Set up OSPF dynamic routing with FRRouting 10 for automatic network failover and route redistribution. Configure area authentication, routing policies, and monitoring for enterprise network resilience.
Prerequisites
- Root or sudo access
- Multiple network interfaces or VMs for testing
- Basic understanding of IP routing concepts
- Network connectivity between test nodes
What this solves
OSPF (Open Shortest Path First) provides dynamic routing that automatically adapts to network changes, eliminating manual route configuration and enabling seamless failover when links go down. FRRouting 10 offers enterprise-grade OSPF implementation with advanced features like area authentication, route filtering, and network monitoring that keep your infrastructure resilient and self-healing.
Step-by-step installation
Update system packages
Start by updating your package manager to ensure compatibility with the latest FRRouting packages.
sudo apt update && sudo apt upgrade -yInstall FRRouting 10
Install FRRouting from the official repository to get the latest OSPF features and security updates.
curl -s https://deb.frrouting.org/frr/keys.asc | sudo apt-key add -
echo 'deb [signed-by=/usr/share/keyrings/frrouting.gpg] https://deb.frrouting.org/frr $(lsb_release -s -c) frr-stable' | sudo tee -a /etc/apt/sources.list.d/frr.list
sudo apt update
sudo apt install -y frr frr-pythontoolsEnable OSPF daemon
Configure FRRouting to enable the OSPF daemon by editing the daemon configuration file.
bgpd=no
ospfd=yes
ospf6d=no
ripd=no
ripngd=no
isisd=no
pimd=no
ldpd=no
nhrpd=no
eigrpd=no
babeld=no
sharpd=no
pbrd=no
bfdd=no
fabricd=no
vrrpd=no
pathd=no
vtysh_enable=yes
zebra_options="-s 90000000"
ospfd_options="-A 127.0.0.1"
vtysh_enable=yesConfigure basic OSPF settings
Create the initial OSPF configuration with router ID, area definitions, and network advertisements.
frr version 10.0
frr defaults traditional
hostname router1
log syslog informational
service integrated-vtysh-config
!
interface eth0
ip address 203.0.113.10/24
ip ospf area 0.0.0.0
!
interface eth1
ip address 192.168.1.1/24
ip ospf area 0.0.0.1
!
router ospf
ospf router-id 203.0.113.10
network 203.0.113.0/24 area 0.0.0.0
network 192.168.1.0/24 area 0.0.0.1
area 0.0.0.1 stub
passive-interface default
no passive-interface eth0
no passive-interface eth1
!
line vty
!
endSet file permissions and ownership
Configure proper permissions for FRRouting configuration files to ensure security while allowing the service to read them.
sudo chown frr:frr /etc/frr/frr.conf
sudo chmod 640 /etc/frr/frr.conf
sudo chown frr:frrvty /etc/frr/vtysh.conf
sudo chmod 640 /etc/frr/vtysh.confNever use chmod 777. It gives every user on the system full access to your routing configuration. The frr user needs read access, and the frrvty group needs read access for management tools.
Enable IP forwarding
Enable IP forwarding in the kernel to allow the router to forward packets between networks.
echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding=1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -pStart and enable FRRouting
Start FRRouting services and enable them to start automatically on boot.
sudo systemctl enable frr
sudo systemctl start frr
sudo systemctl status frrConfigure OSPF authentication and security
Set up area authentication
Configure MD5 authentication for OSPF areas to prevent unauthorized routers from joining your network.
sudo vtysh
configure terminal
router ospf
area 0.0.0.0 authentication message-digest
area 0.0.0.1 authentication message-digest
exit
interface eth0
ip ospf message-digest-key 1 md5 SecureOSPFKey123
exit
interface eth1
ip ospf message-digest-key 1 md5 SecureOSPFKey123
exit
write memory
exitConfigure OSPF timers and priorities
Optimize OSPF convergence times and set interface priorities for designated router election.
sudo vtysh
configure terminal
interface eth0
ip ospf hello-interval 5
ip ospf dead-interval 20
ip ospf priority 100
exit
interface eth1
ip ospf hello-interval 10
ip ospf dead-interval 40
ip ospf priority 50
exit
router ospf
timers throttle spf 200 1000 10000
write memory
exitImplement routing policies and filtering
Create route filtering with access lists
Set up access lists to control which routes are advertised and accepted by OSPF.
sudo vtysh
configure terminal
access-list 10 permit 192.168.0.0/16
access-list 10 permit 203.0.113.0/24
access-list 10 deny any
!
access-list 20 deny 10.0.0.0/8
access-list 20 permit any
!
router ospf
distribute-list 10 out
distribute-list 20 in
write memory
exitConfigure route summarization
Implement route summarization to reduce routing table size and improve network efficiency.
sudo vtysh
configure terminal
router ospf
area 0.0.0.1 range 192.168.0.0/16
area 0.0.0.0 range 203.0.113.0/24
summary-address 172.16.0.0/12
write memory
exitSet up route redistribution
Configure OSPF to redistribute routes from other routing protocols or static routes.
sudo vtysh
configure terminal
router ospf
redistribute static metric 100 metric-type 2
redistribute connected metric 50 metric-type 1
default-information originate metric 10 metric-type 1
write memory
exitConfigure network monitoring and logging
Enable OSPF debugging and logging
Configure comprehensive logging to monitor OSPF neighbor relationships and LSA updates.
sudo vtysh
configure terminal
log file /var/log/frr/ospf.log
log record-priority
log timestamp precision 3
service advanced-vty
debug ospf event
debug ospf lsa
debug ospf neighbor
write memory
exitConfigure SNMP for monitoring
Set up SNMP access for network monitoring tools like those covered in our SNMP and Grafana monitoring tutorial.
sudo vtysh
configure terminal
snmp-server community public ro
snmp-server community private rw
snmp-server location "Network Core Router"
snmp-server contact "admin@example.com"
write memory
exitSet up log rotation
Configure log rotation to prevent OSPF logs from consuming excessive disk space.
/var/log/frr/ospf.log {
weekly
rotate 12
compress
delaycompress
missingok
notifempty
create 640 frr frr
postrotate
systemctl reload frr
endscript
}Verify your setup
sudo systemctl status frr
sudo vtysh -c "show ip ospf neighbor"
sudo vtysh -c "show ip ospf database"
sudo vtysh -c "show ip route ospf"
sudo vtysh -c "show ip ospf interface"
ping -c 4 203.0.113.1
ip route showCheck OSPF neighbor states and route learning:
sudo vtysh -c "show ip ospf neighbor detail"
sudo vtysh -c "show ip ospf database router"
sudo vtysh -c "show ip ospf border-routers"
tail -f /var/log/frr/ospf.logCommon issues
| Symptom | Cause | Fix |
|---|---|---|
| OSPF neighbors not forming | Authentication mismatch or network type conflict | Check show ip ospf interface and verify authentication keys match |
| Routes not appearing in table | Area configuration mismatch or filtering rules | Verify area IDs match and check distribute-lists with show access-lists |
| Slow convergence after link failure | Default OSPF timers too conservative | Reduce hello-interval and dead-interval, tune SPF throttling |
| FRR service fails to start | Configuration syntax errors | Check sudo vtysh -f /etc/frr/frr.conf for syntax validation |
| LSA flooding consuming bandwidth | Network instability or misconfigured areas | Implement area summarization and check for routing loops |
| Permission denied errors | Incorrect file ownership or permissions | Ensure chown frr:frr and chmod 640 on config files |
Next steps
- Set up BGP routing with FRRouting for dynamic network routing and failover
- Configure network load balancing with keepalived and VRRP for high availability failover
- Implement OSPF multi-area design with FRRouting and advanced routing policies
- Monitor Linux system resources with performance alerts and automated responses
Automated install script
Run this to automate the entire setup
install.sh
#!/usr/bin/env bash
set -euo pipefail
# Colors for output
readonly RED='\033[0;31m'
readonly GREEN='\033[0;32m'
readonly YELLOW='\033[1;33m'
readonly NC='\033[0m' # No Color
# Configuration variables
ROUTER_ID="${1:-203.0.113.10}"
ETH0_IP="${2:-203.0.113.10/24}"
ETH1_IP="${3:-192.168.1.1/24}"
OSPF_PASSWORD="${4:-SecureOSPFKey123}"
# Function to print colored output
print_status() {
echo -e "${GREEN}[INFO]${NC} $1"
}
print_warning() {
echo -e "${YELLOW}[WARN]${NC} $1"
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1" >&2
}
# Usage message
usage() {
echo "Usage: $0 [ROUTER_ID] [ETH0_IP] [ETH1_IP] [OSPF_PASSWORD]"
echo "Example: $0 203.0.113.10 203.0.113.10/24 192.168.1.1/24 MySecureKey"
exit 1
}
# Cleanup function
cleanup() {
print_error "Installation failed. Cleaning up..."
systemctl stop frr 2>/dev/null || true
systemctl disable frr 2>/dev/null || true
}
# Trap for cleanup on error
trap cleanup ERR
# Check if running as root or with sudo
if [[ $EUID -ne 0 ]]; then
print_error "This script must be run as root or with sudo"
exit 1
fi
# Detect distribution
if [ -f /etc/os-release ]; then
. /etc/os-release
case "$ID" in
ubuntu|debian)
PKG_MGR="apt"
PKG_UPDATE="apt update"
PKG_UPGRADE="apt upgrade -y"
PKG_INSTALL="apt install -y"
;;
almalinux|rocky|centos|rhel|ol|fedora)
PKG_MGR="dnf"
PKG_UPDATE="dnf update -y"
PKG_UPGRADE=""
PKG_INSTALL="dnf install -y"
;;
amzn)
PKG_MGR="yum"
PKG_UPDATE="yum update -y"
PKG_UPGRADE=""
PKG_INSTALL="yum install -y"
;;
*)
print_error "Unsupported distribution: $ID"
exit 1
;;
esac
else
print_error "Cannot detect distribution"
exit 1
fi
print_status "[1/8] Updating system packages..."
$PKG_UPDATE
if [[ -n "$PKG_UPGRADE" ]]; then
$PKG_UPGRADE
fi
print_status "[2/8] Installing FRRouting 10..."
case "$PKG_MGR" in
apt)
curl -s https://deb.frrouting.org/frr/keys.asc | gpg --dearmor > /usr/share/keyrings/frrouting.gpg
echo "deb [signed-by=/usr/share/keyrings/frrouting.gpg] https://deb.frrouting.org/frr $(lsb_release -s -c) frr-stable" > /etc/apt/sources.list.d/frr.list
apt update
$PKG_INSTALL frr frr-pythontools
;;
dnf|yum)
$PKG_INSTALL "https://rpm.frrouting.org/repo/$(rpm -E %rhel)-repo-1-0.el$(rpm -E %rhel).noarch.rpm"
$PKG_INSTALL frr frr-pythontools
;;
esac
print_status "[3/8] Configuring FRRouting daemons..."
cat > /etc/frr/daemons << 'EOF'
bgpd=no
ospfd=yes
ospf6d=no
ripd=no
ripngd=no
isisd=no
pimd=no
ldpd=no
nhrpd=no
eigrpd=no
babeld=no
sharpd=no
pbrd=no
bfdd=no
fabricd=no
vrrpd=no
pathd=no
vtysh_enable=yes
zebra_options="-s 90000000"
ospfd_options="-A 127.0.0.1"
EOF
print_status "[4/8] Creating OSPF configuration..."
cat > /etc/frr/frr.conf << EOF
frr version 10.0
frr defaults traditional
hostname $(hostname)
log syslog informational
service integrated-vtysh-config
!
interface eth0
ip address $ETH0_IP
ip ospf area 0.0.0.0
ip ospf message-digest-key 1 md5 $OSPF_PASSWORD
ip ospf hello-interval 5
ip ospf dead-interval 20
ip ospf priority 100
!
interface eth1
ip address $ETH1_IP
ip ospf area 0.0.0.1
ip ospf message-digest-key 1 md5 $OSPF_PASSWORD
ip ospf hello-interval 10
ip ospf dead-interval 40
ip ospf priority 50
!
router ospf
ospf router-id $ROUTER_ID
network $(echo $ETH0_IP | cut -d'/' -f1 | sed 's/\.[0-9]*$/\.0/')/$(echo $ETH0_IP | cut -d'/' -f2) area 0.0.0.0
network $(echo $ETH1_IP | cut -d'/' -f1 | sed 's/\.[0-9]*$/\.0/')/$(echo $ETH1_IP | cut -d'/' -f2) area 0.0.0.1
area 0.0.0.0 authentication message-digest
area 0.0.0.1 authentication message-digest
area 0.0.0.1 stub
passive-interface default
no passive-interface eth0
no passive-interface eth1
!
line vty
!
end
EOF
print_status "[5/8] Setting file permissions and ownership..."
chown frr:frr /etc/frr/frr.conf
chmod 640 /etc/frr/frr.conf
chown frr:frrvty /etc/frr/vtysh.conf 2>/dev/null || true
chmod 640 /etc/frr/vtysh.conf 2>/dev/null || true
print_status "[6/8] Enabling IP forwarding..."
if ! grep -q "net.ipv4.ip_forward=1" /etc/sysctl.conf; then
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
fi
if ! grep -q "net.ipv6.conf.all.forwarding=1" /etc/sysctl.conf; then
echo 'net.ipv6.conf.all.forwarding=1' >> /etc/sysctl.conf
fi
sysctl -p
print_status "[7/8] Starting and enabling FRRouting..."
systemctl enable frr
systemctl start frr
# Wait for service to start
sleep 3
print_status "[8/8] Verifying installation..."
if systemctl is-active --quiet frr; then
print_status "FRRouting service is running"
else
print_error "FRRouting service failed to start"
exit 1
fi
# Test OSPF configuration
if vtysh -c "show ip ospf neighbor" >/dev/null 2>&1; then
print_status "OSPF daemon is responding"
else
print_warning "OSPF daemon may not be fully initialized yet"
fi
# Firewall configuration hints
case "$ID" in
ubuntu|debian)
if command -v ufw >/dev/null 2>&1; then
print_warning "Configure UFW: ufw allow from 224.0.0.5/32 to any port 89"
fi
;;
*)
if command -v firewall-cmd >/dev/null 2>&1; then
print_warning "Configure firewall: firewall-cmd --permanent --add-protocol=ospf && firewall-cmd --reload"
fi
;;
esac
print_status "FRRouting OSPF installation completed successfully!"
print_status "Router ID: $ROUTER_ID"
print_status "Management: sudo vtysh"
print_status "Status: sudo systemctl status frr"
print_status "OSPF neighbors: sudo vtysh -c 'show ip ospf neighbor'"
# Disable trap
trap - ERRReview the script before running. Execute with: bash install.sh