OSPF Concepts for Network+

OSPF (Open Shortest Path First) is a link-state routing protocol defined in RFC 2328. Unlike distance-vector protocols that send entire routing tables to neighbors periodically, OSPF sends only link-state advertisements (LSAs) describing directly connected links. Each router builds an identical link-state database (LSDB) and independently computes the shortest path to every destination using Dijkstra's Shortest Path First (SPF) algorithm. This eliminates routing loops and provides fast convergence (typically under 10 seconds in a well-designed network). OSPF uses a metric called cost, which is inversely proportional to bandwidth: cost = reference bandwidth / interface bandwidth. The default reference bandwidth is 100 Mbps, so a FastEthernet interface (100 Mbps) has cost 1, a GigabitEthernet interface (1000 Mbps) also has cost 1 unless the reference is adjusted. OSPF supports VLSM and CIDR, authenticates routing updates, and scales to large networks through hierarchical areas.

OSPF uses five packet types encapsulated directly in IP (protocol 89): - Hello (Type 1): Discovers neighbors and maintains adjacency. Sent every 10 seconds on broadcast links (default Hello interval). Contains Router ID, Area ID, authentication data, and list of neighbors seen. - Database Description (DBD) (Type 2): Summarizes LSDB during adjacency formation. Routers exchange DBDs to compare databases. - Link-State Request (LSR) (Type 3): Requests specific LSAs from a neighbor. - Link-State Update (LSU) (Type 4): Carries one or more LSAs in response to LSRs or when a change occurs. - Link-State Acknowledgment (LSAck) (Type 5): Acknowledges receipt of LSUs.

OSPF routers progress through eight neighbor states: 1. Down: No Hello packets received. 2. Attempt (NBMA only): Router sends Hello to a neighbor known via configuration. 3. Init: Hello received but the router's own Router ID is not in the Hello's neighbor list. 4. 2-Way: Hello received with own Router ID in neighbor list. On broadcast networks, DR/BDR election occurs at this state. 5. ExStart: Master/slave election using DBD packets with sequence numbers. 6. Exchange: DBD packets exchanged to describe LSDB. 7. Loading: LSRs and LSUs exchanged to get full LSDB. 8. Full: Routers are fully adjacent and have identical LSDBs.

On multiaccess broadcast networks (e.g., Ethernet), OSPF elects a Designated Router (DR) and Backup Designated Router (BDR) to reduce LSA flooding. The DR is the router with the highest OSPF priority (default 1) or highest Router ID if priorities tie. The BDR is the second highest. All other routers (DROthers) form full adjacencies only with the DR and BDR, not with each other. DROthers remain in 2-Way state with each other. If the DR fails, the BDR takes over, and a new BDR is elected. Router ID is the highest loopback IP or highest active interface IP; it can be manually set with the router-id command.

OSPF uses areas to segment the network and reduce LSDB size. All areas must connect to Area 0 (backbone). Common LSA types: - Type 1 (Router LSA): Describes a router's directly connected links within its area. Flooded within the area only. - Type 2 (Network LSA): Generated by the DR on a broadcast segment, listing all routers attached. Flooded within the area. - Type 3 (Summary LSA): Generated by Area Border Routers (ABRs) to advertise routes between areas. (Note: Type 3 is a summary, not a default route.) - Type 4 (ASBR Summary LSA): Generated by ABRs to advertise the location of an ASBR. - Type 5 (External LSA): Generated by Autonomous System Boundary Routers (ASBRs) to advertise external routes (redistributed from another protocol). Flooded throughout the AS. - Type 7 (NSSA External LSA): Used in Not-So-Stubby Areas (NSSA) to carry external routes.

The OSPF cost of an interface is calculated as: cost = reference-bandwidth / interface-bandwidth. Default reference bandwidth is 100 Mbps. For example: - 10 Mbps Ethernet: cost = 100/10 = 10 - 100 Mbps FastEthernet: cost = 100/100 = 1 - 1000 Mbps GigabitEthernet: cost = 100/1000 = 0.1 → truncated to 1 (cost must be integer 1-65535) - 1544 kbps T1: cost = 100,000 / 1544 ≈ 64 To adjust for higher-speed links, use auto-cost reference-bandwidth <Mbps> (e.g., 10000 for 10 Gbps). The path cost is the sum of all outgoing interface costs along the route.

Basic OSPF configuration on a Cisco router:

router ospf 1
 network 10.0.0.0 0.255.255.255 area 0
 network 192.168.1.0 0.0.0.255 area 0

To set the Router ID manually:

router ospf 1
 router-id 1.1.1.1

To verify OSPF:

show ip ospf neighbor
show ip ospf database
show ip route ospf
show ip ospf interface

OSPF supports plaintext (Type 1) and MD5 (Type 2) authentication. Configured per interface or per area:

interface GigabitEthernet0/0
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 mykey

When a link changes state, the detecting router floods a new LSA to all neighbors. Each router runs SPF to recalculate routes. Convergence time depends on:

The CompTIA Network+ exam expects you to know:

show ip ospf neighbor
show ip ospf interface
show ip ospf database
show ip route ospf
debug ip ospf events
debug ip ospf packet

OSPF always chooses the path with the lowest total cost. If multiple equal-cost paths exist, OSPF will load-balance (up to 4 by default, configurable up to 32). OSPF does not support unequal-cost load balancing (unlike EIGRP).

Enterprise Campus Network

A large university with 500 routers across multiple buildings uses OSPF with a two-tier area design. The core backbone is Area 0, connecting three distribution routers in the data center. Each building is a separate standard area (e.g., Area 10 for Engineering, Area 20 for Business). ABRs in each building summarize routes to Area 0, reducing LSDB size and SPF calculation time. The network uses Gigabit Ethernet links with adjusted reference bandwidth (auto-cost reference-bandwidth 10000) so that 10 Gbps links have cost 1. OSPF authentication (MD5) is configured to prevent unauthorized routers from injecting false LSAs. Convergence time after a link failure is under 2 seconds because of fast Hello timers (1 second) and BFD integration. Common issues include misconfigured area IDs (a router in the wrong area fails to form adjacencies) and mismatched Hello/Dead timers causing neighbor flapping.

Service Provider MPLS Network

A regional ISP uses OSPF as the IGP within its MPLS core. The network has 2000 routers divided into multiple areas, with Area 0 as the backbone. OSPF runs on loopback interfaces (advertised as /32) to establish iBGP sessions for MPLS LDP. The ISP uses NSSA areas for customer edge routers that redistribute static routes or BGP into OSPF. The NSSA translates Type 7 LSAs into Type 5 at the ABR. To improve scalability, the ISP uses route summarization at ABRs and filters Type 3 LSAs using area filters. A frequent problem is when an ASBR redistributes a large number of external routes, causing LSDB size to grow and SPF calculation times to spike. Mitigation includes using stub areas for customer sites and limiting redistribution with route maps.

Data Center Leaf-Spine Fabric

A modern data center uses OSPF in a leaf-spine topology with 100 leaf switches and 8 spine switches. Each leaf is configured as an OSPF router in Area 0. The spine switches act as route reflectors but do not participate in OSPF; instead, they use BGP for underlay routing. However, some legacy designs still use OSPF between leaf and spine. In this case, the network uses point-to-point OSPF network type on all inter-switch links to avoid DR/BDR election and speed up convergence. The OSPF cost is set manually to equalize paths across spines (e.g., cost 10 on all uplinks). Misconfiguration often occurs when the OSPF network type is left as broadcast on point-to-point links, causing unnecessary DR election and delayed convergence.