Shortest Path First (SPF) or Dijkstra's alrgorith, OSPFv1 -> OLD and not used OSPFv2 -> Used for IPv4 OSPFv3 -> Used for IPv6 and IPv4 LSA -> Link State Advertisements LSDB -> Link State Database Routers will flood LSAs until all routers in the OSPF area develop the same LSDB. Router ID is in IPv4 format, and can be manually configured, taken from highest loopback, or highest physical interface. SPF is used to calculate the best path to a network based on the LSAs in the LSDB, for every route. Each LSA has a 30 minute expiration. Three main steps to determine the best path: 1. Become neighbors with other routers connected to the same segment. 2. Exchange LSAs with neighbor routers 3. Calculate the best route to the destination and add it to the routing table. Area -> group of routers that share the same LSDB Backbone Area -> special area that all other areas must connect to Internal Routers -> only connected to one area Backbone Router, any router in the backbone area. Can also be ABRs. Area Border Routers -> Routers that connect to more than one area - Keeps a different LSDB for each area, be careful, can overburden Autonomous System Border Router -> routers that connect backbone to another routing protocol or AS Intra-Area Route -> Route which destination is in the same area Interarea Route -> Route which destination is in a different area All OSPF areas must have atleast one ABR connected to the Backbone area. ``` router ospf 1 router-id 1.1.1.1 network 10.0.12.0 0.0.0.3 area 0 ``` Process ID is only locally significant. ``` ip route 0.0.0.0 0.0.0.0 203.113.2 router ospf 1 default-informaion originate ``` When you configure `default-information originate` command, that router will automatically become an ASBR. You can add `always` to make it so that even if the DFGW route is down, it will still advertise. OSPF does support ECMP load balanceing over 4 paths by default. ``` router ospf 1 maximum-paths 4 ``` ``` route ospf 1 distance 110 ``` Run the `show ip protocols` command to see all the above info. OSPF's metric is called cost Auto calulated based on the bandwidth of the interface Interface cost is calced by `reference bandwidth / interface bandwidth` Default Reference Bandwidth is 100,000 Kbps By default it caps out at 1, anything less than 1 is defaulted to 1. Therefor anything higher than 100Mbps is cost of 1. ``` router ospf 1 auto-cost reference-bandwidth [mbps] ``` You should configure the reference bandwidth to be higher than the fasted link in your netwokr (100x if possible) The OSPF Cost is the to a dest is the total cost of the egress interfaces. Loopbacks always have a cost of 1 - 1 is still added though when trying to reach it. `ip ospf cost [cost]` <- this changes the whole cost of an interface NOTE: Bandwidth similar to DLY is just used for metric calc, does not affect data plane. Suammry of how to change cost - change the reference bandwith from router mode - change tyhye ip ospf cost per interface - changfe the interface bandwdith variable OSPF Neighbors When ospf is activiated the oruter starts sending hellos. These are used to introduct the router by exchanging hellos they dtermine their ocmpatability and start negotiations Multicast is 224.0.0.5 for hello messages OSPF IP header has a value of 89 to indicate ospf ospf is activated on r1 g0/0 interface sends hello to 224.0.0.5 - RID 1.1.1.1 - Neighbor RID: 0.0.0.0 router is now in down and init r2 gets it and sets r1 as an init state. r2 then sends a hello packet with both upon recept of the hello that has: - RID 2.2.2.2 - Neighbor RID: 1.1.1.1 - now r1 is in 2way then when r2 gets the same hello BACK with matching info from R1 again it sets itself as 2 way. SENDING A FULLY QUALIFIED HELLO ENTER THAT NEIGHBOR TO 2WAY IN THE SOURCE ROUTERS TABLE 2 way state means that a router has received a hello with its own RID in it. They are now ready to share LSAs. If they fail to reach 2 way, you know you have to troubleshoot or you know its DR or BDR. AT THIS POINT, if you have DR or BDR they will be elected at this point the routers have to choose which one will be master and slave. - they decide in the exstart state - the router with the higher RID will become the master - They do this by sending DBD packets. they send empty DBDs to eachother. - R2 sees R1 claim to be the master - R2 responds to R1 and says no ill be the master because my RID is more - NOTE: the RID from the hello is not considered, for this only the RID in the BDB packet is considered. Now they are in EXCHANGE state - In this state they send actaul DBS, whcihc are just snapshots of their LSA, no actual routing info. - This is for identifying what they have dont have and need for the next state. Now they are in LOADING state - routers send LSR for neighbors to send any LSAs that they dont have base don the DBD from before. - LSRs are responded to with an LSU with all the LSA details - Then the original device sends an LSAck Now they are in a Full state, meaning they are a full neighbor and have identifcal LSDBs Every time a hello packet is received the dead timer is received. if they miss hellos for a default of 40 seconds, the neighbor is removed. ![[Screenshot 2026-04-22 at 2.06.19 PM.png]] DR/BDR election: - 1. Highest OSPF interface priority - 2. Highest OSPF router ID Default OSPF interfce priority is 1 on all interfaces. Configure it with: ``` ip ospf priority [0-255] ``` NOTE: if you set it to 0 it CANNOT be DR/BDR DR/BDR is non-preemptive. They will keep their role until OSPF is reset. NOTE that when a reelection is done, the BDR will ALWAYS become the new DR, then the best priority becaomes the new BDR. In broadcast, routers only form full adjacencies with the DR and BDR of the segment. Therefor routers only exchange LSAs with the DR and BDR. DROthers will not exchange LSAs with eachother. When messages are sent to the DR/BDR they are sent multicast to 224.0.0.6. Neighbors are when they are in 2 way. Adjacensies are when they are full. `ip ospf network point-to-point` OSPF Neighbor Requirements: - Area number must match ``` ip ospf hello-interval # ip ospf dead-interval # ``` ``` ip ospf authentication ip ospf authentication-key [string] ``` LSA Types Type 1: Router LSA - Every router makes this type - Lists netwokrs tied to its OSPF-interfaces - ![[ospf-lsa-type-1-router-point-to-point.pcapng]] Type 2: Network LSA - Generated by the DR of each broadcast network - Lists the router whichg are attached to the broadcast network Type 5: AS-External LSA - Generated by the ASBR to describe routes to desitnations outside of the AS (OSPF domain) https://www.youtube.com/watch?v=u89NCxK4FVU&list=PLxbwE86jKRgOb2uny1CYEzyRy_mc-lE39&index=70 ![[Screenshot 2026-04-23 at 8.39.44 AM.png]] ![[Screenshot 2026-04-23 at 8.42.53 AM.png]] ![[Screenshot 2026-04-23 at 8.44.01 AM.png]] **AUTHENTICATION** Type 0: null auth, aka no authentication (default) Type 1: simple password authentication - Maximum of 8 characters - ``` int g0 ip ospf authentication ip ospf authentication-key [password] ``` ``` router ospf 1 area [id] authentication ``` Type 2: Cryptographic authentication - sends a digest of the hash, not the full hash - LEGACY - rollover is automatic, by sending one ospf message with the active key and the youngest key until the neighbor router switches to teh youngest key too - ``` int g1 ip ospf message-digest ip ospf message-digest-key [id] md5 [password] router ospf 1 area [id] authentication message-digest ``` - KEYCHAIN - ``` key chain [mame] key [id] key-string [password] cryptogrphic-algorithm [md5, hmac-sha1, hmac-sha-512, etc] int g1 ip ospf authentication key-chain [name] ``` - Note that for KEYCHAIN version you just need one command instead of two per interface, and there is no global version. **OSPFv3 Standard Mode** ```Standard Mode ipv6 router ospf 1 auto-cost reference-bandwidth 1000 interface g0/0 ipv6 ospf 1 area 0 ``` Note that there is no network command for IPv6 **OSPFv3 Address-Family Mode** ``` router ospfv3 1 address-family ipv4 unicast auto-cost reference-bandwidth 1000 address-family ipv6 unicast auto-cost reference-bandwidth 1000 interface g0/0 ospfv3 1 area 0 ipv4 ospfv3 1 area 0 ipv6 ``` > You must use `show ip route ospfv3` or `show ospfv3 neighbors` with the **ospfv3** keyword for show commands. **Virtual Links** Use Router-IDs as the targets for the virtual links. Needs to be configured on both ABRs to point at eachother. *Cannot be in a stub area.* ``` router ospf 1 area 1 virtual-link 3.3.3.3 ``` ``` router ospf 1 area 1 virtual-link 7.7.7.7 ``` **OSPF Adjacency Process** ![[Screenshot 2026-04-28 at 12.05.47 PM.png]] **OSPF Packet: Header** ``` OSPF Packet Header 0 1 2 3 4 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Version # | Type | Packet Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Router ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Area ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | Auth Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Authentication | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Authentication (cont.) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ``` ![[OSPF_Packet_Header.png]] ``` Type Description ________________________________ 1 Hello 2 Database Description 3 Link State Request 4 Link State Update 5 Link State Acknowledgment ``` These types determine what the data of the packet will be. **OSPF Packet: Hello (Data only)** ``` OSPF Packet: Hello Data 0 1 2 3 4 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ...Header | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Network Mask | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | HelloInterval | Options | Rtr Pri | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | RouterDeadInterval | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Designated Router | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Backup Designated Router | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Neighbor | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | ``` ![[Screenshot 2026-04-28 at 11.29.59 AM.png]] Neighbor field repeats for every neighbor the router has. **OSPF Packet: Database Description (Data only)** ``` OSPF Packet: Database Description Data 0 1 2 3 4 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Interface MTU | Options |0|0|0|0|0|I|M|MS +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | DD sequence number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | +- -+ | | +- LSA Header -+ | | +- -+ | | +- -+ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | ``` ![[Screenshot 2026-04-28 at 11.39.43 AM.png]] **OSPF Packet: Link State Request (Data only)** ``` OSPF Packet: Link State Request (Data) 0 1 2 3 4 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link State ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Advertising Router | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | ``` ![[Screenshot 2026-04-28 at 11.42.08 AM.png]] **OSPF Packet: Link State Update (Data only)** ``` OSPF Packet: Link State Update (Data) 0 1 2 3 4 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | # LSAs | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | +- +-+ | LSAs | +- +-+ | ... | ``` ![[Screenshot 2026-04-28 at 12.02.24 PM.png]] **OSPF Packet: Link State Acknolgement (Data only)** Identical to the update but with a different code in the OSPF header. **OSPF Packet: LSA Header** All LSAs begin with a common 20 byte header. This header contains enough information to uniquely identify the LSA (LS type, Link State ID, and Advertising Router). ``` LS Type Description ___________________________________ 1 Router-LSAs 2 Network-LSAs 3 Summary-LSAs (IP network) 4 Summary-LSAs (ASBR) 5 AS-external-LSAs ``` ``` OSPF Packet: LSA Header 0 1 2 3 4 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS Age | Options | LS Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Link State ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Advertising Router | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LS Checksum | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ``` **OSPF Packet: Router-LSA (1)** ``` OSPF Packet: Router-LSA 0 1 2 3 4 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 0 |V|E|B| 0 | # links | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | # TOS | metric | | Link ID (Network Address) | | Link Data (Subnet Mask) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ... | ``` In router-LSAs, the LSA header's Link State ID field is set to the router's OSPF Router ID. Router-LSAs are flooded throughout a single area only. - This is saying that the Link State ID field in the SLA Header is set to the OSPF Router ID **OSPF Packet: Network-LSA (2)** Stub - No type 5 Totally stub - No type 3 ontop of type 5 Not So Stub - acts as a stub area - but blocks all default routes coming in from ospf - but when there is a ASBR (redistributer) those routes are transformed into type 7 so it can go out. - if you make a router in the NSSA area use `area 1 nssa default-information-originate` that can be used to share the DFGW in the intra-area. Totally Not So Stubby Area - acts as a NSSA but blocks type 3 - DEFAULT ROUTES ARE NOT BLOCKED