Global Ospf Settings Overview; Configuring Ospf Parameters - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Global OSPF Settings Overview

Configuring OSPF Parameters

Copyright © 2010, Juniper Networks, Inc.
Global OSPF Settings Overview on page 315
Configuring OSPF Interface Parameters Overview on page 317
Configuring OSPF (NSM Procedure) on page 320
A global OSPF setting affects operations on all OSPF-enabled interfaces. You configure
global settings in the virtual router.
For instructions on configuring OSPF settings on the virtual router and on the interface,
see the Network and Security Manager Online Help.
The OSPF instance parameters are displayed in Table 76 on page 315.
Table 76: OSPF Instance Parameters
Parameters Your Action
Automatically Select this option to direct the VR to automatically create a virtual link
Generate Virtual Links for instances when it cannot reach the network backbone. By default,
this option is disabled.
Reject Default Route Select this option to prevent Route Detour Attacks, in which a router
injects a default route (0.0.0.0/0) into the routing domain to detour
packets to itself. During a router detour, a compromised router can then
either drop the packets, causing service disruption, or it can obtain
sensitive information in the packets before forwarding them. By default,
this option is disabled, meaning OSPF accepts any default routes that
are learned in OSPF and adds the default route to the routing table.
RFC 1583 Compatible Select this option to make the OSPF routing instance compatible with
RFC 1583, an earlier version of OSPF. By default, security devices support
OSPF version 2, as defined by RFC 2328.
Prevent Hello Packet Configure the Maximum Hello Packets threshold accepted by the VR.
Flooding Attack By default, the OSPF hello packet threshold is 10 packets per hello
interval. You might want to use this setting to prevent a malfunctioning
or compromised router from flooding its neighbors with OSPF hello
packets.
Prevent LSA Flooding Configure the number of LSAs accepted by the VR. By default, the VR
Attack accepts all LSAs. You might want to use this setting to prevent a
malfunctioning or compromised router from flooding its neighbors with
OSPF LSA packets. During an LSA flood attack, a router generates an
excessive number of LSAs in a short period of time, thus keeping other
OSPF routers in the network busy running the SPF algorithm.
Advertising Default Select this option to direct the VR to advertise an active default route
Route (0.0.0.0/0) in the VR route table to all OSPF areas.
Chapter 10: Routing
315