Table of Contents Link to heading

• Open Short Path First (OSPF)
• Key Features
• Operation
• Areas
• Types of Areas
  • Backbone Area (Area 0)
  • Single-Area OSPF
  • Multiarea OSPF
  • Stub Area
  • Standard Area Characteristics
• Design Best Practices
  • Standard Area Design Rules
  • Hierarchical Network Design Techniques
• Types of Routers
  • Internal Router (IR)
  • Area Border Router (ABR)
  • Autonomous System Boundary Router (ASBR)
  • Backbone Router
  • Designated Router (DR)
  • Backup Designated Router (BDR)
  • DROther
• Link-State Packets (LSPs)
• Link-State Advertisements (LSAs)
  • Type 1 - Router LSA
  • Type 2 - Network LSA
  • Type 3 - Summary ABR LSA
  • Type 4 - Summary ASBR LSA
  • Type 5 - AS External LSA
  • Type 7 - NSSA external LSA
• Hello Protocol
• Adjacencies
• OSPF Operational States
• DR/BDR Election Process
• Cisco IOS Configuration
  • Routing Process ID
  • Interface Advertisement
    • Wildcard Mask
    • Using Interface Network Address
    • Using Explicit Interface IP Address
    • Directly Enabling OSPF on Interface
  • Router ID (RID)
  • Loopback Interface
  • Router Priority
  • Passive Interface
  • Metric/Cost
    • Assigning a Specific Cost
    • Modifying the Interface Bandwidth
    • Modifying the Reference Bandwidth
  • Hello Timer
  • Dead Timer
  • Default Route Propagation
  • Route Summarisation
  • Route Filtering
    • Filtering with Summarisation
    • Area Filtering
    • Local OSPF Filtering
  • Equal Cost Load Balancing
  • Debug
  • Verification
• Troubleshooting
  • Neighbour and Adjacency Problems
  • Stuck in INIT
  • Stuck in EXSTART/EXCHANGE
  • Stuck in LOADING
  • Routes Missing from Routing Table

Open Short Path First (OSPF) Link to heading

OSPF propagates link-state advertisements (LSAs) rather than routing table updates (like DVRPs), which means OSPF networks converge faster than DVRPs.

There are two versions of OSPF that are in use:

1. OSPFv2
   • The second iteration in OSPF, works primarily with IPv4.
2. OSPFv3
   • Runs on top of IPv6 and uses IPv6 link-local addresses for OSPFv3 control packets.
   • It is required that IPv6 be enabled on an OSPFv3 link, although the link may not be participating in any IPv6 address family (AF).
   • OSPFv3 AF for IPv4 unicast is not backwards compatible with OSPFv2.
   • Separate process from OSPFv2, basically same but run independently.

Key Features Link to heading

1. Independent transport: OSPF works on top of Internet Protocol (IP) and uses protocol number 89. It does not rely on the functions of the transport layer protocols TCP or UDP.
2. Efficient use of updates: When an OSPF router first discovers a new neighbour, it sends a full update with all known link-state information. All routers within an area must have identical and synchronised link-state information in their OSPF link-state databases. When an OSPF network is in a converged state and a new link comes up or a link becomes unavailable, an OSPF router sends only a partial update to all its neighbour. This update will then be flooded to all OSPF routers within an area.
3. Metric: OSPF uses a metric that is based on the cumulative costs of all outgoing interfaces from source to destination. The interface cost is inversely proportional to the interface bandwidth and can be also set up explicitly.
4. Update destination address: OSPF uses multicast and unicast, rather than broadcast, for sending messages. The IPv4 multicast addresses used for OSPF are 224.0.0.5 to send information to all OSPF routers and 224.0.0.6 to send information to DR/BDR routers.
5. VLSM support: OSPF is a classless routing protocol. It supports variable-length subnet masking (VLSM) and discontiguous networks. It carries subnet mask information in the routing updates.
6. Manual route summarisation: You can manually summarise OSPF interarea routes at the Area Border Router (ABR), and you have the possibility to summarise OSPF external routes at the Autonomous System Boundary Router (ASBR). OSPF does not know the concept of autosummarisation.
7. Authentication: OSPF supports clear-text, MD5, and SHA authentication.

Operation Link to heading

To create and maintain routing information, OSPF routers complete the following generic link-state routing process to reach the convergence state:

1. Build the adjacency database: Routers must form adjacencies with their neighbour before they can exchange information.
   • A router sends Hello packets out all OSPF-enabled interfaces to determine whether neighbours are present on those links.
   • If a neighbour is present, these two routers will establish a neighbour adjacency (aka a bi-directional communication).
   • All neighbours to which a router has established bi-directional communication is stored in its adjacency database (aka a neighbour table).
2. Exchange link-state advertisements: After adjacencies are established, routers flood link-state advertisements (LSAs) to all adjacent neighbours.
   • An LSA contains a link-state packet (LSP) which describe each directly connected link state.
   • Adjacent neighbours receiving the LSA immediately flood the LSA to other adjacent neighbours.
3. Build the link-state database: After LSAs are received by all routers in the area, each router builds its local link-state database (LSDB) (aka a topology table) based on all the received LSAs.
   • An LSDB stores all the information about the network topology (every directly connected link state).
   • All LSDBs is eventually synchronised among routers within the same area.
4. Execute the SPF algorithm: After all LSDBs are synchronised, routers then execute the SPF algorithm to compute the best path to each destination network.
   • The SPF algorithm builds an inverted tree, with the router itself at the top while other routers and their connected network segments beneath it.
5. Build the forwarding database: From the SPF tree, only the best paths to each network are inserted into the forwarding database (aka a routing table).
   • Routing decisions are then made based on the entries in the routing table.
   • By examining the SPF’s inverted tree, loops can easily be detected and thus not included in the population of the routing table, thereby eliminating routing loops.

Areas Link to heading

Routers share link-state information with only the routers in their areas.

Types of Areas Link to heading

• There are two levels of hierarchy: a backbone area and other connected areas.

Backbone Area (Area 0) Link to heading

• Reserves the address 0.0.0.0.
• Exists in any internetwork using OSPF over multiple areas.
• Responsible for distributing routing information among nonbackbone areas.
• Must be contiguous, but need not be physically contiguous.

Single-Area OSPF Link to heading

• A single-area OSPF is the backbone area itself.
• The configuration is simple, so as some of the hidden details in how OSPF works.
• The same link-state information and LSDBs are synchronised across the area.

Multiarea OSPF Link to heading

• LSDBs are synchronised individually in each area of the network.
• Different areas will have different LSDBs.
• Using a multiarea topology helps to:
  • Reduce memory and processor resources
  • Lower frequencies of SPF recalculations if an interface state changes
  • Reduce the size of broadcast domains
  • Limit LSA flooding
  • Allow for route aggregation at the ABRs, hence fewer entries in LSDB
  • Add an additional layer of security by hiding the topology of one area from another area
  • Overall, improve convergence time

Stub Area Link to heading

Standard Area Characteristics Link to heading

Design Best Practices Link to heading

Standard Area Design Rules Link to heading

Hierarchical Network Design Techniques Link to heading

Types of Routers Link to heading

Internal Router (IR) Link to heading

• Have a only one LSDB.
• Can be a L3 switch that has its routing capability enabled.

Area Border Router (ABR) Link to heading

• Maintain multiple LSDBs: one for each connected area that is summarised and then presented to the backbone for distribution to other areas.

Autonomous System Boundary Router (ASBR) Link to heading

• Inject the external LSAs into the local-area LSDB - redistribution.
• Can run multiple routing protocol together.
• Must reside in a nonstub area.

Backbone Router Link to heading

• Do not have an interface to the other areas.

Designated Router (DR) Link to heading

• Selected based on the router priority (default, 1).
• If the router priority is identical, the router with the highest router ID is selected.

Backup Designated Router (BDR) Link to heading

• When the DR fails on the network, the BDR becomes the DR and a new BDR is elected.

DROther Link to heading

Link-State Packets (LSPs) Link to heading

• Each LSP contains the following information:

1. LSP.Router - identification (address) of the sender of the LSP
2. LSP.age - age or remaining lifetime of the LSP
3. LSP.seq - sequence number of the LSP. The lower the sequence number, the older and more redundant the LSP.
4. LSP.Links[] - links advertised in the LSP. Each directed link is represented with the following information:
   1. LSP.Links[i].Id - identification of the neighbour
   2. LSP.Links[i].cost - cost of the link

• Each type of LSP serves a specific function in the OSPF routing process.

1. Hello - Used to discover, establish, and maintain adjacencies with other neighbours.
2. Database description (DBD/DDP) - Contains an abbreviated list of the sending router’s LSDB and is used by receiving routers to check against their local LSDBs.
3. Link-state request (LSR) - Sent to request for more information about an entry in the DBD when a router finds its LSDB needs updating.
4. Link-state update (LSU) - Contains one or more, fully-detailed, LSAs and is used to reply an LSR packet.
5. Link-state acknowledgement (LSAck) - Sent by the recipient of an LSU packet to confirm its receipt.

Link-State Advertisements (LSAs) Link to heading

• The age of an LSA age starts at 0, updated in increments of 1 every second.
• Once converged, OSPF refreshes each LSA if its age reaches 1800 (the default value, but configurable).
• What this means is that router originating the LSA refloods the LSA with a higher sequence number (in increments of 1) in an LSU to verify the link is still active, with the aim of maintaining synchronised LSDBs.
• The LSA validation method is bandwidth-friendly, compared to DVRPs which sends the entire routing table as updates at short periodic intervals.

if entry_in_lsdb(LSP, LSDB(LSP.Router)):
    if seq_same(LSP.seq):
         Ignore LSP
        end()
    else:
        if seq_higher(LSP.seq):
             Contain newer information
            LSDB.add(LSP)
            send_ack(LSP.LSAck)
            flood_lsp(LSP)  flood the new information to neighbours
            run_spf()
        elif seq_lower(LSP.seq):
             Contain older information
             Then send an LSU to sender with its newer information
            update_sender(recipient_lsp)
        else:
            end()
else:
    LSDB.add(LSP)
    send_ack(LSP.LSAck)
    flood_lsp(LSP)  flood the new information to neighbours
    run_spf()

Type 1 - Router LSA Link to heading

• Produced by every OSPF-enabled router.
• Include all the router’s links, interfaces, state of links, and cost.
• Identified by the Router ID or the originating router.
• Flooded immediately within an area and cannot cross the ABR.
• Represented in the routing table as “O” routes.

Type 2 - Network LSA Link to heading

• Produced by every DR Router on every broadcast multiaccess or nonbroadcast multiaccess (NBMA) network.
• Describe the network segment listing the DR address, the attached routers making up the transit network, and the used subnet mask used on the link.
• Identified by the network ID and subnet mask.
• Flooded to all OSPF routers (i.e. 224.0.0.5) on the multiaccess network and cannot cross the ABR.
• Represented in the routing table as “O” routes.

Type 3 - Summary ABR LSA Link to heading

• Produced by ABRs.
• Describe networks that are in an area to the remaining areas in the OSPF autonomous system.
• Represented in the routing table as “OIA” routes.

Type 4 - Summary ASBR LSA Link to heading

• Produced by ABRs.
• When there is an ASBR in the OSPF domain, it advertises itself using a special type 1 LSA.
• When an ABR receives this type 1 LSA, it builds a type 4 LSA to advertise the existence of the ASBR (including the ASBR’s IP address) and floods it to other areas.
• Subsequent ABRs regenerate a type 4 LSA and flood it into their areas.

Type 5 - AS External LSA Link to heading

• Produced by ASBRs.
• Sent into an AS to advertise external OSPF routes to the OSPF domain.
• Flooded to the entire AS.
• The advertising router ID is not changed throughout the AS when it is propagating.

Type 7 - NSSA external LSA Link to heading

• Produced by NSSA ASBR.
• Sent into an AS of a NSSA to advertise external OSPF routes to the OSPF domain.
• The ABR converts the type 7 LSA to a type 5 LSA and propagates it to other areas.
• An NSSA network is a special-case area type used to reduce the amount of flooding, the LSDB size, and the routing table size in routers within the area.

Hello Protocol Link to heading

1. Ensures that communication between neighbours is bidirectional (two-way).
2. Discovers, establishes, and maintains neighbour relationships.
3. Elects the DR and BDR on Ethernet and NBMA networks.
4. Verifies that neighbouring OSPF routers are operational (that is, to act as a keepalive mechanism).

When a new OSPF router is introduced, the operation of the Hello protocol is as follows:

1. The OSPF router sends out Hello packets as a multicast.
   • Interfaces not running OSPF ignore the multicast packet.
2. All OSPF routers within the same area receive and process the Hello packets.
3. When a neighbouring OSPF router receives a Hello packet with a router ID not in its neighbour table, it will attempt to establish an adjacency with the sending router by sending a Hello packet.

Hello packets are transmitted:

• Using multicast address:
  • 224.0.0.5 to neighbours for P2P networks.
  • 224.0.0.6 to DR and BDR for broadcast (Ethernet) and NBMA networks (Frame Relay).
• Using unicast (virtual links) or multicast addresses to neighbours for nonbroadcast point-to-multipoint networks.
• Every 10 seconds (default) - broadcast multiaccess (Ethernet) and P2P networks.
• Every 30 seconds - NBMA (Frame Relay) networks.
• The Dead interval is four times the Hello interval.
  • Period that the sending router waits to receive a Hello packet before declaring the neighbour is dead.
  • When a neighbour is dead, the router(s) that detect it flood the LSDB about it to all OSPF-enabled interfaces.

Adjacencies Link to heading

• Required neighbours to be discovered before forming.
• Not every neighbouring router forms an adjacency.
• Requirements to form adjacencies:

1. Network connectivity is P2P.
2. Network connectivity is achieved through a virtual link.
3. One router is either a DR or a BDR.

• The number of adjacencies needed = n(n-1)/2, where n is the number of routers.
  • e.g. a network with 5 routers will need 5(5-1)/2=10 adjacencies.

OSPF Operational States Link to heading

There are several states that OSPF goes through to reach convergence:

1. Down - R1 first starts OSPF and has yet to discover any neighbours.
2. Attempt - R1 attempts to contact its neighbours by sending Hello packets containing its RID.
3. Init - R2 receives R1’s Hello packet but does not see its RID in the packet.
   • R2 responds by sending a Hello packet to R1 containing both RIDs in it.
   • They will have decided on the DR (and BDR if necessary) and Hello timers by this point as well.
     • If R1/R2’s link is not P2P, the DR/BDR election process takes place.
4. 2-Way - Bidirectional communication is established between two OSPF routers and they are considered neighbours.
5. Exstart - Two routers negotiate to form a master/slave relationship.
   • To decide who will always speak first in subsequent communications - the master.
   • Both routers will claim to be the master by sending an empty DBD packet with the Master Slave bit (MS-bit) set to one indicating that both routers believe they are the master.
   • The neighbour with the lower RID will become the slave and will reply with a DBD packet in which the MS-bit packet is set to zero and the DD initial sequence number is set to the master’s sequence number.
6. Exchange - DBD packets are exchanged (one at a time with sequence numbers in increments of 1) back and forth until the LSDBs are synchronised.
   • Every time a router receives a DBD packet, it must acknowledge with an LSAck packet.
   • Each router compares the received DBD packet with its local LSDB and if the DBD has more current link state, the routing transitions to the Loading state. Otherwise, it transitions straight to the Full state.
7. Loading - LSRs and LSUs are sent to gain more information that had yet to be received in the Exchange state.
8. Full - LSDBs are fully synchronised.
   • Full is the normal state for DR and BDR or P2P links, but 2-Way is normal for non-DR or non-BDR routers.
   • OSPF uses incremental updates after entering a full state.
     • Whenever a change takes place, only the change is shared with the DR, which will then share this information with other routers on the segment.

DR/BDR Election Process Link to heading

DR and BDR elections are conducted as follows:

1. An OSPF router interface with a priority greater than 0 attempts to become BDR on the link.
2. If no BDR exists, then it elects itself the BDR. If there is a tie with another router, the highest router ID is used.
3. If there is no DR, the BDR promotes itself as DR.
4. The neighbour with the next highest priority is elected BDR.

Cisco IOS Configuration Link to heading

Routing Process ID Link to heading

• Assigning a routing process id establishes the OSPF routing process.
• However, the best practice is to maintain a consistent process ID throughout the routing domain.
• Although more than one OSPF process can run at a single time on a single router, this should be avoided.

Interface Advertisement Link to heading

There are three techniques to advertise an interface.

Wildcard Mask Link to heading

• Wildcard masking is used to identify a single address or multiple addresses.
• Wildcard masks are used in situations where subnet masks may not apply. For instance, when two affected hosts fall in different subnets, the use of a wildcard mask will group them together.
• A wildcard mask bit of 0 means “check the corresponding bit value,” and a wildcard mask bit of 1 means “do not check (ignore) that corresponding bit value”
• A wildcard mask is the “inverse subnet mask” (1’s and 0’s are flipped), calculated by deducting the subnet mask from 255.255.255.255.

Using Interface Network Address Link to heading

• The networks advertised must exist on the router in order to be sent to other routers.
• The networks to advertise can be determined by taking the network prefix and prefix length of the router’s interface. These networks are then put into the OSPF configuration, allowing other routers to form adjacencies with the current router.
• For an adjacency to form, the same network prefix and prefix length must be advertised on each side of a link.

Using Explicit Interface IP Address Link to heading

Although this command produces the same result as the previous one, it is much faster if using the IP addressing table since there is no need to work out the wildcard mask.

Specifically, if all the interfaces on the router belonged to the same area, use the following IP address configuration as the 0.0.0.0 network with 255.255.255.255 wildcard mask matches all enabled interfaces.

Directly Enabling OSPF on Interface Link to heading

• This capability simplifies the configuration of unnumbered interfaces with different areas.
• A use case of this would be in a stub network or a P2P network where one router has advertised the P2P link’s IP address with the network statement.
  • The routing table already stores this network address.
  • Thus, there is no need to reconfigure this network address on the other end of the P2P connection.
  • Instead, just enable OSPF on the interface connected to this P2P network.
  • As long as the specified interface is the last to be configured.

Router ID (RID) Link to heading

It is a 32-bit number, formatted the same as an IPv4 address.

The OSPF router ID is chosen in order of preference:

1. Manually configured using the router-id router configuration command.
2. If it is not manually assigned, then the highest enabled loopback IP address is used as the router ID.
3. If there are no loopback interfaces configured, then the highest IP address of any active physical interfaces in the up state becomes the Router ID when the OSPF process initialises.

To force an existing OSPF network to use the new router ID, the OSPF process must be reset.

Loopback Interface Link to heading

Loopback interfaces can be assigned addressing information, include network numbers in routing updates, or even terminate IP connections on it, like telnet. They are also used for for testing purposes since this interface is always up.

Router Priority Link to heading

After modifying priorities, the OSPF process on each router must be reset to force a new DB/BDR election.

Passive Interface Link to heading

However, the passive interface network segment is still added to the LSDB and advertised out of non-passive interfaces.

The passive interface appears as a stub network in the OSPF domain.

Metric/Cost Link to heading

• The lower the cost, the more likely the interface is to be used to forward data traffic.

• The default reference bandwidth is 100 Mbps = 10⁵ or 10,000 Kbps = 10⁸ or 100,000,000 bps.
• This reference-bandwidth means that:
  • The default formula is Cost = 100,000,000/interface_bandwidth
  • Ethernet (10GE) interfaces have a cost of 10.
  • FastEthernet (FE) and GigabitEthernet (GE) interfaces have the identical cost of 1 (rounded up from a value lower than 1).

Assigning a Specific Cost Link to heading

• It is very important that the costs for a link match for every router on a given segment.
• Mismatched cost values on a segment can cause routers to continually run the SPF algorithm, greatly affecting the routers’ performance.
• Therefore, normally, you will not be changing the default cost values on an interface.

Modifying the Interface Bandwidth Link to heading

• Since OSPF uses the inverse of bandwidth as a metric, and serial interfaces default to a bandwidth of 1,544 Kbps, you will definitely want to match the bandwidth metric on the serial interface to its real clock rate.
• If the clock rate is 64,000, the interface bandwidth metric will be 64 Kbps.

Modifying the Reference Bandwidth Link to heading

However, the ensure that the reference bandwidth is consistent across all routers in the area; otherwise, suboptimal routing may occur.

1. Assigns the default reference bandwidth to 100 Mbps which is the default setting: FE = 1, GE = 1, and 10GE = 1.
2. Assigns the default reference bandwidth to 1000 Mbps or 1 Gbps: FE = 10, GE = 1, and 10GE = 1.
3. Assigns the default reference bandwidth to 10000 Mbps or 10 Gbps: FE = 100, GE = 10, and 10GE = 1

Hello Timer Link to heading

Dead Timer Link to heading

Default Route Propagation Link to heading

• This static default route can be propagated to other routers within the OSPF domain.
• Routers who receive the propagated route will use O*E2 to identify the route in its routing table.
• Other routers will send any unmatched traffic (not in their own routing table) to the router propagating the default route - who will then forward these traffic using its own static default route.

Route Summarisation Link to heading

If there are contiguous networks and they cannot easily be summarised, split them into multiple summary commands.

Route Filtering Link to heading

Filtering of routes with vector-based routing protocols is straightforward. This is because the routes are filtered as routing updates and are advertised to downstream neighbours. However, with link-state routing protocols such as OSPF, every router in an area shares a complete copy of the link-state database. Therefore, filtering of routes generally occurs as routes enter the area on the ABR.

Filtering with Summarisation Link to heading

Area Filtering Link to heading

Local OSPF Filtering Link to heading

Equal Cost Load Balancing Link to heading

Debug Link to heading

Verification Link to heading

Troubleshooting Link to heading

Neighbour and Adjacency Problems Link to heading

• OSPF is not enabled on the interface, or a network router configuration command is misconfigured or missing.
• Mismatched Hello or dead timers, E-bits (set for stub areas), area IDs, authentication types, or network masks.
• Access list is misconfigured and might be blocking OSPF Hellos.
• Virtual link and stub area configurations are mismatched.
• OSPF is not enabled on the interface.
• Interface is defined as passive.
• Mismatched Hello/Dead interval.
• Mismatched authentication key.
• Mismatched area ID.
• Layer 2 is down.
• Interface is defined as passive under OSPF.
• Mismatched subnet number/mask over a broadcast link.
• Mismatched authentication type (plaintext versus MD5).
• Mismatched stub/transit/NSSA options.
• No network type is defined over NBMA (Frame Relay, X.25, SMDS, and so on).
• Frame-relay/dialer-map statement is missing the keyword broadcast on both sides.

Stuck in INIT Link to heading

• One side is blocking the Hello packet.
• One side is translating (NAT) OSPF Hellos.
• One side multicast capabilities are broken.
• Must be a Layer 2 problem.
• The dialer map or frame-relay map command is missing the broadcast keyword.
• Router sending Hellos to contact neighbour on NBMA but have received no reply.
• Neighbour Hellos are getting lost in the NBMA cloud.
• Neighbour received our Hello but is rejecting it for some reason (Layer 2).

Stuck in EXSTART/EXCHANGE Link to heading

• If the neighbour is bay router, adjust the interface MTU to match other vendors. OSPF sends the interface MTU in a database description packet. If there is any MTU mismatch, OSPF does not form an adjacency. See this link 🔗.
• Neighbour RIDs are identical unicast is broken:
  • Wrong VC/DLCI mapping in frame/ATM environment in a highly redundant network.
  • MTU problem, cannot ping across with more than certain length packet.
  • Access list blocking unicast. After 2-way OSPF send unicast packet except P2P links.
  • NAT is translating unicast packet.
• Between PRI and BRI/dialer and network type is P2P.

Stuck in LOADING Link to heading

• LS request is being made and neighbour is sending bad packet or corrupt memory:
  • Execute a show ip ospf request-list neighbor RID interface command to see a bad LSA.
  • show log will show OSPF-4-BADLSATYPE message.
• LS request is being made and neighbour is ignoring the request.
• MTU mismatch problem. Old IOS does not detect it (RFC 1583).

Routes Missing from Routing Table Link to heading

• One side is numbered, and the other is unnumbered.
• IP addresses are flipped, dual serial.
• Forwarding address is not known or is known via external/static (O*E1, O*E2) - route sum and redistribute connections?
• Different IP address or mask in P2P networks.
• distribute-list in is configured.
• Backbone area became discontiguous.
• OSPF is enabled on secondary but not on primary.