OSPF (Open Shortest Path First) is the most widely deployed interior gateway protocol in enterprise networks. For the CCNA 200-301 exam, understanding OSPF fundamentals is critical because it appears in multiple exam objectives, including 3.4 (Configure and verify single-area OSPFv2). Beyond the exam, OSPF is a must-know for any network engineer troubleshooting or designing scalable IP networks. This chapter gives you the deep, exam-focused understanding of OSPF operation, configuration, and verification.
Jump to a section
Imagine a national postal service that needs to deliver mail between hundreds of cities. Each post office (router) knows its direct neighbors (directly connected links). To deliver a letter from New York to Los Angeles, the postal service must find the shortest path across the country. OSPF works like a team of postal planners who share maps of their local regions. Each planner sends out a 'link state advertisement' (LSA) describing which cities it connects to and the distance (cost) of each road. Every planner collects all LSAs from every other planner in the country (area), building a complete map of the entire network. This map is called the link-state database (LSDB). Now, each planner independently runs Dijkstra's algorithm on the complete map to compute the shortest path to every destination. The result is a routing table (forwarding database). Unlike distance vector protocols (like RIP) that only know the next hop and distance, OSPF's link-state approach means every router has a full picture and can instantly compute alternative paths if a road is closed. The postal planners also use a 'hello' system to check if neighbors are still alive; if a planner stops responding, all others recalculate paths. This makes OSPF fast to converge and loop-free by design. The analogy breaks down slightly because OSPF uses cost (inverse bandwidth) not distance, and it elects a designated planner (DR) on multi-access networks to reduce chatter, but the core idea of sharing complete maps and computing shortest paths is exactly how OSPF works.
What is OSPF and Why Does It Exist?
OSPF (Open Shortest Path First) is a link-state routing protocol defined in RFC 2328 (OSPFv2 for IPv4). It is an interior gateway protocol (IGP) used within a single autonomous system (AS). OSPF was designed to overcome the limitations of distance vector protocols like RIP: slow convergence, routing loops, and limited scalability. By using a link-state approach, OSPF provides fast convergence, loop-free routing, and support for large networks through hierarchical design (areas).
How OSPF Works: The Big Picture
OSPF routers exchange information about the state of their directly connected links (interfaces). Each router floods this information (in the form of LSAs) to all other routers in the same OSPF area. Every router builds an identical link-state database (LSDB) containing all LSAs. Each router then independently runs the Shortest Path First (SPF) algorithm (Dijkstra's algorithm) on the LSDB to compute the shortest path tree to every known destination. The result is the IP routing table.
OSPF Packet Types
OSPF uses five packet types, all encapsulated directly in IP (protocol 89): - Hello (Type 1): Used to discover neighbors, establish adjacencies, and maintain neighbor relationships. Sent periodically on each OSPF-enabled interface. - Database Description (DBD) (Type 2): Used during adjacency formation to exchange summaries of LSDBs. - Link-State Request (LSR) (Type 3): Requests specific LSAs from a neighbor. - Link-State Update (LSU) (Type 4): Sends requested LSAs. Also used for flooding LSAs. - Link-State Acknowledgment (LSAck) (Type 5): Acknowledges receipt of LSUs.
OSPF Neighbor States
OSPF neighbor relationships go through several states: 1. Down: No Hello packets received. 2. Init: Hello packet received from neighbor, but the router's own Router ID is not in the Hello's neighbor list. 3. 2-Way: Hello received and the router's Router ID appears in the neighbor list. On multi-access networks, this is the state where the Designated Router (DR) and Backup Designated Router (BDR) election occurs. 4. ExStart: Routers negotiate the master/slave relationship and initial DBD sequence numbers. 5. Exchange: DBD packets are exchanged to describe the LSDB. 6. Loading: LSRs and LSUs are exchanged to get the full LSDB. 7. Full: Routers have identical LSDBs and adjacency is complete. Only Full adjacencies are used for forwarding traffic.
OSPF Timers and Defaults
Hello Interval: Default 10 seconds on broadcast and point-to-point networks; 30 seconds on NBMA (e.g., Frame Relay).
Dead Interval: Default 4 times the Hello interval (40 seconds for broadcast, 120 seconds for NBMA). If no Hello is received within the Dead interval, the neighbor is declared dead.
Wait Timer: Used on broadcast networks; equals the Dead interval. During this time, the router waits for a DR/BDR election.
Retransmit Interval: Default 5 seconds. Time between retransmission of unacknowledged LSAs.
Transmit Delay: Default 1 second. Estimated time to transmit an LSA on the link.
SPF Hold Time: Default 10 seconds. Minimum time between SPF calculations.
SPF Delay: Default 5 seconds. Time to wait before starting SPF after receiving a change.
Reference Bandwidth: Default 100 Mbps. Used to calculate cost: cost = reference bandwidth / interface bandwidth.
OSPF Metric (Cost)
OSPF uses cost as its metric. The cost of an interface is calculated as: cost = reference bandwidth / interface bandwidth. The default reference bandwidth is 100 Mbps. For Fast Ethernet (100 Mbps), cost = 1; for Gigabit Ethernet (1000 Mbps), cost = 1 (since 100/1000 = 0.1, rounded up to 1). This can lead to suboptimal routing with high-speed links. To fix this, use auto-cost reference-bandwidth command to set a higher reference (e.g., 10000 for 10 Gbps). The cost of a route is the sum of costs of all outgoing interfaces along the path.
OSPF Router ID
Each OSPF router needs a unique Router ID (RID) – a 32-bit number written in dotted-decimal like an IP address. The RID is chosen in the following order:
1. Explicitly configured using router-id command.
2. Highest loopback interface IP address.
3. Highest active physical interface IP address.
The RID is crucial for OSPF operation; if not unique, adjacencies may fail.
OSPF Network Types
OSPF defines several network types that affect how adjacencies are formed: - Broadcast: Default on Ethernet. Uses DR/BDR election. Hello sent to 224.0.0.5 (AllSPFRouters). - Point-to-Point: Default on serial links with HDLC or PPP encapsulation. No DR/BDR election. Hello sent to 224.0.0.5. - Non-Broadcast (NBMA): Default on Frame Relay. Requires manual neighbor configuration. Uses DR/BDR. - Point-to-Multipoint: Used for hub-and-spoke networks. No DR/BDR.
OSPF Areas
OSPF supports hierarchical routing using areas. An area is a logical grouping of routers that share the same LSDB. Area 0 (backbone area) is mandatory; all other areas must connect to area 0. Within an area, routers know all routes; between areas, only summary routes are exchanged (via ABRs). This reduces LSDB size and SPF calculation overhead. For CCNA, you only need single-area OSPF (all routers in area 0).
IOS CLI Verification Commands
To verify OSPF operation on a Cisco router:
show ip ospf neighbor
show ip ospf interface
show ip ospf database
show ip route ospf
show ip protocolsExample output for show ip ospf neighbor:
Neighbor ID Pri State Dead Time Address Interface
10.1.1.1 1 FULL/DR 00:00:38 192.168.1.1 GigabitEthernet0/0
10.2.2.2 1 FULL/BDR 00:00:35 192.168.1.2 GigabitEthernet0/0This shows two neighbors: Router ID 10.1.1.1 is the DR, 10.2.2.2 is the BDR. The state is FULL, meaning adjacency is complete.
Interaction with Related Protocols
OSPF interacts with ARP (for next-hop MAC resolution on multi-access networks), IP (packets are sent to multicast addresses 224.0.0.5 and 224.0.0.6), and the routing table (OSPF routes are installed with administrative distance 110). OSPF can also redistribute routes from other protocols (e.g., EIGRP, static) but that is beyond CCNA scope.
Enable OSPF on the router
Enter global configuration mode and start the OSPF process. The process ID is locally significant (not required to match neighbors). Use `router ospf process-id`. Example: `router ospf 1`. This enters router configuration mode for OSPF.
Configure Router ID
Set a unique Router ID using `router-id A.B.C.D`. It's best practice to use a loopback interface IP for stability. Example: `router-id 1.1.1.1`. If not configured, the router picks the highest loopback or physical interface IP. The router ID must be unique across the OSPF domain.
Advertise networks with network command
Use `network network-address wildcard-mask area area-id` to enable OSPF on interfaces. Example: `network 10.0.0.0 0.255.255.255 area 0`. The wildcard mask is the inverse of subnet mask. The area must be 0 for single-area OSPF. This command tells OSPF to include all interfaces that match the network/wildcard pair.
Verify OSPF neighbors
Use `show ip ospf neighbor` to check adjacency status. Look for FULL state. If neighbors are stuck in 2-WAY or EXSTART/EXCHANGE, troubleshoot mismatched parameters (Hello/Dead timers, area ID, network type, authentication). Example output shows neighbor ID, interface, and state.
Verify OSPF routes in routing table
Use `show ip route ospf` to see OSPF-learned routes. OSPF routes are denoted by 'O' (intra-area) or 'O IA' (inter-area). Example: `O 10.1.1.0/24 [110/2] via 192.168.1.1, 00:01:23, GigabitEthernet0/0`. The [110/2] is administrative distance (110) and metric (cost).
Troubleshoot OSPF with debug commands
If adjacencies don't form, use `debug ip ospf adj` to see neighbor state changes. For packet-level issues, use `debug ip ospf packet`. Remember that debug can be CPU-intensive. Always use `undebug all` or `no debug all` when done. For exam, know that mismatched Hello/Dead timers or area IDs cause neighbors to stay in INIT or 2-WAY.
In a typical enterprise network, OSPF is deployed to provide fast convergence and loop-free routing. For example, a company with multiple campus sites connected via WAN links would run OSPF across all routers. Each site might be a different area, but for CCNA-level single-area, all routers are in area 0.
Scenario 1: Redundant WAN links. A company has two routers at headquarters and two at a branch, connected by two serial links. OSPF will load-balance across equal-cost paths (if costs are equal). If one link fails, OSPF converges in seconds as the dead timer expires and SPF recalculates. The network engineer would configure OSPF with auto-cost reference-bandwidth 1000 to account for Gigabit links, and set ip ospf cost manually on slower links to influence path selection.
Scenario 2: Multi-access LAN. In a large office with many routers on the same Ethernet segment (e.g., core switches running routing), OSPF elects a DR and BDR to reduce LSAs. The engineer must ensure the DR is the most powerful router (by setting higher priority with ip ospf priority). If DR fails, BDR takes over, and a new BDR is elected. Without DR/BDR, every router would form full mesh adjacencies, causing excessive overhead.
Common misconfigurations: Forgetting to set the network command correctly (wildcard mask wrong), mismatched Hello/Dead timers (one router set to 5/20, another to 10/40), or mismatched area IDs. These cause neighbors to not form FULL adjacency. Also, forgetting to enable OSPF on an interface (e.g., passive interface default) can cause no neighbors. In production, engineers use passive-interface default and then no passive-interface on specific interfaces to advertise only needed networks.
Exam objective 3.4: Configure and verify single-area OSPFv2. The exam tests both configuration and verification. You must know:
The network command syntax: network ip-address wildcard-mask area area-id. The wildcard mask is the inverse of the subnet mask. Common trap: candidates use subnet mask instead of wildcard mask.
OSPF neighbor states: Focus on FULL and 2-WAY. 2-WAY is normal on multi-access networks for non-DR/BDR routers; FULL is required for exchanging routes. A common wrong answer is that 2-WAY is a problem – it's not.
OSPF metric: cost = reference bandwidth / interface bandwidth. Default reference bandwidth is 100 Mbps. For Gigabit Ethernet, cost = 1. Trap: candidates think cost increases with bandwidth, but it decreases.
Router ID selection: highest loopback IP, then highest physical IP. Trap: candidates think the first configured interface IP is used.
DR/BDR election: highest priority (default 1) wins; tie-breaker is highest Router ID. Trap: candidates think the highest IP address on the segment wins.
Hello and Dead timers: default 10/40 on broadcast. Must match between neighbors. Trap: candidates think only Hello must match.
Verification commands: show ip ospf neighbor (look for FULL), show ip ospf interface (see timers, cost, state), show ip route ospf (see O routes).
Decision rule for scenario questions: If a router is not learning routes, check neighbor state first. If neighbor state is not FULL, check mismatched parameters. If neighbor state is FULL but no routes, check network commands or passive interfaces.
OSPF is a link-state protocol that uses cost as metric: cost = reference bandwidth (default 100 Mbps) / interface bandwidth.
OSPF neighbor states: Down, Init, 2-Way, ExStart, Exchange, Loading, Full. Only Full adjacencies exchange routes.
Default Hello interval is 10 seconds on broadcast/point-to-point; Dead interval is 40 seconds (4x Hello).
Router ID is chosen in order: configured router-id, highest loopback IP, highest physical interface IP.
DR/BDR election: highest priority (1-255, default 1) wins; tie-breaker highest Router ID. Preempt does not occur.
Use `network ip-address wildcard-mask area area-id` to enable OSPF on interfaces. Wildcard mask is inverse of subnet mask.
Verification commands: show ip ospf neighbor, show ip ospf interface, show ip route ospf, show ip protocols.
These come up on the exam all the time. Here's how to tell them apart.
OSPF
Link-state protocol; each router has complete network map
Metric: cost (bandwidth-based)
Fast convergence (seconds)
No hop count limit
Supports VLSM and CIDR natively
RIP
Distance vector protocol; routers know only next hop
Metric: hop count
Slow convergence (up to 180 seconds)
Maximum 15 hops
RIPv2 supports VLSM; RIPv1 is classful
Mistake
OSPF uses hop count as metric like RIP.
Correct
OSPF uses cost, calculated as reference bandwidth / interface bandwidth. The default reference bandwidth is 100 Mbps, so a 100 Mbps link has cost 1, a 10 Mbps link has cost 10.
Candidates new to OSPF often assume all routing protocols use hop count because RIP is commonly taught first.
Mistake
The network command requires the subnet mask of the interface.
Correct
The network command uses a wildcard mask, which is the inverse of the subnet mask. For example, for 192.168.1.0/24, the wildcard mask is 0.0.0.255.
Candidates are used to subnet masks from IP addressing and forget that OSPF uses wildcard masks.
Mistake
If a router's OSPF neighbor is in 2-Way state, there is a problem.
Correct
On multi-access networks (Ethernet), non-DR/BDR routers remain in 2-Way state with each other. Only the DR and BDR form Full adjacency with all routers. 2-Way is normal and does not indicate a problem.
Candidates see '2-Way' and assume it's incomplete, but it's a valid state for some neighbor relationships.
Mistake
OSPF routes have an administrative distance of 120.
Correct
OSPF has an administrative distance of 110. EIGRP internal is 90, RIP is 120, IS-IS is 115.
Candidates often mix up administrative distance values, especially between OSPF (110) and RIP (120).
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
OSPFv2 is for IPv4, while OSPFv3 is for IPv6. They are separate processes. OSPFv3 uses link-local addresses for neighbor communications and runs per-link rather than per-subnet. For CCNA, you only need OSPFv2. Exam tip: If a question mentions IPv6 OSPF, it's OSPFv3.
This usually indicates a mismatch in the interface MTU size. OSPF DBD packets are limited to the interface MTU; if one router has a smaller MTU, the DBD packet may be dropped. Check with `show ip ospf interface` and ensure MTU matches. Another cause is mismatched OSPF network type (e.g., one side broadcast, other point-to-point). Exam tip: Always check MTU first when stuck in ExStart.
On multi-access networks (Ethernet), the DR reduces the number of adjacencies and LSA flooding. Without a DR, every router would form a full mesh of adjacencies (n*(n-1)/2). With a DR, each router forms a Full adjacency only with the DR and BDR; non-DR routers stay in 2-Way with each other. The DR is responsible for flooding LSAs to all routers. Exam tip: DR election is non-preemptive; the DR stays until failure.
OSPF cost is the sum of the costs of all outgoing interfaces along the path. The interface cost is calculated as reference bandwidth / interface bandwidth. Default reference is 100 Mbps. For example, a 10 Mbps link has cost 10, a 100 Mbps link cost 1. You can manually set cost with `ip ospf cost` command. Exam tip: If a question gives bandwidths, calculate cost correctly; beware of rounding.
It shows the neighbor Router ID, priority, state (e.g., FULL/DR), dead timer, IP address, and interface. The state indicates the adjacency status. Full means complete; 2-Way is normal for non-DR neighbors. If the state is INIT, the router has received a Hello but the neighbor does not see its own RID in the Hello. Exam tip: Use this command as the first troubleshooting step.
Yes, OSPF supports equal-cost multipath (ECMP). By default, Cisco IOS supports up to 4 equal-cost paths (configurable with `maximum-paths`). Load-balancing is per-destination or per-packet depending on switching mode. Exam tip: If you see multiple routes with same metric, OSPF will load-balance.
OSPF has an AD of 110. When a router learns a route via multiple routing protocols, it prefers the one with lowest AD. For example, if OSPF learns 10.1.1.0/24 and EIGRP (AD 90) also learns it, EIGRP is preferred. If only OSPF learns it, it is installed. Exam tip: Know AD values: connected 0, static 1, EIGRP 90, OSPF 110, RIP 120.
You've just covered OSPF Fundamentals — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?