OSPF Fundamentals
An open-standard, link-state, interior gateway protocol. Every router builds an identical map of the network and runs SPF to find the shortest path. Fast convergence, hierarchical scaling via areas.
What class of protocol
| Class | Examples | How it decides |
|---|---|---|
| Distance-vector | RIP, EIGRP | ”What my neighbors tell me” |
| Link-state | OSPF, IS-IS | Each router has the full topology; computes locally |
| Path-vector | BGP | Full AS path + policy |
Link-state means: every router floods descriptions of its own links (LSAs) into the area; every router assembles them into an identical link-state database (LSDB); each one runs Dijkstra’s SPF against it to compute the best next hop to every destination.
The four-stage protocol
- Discover neighbors — Hello packets on every OSPF-enabled interface.
- Form adjacencies — A subset of neighbors become “fully adjacent” and exchange LSDBs.
- Synchronise the LSDB — all adjacent routers end up with the same database.
- Run SPF — compute the shortest-path tree, install routes.
When the topology changes, step 3 repeats (incremental LSA flood) and step 4 runs again. This is why OSPF converges fast: the change propagates, every router recomputes in parallel.
Neighbor states
Each OSPF neighbor relationship progresses through these states:
Down → Init → 2-Way → ExStart → Exchange → Loading → Full
- Down — no hello received yet
- Init — I’ve seen their hello; they haven’t confirmed mine
- 2-Way — bidirectional hello exchange; this is the last state for DR/BDR non-election pairs on broadcast segments
- ExStart — negotiate master/slave for database exchange
- Exchange — send DBD (Database Description) packets
- Loading — request specific LSAs via LSR
- Full — LSDBs synchronised; this is the steady state for every real adjacency
Stuck at 2-Way on a broadcast interface is normal — DROther routers don’t form full adjacencies with each other, only with the DR/BDR.
Hello packet — the core parameters
OSPF hellos carry these fields; all must match between neighbors or the adjacency won’t form:
| Field | Typical value | Why it matters |
|---|---|---|
| Area ID | 0, 1, 10, … | Neighbors must be in the same area |
| Hello interval | 10s (broadcast) / 30s (NBMA) | Timers must match |
| Dead interval | 4× hello | If no hello in this window, neighbor is dead |
| Network mask | Must match on broadcast links | Prevents misconfigured subnets peering |
| Authentication type + key | none / plaintext / MD5 / HMAC-SHA | Must match |
| Stub area flag | — | Stub-area config must match on all routers in the area |
| Router ID | 32-bit, unique | Identifies the router |
Network types (how OSPF sees the link)
| Type | DR election? | Hello/Dead | Example |
|---|---|---|---|
| Broadcast | Yes | 10/40s | Ethernet LAN |
| Point-to-Point | No | 10/40s | Serial link, sub-interface, tunnel |
| Non-Broadcast (NBMA) | Yes, manual neighbors | 30/120s | Frame Relay (legacy) |
| Point-to-Multipoint | No | 30/120s | Hub-and-spoke without broadcast |
| Virtual link | No | — | Transit across non-backbone area |
| Point-to-Multipoint Non-Broadcast | No, manual neighbors | 30/120s | Rare |
The network type is often negotiated from the interface type, but you can override it. Mismatches between ends cause adjacency failures that look baffling in logs.
DR / BDR — why they exist
On a broadcast or NBMA segment, if every router adjacency-flooded to every other router, the LSA traffic would be N×(N−1). OSPF elects a Designated Router (and Backup DR):
- All routers form full adjacency only with the DR and BDR
- LSAs are sent to
224.0.0.6(AllDRouters) — heard by DR/BDR - DR re-floods to
224.0.0.5(AllSPFRouters) — heard by everyone
This reduces the flooding to 2N adjacencies.
Election: highest router priority (0–255, default 1), tiebreaker is highest Router ID. Priority 0 means “never become DR.” Election is non-preemptive — once elected, the DR keeps the role until its adjacencies drop. This is deliberate; it avoids churn when a higher-priority router reboots.
Router ID
A 32-bit number in dotted-quad form. Sources, in order of preference:
- Manually configured
router-id(recommended) - Highest IP on any active loopback
- Highest IP on any active physical interface
Always set it manually. Auto-selection causes surprises when interfaces flap.
Metric — cost
OSPF cost is based on bandwidth:
cost = reference-bandwidth / interface-bandwidth
Default reference bandwidth is 100 Mbps (legacy). On modern networks you must raise this — otherwise a 1 Gbps and 10 Gbps link have the same cost of 1. Raise it to at least 100 Gbps on every router (must be consistent across all OSPF speakers).
The SPF tree sums costs along the path to every destination; lowest total cost wins. Equal-cost paths install as ECMP by default.
Hierarchy — why areas exist
A single flat OSPF domain has:
- Huge LSDB on every router
- SPF runs on every LSDB change (expensive)
- Long convergence times at scale
OSPF splits the domain into areas connected by Area Border Routers (ABRs):
- Each area floods its LSAs only within the area
- ABRs summarise routes between areas (Type 3 LSAs)
- All non-backbone areas must connect to Area 0 (the backbone) — directly or via a virtual link
- External routes enter via an ASBR (Autonomous System Boundary Router) as Type 5 LSAs
See OSPF LSA Types and Areas for the full LSA taxonomy and the stub-area variants.
OSPFv2 vs OSPFv3
| OSPFv2 (RFC 2328) | OSPFv3 (RFC 5340) | |
|---|---|---|
| Address family | IPv4 | IPv6 (and IPv4 via address families) |
| Authentication | Built in | Delegated to IPsec (originally) |
| Runs per | Subnet | Link |
| Router ID | Still 32-bit dotted-quad | Same |
Dual-stack networks typically run OSPFv2 for IPv4 and OSPFv3 for IPv6 in parallel. Address-family OSPFv3 unifies them in newer implementations.
Security
- Neighbor authentication — Always enable. Modern: HMAC-SHA. Legacy: MD5. Plaintext is theatre only.
- GTSM / TTL check (RFC 5082) — reject OSPF hellos with TTL < 255; prevents off-link attackers.
- Passive interfaces — on user-facing access ports, disable OSPF completely (no hellos out). Otherwise an attacker can form an adjacency and inject routes.
- Filter LSAs at ABRs — limit which summary/external routes reach which areas.
Common troubleshooting
- Neighbors stuck in ExStart/Exchange — MTU mismatch on the link. DBD packets fail to negotiate.
- One-way adjacency — hellos in only one direction; check ACLs, firewall, and interface state.
- Suboptimal path — reference-bandwidth not high enough → links saturating at equal cost when they shouldn’t.
- Flapping adjacency — bad physical layer (errors, optics), or hello/dead timer off by a lot.
- “Why is this route missing?” — start from: Is the advertising router ASBR/ABR? Is the LSA in the LSDB? Is it being filtered at an area boundary? Is the area type blocking it (OSPF LSA Types and Areas)?
See also
- OSPF LSA Types and Areas — LSA taxonomy and stub area variants
- OSPF Summarization — aggregating routes at ABRs/ASBRs
- BGP — the EGP counterpart
- Routing