From CCIE Study Wiki

OSPF is a link-state routing protocol widely used in enterprise networks. It provides for a loop-free routing environment and features quick convergence after topology changes.

Theory

Contents 1 Theory 1.1 OSPF Operations 1.2 LSA Exchange Process 1.3 OSPF on Multi-access Networks 1.4 OSPF Routing 1.5 OSPF Areas 1.6 OSPF Timers and Numbers 2 Commands 3 Default Settings 4 Verification 5 Troubleshooting, Tips, and Tricks 6 Online Resources 6.1 Cisco OSPF Resources 6.2 OSPF Theory 6.3 OSPF Configuration

OSPF Operations

All routers participating in OSPF must choose a unique 32-bit dotted decimal identifier called the OSPF Router Identifier (RID). Cisco devices use the following steps to choose the RID:

1. Use the router-id specified by the command router id id
2. If no router-id configured, use the highest numeric IP address on any loopback interface that is in a up/up state
3. If no loopbacks are available, use the highest numeric IP address on any non-loopback interface that is up/up

A few additional RID notes: the RID does not have to come from an advertised interface or have a path to that interface. OSPF looks at the interface state when first choosing its RID, it only changes the RID when OSPF is restarted or changed due to reconfiguration. RIDs configured with the router id command will not change until the command is changed. If a router's RID is changed, all routers in the same area have to recompute SPF.

OSPF uses five different types of messages, all of which are communicated by encapsulating them in IP packets and sent using IP protocol 89. LSA's are NOT message types.

1. Hello - used to discover and monitor neighbors, brings a neighbor relationship to a 2-way state, checks for agreement on configuration parameters
2. Database Description (DD or DBD) - Used to exchange brief versions of LSAs with neighbors, so that a router knows a list of LSAs that a neighbor knows
3. Link-State Request (LSR) - Sent to a neighbor, identifies one or more LSAs that the sending router would like full details about.
4. Link-State Update(LSU) - A packet that contains full LSAs, usually sent in response to a LSR
5. Link-State Acknowledgment - Sent to confirm receipt of a LSU message

An OSPF-enable router listens for hellos sent to the 224.0.0.5 multicast address (known as the All OSPF Routers address) on all OSPF-enabled interfaces. OSPF routers will attempt to become adjacent to any other OSPF routers it discovers. Routers perform the following checks based on the parameters in the hellos - if any of these do not match, the routers will not become neighbors:

• Must pass any authentication
• Must be in same primary subnet with the same subnet mask
• Must be in the same OSPF area and have the same area type
• Must not have the same RID
• Must have same hello and dead timers.

Note that the OSPF process IDs do NOT have to match. Also, while not a formal check, MTU values will need to be equal on the network or a OSPF adjacency will never form (unless ip ospf mtu-ignore command is used).

Being a neighbor is the first step for routers becoming adjacent. If routers are not neighbors they can not be adjacent. For routers to be adjacent the following criteria has to be matched:

• Routers have to be neighbors
• Routers have to use compatible network types (i.e. Point-to-point, point-to-multipoint, point-to-multipoint broadcast is one set of neighbors compatible, while broadcast and nonbroadcast is another set of compatible network interfaces).
• Routers in broadcast/nonbroadcast network types can only be adjacent to DR/BDR routers.

Note that hello-interval and dead-interval will have to be changed when using different not matching interval timers.

OSPF Neighbor States:

• Down - No Hellos have been received from this neighbor for more than the dead interval
• Attempt - Router sending Hellos to manually configured neighbor
• Init - Hello received from neighbor, but did not have the routers RID in it. Permanent state when Hello parameters do not match.
• 2WAY - Stable state for pairs of DROther neighbors
• ExStart - Currently negotiating the DD sequence numbers and master/slave relationship for DD packets
• Exchange - Currently exchanging DD packets
• Loading - DD compete, filling the complete LSDB with LSU packets
• Full - Neighbors are fully adjacent, should have LSDB entries for each area. Routing table calcs can begin.

LSA Exchange Process

Adjacent OSPF routers will share information about network topology in the form of Link-State-Advertisements or LSAs.

After hellos are heard by two OSPF routers and they pass all of the parameter checks, each router will create and send a Database Description (DD or DBD) packets, which contain the headers of each LSA (see the LSA types below) they have. Each DD packet sent has a sequence number, and the receiver of the DD packet acks that it was received by sending an identical DD packet back to the sender. The router with the higher RID becomes the maste in this DD exchange process (Called the ExStart process), and is the one responsible for increasing the sequence numbers.

After exchanging DD packets, each router can determine which LSA's the other router has a more recent copy of. Each LSA has a sequence number associated with it that is incremented every time the LSA changes. Routers use Link-State Request (LSR) packets to request one or more LSA's from a neighbor. The neighbor replies with Link-State Update packets, which hold one or more LSA's. After this process, each router will run the Dijkstra SPF algorithm to calculate best routes.

• As the LSR/LSU process is happening, the router is considered in a Loading state
• After the LSR/LSU process is complete, the routers should have identical LSDB's, and are in the Full state.
• For error-control, each LSU packed will be acknowledged by either an LSAck packet or the router sending back an identical packet to the one that was just sent.

Link-State Advertisements or LSAs are created and advertised by OSPF routers to describe the network topology seen by that router. There are several types:

• Type 1 - Router - One of these per router, lists RID and interface IP addresses, represents stub networks
• Type 2 - Network - One per transit network, created by the DR on that network, lists subnet and router interfaces connected to that subnet
• Type 3 - Net Summary - Created by ABRs to represent one area's type 1 and 2 LSAs when being advertised into another area. Defines links and cost of origin area, but no topology data
• Type 4 - ASBR Summary - Advertises a host route used to reach an ASBR - used in conjunction with LSA type 5 external type 2 LSA's
• Type 5 - AS External - Created by ASBRs for external routes injected into OSPF
• Type 7 - NSSA External - Like a type 5, but the ASBR is inside a NSSA area

There are other LSA types, but not relevant to Cisco gear. OSPF should be able to use the info in type 1+2 LSAs to map out the topology of the area it is in.

LSAs are stored locally in the router in a database referred to as the Link-State Database or just LSDB. Each router will have a separate LSDB for each area it is a member of (see more on areas below).

OSPF on Multi-access Networks

On a multiaccess network, each router present does not have to form a neighbor relationship with every other router. In order to save resources, OSPF will select a Designated Router (DR) and a backup (BDR) to control flooding of LSAs.

• DRs also create type 2 LSA's that represent the subnet
• Routers that are not DRs or BDRs on the network will only become full adjacent with the DR or BDRs. They become neighbors with all routers on the network, but do not exchange DD or LSU packets.
• To communicate only with DRs, OSPF will use the multicast address of 224.0.0.6 (All OSPF DR Routers multicast address)
• A router that is neither a DR or BDR is called a DROther by OSPF

OSPF Hello messages will state the DR address in them, if known by the sending router. If upon initialization when a router reaches the 2-way state with a neighbor it sees a DR of 0.0.0.0 in the neighbor's hellos, it will wait a period of time (called the OSPF wait time, set to same value as the Dead timer) before trying to elect a DR. This pause is so other routers can finish initializing and participate in the election.

On the other hand, If a neighbor's hellos already list the DR's RID, then the newly connected router just uses the listed RID and doesn't start a new election.

To participate in the DR election process, an OSPF router must have a priority value set (by default priority is 1). Any router with a configured priority command set to 1-255 (higher is better) can try to become the DR by putting it's own RID in the DR field of its sent hellos. Routers examine three things when considering the DR election process - priority settings, RIDs, and whether the neighbor wants to become the DR. The full process is as follows:

1. Top criteria for DR election is the highest priority
2. If priorities are equal, the router with the higher RID is better.
3. The second place finisher in the election becomes the BDR

If a new router arrives after the election, it cannot preempt the existing DR, no matter what it's priority. If the DR fails and the BDR becomes the new DR, a new election is held for a new BDR.

OSPF behavior regarding DR/BDRs, timers, whether or not a neighbor command is necessary, and if more then two hosts are allowed on the subnet can vary according to the type of network involved.

1. Broadcast Interface (LAN's) - Uses DR/BDR, 10 sec hellos, neighbor not required, more then two hosts allowed
2. Point-to-Point (Frame Relay PtoP) - No DR/BDR, 10 sec hellos, neighbor not required, doesn't allow more then two hosts
3. Nonbroadcast NBMA (Frame physical/multipoint) - Uses DR/BDR, 30 sec hellos, neighbor required, more then two hosts OK
4. Point-to-multipoint - No DR/BDR, 30 sec hellos, neighbor not required, more then two hosts OK
5. Point-to-multipoint nonbroadcast - No DR/BDR, 30 sec hellos, neighbor required, more then two hosts OK

OSPF Routing

The basic OSPF routing metric is the cost Interface costs can be set through the neighbor command, on the interface itself by using ip ospf cost, or based on bandwidth (and manipulated by bandwidth and reference-bandwidth values)

OSPF path selection process will ignore cost when it can choose a certain kind of route over another:

1. OSPF will prefer Intra-Areas routes over all others regardless of cost
2. Prefer inter-area routes next
3. OSPF external type 1 routes
4. Lastly prefer OSPF external type 2 routes

OSPF Areas

An OSPF network may be divided into routing areas to simplify administration and optimize traffic and resource utilization. Routers that connect to different areas are Area Border Routers (ABRs). Each ABR must connect to area 0 and 1 or more other areas. Autonomous System Boundary Routers (ASBRs) border another routing domain and inject routes external to OSPF into the OSPF domain.

• ABRs do not forward type 1+2 LSA's from one area to another. Instead, they advertise type 3 LSA's into one area in order to represent the links and cost.
• ABRs can lean about summary LSAs from other ABRs, inside the nonbackbone area, but the ABR will not advertise another LSA back into area 0 for that subnet.
• ABRs ignore LSAs created by other ABRs, when leaned through a non-backbone area when calculating least cost paths. This prevents an ABR from choosing a path that goes into one nonbackbone area and then back into area 0 through some other ABR.

When an ASBR injects external routes into OSPF, it creates a type 5 LSA. This LSA comes in two flavors:

• external type 2 - This is the default version of the type 5 LSA. It is flooded into any connected areas by the ASBR, and contains the metric that the ASBR specified. This LSA is flooded into other areas, and the metric is NOT changed by them. Other OSPF routers, when considering this route, rely ONLY on the stated ASBR metric while ignoring the route costs that are within the OSPF domain.
• external type 1 - Also flooded into any connected areas by the ASBR, contains the metric that that the ASBR specified, and when flooded by ABRs into other areas this metric is not changed. What is different that when any ABRs flood this type 5 LSA into other areas, they will also generate a type 4 LSA that will contain the metric of the route back to the ASBR from the router. Any systems computing a route from the type 5 external type 1 LSA will also add the cost of the route to the ASBR into the equation.

Summary: external type 1 LSAs use local OSPF costs when computing its best external routes, external type 2 do NOT use local OSPF costs.

OSPF can further reduce overhead by using stub-areas

OSPF Timers and Numbers

OSPF Timers Summary:

• MaxAge - Max time an LSA can be in a router's LSDB without receiving a newer copy of the LSA before the LSA is removed. Default 3600 seconds.
• LSRefresh - Interval per LSA on which a router floods an identical LSA to prevent MaxAge expiration. Default 1800 seconds.
• Hello - Time interval per hellos, default of 10 or 30 secs. Configured per interface.
• Dead - Time interval in which a hello should be received from a neighbor, if expires the neighbor is considered failed. Configured per interface, default is four times hello.
• Wait - Time a router will wait to get a Hello asserting a DR after reaching a 2Way state with that neighbor. Same number as dead interval. Per interface.
• Retransmission - Time between sending a LSU, not getting ack'd, and resending the LSU. Default 5 secs.
• Poll Interval - Used on NBMA networks, period at which Hellos are sent to a down neighbor. Default is 60 secs.
• Flood (Pacing) - Interval between successive LSUs when flooding LSAs. Default is 33ms. Per interface.
• Retransmission - Per interface, interval between retransmitted packets in a single retransmission event, default 66ms
• LSA-Group (Pacing) - Per OSPF process. Since LSAs time out independent of each other, this timer improves LSU flooding be causing the OSPF process to wait and collect several LSAs who expire and transmit them all together. Default is 240 seconds.

Various OSPF Number Ranges:

• • 1 to 655355 - Single Interface Cost range, OSPF RIDs
  • 1 to 16,777,215 - Route cost range - upper number is considered infinite route cost
  • 1 to 4,294,967 - Ref bandwidth range

Commands

• router ospf process-id (global) - Enables OSPF routing and places router into router configuration mode.
• network ip-address wildcard-mask area area-id (router) - Enables OSPF on interfaces with an ip address matching the expressed network range.
• ip ospf number area area (interface) - Interface command to explicitly enable OSPF on the stated interface.
• ip ospf priority number-value (interface) - Adjusts the priority of the interface when participating in the DR election process.
• ip ospf hello-interval seconds (interface) - Adjusts the frequency of hellos on the interface.
• ip ospf dead-interval seconds (interface) - Adjusts the dead-interval on the interface
• ip ospf retransmit-interval seconds (interface) - Adjusts the interval of how long the interface will wait after sending an LSU without receiving and ACK before retransmitting.
• ip ospf transmit-delay seconds (interface) - Sets the estimated number of seconds required to send a link-state update packet on an OSPF interface.
• log-adjacency-changes [detail] (router) - Configure this command to learn about OSPF neighbors going up and down.
• timers pacing lsa-group seconds (router) - Changes the pacing timers for LSAs.
• ip ospf mtu-ignore (interface) - Disables the MTU check.

Default Settings

• Hello interval 10 seconds on LAN interfaces and 30 seconds on T1 and slower interfaces. Dead interval is 4x the hello interval.

• A router that originally advertised an LSA will reflood each LSA based on a per-LSA Link-State Refresh (LSRefresh) interval - default is 30 minutes. Each router expects to have its LSA refreshed within each LSA's Maxage timer - default 60 minutes.

• OSPF priority for a interface is 1

• For other timer defaults, see timer defs above.

Verification

• show ip ospf [process-id] - Displays general OSPF info
• show ip ospf border-routers - Shows the internal OSPF routing table entries to the ABR and ASBR
• show ip ospf [process-id [area-id]] database - Displays OSPF database info. There are MANY options to limit this command that aren't listed here.
• show ip ospf interface [interface-type interface-number] - Shows OSPF interface-related info.
• show ip ospf neighbor [interface-name] [neighbor-id] detail - Displays OSPF neighbor info on a per-interface basis.

Troubleshooting, Tips, and Tricks

• When dealing with mix-matched network types, make sure the default hello/dead timers do not cause the Hello checks to fail

• Strange behavior can be shown if one router expects a DR to come up and the other one doesn't. Neighbors may come up and LSAs can be communicated, but next-hop routers may not be reachable.

• DR and BDR should have PVC's to every other router in a Frame Relay situation

• CCIE Candidate has a few OSPF tips (at the bottom of the article).

• Don't forget about the show ip ospf database-summary command, CCIE Pursuit reminds us.

• Cisco whitepaper with some reasons why OSPF routes may be in the database but not in the routing table.

• Are you getting "Dead timer expired" or "To many DBD retransmissions" OSPF errors on a link between a router and a switch? Brian at Internetwork Expert points out that MTU mismatches may be the cause and suggests a few ways to resolve the issue.

• Caue at Cisco Network Engineer troubleshoots an OSPF routing issue at work.

• Ivan has a few tips about debugging ospf adjacencies and troubleshooting OSPF neighbors stuck in the exstart phase.

• OSPF neighbors can form adjacencies on point-to-pint links even with mismatched subnet masks.

• The Ferret The Ferret's Corner shares the ospf ispf command, which could help your system save some CPU resources.

• IP Expert has the scoop on OSPF Flood_War errors.

• Scott Morris explains a tricky OSPF area question.

• Why neighbors may be stuck in the OSPF exstart/exchange phase.

• Watch out for the OSPF LLS compatibility feature.

• Troubleshooting OSPF MTU issues from A Networker Blog.

Online Resources

Cisco OSPF Resources

• Cisco OSPF Configuration Guide.

• Cisco's excellent OSPF design guide.

• Cisco learning module presentations on introducing OSPF and OSPF LSAs (must be registered to view).

• Cisco TAC training module on OSPF (must be registered to view).

• Short Cisco technote on OSPF neighbor states.

OSPF Theory

• Excellent OSPF theory site that includes many animations of OSPF in action.

• Cisco Network Engineer has a general overview of OSPF.

• Roy at Route Leaker has an excellent analysis on understanding the OSPF RID selection process. The CT3 Wiki also has a nice article on the RID selection process.

• After an anxious moment in a job interview, CCIE Pursuit illustrates how the router ID is chosen.

• CCIE To Be shows how an ASBR chooses an IP to use as a forwarding address and shares a few quick OSPF notes. He also has a nice article on OSPF overload protection - the max LSA command.

• Mahajanvivek of CCIE Candidate share with us a few OSPF notes.

• Some facts on OSPF E1 and E2 routes from Ivan of Cisco IOS Hints and Tricks.

• Route My World! takes a detailed look at the OSPF neighbor exchange process.

• Jeremy of Packetlife nicely illustrates the behavior of intra-area OSPF routing. He also asks (and answers) the question of Where are type 4 LSAs generated?. He also has come up with a great OSPF cheatsheet.

• Wendell Odom has some insights on Type 1+2 OSPF LSAs, Type 5 LSAs and Type 5 external type 1 LSAs.

• Routing Bits describes the OSPF convergence process.

• Cisco Network Enginer Caue shares with us his notes on OSPF peering.

• Cisco Learning Blog has a useful list of what LSAs should be seen in different area types.

• Keith makes some good points in this brief OSPF article.

• Jeff Doyle answers his favorite interview question for us: Why does OSPF require all traffic between non-backbone areas to pass through a backbone area (area 0)?.

• Wael of Networkers Online does a very good job of illustrating some OSPF RID facts, gives us a few pointers on OSPF DR/BDR elections, and goes over the OSPF best path selection process.

• CCIE Talk talks about the different OSPF LSA types and also has some general OSPF notes.

• OSPF convergence and OSPF - things to remember from Cisco Bible!.

• Cisco Tips and Tricks takes a look at some OSPF mtu issues.

• Another awesome must-read article from Petr at Internetwork Expert, this one on OSPF performance tuning.

OSPF Configuration

• Ivan has some OSPF best practices for area configuration.

• Mike has an OSPF design example that illustrates some OSPF behavior.

• A video on using the OSPF down bit and domain tag to prevent routing loops from debug all.

• Here's a tutorial from Roy at Route Leaker on configuring OSPF on unnumbered serial links.

• How setting an OSPF interface priority to 0 will influence DR and BDR selection.

• Using the IP OSPF area command to simplify your config from DavidSudjiman.info.

• Routing Bits shows explains and enables the OSPF incremental SPF feature and shows us the OSPF mtu-ignore command.

• Marvin of Internetwork Expert has poses an OSPF challenge and how to solve it using the proper CCIE lab strategy.

• Why the IP OSPF MTU Ignore command is dangerous from Ivan of Cisco IOS Hints and Tricks.

Have something to contribute? See a mistake on this page? Have a hint or a link to share?
The CCIE Study Wiki is open to everyone to edit! All you need to do is to create an account to start contributing.
Please be sure to follow our posting guidelines when editing the wiki.

Maybe you have just have some thoughts or suggestions for this entry?
Use the Discussion link on the top or bottom menu to create or join the CCIE forum post on this topic.
You can also go straight to the CCIE Forums and start a new discussion in the forum of your choice.

If you'd rather just contact us with your thoughts, we'd love to hear what you have to say.