This is the ultimate guide to OSPF version 2 for beginners, especially people studying for CCNA certification, and to some extent this tutorial would benefit a lot CCNP exam takers.
And let me be clear about something:
This is NOT your average OSPF guide blog post that teaches some basic stuff about this dynamic routing protocol and leaves you with dozens of questions in mind.
Yes, I will cover all features of the protocol that are included in the exam.
But you are also going to learn them in depth to the point you master them and never be afraid to answer questions related to OSPFv2.
Upon the completion of this blog post, you will learn how OSPF neighbor adjacencies work.
You will master the SPF algorithm, and you will have the ability to predict the content of Type 1,2,3,4, and 5 LSAs.
I will also teach you how to troubleshoot OSPFv2 neighbor adjacencies and configure OSPFv2 on Cisco routers.
If you are looking to improve your skills regarding Open Shortest Path First version 2, you will love this outstanding guide.
What is OSPF?
Open Shortest Path First (OSPF version 2) is an open standard IPv4 dynamic routing protocol that is used to exchange routing information within a single Autonomous System (AS).
An Autonomous system consists of connected routers managed by one administrative entity and using a particular dynamic routing protocol to share routing information.
Open Shortest Path First is also an Interior Gateway Protocol (IGP) because it is a routing protocol that can be used by a group of routers included in an Autonomous System.
Some Features of OSPF Routing Protocol
The OSPF protocol supports a couple of cool features such as
- CIDR
- Subdividing an Autonomous System into areas
- Load balancing
- Fast convergence
- Multicast updates
- Authentication
- Large networks (significant number of routers)
- Open standard (implemented by different router vendors)
- Loop free routing protocol
- Route summarization
Now, let’s explain some of those features.
Open standard protocol: OSPF is not vendor proprietary, and it is deployed by lots of network device vendors such as Cisco, Juniper, Sophos, HP, Dell, Huawei, MikroTik, and more.
That means you do not have to rely on one vendor’s router gear to implement OSPF.
You can build up your Autonomous System using IP routing devices from different vendors, which gives you a wide range of choices that would help you best suit your budget and network policy.
Subdividing an Autonomous System into areas: OSPF allows network admins to group subnets by area, and this decreases CPU cycle consumption of the SPF algorithm tremendously.
For example, if you create two OSPF areas, the CPU computing time, consumed to calculate the shortest path for every subnet, would be half the needed time in case you put all subnets in one area.
Link-state routing protocol: an OSPF–enabled router manages a database, called LSDB (link-state database), that consists essentially of data related to routers and subnets in the OSPF domain.
Routers in the same area have the same description of the links in that area.
When an OSPF router receives an LSA update, it floods it to all its neighbors in same area as the OSPF update.
Finally, each router in the OSPF domain runs Dijkstra’s SPF algorithm on the LSDB to calculate best path cost and next-hop address corresponding to each destination subnet the Autonomous System.
Optimized routing update traffic: OSPF-enabled routers do not need to exchange routing information periodically and repetitively.
Instead, they communicate LSAs when they build up neighbor relationship, and when there is a change in the network such as adding and deleting a network prefix.
That significantly reduces the number of OSPF packets flooded into the network, and thus the only OSPF messages that are sent between adjacent routers are Hello packets.
High scalability: Unlike the RIP protocol, OSPF operation does not depend on the network size–specifically, the number of routers in the Autonomous System.
As long as your network grows and you add more routers, you can still use OSPF and have full IP reachability for all network devices.
Classless Inter-Domain Routing Support: Classful routing protocols, such as RIPv1, do not exchange subnet mask data in routing updates, while classless routing protocols do, including OSPF version 2.
In fact, OSPF-enabled routers share subnet masks within LSAs advertising subnets, unlike RIPv1, which calculates that information based on the interface’s IP address on which routing update is received.
Equal load balancing: Load balancing occurs when two or more routes to a particular subnet have the same metric. The metric is a value used to determine the best route among routes learned by the same IGP.
When a router performs load balancing for a particular subnet, it sends traffic across the corresponding exit interfaces proportionally to the number of equal paths installed in the routing table.
By default, Cisco can install up to four equal OSPF routes in the routing table. But you can configure that value from 1 to up to 32.
Multicast updates: OSPF packets are sent to the IP multicast address 224.0.0.5 out of broadcast, broadcast point-to-multi-point and Point-to-Point OSPF interfaces.
In this way, OSPF-enabled devices would be the only devices on the network to de-encapsulate such IP traffic and process the content.
If OSPF packets must be sent to unicast or broadcast IP addresses, network engineer would have to configure those unicast addresses manually, which is not a good thing because misconfiguration may happen.
Also, if OSPF packets get forwarded to a broadcast address, non-OSPF devices on the broadcast domain would receive IP packets carrying those OSPF messages, de-encapsulate them, and then ignore the data because there is no application supporting OSPF on those devices.
Authentication: Open Shortest Path First (OSPF) allows authenticating OSPF packets.
That means OSPF routers in a specific Autonomous System have a tool to verify that received OSPF packets are originated from approved routers.
Thus, OSPF messages, such as Hellos, LS requests, and LS updates, get exchanged securely. OSPF authentication is implemented by including a password text/hash in OSPF packets.
Therefore, if a rogue device wants to inject OSPF packets and get them trusted by routers in the AS, those OSPF contents should include the same password or hash, and use the same authentication method (clear text, MD5, or SHA). Otherwise, rogue OSPF traffic gets discarded.
IP Protocol number 89: BGP and RIP routing protocols use TCP and UDP, respectively, to exchange routing updates.
However, as in EIGRP, OSPF routers do not use transport protocols, such as UDP or TCP, to communicate with other OSPF neighbors.
In fact, OSPF uses its own set of packets to exchange routing information while ensuring reliability and fast convergence.
Those OSPF messages are simply encapsulated in IP packets using protocol number 89 for the IP Protocol field.
Finally, to match OSPF traffic, you may use the following ACL:
access-list 100 permit ospf any any
In the next section, I will show you how OSPF routers build up neighbor relationships and calculate the shortest-path tree.
How Does OSPF Work?
In this section, I will start with an overview of how OSPF works, starting from discovering neighbors to building up best routes.
Then I will explain basic terms such as router ID, OSPF adjacency, LSA, LSDB, and more.
Next, I will give more details about OSPF neighbor relationships, OSPF packets, LSDB, LSA creation and flooding, Point-to-Point and Broadcast OSPF network types, OSPF administrative distance, and OSPF metric.
Finally, I will explain Dijkstra’s algorithm from the inside out. For this reason, keep reading until the end.
OSPF Operation
In a RIP autonomous system, routers exchange the best routes in their RIP databases along with their associated metric values.
In this way, when a router receives a RIP update, it adds 1 to the metric attached to each route in order to calculate the new metric values for those routes.
And, the next-hop address is simply the source IP address of the RIP update. The metric used by the RIP routing protocol is hop count, the number of routers to cross in order to reach the destination subnet/network.
You can notice that each router, in a RIP domain, trusts RIP updates received on its interfaces, and chooses the best next-hop router for each destination subnet/network based on the information supplied in RIP routing updates.
Therefore, a RIP-enabled router does not need to have a full view of the network to build up its route database.
A link-state protocol such as OSPF does not behave the same way as RIP routing protocol. Basically, routers, in an OSPF AS, construct full views of the areas they belong to in order to determine the best/shortest path(s) to each subnet/network, and calculate the corresponding next-hop address of each shortest path.
When equal shortest paths exist, the router keeps track of the corresponding next-hop addresses, and perform equal load balancing across them. Therefore, IP packets get sent over those paths with the same amount.
Within each OSPF area,
the OSPF operation goes through three major steps in order to build up best path and set next-hop address for every subnet in the network.
First, every two routers, attached to the same data link (they can send and receive Layer 2 frames from each other), try to discover each other, then agree on certain parameters to become neighbors.
Second, OSPF neighbors that reach the 2-Way neighbor state decide whether they build up an OSPF adjacency; if they agree to form it, then they exchange information in their LSDBs, including data about their shared area, including router IDs, OSPF neighbors, router interface data (IP address, subnet IP address and mask, OSPF network type), and more.
Every router may share network information received from other OSPF neighbors in the current OSPF domain. Finally, information about external subnets (subnets in other autonomous systems) gets sent from one router to another without restrictions.
Third, using the collected routing data, each router builds up a graph for the OSPF AS, and runs the SPF algorithm against that data structure to calculate best routes for all subnets.
The SPF algorithm may get executed every time the router receives a routing information.
Note that a graph is a data structure/format that consists of a set of connected nodes. OSPF uses graphs to model/simulate network topologies.
Some OSPF Key Terms
Now that you have a basic idea on how OSPF is operating within an area, let’s uncover some basic concepts before continuing.
Multi-access network
A network that has over two devices. Each device can send and receive Layer 2 frames from other devices on the network without the need for a Layer 3 machine (a router) to get those frames to their destination. For instance, a VLAN, and computers connected to a hub are examples of multi-access networks.
Broadcast multi-access network
A multi-access network that supports Layer 2 broadcasts. That means a device can send a frame to a particular Layer 2 address (FFFF.FFFF.FFFF for Ethernet networks) to get it reaches all hosts on the broadcast network.
Non-broadcast multi-access network
A multi-access network that does not support Layer 2 broadcast frames such as Frame Relay.
OSPF domain
A set of routers managed by the same authority and sharing routing updates using a particular dynamic routing protocol, i.e., an autonomous system.
OSPF Area
A contiguous group of routers and subnets within an OSPF domain. Also, a router may belong to one or more areas, while each interface in each router may be attached to one area.
Router ID
A 32-bit number that is attached to an OSPF process instance installed on a router. The router ID should be unique only per area, not across the Autonomous System as network data of OSPF areas are separated from each other.
However, it is a bad idea to assign the same router ID to two different routers even if they are placed in different areas as that would make troubleshooting more difficult.
Neighboring Router
An OSPF-enabled router detected by the current router on one of its attached networks. It means both routers discovered each other, or at least one of them did. However, that does not mean they can exchange OSPF routing updates and reach the Full neighbor state.
Also, when a link supports Layer 2 broadcasts, routers can dynamically discover each other via OSPF Hello packets. Otherwise, the network engineer should configure them manually, using the neighbor command, to form an OSPF neighbor relationship.
Hello Packets
A type of OSPF packets sent over the network by OSPF-enabled routers to create and manage neighbor adjacencies. Hellos may be sent to the multicast IP address 224.0.0.5, or directly to unicast IP addresses if the candidate OSPF neighbors got configured manually.
Link State Advertisement (LSA)
Data format used to describe network data links, neighbors, subnets, and external subnets. You can draw the entire map of an OSPF area using the data in router and network LSAs installed on one of the area’s routers. Besides, LSAs help routers determine the shortest path to each subnet.
A link state advertisement includes the following fields:
LS age (in seconds): By default, the router set it to 0 when it originates the LSA. It is incremented by 1 every second to reflect how much time elapsed since the creation of the LSA.
Link State ID: specifies the ID of the network object the LSA is describing. It would be either a router ID or an IP address. The content of that field depends on the type of the LSA. The table below describes that field for each LSA type.
LSA Type | Link State ID’s Content |
1 | Router ID of the router that originated the LSA |
2 | IP address of the Designated Router |
3 | IP address of a subnet inside the current OSPF AS |
4 | Router ID of an AS Boundary Router |
5 | IP address of a subnet outside the current OSPF AS |
Sequence Number: a 32-bit integer value used to detect new and old LSAs. The greater the number the newer the LSA.
Advertising router: router ID of the router that created the LSA.
LSA Type: determines the structure (set of data fields) and purpose of the LSA.
Checksum: calculated using the content of the LSA, except the age field. It is used to guarantee LSA data integrity.
Network Description: has two values: stub network or transit network. The LSA describes the link as a stub network when there is no DR election, such as Point-to-Point and Point-to-Multi-point links. Otherwise, the link is considered Transit network if a Designated Router gets elected.
Subnet’s IP Address: IP address of the link’s subnet.
Subnet Mask: subnet mask of the link’s subnet.
Metric: cost of the link.
Link State Advertisement Database (LSDB)
The collection of LSAs, including self-originated ones by the current router and received LSAs from adjacent neighbors, form the Link State Database of the router.
That database may not be the same on every router in the OSPF domain. However, routers in the same area have the same identical set of LSAs corresponding to that area.
LSA Flooding
A procedure that occurs when a router receives an LS update, an IP packet that contains one or several LSAs from an OSPF adjacent neighbor.
Here, the router sends each LSA in the update to all eligible adjacent neighbors, except the sender.
Note that a router may receive self-originated LSAs.
Moreover, Type 1, 2, 3, and 4 LSAs get flooded within their associated area only, while Type 5 LSAs get flooded throughout the entire OSPF domain.
OSPF Neighbor Relationship
Relationship between two routers that do not reach the ExStart neighbor state.
OSPF Neighbor Adjacency
Starting from and beyond the moment where two routers decide to choose the master, their neighbor relationship is called OSPF neighbor adjacency or OSPF adjacency.
Full OSPF Neighbor Adjacency
A neighbor adjacency that reaches the Full state. In the Full state, the neighbors finish synchronizing their LSDBs.
Forming OSPF adjacency
When an OSPF-enabled router gets discovered on a specific interface and area, and Hellos sourced from that device have been received, it gets initially placed in the DOWN state, then goes through one or many OSPF states.
If it reaches the Full state, it is called full OSPF neighbor adjacent.
For two routers, in the same OSPF domain and connected to the same data link, to create an OSPF neighbor adjacency in a specific area, they should have unique router IDs, and their interfaces on both sides of the data link must fulfill the following requirements:
- Communication is bidirectional (they can send and receive data from each other)
- Belong to the same subnet
- Have the same MTU
- Configured under the same area
- Have the same Hello and Dead timers
- Use the same authentication method and password
- Hello packets sent out both interfaces include the same Stub flag
- Have identical or compatible OSPF network types
If one of these requirements is not met, the routers may recognize each other and become neighbors but not fully adjacent, which means they won’t exchange LSAs nor reach the Full OSPF state.
If different OSPF network types are configured on both interfaces connecting two OSPF neighbors, both routers may reach the Full state. However, routes learned from LSAs received from each neighbor might not get installed in the routing table.
In the rest of this section, we will use the network topology in Figure 1, and the devices will be configured based on the following table.
Figure 1 – Network diagram of an OSPF domain linked to a RIPv2 AS
Briefly, OSPF and RIPv2 have been configured according to the network diagram. Also, RIPv2 routes have been injected into the OSPF AS using the redistribute command on router R4. Likewise, OSPF routes have been redistributed into the RIPv2 domain.
Router | Router ID | Interface | IP address/Subnet Mask | Routing Protocol |
R1 | 1.1.1.1 | F0/0 | 10.0.0.1/24 | OSPF Area 0 |
S1/0 | 10.0.12.1/24 | OSPF Area 12 | ||
F0/1 | 10.0.13.1/24 | OSPF Area 13 | ||
S1/1 | 10.0.16.1/24 | OSPF Area 16 | ||
R2 | 2.2.2.2 | F0/0 | 10.0.0.2/24 | OSPF Area 0 |
F0/1 | 10.0.2.2/24 | OSPF Area 12 | ||
S1/0 | 10.0.12.2/24 | OSPF Area 12 | ||
R3 | 3.3.3.3 | F0/0 | 10.0.0.3/24 | OSPF Area 0 |
F0/1 | 10.0.13.3/24 | OSPF Area 13 | ||
Loopback0 | 10.0.3.3/24 | OSPF Area 3 | ||
R4 | 4.4.4.4 | F0/0 | 10.0.0.4/24 | OSPF Area 0 and RIPv2 |
F0/1 | 10.0.45.4/24 | RIPv2 | ||
R5 | None | F0/1 | 10.0.45.5/24 | RIPv2 |
Loopback0 | 10.0.5.5/24 | RIPv2 | ||
R6 | 6.6.6.6 | S1/1 | 10.0.16.6/24 | OSPF Area 16 |
PC1 | None | E0 | 10.0.2.10/24 | Default Gateway:10.0.2.2 |
Here are the router configurations.
-
Router R1
-
Router R2
-
Router R3
-
Router R4
-
Router R5
-
Router R6
hostname R1
router ospf 1
router-id 1.1.1.1
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
ip ospf 1 area 0
no shut
interface FastEthernet0/1
ip address 10.0.13.1 255.255.255.0
ip ospf 1 area 13
no shutdown
interface Serial1/0
ip address 10.0.12.1 255.255.255.0
ip ospf 1 area 12
no shut
interface Serial1/1
ip address 10.0.16.1 255.255.255.0
ip ospf 1 area 16
no shutdown
hostname R2
router ospf 1
router-id 2.2.2.2
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.0
ip ospf 1 area 0
no shut
interface FastEthernet0/1
ip address 10.0.2.2 255.255.255.0
ip ospf 1 area 12
no shut
interface Serial1/0
ip address 10.0.12.2 255.255.255.0
ip ospf 1 area 12
no shut
hostname R3
router ospf 1
router-id 3.3.3.3
interface FastEthernet0/0
ip address 10.0.0.3 255.255.255.0
ip ospf 1 area 0
no shut
interface FastEthernet0/1
ip address 10.0.13.3 255.255.255.0
ip ospf 1 area 13
no shut
interface loopback0
ip address 10.0.3.3 255.255.255.0
ip ospf 1 area 3
hostname R4
router rip
version 2
network 10.0.0.0
no auto-summary
redistribute ospf 1 metric 1
router ospf 1
router-id 4.4.4.4
redistribute rip subnets
interface FastEthernet0/0
ip address 10.0.0.4 255.255.255.0
ip ospf 1 area 0
no shut
interface FastEthernet0/1
ip address 10.0.45.4 255.255.255.0
no shutdown
hostname R5
interface FastEthernet0/1
ip address 10.0.45.5 255.255.255.0
no shut
interface loopback0
ip address 10.0.5.5 255.255.255.0
router rip
version 2
network 10.0.0.0
no auto-summary
hostname R6
router ospf 1
router-id 6.6.6.6
interface serial 1/1
ip address 10.0.16.6 255.255.255.0
ip ospf 1 area 16
no shutdown
Before OSPF routers can start sharing LSAs and generate the SPF tree, they must discover neighbors through the Hello protocol.
However, it is not assured that all OSPF neighbors that a particular router receives Hellos from become OSPF adjacent neighbors with it.
First, OSPF neighbors, connected over a specific data link, discover each other, and make sure they have bidirectional communication through OSPF Hellos; thus, reaching the 2-way state.
If the data link is a broadcast or NBMA network, then routers choose a Designated Router and Backup Designated Router.
Second, OSPF neighbors, which get to the 2-way state, decide to synchronize their LSDBs and become adjacent. Two OSPF neighbors choose to become adjacent if they are connected through a Point-to-Point/Multipoint network, or one of them is a Designated or Backup Designated Router.
Finally, each OSPF router set the state of neighbors, with whom the router finishes LSA sharing, to Full. That means that OSPF relationship with those neighbors become a full OSPF adjacency, a full neighbor relationship.
Building up full OSPF neighbor relationships on Point-to-Point and Point-to-Multipoint Networks
On Point-to-Point and Point-to-Multipoint data links, two routers A and B follow these steps to build up an OSPF neighbor adjacency:
Step 1. Discover each other via Hello messages.
Step 2. Ensure that they are performing bidirectional communication; that means they receive Hello messages from each other. They can achieve this by including the neighbor Router ID in Hello packets next to its discovery.
Step 3. Decide to become adjacent and select the master and initial value of the DD sequence number (used to arrange DBD packets).
Step 4. Exchange their LSA databases using Database Description packets. Each OSPF neighbor sends a sequence of DBD packets to the other router.
Step 5. Each router requests necessary LSAs to update its LSDB.
Step 6. Once the LSDBs of both routers have been synchronized, each neighbor is declared fully adjacent and reaches the Full OSPF neighbor state.
Step 7. Keep track of neighbor adjacencies through Hello messages.
Next, I will explain how routers R1 and R6 follow these steps by analyzing a capture of OSPF traffic exchanged between those routers (Figure 2).
Figure 2 – Capturing OSPF traffic between routers R1 and R6
The first Hello packets sent by routers R1 and R6 do not include the router ID of the neighbor on the other side of the data link.
Exhibits 1 and 2 illustrate that these hello packets do not include a line including the string “Active Neighbor”.
Open Shortest Path First OSPF Header Version: 2 Message Type: Hello Packet (1) Packet Length: 44 Source OSPF Router: 1.1.1.1 Area ID: 0.0.0.16 Checksum: 0xea8c [correct] Auth Type: Null (0) Auth Data (none): 0000000000000000 OSPF Hello Packet Network Mask: 255.255.255.0 Hello Interval [sec]: 10 Options: 0x12, (L) LLS Data block, (E) External Routing Router Priority: 1 Router Dead Interval [sec]: 40 Designated Router: 0.0.0.0 Backup Designated Router: 0.0.0.0
Exhibit 1 – First Hello packet sent by R1
Open Shortest Path First
OSPF Header
Version: 2
Message Type: Hello Packet (1)
Packet Length: 44
Source OSPF Router: 6.6.6.6
Area ID: 0.0.0.16
Checksum: 0xe082 [correct]
Auth Type: Null (0)
Auth Data (none): 0000000000000000
OSPF Hello Packet
Network Mask: 255.255.255.0
Hello Interval [sec]: 10
Options: 0x12, (L) LLS Data block, (E) External Routing
Router Priority: 1
Router Dead Interval [sec]: 40
Designated Router: 0.0.0.0
Backup Designated Router: 0.0.0.0
Exhibit 2 – First Hello packet sent by R6
Once each router receives a Hello packet from its neighbor, it will insert the router ID of the sender in the next Hello messages forwarded over the interface connecting to that neighbor, as shown in Exhibits 3 and 4.
Open Shortest Path First OSPF Header Version: 2 Message Type: Hello Packet (1) Packet Length: 48 Source OSPF Router: 1.1.1.1 Area ID: 0.0.0.16 Checksum: 0xde7c [correct] Auth Type: Null (0) Auth Data (none): 0000000000000000 OSPF Hello Packet Network Mask: 255.255.255.0 Hello Interval [sec]: 10 Options: 0x12, (L) LLS Data block, (E) External Routing Router Priority: 1 Router Dead Interval [sec]: 40 Designated Router: 0.0.0.0 Backup Designated Router: 0.0.0.0 Active Neighbor: 6.6.6.6
Exhibit 3 – Hello packet sent by R1
Open Shortest Path First OSPF Header Version: 2 Message Type: Hello Packet (1) Packet Length: 48 Source OSPF Router: 6.6.6.6 Area ID: 0.0.0.16 Checksum: 0xde7c [correct] Auth Type: Null (0) Auth Data (none): 0000000000000000 OSPF Hello Packet Network Mask: 255.255.255.0 Hello Interval [sec]: 10 Options: 0x12, (L) LLS Data block, (E) External Routing Router Priority: 1 Router Dead Interval [sec]: 40 Designated Router: 0.0.0.0 Backup Designated Router: 0.0.0.0 Active Neighbor: 1.1.1.1
Exhibit 4 – Hello packet sent by R6
As illustrated in Figure 2, the routers exchange Database Description packets to synchronize their LSA databases once they get into the 2-WAY neighbor state.
Each router sends a couple of DBD packets to give its neighbor a view of its LSDB’s content.
The neighbor checks received data in those packets to request LSAs that are more recent or LSAs that do not exist in its local database.
After, the DBD process finishes, the routers share eligible LSAs through LS updates. Each update gets confirmed using an LS acknowledgement packet.
But what happens on broadcast and NBMA networks? How do routers build up OSPF adjacencies in this case?
Building up full OSPF neighbor relationships on broadcast and NBMA Networks
On a broadcast or NBMA data link, OSPF neighbor relationships go through these steps:
Step 1. Routers elect a Designated Router and Backup Designated Router. Besides, the neighbor relationships between all the routers reach the 2-WAY state.
Step 2. The Designated Router decides to build up OSPF adjacencies with all neighbor routers using a similar process to steps 3 to 7, in the previous section.
Besides, the DR is responsible to generate the network LSA of the broadcast/NBMA data link.
Likewise, the Backup Designated Router decides to form full neighbor relationships with all OSPF neighbors using the DR’s procedure. Also, the BDR takes over as the DR if the current DR goes down.
Finally, note that OSPF neighbor relationships between DROther routers get stuck at the 2-WAY neighbor state.
OSPF Neighbor States
As shown in Exhibits 5 and 6, OSPF neighbors R1 and R6 went through the OSPF states: DOWN, INIT, 2WAY, EXSTART, EXCHANGE, and LOADING, before they reached the FULL state, and thus forming a full OSPF adjacency, a full OSPF neighbor relationship.
R1# show ip ospf events neighbor | include 6.6.6.6 151 *Apr 24 02:58:32.447: Neighbor 6.6.6.6, Interface Serial1/1 state changes from LOADING to FULL 155 *Apr 24 02:58:32.423: Neighbor 6.6.6.6, Interface Serial1/1 state changes from EXCHANGE to LOADING 156 *Apr 24 02:58:32.331: Neighbor 6.6.6.6, Interface Serial1/1 state changes from EXSTART to EXCHANGE 157 *Apr 24 02:58:32.287: Neighbor 6.6.6.6, Interface Serial1/1 state changes from 2WAY to EXSTART 159 *Apr 24 02:58:32.287: Neighbor 6.6.6.6, Interface Serial1/1 state changes from INIT to 2WAY 160 *Apr 24 02:58:32.287: Neighbor 6.6.6.6, Interface Serial1/1 state changes from DOWN to INIT
Exhibit 5 – R6’s OSPF neighbor states
R6# show ip ospf events neighbor 51 *Apr 24 02:58:32.707: Neighbor 1.1.1.1, Interface Serial1/1 state changes from LOADING to FULL 52 *Apr 24 02:58:32.707: Neighbor 1.1.1.1, Interface Serial1/1 state changes from EXCHANGE to LOADING 53 *Apr 24 02:58:32.603: Neighbor 1.1.1.1, Interface Serial1/1 state changes from EXSTART to EXCHANGE 54 *Apr 24 02:58:32.563: Neighbor 1.1.1.1, Interface Serial1/1 state changes from 2WAY to EXSTART 56 *Apr 24 02:58:32.563: Neighbor 1.1.1.1, Interface Serial1/1 state changes from INIT to 2WAY 57 *Apr 24 02:58:32.527: Neighbor 1.1.1.1, Interface Serial1/1 state changes from DOWN to INIT
Exhibit 6 – R1’s OSPF neighbor states
Now, let’s explain those OSPF neighbor states.
Down: It is the initial state of any discovered OSPF neighbor whether hello packets were received from it or not.
If no hellos were detected from an existing OSPF adjacent neighbor within the Dead interval, the neighbor will be placed in the DOWN state and removed from the neighbor table. Note that routers may send Hello packets to OSPF routers that are considered DOWN.
Attempt: On Non-Broadcast Multi-access (NBMA) networks, a router A places a manually configured neighbor B in that state right after it is initially put in the DOWN state. It means router A is sending Hellos to neighbor B, and no hello packet has been received from router B.
Init: When router A receives from router B a hello packet that does not include router A’s router ID, router A places OSPF neighbor B in the Init neighbor state.
2-Way: Router A puts router B in that state if router B’s neighbor state is Init, and router A has received a Hello packet that includes its router ID from router B. That state means routers A and B can send and receive Hello messages from each other—the communication between these two routers is bi-directional.
On Point-to-Point or Point-to-Multipoint links, the router forms OSPF adjacency with all OSPF neighbors on that link.
On broadcast media and non-broadcast multi-access networks, DROther routers do not build OSPF adjacencies with each other, and get stuck at the 2-Way state. However, they form full OSPF neighbor relationship with the DR and BDR.
Exstart: In this state, two routers, that reach the 2-Way state and one of them is not a DROther, decide which one should be the master in order to start sending DBD packets.
Exchange: In the Exchange state, OSPF routers send database descriptor (DBD) packets, which include LSA headers only, in order to reveal their entire LSDBs to each other. Moreover, LS requests may get sent, in this state, to get more recent LSAs.
Loading: In the Loading state, LS requests and LS updates get sent to ask for and share particular LSAs depending on the content of the DBD packets. Also, all LS update packets get acknowledged.
Full: In this state, LSDBs are fully synchronized, and OSPF neighbors get inserted in router and network LSAs. And OSPF neighbors are fully adjacent with each other.
OSPF Network Types
OSPF behaves differently based on the OSPF network type that is configured on the interface.
Each OSPF network type requires specific destination IP address’s type (unicast or multicast) for Hello packets, and whether the router will try to build neighbor relationships with only one or many OSPF neighbors on the data link attached to the interface.
On broadcast and NBMA network only, DR and BDR elections should occur.
In this section, I will explain the following OSPF network types:
Point-to-Point
When the interface’s network type is set to Point-to-Point, the router is allowed to build up at most one OSPF neighbor adjacency, and Hello packets get sent to the multicast IP address 224.0.0.5.
Finally, this network type is enabled by default on PPP and HDLC interfaces.
Point-to-Multipoint
Using this OSPF network type, the router can form one or more OSPF neighbor adjacencies over the underlying data link.
Besides, Hello messages are sent to the multicast IP address 224.0.0.5 if Layer 2 broadcast frames are allowed; otherwise, Hellos get sent to the IP address of each manually configured OSPF neighbor.
Finally, note that DR and BDR elections are not required.
Broadcast
On broadcast networks, routers elect Designated and Backup Designated Routers. The router with highest OSPF priority becomes the DR.
If multiple routers have the same highest priority, the router with the highest OSPF router ID get selected as the DR. Likewise, the BDR gets elected among the remaining devices (non-DR routers) using the same logic.
When you enable OSPF on a working interface that is connected to a broadcast data link, the router waits to see if a DR exists on the network.
The router accepts the Designated Router, without further checks, if it exists.
Otherwise, the routers on the network perform the DR and BDR elections using Hello packets, as described before.
In a broadcast/non-broadcast data link consisting of N routers, we have N-2 DROthers and each DROther forms 2 OSPF adjacencies —one with the DR and another with the BDR.
Adding to that the neighbor adjacency between the DR and BDR, then the network has 2 x (N-2) + 1 full OSPF neighbor adjacencies.
Now, imagine that routers on a broadcast/non-broadcast data link do not want to elect a DR. In this case, each router must form OSPF neighbor adjacencies with all neighbors. And the total of those adjacencies is N x (N-1) / 2, where N is the router count on the data link.
If N=10, the DR concept will reduce the OSPF adjacency count from 45 to 17, which decreases the amount of OSPF traffic on the network, especially DBD packets, LS updates and acknowledgements.
On a broadcast network, the DR and BDR are the only OSPF neighbors forming OSPF adjacencies with all the routers on the network.
In addition, neighbor relationships between DROther routers (non-DR/BDR routers) get stuck at the 2-way state (Exhibits 7, 8, 9 and 10).
R1# show ip ospf interface fastEthernet 0/0 FastEthernet0/0 is up, line protocol is up Internet Address 10.0.0.1/24, Area 0, Attached via Interface Enable Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1 Topology-MTID Cost Disabled Shutdown Topology Name 0 1 no no Base Enabled by interface config, including secondary ip addresses Transmit Delay is 1 sec, State DROTHER, Priority 1 Designated Router (ID) 4.4.4.4, Interface address 10.0.0.4 Backup Designated router (ID) 3.3.3.3, Interface address 10.0.0.3 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:02 Supports Link-local Signaling (LLS) Cisco NSF helper support enabled IETF NSF helper support enabled Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0, maximum is 1 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 3, Adjacent neighbor count is 2 Adjacent with neighbor 3.3.3.3 (Backup Designated Router) Adjacent with neighbor 4.4.4.4 (Designated Router) Suppress hello for 0 neighbor(s)
Exhibit 7 – Display OSPF data of R1’s F0/0 interface
R1# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 2.2.2.2 1 2WAY/DROTHER 00:00:34 10.0.0.2 FastEthernet0/0 3.3.3.3 1 FULL/BDR 00:00:30 10.0.0.3 FastEthernet0/0 4.4.4.4 1 FULL/DR 00:00:35 10.0.0.4 FastEthernet0/0 2.2.2.2 0 FULL/ - 00:00:34 10.0.12.2 Serial1/0 3.3.3.3 1 FULL/DR 00:00:39 10.0.13.3 FastEthernet0/1
Exhibit 8 – Router R1’s OSPF neighbors
R2# show ip ospf interface fastEthernet 0/0 FastEthernet0/0 is up, line protocol is up Internet Address 10.0.0.2/24, Area 0, Attached via Interface Enable Process ID 1, Router ID 2.2.2.2, Network Type BROADCAST, Cost: 1 Topology-MTID Cost Disabled Shutdown Topology Name 0 1 no no Base Enabled by interface config, including secondary ip addresses Transmit Delay is 1 sec, State DROTHER, Priority 1 Designated Router (ID) 4.4.4.4, Interface address 10.0.0.4 Backup Designated router (ID) 3.3.3.3, Interface address 10.0.0.3 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:04 Supports Link-local Signaling (LLS) Cisco NSF helper support enabled IETF NSF helper support enabled Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0, maximum is 1 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 3, Adjacent neighbor count is 2 Adjacent with neighbor 3.3.3.3 (Backup Designated Router) Adjacent with neighbor 4.4.4.4 (Designated Router) Suppress hello for 0 neighbor(s)
Exhibit 9 – Display OSPF data of R2’s F0/0 interface
R2# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 1.1.1.1 1 2WAY/DROTHER 00:00:34 10.0.0.1 FastEthernet0/0 3.3.3.3 1 FULL/BDR 00:00:39 10.0.0.3 FastEthernet0/0 4.4.4.4 1 FULL/DR 00:00:38 10.0.0.4 FastEthernet0/0 1.1.1.1 0 FULL/ - 00:00:30 10.0.12.1 Serial1/0
Exhibit 10 – Router R2’s OSPF neighbors
According to Exhibit 11, the BDR is router R3 (with router ID 3.3.3.3), and the role of routers R1 and R2 is DROther. The DR is router R4 because none of its neighbors on the subnet 10.0.0.0/24 is a Designated Router.
Finally, note that all router interfaces, attached to the subnet 10.0.0.0/24, have the same priority value equal to 1 (check the second field in the output of the show ip ospf neighbor command).
R4# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 1.1.1.1 1 FULL/DROTHER 00:00:34 10.0.0.1 FastEthernet0/0 2.2.2.2 1 FULL/DROTHER 00:00:38 10.0.0.2 FastEthernet0/0 3.3.3.3 1 FULL/BDR 00:00:37 10.0.0.3 FastEthernet0/0
Exhibit 11 – Router R4’s OSPF neighbors
Non broadcast multiaccess (NBMA)
On a non-broadcast network, routers are required to choose a DR and BDR using unicast Hello packets since Layer 2 broadcast capability is not available. The routers use the same DR/BDR election logic as on broadcast networks.
LSA Types
A link statement advertisement (LSA) is a data format used by routers, in an OSPF AS, to describe interfaces, OSPF adjacent neighbors, subnets, and ASBRs.
Routers within an OSPF domain use LSAs to build up the graph of the network in order to produce the SPF tree.
Each router in the Autonomous System creates one or more LSAs based on its configuration and share them with its adjacent neighbors. The router also floods the most recent version of any received LSA to its adjacent neighbors, except the sender and including the router that originated the LSA if it is not the sender.
Each LSA type is processed in a specific manner, and the complete set of created and received LSAs establishes the router’s link state database (LSDB). Cisco is implementing eight LSA types on their routers, while OSPFv2’s RFC 2328 defines only five types, which are:
LSA Type 1 (Router LSA)
Each router in the OSPF domain generates one Router LSA per area. That type of LSAs describes all router interfaces that belong to a specific OSPF area, and includes the IP address, subnet IP address subnet mask, and cost of the interface.
If the interface is connected to a multi-access data link (broadcast or non-broadcast) and a DR exists, the link is considered transit network and the DR’s IP address is included in the LSA.
Otherwise, the link is described as a stub network, and the router adds an entry containing the IP address of the adjacent OSPF router if the current router has one.
A router LSA includes these fields: LS age, LS Type, Link State ID, Advertising Router, LS Seq Number, Checksum, Length, and Number of Links.
If the router belongs to more than one area, including the backbone are, the LSA will have a line showing that the router is an Area Border Router.
The content of Type 1 LSA’s entries get generated based on the OSPF network type of the interface that the LSA is describing.
Point-to-Point Link
When it comes to a Point-to-Point interface, OSPF generates two entries. The first one describes the interface and includes lines similar to Exhibit 12.
Link connected to: a Stub Network (Link ID) Network/subnet number: 10.0.12.0 (Link Data) Network Mask: 255.255.255.0 Number of MTID metrics: 0 TOS 0 Metrics: 64
Exhibit 12 – Entry of stub network in a router LSA
The second entry describes the OSPF neighbor on that link if one exists, and supplies the information in Exhibit 13.
Link connected to: another Router (point-to-point) (Link ID) Neighboring Router ID: 2.2.2.2 (Link Data) Router Interface address: 10.0.12.1 Number of MTID metrics: 0 TOS 0 Metrics: 64
Exhibit 13 – Entry of a router LSA describing a full OSPF adjacency
Point-to-Multipoint Link
In this OSPF network type, the router produces one entry for each full OSPF adjacent neighbor, and one entry for the underlying interface. Those entries contain the same data fields as with a Point-to-Point data-link.
Broadcast and Non-Broadcast Links
Basically, the router produces one entry for each broadcast/non-broadcast interface. If a DR got elected, the router marks the link as a transit network, and it specifies the IP address and cost of the interface, and the DR’s IP address (Exhibit 14).
Link connected to: a Transit Network (Link ID) Designated Router address: 10.0.0.4 (Link Data) Router Interface address: 10.0.0.2 Number of MTID metrics: 0 TOS 0 Metrics: 1
Exhibit 14 – Entry of a router LSA describing a broadcast link
If no DR got selected, the router marks the interface as a stub network, and includes its cost, subnet IP address and subnet mask, as shown in Exhibit 15.
Link connected to: a Stub Network (Link ID) Network/subnet number: 10.0.2.0 (Link Data) Network Mask: 255.255.255.0 Number of MTID metrics: 0 TOS 0 Metrics: 1
Exhibit 15 – Entry in a router LSA describing a broadcast link on which no DR exists
Finally, the router generates one Type 1 LSA for each area separately (Exhibit 16).
And each router LSA gets flooded inside its corresponding area, which means when a router receives a Type 1 LSA, it forwards it to all its neighbors in the LSA’s area, except the sender.
R2# show ip ospf database router self-originate OSPF Router with ID (2.2.2.2) (Process ID 1) Router Link States (Area 0) LS age: 58 Options: (No TOS-capability, DC) LS Type: Router Links Link State ID: 2.2.2.2 Advertising Router: 2.2.2.2 LS Seq Number: 80000003 Checksum: 0x4BBA Length: 36 Area Border Router Number of Links: 1 Link connected to: a Transit Network (Link ID) Designated Router address: 10.0.0.4 (Link Data) Router Interface address: 10.0.0.2 Number of MTID metrics: 0 TOS 0 Metrics: 1 Router Link States (Area 12) LS age: 24 Options: (No TOS-capability, DC) LS Type: Router Links Link State ID: 2.2.2.2 Advertising Router: 2.2.2.2 LS Seq Number: 80000003 Checksum: 0xE859 Length: 60 Area Border Router Number of Links: 3 Link connected to: another Router (point-to-point) (Link ID) Neighboring Router ID: 1.1.1.1 (Link Data) Router Interface address: 10.0.12.2 Number of MTID metrics: 0 TOS 0 Metrics: 64 Link connected to: a Stub Network (Link ID) Network/subnet number: 10.0.12.0 (Link Data) Network Mask: 255.255.255.0 Number of MTID metrics: 0 TOS 0 Metrics: 64 Link connected to: a Stub Network (Link ID) Network/subnet number: 10.0.2.0 (Link Data) Network Mask: 255.255.255.0 Number of MTID metrics: 0 TOS 0 Metrics: 1
Exhibit 16 – Displaying router LSAs originated by router R2
Loopback interfaces
By default, OSPFv2 advertises a loopback interface using its IP address and the /32 subnet mask (Exhibit 17), regardless of its IP configuration. To change this behavior, set the network type of the interface to Point-to-Point, which the only allowed choice.
In fact, router R3 is describing its loopback 0 interface as an isolated host using the subnet IP address and mask 10.0.3.3 and /32 (Exhibit 17).
R3# show ip ospf database router self-originate OSPF Router with ID (3.3.3.3) (Process ID 1) Router Link States (Area 0) LS age: 1120 Options: (No TOS-capability, DC) LS Type: Router Links Link State ID: 3.3.3.3 Advertising Router: 3.3.3.3 LS Seq Number: 80000006 Checksum: 0x7F2 Length: 36 Area Border Router Number of Links: 1 Link connected to: a Transit Network (Link ID) Designated Router address: 10.0.0.4 (Link Data) Router Interface address: 10.0.0.3 Number of MTID metrics: 0 TOS 0 Metrics: 1 Router Link States (Area 3) LS age: 1120 Options: (No TOS-capability, DC) LS Type: Router Links Link State ID: 3.3.3.3 Advertising Router: 3.3.3.3 LS Seq Number: 80000006 Checksum: 0x8E75 Length: 36 Area Border Router Number of Links: 1 Link connected to: a Stub Network (Link ID) Network/subnet number: 10.0.3.3 (Link Data) Network Mask: 255.255.255.255 Number of MTID metrics: 0 TOS 0 Metrics: 1 Router Link States (Area 13) LS age: 1120 Options: (No TOS-capability, DC) LS Type: Router Links Link State ID: 3.3.3.3 Advertising Router: 3.3.3.3 LS Seq Number: 80000007 Checksum: 0x1AC5 Length: 36 Area Border Router Number of Links: 1 Link connected to: a Transit Network (Link ID) Designated Router address: 10.0.13.3 (Link Data) Router Interface address: 10.0.13.3 Number of MTID metrics: 0 TOS 0 Metrics: 1
Exhibit 17 – Type 1 LSAs created by router R3
LSA Type 2 (Network LSA)
This LSA type is generated by the Designated Router only in order to describe a broadcast or NBMA data link.
It includes the IP address and subnet mask of the DR, which helps to calculate the IP address of the corresponding subnet by ANDing those two fields.
Also, this LSA lists all OSPF neighbors connected to the current multi-access network (Exhibit 18).
Finally, a Type 2 LSA gets flooded within its corresponding area like Type 1, 3, and 4 LSAs.
R4#show ip ospf database network 10.0.0.4 OSPF Router with ID (4.4.4.4) (Process ID 1) Net Link States (Area 0) Routing Bit Set on this LSA in topology Base with MTID 0 LS age: 1179 Options: (No TOS-capability, DC) LS Type: Network Links Link State ID: 10.0.0.4 (address of Designated Router) Advertising Router: 4.4.4.4 LS Seq Number: 80000003 Checksum: 0xBE2B Length: 40 Network Mask: /24 Attached Router: 4.4.4.4 Attached Router: 1.1.1.1 Attached Router: 2.2.2.2 Attached Router: 3.3.3.3
Exhibit 18 – Network LSA describing the subnet 10.0.0.0/24
LSA Type 3 (Summary LSA)
First, remember that an ABR (Area Border Router) is a router that belongs to more than one OSPF area, including the backbone area (area 0).
Basically, area border routers do not flood one area’s router and network LSAs into another.
However, every ABR in the network is responsible to share all intra-area and inter-area routes in its routing table using Type 3 LSAs according to these two rules:
Rule #1: for each intra-area route that is not in OSPF area 0, the router creates one Type 3 LSA, and then advertises it into the backbone area.
Remember that an intra-area route is a route that corresponds to a subnet in an OSPF area that the current router is attached to.
For example, router R1 belongs to areas 0, 12, 13, and 16, as illustrated in the following table.
Area | Subnets | R1 is attached to the area? |
0 | 10.0.0.0/24 | Yes |
3 | 10.0.3.3/32 | No |
12 | 10.0.2.0/24 | Yes |
10.0.12.0/24 | ||
13 | 10.0.13.0/24 | Yes |
16 | 10.0.16.0/24 | Yes |
The routes to subnets 10.0.0.0/24, 10.0.2.0/24, 10.0.12.0/24, 10.0.13.0/24, and 10.0.16.0/24 are intra-area routes on router R1 because they correspondent to OSPF areas that include router R1’s interfaces.
But, the route to the subnet 10.0.3.3/24, located in area 3, appears as inter-area route in R1’s routing table because R1 does not have an interface in that subnet’s area (Exhibit 19). Therefore, that subnet won’t get advertised into area 0 using a summary LSA.
R1# show ip route ospf 10.0.0.0/8 is variably subnetted, 12 subnets, 2 masks O 10.0.2.0/24 [110/65] via 10.0.12.2, 02:12:48, Serial1/0 O IA 10.0.3.3/32 [110/2] via 10.0.0.3, 02:12:48, FastEthernet0/0 O E2 10.0.5.0/24 [110/20] via 10.0.0.4, 02:12:48, FastEthernet0/0 O E2 10.0.45.0/24 [110/20] via 10.0.0.4, 02:12:48, FastEthernet0/0
Exhibit 19 – Displaying learned OSPF routes
Keep in mind that inter-area routes are marked with the string “O IA” in the output of the show ip route command.
From all the previous, router R1 will create five summary LSAs to advertise subnets 10.0.0.0/24, 10.0.2.0/24, 10.0.12.0/24, 10.0.13.0/24, and 10.0.16.0/24 into area 0 (Exhibit 20).
R1# show ip ospf database summary self-originate OSPF Router with ID (1.1.1.1) (Process ID 1) Summary Net Link States (Area 0) LS age: 149 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.2.0 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0x5F8C Length: 28 Network Mask: /24 MTID: 0 Metric: 65 LS age: 149 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.12.0 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0xE6FB Length: 28 Network Mask: /24 MTID: 0 Metric: 64 LS age: 149 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.13.0 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0x63BD Length: 28 Network Mask: /24 MTID: 0 Metric: 1 LS age: 149 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.16.0 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0xBA24 Length: 28 Network Mask: /24 MTID: 0 Metric: 64 < omitted output >
Exhibit 20 – Summary LSAs originated by router R1 and advertised into area 0
Type 3 LSAs contains these fields:
- LS age
- LS Type
- Link State ID
- Advertising Router
- LS Seq Number
- Checksum
- Length
- Network Mask
- Metric
The Link State ID field is the subnet’s IP address, and the metric is the cost to reach that subnet from the advertising router.
Rule #2: for each subnet corresponding to an intra-area or inter-area route in the routing table, the router creates one summary LSA and forwards it into all areas other than that subnet’s area.
Based on previous table, Router R1 creates one summary LSA for each subnet and sends it to eligible OSPF areas, as shown in the following table and illustrated in Exhibit 21.
Subnet | Area | R1 is attached to the area? | Advertised using a summary LSA to areas |
10.0.0.0/24 | 0 | Yes | 3, 12, 13, and 16 |
10.0.3.3/32 | 3 | No | 12, 13, and 16 |
10.0.2.0/24 | 12 | Yes | 0, 3, 13, and 16 |
10.0.12.0/24 | 12 | ||
10.0.13.0/24 | 13 | Yes | 0, 3, 12, and 16 |
10.0.16.0/24 | 16 | Yes | 0, 3, 12, and 13 |
R1# show ip ospf database summary self-originate < omitted output > Summary Net Link States (Area 12) LS age: 149 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.0.0 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0xF23B Length: 28 Network Mask: /24 MTID: 0 Metric: 1 LS age: 110 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.3.3 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0xBD69 Length: 28 Network Mask: /32 MTID: 0 Metric: 2 LS age: 149 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.13.0 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0x63BD Length: 28 Network Mask: /24 MTID: 0 Metric: 1 LS age: 149 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.16.0 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0xBA24 Length: 28 Network Mask: /24 MTID: 0 Metric: 64 Summary Net Link States (Area 13) LS age: 149 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.0.0 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0xF23B Length: 28 Network Mask: /24 MTID: 0 Metric: 1 LS age: 149 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.2.0 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0x5F8C Length: 28 Network Mask: /24 MTID: 0 Metric: 65 LS age: 110 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.3.3 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0xBD69 Length: 28 Network Mask: /32 MTID: 0 Metric: 2 LS age: 149 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.12.0 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0xE6FB Length: 28 Network Mask: /24 MTID: 0 Metric: 64 LS age: 149 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.16.0 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0xBA24 Length: 28 Network Mask: /24 MTID: 0 Metric: 64 Summary Net Link States (Area 16) LS age: 149 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.0.0 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0xF23B Length: 28 Network Mask: /24 MTID: 0 Metric: 1 LS age: 149 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.2.0 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0x5F8C Length: 28 Network Mask: /24 MTID: 0 Metric: 65 LS age: 110 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.3.3 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0xBD69 Length: 28 Network Mask: /32 MTID: 0 Metric: 2 LS age: 149 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.12.0 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0xE6FB Length: 28 Network Mask: /24 MTID: 0 Metric: 64 LS age: 149 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 10.0.13.0 (summary Network Number) Advertising Router: 1.1.1.1 LS Seq Number: 80000001 Checksum: 0x63BD Length: 28 Network Mask: /24 MTID: 0 Metric: 1
Exhibit 21 – Displaying summary LSAs originated by router R1
Note that Type 3 LSAs cannot carry information about subnets outside the current OSPF domain.
Finally, if a router is connected to multiple OSPF areas but it does not belong to area 0, it won’t generate Type 3 LSAs.
Before talking about Type 4 LSAs (ASBR summary LSAs), let’s first see how Type 5 LSAs works.
LSA Type 5 (AS external LSA)
These LSAs are produced by AS boundary routers (ASBRs). An ASBR is a router that injects routes from another Autonomous System into the current OSPF domain. In Figure 1, router R4 redistributed the subnets of the RIPv2 Autonomous System into the OSPF AS. Therefore, router R4 is called ASBR.
Mostly, the ASBR generates one Type 5 LSA for each external subnet and sends it to all its full adjacent neighbors. Next, each external LSAs get flooded throughout the whole OSPF domain.
In our case, router R4 generates a Type 5 LSA for each injected subnet from RIPv2 domain, and forwards it to its OSPF adjacent neighbors.
Since router R4 is the DR on its F0/0’s link, then it will send those LSAs to routers R1, R2, and R3.
These routers will flood those LSAs to their adjacent neighbors in all OSPF areas. In fact, router R1 will send those LSAs to R2, R3, and router R6. In addition, routers R2 and R3 will forward those external LSAs to router R1 only.
Keep in mind that Type 5 LSAs do not get associated with specific area, unlike router, network, summary, and AS summary LSAs.
External LSAs include these fields:
- LS age
- LS Type
- Link State ID
- Advertising Router
- LS Sequence Number
- Checksum
- Length
- Network Mask
- Metric
The Link State ID field contains the IP address of an external subnet, and the Advertising Router field indicates that the router ID of the OSPF router originating the LSA.
Here are examples of two external LSAs.
R6# show ip ospf database external OSPF Router with ID (6.6.6.6) (Process ID 1) Type-5 AS External Link States Routing Bit Set on this LSA in topology Base with MTID 0 LS age: 734 Options: (No TOS-capability, DC, Upward) LS Type: AS External Link Link State ID: 10.0.5.0 (External Network Number ) Advertising Router: 4.4.4.4 LS Seq Number: 80000001 Checksum: 0xB5CB Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) MTID: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0 Routing Bit Set on this LSA in topology Base with MTID 0 LS age: 840 Options: (No TOS-capability, DC, Upward) LS Type: AS External Link Link State ID: 10.0.45.0 (External Network Number ) Advertising Router: 4.4.4.4 LS Seq Number: 80000001 Checksum: 0xFB5D Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) MTID: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0
Exhibit 22 – External LSAs generated by router R4
As you can see in Exhibit 22, each LSA contains the subnet IP address and mask of the external destination. Also, the LSA supplies the router ID of the ASBR, and the path cost to reach that subnet.
Note that external LSAs do not get flooded within stub areas (more about that in a coming post).
In Exhibit 23, you can notice that next to each LSA type, Cisco IOS displays the corresponding area, except for Type 5 LSAs. They are shown with no sign of a particular OSPF area.
R6# show ip ospf database OSPF Router with ID (6.6.6.6) (Process ID 1) Router Link States (Area 16) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 674 0x80000003 0x002329 2 6.6.6.6 6.6.6.6 670 0x80000002 0x0040F4 2 Summary Net Link States (Area 16) Link ID ADV Router Age Seq# Checksum 10.0.0.0 1.1.1.1 688 0x80000001 0x00F23B 10.0.2.0 1.1.1.1 693 0x80000001 0x005F8C 10.0.3.3 1.1.1.1 688 0x80000001 0x00BD69 10.0.12.0 1.1.1.1 693 0x80000001 0x00E6FB 10.0.13.0 1.1.1.1 693 0x80000001 0x0063BD Summary ASB Link States (Area 16) Link ID ADV Router Age Seq# Checksum 4.4.4.4 1.1.1.1 688 0x80000001 0x00AE78 Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 10.0.5.0 4.4.4.4 686 0x80000001 0x00B5CB 0 10.0.45.0 4.4.4.4 792 0x80000001 0x00FB5D 0
Exhibit 23 – Summary of R6’s LSDB
LSA Type 4 (Summary LSA)
Exhibit 22 shows that subnets 10.0.45.0/24 and 10.0.5.0/24 are attached to the IP gateway with router ID 4.4.4.4, which has an interface in area 0.
Therefore, routers in area 0 can figure out how to reach those subnets because they know where router R4 is located.
In fact, all routers, in area 0, have a router LSA originated by router R4; thus, routers R1, R2, and R3 can determine a way to reach router R4, and calculate the shortest paths to subnets 10.0.45.0/24 and 10.0.5.0/24.
However, router R6 cannot determine the path to router R4 because all router LSAs hosted in its LSDB do not describe router R4 (Exhibit 23).
So here comes router R1, which will generate a summary Type 4 LSA to tell router R6 that it can reach router R4 via R1 with a specific path cost, as shown in Exhibit 24.
Consequently, router R6 can now calculate the best paths to subnets 10.0.45.0/24 and 10.0.5.0/24, and those paths will traverse router R1.
In Exhibit 24, the Link State ID, Advertising Router, and Metric fields supply the router ID of the ASBR, OSPF router ID of the ABR that produced the LSA, and cost to reach the ASBR from the ABR.
To sum up, an area border router would generate a Type 4 LSA in order to suggest itself a gateway to a particular AS boundary router.
When one or more ASBRs exist on the network, each ABR produces one LSA for each ASBR for each area the ABR is connected to, except all OSPF areas the ASBR is attached to.
Moreover, each Type 4 LSA is flooded throughout its associated area, while Type 5 LSAs get flooded all over the current OSPF Autonomous System.
R6# show ip ospf database asbr-summary OSPF Router with ID (6.6.6.6) (Process ID 1) Summary ASB Link States (Area 16) Routing Bit Set on this LSA in topology Base with MTID 0 LS age: 1358 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(AS Boundary Router) Link State ID: 4.4.4.4 (AS Boundary Router address) Advertising Router: 1.1.1.1 LS Seq Number: 80000004 Checksum: 0xA87B Length: 28 Network Mask: /0 MTID: 0 Metric: 1
Exhibit 24 – Type 4 LSA created by Router R1 and sent to router R6
R1# show ip ospf database asbr-summary self-originate OSPF Router with ID (1.1.1.1) (Process ID 1) Summary ASB Link States (Area 12) LS age: 125 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(AS Boundary Router) Link State ID: 4.4.4.4 (AS Boundary Router address) Advertising Router: 1.1.1.1 LS Seq Number: 80000005 Checksum: 0xA67C Length: 28 Network Mask: /0 MTID: 0 Metric: 1 Summary ASB Link States (Area 13) LS age: 125 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(AS Boundary Router) Link State ID: 4.4.4.4 (AS Boundary Router address) Advertising Router: 1.1.1.1 LS Seq Number: 80000005 Checksum: 0xA67C Length: 28 Network Mask: /0 MTID: 0 Metric: 1 Summary ASB Link States (Area 16) LS age: 125 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(AS Boundary Router) Link State ID: 4.4.4.4 (AS Boundary Router address) Advertising Router: 1.1.1.1 LS Seq Number: 80000005 Checksum: 0xA67C Length: 28 Network Mask: /0 MTID: 0 Metric: 1
Exhibit 25 – Type 4 LSAs created by Router R1
OSPF Metric
Routing protocols need some kind of measurement to distinguish the best path when multiple routes to the same network exist.
This measure or indicator is called metric, and each dynamic routing protocol has its own method to calculate a route’s metric in order to make optimal routing decisions.
Route metric may depend on hop count, bandwidth, load, interface cost, delay, reliability, or a combination of these parameters.
For example, EIGRP uses a complex formula based on bandwidth, delay, load, and reliability for metric calculation, while OSPF and RIP use cost (based on interface bandwidth) and hop count as metric values, respectively.
Before we continue, here are the network topology and the router configurations I will use in the rest of this section.
Figure 3 – OSPF Metric
-
Router R1
-
Router R2
-
Router R3
hostname R1
interface F0/0
ip address 10.0.13.1 255.255.255.0
no shutdown
interface s1/0
ip address 10.0.12.1 255.255.255.0
no shutdown
router ospf 1
network 10.0.12.1 0.0.0.0 area 0
network 10.0.13.1 0.0.0.0 area 0
hostname R2
interface F0/0
ip address 10.0.2.2 255.255.255.0
no shutdown
interface s1/0
ip address 10.0.12.2 255.255.255.0
no shutdown
router ospf 1
network 10.0.2.2 0.0.0.0 area 0
network 10.0.12.2 0.0.0.0 area 0
hostname R3
interface F0/0
ip address 10.0.13.3 255.255.255.0
no shutdown
router ospf 1
network 10.0.13.3 0.0.0.0 area 0
Let’s calculate router R2’s OSPF cost to its connected subnet 10.0.2.0/24?
Since IPv4 packets destined to the subnet 10.0.2.0/24 should only exit interface F0/0, the cost is equal to the OSPF reference bandwidth divided by the bandwidth of the interface.
Note that the faster the interface (higher bandwidth), the lower the OSPF cost.
You can get the value of OSPF reference bandwidth using the show ip ospf command, which state that it is 100 Mbps, as shown in Exhibit 26. Also, you can change that value using the auto-cost reference-bandwidth command in router configuration mode.
R2# show ip ospf
Routing Process "ospf 1" with ID 10.0.12.2
Start time: 00:00:59.300, Time elapsed: 01:03:35.044
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 3101)
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
<omitted output>
Exhibit 26 – OSPF Reference Bandwidth
You can display interface F0/0’s bandwidth using the show interface F0/0 statement, as shown in Exhibit 27.
R2# show interface fastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
Hardware is i82543 (Livengood), address is ca02.1374.0008 (bia ca02.1374.0008)
Internet address is 10.0.2.2/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
<omitted output>
Exhibit 27 – Displaying Interface Bandwidth
The bandwidth is 100000 Kbps or 100Mbps, and thus the OSPF cost of the interface is 100Mbps/100Mbps = 1, as mentioned in the show ip ospf interface command (Exhibit 28).
R2# show ip ospf interface fastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
Internet Address 10.0.2.2/24, Area 0, Attached via Network Statement
Process ID 1, Router ID 10.0.12.2, Network Type BROADCAST, Cost: 1
<omitted output>
Exhibit 28 – OSPF configuration of router R2’s F0/0 interface
Now, let’s calculate the OSPF cost of the path that starts on router R1, and ends on router R2 to reach subnet 10.0.2.0/24.
IP packets destined to that subnet, exit router R1’s Serial 1/0 interface, then router R2’s F0/0 interface. Therefore, the cost of the route in question is 65, which is the sum of the OSPF costs of those interfaces.
Note that the costs of R1’s Serial 1/0 and R2’s Fastethernet 0/0 interfaces are 64 and 1, respectively.
As shown in Exhibit 29, S1/0’s bandwidth is 1.544Mbps, and thus the cost would be 100Mbps/1.544Kbps = 64.766839378.
However, the real OSPF cost of interface Serial 1/0 is the integer part of the resulting value, which is 64.
R1# show ip ospf interface serial 1/0
Serial1/0 is up, line protocol is up
Internet Address 10.0.12.1/24, Area 0, Attached via Network Statement
Process ID 1, Router ID 10.0.13.1, Network Type POINT_TO_POINT, Cost: 64
<omitted output>
Exhibit 29 – OSPF configuration of router R1’s S1/0 interface
Now, let’s to verify our analysis using the show ip route command.
R1# show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks O 10.0.2.0/24 [110/65] via 10.0.12.2, 00:01:07, Serial1/0 C 10.0.12.0/24 is directly connected, Serial1/0 L 10.0.12.1/32 is directly connected, Serial1/0 C 10.0.13.0/24 is directly connected, FastEthernet0/0 L 10.0.13.1/32 is directly connected, FastEthernet0/0
Exhibit 30 – R1’s routing table
In fact, Exhibit 30 shows that the metric of R1’s route leading to subnet 10.0.2.0/24 is 65.
Needless to say, the routing table includes several factors, and the metric is one of them. It is listed right after the administrative distance, and those values are separated by a forward slash (/).
To sum up, the OSPF cost/metric of a specific path is the sum of OSPF costs for all outgoing interfaces in that path from the beginning to the end.
If OSPF has two routes to the same destination network, the route with the lowest metric wins. Otherwise, OSPF performs equal load-balancing.
Finally, the cost of the path from router R3 to subnet 10.0.2.0/24 is 66 because outgoing interfaces, in that path, are R3’s F0/0, R1’s S1/0, and R2’s F0/0 interfaces, and their costs are 1,64, and 1, respectively.
OSPF’s Administrative Distance
Interior gateway protocols, such RIP versions 1 and 2, OSPF or IGRP, use systems or standards of measurement to assign a value to each route in the IGP database.
That metric is used to figure out the best next-hop router to each subnet. However, dynamic routing protocols do not use the same metric structures.
Therefore, how can Cisco IOS select the best route to a specific subnet/network in case multiple routing protocols learned that subnet or network?
Since the router learned several routes to the same subnet from routing protocols with incompatible metric algorithms, the router cannot rely on the metric of each route to select the best path because those metric values did not get calculated the same way.
Instead, we need to a separate indicator to differentiate between routes to the same destination that are learned from different routing protocols.
So here comes what we call administrative distance, which classifies routing protocols from the most to the least reliable. The lower the administrative distance, the more the IGP is trusted.
Also, Administrative Distance is locally significant, which means it only affects the current router’s routing table, but it does not get involved in other router’s routing decision.
To sum up, administrative distance is a tiebreaker that a router uses to choose the best path when there are two or more different routes supplied from two different routing protocols to the same destination.
OSPF’s administrative distance value is 110, which greater than internal EIGRP (90) and BGP (20) administrative distances, and lower than RIP’s administrative distance (120).
Dijkstra’s SPF Algorithm
Before diving into Dijkstra’s algorithm, let’s learn some basic concepts about graphs.
A graph is a collection of vertices (nodes or “points”) and a set of edges connecting pairs of vertices. Each node has an ID, which is an integer number. Also, the edges may or not have values assigned to them.
Figure 4 – Undirected weighted graph
The circles in Figure 3 represent the nodes, while the lines represent the edges.
There are two types of graphs:
Undirected: for every two directly connected vertices X and Y, you can go from X to Y, and vice versa.
Directed: for every two directly connected vertices X and Y, you can either go from X to Y, or from Y to X. In that case, arrows are used instead of lines to indicate the direction.
Figure 5 represents an undirected graph, while Figure 6 represents a directed graph.
Finally, each edge, in Figure 4, has a corresponding value, called weight or cost. And the graphical representation, in this case, is called weighted graph.
Dijkstra’s algorithm is an algorithm used to calculate the shortest paths between a particular node, called the source node, and the rest of nodes in the graph (set of vertices (nodes) connected by a set of edges), thus generating a shortest-path tree.
The SPF tree’s root is the source node, and you can use it to calculate the cost and shortest path to every node in the graph.
The algorithm is also called SPF algorithm, and Dijkstra’s Shortest Path First algorithm.
Now, I will show you how the algorithm works. In a future blog post, I will explain how it is implemented in OSPF.
Dijkstra’s algorithm finds the shortest path from a source node (start point) in a graph to all reachable nodes (vertices that the source vertex has paths to get to them).
We suppose that each node in the graph has a unique integer value, which distinguishes it from the other nodes like in Figure 4.
The algorithm uses one set (called V) to record processed vertices, and two arrays named Distance and Parent, to memorize the parent and cost of the best path from the source to each vertex, respectively.
The parent of a node is the last node in the best path before reaching the end node.
If node X is the parent of node Y, the best path from the source node to node Y may cross some nodes, then go through vertex X before it terminates on Y.
Besides, we will use the Parent array to draw the SPF tree.
Parent[i] is the cell that has index i and contains node i’s parent.
Also, Distance [i] is the cell that has index i and contains the cost of the shortest path to go from the source node to node i.
Remember that an array is a set of elements that each of them has a unique numerical index, which is used to get the element’s value.
For example, the array below, let’s call it Tab, has 10 cells indexed from 0 to 9. Also, Tab[1] = Tab[8] = Tab[9] = 2, and Tab[0]=11.
0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
11 | 2 | 1200 | 11 | 45 | 3 | 152 | 1 | 2 | 2 |
Now that you have enough basic stuff about graphs, here are the steps that the SPF algorithm goes through to calculate the shortest paths from node S:
Step 1. Set all elements in array Distance to infinity (+∞), except the element at index S that is initialized to 0. Also, initialize to None all elements in array Parent, including the source vertex.
Step 2. Set array V to empty.
Step 3. While there are still nodes not yet added to V,
- Determine node N that has the lowest cost to S and not yet added to set V. N is the ID of the node for which Distance [N] is the smallest value among all vertices not yet recorded in set V.
- Add N to set V.
- For every node Y connected to N, and Y not in V,
- If Distance [Y] > Distance [N] + Cost(N,Y), then set Distance [Y] to (Distance [N] + Cost ( N , Y )), where Cost(N,Y) is the cost of the edge connecting node N to node Y.
- Also, set the parent of node Y to N.
Theory without step-by-step examples would be difficult to grasp, so here I apply Dijkstra’s algorithm to the graph in Figure 4 to produce the SPF tree starting from node 0. Also, I will add red border to processed nodes in Step 3.
Step 1. Set the cost from node 0 to itself to 0, and the costs to the other nodes to infinity. Also, initialize to None all elements in array Parent.
Distance | 0 | 1 | 2 | 3 | 4 |
0 | +∞ | +∞ | +∞ | +∞ |
Parent | 0 | 1 | 2 | 3 | 4 |
None | None | None | None | None |
Figure 7 – SPF tree consisting of node 0 only
Step 2. Create an empty set V.
V={}
Step 3. Calculating shortest paths
Iteration 1
Node 0 is the one that is not already added to set V, and the closest to node 0, the source node.
Let’s add 0 to V. Now V={0}.
The neighbors of node 0 are nodes 1, 3, and 4.
Since Distance [0]+ Cost(0,1) = 0+10=10 < Distance[1] = +∞, we replace Distance[1]’s value by 10, which represents Distance [0] + Cost(0,1).
Using the same logic, we put 1 and 3 in Distance[3] and Distance[4], respectively. Array Distance becomes:
Array Distance | 0 | 1 | 2 | 3 | 4 |
0 | 10 | +∞ | 1 | 3 |
Also, we must update the parents of nodes 1, 3, and 4.
Parent | 0 | 1 | 2 | 3 | 4 |
None | 0 | None | 0 | 0 |
At the end of this iteration, the SPF tree consists of nodes 1, 3, and 4, and the edges marked in red in Figure 8.
Figure 8 – SPF tree at the end of iteration 1
Iteration 2
Node 3 is the closest one to the source node. Let’s add it to V, and check if shortest paths exist from node 0 to other nodes in the graph through node 3.
Now V={0,3}.
Node 3’s neighbors are 0, 1,2, and 4, but 0 already in V. Therefore, we will consider only nodes 1, 2, and 4.
Distance [1] = 10 < Distance [3] + Cost(3,1) = 1 + 20 = 21, so we do not change the value of Distance [1].
But.
Since Distance [2] = +∞ > Distance [3] + Cost(3,2) = 1 + 30 = 31
and
Distance [4] = 3 > Distance [3] + Cost(3,4) = 1 + 1 = 2,
We set Distance [2] and Distance [4] to 31 and 2, respectively; and assign 3 to the corresponding elements in array Parent. Here are the new contents of array Distance and Parent.
Array Distance | 0 | 1 | 2 | 3 | 4 |
0 | 10 | 31 | 1 | 2 |
Parent | 0 | 1 | 2 | 3 | 4 |
None | 0 | 3 | 0 | 3 |
Now, the SPF tree contains nodes 0 and 3, plus the red edges (Figure 9). To go from node 0 to node 4, the path becomes 0->3->4 instead of the path 0->4 (Figure 8).
Figure 9 – SPF tree at the end of iteration 2
Iteration 3
The node, not in set V, which has the lowest value in the Distance array is node 4. Now V={0,3,4}.
Node 1 is the only node that is connected to node 4 and not in set V.
The distance of the path from node 0 to node 1 through node 4 equals 5, and it is lower than the current distance from the source node to node 1. Therefore, we replace Distance[1]’s value by 5, and set Parent[1] to 4.
Here the new contents of the Distance and Parent arrays, and the SPF tree.
Array Distance | 0 | 1 | 2 | 3 | 4 |
0 | 5 | 31 | 1 | 2 |
Parent | 0 | 1 | 2 | 3 | 4 |
None | 4 | 3 | 0 | 3 |
Figure 10 – SPF tree at the end of iteration 3
Iteration 4
Nodes 1 and 2 are the only nodes not already processed. We take node 1 because it is closer than node 2 to the source node. Therefore, V becomes {0,1,3,4}.
All nodes connected to node 1 are in set v, except node 2.
Since Distance[2] = 31 > Distance[1] + Cost(1,2) = 5 + 1 = 6, we update Distance[2]’s value to 6, and set Parent[2]’s value to 1.
Here the new contents of the Distance and Parent arrays, and the SPF tree.
Array Distance | 0 | 1 | 2 | 3 | 4 |
0 | 5 | 6 | 1 | 2 |
Parent | 0 | 1 | 2 | 3 | 4 |
None | 4 | 1 | 0 | 3 |
Figure 11 – SPF tree at the end of iteration 4
Iteration 5
In this iteration, only one node remains to process. However, since all its neighbors are in set V, there is nothing to do, and the algorithm stops.
At this point in the guide, we can draw the SPF tree based on the Parent array. To do so, first draw the nodes, and then connect each node with the corresponding parent.
Here is the shortest path tree you will produce.
Figure 12 – SPF tree corresponding to te graph in Figure 4
You can notice that there is one unique path from node 0 to each node in the graph. Therefore, it is easy to determine the shortest path from the root node, node 0 in our case, to each node, and calculate the corresponding metric.
For example, the path with least cost to go from node 0 to node 1, we must go through nodes 3 and then node 4. The path cost is the sum of the costs of all edges included in that route, which is 5.
Configuring OSPF
In this section, you will learn how to configure Open Shortest Path First (OSPF) version 2 on Cisco IOS. I will show you how to perform basic configuration for OSPF, and influence SPF calculation and DR/BDR elections.
Basic OSPF configuration
Here are the steps to set up OSPF on Cisco IOS:
Step 1. Create an OSPF process using the router ospf command in global configuration mode (Exhibit 31).
R7> enable R7# configure terminal R7(config)# router ospf 222
Exhibit 31 – Creating an OSPF process
You can create multiple OSPF processes on the same router, and each OSPF instance has a unique process ID value between 1 and 65535.
The process ID is locally significant, and it does not influence the OSPF operation; that means you cannot set up two separate OSPF instances on a router using the same ID. Besides, you can create two OSPF processes on two different routers, and assign them the same ID.
After you enter the router ospf command, Cisco IOS calculates the router ID based on the IPv4 addresses configured on the router.
The router should have at least one active IPv4-enabled interface for the OSPF process to work. Otherwise, the OSPF process fails, and Cisco IOS displays the following message.
*May 2 22:46:47.611: %OSPF-4-NORTRID: OSPF process 333 failed to allocate unique router-id and cannot start
Step 2 (optional). Configure a Router ID using the router-id command in router configuration mode. The command requires the router ID value to be entered in IP address decimal format.
If you want to change the current router ID, issue the router-id command, then reload the OSPF process using the clear ip ospf id process command in enable mode, where id is the ID of the OSPF instance to restart (Exhibit 32).
R6# clear ip ospf 1 process Reset OSPF process 1? [no]: yes R6# *May 2 23:03:22.287: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Serial1/1 from FULL to DOWN, Neighbor Down: Interface down or detached *May 2 23:03:22.371: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Serial1/1 from LOADING to FULL, Loading Done
Exhibit 32 – Restarting OSPF process 1
Step 3. Adding interfaces to their corresponding OSPF areas.
You can enable OSPF on a particular interface using the network or ip ospf area command.
When you add an interface to a particular OSPF area, Cisco IOS starts sending Hello packets over that interface in order to build up neighbor adjacencies, describe the interface in the router’s Type 1 LSA. Also, a network LSA gets generated by the DR for the interface if its OSPF network type is Broadcast or NBMA.
Network Command
If you choose to advertise an interface into an OSPF AS using the network command, use the following syntax:
network ip-address wildcard-mask area area-number,
where ip-address is an IP address written in dotted decimal notation, and wildcard-mask is a 32-bit value that starts with zero or more 0s and ends with zero or more 1s.
Besides, the wildcard mask should be entered as a decimal IP address.
0.0.0.0 (00000000.00000000.00000000.00000000), 255.255.255.255 (11111111.11111111.11111111.11111111), and 15.255.255.255 (00001111.11111111.11111111.11111111) are examples of valid values for the wildcard mask to be used with the network command.
However, wildcard mask that have interleaved 0s and 1s, such as 2.4.8.0 (00000010.00000100.00001000.00000000), and 255.1.13.25 (11111111.1.00001101.00011001), are improper values to be used with the network command (Exhibit 33).
R7(config-router)# network 102.3.2.3 255.1.13.25 area 0
% OSPF: Invalid address/mask combination (discontiguous mask)
Exhibit 33 – Using invalid wildcard mask
Finally, area-number is the OSPF area to link with each interface matching ip-address and wildcard-mask.
The IP address space defined by ip-address and wildcard-mask should include the interface’s IP address to enable OSPF on.
Here are some IP address and wildcard mask values you can use with the network command to advertise an interface A with IP address 10.0.12.1/24 into an OSPF area.
IP address | Wildcard Mask | Description | Example |
A’s IP address | 0.0.0.0 | this combination matches one address, which is A’s IP address | network 10.0.12.1 0.0.0.0 area 12 |
A’s subnet IP address | inverse of A’s subnet mask | the network command covers all IP address in A’s subnet | network 10.0.12.0 0.0.0.255 area 12 |
A’s major network | inverse of A’s major network | the network command covers all IP address in A’s major network | network 10.0.0.0 0.255.255.255 area 12 |
0.0.0.0 | 255.255.255.255 | OSPF will be activated on all current and future IPv4 interfaces | network 0.0.0.0 255.255.255.255 area 0 |
I mean by the inverse of an IP address, the corresponding address resulted from replacing 0s by 1s, and vice versa, in the original address.
For example, the address 255.255.255.0 starts with 24 1s, next to them 8 0s. Therefore, its inverse begins with 24 0s, and end with 8 1s.
Note that an interface can be associated with only one OSPF area even if multiple network statements match the IP address of that interface. In this case, the less specific network statement, covering less IP addresses than the others, wins and the interface get attached to the OSPF area in that network statement.
IP OSPF Area
The easiest and straightforward way to enable OSPF on a specific interface is to issue the ip ospf area command in interface configuration mode.
The command requires two parameters: OSPF process ID and area ID (Exhibit 34).
R7(config)# interface loopback 1 R7(config-if)# ip ospf 1 area 2
Exhibit 34 – Enabling OSPF on a loopback interface
Note that, using the ip ospf area command, you can replace an interface’s area that was associated to that interface by a network command.
However, the opposite is not true, which means once you set the area of an interface using an ip ospf area statement, you cannot change it via a network command.
OSPF Network Types
The ip ospf network command allows you to change the current network type of an interface (Exhibit 35).
Once you enable OSPF on a particular interface, Cisco IOS sets the network type of the interface to a value based on the Layer 2 protocol configuration of the interface.
For example, on PPP and HDLC interfaces, the default OSPF network type is Point-to-Point, while it is Broadcast on Ethernet interfaces.
Besides, the command accepts one argument, and you have only five values to choose from: broadcast, non-broadcast, point-to-multipoint, point-to-multipoint non-broadcast, and point-to-point.
R7(config)# interface serial 1/0 R7(config-if)# ip ospf network broadcast
Exhibit 35 – Setting the network type of the serial 1/0 interface to broadcast
Remember that when you choose the non-broadcast or point-to-multipoint non-broadcast network type, multicast Hello packets will be disabled and the router cannot discover OSPF neighbor dynamically.
Therefore, you must issue the neighbor command in router configuration mode, for each router you want to form OSPF adjacency with over the interface.
Loopback Interfaces
The default network type for Loopback interfaces is Loopback (Exhibit 36). When it is active, OSPF consider the Loopback interface as an isolated host and advertise its IP address along with the /32 subnet mask instead of the real subnet IP address and mask.
To change this behavior, replace the default type with the Point-to-Point network type. Moreover, Loopback interfaces don’t allow the four remaining types.
R7# show ip ospf interface loopback 1
Loopback1 is up, line protocol is up
Internet Address 10.0.0.7/24, Area 2, Attached via Interface Enable
Process ID 1, Router ID 10.0.0.7, Network Type LOOPBACK, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Enabled by interface config, including secondary ip addresses
Loopback interface is treated as a stub Host
Exhibit 36 – displaying Loopback 1’s OSPF settings
Neighbor Command
The neighbor command allows you to configure OSPF neighbors manually, thus instructing the router to build up OSPF adjacencies with particular neighbors. You can only use that command on NBMA and Point-to-Multipoint networks.
If you try to enter that command on a Point-to-Point or Broadcast interface, Cisco IOS will reject it and display an error message in Exhibit 37.
*May 3 23:18:30.795: %OSPF-4-CFG_NBR_INVALID_NET_TYPE: Can not use configured neighbor 10.0.87.7 on Serial1/0. Neighbor command only allowed on NBMA and P2MP networks
Exhibit 37 – Neighbor command rejected
Hello interval
OSPF uses Hello packets to discover neighbors, elect a DR/BDR, and maintain OSPF adjacencies. One Hello message gets sent every Hello Interval. The Hello Interval is the amount of time between two consecutive Hello packets.
Furthermore, the default Hello interval value depends on the OSPF network type of the interface. Here are the default values for Hello and Dead intervals.
Network Type | Hello Interval | Dead Interval |
Point-to-Point | 10 | 40 |
Point-to-Multipoint | 30 | 120 |
Point-to-Multipoint non-broadcast | 30 | 120 |
Broadcast | 10 | 40 |
Non-broadcast | 30 | 120 |
To change the hello interval, use the ip ospf hello-interval command in interface configuration mode (Exhibit 38).
R7(config)# interface serial 1/0 R7(config-if)# ip ospf hello-interval 22
Exhibit 38 – Configuring Hello interval
Dead interval
The Dead interval is the length of time (in seconds) that should be elapsed before router A declares neighbor B down and removes it from the neighbor table because A did not receive Hello Packets from B during this period.
To change the dead interval, use the ip ospf dead-interval command in interface configuration mode. If you want to set that time interval to a value greater than 1 second, use this syntax:
ip ospf dead-interval seconds
But, if you want to set the dead interval to 1 second, use the following syntax:
ip ospf dead-interval minimal hello-multiplier multiplier, multiplier is the number of hello packets to send per second.
The following instructions set serial 1/0’s OSPF dead timer to 33:
R7(config)# interface serial 1/0 R7(config-if)# ip ospf dead-interval 33
The following instructions set serial 1/0’s OSPF dead and hello intervals to 1s and 50ms, respectively:
R7(config)# interface serial 1/0 R7(config-if)# ip ospf dead-interval minimal hello-multiplier 20
OSPF reference bandwidth
The OSPF cost of an interface is equal to (OSPF reference bandwidth)/(interface bandwidth).
By default, the value of the reference bandwidth is 100Mbps; to change it, use the auto-cost reference-bandwidth bw statement in router configuration mode, where bw is a value, in Mbps, between 1 and 4294967 Mbps.
Since the default OSPF cost of GigabitEthernet and FastEthernet interfaces is 1, we can change the OSPF reference bandwidth so that their associated cost reflects their speeds.
To that we set the reference bandwidth to 10000 Mbps (Example below). In this way, the costs of FastEthernet and Gigabit Ethernet links becomes 100 and 10, respectively.
R7(config)# router ospf 1 R7(config-router)# auto-cost reference-bandwidth 10000
Interface cost
To change the cost of an interface, use the ip ospf cost command in interface configuration mode. The following example sets the cost of the serial 1/0 interface to 100.
R7(config)# interface serial 1/0 R7(config-if)# ip ospf cost 100
Note that the cost value can be between 1 and 65535.
OSPF priority
On broadcast and non-broadcast data links, routers elect a DR and BDR based on the OSPF priority first, then the router ID.
The ip ospf priority command, entered in interface configuration mode, allows you to set the router priority on a specific network.
You can set a priority value between 0 and 255. Also, a value of 0 means the router cannot become DR nor BDR.
The following example sets the OSPF priority of interface serial 1/1 to 255.
R7(config)# interface serial 1/1 R7(config-if)# ip ospf priority 255
OSPF Default routing
If a router’s routing table includes a default external route learned through a dynamic routing protocol or that is statically configured, you can use the default-information originate command in router mode to advertise that route into the OSPF domain.
The router creates one Type 5 LSA for that route, thus the advertising router becomes an ASBR (Exhibit 39).
R7# show ip ospf database external self-originate OSPF Router with ID (10.0.87.7) (Process ID 1) Type-5 AS External Link States LS age: 45 Options: (No TOS-capability, DC, Upward) LS Type: AS External Link Link State ID: 0.0.0.0 (External Network Number ) Advertising Router: 10.0.87.7 LS Seq Number: 80000001 Checksum: 0x53F6 Length: 36 Network Mask: /0 Metric Type: 2 (Larger than any link state path) MTID: 0 Metric: 1 Forward Address: 0.0.0.0 External Route Tag: 1
Exhibit 39 – Type 5 LSA of the default route
Moreover, you can use the default-information originate always command to inject the route 0.0.0.0/0 even if no external default route exists in the routing table.
Troubleshooting OSPF Neighbor Adjacencies
Before two OSPF neighbors can start to exchange routing information, they should reach the 2-way neighbor state.
If the neighbors have trouble to get to that neighbor state, this may be the consequence of one of the following reasons:
- Interface down.
- Mismatched subnets.
- Mismatched MTU values.
- OSPF is not enabled on the interface.
- At least one of the interfaces connecting the routers is passive.
- Mismatched Hello and Dead timers.
- Mismatched network types.
- Duplicate OSPF router IDs.
- Area number mismatch.
- An ACL is blocking OSPF Hello packets.
- Misconfigured OSPF authentication.
Now, let’s explain each of them and look at the ways to solve these OSPF neighbor issues.
Interface Down
This issue might be generated because of a bad cable, issuing the shutdown command, a non-working switch port connected to one interface of the routers or both, and Layer 2 issues such a failed PPP authentication.
To check that a particular interface is down and verify whether it may have Layer 1 or 2 issues or both, you may use the show interfaces and show ip interface command.
First, verify that the interface is up, then check that the Layer 2 protocol is up.
R1# show interfaces serial 1/0 Serial1/0 is up, line protocol is up Hardware is M4T Internet address is 10.0.12.1/24 MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation HDLC, crc 16, loopback not set < omitted output >
Exhibit 40 – Displaying Layer 1 and Layer 2 data of R1’s serial 1/0 interface
The second line is Exhibit 40, includes the string “Serial1/0 is up”, which means the interface has no Layer 1 issues; otherwise, the interface has physical problems, or it was disabled using the shutdown command, and in this case, Cisco IOS will display the text “line protocol is down”.
The string “line protocol is up” means that the interface’s Layer 2 protocol is working, and there are no issues at Layer 1.
In Exhibit 41, the show interfaces serial 1/0 command reveals that the interface is working, but the Layer 2 protocol configured on it failed.
R1# show interfaces serial 1/0
Serial1/0 is up, line protocol is down
Hardware is M4T
Internet address is 10.0.12.1/24
< omitted output >
Exhibit 41 – Displaying Layer 1 and Layer 2 data of R1’s serial 1/0 interface
Finally, to solve this issue, use necessary Cisco IOS commands so that the failed interface become up/up.
Mismatched Subnets
You can use the show ip interface command (Exhibit 42) or show running-config interface interface_type interface_number command to check the IP configuration of two OSPF neighbors connected to the same data link.
If their interfaces are on different subnets, the routers may not build up an OSPF adjacency.
R2# show ip interface serial 1/0 Serial1/0 is up, line protocol is up Internet address is 10.0.12.2/27 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes < omitted output >
Exhibit 42 – Displaying the IP configuration of router R2’s S1/0 interface
Mismatched MTU Values
If the interfaces, connecting two OSPF neighbors, have two different MTU values, the routers may reach the 2-way, but they get stuck at the EXSTART or EXCHANGE neighbor state (Exhibit 43).
R1# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 2.2.2.2 0 EXCHANGE/ - 00:00:38 10.0.12.2 Serial1/0 6.6.6.6 0 EXSTART/ - 00:00:39 10.0.16.6 Serial1/1
Exhibit 43 – R1’s neighbors 2.2.2.2 and 6.6.6.6 are getting stuck in the Exchange and ExStart states
To change MTU, use the mtu mtu_value command in interface configuration command.
OSPF is Not Enabled on The Interface or Mismatched Area Number
This problem can be caused by mis-configured network or ip ospf command.
Therefore, Hello packets won’t get sent over the right interfaces or router interfaces get associated to wrong areas, and thus the router could not discover neighbors and form OSPF adjacencies over those interfaces.
To verify that an interface is taking part in OSPF and associated to the right area, use the show ip ospf interface command in enable mode (Exhibit 44).
R1# show ip ospf interface fastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
Internet Address 10.0.0.1/24, Area 0, Attached via Interface Enable
Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Enabled by interface config, including secondary ip addresses
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 2.2.2.2, Interface address 10.0.0.2
Backup Designated router (ID) 1.1.1.1, Interface address 10.0.0.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:03
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 2.2.2.2 (Designated Router)
Suppress hello for 0 neighbor(s)
Exhibit 44 -Showing a router interface’s OSPF configuration
Passive Interface
If you want to prevent the router from sending Hello packets over interfaces not connected to OSPF neighbors while keeping advertising their associated subnets, use the passive-interface command in router configuration mode.
The following example disable Hello packets on the Loopback interfaces 0 and 1.
R1(config)# router ospf 1 R1(config-router)# passive-interface loopback 0 R1(config-router)# passive-interface loopback 1
To get the list of OSPF passive interfaces, use the show ip protocols command in enable mode (Exhibit 45).
R1# show ip protocols Routing Protocol is "ospf 1" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Router ID 10.0.11.11 Number of areas in this router is 3. 3 normal 0 stub 0 nssa Maximum path: 4 Routing for Networks: Passive Interface(s): Loopback0 Loopback1 < omitted output >
Exhibit 45 – Verifying passive interfaces
Mismatched Hello and Dead timers
Hello and Dead timers have to match between two routers in order to become OSPF neighbors on a particular common subnet.
If those time values do not match, the routers cannot form an OSPF neighbor relationship, or the neighbor state of each router gets moved to down if they are already OSPF neighbors or adjacent (Exhibit 46).
R6# debug ip ospf hello OSPF hello debugging is on R6# *May 6 01:00:24.139: OSPF-1 HELLO Se1/1: Rcv hello from 1.1.1.1 area 16 10.0.16.1 *May 6 01:00:24.143: OSPF-1 HELLO Se1/1: Mismatched hello parameters from 10.0.16.1 *May 6 01:00:24.143: OSPF-1 HELLO Se1/1: Dead R 40 C 38, Hello R 10 C 9 R6# *May 6 01:00:30.671: OSPF-1 HELLO Se1/1: Send hello to 224.0.0.5 area 16 from 10.0.16.6 R6# *May 6 01:00:33.567: OSPF-1 HELLO Se1/1: Rcv hello from 1.1.1.1 area 16 10.0.16.1 *May 6 01:00:33.571: OSPF-1 HELLO Se1/1: Mismatched hello parameters from 10.0.16.1 *May 6 01:00:33.571: OSPF-1 HELLO Se1/1: Dead R 40 C 38, Hello R 10 C 9 R6# *May 6 01:00:35.359: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Serial1/1 from FULL to DOWN, Neighbor Down: Dead timer expired
Exhibit 46 – Debugging Hello packets
The fastest way to check that there is a Hello/Dead time mismatch is to use the debug ip ospf hello command in enable mode.
In fact, the string “Dead R 40 C 38, Hello R 10 C 9” tells that the routers are using different Dead and Hello interval. The remote interface (R) has a dead and hello time of 40 and 10, respectively, while the dead and hello timers of the current router’s interface (C) are 38 and 9.
To verify the Hello and Dead intervals, you can use the show ip ospf interface or show running-config interface_type interface_number command (Exhibit 47).
R1# show ip ospf interface s1/1 Serial1/1 is up, line protocol is up Internet Address 10.0.16.1/24, Area 16, Attached via Interface Enable Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64 Topology-MTID Cost Disabled Shutdown Topology Name 0 64 no no Base Enabled by interface config, including secondary ip addresses Transmit Delay is 1 sec, State POINT_TO_POINT Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:03 Supports Link-local Signaling (LLS) Cisco NSF helper support enabled IETF NSF helper support enabled Index 1/4, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 4, maximum is 4 Last flood scan time is 0 msec, maximum is 4 msec Neighbor Count is 0, Adjacent neighbor count is 0 Suppress hello for 0 neighbor(s)
Exhibit 47 – Displaying the OSPF configuration of router R1’s S1/1 interface
Mismatched network types
OSPF neighbor relationships may not be formed because of incompatible network types. In fact, network types with mismatched hello and dead timers prevent forming OSPF adjacencies.
If you can configure one interface with a type that supports Layer 2 broadcasts and the other interface with a network type that does not, routers may not build up an OSPF neighbor relationship over those interfaces.
To verify the current OSPF network type on an interface, use the show ip ospf interface command in enable mode (Exhibit 48).
R1# show ip ospf interface s1/1
Serial1/1 is up, line protocol is up
Internet Address 10.0.16.1/24, Area 16, Attached via Interface Enable
Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
Topology-MTID Cost Disabled Shutdown Topology Name
0 64 no no Base
Enabled by interface config, including secondary ip addresses
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:03
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/4, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 4, maximum is 4
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Exhibit 48 – Displaying the OSPF configuration of router R1’s S1/1 interface
Duplicate OSPF router IDs
Routers with duplicate router IDs cannot build an OSPF neighbor relationship. In such case, Cisco IOS displays the following message.
*May 6 02:40:08.651: %OSPF-4-DUP_RTRID_NBR: OSPF detected duplicate router-id 1.1.1.1 from 10.0.16.1 on interface Serial1/1
To solve this issue, change the router ID of the router, causing the issue, using the router-id command in router configuration mode, then clear the current OSPF process using the clear ip ospf ospf_id process command, where ospf_id is the ID of the OSPF instance to reload.
An ACL is blocking OSPF Hello packets
If an ACL is blocking incoming OSPF traffic to a router interface, the router cannot form OSPF neighbor relationships.
A standard/extended ACL cannot filter OSPF traffic sourced from the current router. Therefore, only inbound ACL may generate OSPF issues.
To check applied ACLs to a specific interface, use the show ip interface command (Exhibit 49). Also, to display the content of an ACL, issue the show ip access-list in enable mode (Exhibit 50).
R6# show ip interface serial 1/1
Serial1/1 is up, line protocol is up
Internet address is 10.0.16.6/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.5
Outgoing access list is not set
Inbound access list is 110
< omitted output >
Exhibit 49 – Displaying the IP configuration of router R6’s S1/1 interface
R6# show ip access-lists 110 Extended IP access list 110 10 deny ospf host 10.0.16.1 any (12 matches) 20 permit ip any any
Exhibit 50 – Showing the content of ACL 110
Misconfigured OSPF authentication
OSPFv2 allows you to configure three types of authentication:
- Null: it means no authentication
- Plaintext: the authentication password is sent in clear text. Any device, capturing OSPF traffic, can read the plaintext password.
- MD5/SHA: the password hash is exchanged instead of the real password.
You can enable OSPF authentication per area or interface; but, in both cases, you have to configure the password at the interface level.
The show ip ospf command allows you to know OSPF areas that have authentication (Exhibit 51).
R6# show ip ospf
Routing Process "ospf 1" with ID 6.6.6.6
Start time: 00:00:17.776, Time elapsed: 00:07:30.532
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 3101)
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
Area 16
Number of interfaces in this area is 1
Area has simple password authentication
SPF algorithm last executed 00:05:50.016 ago
SPF algorithm executed 3 times
Area ranges are
Number of LSA 4. Checksum Sum 0x01B617
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Exhibit 51 – Area 16 has simple password authentication
To verify whether OSPF authentication is enabled on an interface, use the show ip ospf interface command in enable mode (Exhibit 52).
R6# show ip ospf interface serial 1/1
Serial1/1 is up, line protocol is up
Internet Address 10.0.16.6/24, Area 16, Attached via Interface Enable
Process ID 1, Router ID 6.6.6.6, Network Type POINT_TO_POINT, Cost: 64
Topology-MTID Cost Disabled Shutdown Topology Name
0 64 no no Base
Enabled by interface config, including secondary ip addresses
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:02
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 1.1.1.1
Suppress hello for 0 neighbor(s)
Simple password authentication enabled
Exhibit 52 – Interface serial 1/1 has simple password authentication
If OSPF authentication failed on a particular data link, it breaks OSPF adjacencies on that link, and may be caused by one of the following reasons:
- Mismatched passwords.
- Mismatched authentication types.
- One end of the data link is not enabling authentication.
Related Lessons to OSPF
- OSPF
- OSPF Router ID
- OSPF Null Authentication
- OSPF Plain Text Authentication
- OSPF Default Route
- Basic OSPF Configuration Lab for CCNA
- OSPF Configuration
- OSPF Passive Interface
- OSPF Virtual Link
- OSPF Stub Area
- OSPF LSA Types
- OSPF Graceful Restart
- OSPF Totally Stubby Area
- OSPF Reference Bandwidth
- OSPF Cost
- OSPF DR/BDR Election
- OSPF Hello and Dead Interval
- OSPF Metric
- OSPF MD5 Authentication
- OSPF HMAC-SHA Cryptographic Authentication
- OSPF Multi-Area
- OSPF TTL Security Check
- OSPF Graceful Shutdown
- Route Redistribution between OSPF and RIP
- OSPF Network Types
- OSPF Totally NSSA Area
- OSPF NSSA Area
- OSPF Summarization
- OSPF Route Filtering
- OSPF Type 5 LSA Filtering
- OSPF ABR Type 3 LSA Filtering
- OSPF Prefix Suppression
- OSPF Path Selection
- OSPF LSA Throttling
- OSPF SPF Throttling
- OSPF Incremental SPF
- OSPF Non-Broadcast Network Type
- OSPF Point-to-Point Network Type
- OSPF Broadcast Network Type
- OSPF Point-to-Multipoint Network Type
- OSPF vs RIP
- OSPF LSA Group Pacing
- OSPF LSA Flood Pacing
- OSPF LSA Retransmission Pacing
- Troubleshooting OSPF Neighbor Adjacency
- Troubleshooting OSPF Route Installation
- Troubleshooting OSPF Route Advertisement
- OSPF Stub Router
Conclusion
I hope this blog post helps you learn something.
Now I’d like to turn it over to you:
What did you like about this tutorial?
Or maybe you have an excellent idea that you think I need to add.
Either way, let me know by leaving a comment below right now.
Please send me the link to download the lab thati paid for yesterday
Please, check your inbox.
I also want to ask if you are going to publish a book of labs on CCNP.
I am working on a lab book for ENCOR exam.
Thank you!
Merci
This is great! Thank you so much! Can you do a megapost on BGP as well?
It’s on my to-do list.
Very interesting. You nearly covered all of topics on OSPFv2 with easy and simple way . I really appreciate what you did.
Hi Soufyane, happy to help.