OSPF¶
OSPF (Open Shortest Path First) is a link-state routing protocol that efficiently determines the best path for packets within a routing domain. Unlike distance-vector protocols that share routing tables with neighbors, OSPF routers maintain a complete map of the network topology.
OSPF's primary strength is its ability to quickly adapt to network changes and efficiently scale across medium to large networks. It uses Dijkstra's algorithm to calculate the shortest path first to each destination.
OSPF Operation¶
OSPF States¶
When forming relationships, OSPF routers progress through these states:
- Down: No hello packets received
- Init: Hello packet received
- 2-Way: Bidirectional communication established
- ExStart: Master/slave relationship determined
- Exchange: Database description packets exchanged
- Loading: Link state requests sent
- Full: Complete synchronization achieved
Network Types¶
OSPF behaves differently based on the network type:
| Network Type | DR/BDR Election | Neighbor Discovery | Common Media |
|---|---|---|---|
| Point-to-Point | No | Unicast | Serial links, P2P WAN |
| Broadcast | Yes | Multicast | Ethernet, Token Ring |
| Non-Broadcast | Yes | Manual config | Frame Relay, X.25 |
| Point-to-Multipoint | No | Multicast | Hub and spoke networks |
| Point-to-Multipoint Non-Broadcast | No | Manual config | NBMA hub and spoke |
Real-World OSPF Deployments¶
OSPF Neighbor Discovery Process¶
OSPF routers discover each other through a well-defined mechanism:
- Multicast Hello Packets: On broadcast and multipoint networks, routers send Hello packets to the multicast address:
- IPv4: 224.0.0.5 (AllSPFRouters)
-
IPv6: FF02::5 (All OSPF Routers multicast)
-
Direct Configuration: On non-broadcast networks (like Frame Relay), neighbor addresses must be manually configured.
Router A Router B
+--------+ +--------+
| | Hello Packet | |
| |------------------------------>| |
| | (Multicast FF02::5) | |
| | | |
| | Hello Packet | |
| |<------------------------------| |
| | (Multicast FF02::5) | |
+--------+ +--------+
Example Hello Packet Contents:¶
Hello Packet from Router A (10.1.1.1):
- Router ID: 10.1.1.1
- Area ID: 0.0.0.0
- Network Mask: 255.255.255.0
- Hello Interval: 10 seconds
- Dead Interval: 40 seconds
- Router Priority: 1
- Designated Router: 0.0.0.0 (none yet)
- Backup Designated Router: 0.0.0.0 (none yet)
- Neighbors: (empty at first)
- Authentication data (if configured)
Key Parameters for Neighbor Discovery:¶
For two OSPF routers to form an adjacency, these parameters must match:
| Parameter | Description | Common Value |
|---|---|---|
| Area ID | Identifies which area the interface belongs to | 0.0.0.0 (backbone) |
| Authentication | Authentication type and password | MD5/SHA hashing |
| Hello Interval | How often Hello packets are sent | 10 seconds (typical) |
| Dead Interval | How long to wait before declaring neighbor down | 40 seconds (typically 4x Hello) |
| Network Type | Must match on both routers | broadcast, point-to-point, etc. |
| MTU | Maximum Transmission Unit | Should match on both ends |
| Stub Area Flag | Whether area is stub or not | Must match for all routers in area |
Practical Example of OSPF Discovery (Three-Router Network)¶
Here's how OSPF discovery works in a simple three-router network:
192.168.1.0/24 192.168.2.0/24
+----------------+ +----------------+
| | | |
+-+-------+ +--+------+ +----+----+
| Router A |-----| Router B |-----| Router C |
| 1.1.1.1 | | 2.2.2.2 | | 3.3.3.3 |
+----------+ +----------+ +----------+
Step 1: Initial Configuration¶
Router A:
ipv6 router ospf 1
router-id 1.1.1.1
interface GigabitEthernet0/0
ipv6 address 2001:db8:1::1/64
ipv6 ospf 1 area 0
Router B:
ipv6 router ospf 1
router-id 2.2.2.2
interface GigabitEthernet0/0
ipv6 address 2001:db8:1::2/64
ipv6 ospf 1 area 0
interface GigabitEthernet0/1
ipv6 address 2001:db8:2::1/64
ipv6 ospf 1 area 0
Router C:
ipv6 router ospf 1
router-id 3.3.3.3
interface GigabitEthernet0/0
ipv6 address 2001:db8:2::2/64
ipv6 ospf 1 area 0
Step 2: Discovery and Adjacency Formation¶
- Initial Hello Exchange:
- Router A sends multicast Hello packets out its Gi0/0 interface (to FF02::5)
- Router B receives these on its Gi0/0 interface and adds Router A to its neighbor table
-
Router B also sends Hello packets, which Router A receives
-
2-Way State:
- Router B now includes Router A's Router ID in its Hello packets
- Router A sees its own Router ID in Router B's Hello packets
-
This confirms bidirectional communication
-
Designated Router Election (on broadcast networks):
- Highest priority router becomes DR (1 is default)
- Second highest becomes BDR
-
In case of tie, highest Router ID wins
-
Database Synchronization:
- Routers exchange Database Description packets
- Each router sends Link State Request packets for missing LSAs
- Routers respond with Link State Update packets
- Once complete, routers are fully adjacent
Step 3: Final Neighbor Table¶
Router A's neighbor table:
Router-A# show ipv6 ospf neighbor
Neighbor ID Pri State Dead Time Interface ID Interface
2.2.2.2 1 FULL/DR 00:00:36 3 GigabitEthernet0/0
Router B's neighbor table:
Router-B# show ipv6 ospf neighbor
Neighbor ID Pri State Dead Time Interface ID Interface
1.1.1.1 1 FULL/BDR 00:00:38 2 GigabitEthernet0/0
3.3.3.3 1 FULL/BDR 00:00:33 2 GigabitEthernet0/1
Router C's neighbor table:
Router-C# show ipv6 ospf neighbor
Neighbor ID Pri State Dead Time Interface ID Interface
2.2.2.2 1 FULL/DR 00:00:35 3 GigabitEthernet0/0
OSPF Areas and Their Purpose¶
In real-world networks, OSPF is typically deployed in a hierarchical structure using areas:
+----------------+
| |
| Area 0 |
| (Backbone Area)|
| |
+-------+--------+
/|\
/ | \
/ | \
+--------+ | +--------+
| | |
+-------+---+ +-----+----+ +----+------+
| | | | | |
| Area 1 | | Area 2 | | Area 3 |
| | | | | |
+-----------+ +----------+ +-----------+
This hierarchical design serves several purposes: - Reduces processing load: Routers only maintain detailed information about their own area - Minimizes routing table size: Area Border Routers (ABRs) summarize routes between areas - Isolates instability: Problems in one area don't cascade to the entire network - Optimizes convergence time: Smaller topology databases process faster
Common Deployment Scenarios¶
Enterprise Campus Network¶
In a typical enterprise deployment:
+------------------+
| Core Router |
| (Area 0 Backbone)|
+--------+---------+
|
+-------------+-------------+
| |
+--------+---------+ +---------+--------+
| Distribution | | Distribution |
| Router (Area 0/1)| | Router (Area 0/2)|
+--------+---------+ +---------+--------+
| |
+-----------+-----------+ +-----------+-----------+
| | | | | |
+----+----+ +----+----+ +----+----+ +----+----+ +----+----+
| Access | | Access | | Access | | Access | | Access |
| Switch | | Switch | | Switch | | Switch | | Switch |
| Area 1 | | Area 1 | | Area 2 | | Area 2 | | Area 2 |
+---------+ +---------+ +---------+ +---------+ +---------+
- Core routers: Participate only in Area 0 (backbone)
- Distribution routers: Act as ABRs connecting Area 0 to access areas
- Access switches: Often implement OSPF in smaller areas
Service Provider Network¶
Service providers often use OSPF as an IGP (Interior Gateway Protocol) within their network:
+------------+
| AS 100 |
| OSPF Core |
| (Area 0) |
+-----+------+
/|\
/ | \
+---------+ | +---------+
| | |
+------+---+ +----+-----+ +---+------+
| Region 1 | | Region 2 | | Region 3 |
| (Area 1) | | (Area 2) | | (Area 3) |
+------+---+ +----+-----+ +---+------+
| | |
Customer Customer Customer
Sites Sites Sites
BGP Peers BGP Peers BGP Peers
- Core network: Area 0 forms the backbone
- Regional POPs: Separate areas for different geographical regions
- Customer edge: Usually connected via BGP, with OSPF used internally
DR/BDR Election in Real Networks¶
In broadcast networks (like Ethernet), OSPF elects a Designated Router (DR) and Backup Designated Router (BDR) to reduce the number of adjacencies:
+-----------+
| |
| Router A |
| DR |
+-----+-----+
|
+-------+ +--------+-------+ +-------+
| | | | | |
|Router B|---| Ethernet |---|Router D|
| BDR | | Segment | | |
+-------+ +--------+-------+ +-------+
|
+-----+-----+
| |
| Router C |
| |
+-----------+
- Instead of forming N(N-1)/2 adjacencies (6 in this example)
- Each router forms adjacencies only with the DR and BDR (total of 6 adjacencies)
- This is crucial in segments with many routers (like data centers)
OSPF in Multi-Area Design¶
Real-world diagram of how different area types interconnect:
+------------------+ +-------------------+
| Autonomous System| | Area 20 |
| External Network +-----+ (Normal Area) |
| AS 300 | | |
+------------------+ | +-------------+
+-----+ |
| |
+---------------+ +-----------+ |
| Area 30 | | |
| (Totally +----+ Area 0 |
| Stubby Area) | | (Backbone Area) |
+---------------+ | |
| +-----------+
+------------+
|
+--------+---------+
| Area 10 |
| (Stub Area) |
| |
+------------------+
Area types: - Normal Area (Area 20): Receives all LSAs, including external routes - Stub Area (Area 10): No external routes, only default route to reach external networks - Totally Stubby Area (Area 30): Only default route to reach all destinations outside the area
OSPF Security¶
OSPF supports various authentication methods:
- Null authentication: No security (default)
- Simple password: Clear text passwords (weak)
- MD5: Cryptographic hashing (better)
- SHA: More secure hashing (best)
- IPsec: Used primarily with OSPFv3 for IPv6
OSPF Configuration Examples (IPv6)¶
The following examples show how to configure OSPFv3 for IPv6 networks on various platforms:
OSPFv3 for IPv6 (Cisco IOS)¶
ipv6 router ospf 1
router-id 10.0.0.1
interface GigabitEthernet0/0
ipv6 ospf 1 area 0
ipv6 ospf authentication ipsec spi 256 sha1 secure-password
OSPFv3 for IPv6 (Juniper JunOS)¶
protocols {
ospf3 {
area 0.0.0.0 {
interface ge-0/0/0.0 {
authentication {
key-chain ospfv3-key;
}
}
}
area 0.0.0.1 {
stub;
interface ge-0/0/1.0;
}
}
}
OSPFv3 for IPv6 (VyOS)¶
OSPFv3 for IPv6 (MikroTik RouterOS)¶
# Add an OSPFv3 instance
/routing ospf-v3 instance add name=ospfv3-instance router-id=10.0.0.1
# Configure area 0 (backbone)
/routing ospf-v3 area add instance=ospfv3-instance area-id=0.0.0.0
# Configure interfaces
/routing ospf-v3 interface add interface=ether1 area-id=0.0.0.0 network-type=broadcast
/routing ospf-v3 interface add interface=ether2 area-id=0.0.0.0 network-type=broadcast
# Enable authentication if needed
/routing ospf-v3 interface-template add type=nbma priority=1 interface-prefix=ether1 passive=no authentication=true authentication-key=secure-password
OSPF Practical Troubleshooting¶
Common OSPF problems and their solutions in real networks:
Problem: Neighbors Not Forming¶
Possible causes: - Interface network types don't match (broadcast vs point-to-point) - Mismatched hello/dead intervals (must match on both routers) - Different area IDs configured on the same segment - IP subnet mismatch - Authentication failure
Example Troubleshooting Scenario: Neighbors Not Forming¶
Symptom:¶
Routers A and B are connected but not forming an OSPF adjacency:
Investigation Steps:¶
-
Verify interface configuration:
RouterA# show ipv6 ospf interface GigabitEthernet0/0 GigabitEthernet0/0 is up, line protocol is up Link Local Address FE80::1, Interface ID 3 Area 0, Process ID 1, Instance ID 0, Router ID 1.1.1.1 Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 1.1.1.1, local address FE80::1 No backup designated router on this network Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:08 Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0, maximum is 0 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 0, Adjacent neighbor count is 0 -
Check for connectivity at Layer 2 and Layer 3:
-
Packet capture to see if Hello packets are being exchanged:
-
Check RouterB's configuration:
RouterB# show ipv6 ospf interface GigabitEthernet0/0 GigabitEthernet0/0 is up, line protocol is up Link Local Address FE80::2, Interface ID 3 Area 1, Process ID 1, Instance ID 0, Router ID 2.2.2.2 Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 2.2.2.2, local address FE80::2 No backup designated router on this network Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:05 Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0, maximum is 0 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 0, Adjacent neighbor count is 0
Problem Identified:¶
Notice that Router A is configured for Area 0, but Router B is configured for Area 1. OSPF neighbors must be in the same area to form an adjacency.
Solution:¶
Reconfigure Router B to use Area 0:
RouterB# configure terminal
RouterB(config)# interface GigabitEthernet0/0
RouterB(config-if)# no ipv6 ospf 1 area 1
RouterB(config-if)# ipv6 ospf 1 area 0
RouterB(config-if)# end
Verification:¶
After making the change, check the neighbor status:
RouterA# show ipv6 ospf neighbor
Neighbor ID Pri State Dead Time Interface ID Interface
2.2.2.2 1 INIT/DROTHER 00:00:34 3 GigabitEthernet0/0
RouterA# show ipv6 ospf neighbor
Neighbor ID Pri State Dead Time Interface ID Interface
2.2.2.2 1 FULL/BDR 00:00:36 3 GigabitEthernet0/0
The OSPF adjacency has formed successfully, going through the INIT state to FULL state.
Verification Commands¶
Cisco IOS:¶
Juniper:¶
show ospf3 neighbor
show ospf3 interface ge-0/0/0.0 detail
monitor traffic interface ge-0/0/0.0 matching "ip proto ospf"