Link-State Routing Protocol

  • Respond quickly to network changes.
  • Send triggered updates when a network change occurs.
  • Send periodic updates, known as link-state refresh, at long time intervals, such as every 30 minutes.

    When a link changes state, the device that detected the change creates a link-state advertisement (LSA).

    Link-state database (LSDB) is used to calculate the best paths through the network.

    Each router independently calculates its best paths to all destinations in the network, using Dijkstra’s (SPF) algorithm. For all the routers in the network to make consistent routing decisions, each link-state router must keep a record of the following information:

  • Its immediate neighbor routers - If the router loses contact with a neighbor router, within a few seconds it invalidates all paths through that router and recalculates its paths through the network. For OSPF, adjacency information about neighbors is stored in the OSPF neighbor table, also known as an adjacency database.
  • All the other routers in the network, or in its area of the network, and their attached networks - The router recognizes other routers and networks through LSAs, which are flooded through the network. LSAs are stored in a topology table or database (which is also called an LSDB).
  • The best paths to each destination - Each router independently calculates the best paths to each destination in the network using Dijkstra’s (SPF) algorithm. All paths are kept in the LSDB. The best paths are then offered to the routing table (also calledthe forwarding database). Packets arriving at the router are forwarded based on the information held in the routing table.

    If an area becomes too big, the following issues need to be addressed:

  • Frequent SPF algorithm calculations - In a large network, changes are inevitable, so the routers spend many CPU cycles recalculating the SPF algorithm and updating the routing table.
  • Large routing table - OSPF does not perform route summarization by default. If the routes are not summarized, the routing table can become very large, depending on the size of the network.
  • Large LSDB - Because the LSDB covers the topology of the entire network, each router must maintain an entry for every network in the area, even if not every route is selected for the routing table.

    The Solution:

  • Reduced frequency of SPF calculations - Because detailed route information exists within each area, it is not necessary to flood all link-state changes to all other areas. Therefore, only routers that are affected by the change need to recalculate the SPF algorithm and the impact of the change is localized within the area.
  • Smaller routing tables - With multiple areas, detailed route entries for specific networks within an area can remain in the area. Instead of advertising these explicit routes outside the area, routers can be configured to summarize the routes into one or more summary addresses. Advertising these summaries reduces the number of LSAs propagated between areas but keeps all networks reachable.
  • Reduced LSU overhead - LSUs contain a variety of LSA types, including link-state and summary information. Rather than send an LSU about each network within an area, a router can advertise a single summarized route or a small number of routes between areas, thereby reducing the overhead associated  ith LSUs when they cross areas. 

Types of OSPF Routers.

  • Internal router - Routers that have all of their interfaces in the same area. All routers within the same area have identical LSDBs.
  • Backbone router - Routers that sit in the perimeter of the backbone area 0 and that have at least one interface connected to area 0. Backbone routers maintain OSPFrouting information using the same procedures and algorithms as internal routers.
  • Area Border Router (ABR) - Routers that have interfaces attached to multiple areas, maintain separate LSDBs for each area to which they connect, and route traffic destined for or arriving from other areas. ABRs connect area 0 to a nonbackbone area and are exit points for the area, which means that routing information destined for another area can get there only via the ABR of the local area. ABRs distribute this routing information into the backbone. The backbone routers then forward the information to the other ABRs. ABRs are the only point where area address summarization can be configured (to summarize the routing information from the LSDBs of their attached areas). ABRs separate LSA flooding zones, and may function as the source of default routes. An area can have one or more ABRs. The ideal design is to have each ABR connected to two areas only, the backbone and another area. As mentioned, the recommended upper limit is three areas.
  • Autonomous System Boundary Router (ASBR) - Routers that have at least one interface attached to a different routing domain (such as another OSPF autonomous system or a domain using the Enhanced Interior Gateway Protocol [EIGRP]). An OSPF autonomous system consists of all the OSPF areas and the routers within them. ASBRs can redistribute external routes into the OSPF domain and vice versa.

OSPF Adjacencies.

    The router sends and receives hello packets to and from its neighboring routers. The destination address is typically a multicast address.

  • The routers exchange hello packets subject to protocol-specific parameters, such as checking whether the neighbor is in the same area, using the same hello interval, and so on. Routers declare the neighbor up when the exchange is complete.
  • After two routers establish neighbor adjacency using hello packets, they synchronize their LSDBs by exchanging LSAs and confirming the receipt of LSAs from the adjacent router. The two neighbor routers now recognize that they have synchronized their LSDBs with each other. For OSPF, this means that the routers are now in full adjacency state with each other.
  • If necessary, the routers forward any new LSAs to other neighboring routers, ensuring complete synchronization of link-state information inside the area.

    LSAs report the state of routers and the links between routers - hence the term link state. Thus, link-state information must be synchronized between routers. To accomplish this, LSAs have the following characteristics:

  • LSAs are reliable. There is a method for acknowledging their delivery.
  • LSAs are flooded throughout the area (or throughout the domain if there is only one area).
  • LSAs have a sequence number and a set lifetime, so each router recognizes that it has the most current version of the LSA.
  • LSAs are periodically refreshed to confirm topology information before they age out of the LSDB.

OSPF Metric Calculation

    Router X has four neighbor routers: A, B, C, and D. From these routers, it receives the LSAs from all other routers in the network. From these LSAs, it can also deduce the links between all routers and draw the web of routers.

    Each Fast Ethernet link is assigned an OSPF cost of 1. By summing the costs to each destination, the router can deduce the best path to each destination.

    From these best paths, shown with solid lines, routes to destination networks attached to each router are offered to the routing table; for each route, the next-hop address is the appropriate neighboring router (A, B, C, or D).

    When each router receives the LSU, it does the following:

  • If the LSA entry does not already exist, the router adds the entry to its LSDB, sends back a link-state acknowledgment (LSAck), floods the information to other routers, runs SPF, and updates its routing table.
  • If the entry already exists and the received LSA has the same sequence number, the router ignores the LSA entry.
  • If the entry already exists but the LSA includes newer information (it has a higher sequence number), the router adds the entry to its LSDB, sends back an LSAck, floods the information to other routers, runs SPF, and updates its routing table.
  • If the entry already exists but the LSA includes older information, it sends an LSU to the sender with its newer information.

OSPF Packets

Type Packet Name Description
1 Hello Discovers neighbors and builds adjacencies between them
2 Database description (DBD) Checks for database synchronization between routers
3 Link-state request (LSR) Requests specific link-state records from another router
4 LSU Sends specifically requested link-state records
5 LSAck Acknowledges the other packet types

    All five OSPF packets are encapsulated directly in an IP payload. The OSPF packet does not use Transmission Control Protocol (TCP) or User Datagram Protocol (UDP). OSPF requires a reliable packet transport scheme, and because TCP is not used, OSPF defines its own acknowledgment routine using an acknowledgment packet (OSPF packet type 5). OSPF type 4 and type 5 packets are sent to the OSPF multicast IP address, except when retransmitting, when sent across a virtual link, and on nonbroadcast networks. All other packets are sent to a unicast IP address.

    A protocol identifier of 89 in the IP header indicates an OSPF packet. Each OSPF packet begins with a header with the following fields:

  • Version Number - Set to 2 for OSPF Version 2, the current IPv4 version of OSPF. (OSPF Version 3 is used for IP version 6 [IPv6])
  • Type - Differentiates the five OSPF packet types.
  • Packet Length - The length of the OSPF packet in bytes.
  • Router ID - Defines which router is the packet’s source.
  • Area ID - Defines the area in which the packet originated.
  • Checksum - Used for packet header error detection to ensure that the OSPF packet was not corrupted during transmission.
  • Authentication Type - An option in OSPF that describes either no authentication, clear-text passwords, or encrypted message digest 5 (MD5) for router authentication.
  • Authentication - Used with authentication type.
  • Data - Contains different information, depending on the OSPF packet type:
    • For the hello packet - Contains a list of known neighbors.
    • For the DBD packet - Contains a summary of the LSDB, which includes all known router IDs and their last sequence number, among several other fields.
    • For the LSR packet - Contains the type of LSU needed and the router ID of the router that has the needed LSU.
    • For the LSU packet - Contains the full LSA entries. Multiple LSA entries can fit in one OSPF update packet.
    • For the LSAck packet - This data field is empty.

Establishing OSPF Neighbor Adjacencies: Hello

  • Router ID - A 32-bit number that uniquely identifies the router. The highest IP address on an active interface is chosen by default unless a loopback interface address exists or the router ID is manually configured. The router ID is also used to break ties during the DR and BDR selection processes if the OSPF priority values are equal.
  • Hello and dead intervals - The hello interval specifies how often, in seconds, a router sends hello packets (10 seconds is the default on multiaccess networks). The dead interval is the amount of time in seconds that a router waits to hear from a neighbor before declaring the neighbor router out of service (the dead interval is four times the hello interval by default). These timers must be the same on neighboring routers; otherwise an adjacency will not be established.
  • Neighbors - The Neighbors field lists the adjacent routers with which this router has established bidirectional communication. Bidirectional communication is indicated when the router sees itself listed in the Neighbors field of the hello packet from the neighbor.
  • Area ID - To communicate, two routers must share a common segment, and their interfaces must belong to the same OSPF area on that segment. These routers will all have the same link-state information for that area.
  • Router priority - An 8-bit number that indicates a router’s priority. Priority is used when selecting a DR and BDR
  • DR and BDR IP addresses - If known, the IP addresses of the DR and BDR for the specific multiaccess network.
  • Authentication password - If router authentication is enabled, two routers must exchange the same password. Authentication is not required, but if it is enabled, all peer routers must have the same password.
  • Stub area flag - A stub area is a special area. The stub area technique reduces routing updates by replacing them with a default route. Two neighboring routers must agree on the stub area flag in the hello packets.

    The following hello packet fields must match on neighboring routers for them to establish an adjacency:

  • Hello Interval
  • Dead Interval
  • Area ID
  • Authentication Password
  • Stub Area Flag

    If a router joins a broadcast network in which there is already a DR and BDR, it will get to the neighbor two-way state with all routers, including the DR and BDR, and those that are DROTHER (not DR or BDR). The joining router will continue to form full bidirectional adjacencies only with the DR and BDR.

OSPF Neighbor States

The following is a brief summary of the states OSPF may pass through before becoming adjacent to (neighbors with) another router:

  • Down: No active neighbor detected.
  • Init: Hello packet received.
  • Two-way: Router sees its own router ID in a received hello packet.
  • ExStart: Master/slave roles determined.
  • Exchange: DBDs (summary of LSDB) sent.
  • Loading: Exchange of LSRs and LSUs, to populate LSDBs.
  • Full: Neighbors fully adjacent.

Maintaining Routing Information

  • goes to all OSPF routers on the link.
  • goes to the DR and BDR on the link.

    Summaries of individual link-state entries, not the complete link-state entries, are sent every 30 minutes to ensure LSDB synchronization. Each link-state entry has a timer to determine when the LSA refresh update must be sent. Each link-state entry also has a maximum age (maxage) of 60 minutes. As mentioned, if a link-state entry is not refreshed
within 60 minutes, it is removed from the LSDB.

    A change in the topology database is a necessary but not sufficient condition for SPF recalculation. SPF is triggered if any of the following occur:

  • The LSA’s Options field has changed.
  • The LSA’s LS age is set to maxage.
  • The Length field in the LSA header has changed.
  • The contents of the LSA (excluding the LSA header) have changed.

    An SPF calculation is performed separately for each area in the topology database.

OSPF Link-State Sequence Numbers

    An LSA is considered to be more recent if it has the following:

  • A higher sequence number
  • A higher checksum number (if the sequence numbers are equal)
  • An age equal to maxage (indicating the LSA is poisoned)
  • A significantly smaller (younger) LS age
RouterA#show ip ospf database
OSPF Router with ID ( (Process ID 10)
Router Link States (Area 1)
Link ID              ADV Router          Age             Seq#                Checksum    Link count        48               0x80000008     0xB112        2      212             0x80000006     0x3F44         2
<output omitted>

    Seq# header is 32 bits long. First legal sequence number is 0x80000001, and the last number is 0x7FFFFFFF. Each time a record is flooded, the sequence number is incremented by 1. Age ast update occurred Age seconds ago. 

Verifying Packet Flow

R1#debug ip ospf packet
OSPF packet debugging is on
*Apr 16 11:03:51.206: OSPF: rcv. v:2 t:1 l:48 rid: aid: chk:D882 aut:0 auk: from Serial0/0/0.2
  • v: Identifies the version of OSPF; OSPFv2 in this example.
  • t: Specifies the OSPF packet type:
    • 1—Hello
    • 2—DBD
    • 3—LSR
    • 4—LSU
    • 5—LSAck
  • l: Specifies the OSPF packet length in bytes; 48 in this example.
  • rid: Displays the OSPF router ID; in this example.
  • aid: Shows the OSPF area ID; in this example.
  • chk: Displays the OSPF checksum; D882 in this example.
  • aut: Provides the OSPF authentication type:
    • 0—No authentication
    • 1—Simple password
    • 2—MD5
  • auk: Specifies the OSPF authentication key, if used. It is not used in this example.
  • keyid: Displays the MD5 key ID; only used for MD5 authentication. It is not used in this example.
  • seq: Provides the sequence number; only used for MD5 authentication. It is not used in this example.
  • from: Interface from which this packet was received, S0/0/0.2 in this example. 

Configuring and Verifying Basic OSPF Routing

    Router B has a network statement for area 0. The configuration for area 1 in this example uses the ip ospf 50 area 1 interface configuration command. Alternatively a separate network router configuration command, such as network area 1, could have been used.

    The show ip ospf neighbor Command:

Neighbor ID        Pri        State                    Dead Time        Address        Interface            0          FULL/DROTHER     00:00:30       FastEthernet0/0              0          FULL/ -                  00:00:34          Serial0/0/1

    The second line of output in represents Router C, Router B’s neighbor on the serial interface. DR and BDR are not used on point-to-point interfaces (as indicated by a dash [-]). 

    The show ip route ospf Command

RouterA#show ip route ospf is variably subnetted, 3 subnets, 2 masks
O IA [110/782] via, 00:03:05, FastEthernet0/0

    The O code indicates that the route was learned from OSPF. The IA code indicates that the learned route is in another area (interarea).

Electing a DR and BDR and Setting Priority

  • The router with the highest priority value is the DR
  • The router with the second-highest priority value is the BDR.
  • The default for the interface OSPF priority is 1. In case of a tie, the router ID is used. The router with the highest router ID becomes the DR. The router with the second highest router ID becomes the BDR.
  • A router with a priority of 0 cannot become the DR or BDR. A router that is not the DR or BDR is a DROTHER.
  • If a router with a higher priority value gets added to the network, it does not preempt the DR and BDR. The only time a DR or BDR changes is if one of them goes out of service. If the DR is out of service, the BDR becomes the DR, and a new BDR is selected. If the BDR is out of service, a new BDR is elected.
Router(config)#interface FastEthernet 0/0
Router(config-if)#ip ospf priority 10

Adjacency Behavior for a Broadcast Network 

  • Reducing routing update traffic - The DR and BDR act as a central point of contact for link-state information exchange on a given multiaccess broadcast network. Therefore, each router must establish a full adjacency with the DR and the BDR only. Instead of each router exchanging link-state information with every other router on the segment, each router sends the link-state information to the DR and BDR only. The DR represents the multiaccess broadcast network in the sense that it sends link-state information from each router to all other routers in the network. This flooding process significantly reduces the router-related traffic on a segment.
  • Managing link-state synchronization - The DR and BDR ensure that the other routers on the network have the same link-state information about the internetwork. In this way, the DR and BDR reduce the number of  routing errors.

Selecting the OSPF Network Type

    The default OSPF modes are as follows:

  • The default OSPF mode on a point-to-point Frame Relay subinterface is the point-to- point mode.
  • The default OSPF mode on a Frame Relay multipoint subinterface is the nonbroadcast mode.
  • The default OSPF mode on a main Frame Relay interface is also the nonbroadcast mode.

    Use the ip ospf network {broadcast | non-broadcast | point-to-multipoint [non-broadcast] | point-to-point} interface configuration command to select the OSPF mode.

broadcast Makes the WAN interface appear to be a LAN.
One IP subnet.
Uses a multicast OSPF hello packet to automatically discover the
DR and BDR are elected.
Full- or partial-mesh topology.
non-broadcast One IP subnet.
Neighbors must be manually configured.
DR and BDR are elected.
DR and BDR need to have full connectivity with all other routers.
Typically used in a full- or partial-mesh topology.
point-to-multipoint One IP subnet.
Uses a multicast OSPF hello packet to automatically discover the
DR and BDR are not required. The router sends additional LSAs with
more information about neighboring routers.
Typically used in a partial-mesh or star topology.
If multicast and broadcast are not enabled on the VCs, the RFC-
compliant point-to-multipoint mode cannot be used, because the
router cannot dynamically discover its neighboring routers using the
hello multicast packets, so this Cisco mode should be used instead.
Neighbors must be manually configured.
DR and BDR election is not required.
point-to-point Different IP subnet on each subinterface.
No DR or BDR election.
Used when only two routers need to form an adjacency on a pair of
Interfaces can be either LAN or WAN.



LSA Type Description
1 Router LSA
2 Network LSA
3, 4 Summary LSAs
5 Autonomous system external LSA
6 Multicast OSPF LSA
7 Defined for NSSAs
8 External attributes LSA for Border Gateway Protocol (BGP)
9-11 Opaque LSAs

    Type 1 (Router LSA) - Every router generates router-link advertisements for each area to which it belongs. Router-link advertisements describe the states of the router’s links to the area and are flooded only within a particular area. All types of LSAs have 20-byte LSA headers. One of the fields of the LSA header is the link-state ID.

    Type 1 LSA link types and their link ID meanings :

Link Type Description Link ID Field Contents
1 Point-to-point connection to another router Neighbor router ID
2 Connection to a transit network DR’s interface address
3 Connection to a stub network IP network/subnet number
4 Virtual lin Neighbor router ID

    Type 2 (Network LSA) - DRs generate network link advertisements for multiaccess networks, which describe the set of routers attached to a particular multiaccess network. Network link advertisements are flooded in the area that contains the network. The link-state ID of the type 2 LSA is the DR’s IP interface address.

    The transit link’s DR is responsible for advertising the network LSA. The type 2 LSA then floods to all routers within the transit network area. Type 2 LSAs never cross an area boundary. The link-state ID for a network LSA is the IP interface address of the DR that advertises it.

    LSA Type 3: Summary LSA describes routes to the area’s networks (and may include aggregate routes). Вy default, OSPF does not automatically summarize groups of contiguous subnets, or even summarize a network to its classful boundary. ABRs flood summary LSAs to other areas regardless of whether the routes listed in the LSAs are summarized. The network administrator, through configuration commands, must specify if and how the summarization will occur. By default, a type 3 summary LSA is advertised into the backbone area for every subnet defined in the originating area. Because Type 3 LSAs do not, by default, contain summarized routes, by default, all subnets in an area will be advertised. This can cause significant flooding problems. Consequently, manual route summarization (also called aggregation) at the ABR should always be considered.


    The link-state ID is the destination network number for type 3 LSAs.

    LSA Type 4: Summary LSA describes routes to ASBRs. A type 4 summary LSA is generated by an ABR only when an ASBR exists within an area. A type 4 LSA identifies the ASBR and provides a route to it; all traffic destined for an external autonomous system requires routing table knowledge of the ASBR that originated the external routes. The link-state ID is set to the ASBR’s router ID.

    Type 5 (autonomous system external LSA) - ASBRs generate autonomous system external link advertisements. External link advertisements describe routes to destinations external to the autonomous system and are flooded everywhere except to any type of stub areas. The link-state ID of the type 5 LSA is the external network number.

    The network administrator should always attempt to summarize blocks of external network numbers at the ASBR to reduce flooding problems.

    Type 6 (Multicast OSPF LSA) - These LSAs are used in multicast OSPF applications.
    Type 7 (LSAs for NSSAs) - These LSAs are used in NSSAs.
    Type 8 (External attributes LSA for BGP) - These LSAs are used to internetwork OSPF and BGP.
    Types 9, 10, or 11 (Opaque LSAs) - These LSA types are designated for future up grades to OSPF for distributing application-specific information through an OSPF domain. For example, Cisco Systems uses Type 10 opaque LSAs for MPLS Traffic Engineering functionality with OSPF. Standard LSDB flooding mechanisms are used to distribute opaque LSAs. Each of the three types has a different flooding scope. Type 9 LSAs are not flooded beyond the local network or subnetwork. Type 10 LSAs are not flooded beyond the borders of their associated area. Type 11 LSAs are flooded throughout the autonomous system (the same as for Type 5 LSAs). (Opaque LSAs are defined in RFC 5250, The OSPF Opaque LSA Option.)

OSPF Routing Table and Types of Routes


O OSPF intra-area (router
LSA) and network LSA
Networks from within the router’s area, advertised by
way of router LSAs and network LSAs.
O IA OSPF interarea (summary
Networks from outside the router’s area but within
the OSPF autonomous system, advertised by way of
summary LSAs.
O E1 Type 1 external routes Networks from outside the router’s autonomous sys-
tem, advertised by way of external LSAs.
O E2 Type 2 external routes Networks from outside the router’s autonomous sys-
tem, advertised by way of external LSAs.

    Calculating the Costs of E1 and E2 Routes:

  • E1 - Type O E1 external routes calculate the cost by adding the external cost to the internal cost of each link the packet crosses. Use this type when multiple ASBRs are advertising an external route to the same autonomous system, to avoid suboptimal routing.
  • E2 (default) - The external cost of O E2 packet routes is always the external cost only. Use this type if only one ASBR is advertising an external route to the autonomous system.

Configuring OSPF LSDB Overload Protection

    If other routers are misconfigured, causing, for example, a redistribution of a large number of prefixes, large numbers of LSAs can be generated. These excessive LSAs can drain local CPU and memory resources.

    max-lsa Command Parameters:

maximum-number Maximum number of non-self-generated LSAs that the OSPF process
can keep in the OSPF LSDB.
threshold-percentage (Optional) The percentage of the maximum LSA number, as specified
by the maximum-number argument, at which a warning message is
logged. The default is 75 percent.
warning-only (Optional) Specifies that just a warning message is sent when the maxi-
mum limit for LSAs is exceeded. The OSPF process never enters ignore
state. Disabled by default.
ignore-time minutes (Optional) Specifies the time, in minutes, to ignore all neighbors after
the maximum limit of LSAs has been exceeded. The default is 5 min-
ignore-count count-number (Optional) Specifies the number of times that the OSPF process can
consecutively be placed into the ignore state. The default is five times.
reset-time minutes (Optional) Specifies the time, in minutes, after which the ignore count is
reset to 0. The default is 10 minutes.

    The passive-interface Command.

router ospf 100
network area 1
network area 1
passive-interface default
no passive-interface Serial0/0/1
router ospf 100
network area 1
network area 1
network area 1
passive-interface Ethernet0

Propagating an OSPF Default Route 

    There are two ways to advertise a default route into a standard area. The first is to adver tise into the OSPF domain, provided that the advertising router already has a default route. This is accomplished with the default-information originate command. The second is to advertise regardless of whether the advertising router already has a default route. This is accomplished by adding the keyword always to the default-information originate command.

always (Optional) Specifies that OSPF always advertises the default route regardless of
whether the router has a default route in the routing table.
(Optional) A metric used for generating the default route. If you omit a value and
do not specify a value using the default-metric router configuration command,
the default metric value is 1. Cisco IOS Software documentation indicates that the
default metric value is 10, but testing shows that it is actually 1.
(Optional) The external link type that is associated with the default route that is
advertised into the OSPF routing domain. It can be one of the following values:
1—Type 1 external route, 2—Type 2 external route. The default is type 2 exter-
nal route (indicated by O*E2 in the routing table)
(Optional) Specifies that the routing process generates the default route if the
route map is satisfied.

Configuring OSPF Route Summarization

    Interarea Route Summarization Configuration Example on an ABR:

R1(config)#router ospf 100
R1(config-router)#network area 1
R1(config-router)#network area 0
R1(config-router)#area 0 range
R1(config-router)#area 1 range
R2(config)#router ospf 100
R2(config-router)#network area 2
R2(config-router)#network area 0
R2(config-router)#area 0 range
R2(config-router)#area 2 range

    Configuring External OSPF Route Summarization on an ASBR:

    Use the summary-address ip-address mask [not-advertise] [tag tag] router configuration command to instruct the ASBR to summarize external routes before injecting them into the OSPF domain as a type 5 external LSA.

OSPF Virtual Links

    OSPF’s two-tiered area hierarchy requires that if more than one area is configured, one of the areas must be area 0, the backbone area. All other areas must be directly connected to area 0, and area 0 must be contiguous. OSPF expects all nonbackbone areas to inject routes into the backbone, so that the routes can be distributed to other areas.

    The area area-id virtual-link Command Parameters:

area-id Specifies the area ID of the transit area for the virtual link. This ID
can be either a decimal value or in dotted-decimal format, like a
valid IP address. There is no default.
The transit area cannot be a stub area.
router-id Specifies the router ID of the virtual link neighbor. The router ID
appears in the show ip ospf display. This value is in an IP address
format. There is no default.
authentication (Optional) Specifies an authentication type.
message-digest (Optional) Specifies the use of MD5 authentication.
null (Optional) Overrides simple password or MD5 authentication if
configured for the area. No authentication is used.
(Optional) Specifies the time (in seconds) between the hello packets
that the Cisco IOS Software sends on an interface. The unsigned
integer value is advertised in the hello packets. The value must be
the same for all routers and access servers attached to a common
network. The default is 10 seconds.


(Optional) Specifies the time (in seconds) between LSA retransmis-
sions for adjacencies belonging to the interface. The value must be
greater than the expected round-trip delay between any two routers
on the attached network. The default is 5 seconds.
(Optional) Specifies the estimated time (in seconds) to send an LSU
packet on the interface. This integer value must be greater than 0.
LSAs in the update packet have their age incremented by this
amount before transmission. The default value is 1 second.
(Optional) Specifies the time (in seconds) that must pass without
hello packets being seen before a neighboring router declares the
router down. This is an unsigned integer value. The default is four
times the default hello interval, or 40 seconds. As with the hello
interval, this value must be the same for all routers and access
servers attached to a common network.
(Optional) Specifies the password used by neighboring routers for
simple password authentication. It is any continuous string of up to
8 characters. There is no default value.
key-id md5 key
(Optional) Identifies the key ID and key (password) used between
this router and neighboring routers for MD5 authentication. There
is no default value.

    Verifying OSPF Virtual Link Operation:

RouterA#show ip ospf virtual-links
Virtual Link OSPF_VL0 to router is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 1, via interface Serial0/0/1, Cost of using 781
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:07
Adjacency State FULL (Hello suppressed)
Index 1/2, retransmission queue length 0, number of retransmission 1
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
  • Virtual Link OSPF_VL0 to router is up - Specifies the OSPF neighbor and whether the link to that neighbor is up or down.
  • Transit area 1 - Specifies the transit area through which the virtual link is formed
  • Via interface Serial0/0/1 - Specifies the interface through which the virtual link is formed
  • Cost of using 781 - Specifies the cost of reaching the OSPF neighbor through the virtual link
  • Transmit Delay is 1 sec - Specifies the transmit delay on the virtual link
  • State POINT_TO_POINT - Specifies the state of the OSPF neighbor
  • Timer intervals configured - Specifies the various timer intervals configured for the link
  • Hello due in 0:00:07 - Specifies when the next hello is expected from the neighbor
  • Adjacency State FULL - Specifies the adjacency state between the neighbors 

Changing the Cost Metric

    Recall that by default on Cisco routers, the OSPF metric for an interface is calculated according to the inverse of the interface’s bandwidth. The default OSPF cost in Cisco routers is calculated using the formula (100)/(bandwidth in Mbps). This formula can also be written as (10^8) / (bandwidth in bps).

    The ip ospf cost, bandwidth, and auto-cost reference-bandwidth commands can be used to manipulate the cost metric. For example, in a network that has Fast Ethernet and Gigabit Ethernet interfaces, both would have a default OSPF cost of 1. In this case, the reference bandwidth could be changed to 10,000 Mbps using the auto-cost reference-bandwidth 10000 command. The OSPF cost of a Fast Ethernet interface would then be 10,000/100 = 100 and the OSPF cost of a Gigabit Ethernet interface would be 10,000/1000 = 10. Thus, the interface costs would be differentiated.

Configuring OSPF Special Area Types

  • Stub area - This area type does not accept information about routes external to the autonomous system, such as routes from non-OSPF sources. If routers need to route to networks outside the autonomous system, they use a default route, indicated as Stub areas cannot contain ASBRs (except that the ABRs may also be ASBRs).
  • Totally stubby area - This Cisco proprietary area type does not accept external autonomous system routes or summary routes from other areas internal to the autonomous system. If a router needs to send a packet to a network external to the area, it sends the packet using a default route. Totally stubby areas cannot contain ASBRs (except that the ABRs may also be ASBRs).
  • NSSA - NSSA is an addendum to the OSPF RFC. This area type defines a special LSA type 7. NSSA offers benefits that are similar to those of a stub area. They do not accept information about routes external to the autonomous system, but instead use a default route for external networks. However, NSSAs allow ASBRs, which is against the rules in a stub area.
  • Totally stubby NSSA - Cisco routers also allow an area to be configured as a totally stubby NSSA, which allows ASBRs, but does not accept external routes or summary routes from other areas. A default route is used to get to networks outside of the area.

    Configuring Stub Areas:

    The hello packet exchanged between OSPF routers contains a stub area flag that must match on neighboring routers. The area area-id stub command must be enabled on all routers in the stub area so that they all have the stub flag set. The routers can then become neighbors and exchange routing information.

    By default, the ABR of a stubby or totally stubby area advertises a default route with a cost of 1. The area default-cost Command Parameters:

  • area-id - The identifier for the stub area, totally stubby area, or NSSA. The identifier can be either a decimal value or a value in dotted-decimal format, like an IP address.
  • cost - Cost for the default summary route. The acceptable values are 0 through 16777215. The default is 1.

Router R3:
R3(config)#interface FastEthernet0/0
R3(config-if)#ip address
R3(config)#interface Serial 0/0/0
R3(config-if)#ip address
R3(config)#router ospf 100
R3(config-router)#network area 0
R3(config-router)#network area 2
R3(config-router)#area 2 stub
Router R4:
R4(config)#interface Serial 0/0/0
R4(config-if)#ip address
R4(config)#router ospf 100
R4(config-router)#network area 2
R4(config-router)#area 2 stub

    Configuring Totally Stubby Areas:

Router R2:
R2(config)#router ospf 10
R2(config-router)#network area 0
R2(config-router)#network area 1
R2(config-router)#area 1 stub no-summary
R2(config-router)#area 1 default-cost 5
Router R3:
R3(config)#router ospf 10
R3(config-router)#network area 1
R3(config-router)#area 1 stub

    Configuring NSSAs:

    Redistribution into an NSSA area creates a special type of LSA known as type 7, which can exist only in an NSSA area. An NSSA ASBR generates this LSA, and an NSSA ABR translates it into a type 5 LSA, which gets propagated into the OSPF domain. Type 7 LSAs have a propagate (P) bit in the LSA header to prevent propagation loops between the NSSA and the backbone area. Type 7 LSAs are the same format as type 5 LSAs.

    Routers operating in NSSA areas set the N-bit to signify that they can support the type 7 LSA. These option bits are checked during neighbor establishment and must match for an adjacency to form. The type 7 LSA is described in the routing table as an O N2 or O N1 (N means NSSA). N1 means that the metric is calculated like external type 1 (internal costs are added to the external metric); N2 means that the metric is calculated like external type 2 (internal costs are not added to the external metric). The default is O N2.

    LSAs that originate from the RIP network—the subnets—to and advertise this summary route into area 0. To cause R2 (the NSSA ABR) to generate an O*N2 default route (O*N2 into the NSSA, the default-information-originate parameter is used on the area area-id nssa command on R2.

Router R1:
R1(config)#router ospf 10
R1(config-router)#redistribute rip subnets
R1(config-router)#default metric 150
R1(config-router)#network area 1
R1(config-router)#area 1 nssa
Router R2:
R2(config)#router ospf 10
R2(config-router)#network area 1
R2(config-router)#network area 0
R2(config-router)#area 1 nssa default-information-originate

    Configuring Totally Stubby NSSAs:

Router R1:
R1(config)#router ospf 10
R1(config-router)#redistribute rip subnets
R1(config-router)#default metric 150
R1(config-router)#network area 1
R1(config-router)#area 1 nssa
Router R2:
R2(config)#router ospf 10
R2(config-router)#network area 1
R2(config-router)#network area 0
R2(config-router)#area 1 nssa no-summary

OSPF Authentication

    Simple Password Authentication Example:

interface Serial0/0/1
ip address
ip ospf authentication
ip ospf authentication-key plainpas

    Simple Password Authentication for Virtual Links Example:

router ospf 10
network area 0
network area 1
area 0 authenticaiton
area 1 virtual-link authentication-key cisco
router ospf 10
network area 2
network area 1
area 0 authenticaiton
area 1 virtual-link authentication-key cisco

    MD5 Authentication Example:

interface Serial0/0/1
ip address
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 secretpass
Leave a Comment: