OSPF Complete Guide 60pages
Uploaded by
gauravOSPF Complete Guide 60pages
Uploaded by
gauravOSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
OSPF
Open Shortest Path First
Complete Reference Guide
Basic to Advanced • ~60 Pages
OSPF Fundamentals & Protocol Overview OSPFv3 for IPv6 Networks
Neighbour States & Adjacency Formation Authentication: Plain-text, MD5, SHA-256
LSA Types 1-11 & Link-State Database Route Summarisation & Redistribution
OSPF
OSPF Areas: Backbone, Stub, NSSA & More
SPF / Dijkstra Algorithm Deep Dive
DR/BDR Election on Multi-Access Networks
Timers, Tuning & Fast Convergence
Troubleshooting & Diagnostic Commands
Advanced: SR-OSPF, BFD, NSF/NSR, TE
OSPF Packet Types & Header Structure Real-World Design Best Practices
RFC 2328 RFC 5340 RFC 5709
Networking Fundamentals | OSPF Interior Gateway Protocol Page 1
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
Table of Contents
1. Introduction to OSPF
› 1.1 What is OSPF?
› 1.2 History & Standards
› 1.3 OSPF vs Other IGPs
› 1.4 When to Use OSPF
2. OSPF Fundamentals
› 2.1 Link-State vs Distance-Vector
› 2.2 Three Databases
› 2.3 OSPF Operation Overview
› 2.4 Router ID
3. OSPF Packet Types
› 3.1 Common Header
› 3.2 Hello Packet
› 3.3 DBD, LSR, LSU, LSAck
› 3.4 Packet Flow Walkthrough
4. Neighbour Discovery & Adjacency States
› 4.1 Eight Neighbour States
› 4.2 Adjacency Requirements
› 4.3 Hello Protocol
› 4.4 DBD Exchange Process
5. DR/BDR Election
› 5.1 Why DR/BDR?
› 5.2 Election Process
› 5.3 Multicast Addresses
› 5.4 Network Types
6. LSA Types 1–11
› 6.1 LSA Header
› 6.2 Type 1-2 (Intra-Area)
› 6.3 Type 3-4 (Inter-Area)
› 6.4 Type 5/7 (External)
› 6.5 Type 9-11 (Opaque)
7. OSPF Areas & Hierarchy
› 7.1 Two-Level Hierarchy
› 7.2 Router Roles
› 7.3 Area Types Deep Dive
› 7.4 Virtual Links
8. SPF Algorithm
› 8.1 Dijkstra Explained
› 8.2 OSPF Cost & Metric
› 8.3 Equal-Cost Multipath
› 8.4 SPF Timers
9. OSPF Configuration
› 9.1 Basic OSPFv2
Networking Fundamentals | OSPF Interior Gateway Protocol Page 2
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
› 9.2 Multi-Area OSPF
› 9.3 Area Types Config
› 9.4 Verification Commands
10. OSPF Metric & Cost Tuning
› 10.1 Reference Bandwidth
› 10.2 Manual Cost
› 10.3 Offset-List
11. Route Summarisation & Redistribution
› 11.1 Inter-Area Summarisation
› 11.2 External Summarisation
› 11.3 Redistribution Into OSPF
› 11.4 Redistribution From OSPF
12. OSPF Authentication
› 12.1 Null Authentication
› 12.2 Plain-Text
› 12.3 MD5
› 12.4 SHA-256 (RFC 5709)
13. OSPFv3 for IPv6
› 13.1 OSPFv3 vs OSPFv2
› 13.2 New LSA Types
› 13.3 Configuration
› 13.4 Address Families
14. OSPF Timers & Fast Convergence
› 14.1 Timer Table
› 14.2 Fast Hello & BFD
› 14.3 LSA/SPF Throttling
› 14.4 LFA Fast Reroute
15. Troubleshooting OSPF
› 15.1 Show Commands
› 15.2 Debug Commands
› 15.3 Common Problems
› 15.4 Systematic Methodology
16. Advanced OSPF Topics
› 16.1 OSPF-TE & MPLS
› 16.2 Graceful Restart (NSF/NSR)
› 16.3 Segment Routing
› 16.4 BFD Integration
› 16.5 Multi-Area Adjacency
› 16.6 LFA/rLFA
17. Design Best Practices
› 17.1 Area Design
› 17.2 Scalability
› 17.3 Security
› 17.4 High Availability
18. Quick Reference & Cheat Sheet
› 18.1 Key Values
› 18.2 Commands
› 18.3 RFC Index
Networking Fundamentals | OSPF Interior Gateway Protocol Page 3
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
1 Introduction to OSPF
What it is, why it exists, and when to use it
OSPF (Open Shortest Path First) is an interior gateway protocol (IGP) based on the link-state routing
algorithm. It is defined by the IETF in RFC 2328 (OSPFv2, for IPv4) and RFC 5340 (OSPFv3, for IPv6).
OSPF is the most widely deployed IGP in enterprise and service-provider networks worldwide due to its
open standard nature, scalability, rapid convergence, and rich feature set. Unlike distance-vector protocols
such as RIP, OSPF routers maintain a complete map of the network and independently compute the
shortest path to every destination.
1.1 What is OSPF?
OSPF belongs to the link-state family of routing protocols. Every OSPF router describes its directly
connected links in Link State Advertisements (LSAs) and floods them throughout the area. All routers
within an area therefore accumulate an identical Link-State Database (LSDB) — essentially a complete
map of that area. Each router then independently runs Dijkstra's Shortest Path First (SPF) algorithm to
compute a loop-free shortest-path tree to every destination, placing the best routes into its Routing
Information Base (RIB).
1.2 History & Standards
Version RFC Year Notes
OSPFv1 RFC 1131 1989 Experimental — never widely deployed
OSPFv2 RFC 1583 1994 IPv4 — first widely used version
OSPFv2 RFC 2178 1997 Replaced RFC 1583
OSPFv2 RFC 2328 1998 Current standard for IPv4 — still in use
OSPFv3 RFC 2740 1999 IPv6 — first version
OSPFv3 RFC 5340 2008 Current standard for IPv6
OSPF-TE RFC 3630 2003 Traffic Engineering extensions
OSPF Auth RFC 5709 2009 HMAC-SHA authentication
OSPF SR RFC 8665 2019 Segment Routing extensions
1.3 OSPF vs Other IGPs
Feature OSPF EIGRP RIPv2 IS-IS
Type Link-State Adv. D-Vector Dist-Vector Link-State
Standard Open (IETF) Open (Cisco) Open (IETF) Open (ISO)
Metric Cost (bw) Composite Hop count Cost
Networking Fundamentals | OSPF Interior Gateway Protocol Page 4
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
Max hops Unlimited Unlimited 15 Unlimited
Convergence Fast Fast Slow Fast
Hierarchical Yes (areas) No (EIGRP stub) No Yes (L1/L2)
VLSM/CIDR Yes Yes Yes Yes
IPv6 support OSPFv3 EIGRPv6 RIPng IS-IS ext
Multicast [Link]/6 [Link] [Link] [Link]..
Admin Distance 110 90 (int) 120 115
Used in Enterprise/SP Enterprise Small nets ISP/SP
1.4 When to Use OSPF
Choose OSPF When... Consider Alternatives When...
• Multi-vendor environment (no vendor lock-in) • Small/simple network (RIP or static adequate)
• Large network with 50+ routers • Pure Cisco environment with advanced EIGRP
• Need fast sub-second convergence features
• Complex topology with redundant links • Very large flat topology without hierarchy
• Hierarchical design required (areas) • Operator prefers IS-IS (common in ISP cores)
• IPv6 support needed (OSPFv3) • Network team lacks OSPF expertise
• Carrier or service-provider network • Extreme simplicity required
• Traffic Engineering (MPLS-TE) required
• Segment Routing deployment planned
Networking Fundamentals | OSPF Interior Gateway Protocol Page 5
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
2 OSPF Fundamentals
Core concepts every OSPF engineer must know
2.1 Link-State vs Distance-Vector
Aspect Link-State (OSPF) Distance-Vector (RIP)
What is shared LSAs — full topology info Routes — only best paths to each dest
Database Identical LSDB on all routers Each router has unique view
Algorithm Dijkstra SPF — each router runs it Bellman-Ford — distributed
Loop prevention SPF tree is loop-free by design Split-horizon, poison reverse
Convergence Fast — triggered updates Slow — periodic full updates
Bandwidth LSA flooding (then incremental) Periodic full table broadcasts
Memory/CPU Higher (LSDB + SPF) Lower
Visibility Router sees entire topology Router sees only neighbours
2.2 The Three OSPF Databases
Every OSPF router maintains three separate databases. Understanding these is fundamental to OSPF
operation and troubleshooting:
Database Also Called Contents IOS Command
Neighbour Table Adjacency DB List of directly adjacent OSPF routers with show ip ospf neighbor
state
Link-State DB LSDB / Topology All LSAs collected — complete area show ip ospf database
DB topology map
Routing Table RIB / Forwarding Best paths computed by SPF algorithm show ip route ospf
DB
2.3 OSPF Operation Overview
OSPF operation follows a well-defined sequence of events from startup to full routing convergence:
Step 1 Configure OSPF Enable OSPF process, assign Router ID, advertise networks.
Step 2 Send Hello Packets Hellos sent every HelloInterval on all OSPF interfaces ([Link]).
Step 3 Discover Neighbours Routers receiving Hellos verify parameters and record neighbours.
Step 4 Form Adjacencies Two-way communication confirmed; DR/BDR elected on multi-access;
proceed to ExStart.
Networking Fundamentals | OSPF Interior Gateway Protocol Page 6
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
Step 5 Exchange LSDB DBD packets exchange LSA headers; LSR/LSU/LSAck used to sync
databases.
Step 6 Build LSDB All routers in area receive identical set of LSAs.
Step 7 Run SPF Dijkstra algorithm computes shortest-path tree rooted at self.
Step 8 Install Routes Best paths installed into RIB; router is now fully converged.
Step 9 Maintain State Hellos keep neighbours alive; LSAs refreshed every 30 min; triggered
updates on change.
2.4 Router ID
The Router ID (RID) is a 32-bit number that uniquely identifies an OSPF router within the OSPF domain. It
is formatted like an IPv4 address but is NOT necessarily a routable address. OSPF uses the Router ID in
LSAs, neighbour relationships, and DR/BDR elections.
Selection priority (highest wins):
• Manual configuration: router-id <ip-address> (always preferred)
• Highest IP on a Loopback interface (if no manual config)
• Highest IP on any active interface (last resort)
■ Best Practice
Always manually configure the Router ID using a Loopback address. This ensures stability — if a physical
interface goes down, the RID remains unchanged. Changing the RID requires clearing the OSPF process
('clear ip ospf process') which causes a brief reconvergence.
Networking Fundamentals | OSPF Interior Gateway Protocol Page 7
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
3 OSPF Packet Types
The five message types that drive OSPF operation
OSPF communicates using five distinct packet types, all carried directly in IP with protocol number 89. All
packets share a 24-byte common header.
3.1 OSPF Common Header (24 Bytes)
Field Size Value/Description
Version 1 byte 2 = OSPFv2 (IPv4), 3 = OSPFv3 (IPv6)
Type 1 byte 1=Hello, 2=DBD, 3=LSR, 4=LSU, 5=LSAck
Packet Length 2 bytes Total length of this OSPF packet in bytes
Router ID 4 bytes Originating router's unique 32-bit identifier
Area ID 4 bytes OSPF area this packet belongs to ([Link] = backbone)
Checksum 2 bytes Standard IP checksum over the entire packet
AuType 2 bytes 0=None, 1=Simple plain-text, 2=MD5 cryptographic
Authentication 8 bytes Authentication data (format depends on AuType)
3.2 Type 1: Hello Packet
The Hello packet is the most fundamental OSPF message. It is sent periodically on all OSPF-enabled
interfaces and serves three critical purposes: neighbour discovery, neighbour keepalive, and DR/BDR
election participation. Two routers can only form a neighbour relationship if their Hello parameters
match.
Hello Field Description Must Match?
Network Mask Subnet mask of the sending interface Yes (except
P2P/virtual)
Hello Interval Seconds between Hello transmissions Yes
Options Capability flags (E-bit, N-bit, etc.) Yes (key bits)
Router Priority Used in DR/BDR election (0=ineligible) No
Router Dead Interval Seconds before declaring neighbour dead Yes
Designated Router Router ID of current DR ([Link] if none) No
Backup DR Router ID of current BDR ([Link] if none) No
Neighbour List Router IDs from which Hellos have been received No
Networking Fundamentals | OSPF Interior Gateway Protocol Page 8
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
3.3 Types 2–5: DBD, LSR, LSU, LSAck
Typ Name Direction Purpose
e
2 Database Description Unicast Summarises the sender's LSDB by listing LSA headers. Used
(DBD) during ExStart and Exchange states to determine which LSAs
need to be requested.
3 Link-State Request (LSR) Unicast Requests specific LSAs from a neighbour. Sent when a router
receives a DBD containing LSA headers it does not have or that
are newer than its own.
4 Link-State Update (LSU) Uni/Multi Carries one or more complete LSAs. Sent in response to an
LSR, or triggered by topology changes. Flooded using
[Link] or [Link].
5 LS Acknowledge (LSAck) Uni/Multi Acknowledges receipt of LSUs. OSPF uses explicit ACKs for
reliable LSA flooding. Can be delayed (batched) or immediate.
3.4 Full Packet Exchange Walkthrough
Router A Router B
■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■
[DISCOVER] ■■■ Hello ([Link]) ■■■■■■■■■■■■■■■■■■■■■■■
■■■ Hello ([Link]) ■■■■■■■■■■■■■■■■■■■■■■ [INIT→2-WAY]
[EXSTART] ■■■ DBD (Master elect, Seq=100) ■■■■■■■■■■■
■■■ DBD (Master elect, Seq=200) ■■■■■■■■■■■■
B is Master (higher RID). A becomes Slave.
[EXCHANGE] ■■■ DBD (Seq=200, LSA headers...) ■■■■■■■■■
■■■ DBD (Seq=201, LSA headers...) ■■■■■■■■■■■
■■■ DBD (Seq=201, M=0 last DBD) ■■■■■■■■■■■
[LOADING] ■■■ LSR (need LSA X, Y) ■■■■■■■■■■■■■■■■■■■
■■■ LSU (LSA X, Y full data) ■■■■■■■■■■■■■■■
■■■ LSAck ■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■
[FULL] ■■■ Hello ([Link]) keepalive ■■■■■■■■■■■■
■■■ Hello ([Link]) keepalive ■■■■■■■■■■■■
Networking Fundamentals | OSPF Interior Gateway Protocol Page 9
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
4 Neighbour Discovery & Adjacency States
The 8-state machine from Down to Full
4.1 The Eight Neighbour States
OSPF neighbours progress through up to eight states before reaching Full adjacency. Each state
represents a phase in the negotiation and database synchronisation process:
Initial state. No Hello packets have been received from this neighbour. The neighbour may
Down
have timed out (Dead interval expired) or never been seen.
NBMA networks only. A Hello has been sent to the manually configured neighbour but no
Attempt
reply received yet. Applies to hub-spoke Frame Relay configurations.
A Hello has been received from this neighbour but our own Router ID does not yet appear in
Init
the neighbour's Hello packet. One-way communication established.
Bidirectional communication confirmed — our Router ID appears in the neighbour's Hello.
2-Way DR/BDR election happens here. On multi-access networks, DROther-to-DROther
relationships stop at this state (normal behaviour).
Beginning of adjacency formation. Master/Slave relationship negotiated using DBD packets.
ExStart The router with the higher Router ID becomes Master and controls the DBD sequence
numbers.
Master and Slave exchange DBD packets containing LSA headers, giving each router a
Exchange
summary of the neighbour's LSDB. Routers build a list of LSAs they need.
LSR packets sent to request missing or outdated LSAs. Neighbour responds with LSU
Loading
packets containing the full LSAs. LSAck packets acknowledge receipt.
LSDBs are fully synchronised. This is the desired operational state. All adjacencies should
Full be Full in a healthy OSPF network. Routes can only be computed once adjacencies reach
Full.
4.2 Adjacency Requirements
The following parameters MUST match between two routers for an OSPF adjacency to form:
Parameter Details Impact if Mismatch
Area ID Interface area assignment must be identical Stuck in Init
Hello Interval Default: 10s (broadcast/P2P), 30s (NBMA) Stuck in Init/2-Way
Dead Interval Default: 4× Hello interval Stuck in Init/2-Way
Subnet & Mask Both sides must be on same subnet No Hello exchange
Networking Fundamentals | OSPF Interior Gateway Protocol Page 10
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
Area Type Flags Stub flag in options byte must match Stuck in ExStart
MTU Default: must match (unless mtu-ignore set) Stuck in ExStart
Authentication Type and key must match No adjacency
Router ID Must be unique in the OSPF domain Database corruption
4.3 Hello Protocol Details
Hello packets are sent using IP multicast [Link] (AllSPFRouters) on broadcast and P2P links. On
NBMA networks, they are unicast to configured neighbours. The Hello packet contains the sending router's
neighbour list — this is how 2-Way state is established (seeing your own RID in a received Hello).
4.4 DBD Exchange — Master/Slave
During ExStart, routers negotiate who is Master and who is Slave by exchanging empty DBD packets. The
router with the higher Router ID wins and becomes Master. The Master controls the DBD sequence
numbers and drives the exchange. The Slave only sends DBD packets in response to the Master's, using
the Master's sequence number.
• Master sets the MS (Master/Slave) bit and increments sequence numbers
• Slave clears the MS bit and echoes Master's sequence number
• The M (More) bit indicates more DBD packets to follow
• The I (Init) bit is set only in the first DBD packet
• Process completes when both sides send DBD with M=0 and have received all expected DBDs
Networking Fundamentals | OSPF Interior Gateway Protocol Page 11
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
5 DR / BDR Election
Reducing adjacencies on multi-access networks
5.1 Why DR and BDR?
On a broadcast multi-access network (e.g. Ethernet with 5 routers), without a DR/BDR every router
would form a Full adjacency with every other router. With n routers, that means n(n-1)/2 full adjacencies
— for 10 routers, that is 45 adjacencies, each generating LSA flooding. This creates excessive network
overhead and CPU load.
WITHOUT DR/BDR (5 routers = 10 adjacencies): WITH DR/BDR (5 routers = 4+4 = 8 adj):
R1 ■■■■ R2 R1 R2
| \ / | \ /
| \/ | DR/BDR
| /\ | / \
R4 ■■■■ R3 R4 R3
| |
R5 R5
Every pair = Full adjacency All Full with DR & BDR only
The DR (Designated Router) acts as the central LSA collection and distribution point. All DROther routers
form Full adjacencies only with the DR and BDR. DROther-to-DROther relationships stay at 2-Way.
5.2 DR/BDR Election Process
The election follows this strict priority order:
• Highest OSPF Interface Priority wins DR. Priority range: 0–255. Default: 1.
• If priorities are equal, the router with the highest Router ID becomes DR.
• Router with second-highest priority/RID becomes BDR.
• Priority 0 = the router is ineligible for DR/BDR (never participates in election).
• Election is non-preemptive — once elected, the DR remains even if a router with a higher priority joins.
The only way to force re-election is to clear the OSPF process on the current DR.
■ Force DR Election Best Practice
Set ip ospf priority 255 on the router you want to be DR and ip ospf priority 100 on the BDR candidate. Set
priority 0 on routers that should never become DR (access switches, etc.). Remember: election is
non-preemptive, so configure before routers come online.
5.3 Multicast Addresses Used by OSPF
Address Name Who Listens When Used
Networking Fundamentals | OSPF Interior Gateway Protocol Page 12
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
[Link] AllSPFRouters All OSPF routers Hello packets; LSU from DR/BDR to all
routers
[Link] AllDRRouters DR and BDR only LSU sent by DROthers to DR/BDR
FF02::5 OSPFv3 All OSPF All OSPFv3 rtrs OSPFv3 equivalent of [Link]
FF02::6 OSPFv3 All DR DR and BDR (v3) OSPFv3 equivalent of [Link]
5.4 OSPF Network Types
Network Type DR/BDR? Hello Dead Discovery Example
Broadcast Yes 10 s 40 s Multicast Ethernet, 802.11
Non-Broadcast (NBMA) Yes 30 s 120s Unicast Frame Relay hub-spoke
Point-to-Point No 10 s 40 s Multicast Serial, PPP, GRE, MPLS
Point-to-Multipoint No 30 s 120s Multicast Frame Relay partial mesh
P2MP Non-Broadcast No 30 s 120s Unicast DMVPN spoke side
Loopback No N/A N/A N/A Loopback interface
Network type is configured per interface: ip ospf network <type>. Choose carefully — mismatched network types
between peers will prevent adjacency formation.
Networking Fundamentals | OSPF Interior Gateway Protocol Page 13
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
6 LSA Types 1–11
The building blocks of the OSPF Link-State Database
Link State Advertisements (LSAs) are the data records that populate the OSPF LSDB. Each LSA
describes one aspect of the network topology. Routers generate LSAs about themselves and flood them to
all routers in their area (or the entire AS for some types). Understanding LSA types is essential for
multi-area design and troubleshooting.
6.1 LSA Common Header (20 Bytes)
Field Size Description
LS Age 2 bytes Age in seconds since origination. Max = 3600s (LSA flushed). Refreshed
every 1800s.
Options 1 byte Capability bits: E (external routing), N (NSSA), DC (demand circuit), etc.
LS Type 1 byte LSA type 1–11 (OSPFv2); upper bits encode flooding scope in OSPFv3
Link State ID 4 bytes Depends on type: Type-1=Router ID, Type-2=DR IP, Type-3=Network IP,
etc.
Advertising Router 4 bytes Router ID of the router that originated this LSA
LS Seq Number 4 bytes Monotonically increasing. Detects newer instances. Starts at
0x80000001.
LS Checksum 2 bytes Fletcher checksum. Excludes LS Age field. Recalculated every 30 min.
Length 2 bytes Total LSA length in bytes including header
6.2 Type 1 & 2: Intra-Area LSAs
LSA Name Originated By Flooded To Describes
Type 1 Router LSA Every router Own area Router's own links: each interface, its state,
neighbours, and cost. One per router per area.
Type 2 Network LSA DR only Own area Multi-access segment. Lists all routers
attached to the segment. Only exists when DR
is elected.
6.3 Type 3 & 4: Inter-Area LSAs (generated by ABRs)
LSA Name Originated By Flooded To Describes
Type 3 Summary LSA (Net) ABR Other areas Network prefixes from other areas.
ABR generates one Type-3 per prefix
learned from the backbone or other
areas. Enables inter-area routing.
Networking Fundamentals | OSPF Interior Gateway Protocol Page 14
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
Type 4 Summary LSA (ASBR) ABR Other areas Reachability to an ASBR. Generated
so routers in other areas can find the
ASBR when processing Type-5 LSAs.
Contains ASBR's Router ID and cost.
6.4 Type 5 & 7: External Routes
LSA Name Originated By Flooded To Metric Types
Type 5 AS External LSA ASBR Entire AS E1: external cost + internal
cost to ASBR E2 (default):
only external cost, constant
everywhere
Type 7 NSSA External LSA ASBR inside NSSA NSSA area only N1 and N2 (same logic as
E1/E2). Converted to Type-5
by ABR when leaving the
NSSA.
■ E1 vs E2 External Routes
E2 (default) routes keep the same metric everywhere — the external metric only. E1 routes add the
internal OSPF cost to reach the ASBR to the external metric, so the metric grows as you move farther from
the ASBR. Use E1 when you have multiple ASBRs redistributing the same routes, so routers pick the
closest ASBR. Use E2 when the external metric is the primary selection criterion.
6.5 Type 9–11: Opaque LSAs (RFC 2370)
LSA Scope Flooded To Primary Uses
Type 9 Link-local Single link Grace-LSA for graceful restart. Not forwarded.
Type 10 Area Single area OSPF Traffic Engineering (MPLS-TE). Carries TE attributes:
bandwidth, delay, SRLG, admin groups.
Type 11 AS-wide Entire OSPF Graceful restart signalling. Extended capability advertisement.
AS
Networking Fundamentals | OSPF Interior Gateway Protocol Page 15
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
7 OSPF Areas & Hierarchical Design
Scaling OSPF with a two-level area hierarchy
7.1 Why Areas?
In a flat single-area OSPF network, every router stores LSAs from every other router in the entire
network. With hundreds of routers, this creates enormous LSDBs, frequent SPF recalculations on every
topology change, and slow convergence. OSPF's area hierarchy solves this by:
• Containing LSA flooding within area boundaries
• Reducing the LSDB size on non-backbone routers
• Limiting SPF recalculation to affected areas only
• Enabling route summarisation at area boundaries (ABRs)
• Hiding external routes from stub areas
7.2 Router Roles
Role Abbreviatio Definition LSAs Generated
n
Internal Router IR All interfaces in one area Type 1 only
Backbone Router BR At least one interface in Area 0 Type 1
Area Border Router ABR Interfaces in 2+ areas (including Area 0) Type 1, 3, 4
AS Boundary Router ASBR Redistributes external routes into OSPF Type 1, 5 (or 7)
ABR + ASBR Both Interfaces in multiple areas AND Type 1, 3, 4, 5
redistributes
7.3 Area Types Deep Dive
OSPF supports five area types with different LSA filtering capabilities:
Normal Area Receives all LSA types (1, 2, 3, 4, 5, 7). Full LSDB including all external routes. Area
0 is always a normal area. Use for areas that need full external route visibility.
Stub Area Blocks Type-5 (external) and Type-4 LSAs. ABR injects a default route (Type-3)
instead. All routers in the area must be configured as stub. Reduces LSDB
significantly. Cannot contain an ASBR.
Totally Stubby Cisco extension of Stub. Blocks Type-3, Type-4, AND Type-5 LSAs. Only Type-1, 2,
and a single default route (Type-3) remain. Only ABR needs 'no-summary'; other
routers just use 'stub'. Maximum reduction.
Networking Fundamentals | OSPF Interior Gateway Protocol Page 16
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
NSSA Not-So-Stubby Area. Blocks Type-5 LSAs but allows a local ASBR to redistribute
external routes as Type-7 LSAs. ABR converts Type-7 to Type-5 when exiting the
NSSA. Useful for branch sites with a local ISP connection.
Totally Stubby NSSA Combines NSSA (allows local ASBR) with Totally Stubby (blocks inter-area
summaries). Only default route and local external routes visible. Maximum reduction
with local ASBR.
7.4 Virtual Links
A virtual link is a logical point-to-point connection that extends Area 0 through a transit area. It is required
when:
• An area cannot connect directly to Area 0 (discontiguous backbone)
• Two OSPF domains are merged and one domain's Area 0 cannot directly connect
Configuration (on both ABRs that border the transit area):
ABR1(config-router)# area <transit-area-id> virtual-link <remote-ABR-RID>
ABR2(config-router)# area <transit-area-id> virtual-link <local-ABR-RID>
■ Virtual Link Limitations
Virtual links are a workaround, not a design solution. The transit area cannot be a stub area. Virtual links
add complexity and are harder to troubleshoot. Always prefer physical redesign over virtual links in
production networks.
Networking Fundamentals | OSPF Interior Gateway Protocol Page 17
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
8 SPF Algorithm
How Dijkstra computes the shortest-path tree
8.1 Dijkstra's Algorithm — Step by Step
After building the LSDB, each router runs Dijkstra's algorithm to construct a Shortest Path Tree (SPT)
with itself as the root. The SPT gives the best next-hop and cost to every destination in the area. OSPF
triggers SPF when it receives a new or changed LSA.
The algorithm maintains two sets of nodes:
• SPT Set (TENT → TREE): Nodes for which the shortest path is confirmed
• Candidate List (TENT): Nodes discovered but not yet confirmed
Algorithm execution:
Init Add self to SPT with cost 0. All other nodes have cost ∞.
Step 1 Add all directly connected neighbours to Candidate List with their link cost.
Step 2 Select the node with the LOWEST cost from Candidate List. Move to SPT.
For each neighbour of the newly added SPT node: calculate total cost = (SPT node cost) + (link cost).
Step 3
If neighbour not in SPT and new cost < current candidate cost, update it.
Step 4 Repeat Steps 2–3 until Candidate List is empty.
Result SPT contains the shortest path to every node. Extract next-hop from the tree.
8.2 OSPF Cost Metric
OSPF's metric is called cost. The cost of a path is the sum of the costs of all outgoing interfaces along
the path. By default, cost is derived from interface bandwidth:
Cost = Reference Bandwidth / Interface Bandwidth
The default reference bandwidth is 100 Mbps, which creates a well-known problem — FastEthernet (100
Mbps) and GigabitEthernet (1 Gbps) both get cost 1, making them indistinguishable:
Interface Bandwidth Default Cost Cost w/ ref 100G
10 Mbps Ethernet 10,000,000 10 10,000
100 Mbps FastEth 100,000,000 1 1,000
1 Gbps GigEth 1,000,000,000 1 ← SAME! 100
10 Gbps 10G 1 ← SAME! 10
100 Gbps 100G 1 ← SAME! 1
T1 Serial 1,544,000 64 64,732
Networking Fundamentals | OSPF Interior Gateway Protocol Page 18
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
56 kbps Serial 56,000 1785 1,785,714
! Fix: Set reference bandwidth to 100 Gbps on ALL routers
Router(config-router)# auto-cost reference-bandwidth 100000
! This makes GigE=100, 10GigE=10, 100GigE=1
■ Critical: auto-cost reference-bandwidth
This command MUST be configured consistently on ALL routers in the OSPF domain. If only some routers
have it, cost calculations will be inconsistent and routing may be suboptimal. Change it before deploying
OSPF, not after.
8.3 Equal-Cost Multipath (ECMP)
When SPF finds two or more paths with identical cost, OSPF installs all of them in the routing table,
creating Equal-Cost Multipath (ECMP). By default, Cisco IOS supports up to 4 ECMP paths (maximum
16 with 'maximum-paths' command):
Router(config-router)# maximum-paths 8 ! allow up to 8 equal-cost paths
8.4 SPF Throttle Timers
OSPF does not run SPF immediately when it receives an LSA. Throttle timers prevent CPU overload
during network instability:
Timer Default Meaning
SPF Delay 5000 ms Delay after receiving LSA before running first SPF
SPF Holdtime 10000 ms Minimum wait between consecutive SPF runs
Max Wait 90000 ms Maximum holdtime (exponential backoff ceiling)
Router(config-router)# timers throttle spf 200 1000 10000 ! faster convergence
Networking Fundamentals | OSPF Interior Gateway Protocol Page 19
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
9 OSPF Configuration
Complete IOS/IOS-XE configuration reference
9.1 Basic OSPFv2 — Single Area
! Step 1: Enter OSPF router config
Router(config)# router ospf 1 ! process ID — local significance only
! Step 2: Set Router ID (always do this manually)
Router(config-router)# router-id [Link]
! Step 3: Advertise networks (wildcard mask)
Router(config-router)# network [Link] [Link] area 0
Router(config-router)# network [Link] [Link] area 0
! Step 4: Fix reference bandwidth (critical!)
Router(config-router)# auto-cost reference-bandwidth 100000
! Step 5: Suppress OSPF on user-facing interfaces
Router(config-router)# passive-interface GigabitEthernet0/1
Router(config-router)# passive-interface default ! passive all, then enable selectively
9.2 Interface-Level OSPF (Preferred Method)
Interface-level OSPF configuration is preferred over the network command because it gives more granular
control and is easier to read:
! Configure OSPF at interface level (IOS 12.2+)
Router(config)# router ospf 1
Router(config-router)# router-id [Link]
Router(config-router)# auto-cost reference-bandwidth 100000
Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip ospf 1 area 0 ! assign to OSPF process 1, area 0
Router(config-if)# ip ospf cost 100 ! manual cost override
Router(config-if)# ip ospf priority 200 ! DR election priority
Router(config-if)# ip ospf hello-interval 5 ! custom hello timer
Router(config-if)# ip ospf dead-interval 20 ! custom dead timer
Router(config-if)# ip ospf mtu-ignore ! ignore MTU mismatch
Router(config-if)# ip ospf network point-to-point ! override network type
9.3 Multi-Area OSPF Configuration
! ABR connecting Area 0 and Area 1
ABR(config)# router ospf 1
ABR(config-router)# router-id [Link]
ABR(config-router)# auto-cost reference-bandwidth 100000
! Area 0 interface
ABR(config)# interface GigabitEthernet0/0
ABR(config-if)# ip ospf 1 area 0
Networking Fundamentals | OSPF Interior Gateway Protocol Page 20
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
! Area 1 interface
ABR(config)# interface GigabitEthernet0/1
ABR(config-if)# ip ospf 1 area 1
! Area type configurations
ABR(config-router)# area 1 stub ! regular stub area
ABR(config-router)# area 1 stub no-summary ! totally stubby (ABR only)
ABR(config-router)# area 2 nssa ! NSSA area
ABR(config-router)# area 2 nssa no-summary ! totally stubby NSSA (ABR only)
! On non-ABR routers in stub area (just the stub keyword)
IR(config-router)# area 1 stub
9.4 Key Verification Commands
Command What to Check
show ip ospf neighbor Neighbour table — all should be FULL/DR, FULL/BDR, or
FULL/ -
show ip ospf neighbor detail Detailed: dead timer, options, DR/BDR info, interface
show ip ospf Process info: Router ID, area count, SPF statistics
show ip ospf interface brief Quick: which interfaces run OSPF, their area, DR/BDR,
cost
show ip ospf interface Gi0/0 Detailed interface: network type, timers, auth, DR/BDR
show ip ospf database LSDB summary: all LSA types present
show ip ospf database router Type-1 LSAs — each router's links
show ip ospf database summary Type-3 LSAs — inter-area prefixes
show ip ospf database external Type-5 LSAs — external prefixes
show ip route ospf OSPF routes installed: O=intra, O IA=inter, O
E1/E2=external
show ip ospf border-routers Routes to ABRs and ASBRs within the area
show ip ospf statistics SPF run count, last SPF trigger, LSA counts
Networking Fundamentals | OSPF Interior Gateway Protocol Page 21
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
10 OSPF Metric & Cost Tuning
Controlling traffic paths through cost manipulation
10.1 Reference Bandwidth
The most important metric tuning command. Without this, FastEthernet, GigEthernet, and 10GigE all have
the same cost (1), making OSPF unable to differentiate high-speed paths:
! Configure on ALL routers — must be consistent across the domain
Router(config-router)# auto-cost reference-bandwidth 100000
! Value is in Mbps. 100000 = 100 Gbps reference
! Results: 1GigE=100, 10GigE=10, 100GigE=1, 100Mbps=1000, 10Mbps=10000
10.2 Manual Interface Cost
Override the auto-calculated cost on a specific interface. Useful when you want to prefer one path over
another regardless of bandwidth:
! Set cost on interface (range 1–65535)
Router(config-if)# ip ospf cost 50
! Alternatively via bandwidth command (affects cost calculation)
Router(config-if)# bandwidth 1000000 ! in kbps
10.3 Offset-List for External Routes
The offset-list adds a fixed metric offset to routes matching an access-list. Useful to make specific
redistributed routes less preferred:
Router(config-router)# offset-list 10 in 100 ! add 100 to incoming routes matching ACL 10
Router(config-router)# offset-list 0 out 50 ! add 50 to all outgoing routes
10.4 Default Route Origination
! Originate default route into OSPF (requires [Link] in routing table)
Router(config-router)# default-information originate
! Force default route even if not in routing table
Router(config-router)# default-information originate always
! With specific metric and metric-type
Router(config-router)# default-information originate always metric 10 metric-type 1
Networking Fundamentals | OSPF Interior Gateway Protocol Page 22
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
11 Route Summarisation & Redistribution
Scaling OSPF and connecting to other protocols
11.1 Inter-Area Summarisation (ABR)
Inter-area summarisation is configured on the ABR and reduces the number of Type-3 LSAs sent into
the backbone or other areas. All specific prefixes within the summary range are suppressed; only the
aggregate is advertised:
! On ABR — summarise Area 1 prefixes into Area 0
ABR(config-router)# area 1 range [Link] [Link]
! All 10.1.x.x/24 prefixes → single [Link]/16 Type-3 LSA
! With cost override and not-advertise option
ABR(config-router)# area 1 range [Link] [Link] cost 50
ABR(config-router)# area 1 range [Link] [Link] not-advertise ! suppress summary
11.2 External Route Summarisation (ASBR)
Summarise external routes before they are redistributed into OSPF. Reduces Type-5 LSA count across
the entire AS:
! On ASBR — summarise external prefixes
ASBR(config-router)# summary-address [Link] [Link]
! All 172.16.x.x routes redistributed → single Type-5 [Link]/16
! With not-advertise (suppress the summary too — used to filter)
ASBR(config-router)# summary-address [Link] [Link] not-advertise
11.3 Redistribution INTO OSPF
When redistributing routes from another protocol or source into OSPF, you must specify a seed metric.
Without it, redistributed routes may have metric 0 and be ignored:
! Redistribute connected interfaces
ASBR(config-router)# redistribute connected subnets metric 20 metric-type 1
! Redistribute static routes
ASBR(config-router)# redistribute static subnets metric 50
! Redistribute BGP
ASBR(config-router)# redistribute bgp 65000 subnets metric 20 metric-type 2
! Redistribute EIGRP with route-map filtering
ASBR(config-router)# redistribute eigrp 100 subnets route-map EIGRP-TO-OSPF
! Redistribute RIP
ASBR(config-router)# redistribute rip subnets metric 30
! subnets keyword is required to redistribute non-classful routes
Networking Fundamentals | OSPF Interior Gateway Protocol Page 23
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
11.4 Redistribution FROM OSPF
! OSPF into BGP (redistributes internal routes)
Router(config-router)# router bgp 65000
Router(config-router)# redistribute ospf 1 match internal
! OSPF into BGP (internal + external)
Router(config-router)# redistribute ospf 1 match internal external 1 external 2
! OSPF into EIGRP
Router(config-router)# router eigrp 100
Router(config-router)# redistribute ospf 1 metric 10000 100 255 1 1500
11.5 Route Filtering
! Distribute-list to filter routes (inbound on specific interface)
Router(config-router)# distribute-list prefix PFX-FILTER in GigabitEthernet0/0
! Filter Type-3 LSAs on ABR (area filter-list)
ABR(config-router)# area 1 filter-list prefix BLOCK-ROUTES in
ABR(config-router)# area 1 filter-list prefix BLOCK-ROUTES out
Networking Fundamentals | OSPF Interior Gateway Protocol Page 24
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
12 OSPF Authentication
Securing OSPF neighbourhoods against unauthorized routers
OSPF authentication prevents unauthorized routers from forming adjacencies and injecting false routing
information. Authentication is configured per-interface or per-area. Three modes are supported:
Mode AuType Security How It Works Recommended?
Level
Null 0 None No authentication — default No (use in lab only)
Plain-text 1 Weak Password sent in clear-text in packet No (visible in
captures)
MD5 2 Moderate MD5 hash of packet + key, includes Yes (minimum for
sequence number to prevent replay production)
HMAC-SHA N/A Strong RFC 5709: HMAC-SHA-1/256/384/512. Yes (best practice)
Key-chain based with key rotation
12.1 Area-Level Authentication
! Enable MD5 auth for entire area (all interfaces in area must have key)
Router(config-router)# area 0 authentication message-digest
! On each interface in Area 0
Router(config-if)# ip ospf message-digest-key 1 md5 MySecretKey123
! Key ID (1) must match on both sides. Key string must match.
12.2 Interface-Level MD5 Authentication
! Interface-level overrides area-level setting
Router(config-if)# ip ospf authentication message-digest
Router(config-if)# ip ospf message-digest-key 1 md5 MySecretKey123
! Multiple keys for hitless key rotation
Router(config-if)# ip ospf message-digest-key 1 md5 OldKey
Router(config-if)# ip ospf message-digest-key 2 md5 NewKey
! Both keys accepted during transition; old key removed after all peers updated
12.3 SHA-256 Authentication (RFC 5709)
RFC 5709 provides cryptographically strong authentication using HMAC-SHA algorithms. It uses a key
chain for easy key rotation:
! Step 1: Create key chain
Router(config)# key chain OSPF-AUTH
Router(config-keychain)# key 1
Router(config-keychain-key)# key-string StrongP@ssw0rd!
Router(config-keychain-key)# cryptographic-algorithm hmac-sha-256
Router(config-keychain-key)# send-lifetime [Link] Jan 1 2024 infinite
Router(config-keychain-key)# accept-lifetime [Link] Jan 1 2024 infinite
Networking Fundamentals | OSPF Interior Gateway Protocol Page 25
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
! Step 2: Apply to OSPF interface
Router(config-if)# ip ospf authentication key-chain OSPF-AUTH
! Verify
Router# show ip ospf interface GigabitEthernet0/0 | include auth
Networking Fundamentals | OSPF Interior Gateway Protocol Page 26
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
13 OSPFv3 for IPv6
OSPF redesigned for the IPv6 world
OSPFv3 (RFC 5340) is a major redesign of OSPF to support IPv6. It is NOT backward compatible with
OSPFv2. Key architectural change: network addresses are removed from Router and Network LSAs.
Address information is carried in new LSA types. OSPFv3 runs directly over IPv6 link-local addresses.
13.1 OSPFv3 vs OSPFv2 Key Differences
Aspect OSPFv2 (IPv4) OSPFv3 (IPv6)
IP Version IPv4 only IPv6 (plus IPv4 via AF mode)
Src/Dst Addresses IPv4 interface addresses IPv6 link-local addresses
Auth Method Built-in (plain/MD5) in header IPsec (AH/ESP) — RFC 4552
Router/Net LSA Contain IPv4 prefixes No addresses — only topology
Prefix Info In Type-1/2 LSAs In new Type-8/9 LSAs
Link ID IP address Interface ID (ifindex)
Multicast [Link] / [Link] FF02::5 / FF02::6
Instance ID Not supported Multiple instances per link
New LSA Types Types 1–7, 9–11 Adds Type-8 (Link LSA), Type-9
(Intra-Area-Prefix LSA)
Config Style network command or per-interface Per-interface (ipv6 ospf process area)
13.2 New LSA Types in OSPFv3
LSA Name Generated By Describes
Type
Type 8 Link LSA Every router Link-local address and list of IPv6 prefixes on the link.
Flooded link-local scope only.
Type 9 Intra-Area-Prefix Router or DR IPv6 prefixes associated with a router (stub links) or a
transit network. Replaces prefix info that was in
Type-1/2 for OSPFv2.
13.3 OSPFv3 Configuration (Classic Mode)
! Enable IPv6 routing globally
Router(config)# ipv6 unicast-routing
! Configure OSPFv3 process
Router(config)# ipv6 router ospf 1
Router(config-rtr)# router-id [Link] ! required — no IPv6 addr for auto-selection
Networking Fundamentals | OSPF Interior Gateway Protocol Page 27
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
Router(config-rtr)# auto-cost reference-bandwidth 100000
! Enable on each interface
Router(config)# interface GigabitEthernet0/0
Router(config-if)# ipv6 enable
Router(config-if)# ipv6 ospf 1 area 0
! Verification
Router# show ipv6 ospf neighbor
Router# show ipv6 ospf database
Router# show ipv6 route ospf
13.4 OSPFv3 Address Families (IOS XE — IPv4 + IPv6 in one process)
! Single OSPFv3 process carrying both IPv4 and IPv6
Router(config)# router ospfv3 1
Router(config-router)# router-id [Link]
Router(config-router)# address-family ipv4 unicast
Router(config-router-af)# area 0
Router(config-router-af)# exit-address-family
Router(config-router)# address-family ipv6 unicast
Router(config-router-af)# area 0
Router(config-router-af)# exit-address-family
! Enable AF on interface
Router(config-if)# ospfv3 1 ipv4 area 0
Router(config-if)# ospfv3 1 ipv6 area 0
Networking Fundamentals | OSPF Interior Gateway Protocol Page 28
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
14 OSPF Timers & Fast Convergence
Tuning OSPF for rapid failure detection and recovery
14.1 OSPF Timer Reference Table
Timer Broadcast/P2P NBMA IOS Command
Hello Interval 10 s 30 s ip ospf hello-interval
Dead Interval 40 s 120 s ip ospf dead-interval
Retransmit Interval 5s 5s ip ospf retransmit-interval
Transmit Delay 1s 1s ip ospf transmit-delay
LSA Min Arrival 1000 ms 1000 ms timers lsa arrival
LSA Throttle — min 0 ms 0 ms timers throttle lsa
LSA Throttle — hold 5000 ms 5000 ms timers throttle lsa 0 5000 5000
SPF Delay 5000 ms 5000 ms timers throttle spf
SPF Holdtime 10000 ms 10000 ms timers throttle spf 200 1000 10000
SPF Max Wait 90000 ms 90000 ms (third value in throttle spf)
LSA Refresh 30 min 30 min Automatic — not configurable
LSA MaxAge 60 min 60 min Automatic — LSA flushed at MaxAge
14.2 Fast Hello — Sub-Second Detection
The fast hello feature reduces the dead interval to 1 second, sending multiple Hellos per second:
! Send 5 Hellos per second → dead interval = 1 second
Router(config-if)# ip ospf dead-interval minimal hello-multiplier 5
! 'minimal' sets dead-interval to 1s; multiplier = hellos-per-second
! Both sides must have matching configuration
14.3 BFD — Bidirectional Forwarding Detection
BFD (RFC 5880) is a lightweight protocol that provides sub-millisecond to sub-second failure detection,
independently of any routing protocol. OSPF delegates failure detection to BFD and reacts immediately
when BFD signals a link failure:
! Enable BFD on interface
Router(config-if)# bfd interval 300 min_rx 300 multiplier 3
! 300ms tx interval, 300ms rx interval, 3 missed = failure (900ms detection)
! Link OSPF to BFD
Router(config-if)# ip ospf bfd
Networking Fundamentals | OSPF Interior Gateway Protocol Page 29
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
! OR globally for all OSPF interfaces
Router(config-router)# bfd all-interfaces
! Verify
Router# show bfd neighbors
Router# show bfd neighbors details
14.4 LSA and SPF Throttling
Throttling prevents CPU overload during network instability. The exponential backoff increases the hold
time after each consecutive event:
! Aggressive settings for fast convergence (data center / campus)
Router(config-router)# timers throttle spf 50 200 5000
! spf-delay=50ms, hold=200ms, max=5000ms
Router(config-router)# timers throttle lsa 50 200 5000
! lsa-min=50ms, hold=200ms, max=5000ms
! Conservative settings for WAN (prevent instability amplification)
Router(config-router)# timers throttle spf 5000 10000 90000
Router(config-router)# timers throttle lsa 5000 10000 90000
14.5 Loop-Free Alternates (LFA) — IP Fast Reroute
LFA (RFC 5286) pre-computes a backup next-hop for every prefix. When the primary path fails, traffic
immediately switches to the LFA without waiting for SPF, achieving near-zero packet loss:
! Enable per-prefix LFA fast-reroute
Router(config-router)# fast-reroute per-prefix enable area 0
! Interface-level
Router(config-if)# ip ospf fast-reroute per-prefix
! Verify computed LFAs
Router# show ip ospf fast-reroute
Router# show ip route repair-paths
Networking Fundamentals | OSPF Interior Gateway Protocol Page 30
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
15 Troubleshooting OSPF
Systematic diagnosis from adjacency to routing issues
15.1 Troubleshooting Methodology
Use this layered approach for any OSPF problem:
• Layer 1 — Physical/Data Link: Check interface is up/up. Check cable, speed, duplex.
• Layer 2 — IP Connectivity: Ping neighbour IP. Check same subnet, correct mask.
• Layer 3 — OSPF Parameters: Check area ID, timers, auth, stub flags match.
• Layer 4 — Neighbour State: Is neighbour in table? What state? Use show ip ospf neighbor.
• Layer 5 — Database: Check LSDB has expected LSAs. Missing routes = missing LSAs.
• Layer 6 — SPF/Routes: Are routes in routing table? Check cost, filter, summarisation.
15.2 Complete Show Command Reference
Command Purpose & What to Look For
show ip ospf neighbor State must be FULL. Any Init/2-Way/ExStart = problem.
show ip ospf neighbor detail Check dead time counting down (not stuck), options match,
interface.
show ip ospf SPF run count should be stable. High/growing = instability.
show ip ospf interface Gi0/0 Network type, Hello/Dead intervals, Auth type, DR/BDR,
cost.
show ip ospf interface brief Quick check of all OSPF interfaces — state, cost, nbrs.
show ip ospf database Count LSAs. Missing type = area type or filter issue.
show ip ospf database router self-originate Your own Type-1 LSA — verify all links advertised.
show ip ospf database summary Type-3 LSAs — inter-area prefixes visible.
show ip ospf database external Type-5 LSAs — external routes. Should be empty in stub.
show ip ospf database nssa-external Type-7 LSAs — NSSA external routes.
show ip ospf border-routers Routes to ABRs/ASBRs — verify reachable.
show ip route ospf O=intra-area, O IA=inter-area, O E1/E2=external, O
N1/N2=NSSA.
show ip ospf statistics SPF history, LSA types count.
show ip ospf flood-list interface Gi0/0 LSAs waiting to be flooded — high count = congestion.
15.3 Debug Commands (Use with Caution)
Networking Fundamentals | OSPF Interior Gateway Protocol Page 31
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
! Safe on low-traffic links
debug ip ospf events ! OSPF state changes, SPF triggers
debug ip ospf adj ! Adjacency formation step-by-step
debug ip ospf hello ! Hello packet send/receive
debug ip ospf lsa-generation ! When LSAs are generated
debug ip ospf flooding ! LSA flooding details
! ALWAYS stop debug when done
no debug all
undebug all
■ Debug Warning
Debug commands generate massive console output and can crash busy routers. Always use 'terminal
monitor' to see output on VTY. Set a time limit: 'debug ip ospf events' then check for 30 seconds, then
'undebug all'. Never run debug on a core router during business hours.
15.4 Common Problems & Solutions
Symptom Likely Cause Fix
Neighbour stuck in Init Unicast Hello not received back Check ACL blocking; check NBMA
neighbour statement
Stuck at 2-Way (not Full) DROther-to-DROther on broadcast Normal — not a problem unless should be
Full
Stuck in ExStart/Exchange MTU mismatch (most common) ip ospf mtu-ignore OR match MTU both
sides
Neighbour keeps flapping BFD/Dead interval too low, unstable Increase timers; check physical layer;
link check QoS
Routes missing (O IA) ABR not advertising; stub blocks it Check area config; remove filter; check
area type
Type-5 in stub area Router not configured as stub Add 'area X stub' to router config
Wrong next-hop / suboptimal Cost not tuned; reference BW auto-cost reference-bandwidth on all
mismatch routers
OSPF adjacency drops at SNMP/NMS traffic causing load Check process CPU; tune timers; check
night QoS
High CPU — SPF thrashing Flapping link generating LSAs Fix physical issue; tune SPF/LSA throttle
timers
'OSPF: not in valid state' log Duplicate Router ID Change router-id on one router; clear ospf
process
Routes installed then LSA MaxAge — routing loop / filter Check for duplicate LSAs; check
removed distribute-list
No routes despite Full adj SPF not running; route filtered check distribute-list, area filter-list, ACL
Networking Fundamentals | OSPF Interior Gateway Protocol Page 32
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
16 Advanced OSPF Topics
OSPF-TE, Graceful Restart, Segment Routing, and more
16.1 OSPF Traffic Engineering (OSPF-TE)
OSPF-TE extends OSPF to carry Traffic Engineering attributes using Opaque LSAs (Type-10). These
attributes allow RSVP-TE to compute constrained paths for MPLS LSPs based on bandwidth, delay,
admin groups, and SRLG:
TE Attribute Description
Maximum Bandwidth Physical interface bandwidth
Max Reservable BW Maximum BW that can be reserved (may exceed physical)
Unreserved BW Available bandwidth per priority level (0–7)
TE Metric Separate metric for TE path computation (can differ from OSPF cost)
Admin Group Colour/affinity bits — group links for policy-based path selection
SRLG Shared Risk Link Group — links sharing same physical risk (same fibre)
Router(config)# mpls traffic-eng tunnels
Router(config)# router ospf 1
Router(config-router)# mpls traffic-eng area 0
Router(config-router)# mpls traffic-eng router-id Loopback0
Router(config-if)# mpls traffic-eng tunnels
Router(config-if)# ip rsvp bandwidth 1000000
16.2 Graceful Restart — NSF and NSR
When a router restarts its control plane (RP failover, process restart), OSPF normally tears down all
adjacencies and reconverges. Graceful Restart allows the router to restart without affecting forwarding:
Mechanism Description Config
NSF (Non-Stop Router signals restart in Grace-LSA. Neighbours act nsf (Cisco) OR
Forwarding) as helpers and continue forwarding. Router graceful-restart
re-establishes adjacencies quickly.
NSR (Non-Stop Routing) Standby RP maintains full OSPF state. Switchover is nsf ietf OR nsr
transparent — no restart signalling needed, no helper (platform-specific)
required.
Graceful Restart Grace Time allowed to complete restart. Default 120s. graceful-restart
Period Should be less than Dead Interval on helpers. grace-period 60
16.3 OSPF Segment Routing (SR-OSPF)
Networking Fundamentals | OSPF Interior Gateway Protocol Page 33
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
SR-OSPF (RFC 8665) uses OSPF Opaque LSAs to advertise Segment IDs (SIDs), enabling MPLS
forwarding without LDP or RSVP. Each router gets a Node SID; each adjacency gets an Adj-SID:
! Enable SR globally
Router(config)# segment-routing mpls
! Enable SR in OSPF
Router(config-router)# segment-routing mpls
Router(config-router)# segment-routing forwarding mpls
! Assign Node SID on Loopback
Router(config-if)# ip ospf prefix-sid index 10
! Node SID = SRGB-base + index (e.g. 16000 + 10 = 16010)
! Verify
Router# show ip ospf segment-routing
Router# show mpls forwarding-table
16.4 Multi-Area Adjacency (RFC 5185)
Allows a single physical interface to participate in multiple OSPF areas simultaneously. The interface
keeps its primary area assignment but also forms an adjacency in a secondary area. Used for Traffic
Engineering purposes where a link needs to appear in multiple area topologies:
Router(config-if)# ip ospf multi-area 0 ! add this interface to Area 0 as well
16.5 Remote LFA (rLFA) — Extended Fast Reroute
Standard LFA only works when a direct neighbour provides a loop-free alternate. rLFA (RFC 7490) uses a
tunnel to a Remote LFA (P-space) node to provide backup for topologies where no direct LFA exists:
• Standard LFA: backup via direct neighbour (no tunnel)
• rLFA: backup via MPLS tunnel to a remote P-node, then normal routing
• Topology-Independent LFA (TI-LFA): segment routing based — provides 100% coverage
Networking Fundamentals | OSPF Interior Gateway Protocol Page 34
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
17 OSPF Design Best Practices
Production network design guidance from experience
17.1 Area Design Principles
DO — Area Design AVOID — Common Mistakes
• Keep Area 0 stable and well-connected with • Very large single areas (50+ routers without
dual ABRs strong hardware)
• Keep areas to 50–200 routers (platform • Virtual links in production (redesign topology
dependent) instead)
• Use stub/totally stubby areas at branch/edge • Flat single-area design for large networks
sites • Inconsistent auto-cost reference-bandwidth
• Use NSSA when a branch has a local internet across domain
exit • OSPF on user access ports (security risk —
• Summarise aggressively at ABRs — reduces use passive-interface)
Type-3 LSA count • No authentication on OSPF interfaces
• Design contiguous areas — avoid virtual links • Multiple OSPF processes redistributing into
• Use loopback interfaces for Router IDs each other (loop risk)
• Number areas logically (match with site/region • Changing Router ID on live routers without
IDs) maintenance window
17.2 Scalability Guidelines
Parameter Recommendation Notes
Routers per area 50–200 Depends heavily on CPU/RAM; LSA count matters more
Areas per ABR 2–4 max More areas = more LSDB copies + higher CPU
LSAs per area < 10,000 Watch 'show ip ospf' for LSDB size
Reference bandwidth 100,000 Mbps (100G) Set consistently on ALL routers
ECMP paths 4–8 Use 'maximum-paths 8' if needed
SPF throttle (campus) 50/200/5000 ms Fast convergence for stable topologies
SPF throttle (WAN) 5000/10000/90000 ms Prevent thrashing on unstable links
Hello/Dead (BFD nets) 1/3 ms via BFD Use BFD instead of fast-hello for accuracy
Summarisation At every ABR One summary per area, not per-prefix
Authentication MD5 minimum, SHA-256 On all OSPF interfaces in production
17.3 Security Hardening
Networking Fundamentals | OSPF Interior Gateway Protocol Page 35
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
• Authentication: Always enable MD5 or SHA-256 on all OSPF interfaces. Prevents rogue routers joining.
• Passive Interface: Run 'passive-interface default' and selectively enable only real OSPF links.
• Prefix Filtering: Use area filter-list or distribute-list to prevent route leakage.
• Monitoring: Alert on unexpected neighbour state changes (SNMP traps / syslog).
• Rate Limiting: Use control-plane policing (CoPP) to rate-limit OSPF traffic to CPU.
• OSPF TTL Security: 'ip ospf ttl-security hops 1' — drops OSPF packets not from direct neighbour.
Router(config-router)# ttl-security all-interfaces ! global TTL security
Router(config-if)# ip ospf ttl-security hops 1 ! interface level
17.4 High Availability Design
• Dual ABRs per area: Always have two ABRs connecting non-backbone areas to Area 0.
• Loopback-sourced adjacencies: Use Loopback IPs for router-IDs, always reachable.
• BFD everywhere: Deploy BFD for fast failure detection on all critical links.
• NSF/NSR: Enable on all routers with redundant route processors.
• IP Fast Reroute: Deploy LFA or TI-LFA for sub-50ms traffic recovery.
• Incremental SPF: Enable 'ispf' to reduce SPF load during reconvergence.
• ECMP: Design equal-cost paths for built-in load balancing and redundancy.
Networking Fundamentals | OSPF Interior Gateway Protocol Page 36
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
18 Quick Reference & Cheat Sheet
All key values, commands, and RFCs in one place
18.1 Key Protocol Values
Parameter Value
IP Protocol Number 89
Multicast — All OSPF [Link] (OSPFv3: FF02::5)
Multicast — DR/BDR [Link] (OSPFv3: FF02::6)
Admin Distance (int) 110
Admin Distance (ext) 110
Max LSA Age 3600 seconds (1 hour)
LSA Refresh Interval 1800 seconds (30 minutes)
Default Hello (P2P) 10 seconds
Default Dead (P2P) 40 seconds
Default Hello (NBMA) 30 seconds
Default Dead (NBMA) 120 seconds
Default Retransmit 5 seconds
Default Ref BW 100 Mbps (recommend: 100,000 Mbps = 100G)
Default Cost FastEth 1 (with default ref BW)
Default Cost GigEth 1 (same as FastEth — change ref BW!)
LSA Seq# Start 0x80000001
Router Priority Range 0–255 (0=never DR/BDR, default=1)
18.2 Essential IOS Commands
Category Command Notes
Config router ospf 1 Enter OSPF process config
Config router-id [Link] Set Router ID manually
Config auto-cost reference-bandwidth 100000 Fix GigE/10G cost
Config passive-interface default Suppress on all interfaces
Config network [Link] [Link] area 0 Advertise network
Networking Fundamentals | OSPF Interior Gateway Protocol Page 37
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
Interface ip ospf 1 area 0 Assign interface to OSPF
Interface ip ospf cost 100 Set manual cost
Interface ip ospf priority 255 DR election priority
Interface ip ospf hello-interval 5 Custom hello timer
Interface ip ospf dead-interval 20 Custom dead timer
Interface ip ospf network point-to-point Force P2P network type
Area area 1 stub no-summary Totally stubby area (ABR)
Area area 1 range [Link] [Link] Inter-area summarisation
Timers timers throttle spf 50 200 5000 Fast SPF timers
Timers timers throttle lsa 50 200 5000 Fast LSA timers
Auth area 0 authentication message-digest Enable MD5 for area
Auth ip ospf message-digest-key 1 md5 KEY Set MD5 key on interface
Verify show ip ospf neighbor Check neighbour states
Verify show ip ospf database View LSDB
Verify show ip route ospf View OSPF routes
Debug debug ip ospf adj Adjacency debug
18.3 RFC Reference Index
RFC Title Year
2328 OSPF Version 2 (OSPFv2) — current IPv4 standard 1998
5340 OSPF for IPv6 (OSPFv3) — current IPv6 standard 2008
3101 The OSPF NSSA Option 2003
2370 Opaque LSA Option for OSPF 1998
3630 Traffic Engineering Extensions to OSPF 2003
3623 Graceful OSPF Restart 2003
4552 Authentication/Confidentiality for OSPFv3 2006
5185 OSPF Multi-Area Adjacency 2008
5286 Basic Spec for IPv4 Loop-Free Alternates 2008
5709 OSPFv2 HMAC-SHA Cryptographic Auth 2009
7490 Remote LFA FRR with MPLS 2015
8665 OSPF Segment Routing Extensions 2019
Networking Fundamentals | OSPF Interior Gateway Protocol Page 38
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
8666 OSPFv3 Segment Routing Extensions 2019
Networking Fundamentals | OSPF Interior Gateway Protocol Page 39
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
19 OSPF Packet Deep Dive
Wire-format analysis of every OSPF packet type
19.1 Hello Packet — Wire Format
A Hello packet is an OSPF Type-1 packet. Below is the complete byte-level layout after the 24-byte
common header:
Offset Field Size Description
0 Network Mask 4 bytes Subnet mask of sending interface (e.g. [Link])
4 Hello Interval 2 bytes HelloInterval in seconds
6 Options 1 byte Capabilities: E=external, N=NSSA, DC=demand, O=opaque, etc.
7 Rtr Pri 1 byte Router priority for DR/BDR election
8 Router Dead Interval 4 bytes RouterDeadInterval in seconds
12 Designated Router 4 bytes IP address of DR ([Link] if none known)
16 Backup DR 4 bytes IP address of BDR ([Link] if none known)
20+ Neighbor List Variable List of Router IDs from which Hellos have been received
19.2 DBD Packet — Wire Format
The Database Description (DBD) packet is used during the ExStart and Exchange states to summarise the
LSDB:
Offset Field Size Description
0 Interface MTU 2 bytes MTU of sending interface. Receiving router drops DBD if its own MTU is
smaller (unless mtu-ignore)
2 Options 1 byte Same options byte as Hello
3 Flags (I/M/MS) 1 byte I=Init (first DBD), M=More (more DBDs to follow), MS=Master/Slave
4 DD Sequence # 4 bytes Sequence number controlled by Master
8+ LSA Headers Variable 20-byte LSA headers (one per LSA being described)
19.3 LSU Packet — Wire Format
The Link-State Update (LSU) carries complete LSAs:
Offset Field Size Description
0 # of LSAs 4 bytes Count of LSAs contained in this packet
Networking Fundamentals | OSPF Interior Gateway Protocol Page 40
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
4+ LSAs Variable One or more complete LSAs (each with 20-byte header + body)
19.4 OSPF Options Byte Bit Fields
Bit Name Meaning
Bit 0 MT Multi-Topology OSPF (RFC 4915) — multiple topology support
Bit 1 E External Routing Capability — router can flood AS-external LSAs. MUST be 0 for stub area
routers.
Bit 2 MC Multicast Capability (MOSPF) — largely obsolete
Bit 3 N NSSA Capability — router supports NSSA (Type-7 LSAs). MUST be 1 in NSSA areas.
Bit 4 L LLS (Link-Local Signaling) data block present after OSPF packet
Bit 5 DC Demand Circuits — suppress periodic Hellos/LSA refreshes on dial-on-demand
Bit 6 O Opaque LSA Capability — router can receive and store Opaque LSAs (Types 9-11)
Bit 7 DN Down bit — loop prevention for VPN/OSPF redistribution
Networking Fundamentals | OSPF Interior Gateway Protocol Page 41
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
20 LSA Body Formats
Internal structure of each LSA type
20.1 Type-1 Router LSA Body
The Router LSA describes a router's interfaces. After the 20-byte header, the body contains a list of link
descriptions. There are four link types:
Link Name Link ID Link Data Description
Type
1 Point-to-Point Neighbour Router ID Local interface IP P2P connection to another
router
2 Transit Network DR's interface IP Local interface IP Link to a multi-access
segment with DR
3 Stub Network Network address Network mask Network with no OSPF
neighbours (e.g. loopback)
4 Virtual Link Neighbour Router ID Local interface IP Virtual link connection
20.2 Type-2 Network LSA Body
The Network LSA is originated by the DR and describes the multi-access segment:
Field Description
Network Mask Subnet mask of the transit network
Attached Router Router ID of the DR itself
Attached Router Router ID of each other Full-adjacent router on the segment
... (repeated) One entry per router in Full state with the DR
20.3 Type-5 External LSA Body
Field Description
Network Mask Subnet mask of the external destination
E bit 0=E1 metric type, 1=E2 metric type (bit in options byte)
Metric Cost of the external route (seed metric from redistribution)
Forwarding Address Next-hop to use for this external route. Usually [Link] (use ASBR as next-hop).
Non-zero if ASBR has an interface on the path.
External Route Tag 32-bit tag — can carry BGP AS number or policy values across OSPF
Networking Fundamentals | OSPF Interior Gateway Protocol Page 42
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
■ Forwarding Address in Type-5 LSAs
The Forwarding Address (FA) is a key concept. When non-zero, it tells receiving routers to use this
address as the next-hop instead of the ASBR. This happens when the ASBR's next-hop interface is also
running OSPF. A non-zero FA can cause route calculation issues if the FA is not reachable via OSPF
intra-area or inter-area routes.
20.4 LSA Aging and Flooding
The LS Age field increments as the LSA traverses the network. When a router forwards an LSA, it
increments the age by InfTransDelay (default 1 second). The lifecycle:
• Age 0: LSA just originated (or refreshed)
• Age 1800s (30 min): LSA due for refresh — originating router sends new instance
• Age 3600s (60 min): MaxAge — LSA is flushed from all LSDBs
• Premature MaxAge: Originated with MaxAge to explicitly flush an LSA (used when withdrawing a route)
• DoNotAge (0x8000 bit): LSA age does not increment — used on demand circuits (RFC 1793)
Networking Fundamentals | OSPF Interior Gateway Protocol Page 43
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
21 Real-World OSPF Scenarios
Complete worked examples with configurations
21.1 Scenario: Enterprise Multi-Area OSPF
A company has a headquarters (HQ) and three branch offices. The HQ connects to the internet. Design
uses Area 0 at HQ, Area 1 for North branch, Area 2 (stub) for East branch, and Area 3 (NSSA) for West
branch which has its own DSL line:
Internet
|
ASBR (HQ) — Area 0 (Backbone)
/ \ \
ABR-N ABR-E ABR-W
| | |
Area 1 (Normal) Area 2 Area 3 (NSSA)
North Branch (Stub) West Branch
East Branch + local DSL ASBR
Area 0: Core routers, ABRs, ASBR
Area 1: Normal — sees all routes including external
Area 2: Stub — no Type-5, just default route from ABR
Area 3: NSSA — local ASBR redistributes DSL into OSPF as Type-7
! HQ Core Router (Area 0) — also ASBR
HQ-Core(config)# router ospf 1
HQ-Core(config-router)# router-id [Link]
HQ-Core(config-router)# auto-cost reference-bandwidth 100000
HQ-Core(config-router)# redistribute bgp 65000 subnets metric 20 metric-type 2
HQ-Core(config-router)# default-information originate always
! ABR-East (connects Area 0 and Area 2 stub)
ABR-E(config-router)# router-id [Link]
ABR-E(config-router)# area 2 stub no-summary ! totally stubby
ABR-E(config-if)# ip ospf 1 area 0 ! uplink to Area 0
ABR-E(config-if)# ip ospf 1 area 2 ! downlink to Area 2
ABR-E(config-router)# area 2 range [Link] [Link] ! summarise
! West Branch ASBR (inside Area 3 NSSA)
West-ASBR(config-router)# router-id [Link]
West-ASBR(config-router)# area 3 nssa
West-ASBR(config-router)# redistribute static subnets ! DSL routes
21.2 Scenario: OSPF over DMVPN
DMVPN (Dynamic Multipoint VPN) with OSPF requires special network type configuration. The hub should
use broadcast or point-to-multipoint, and spokes use point-to-multipoint or point-to-point (per-spoke
tunnels):
Networking Fundamentals | OSPF Interior Gateway Protocol Page 44
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
! Hub router — DMVPN tunnel interface
Hub(config-if)# interface Tunnel0
Hub(config-if)# ip ospf network broadcast ! hub = DR
Hub(config-if)# ip ospf priority 255 ! ensure hub is DR
Hub(config-if)# ip ospf hello-interval 10
Hub(config-if)# ip ospf dead-interval 40
Hub(config-if)# ip ospf 1 area 0
! Spoke router — DMVPN tunnel interface
Spoke(config-if)# interface Tunnel0
Spoke(config-if)# ip ospf network broadcast
Spoke(config-if)# ip ospf priority 0 ! never DR
Spoke(config-if)# ip ospf 1 area 0
21.3 Scenario: OSPF with Route Maps
Use route maps for selective redistribution with metric manipulation and tagging:
! Route map for BGP → OSPF redistribution
ip prefix-list CUSTOMER-ROUTES seq 10 permit [Link]/24
ip prefix-list CUSTOMER-ROUTES seq 20 permit [Link]/24
route-map BGP-TO-OSPF permit 10
match ip address prefix-list CUSTOMER-ROUTES
set metric 50
set metric-type type-1
set tag 65000
!
route-map BGP-TO-OSPF deny 20 ! deny everything else
! Apply in OSPF
Router(config-router)# redistribute bgp 65000 subnets route-map BGP-TO-OSPF
Networking Fundamentals | OSPF Interior Gateway Protocol Page 45
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
22 OSPF Performance Tuning
Advanced optimisation for large-scale deployments
22.1 Incremental SPF (iSPF)
Standard SPF recalculates the entire shortest-path tree even if only a small part of the topology changed.
Incremental SPF (iSPF) recalculates only the affected portion of the tree, dramatically reducing CPU
usage in large networks:
! Enable incremental SPF
Router(config-router)# ispf
! Verify iSPF is running
Router# show ip ospf | include Incremental
■ iSPF Impact
iSPF is most beneficial in large areas (100+ routers) where topology changes are localized. In small areas,
the overhead of incremental computation may exceed the savings. Always measure CPU before and after
enabling iSPF on production routers.
22.2 OSPF Stub Router Advertisement (RFC 3137)
When a router is starting up, reloading, or about to go down for maintenance, it can advertise itself as a
stub router by setting all interface costs to MaxLinkMetric (65535). This causes traffic to flow around the
router until it is fully converged:
! Advertise as stub on startup until OSPF fully converges
Router(config-router)# max-metric router-lsa on-startup wait-period 300
! 300 = seconds to wait after startup before removing max-metric
! Advertise as stub until BGP has converged (useful for Internet routers)
Router(config-router)# max-metric router-lsa on-startup wait-for-bgp
! Permanently advertise as stub (maintenance mode)
Router(config-router)# max-metric router-lsa
! Verify
Router# show ip ospf | include max-metric
22.3 OSPF Demand Circuits (RFC 1793)
On dial-on-demand or cost-per-packet circuits, OSPF's periodic Hello and LSA refresh traffic would cause
unnecessary dial-outs. Demand Circuits suppress periodic Hellos and LSA refreshes:
! Enable demand circuit on dial interface
Router(config-if)# ip ospf demand-circuit
! Hellos are negotiated to stop after adjacency forms
! LSAs use DoNotAge bit — not refreshed periodically
Networking Fundamentals | OSPF Interior Gateway Protocol Page 46
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
22.4 OSPF LSA Pacing
LSA pacing controls how quickly LSAs are flooded in a burst. This prevents CPU spikes and drops during
mass LSA flooding events (e.g., after a router comes online with a large LSDB):
! Flood pacing — delay between LSA flood batches (default: 33ms)
Router(config-router)# timers pacing flood 20
! Retransmission pacing — delay between LSU retransmissions (default: 66ms)
Router(config-router)# timers pacing retransmission 100
! LSDB group pacing — interval for grouping LSA refresh/MaxAge (default: 240s)
Router(config-router)# timers pacing lsa-group 120
22.5 OSPF Database Summary Filter
On ABRs, you can prevent specific Type-3 LSAs from being generated into an area using a prefix list filter:
! Block specific prefix from being advertised into Area 1
ip prefix-list NO-172 seq 10 deny [Link]/12 le 32
ip prefix-list NO-172 seq 20 permit [Link]/0 le 32
Router(config-router)# area 1 filter-list prefix NO-172 in
! 'in' = filter LSAs coming into Area 1 from other areas
! 'out' = filter LSAs going out of Area 1 to other areas
Networking Fundamentals | OSPF Interior Gateway Protocol Page 47
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
23 OSPFv3 Advanced Configuration
Authentication, address families, and tuning
23.1 OSPFv3 Authentication with IPsec
OSPFv3 removed the built-in authentication from the packet header and instead relies on IPsec
Authentication Header (AH) or Encapsulating Security Payload (ESP) per RFC 4552:
! IPsec AH authentication for OSPFv3 interface
Router(config-if)# ipv6 ospf authentication ipsec spi 256 sha1
123456789012345678901234567890AB
! SPI must match both sides; key is 40 hex chars for SHA-1
! IPsec ESP encryption + authentication
Router(config-if)# ipv6 ospf encryption ipsec spi 512 esp aes-cbc 256 sha1
! Area-level authentication
Router(config-rtr)# area 0 authentication ipsec spi 256 sha1 <40-hex-key>
23.2 OSPFv3 Prefix Suppression
In OSPFv3 with Address Families, you can suppress IPv4 or IPv6 prefixes from being advertised while
keeping the OSPF topology:
! Suppress interface prefixes from being advertised in LSAs
Router(config-if)# ipv6 ospf prefix-suppression
! Or globally for all interfaces
Router(config-rtr)# prefix-suppression
23.3 OSPFv3 Verification Commands
Command Purpose
show ipv6 ospf neighbor OSPFv3 neighbour table
show ipv6 ospf neighbor detail Detailed neighbour info
show ipv6 ospf database OSPFv3 LSDB summary
show ipv6 ospf database router Type-1 Router LSAs
show ipv6 ospf database prefix Type-9 Intra-Area-Prefix LSAs
show ipv6 ospf database link Type-8 Link LSAs
show ipv6 ospf interface brief OSPFv3 interface summary
show ipv6 route ospf OSPFv3 routes (OI=inter-area, OE=external)
show ospfv3 neighbor AF-aware neighbour table (IOS XE)
show ospfv3 database AF-aware LSDB
Networking Fundamentals | OSPF Interior Gateway Protocol Page 48
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
debug ipv6 ospf events OSPFv3 event debug
debug ipv6 ospf adj OSPFv3 adjacency debug
23.4 Migrating from OSPFv2 to OSPFv3
• Dual-Stack Migration: Run both OSPFv2 (IPv4) and OSPFv3 (IPv6) simultaneously during transition.
• OSPFv3 AF Mode: Use single OSPFv3 process carrying both IPv4 and IPv6 (simplifies management).
• Router ID Required: OSPFv3 requires a manually configured Router ID (no IPv6 address for
auto-selection).
• Authentication Change: IPsec replaces built-in auth — plan IPsec key management before migration.
• LSA Type Changes: New Type-8/9 LSAs replace IPv4-embedded addresses in Type-1/2.
Networking Fundamentals | OSPF Interior Gateway Protocol Page 49
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
24 OSPF Monitoring & Operations
Ongoing operational management of OSPF
24.1 OSPF SNMP MIB Objects
OSPF is monitored via the OSPF MIB (RFC 1850) and OSPFv3 MIB (RFC 5643). Key OIDs to monitor:
MIB Object OID Suffix Alert On
ospfNbrStateChange Trap Any neighbour state change (especially Down)
ospfIfStateChange Trap Interface OSPF state change
ospfTxRetransmit Trap Excessive LSA retransmissions
ospfNbrCount .9.1.2 Unexpected decrease in neighbour count
ospfAreaSummaryLsaCount .2.1.6 Growing LSA count (may indicate instability)
ospfRouterLsaCount per area Unusual growth may indicate topology issues
ospfSpfRunCount per area High/growing SPF run count = instability
24.2 Syslog Messages to Watch
Syslog Message Meaning & Action
%OSPF-5-ADJCHG: neighbor Down: Dead timer Neighbour lost — check link, check hello/dead timers,
expired check MTU
%OSPF-5-ADJCHG: neighbor Full Adjacency formed — normal, but watch for flapping
%OSPF-4-FLOOD_WAR: router X self-originated LSA Duplicate Router ID — find and fix immediately
%OSPF-4-BADLSATYPE Received unknown LSA type — possible version
mismatch
%OSPF-4-ERRRCV: mismatch Hello params Hello parameter mismatch — check area, timers, auth
%OSPF-4-NSSA_TRANSLATE: translate type7 to Normal on ABR in NSSA — informational
type5
%OSPF-3-RECV_ERR: authentication failed Auth failure — check key ID and key string
24.3 OSPF Process Management Commands
! Clear all OSPF adjacencies and restart process (disruptive!)
Router# clear ip ospf process
! Clear specific OSPF process
Router# clear ip ospf 1 process
! Reset specific neighbour adjacency
Networking Fundamentals | OSPF Interior Gateway Protocol Page 50
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
Router# clear ip ospf neighbor [Link]
! Manually trigger SPF recalculation
Router# clear ip ospf 1 redistribution
! Reset OSPF counters
Router# clear ip ospf counters
! Flush a specific LSA from LSDB
Router# clear ip ospf 1 database external ! flush all external LSAs
24.4 OSPF Traffic Accounting
! Check OSPF packet statistics per interface
Router# show ip ospf interface GigabitEthernet0/0
! Look for: Hello Rcvd/Sent, DB desc Rcvd/Sent, LS-Req/Upd/Ack counts
! Check LSA statistics
Router# show ip ospf statistics detail
! SPF run log
Router# show ip ospf | section SPF
Networking Fundamentals | OSPF Interior Gateway Protocol Page 51
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
25 Case Studies & Worked Examples
Real-world troubleshooting scenarios
25.1 Case Study: Neighbours Stuck in ExStart
Symptom: Two routers are stuck in ExStart state. The adjacency forms to Init and 2-Way but never
progresses beyond ExStart despite correct area and timer configuration.
Diagnosis steps:
• Run 'show ip ospf neighbor detail' — look at the DR/BDR field and the dead timer.
• Run 'debug ip ospf adj' — look for DBD exchange errors.
• Check 'show interface Gi0/0' on both routers — note the MTU value.
• Common finding: Router A has MTU 1500, Router B has MTU 9000 (jumbo frames enabled).
! Evidence from debug:
OSPF: Rcv DBD from [Link] on GigE0/0, we are slave
OSPF: Nbr [Link] ignore DBD due to MTU mismatch (9000 vs 1500)
! Fix Option 1: Match MTU
RouterA(config-if)# ip mtu 9000
! Fix Option 2: Ignore MTU mismatch (not recommended long-term)
RouterA(config-if)# ip ospf mtu-ignore
RouterB(config-if)# ip ospf mtu-ignore
25.2 Case Study: Asymmetric Routing via OSPF
Symptom: Traffic from Site A to Site B takes one path, but return traffic from B to A takes a different path.
Users report intermittent connectivity and firewall drops.
Diagnosis:
• Run traceroute from A to B and B to A — paths are different.
• Run 'show ip route ' on each router — different next-hops.
• Run 'show ip ospf database router ' — check advertised costs.
• Finding: auto-cost reference-bandwidth not set consistently. Router X uses default 100Mbps, Router Y
uses 100Gbps.
! Fix: Set consistent reference bandwidth on ALL routers
ALL-ROUTERS(config-router)# auto-cost reference-bandwidth 100000
! After applying, clear ospf process to recalculate costs
ALL-ROUTERS# clear ip ospf process
! Verify symmetric routing
Router# show ip ospf interface | include Cost
25.3 Case Study: Missing Routes in Stub Area
Symptom: A router in Area 2 (configured as stub) cannot reach a network that is internal to Area 1. The
default route is present but specific routes are missing.
Networking Fundamentals | OSPF Interior Gateway Protocol Page 52
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
Expected behaviour in stub area:
• Normal stub area: receives default route + Type-3 inter-area summaries.
• Totally stubby: receives ONLY the default route.
• Check if area was accidentally configured as totally stubby on the ABR.
! Check ABR configuration
ABR# show running-config | section router ospf
! Finding: area 2 stub no-summary (totally stubby — only default sent)
! If totally stubby was unintentional, change to regular stub
ABR(config-router)# no area 2 stub no-summary
ABR(config-router)# area 2 stub
! Now Type-3 inter-area prefixes will be sent to Area 2 again
25.4 Case Study: OSPF Authentication Failure
Symptom: OSPF neighbour relationship drops suddenly. Syslog shows: %OSPF-3-RECV_ERR:
authentication mismatch from [Link]
• Check 'show ip ospf interface' — authentication type shown.
• Check key IDs match: 'show ip ospf interface | include Message digest'.
• Common cause: key rotation applied to one side only, or typo in key string.
• Use 'debug ip ospf adj' to see exact authentication error.
! Verify authentication config
Router# show ip ospf interface GigabitEthernet0/0
! Look for: Message digest authentication, key ID, key expiry
! Check key chain (if using RFC 5709)
Router# show key chain
! Fix: Ensure both routers have same key ID and key string
Router(config-if)# ip ospf message-digest-key 1 md5 CorrectKeyHere
Networking Fundamentals | OSPF Interior Gateway Protocol Page 53
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
26 OSPF Glossary & Key Terms
Definitions of every OSPF term you need to know
ABR Adjacency
Area Border Router. A router with interfaces in more A fully synchronised OSPF relationship between two
than one OSPF area. ABRs maintain separate LSDBs neighbouring routers where LSDBs are identical.
for each area and generate Type-3 and Type-4 LSAs to Adjacency means Full state has been reached.
summarize topology between areas.
Area AS
A logical grouping of OSPF routers and links. All routers Autonomous System. The collection of routers under a
in an area share an identical LSDB. Area 0 is the single administrative authority running the same routing
backbone. protocol instance.
ASBR BDR
AS Boundary Router. A router that redistributes external Backup Designated Router. Elected on multi-access
routes (from BGP, static, or other IGPs) into OSPF. segments to take over if the DR fails. Maintains full
Generates Type-5 LSAs (or Type-7 in NSSA). adjacency with all routers.
BFD Cost
Bidirectional Forwarding Detection. A lightweight OSPF's path metric. Calculated as Reference
protocol for sub-second failure detection, used by Bandwidth / Interface Bandwidth. Cumulative along a
OSPF to detect link failures faster than the Dead path.
Interval.
DBD Dead Interval
Database Description packet. Exchanged during Time (in seconds) to wait without receiving a Hello
ExStart/Exchange states to summarise the sender's before declaring a neighbour down. Default 4× Hello
LSDB via LSA headers. Interval.
DR DROther
Designated Router. Elected on multi-access networks. A router on a multi-access segment that is neither DR
All other routers (DROthers) form Full adjacency only nor BDR. Forms Full adjacency only with DR and BDR;
with DR and BDR, reducing O(n²) adjacencies. 2-Way with other DROthers.
ECMP Hello Interval
Equal-Cost Multipath. Multiple paths with identical Time between Hello packets. Default: 10s
OSPF cost are installed in the routing table for load (P2P/broadcast), 30s (NBMA). Must match between
sharing. neighbours.
iSPF LFA
Incremental SPF. An optimisation that recalculates only Loop-Free Alternate. A pre-computed backup next-hop
the affected portion of the SPT, reducing CPU overhead that provides fast failover (IP Fast Reroute) without
for localised changes. waiting for SPF reconvergence.
LSA LSAck
Link-State Advertisement. A data record describing Link-State Acknowledgment packet. Confirms receipt of
topology information, flooded throughout the OSPF LSUs, enabling reliable flooding.
domain. 11 types defined.
Networking Fundamentals | OSPF Interior Gateway Protocol Page 54
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
LSDB LSR
Link-State Database. A complete topological map of an Link-State Request packet. Requests specific LSAs
OSPF area, built from received LSAs. All routers in an from a neighbour during the Loading state.
area have identical LSDBs.
LSU MaxAge
Link-State Update packet. Carries one or more Maximum age of an LSA — 3600 seconds (1 hour).
complete LSAs. Sent in response to LSR or triggered LSAs reaching MaxAge are flushed from all LSDBs.
by topology changes.
Metric Neighbour
OSPF's path cost. Sum of interface costs along a path. A router detected via Hello packets. A neighbour may or
Lower is preferred. See Cost. may not become a Full adjacency.
NSF NSR
Non-Stop Forwarding. Graceful restart mechanism Non-Stop Routing. High availability mechanism where
where the data plane continues forwarding during a the standby RP maintains full OSPF state, enabling
control plane restart. transparent failover.
NSSA Opaque LSA
Not-So-Stubby Area. An OSPF area that blocks Type-5 LSA Types 9, 10, 11 — used for extensions like Traffic
LSAs but allows a local ASBR to inject external routes Engineering (TE) and Segment Routing.
as Type-7 LSAs.
P2P RID
Point-to-Point network type. No DR/BDR election. Router ID. A 32-bit unique identifier for an OSPF router,
10s/40s Hello/Dead. Used for serial links, PPP, GRE, formatted as an IPv4 address. Best practice: manually
MPLS LSPs. set to a Loopback IP.
RIB SPF
Routing Information Base. The routing table. OSPF Shortest Path First. The Dijkstra algorithm used by each
installs its computed best paths into the RIB. OSPF router to compute the best path tree from itself to
every destination.
SPT Stub Area
Shortest Path Tree. The result of running the SPF An area that blocks Type-5 and Type-4 LSAs, replacing
algorithm — a tree rooted at the computing router with external routes with a default route. Reduces LSDB
the lowest-cost path to every destination. size.
Transit Area Type-7 LSA
An area used to pass traffic between two other areas, NSSA External LSA. Used in NSSA areas to carry
typically the backbone (Area 0). external route information. Converted to Type-5 by ABR
when leaving the NSSA.
Virtual Link Wildcard Mask
A logical extension of Area 0 through a transit area, The inverse of a subnet mask, used in OSPF 'network'
used when an area cannot connect directly to the commands. [Link] = match last octet (equivalent to
backbone. /24).
Networking Fundamentals | OSPF Interior Gateway Protocol Page 55
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
27 Large-Scale OSPF Design
Designing OSPF for hundreds of routers
27.1 Hierarchical Area Design Example
For a large enterprise with 500+ routers across 20 sites, a three-tier hierarchy is recommended:
TIER 1 — Area 0 (Backbone): Core/Distribution routers, all ABRs
Routers: 10–20 | Fully meshed or ring topology
Fast links: 10G/100G | BFD enabled
TIER 2 — Regional Areas (1–10): Per-region aggregation
Routers: 20–50 per area | Dual ABRs to Area 0
Summarise at ABR — aggregate regional prefixes
Type: Normal area (if multiple sub-areas) or Stub
TIER 3 — Site/Branch Areas: Individual sites
Routers: 2–20 per site | Always dual ABRs
Type: Totally Stubby (no local ASBR) or NSSA (with local ISP)
Only default route from ABR — minimal LSDB
RESULT: Core routers see ~100 LSAs. Branch routers see <10 LSAs.
27.2 OSPF in Data Centers
Modern data centers use OSPF with aggressive tuning or migrate to BGP (RFC 7938). When using
OSPF in DC:
• Single area: Small DC — all servers/ToR switches in Area 0 is fine.
• P2P links: Use point-to-point network type on all DC fabric links (no DR/BDR overhead).
• Fast timers: SPF 50/200/5000ms, LSA 50/200/5000ms, BFD 100/100/3.
• LFA/TI-LFA: Deploy for sub-50ms rerouting on fabric failures.
• Aggressive summarisation: Summarise rack/pod prefixes at aggregation layer.
• SR-OSPF: Segment Routing with OSPF for traffic engineering without RSVP.
• iSPF: Critical in large DC where topology changes are frequent but localised.
27.3 OSPF in Service Provider Networks
Service providers typically prefer IS-IS for the core but OSPF is common in enterprise VPNs and PE-CE
routing:
Use Case OSPF Configuration
PE-CE routing (MPLS VPN) Per-VRF OSPF instance; use DN bit to prevent loops; sham-links for backdoor
path
Networking Fundamentals | OSPF Interior Gateway Protocol Page 56
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
Core IGP Often IS-IS preferred; if OSPF: single area, aggressive BFD, TI-LFA
Traffic Engineering OSPF-TE with RSVP-TE or SR-OSPF with TI-LFA
Internet peering BGP for external; OSPF for internal reachability to peering IPs
27.4 OSPF Capacity Planning
Resource Formula / Guideline Action if Exceeded
LSDB entries < 10,000 LSAs per area Split area, add summarisation
SPF runtime < 100ms normal, < 500ms max Enable iSPF, tune throttle timers
Memory per LSA ~200 bytes per LSA entry Check platform memory limits
CPU per SPF Varies by platform; monitor baseline iSPF, area splitting, hardware upgrade
Neighbour count < 40 per router (ideal < 10 on P2P) Use stub areas, summarise
Area count/ABR < 4 areas per ABR Add ABR routers, redesign
Networking Fundamentals | OSPF Interior Gateway Protocol Page 57
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
28 OSPF Special Features
Sham-links, DN bit, TE, and SR deep dive
28.1 OSPF Sham-Links (MPLS VPN)
In MPLS VPN, when two CE sites have a backdoor link running OSPF between them, the VPN provider's
OSPF instance (via PE) appears as a higher-cost inter-area path. Without a sham-link, the customer's
backdoor link is always preferred (intra-area < inter-area). A sham-link makes the provider path appear
intra-area:
! On PE1 — create sham-link to PE2 via MPLS backbone
PE1(config-router)# area 1 sham-link [Link] [Link] cost 10
! Source = PE1 loopback in VRF, Dest = PE2 loopback in VRF
! cost should be lower than the backdoor link to force VPN path
PE2(config-router)# area 1 sham-link [Link] [Link] cost 10
28.2 OSPF DN Bit — Loop Prevention in MPLS VPN
The DN (Down) bit in Type-3, Type-5, and Type-7 LSAs prevents routing loops when OSPF runs between
PE and CE routers. The PE sets the DN bit when distributing routes from the VPN backbone into the
customer OSPF. CE routers ignore LSAs with DN bit set, preventing re-advertisement back into the VPN.
28.3 OSPF Forwarding Address — Complete Analysis
The Forwarding Address (FA) in Type-5/7 LSAs tells other routers where to forward traffic for external
destinations. Non-zero FA conditions:
• The ASBR's next-hop interface is running OSPF
• The next-hop interface is not passive
• The next-hop interface is not a point-to-point or virtual link
• Result: FA set to the next-hop IP, allowing routers to use a better path to reach the FA
FA can cause Black Hole Routing if the FA address is not reachable via OSPF (e.g., FA points to an
interface in a different routing table). Always verify FA reachability in complex topologies.
28.4 OSPF and BFD — Full Configuration
! Full BFD + OSPF configuration on a critical link
! Step 1: Configure BFD timers on interface
Router(config-if)# bfd interval 150 min_rx 150 multiplier 3
! Detection time = 150ms * 3 = 450ms failure detection
! Step 2: Link BFD to OSPF
Router(config-if)# ip ospf bfd
! Step 3: Optional — OSPF global BFD
Router(config-router)# bfd all-interfaces
Networking Fundamentals | OSPF Interior Gateway Protocol Page 58
OSPF — Open Shortest Path First: Complete Reference Guide RFC 2328 / RFC 5340
! Step 4: Verify BFD session
Router# show bfd neighbors
Neighbor LD/RD RH/RS State Int
[Link] 1/1 Up Up Gi0/0
! Step 5: Verify OSPF knows about BFD
Router# show ip ospf neighbor [Link] | include BFD
28.5 OSPF Segment Routing — Complete Reference
SR-OSPF uses OSPF to distribute Segment IDs (SIDs) via Opaque LSAs. Two types of SIDs:
Node SID Adjacency SID
• Assigned to a router (loopback) • Assigned to a specific link/adjacency
• Globally unique within SR domain • May be local or global
• Allocates an MPLS label: SRGB-base + index • Forces traffic over a specific interface
• Enables source routing to any node • Used in explicit segment lists
• Advertised in Type-10 Opaque LSA • Auto-allocated by SR or manually set
• Config: ip ospf prefix-sid index • Config: ip ospf adj-sid allocate auto
Networking Fundamentals | OSPF Interior Gateway Protocol Page 59
You might also like
- OSPF Protocol Overview and ConfigurationNo ratings yetOSPF Protocol Overview and Configuration52 pages
- Catalyst Switched Port Analyzer (SPAN RSPAN) Configuration ExampleNo ratings yetCatalyst Switched Port Analyzer (SPAN RSPAN) Configuration Example38 pages
- OSPF Part4 - CheatSheet ATech (Waqas Karim)No ratings yetOSPF Part4 - CheatSheet ATech (Waqas Karim)1 page
- Module 6: Etherchannel: Instructor MaterialsNo ratings yetModule 6: Etherchannel: Instructor Materials35 pages
- Routing Fundamentals: Basics & ProtocolsNo ratings yetRouting Fundamentals: Basics & Protocols28 pages
- Blog Ine Com 2012-10-01 Ccie Rs Ts Lab 1 For Gns3No ratings yetBlog Ine Com 2012-10-01 Ccie Rs Ts Lab 1 For Gns31 page
- Distance Vector Routing Protocols ExplainedNo ratings yetDistance Vector Routing Protocols Explained7 pages
- Configuring SSH with Username & PasswordNo ratings yetConfiguring SSH with Username & Password7 pages
- Cisco Press - CCNP ROUTE 642-902 Student Guide - Volume 1 (2009)No ratings yetCisco Press - CCNP ROUTE 642-902 Student Guide - Volume 1 (2009)268 pages
- GET VPN Overview and Configuration GuideNo ratings yetGET VPN Overview and Configuration Guide22 pages
- Conditional Forwarding & Route Maps ExamNo ratings yetConditional Forwarding & Route Maps Exam9 pages
- Advanced BGP Route Filtering TechniquesNo ratings yetAdvanced BGP Route Filtering Techniques33 pages
- OSPF Basics: Overview and FunctionalityNo ratings yetOSPF Basics: Overview and Functionality41 pages
- OSPF Overview: Link-State Routing ExplainedNo ratings yetOSPF Overview: Link-State Routing Explained13 pages
- Understanding OSPF Routing Protocol BasicsNo ratings yetUnderstanding OSPF Routing Protocol Basics31 pages
- OSPF Protocol Overview and ConfigurationNo ratings yetOSPF Protocol Overview and Configuration73 pages
- Introduction to Controller-Based NetworkingNo ratings yetIntroduction to Controller-Based Networking19 pages
- EIGRP Configuration and Troubleshooting GuideNo ratings yetEIGRP Configuration and Troubleshooting Guide17 pages
- Understanding NAT with PAT ConfigurationNo ratings yetUnderstanding NAT with PAT Configuration14 pages
- Cisco IOS Configuration and Troubleshooting GuideNo ratings yetCisco IOS Configuration and Troubleshooting Guide23 pages
- Motorola GGM 8000 Gateway Security PolicyNo ratings yetMotorola GGM 8000 Gateway Security Policy27 pages
- Cisco 7600 Series Router Installation GuideNo ratings yetCisco 7600 Series Router Installation Guide138 pages
- Paradise Datacom Q-Flex IP Satellite Modem Data Sheet 210058 12-11-2017No ratings yetParadise Datacom Q-Flex IP Satellite Modem Data Sheet 210058 12-11-20176 pages
- Dataman Communications and Programming Guide: 2020 October 05 Revision: 6.2.1.1No ratings yetDataman Communications and Programming Guide: 2020 October 05 Revision: 6.2.1.176 pages
- APA Referencing and Networking Assignment GuideNo ratings yetAPA Referencing and Networking Assignment Guide4 pages
- FDSI Driver - Allen-Bradley® EtherNet/IP DriverNo ratings yetFDSI Driver - Allen-Bradley® EtherNet/IP Driver128 pages
- Power Blazer 100G Test Modules OverviewNo ratings yetPower Blazer 100G Test Modules Overview18 pages
- CloudSim: Simulation and Scheduling GuideNo ratings yetCloudSim: Simulation and Scheduling Guide25 pages
- Configuring Local DNS Attacks with DockerNo ratings yetConfiguring Local DNS Attacks with Docker7 pages