D-Link NetDefendOS User Manual page 344

InfTrans Delay
Wait Interval
Router Priority
Sometimes there is a need to include networks into the OSPF router process, without running
OSPF on the interface connected to that network. This is done by enabling the Passive option: No
OSPF routers connected to this interface ("Passive").
This is an alternative to using a Dynamic Routing Policy to import static routes into the OSPF
router process.
If the Ignore received OSPF MTU restrictions is enabled, OSPF MTU mismatches will be
allowed.
Promiscuous Mode
The Ethernet interfaces that are also OSPF interfaces must operate in promiscuous mode for OSPF
to function. This mode means that traffic with a destination MAC address that does not match
the Ethernet interface's MAC address will be sent to NetDefendOS and not discarded by the
interface. Promiscuous mode is enabled automatically by NetDefendOS and the administrator
does not need to worry about doing this.
If the administrator enters a CLI command ifstat <ifname>, the Receive Mode status line will show
the value Promiscuous next to it instead of Normal to indicate the mode has changed. This is
discussed further in Section 3.4.2, "Ethernet Interfaces".
4.6.3.4. OSPF Neighbors
In some scenarios the neighboring OSPF router to a firewall needs to be explicitly defined. For
example, when the connection is not between physical interfaces.
The most common situation for using this is when a VPN tunnel is used to connect two
neighbors and we need to tell NetDefendOS that the OSPF connection needs to be made
through the tunnel. This type of VPN usage with IPsec tunnels is described further in Section 4.6.5,
"Setting Up OSPF".
NetDefendOS OSPF Neighbor objects are created within an OSPF Area and each object has the
following property parameters:
Interface
IP Address
Specifies the estimated transmit delay for the interface. This value
represents the maximum time it takes to forward a LSA packet
through the router.
Specifies the number of seconds between the interface brought
up and the election of the DR and BDR. This value should be
higher than the hello interval.
Specifies the router priority, a higher number increases this
routers chance of becoming a DR or a BDR. If 0 is specified then
this router will not be eligible in the DR/BDR election.
Specifies which OSPF interface the neighbor is located on.
The IP Address of the neighbor. This is the IP Address of the neighbors OSPF
interface connecting to this router. For VPN tunnels this will be the IP address of
the tunnel's remote end.
Note
An HA cluster will always have 0 as router priority, and
can never be used as a DR or BDR.
344
Chapter 4: Routing