set router-id {default | <ip_address>}

Parameter

Description

default

Selects the highest interface IP address when OSPF is enabled.

<ip_address>

Specifies a specific IP address to assign as the router ID. Do not use 0.0.0.0 as the router ID address. Best Practice - Check Point recommends setting the router ID rather than relying on the default setting. Setting the router ID prevents the ID from changing if the default interface used for the router ID goes down.

The Router ID uniquely identifies the router in the autonomous system. The router ID is used by the BGP and OSPF protocols. We recommend setting the router ID rather than relying on the default setting. This prevents the router ID from changing if the interface used for the router ID goes down. Use an address on a loopback interface that is not the loopback address (127.0.0.1).

Note - In a cluster, you must select a router ID which is cluster Virtual IP, and make sure that it is the same on all cluster members.

• Range: Dotted-quad.([0-255].[0-255].[0-255].[0-255]). Do not use 0.0.0.0

set ipv6 ospf3 [instance <1-65535>]

default-ase-cost <1-16777215>

default-ase-type {1 | 2}

force-hellos {on | off | timer }

graceful-restart {on | off | grace-period <seconds>}

graceful-restart-helper {on | off}

spf-delay {default | <1-60>}

spf-holdtime {default | <1-60>}

instance <1-65535>

Enter the applicable instance number. The configuration is applicable to OSPF Multiple Instances.

default-ase-cost <1-16777215>

When routes from other protocols are redistributed into OSPF as ASEs, they are assigned this configured cost unless a cost has been specified for the individual route.

• Default: 1

default-ase-type {1 | 2}

When routes from other protocols are redistributed into OSPF as ASEs, they are assigned this route type, unless a type has been specified for the individual route. ASEs can either be type 1 or type 2.

• Type 1: Used for routes imported into OSPF which are from IGPs whose metrics are directly comparable to OSPF metrics. When a routing decision is being made, OSPF adds the internal cost to the AS border router to the external metric.
• Type 2: Used for routes whose metrics are not comparable to OSPF internal metrics. In this case, only the external OSPF cost is used. In the event of ties, the least cost to an AS border router is used.

• Default: 1.

spf-delay <1-60>

The time (in seconds) the system waits before recalculating the OSPF routing table after a change in the topology.

• Default: 2.

spf-holdtime <1-60>

The minimum time (in seconds) between recalculations of the OSPF routing table.

• Default:5.

force-hellos {on | off | timer}

In addition to OSPF regular hello packets, OSPF sends out hello packets at specified intervals when it processes updates or synchronizes routes.

Default: Off

force-hellos timer

The time in seconds between one forced hello message to the next.

Value: 2-10

Default: 5

graceful-restart-helper {on | off}

Specify whether the Check Point system should maintain the forwarding state advertised by peer routers, even when they restart, to minimize the negative effects caused by peer routers restarting

graceful-restart {on | off | grace-period <seconds>}

Configure Graceful Restart - turn it on, turn it off, or set the grace period to a value between 1 and 1800 seconds. The default grace period is 120 seconds

set ipv6 ospf3 [instance <1-65535>] area {backbone | <ospf_area_name>} {on | off}

range <ip_range>

off

on

restrict

stub

default-cost <1-677215>

off

on

summary

stub-network <ip_range>

off

on

stub-network-cost <1-65535>

instance <1-65535>

Enter the applicable instance number.

backbone

Specifies whether to enable or disable the backbone area. By default, the backbone area is enabled. You can disable the backbone area if the system does not have interfaces on the backbone area.

<ospf_area_name>

Specifies the area ID for a new OSPF area. You can enter the area ID in two formats:

• An integer between 0 and 4294967295
• A dotted quad form. For example, 0.0.0.1 for area ID 1.

Best Practice - Check Point recommends that you enter the area ID as a dotted quad. The area ID 0.0.0.0 is reserved for the backbone.

range <ip_range> {on | off | restrict}

You can configure an area with any number of address ranges. Address ranges are used to reduce the number of routing entries that a given area emits into the backbone (and therefore all) areas.

An address range is defined by a prefix and a mask length. If a given prefix aggregates a number of more specific prefixes within an area, you can configure an address range that becomes the only prefix advertised into the backbone. Make sure you do not configure an address range that covers parts of a prefix that are not contained within the area.

restrict prevents an address from being advertised into the backbone.

stub {on | off}

A Stub Area is an area in which there are no Autonomous System External (ASE) routes. ASE routes are routes to destinations external to the AS.

Note: The backbone area cannot be a stub area. NSSA Areas are not supported.

Default: Off

stub default-cost <1-677215>

The cost for the default route to the stub area.

Default: No default.

stub summary {on | off}

An area in which there are no ASE routes or summary routes.

Default: Off

stub-network <ip_range> {on | off | stub-network-cost}

Configure a stub network to advertise reachability to prefixes that do not run OSPF. The advertised prefix shows as an OSPF internal route and can be filtered at area borders with the OSPF area ranges. The prefix must be directly reachable on the router where the stub network is configured (that is, one of the routers interface addresses must fall in the prefix) in order to be included in the router-LSA. Stub hosts are configured by specifying a mask length of 128.

An address range is defined by a prefix and a mask length. A prefix and mask can be advertised. That can be activated by the local address of a point-to-point interface. To advertise reachability to such an address, enter an IP address for the prefix and a non-zero cost for the prefix.

stub-network <ip_range> stub-network-cost <1-65535>

The cost associated with the stub network. The higher the cost, the less preferred the prefix as an OSPF route.

Default: 1

set ipv6 ospf3 [instance <1-65535>] interface <interface_name>

area <ospf_area> {on | off}

cost <1-65535>

dead-interval <1-65535>

hello-interval <1-65535>

ip-reachability-detection {on | off}

passive {on | off}

priority <0-255>

retransmit-interval <1-65535>

virtual-address {on | off}

instance <1-65535>

Enter the applicable instance number. The configuration is applicable to OSPF Multiple Instances.

interface <interface_name>

The interfaces for OSPF configuration. An interface must have an area associated with it to become active in OSPF.

area ospf_area {on | off}

The OSPF area to which the interface belongs. An OSPF area defines a group of routers which run OSPF that have the complete topology information of the area. OSPF areas use an area border router to exchange information about routes. Routes for a given area are summarized into the backbone area for distribution into other non-backbone areas. An area border router (ABR) has at least two interfaces in at least two different areas. One of those areas must be the backbone or the router must have a virtual link configured. OSPF forces a hub and spoke topology of areas, with the backbone area always being the hub.

For the name of the area, select an IPv4 address (preferred) or an integer.

• Range: All areas currently configured.
• Default: None.

cost <1-65535>

The weight of a given path in a route. The higher the cost, the less preferred the link. You can explicitly override this setting in route redistribution. To use one interface over another for routing paths, give one a higher cost.

• Default: 1.

dead-interval <1-65535>

The number of seconds after a router stops receiving hello packets that it declares the neighbor is down. Typically, the value of this field must be four times the size of the hello interval.

For a given link, this field must be the same on all routers or adjacencies are not created. The value must not be zero.

• Default: For broadcast interfaces, the default is 40 seconds. For point-to-point interfaces, the default is 120 seconds.

hello-interval <1-65535>

The time, in seconds, between hello packets that the router sends on the interface. For a given link, this must be the same on all routers or adjacencies will not be created.

• Default: For broadcast interfaces, the default is 10 seconds. For point-to-point interfaces, the default is 30 seconds.

ip-reachability-detection {on | off}

Sets Bidirectional Forwarding Detection for OSPFv3 peers. You can set Bidirectional Forwarding Detection (BFD) on each OSPFv3 Security Gateway and cluster member that sends or receives BFD packets.

Before you begin:

• Make sure the firewall policy passes UDP port 3784 in both directions.
• Make sure the SmartConsole topology is correct (issues with incorrect firewall topology can cause anti-spoofing to interfere with BFD traffic.)

passive {on | off}

An interface in passive mode does not send hello packets out of the given interface. This means no adjacencies are formed on the link. Passive mode causes the network associated with the interface to be included in the intra-area route calculation. In non-passive mode, the network is redistributed into OSPF and is an ASE. In passive mode, all interface configuration information is ignored, with the exception of the associated area and the cost.

• Default: Off

priority <0-255>

The priority for becoming the designated router (DR) on this link. When two routers attached to a network both attempt to become a designated router, the router with the highest priority wins. If there is an elected DR on the link, it remains the DR regardless of the configured priority. This feature prevents the DR from changing too often. This field is only relevant on a shared-media interface (Ethernet), as a DR is not elected on point-to-point type interfaces. A router with priority 0 is not eligible to become the designated router.

• Default: 1.

retransmit-interval <1-65535>

The number of seconds between LSA retransmissions, for adjacencies which belong to this interface. Also used during retransmission of Database Description and Link State Request Packets. This must be well over the expected round-trip delay between any two routers on the attached network. The setting of this value must be conservative or needless retransmissions result.

• Default: 5.

virtual-address {on | off}

Directs OSPFv3 to use the VRRPv3 virtual link-local address as the source of its control packets. When enabled, OSPFv3 runs on the interface only while the local router is the master with respect to a VRRPv3 state machine on the interface.

Note: The VRRPv3 state machine must back-up an IPv6 link-local address that is not auto-configured on the interface.

• Default: Off.

Note - If OSPF is used without the virtual-address option in a VRRP cluster, you must make sure that each router selects a different router-id. To see and correct the router-id:

show router-id

set router-id <ipv4-address>

set ipv6 ospf3 interface eth1 area backbone on

set ipv6 ospf3 interface eth1 cost 2

set ipv6 ospf3 interface eth1 priority 2

set ipv6 ospf3 interface eth1 hello-interval 20

set ipv6 ospf3 interface eth1 dead-interval 80

set ipv6 ospf3 interface eth1 retransmit-interval 20

set ipv6 ospf3 interface eth1 virtual-address on