave Priority: 100 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0 Dead timer due in 31 sec Neighbor is up for 00:11:17 Authentication Sequence: [ 0 ] Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: Full Mode:Nbr is Slave Priority: 0 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0 Dead timer due in 35 sec Neighbor is up for 00:11:19 Authentication Sequence: [ 0 ] Router ID: 3.3.3.3 Address: 192.168.1.3 GR State: Normal State: Full Mode:Nbr is Slave Priority: 2 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0 Dead timer due in 33 sec Neighbor is up for 00:11:15 Authentication Sequence: [ 0 ]
The DR priorities configured on the interfaces take effect only after the OSPF process restarts. Run the reset ospf 1 process command in the user view to restart the specified OSPF process.
# Check the OSPF neighbor status.
<FW_D> display ospf peer OSPF Process 1 with Router ID 4.4.4.4 Neighbors Area 0.0.0.0 interface 192.168.1.4(GigabitEthernet0/0/1)'s neighbors Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode:Nbr is Slave Priority: 100 DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 35 sec Neighbor is up for 00:07:19 Authentication Sequence: [ 0 ] Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way Mode:Nbr is Master Priority: 0 DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 35 sec Neighbor is up for 00:07:19 Authentication Sequence: [ 0 ] Router ID: 3.3.3.3 Address: 192.168.1.3 GR State: Normal State: Full Mode:Nbr is Slave Priority: 2 DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 37 sec Neighbor is up for 00:07:17 Authentication Sequence: [ 0 ]
# Check the OSPF interface status.
<FW_A> display ospf interface
OSPF Process 1 with Router ID 1.1.1.1
Interfaces
Area: 0.0.0.0
IP Address Type State Cost Pri DR BDR
192.168.1.1 Broadcast DR 1 100 192.168.1.1 192.168.1.3
# Check the OSPF interface status.
<FW_B> display ospf interface
OSPF Process 1 with Router ID 2.2.2.2
Interfaces
Area: 0.0.0.0
IP Address Type State Cost Pri DR BDR
192.168.1.2 Broadcast DROther 1 0 192.168.1.1 192.168.1.3
If the neighbor is in the Full state, the device has established an adjacency with its neighbor. If the neighbor remains in the 2-Way state, neither of them is the DR or BDR. In this case, they do not need to exchange LSAs.
If the status of the OSPF interface is DROther, the interface is neither a DR nor a BDR.
Configuration Scripts
Configuration script of FW_A
# sysname FW_A # interface GigabitEthernet0/0/1 ip address 192.168.1.1 255.255.255.0 ospf dr-priority 100 # firewall zone trust set priority 85 add interface GigabitEthernet0/0/1 # security-policy rule name policy_sec_1 source-zone local source-zone trust destination-zone local destination-zone trust action permit # ospf 1 router-id 1.1.1.1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 # return
Configuration script of FW_B
# sysname FW_B # interface GigabitEthernet0/0/1 ip address 192.168.1.2 255.255.255.0 ospf dr-priority 0 # firewall zone trust set priority 85 add interface GigabitEthernet0/0/1 # security-policy rule name policy_sec_1 source-zone local source-zone trust destination-zone local destination-zone trust action permit # ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 192.168.1.0 0.0.0.255 # return
Configuration script of FW_C
# sysname FW_C # interface GigabitEthernet0/0/1 ip address 192.168.1.3 255.255.255.0 ospf dr-priority 2 # firewall zone trust set priority 85 add interface GigabitEthernet0/0/1 # security-policy rule name policy_sec_1 source-zone local source-zone trust destination-zone local destination-zone trust action permit # ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 192.168.1.0 0.0.0.255 # return
Configuration script of FW_D
# sysname FW_D # interface GigabitEthernet0/0/1 ip address 192.168.1.4 255.255.255.0 # firewall zone trust set priority 85 add interface GigabitEthernet0/0/1 # security-policy rule name policy_sec_1 source-zone local source-zone trust destination-zone local destination-zone trust action permit # ospf 1 router-id 4.4.4.4 area 0.0.0.0 network 192.168.1.0 0.0.0.255 # return