next up previous contents index
Next: IS_IS Up: Configuration Guide Previous: HELLO


The OSPF Protocol


Open Shortest Path Routing (OSPF) is a shortest path first (SPF) or link-state protocol. OSPF is an interior gateway protocol that distributes routing information between routers in a single autonomous system. OSPF chooses the least cost path as the best path. Suitable for complex networks with a large number of routers, OSPF provides equal cost multipath routing where packets to a single destination can be sent via more than one interface simultaneously. In a link-state protocol, each router maintains a database describing the entire AS topology, which it builds out of the collected link state advertisements of all routers. Each participating router distributes its local state (i.e., the router's usable interfaces and reachable neighbors) throughout the AS by flooding. Each multiaccess network that has at least two attached routers has a designated router and a backup designated router. The designated router floods a link state advertisement for the multiaccess network and has other special responsibilities. The designated router concept reduces the number of adjacencies required on a multiaccess network.

OSPF allows networks to be grouped into areas. Routing information passed between areas is abstracted, potentially allowing a significant reduction in routing traffic. OSPF uses four different types of routes, listed in order of preference: intra-area, inter-area, type 1 external and type 2 external. Intra-area paths have destinations within the same area, inter-area paths have destinations in other OSPF areas and Autonomous System External (ASE) routes are routes to destinations external to the AS. Routes imported into OSPF as type 1 routes are supposed to be from igps whose external metrics are directly comparable to OSPF metrics. When a routing decision is being made, OSPF will add the internal cost to the AS Border router to the external metric. Type 2 ASEs are used for egps whose metrics are not comparable to OSPF metrics. In this case, only the internal OSPF cost to the AS Border router is used in the routing decision.

From the topology database, each router constructs a tree of the shortest paths with itself as the root. This shortest-path tree gives the route to each destination in the AS. Externally derived routing information appears on the tree as leaves. The link-state advertisement format distinguishes between information acquired from external sources and information acquired from internal routers, so there is no ambiguity about the source or reliability of routes. Externally derived routing information (for example, routes learned from EGP or BGP) is passed transparently through the autonomous system and is kept separate from OSPF's internally derived data. Each external route can also be tagged by the advertising router, enabling a passing of additional information between routers on the borders of the autonomous system.

OSPF optionally includes type of service (TOS) routing and allows administrators to install multiple routes to a given destination for each type of service (e.g. low delay or high throughput.) A router running OSPF uses the destination address and the type of service to choose the best route to the destination.

OSPF intra- and inter-area routes are always imported into the GateD routing database with a preference of 10. It would be a violation of the protocol if an OSPF router did not participate fully in the area's OSPF, so it is not possible to override this. Although it is possible to give other routes lower preference values explicitly, it is ill-advised to do so.

Hardware multicast capabilities are also used where possible to deliver link-status messages.

OSPF areas are connected by the backbone area, the area with identifier All areas must be logically contiguous and the backbone is no exception. To permit maximum flexibility, OSPF allows the configuration of virtual links to enable the backbone area to appear contiguous despite the physical reality.

All routers in an area must agree on that area's parameters. A separate copy of the link-state algorithm is run for each area. Because of this, most configuration parameters are defined on a per area basis. All routers belonging to an area must agree on that area's configuration. Misconfiguration will lead to adjacencies not forming between neighbors, and routing information might not flow, or even loop.



All OSPF protocol exchanges are authenticated. Authentication guarantees that routing information is only imported from trusted routers, to protect the Internet and its users. A variety of authentication schemes can be used but a single scheme must be configured for each area. This enables some areas to use much stricter authentication than others.

OSPF protocol exchanges may be authenticated. Authentication guarantees that routing information is imported only from trusted routers, to protect the Internet and its users. There are two authentication schemes available. The first uses a simple authentication key of up to 8 characters and is standardized. The second is still experimental and uses the MD5 algorithm and an authentication key of up to 16 characters.

The simple password provides very little protection because in many cases it is possible to easily capture packets from the network and learn the authentication key. The experimental MD5 algorithm provides much more protection as it does not include the authentication key in the packet.

The OSPF specification currently specifies that the authentication type be configured per area with the ability to configure separate passwords per interface. This has been extended to allow the configuration of different authentication types and keys per interface. In addition it is possible to specify both a primary and a secondary authentication type and key on each interface. Outgoing packets use the primary authentication type, but incoming packets may match either the primary or secondary authentication type and key.

The OSPF Statement

ospf yes | no | on | off [ { defaults { preference preference ; cost cost ; tag [ as ] tag ; type 1 | 2 ; } ; exportlimit routes ; exportinterval time ; traceoptions trace_options ; monitorauthkey authkey ; monitorauth none | ( [ simple | md5 ] authkey ) ; backbone | ( area area ) { authtype 0 | 1 | none | simple ; stub [ cost cost] ; networks { network [ restrict ] ; network mask mask [ restrict ] ; network masklen number [ restrict ] ; host host [ restrict ] ; } ; stubhosts { host cost cost ; } ; interface interface_list; [ cost cost ] { interface_parameters } ; interface interface_list nonbroadcast [ cost cost ] { pollinterval time ; routers { gateway [ eligible ] ; } ; interface_parameters } ; Backbone only: virtuallink neighborid router_id transitarea area { interface_parameters } ; } ; } ] ;

The following are the interface_parameters referred to above. They may be specified on any class of interface and are described under the interface clause.

enable | disable ; retransmitinterval time ; transitdelay time ; priority priority ; hellointerval time ; routerdeadinterval time ; [ secondary] auth ( none| simple| md5| auth_key) ; authkey auth_key ;

Tracing options

In addition to the following OSPF specific trace flags, OSPF supports the state which traces interface and neighbor state machine transitions.

Link State Advertisement creation

Shortest Path First (SPF) calculations

Link State Advertisement (LSA) transmission. Non implemented.

LSA reception. Non implemented.

State transitions. Non implemented.

Packet tracing options (which may be modified with detail, send and recv):

OSPF HELLO packets which are used to determine neighbor reachability.

OSPF Database Description packets which are used in synchronizing OSPF databases.

OSPF Link State Request packets which are used in synchronizing OSPF databases.

OSPF Link State Update packets which are used in synchronizing OSPF databases.

OSPF Link State Ack packets which are used in synchronizing OSPF databases.

The new OSPF Protocol


Gated version 3_6Alpha_2 and higher includes a new implemetation of the OSPF protocol. The configuration syntax stays the same except:

  1. The export limit, exportinterval, monitorauthkey, monitorauth, networks, stubhosts statements are no longer available (they may be put back in the future).

  2. The bf simple authentication scheme is not implemented.

  3. The OSPF specific trace options available are: state, drelection, db, spf, flood As for the packet details, are available: hello, dd, lsr, lsu, lsa.

next up previous contents index
Next: IS_IS Up: Configuration Guide Previous: HELLO

Laurent Joncheray
Wed Jun 12 15:35:22 EDT 1996