Table of Contents
3.6 OSPF (V2 and v3)
OSPF is an interior gateway routing protocol.
Specifically it is a link-state routing protocol, it runs the Dijkstra SPF Algorithm.
Is a classless protocol that supports VLSM and summarization.
Why use OSPF?
OSPF guarantees a loop free topology.
All routers in an area should have the same OSPF database thus OSPF guarantees a loop free topology.
OSPF is an open-standard.
Uses IP protocol 89
Uses both multicast and unicast
OSPF’s metric is cost which is a direct relationship to the bandwidth.
Multicast addresses used:
126.96.36.199 (all OSPF routers)
188.8.131.52 (DR and BDR routers)
OSPF supports authentication and encryption:
clear text, md5, sha, ipsec etc…
Is Extensible, future applications will be supported through “opaque” LSAs
ex. MPLS traffic engineering
Path selection hierarchy:
Inter-Area (O IA)
External Type 1 (E1)
NSSA Type 1 (N1)
External Type 2 (E2)
NSSA Type 2 (N2)
How OSPF works?
1. discover ospf neighbors and exchange topology info
OSPF sends hellos out to multicast address 184.108.40.206 or 220.127.116.11, or unicast (based on config) over IP protocol 89
Normally they just find eachother via this default multicast config.
Hello packets contain attributes that must agree or match. (most OSPF problems happen here)
The attributes that must be unique:
• Router-id which is used to identify the node in the graph of the link state.
• Chosen based on…
• manual config, highest active loopback ip, highest active interface ip
• For OSPFv2 this interface ip is the primary ip address, while OSPFv3 we use the link local address
• hello and dead interval
• network address
• network type (must be compatible)
• stub flags
• other optional capabilities
Then once adjacency is negotiated we exchange the LSDB.
2. choose a best path via the SPF
Each router’s LSAs include a “cost” attribute for each link, the lowest end to end cost is the best path.
Multiple equal cost paths (ECMP are allowed)
Higher BW (over 1Gbps) require changing the cost reference bandwidth
3. maintain the table via updates
Hello packets are used as keepalives
LSA fields used to track topology changes
Reference Bandwidth for determining Cost:
Cisco’s implementation and most implementations of OSPF use bandwidth to compute cost, however the RFC says use whatever you want, just agree on it.
Cisco default cost = 100 Mbps/Link bandwidth
Just by reading that you can tell that a 1Gbps interface and a 10Gbps interface will have the same cost, 1. (The minimum cost is 1)
Routers never advertise their reference-bandwidth thus it is important that you manually configure it correctly on all of them, a mismatch will not cause neighbor issues but will cause sub-optimal routing.
en conf t router ospf 1 auto-cost reference-bandwidth
Default hello time on ethernet is every 10 seconds
Default hello time on serial links is every 30 seconds
The dead interval is 4x the hello interval
side note about OSPF and recovery:
Use BFD when you can or OSPF fast hellos for faster recovery.
OSPF Neighbor State Machine:
8 states to determine progress of adjacency establishment
No hellos have been received from neighbor
2. Attempt (unicast hello)
Only valid on NBMA and point to multipoint
Unicast hello packet has been sent, but no hello has been received
3. Init (multicast hello)
I have received a multicast hello from neighbor but they have not acknowledged my hello
I sent a hello, you acknowledged the hello (by putting my router-id in the hello packet) (layer 2 transport is working)
Routers decide they want to become adjacent
Empty Database description packets exchanged with just their router-id in them
Master & slave relationship is formed where master has higher router-id
Master chooses the starting sequence number for database description packets that are used for LSA exchange
Routers exchange database descriptions full of LSA info that they have
DBD sequence number is used for reliable ack/retransmission
Linkstate requests and link state updates are sent out. All LSAs are acknowledged. Once LSA download is complete we move on.
Neighbors are fully adjacent and databases are synchronized.
Full is the normal state any other state is a problem except for 2 way which is normal on broadcast networks.
There are certain cases when some neighbors stop at 2way
Tracking topology changes:
• When a new LSA is received it is checked against the DB…
• We check the sequence number to track if its new (higher seq number wins)
• If the seq number is higher but the payload has not changed, we do not rerun SPF (happens when age reaches 30 min (half of max age) so we reflood them)
OSPF refreshes the database every 30 min if its the same, we dont recalculate SPF.
LSAs that reach the MaxAge of 60 min then it is withdrawn via reflooding via setting the age to be 60 to force the route to disappear.
• The checksum is used to avoid transmission and memory corruption
OSPF behaves like a distance vector protocol between areas.
The router-id is a 32 bit number that is just an ID for the NODE in the OSPF graph.
It is just a 32 bit number that happens to come from an IP address.
Router-id which is used to identify the node in the graph of the link state.
Chosen based on this order: manual config, highest active loopback ip, highest active interface ip
If you are running multiple OSPF processes, they must have different router IDs. Each OSPF process performs the same steps above, they just skip the one already in use.
The OSPF router-id chosen does not need to be advertised or reachable via the routing table.
Routers re-run the RID election when the ospf process is restarted.
If a router ID changes then the SPF calculation will need to be run as it looks like a new router to the other routers in the area.
What is recommended? Always set the router-id manually.
en conf t router ospf
• The OSPF process-id is locally significant, the exception to this is MPLS L3VPN
Now you can either enable OSPF via the process level, or via the interface:
• e.x. of process level:
network 192.168.1.0 0.0.0.255 area 0
Would enable OSPF for all of the interfaces that have an IP address of 192.168.1.x
• or just go to the interface and do this
int g0/1 ip ospf 1 area 0
Note that when enabling OSPF via the network statement, you are not inputting the network to advertise.
OSPF will use the network from the interfaces that matched the network statement.
Regarding OSPF network statements, the most specific network statement wins.
For example the second statement below will be the “winner”.
network 192.168.1.0 0.0.0.255 area 0 network 192.168.1.1 0.0.0.0 area 1
If you are enabling OSPF via the interface statement and the interface also has a secondary Ip address, you are by default advertising that network as well int OSPF. This can easily be disabled.
Enabling OSPF via the interface is convenient because if the interface changes, OSPF will still advertise the link.
The area id can be inputted in decimal or dotted decimal, it doesnt matter because the router reads it in binary.
show ip ospf
Will show us all of the OSPF attributes
show ip ospf interface
show us interface specific details for OSPF like network type, hello time for neighbor
verify ospf adjacencies:
show ip ospf neighbors
Will show us who our neighbors are and their states and what interface they are reachable from
show ip ospf int bri
will show us similar things to ip ospf neighbors, except it will show our states as well
debug ip ospf adj
verify ospf DB:
show ip ospf database
What does the sequence tell us in the following output?
The sequence in the ospf database tells us the revision or version of this LSA. This should match on all routers in the area and thus will mean they all have the same copy of this LSA.
Multiple routers on the same segment (stuck in 2 way drother):
In the above screenshot notice that we have 4 neighbors, but 2 of them don’t actually form a adjacency, they are just there.
This is because these 2way/drother routers are not DR nor BDR, and we get all of their information from the DR thus we don’t need a adjacency with them. We stay in the 2 way state with them, that means in the hello packets we acknowledge we have seen their hellos.
Notice above we see just that, we have all 4 routers in the hello but we only have a neighborship with 2 of them
Why do we do this? OSPF does this to avoid sending redundant LSAs into the network.
In conclusion an OSPF router only forms an adjacency with a DR and BDR and not other routers.
DR and BDR:
On a multiaccess network, a designated and backup designated router are chosen to handle the LSA flooding. This is most useful during the initial LSA DB sync, however actually becomes non optimal if we are just maintaining the database.
Now let’s discuss how routers interact with the DR and BDR. Routers can only exchange LSAs if they are in the full state, and on a multiaccess network, routers only go into the full state with the DR and BDR. When a router needs to send an LSU to the DR and BDR, it does so by sending to the multicast address of 18.104.22.168. The DR then floods the LSA out to all routers by sending to the multicast address of 22.214.171.124.
On networks without a DR and BDR the LSUs just go to the all OSPF routers multicast address of 126.96.36.199.
On a multiaccess network a router can be one of 3 things: a DR, BDR, or DRother.
Also, on a multiaccess network like Ethernet, OSPF routers can either be neighbors, or adjacent. We are neighbors with DRothers, but are adjacent with the DR and BDR.
With neighbors we see their hellos and we acknowledge eachother via putting their router id in our hellos
With adjacent neighbors we have fully exchanged LSDBs.
Highest priority wins the DR/BDR election, a priority of 0 means it will not be considered in the election. The same election then happens for the BDR. If the priorities match, then the highest router-id wins, and this will never match. If a new router comes on the LAN with a better priority, it cannot take over, a failure must happen and then the BDR will move to be DR, and a BDR spot will open up.
If routers disagree on who the DR and BDR is, then a DR and BDR election happens (think of a spanning-tree event causing isolation for a set period).
So how do we manually configure priority for a router?
int g0/1 ip ospf priority x
Note changing the priority does not cause a re-election.
This table should be memorized:
Interface type | use DR/BDR? | default hello | requires neighbor command? | more than 2 hosts allowed ?
broadcast, yes, 10, no, yes
point to point, no, 10, no, no
non-broadcast, yes, 30, yes, yes
point to multipoint, no, 30, no, yes
point to multipoint non broadcast, no, 30, yes, yes
loopback, no, none,none, no
To change the OSPF network type on a link use the command:
int g0/1 ip ospf network
RFC 2328 (OSPFv2)
RFC 5340 (OSPFv3 (for IPv6))
What is the purpose of the following configuration?
A neighbor priority is NOT the same thing as OSPF priority. A neighbor priority indicates who will be contacted FIRST by our OSPF process. It is a way for us to show preference to neighbors. If there are multiple neighbor commands, and at least 1 has priority specified, the neighbor with priority will be contacted first, and will get to do the DR/BDR election first.
What are the 2 steady state operations for maintaining OSPF?
1. Routers send hellos at their configured interval
2. Routers reflood their LSAs every 30 mins (LS refresh interval) and increase their sequence number by 1
All areas must connect back to area 0.
What is another name for area 0 ? The backbone area.
A router that links to different areas is called an Area Border Router (ABR), it must have one link to area 0.
A router that injects or redistributes routers is known as an autonomous system boundary router (ASBR).
An ABR keeps a separate link state database PER area.
An ABR will run a separate SPF calculation per LSDB.
What 4 benefits do OSPF areas provide?
1. Smaller LSDB, thus less memory utilization on normal routers
2. Faster SPF computation on normal routers
3. Isolating link failures to an area restricts SPF calculations to that area
4. Having areas allows for summarization at ABR and ASBRs
To view statistics on how many times the SOPF algorithm was run in an area use the following command:
show ip ospf statistics
To notify of a network down event two things are possible:
1. For Type 1 The LSA is reoriginated with the network removed and sequence incremented
2. For Type 2 the LSA is reflooded with an age of 3600 without incrementing the sequence
Areas in OSPF add hierarchy and scalability.
An area is also a flooding domain.
All devices in the area have the same LSDB and agree on the topology.
Changes inside an area require LSA flooding and a FULL SPF
Interarea routing is similar to distance vector routing (due to not knowing the full topology behind the ABR)
Changes outside the area don’t always require LSA flooding
OSPF is a two level hierarchy:
area 0 is 0.0.0.0
Traffic from one area to another area must go through area 0
must connect to all areas
Non backbone are:
all other areas numbers
must connect to area 0
have at least one link in area 0
have all links on one non backbone area
Area Border Router (ABR)
has links in both area 0 and non-backbone area
Must run SPF for every area it is a part of
used to summarize information between area 0 and others via type 3 LSA
Autonomous system boundary router (ASBR)
At least one link in OSPF domain
Used to redistribute info from one routing domain into OSPF
The routing bit is a custom Cisco implementation which let’s us know if the LSA will be used in the SPF calculation.
routing bit with router LSAs
On newer platforms we see this
sh ip ospf data router 188.8.131.52 internal
Pay attention to the “in topology base with MTID” this means the LSA is good and installed in the RIB.
This is in contrast to having the routing bit NOT set, meaning the router is not reachable.
The routing bit is a locally significant feature and is not actually sent with the LSA.
Thus just seeing an LSA in the LSDB does not guarantee that the prefixes are reachable.
Routing bit for summary LSAs
Here we see a good summary LSA which says “in topology base” meaning it passes all of the LSA checks.
sh ip ospf data summary 192.168.4.0 internal
If the summary LSA is bad, we see the “in topology base” gone and we see a max distance set and also a max age set meaning it will be removed)
How do we determine our neighbors OSPF priority?
show ip ospf neighbor
How do we determine our OSPF priority on g1?
show ip ospf int g1
Getting more detailed adjacency information:
Sometimes it can be scary to run a debug on a production device because we may kill the CPU due to too many messages and lock ourselves out. OSPF provides a means to increase the logging for the neighbor/adjacency state machine so we can better troubleshoot it.
en conf t router ospf 1 log-adjacency-changes detail
Now if we clear the OSPF process we can see a more detailed output in the log messages.
How can we force OSPF to re-run SPF?
clear ip ospf force-spf
note that in the above example I have “debug IP ospf monitor” on.
articles to read:
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13683-11.html (mutiple ospf routers 2way/drother)
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13699-29.html#anc10 (OSPF problems explained)
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/7039-1.html#t34a (OSPF design)
https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/16437-ospfdbtoc.html (OSPF database explanation)
Book to read: