Open Shortest Path First (OSPF) protocol is a link state routing protocol. OSPF will re-send routes every 30 minutes. OSPF routers have complete visibility. They know the exact topology of the entire network. OSFP uses the same three stages as all other routing protocols: establishes relationship with its neighbors, exchanges topology information known as link state databases (LSDB) consisted of Link State Advertisements (LSAs) and computes the routes for inclusion into the routing table.
OSPF uses IP protocol 89 and multicast address 224.0.0.5 on broadcast type network. OSPF has a hierarchical design by utilizing areas with area 0 being a backbone and every other area has to be connected to it to prevent routing loops. If no direct connection to area 0 is possible, then virtual links must be used. An OSPF router can be in multiple areas. Such router is called Area Border Router (ABR). A detailed topology information is not exchanged between different areas, only subnets are advertised. ABRs connect a non-backbone area to a backbone. All routers within one area must have exactly the same LSBD. Once the LSDB is populated, OSPF runs Shortest Path First (SPF) algorithm to determine the best path to all destinations. Each router considers itself at the top of the tree and draws branches towards each of the destinations via the shortest path (cost). The cost is derived from interface bandwidth and can be viewed by:
The best way to change the cost is to set it directly with:
config-if# ip ospf cost <value>
Priority for the best route selection is given to intra-area routes first, then to inter-area and last to external.
The configuration commands for Cisco IOS:
config# router ospf <process-id> config# area <area-number> authentication [message-digest] config-router# network <network-addr> <wildcard-mask> area <area-number>or config-if# ip ospf area <area-number> authentication [message-digest] [config-if# ip ospf authentication-key <key-value>] <– when message-digest above is not present [config-if# ip ospf message-digest-key <key-number> md5 <key-value>] <– when message-digest is present config-if# ip ospf area <area-number>
<process-id> is only for the local router, it does not have to be the same on other routers. If “message-digest” (MD5) is not present, then authentication will be in clear text. “network” command advertise a particular subnet and also enables OSPF on the non-passive interface attached to that subnet. Router Id is selected the same way as for other protocols: if it is not explicitly set, then it tries to find the up and running loopback interface with the highest IP. If no such interface exists, then it will use the highest IP of a non-loopback interface.
Network type affects the operation of OSPF router. On LAN the default is broadcast but can be changed to point-to-multipoint and point-to-multipoint non-broadcast.
config-if# ip ospf network point-to-multipoint non-broadcast
In the last case the neighbors will not be discovered dynamically and must be configured with the “neighbor” command. Cost to reach each neighbor can be changed per neighbor using the same outgoing interface. All “point-” type networks do not use DR and BDR. Only network types broadcast and p2p use fast timers by default (10/40).
In Hello messages the following parameters must match: Hello and Dead intervals, area number, subnet mask, stub area flag, authentication. Other parameters may be present but does not have to match: router id, list of neighbors reachable on the interface, router priority, designated router (DR) IP address, backup DR (BDR) IP address. Router Ids must be unique. MTU must be the same as well - watch for “too many re-transmissions” errors.
On LAN the default value for Hello interval is 10 sec and 40 sec for the Deal interval. If the Hello interval is changed, Dead interval will be changed automatically (4 x Hello interval). The same is true for the dead interval. Use the following commands to change them:
config-if# ip ospf hello-interval <value> config-if# ip ospf dead-interval <value> # show ip ospf interface <interface #>
The dead interval can be made 1 sec and the hello interval may be set to sub-seconds. The default multiplier 4 can also be changed:
config-if# ip ospf dead-interval minimal hello-multiplier <multiplier>
Each router floods its own LSA through its area. To see them, look at “Router Link States (Area X) in the output for:
Link State Identifier (LSID) == Router-Id. This type LSA includes information about its interfaces:
This type is generated and required for multi-access networks such as LANs. It depends on the existence of DR. DR is used for two purposes: to flood Network LSAs and to help with database exchange: DD messages are only sent to DR using multicast address 224.0.0.6, in turn DR sends its DD messages to 224.0.0.5. DR and BDR are elected based on the RID and its priority that are sent in Hello message. OSPF uses the highest priority first (default is 1, max is 255) and if tie, then RID. To change the priority use:
config-if# ip ospf priority <value>
This type also lists neighbor RID connected to that multi-access network. This LSAs are shown under “Net Link State (Area X)”.
Type 1 and 2 are not advertised between areas. Type 3 is generated by ABR for each subnet in one area and advertised into another area. It only has the subnet and the cost. These LSAs are listed under “Summary Net Link States (Area X)”.
When a router whats to flush the LSA from LSDB, it sets its age to MaxAge (3,600 sec) and re-floods it.
Number of LSAs that a router learns is not limited by default but can be with the following command:
config-router# max-lsa <number>
When this number is reached, then after a few warning messages the router terminates all its relationships.
OSPF has 8 neighbor states: Down, Attempt, Init, 2-Way, !ExStart, Exchange, Loading, Full
Only possible between areas because inside an area all LSAs in LSDB must be the same. ABR filter type 3 LSAs with the command:
config# ip prefix-list <name> seq <seq-number> deny <subnet>/<length> le <bits> config# ip preifx-list <name> seq <seq-number+> permit 0.0.0.0/0 le 32 config-router# area <area-number> filter-list prefix <name> in|out
Another way is to use range keyword:
config-router# area <area-number> range <subnet> <mask> not-advertise
Without “not-advertise” the command will summarise the routes.
ASBR filters type 5 LSAs.
To filter routes between the LSDB and the routing table use:
config# access-list <number> deny <subnet> <wildcard> config# access-list <number> permit any config-router# distribute-list prefix <number> in [<interface #>]
Be careful - this may create black holes!
Summarization is allowed only on ABRs abd ASBRs for the same reason as filtering.
config-router# area <area-number> range <subnet> <mask> [cost <cost>]
<area-number> refers to the area where these subnets exists and the summary LSA will be advertised to all other areas. Subordinate subnets are not advertised. By default, the best metric is assign to summary LSA.
ASBR creates Type 5 External LSA for each redistributed subnet. To configure summarization:
config-router# summary-address <subnet> <mask>
The explicit metric is not allowed. Subordinate subnets are not advertised.
There are two ways to do that:
config-router# default-information originate [always] [metric <cost>] [metric-type <type>] [route-map <map>]
With all default parameters, this command injects default route as external Type 2 route using Type 5 LSA with metric 20 but only if the default route exists in the routing table.
The metric-type keyword allows to choose the Type 1 or Type 2 LSA. When to advertise or when to withdraw the default route is decided based on matching the referenced route-map with permit action.
ABR creates a default Type 3 LSA and floods it into the stub area. Default metric is 1 but can be changed with:
config-router# area <area-number> default-cost <cost>
Type 5 LSAs are not allowed in stub areas. All routers in stub area must be configured to be stubby.
There are four stub areas:
config-router# area <area-number> stub
config-router# area <area-number> stub no-summary
“no-summary” keywords is only required on ABRs.
Routers in this areas can not do redistribution. To solve the problem, Type 7 LSA was introduced.
If direct connection to backbone area is not possible, then the virtual links must be configured between ABRs:
config-router# area <area-number> virtual-link <remote-RID> config-router# area <area-number> virtual-link <remote-RID> authentication message-digest message-digest-key <key-number> md5 <key-value>
<area-number> refers to the transit area. To find the <remote-RID> use:
Hellos are not exchanged on virtual links.