OSPF

OSPF, or Open Shortest Path First, is a link-state, open-standard, dynamic routing

protocol. OSPF uses an algorithm known as SPF, or Dijkstras Shortest Path First, to compute internally the best path to any given route.

OSPF is classless and converges fairly quickly, using cost as its metric. A router running OSPF creates its own database which contains information on the entire OSPF network, not simply

neighbors routes like EIGRP. This allows the router to make intelligent choices about path selection on its own instead of relying exclusively on neighbor information.

OSPF routers do form neighbor relationships though. They exchange hellos with neighboring

routers and in the process learn their neighbors Router ID (RID) and cost. Those values are then sent to the adjacency table.

Every router is responsible for computing its own best paths to all destinations within an OSPF

domain. Once the SPF algorithm selects the best paths, they are then eligible to be added to the

routing table.

Link State Database

Once a router has exchanged hellos with its neighbors and captured Router IDs and cost

information, it begins sending LSAs, or Link State Advertisements. LSAs contain the RID and

costs to the routers neighbors. LSAs are shared with every other router in the OSPF domain. A router stores all of its LSA information (including info it receives from incoming LSAs) in the

Link State Database (LSDB).

I apologize if the acronyms are starting to pile up. OSPF, architecturally speaking, is more

complicated than its counterpart EIGRP and the long list of acronyms and definitions is part of that.

Areas

OSPF is different from EIGRP in that it uses areas to segment routing domains. This helps

partition routers into manageable groups if the layer 3 network begins to get large. It all starts

with area 0. Every OSPF network must contain an area 0, sometimes referred to as the backbone

area and every additional area must be physically connected to area 0. From there, other areas

are optional.

Note that the SPF algorithm only runs within a single area, so routers only compute paths within

their own area. Inter-area routes are passed using border routers.

All link state databases must match within an OSPF area. This means that the more OSPF-

enabled routers are configured for the same area, the more LSA advertisements that must be sent

out. After you reach about 50 routers, the high levels of LSA traffic and numerous routing table

entries can become a problem. That is why Cisco recommends limiting an OSPF area to no

more than 50-100 routers.

The following three factors determine the maximum number of routers:

How easily the areas subnets can be summarized The type of areas being used

The number of external LSAs being injected

An added bonus of partitioning out your OSPF network into areas is that it is a natural fit for a

hierarchical IP scheme.

Area Types

Backbone area

Another name for area 0

Regular area

Non-backbone area, with both internal and external routes

Stub area

Contains only internal routes and a default route

Totally Stubby Area

Cisco proprietary option for a stub area

Not-So-Stubby area (NSSA)

Contains internal routes, redistributed routes, and optionally a default route

Totally Stubby NSSA

Cisco proprietary option for NSSA

Router Roles

Internal: All interfaces in a single area (routers 1, 4, 5 in diagram above)

Backbone: At least one interface assigned to area 0 (routers 1, 2 ,3 in diagram above)

Area Border Router (ABR): Have interfaces in two or more areas (routers 2 and 3 in diagram

above) ABRs contain a separate Link State Database, separating LSA flooding between areas,

optionally summarizing routes, and optionally sourcing default routes.

Autonomous System Boundary Router (ASBR): Has at least one interface in an OSPF area

and at least one interface outside of an OSPF area.

OSPF Metric

Each interface is assigned a cost value based purely on bandwidth. The formula is:

Cost = (100Mbs/bandwidth)

Higher bandwidth means a lower cost.

Lets run through some common examples quickly:

T1 line | 100,000 / 1544 = 64

10 Mbps | 100,000 / 10,000 = 10

100 Mbps | 100,000 / 100,000 = 1

1000 Mbps | 100,000 / 1,000,000 = .1 1(OSPF still uses 1 for this, see explanation below)

The cost is then accrued at each hop along the path based on the links bandwidth. Unfortunately, OSFP was written when 100Mbs was considered fast. Because of

that, it assigns the same cost to any interface with speeds higher than 100Mbs. To OSPF, a Fast

Ethernet interface is weighted the same as a Gigabit Ethernet interface, both a cost of 1. To fix

that problem, you can use the auto-cost command under the OSPF process.

R1(config-router)# auto-cost reference-bandwidth 1000

Another option is to simply change the cost on a per-interface basis with the ip ospf cost

command (using any number between 1-65,535).

R1(config-if)# ip ospf cost 35

Link State Advertisements

LSAs contain a sequence number and a Router ID. Sequence numbers are 32 bits, starting with

080000001. The sequence number increases if:

a route is added or deleted

a LSA ages out

The largest sequence number is always the most current. The default time that LSAs are aged

out is 30 minutes. When an LSA enters a router, it checks it against its internal Link State

Database (LSDB).

If it is new, it is added to the LSDB and the SPF algorithm is re-run.

If it contains a Router ID (RID) that is already in the database, entries with an older

sequence number are discarded.

If it receives an older version (according to its sequence number), it discards the LSA and

sends back the newer version to the original sender.

The command show ip ospf database will display the sequence numbers and age (in seconds) for

each entry.

LSDB Overload

In large OSPF networks, if major network changes occur, a flood of LSAs will immediately hit

the entire network. The number of incoming LSAs to each router could be substantial and bring

the CPU and memory to its knees.

To mitigate that scenario, Cisco offers what it refers to as Link Sate Database Overload

Protection. Once enabled, if the defined threshold is exceeded over one-minute time period, the

router will enter the ignore state dropping all adjacencies and clearing the OSPF database.

Know that this is a drastic response because routing will be disrupted during that period.

R1(config-router)# max-lsa number

LSA Definitions

OSPF Messaging

OSPF uses several different types of messages to maintain neighbor relationships and correct

routing information.

OSPF Packet Types

Hello

Discovers neighbors and works as a keepalive.

Link State Request (LSR)

Requests a Link State Update (LSU), see below.

Database Description (DBD)

Contains a summary of the LSDB, including RIDs and sequence numbers.

Link State Update (LSU)

Contains one or more complete LSAs.

Link State Acknowledgement (LSAck)

Acknowledges all other OSPF packets (except hellos). OSPF sends the five packet types listed

above over IP directly, using IP port 89 with an OSPF packet header. Multicast address

224.0.0.5 is used if sending to all routers, address 224.0.0.6 is used for sending to all OSPF DRs.

OSPF Neighbors

Hellos are sent out periodically using multicast on OSPF enabled routers. The router forms an

adjacency with a peer router when it sees its own Router ID in the neighbor field of another

routers hello message. That indicates there is direct, bi-directional communication on the same subnet.

Note: On multi-access links, adjacencies are only formed between the router and the DR and

BDR.

All of the following fields in an OSPF hello message must match for an adjacency to form:

hello timer

dead timer

area ID

authentication type

password

stub area flag

As with many network protocols, hellos act as a form of keepalive or heartbeat. With OSPF, if

four consecutive hellos are not received (the dead time), the router is considered down. Point-

point interfaces: hellos every 10 seconds, 40 second dead timer

Nonbroadcast multiaccess (NBMA) interfaces: hellos every 30 seconds, 120 second dead timer

OSPF States

There are 7 different OSPF states when forming neighbor relationships. Take the time to learn

the states and their corresponding functions.

Down

This is the first OSPF neighbor state. It means that no information (hellos) has been received

from this neighbor, but hello packets can still be sent to the neighbor in this state.

During the fully adjacent neighbor state, if a router doesnt receive hello packet from a neighbor within the RouterDeadInterval time (RouterDeadInterval = 4*HelloInterval by default) or if the

manually configured neighbor is being removed from the configuration, then the neighbor state

changes from Full to Down.

Attempt

This state is only valid for manually configured neighbors in an NBMA environment. In Attempt

state, the router sends unicast hello packets every poll interval to the neighbor, from which hellos

have not been received within the dead interval.

Init

This state specifies that the router has received a hello packet from its neighbor, but the receiving

routers ID was not included in the hello packet. When a router receives a hello packet from a neighbor, it should list the senders router ID in its hello packet as an acknowledgment that it received a valid hello packet.

2-Way

This state designates that bi-directional communication has been established between two

routers. Bi-directional means that each router has seen the others hello packet. This state is attained when the router receiving the hello packet sees its own Router ID within the received

hello packets neighbor field. At this state, a router decides whether to become adjacent with this neighbor. On broadcast media and non-broadcast multiaccess networks, a router becomes full

only with the designated router (DR) and the backup designated router (BDR); it stays in the 2-

way state with all other neighbors. On Point-to-point and Point-to-multipoint networks, a router

becomes full with all connected routers.

At the end of this stage, the DR and BDR for broadcast and non-broadcast multiacess networks

are elected. For more information on the DR election process, refer to DR Election.

Note: Receiving a Database Descriptor (DBD) packet from a neighbor in the init state will also a

cause a transition to 2-way state.

Exstart

Once the DR and BDR are elected, the actual process of exchanging link state information can

start between the routers and their DR and BDR.

In this state, the routers and their DR and BDR establish a master-slave relationship and choose

the initial sequence number for adjacency formation. The router with the higher router ID

becomes the master and starts the exchange, and as such, is the only router that can increment the

sequence number. Note that one would logically conclude that the DR/BDR with the highest

router ID will become the master during this process of master-slave relation. Remember that the

DR/BDR election might be purely by virtue of a higher priority configured on the router instead

of highest router ID. Thus, it is possible that a DR plays the role of slave. And also note that

master/slave election is on a per-neighbor basis.

Exchange

In the exchange state, OSPF routers exchange database descriptor (DBD) packets. Database

descriptors contain link-state advertisement (LSA) headers only and describe the contents of the

entire link-state database. Each DBD packet has a sequence number which can be incremented

only by master which is explicitly acknowledged by slave. Routers also send link-state request

packets and link-state update packets (which contain the entire LSA) in this state. The contents

of the DBD received are compared to the information contained in the routers link-state database

to check if new or more current link-state information is available with the neighbor.

Loading

In this state, the actual exchange of link state information occurs. Based on the information

provided by the DBDs, routers send link-state request packets. The neighbor then provides the

requested link-state information in link-state update packets. During the adjacency, if a router

receives an outdated or missing LSA, it requests that LSA by sending a link-state request packet.

All link-state update packets are acknowledged.

Full

In this state, routers are fully adjacent with each other. All the router and network LSAs are

exchanged and the routers databases are fully synchronized.

Full is the normal state for an OSPF router. If a router is stuck in another state, its an indication that there are problems in forming adjacencies. The only exception to this is the 2-way state,

which is normal in a broadcast network. Routers achieve the full state with their DR and BDR

only. Neighbors always see each other as 2-way.

OSPF Configuration

OSPF configuration is not too complicated, but has some important syntax distinctions from

EIGRP. First, it is configured from router configuration mode and requires a process ID

appended to the router ospf command. The process ID is only locally significant, so dont worry

if it doesnt match on other OSPF routers. R1(config)# router ospf process-id The next step is to determine which router interfaces you want participating in OSPF. Just like EIGRP, the network

statements define which local router interfaces will participate.

R1(config)# router ospf 10

R1(config-router)# network 10.1.1.0 0.0.0.255 area 0


In the example above, interfaces in the 10.1.1.0/24 subnet will participate in OSPF area

0. Interfaces in the 10.9.9.0/24 subnet will participate in OSPF area 1. Unlike EIGRP, the

subnet wildcard mask in the network statement is not optional because OSPF is classless by

default. Lets do another example.

R1 has six interfaces, all within area 0:

GigabitEthernet 0/0: 192.168.100.1/24




Serial 1/0: 10.100.100.1/30

Serial 1/1: 10.100.100.5/30

The simplest way to configure OSPF an all interfaces into area 0 would be to use this command:


A second option is to break up the 10. and 192. networks into different statements:



The third way to configure the interfaces to participate in OSPF:







All three approaches achieve the exact same result. The configuration you choose is up to you.

Interface Configuration

An alternative configuration option is to configure an interface to participate in OSPF

directly. The [ ip ospf process-id area area-id ] command takes precedence over the more

common network commands.

R1(config)# int gig 0/1

R1(config-if)# ip ospf 10 area 0

Router ID

The SPF algorithm uses a Router ID to identify hops along a path. The problem, of course, is

that routers dont have a generic router ID built in.

The designers of OSPF decided to use the highest IP address assigned to a loopback interface as

the Router ID (RID) by default. If no loopback is configured, it will use the highest IP address

assigned to an active interface when the OSPF process begins.

OSPF will not change the RID, even if another interface with a higher IP address comes online

unless the OSPF process is restarted. This helps keep the network stable and happy.

Note: The clear ip ospf process command will also force the OSPF process to restart, but will

cause an outage so use it with caution.

Loopbacks are preferred for use as a router ID because they are virtual interfaces and are not

affected by links going up and down. To configure a loopback interface, first create it and assign

it an IP address.

R1(config)# int loopback 0

R1(config-if)# ip address 10.100.100.1 255.255.255.255

Static RIDs

It is also possible to manually define a static Router ID within OSPF with the router-id

command.


R1(config-router)# router-id 10.100.100.1

DRs & BDRs

SPF works by mapping all paths to every destination on each router. It uses the RID to identify

hops along each path and uses bandwidth as a metric between those hops. This whole system

works really well when routers are connected with point-to-point links and OSPF traffic is

simply sent using multicast address 224.0.0.5.

It doesnt work well, however, when a router is connecting to multiaccess networks like an Ethernet VLAN. Multiaccess OSPF links require a Designated Router (DR) be elected to

represent the entire segment. Another router is then elected as the Backup Designated Router, or

BDR. On that specific multiaccess segment, routers only form adjacencies with the DR and

BDR.

The DR uses type 2, network LSAs to advertise the segment over multicast address

224.0.0.5. The Non-Designated routers then use IP address 224.0.0.6 to communicate directly

with the DR.

Elections

1. When the OSPF process on a router starts up, it listens for hellos. If it does not receive any

within its dead time, it elects itself the DR.

2. If hellos are received before the dead time expires, the router with the highest OSPF priority is

elected as the DR. Next, the same process happens to elect the BDR. Note: If a routers OSPF priority is set to 0, it will not participate in the elections.

3. If two routers happen to have the same OSPF priority, the router with the highest Router ID

will become DR. The same is true for BDR.

Once a DR is elected, elections cannot take place again until either the DR or BDR go

down. This essentially means that there is no OSPF DR preemption if another router comes

online with a higher OSPF priority. In the case that the DR goes down, the BDR automatically is

assigned the DR role and a new BDR election occurs.

Be aware that a router with a non-zero priority that happens to boots first can become the DR just

because it did not receive any hellos when the OSPF process was started even though it may have a low OSPF priority.

The default OSPF priority is 1 and Cisco recommends manually changing that on routers you

want to become the DR and BDR.

Remember that DRs are only used on multiaccess links, so they are only significant on an

interface level. A router with two different interfaces connected to two different multiaccess

links will have separate DR elections for each segment. To set the OPSF priority, use the ip ospf

priority command on the interface connected to the multiaccess segment. Values can be between

0-255.

R1(config)# int gig 0/1

R1(config-if)# ip ospf priority 255

OSPF over the WAN

Routing protocols assume both broadcast capabilities and full mesh connectivity on multiaccess

networks. For OSPF, there are a few points to consider:

Full mesh environments can use physical interfaces, but often times subinterfaces are

used

Partial mesh environments should be configured using point-to-point subinterfaces

Hub-and-spoke environments should elect the hub as the DR or use point-to-point

subinterfaces which dont require a DR Frame Relay and ATM maps should include the broadcast attribute

In multiaccess environments, the DR and BDR should have full virtual circuit

connectivity to all other routers

Summarization

First, its important to note that running the SPF algorithm on a router is extremely taxing on CPU resources and can easily consume them all. The reason is because OSPF has to compute

the best path to every destination within its area. Avoiding running the alogrithm whenever it

isnt required is a big win. Summarization has two important benefits for OSPF. It prevents topology changes from being passed outside an area thus reducing the number of routers re-running the SPF algorithm. It also consolidates many routes in to a single statement, reducing

the memory load and database size on OSPF-enabled routers. There are two types of route

sumarization, inter-area and external.

Inter-area Summarization (LSA Type 3)

This occurs on ABRs to summarize routes between areas. This really only works well if the

networks contained within an area are subnetted contiguously so that they can be easily

summarized into a single statement. The new summary routes cost will be equal to the lowest cost route within the summary range. After the command is entered, the router will automaticlly

create a static route pointing to Null0.

Example:

ABR-R1(config)# router ospf 10

ABR-R1(config-router)# area 2 range 10.100.0.0 255.255.0.0

In this example, the summary network 10.100.0.0/16 is summarized from area 2.

External Summarization (LSA Type 5)

This occurs on ASBRs for routes that are injected into OSPF via route redistribution. After the

command is entered, the router will automatically create a static route pointing to Null0.

Example:

ASBR-R1(config)# router ospf 10

ASBR-R1(config-router)# summary-address 192.168.0.0 255.255.0.0

In this example, an external network has been summarized into 192.168.0.0/16 and is injected

into OSPF via a single type 5 LSA.

OSPF Passive Interfaces

Like EIGRP, OSPF supports the use of passive interfaces. The passive-interface interface

command disables OSPF hellos from being sent out, thus disabling the interface from forming

adjacencies out that interface.

OSPF Default Routes

Default routes are injected into OSPF via type 5 LSAs. There are multiple ways to inject default

routes into OSPF, but Cisco recommends using the default-information originate command

under the OSPF routing process.


R1(config-router)# default-information originate [always] [metric metric]

If the always keyword is not used, OSPF will advertise a default route learned from another

source, like a static route. If the always keyword is present, a default route will be advertised

regardless if the route exists in the routing table.

Another option is to use the area range and summary-address commands discussed in the

summarization section above. Using these will result in the router advertising a default route

pointing to itself.

Stub and Not-So-Stubby Areas

Stub areas are another way to simplify route information that gets advertised. Area 2 in the

diagram above shows an example.

The ABR in a stub area drops all external routes and instead uses a default route of 0.0.0.0 (R3 in

this example). That is, they do not know about any non-OSPF route information outside their

own area.

A Cisco proprietary version of a stub area is a Totally Stubby Area, or TSA. TSAs do not

accept any external routes from non-OSPF sources AND they do not accept routes from other

areas within their OSPF autonomous system. If a router needs to send traffic to a route outside

of its own area, it sends the traffic using a default route.

ABRs use default routes in Stub and Totally Stubby areas.

Stubby areas are made into Totally Stubby Areas by appending the no-summary keyword to the

ABR.

Example:


R3(config-router)# area 2 stub no-summary

R3(config-router)# area 2 stub default-cost 8

The example above sets area 2 as a totally stubby area. The default-cost command is optional

and in this case changed the default route cost from 1 to 8.

Stub Limitations

Virtual links cannot be included

Cannot include an ASBR

The stub configuration must be applied to every router within the stubby area

Area 0 cannot be a stub

Bullet point 3 is extremely important! If two routers are connected, but one does not have the

stub statement configured, the hello packets will be dropped and they will not form a neighbor

adjacency.

Not-So-Stubby Areas, or NSSAs were an addendum to the original OSPF RFC and defined a

new special LSA, type 7. NSSAs are very similar to stubby areas, but they allow the use of

ASBRs in the area something stub areas prohibit.

External routes are advertised by the ASBR as type 7 LSAs and the ABR then converts them into

type 5 external LSAs when it advertises them to adjacent areas.

NSSA is configured using the area area-number nssa command as can been seen in the example

below. Using the no-summary keyword turns the area into a Totally Stubby NSSA. A Totally

Stubby NSSA does not accept external or summary routes from other areas.

Lastly, the NSSA ABR does not by default advertise a default route back into the area. The

default-information-originate option does just that.


R4(config-router)#area 1 nssa [no-summary] [default-information-originate]

OSPF Virtual Links

OSPF has strict rules around how areas connect and where they can be located. More

specifically, every area must be physically connected to area 0 and area zero must be

contiguous meaning it cannot broken into multiple, connected area 0s.

Virtual links were developed as a band-aid to situations that temporarily must violate those

requirements. Virtual links connect areas that do not connect directly to area 0. It can also

connect two area 0s together!

Keep in mind that Cisco recommends virtual links be a temporary workaround to a short-term

problem, not a permanent design.

The diagram below illustrates an example when a virtual link could be used. Lets pretend Company ABC and Company XYZ just announced a merger and now their corporate networks

must do the same. In this case, both routers R1 and R2 have now become ABRs and the virtual

link configuration will be applied to them. The command area area-number virtual-link router-

id is applied to each ABR.

Note that the area used in the command is the transit area that the virtual link resides in. Also,

the RID identifies the RID of the OTHER router at the end of the link!

Example:


R1(config-router)# area 1 virtual-link 10.30.30.30


R2(config-router)# area 1 virtual-link 10.50.50.50

OSPF Authentication

Out of the box, OSPF does not authenticate its protocols messages or route updates. OSPF does, however, support two message authentication options:

Simple Authentication- using plaintext keys

MD5 Authentication

Matching authentication methods and keys must configured on each interface on a

segment. Theoretically, different passwords could be applied to different router interfaces the routers on the other ends of those links would just be required to have matching information.

Simple Authentication Example

R1(config)# int fa0/1

R1(config-if)# ip ospf authentication-key KEY123

R1(config-if)# ip ospf authentication

R1(config-if)# exit


R1(config-router)# area 0 authentication

MD5 Authentication Example

R1(config)# int fa0/1

R1(config-if)# ip ospf message-digest-key 1 md5 KEY123

R1(config-if)# ip ospf authentication message-digest

R1(config-if)# exit


R1(config-router)# area 0 authentication message-digest

** The 1 in theip ospf message-digest-key 1 md5 KEY123 statement above is a key number.

OSPF Verification

The OSPF neighbor table can be viewed using the show ip ospf neighbor command. It shows

the status of the OSPF database loading process, status of neighbor adjacencies, as well as DR

and BDR assignments.

To show which OSPF routers are being used by the routing table, issue the show ip route ospf

command.

The show ip ospf command displays the RID, counters, and timers.

To see which router interfaces are participating in OSPF (and their area assignments), use the

show ip ospf interface command

OSPF

Documents

ospf area

ospf routers

area types backbone

single area

additional area

areas ospf

interarea routes

regular area nonbackbone