OSPF
OSPF (Open Shortest Path First) is a link-state interior gateway protocol designed for efficient, scalable routing in enterprise and service provider networks. RouterOS implements OSPFv2 for IPv4 networks and OSPFv3 for IPv6 networks, providing fast convergence, load balancing across equal-cost paths, and support for hierarchical network design through area segmentation. OSPF uses the Dijkstra shortest path first algorithm to calculate optimal routes, maintaining a synchronized link-state database across all routers in each area.
The protocol excels in environments requiring rapid convergence and traffic engineering capabilities, automatically recalculating routes within seconds of topology changes. OSPF supports equal-cost multi-path (ECMP) routing, enabling utilization of multiple links for increased bandwidth and redundancy. Service providers and enterprises deploy OSPF to build robust, self-healing network infrastructures that adapt automatically to failures while maintaining optimal forwarding behavior.
OSPF Fundamentals
Section titled “OSPF Fundamentals”OSPF operates as a link-state routing protocol where each router maintains a complete map of the network topology within its area. Routers exchange link-state advertisements (LSAs) with neighbors, gradually building a synchronized link-state database (LSDB) that represents the current network state. Each router independently runs the Dijkstra SPF algorithm against this database to compute the shortest path tree to all destinations, resulting in optimal routing decisions without requiring centralized path calculation.
Link-State Concepts
Section titled “Link-State Concepts”The link-state paradigm differs fundamentally from distance-vector protocols like RIP by providing each router with complete topological awareness. Rather than sharing only route metrics with neighbors, OSPF routers share information about their directly connected links, including interface addresses, networks, and link costs. This information propagates throughout the area, enabling every router to construct an identical representation of the topology. When a link changes state, the affected router floods an LSA throughout the area, triggering SPF recalculation on all routers to update their routing tables.
Link-state advertisements describe individual router interfaces and their associated networks. Each LSA contains the router’s ID, interface information, and metric data that enables other routers to understand the network topology. The LSA flooding mechanism ensures reliable delivery through acknowledgment and retransmission, with sequence numbers tracking database synchronization. OSPF maintains database consistency through periodic hello packets that detect neighbor failures and database description packets that synchronize LSDB contents during adjacency formation.
Area Architecture
Section titled “Area Architecture”Hierarchical area design provides scalability by limiting LSA flooding to area boundaries and reducing SPF calculation scope. The backbone area (Area 0) forms the center of the OSPF domain, with all other areas connecting through area border routers. This hierarchical structure enables large networks to scale efficiently, as routers within an area only maintain LSDB information for that area rather than the entire network. Area segmentation reduces routing table size, minimizes LSA propagation, and localizes the impact of topology changes.
Area design considerations include minimizing inter-area traffic, ensuring proper backbone continuity, and maintaining logical hierarchy. All non-backbone areas must have a connection to the backbone, either directly or through a virtual link. Virtual links provide temporary connectivity for areas that cannot physically connect to Area 0, though they complicate troubleshooting and should be avoided in permanent designs. The number of routers per area depends on network stability and router processing capacity, with typical deployments limiting areas to 50-200 routers for optimal performance.
OSPF Router Types
Section titled “OSPF Router Types”OSPF defines specific router roles that determine their responsibilities within the routing domain. Understanding these roles is essential for proper network design and troubleshooting. Each router type has specific LSA generation responsibilities and participates in different aspects of the routing process.
Internal Router
Section titled “Internal Router”Internal routers operate entirely within a single OSPF area, maintaining a complete LSDB for that area only. These routers have all their interfaces in the same area and participate fully in OSPF within that area’s boundaries. Internal routers form adjacencies with all reachable neighbors in their area, exchanging LSAs and maintaining synchronized databases. Their routing table contains routes to all destinations within the area plus summarized routes to destinations in other areas.
Internal routers rely on area border routers to provide connectivity to other areas, depending on ABR-generated summary LSAs for inter-area routes. The simplicity of internal router configuration makes them ideal for deployment in access layer networks where routers only need reachability within their local area. Monitoring internal router behavior involves checking adjacency formation, LSDB consistency, and routing table population.
Area Border Router
Section titled “Area Border Router”Area border routers connect multiple OSPF areas, maintaining separate LSDBs for each connected area. The ABR advertises routes between areas by generating summary LSAs that contain routes from one area for advertisement into another. This summarization capability reduces the routing information propagated across area boundaries, improving scalability and limiting the impact of changes within one area on the rest of the network.
ABRs perform critical functions in hierarchical OSPF designs, typically deployed at the distribution layer where network segments connect. They maintain full adjacency with the backbone area while connecting to one or more non-backbone areas. The ABR’s location determines how traffic flows between areas, with all inter-area traffic passing through ABRs. Proper ABR placement optimizes network performance by ensuring efficient traffic flows and minimizing backbone traffic concentration.
Backbone Router
Section titled “Backbone Router”Backbone routers have at least one interface in the backbone area (Area 0), forming the core of the OSPF domain. All areas must connect to the backbone either directly or through virtual links, making backbone router connectivity essential for network-wide routing. Backbone routers participate in the backbone area’s LSDB and are typically the highest-capacity routers in the OSPF domain due to their central role in routing traffic between areas.
The backbone maintains full mesh connectivity requirements for DR/BDR election and LSA flooding within Area 0. Network designs should ensure redundant backbone connectivity to prevent single points of failure. When backbone connectivity is disrupted, virtual links can provide temporary restoration, though permanent solutions should address the underlying connectivity issue.
Autonomous System Boundary Router
Section titled “Autonomous System Boundary Router”Autonomous system boundary routers inject external routing information into OSPF, redistributing routes from non-OSPF sources such as BGP, static routes, or connected interfaces. ASBRs generate external LSAs that propagate throughout the OSPF domain, advertising routes to destinations outside the OSPF routing domain. These external routes appear in OSPF routing tables with their original metric or a configured default metric.
ASBR placement affects external route propagation and network design complexity. Multiple ASBRs can advertise overlapping or conflicting external routes, requiring careful metric planning to ensure predictable routing behavior. External route summarization at the ASBR reduces LSA flooding and routing table size, particularly when importing large numbers of routes from BGP or other protocols.
OSPF Area Types
Section titled “OSPF Area Types”Different area types provide specialized behavior for various network deployment scenarios. The area type determines what types of LSAs are allowed and how routes are advertised, enabling optimization for specific network requirements. Understanding area type implications helps design efficient OSPF networks that balance routing information detail against scalability.
Standard Area
Section titled “Standard Area”Standard areas accept all OSPF LSA types and participate fully in the link-state routing process. Internal routers within standard areas maintain complete LSDBs containing router LSAs, network LSAs, summary LSAs, and external LSAs. This complete visibility enables optimal routing decisions but generates the most routing overhead, making standard areas most suitable for smaller network segments or backbone areas where complete topology awareness is necessary.
Standard areas provide the full benefits of link-state routing, including rapid convergence and optimal path calculation. All routers within standard areas can reach all destinations throughout the OSPF domain using routes computed from the complete LSDB. The trade-off between routing optimization and overhead makes standard areas appropriate for areas with sufficient router capacity and stable connectivity.
Stub Area
Section titled “Stub Area”Stub areas restrict external route propagation to reduce routing table size and LSA flooding. External LSAs do not enter stub areas, with the ABR generating a default route (0.0.0.0/0) for reaching destinations outside the OSPF domain. This configuration suits areas where external connectivity is only needed through a single ABR, eliminating the need for detailed external route information within the area.
Stub areas cannot contain ASBRs because external routes cannot originate from within the area. All routers in stub areas must agree on the stub configuration, otherwise adjacencies fail to form. The default route generated by the ABR provides reachability to all external destinations, though traffic engineering between multiple ABRs is not possible within the stub area.
Totally Stubby Area
Section titled “Totally Stubby Area”Totally stubby areas extend stub area restrictions by blocking both external LSAs and summary LSAs from other areas. The ABR generates only a default route for all destinations outside the area, dramatically reducing routing table size. This configuration maximizes scalability for areas requiring only local and default routing, eliminating all external routing information while maintaining connectivity.
Totally stubby areas receive only the ABR-generated default route plus connected and summary routes within the area. Routing decisions within the area remain optimal, while all external traffic uses the default route regardless of actual next-hop cost. This area type is particularly useful for small branch offices or remote sites that only require connectivity through a central location.
Not-So-Stubby Area
Section titled “Not-So-Stubby Area”Not-So-Stubby Areas (NSSA) combine stub area restrictions with the ability to contain ASBRs that advertise external routes. External routes can originate within the NSSA and propagate as NSSA-external LSAs, which are converted to standard external LSAs at the NSSA border. This capability enables external connectivity for areas requiring local external route generation while maintaining the scalability benefits of stub areas.
NSSA areas accept summary LSAs from the ABR but block external LSAs from other areas. The ASBR within the NSSA generates NSSA-external LSAs that propagate to other areas as standard type-5 external LSAs. NSSA-transit areas can transport external traffic between areas while maintaining local external route origination capabilities.
OSPF Configuration
Section titled “OSPF Configuration”Basic OSPF Instance
Section titled “Basic OSPF Instance”Sub-menu: /routing ospf instance
The OSPF instance configuration establishes the router’s participation in the OSPF routing domain. Basic configuration requires enabling the instance and setting the router ID, which uniquely identifies the router in OSPF communications. The router ID should be a stable IP address, typically one of the router’s interface addresses or a dedicated loopback address.
| Property | Type | Description | Default |
|---|---|---|---|
| name | string | Instance name for identification | default |
| router-id | IP address | Unique router identifier | auto |
| version | 2 | 3 | OSPF version: 2 for IPv4 (OSPFv2), 3 for IPv6 (OSPFv3) | 2 |
| vrf | string | VRF this instance belongs to | main |
| originate-default | never | if-installed | always | Default route origination behavior | never |
| redistribute | set (connected, static, bgp, rip, ospf, vpn, dhcp, modem) | Route sources to redistribute into OSPF | (none) |
| out-filter-chain | chain name | Routing filter chain applied to outgoing routes | (none) |
| in-filter-chain | chain name | Routing filter chain applied to incoming routes | (none) |
| disabled | yes | no | Disable the instance | no |
# Create OSPF instance with router ID (fresh install has no default instance)/routing ospf instance add name=default router-id=1.1.1.1
# Originate a default route into OSPF/routing ospf instance set default originate-default=always
# Redistribute connected and static routes/routing ospf instance set default redistribute=connected,static
# Redistribute connected, static, and BGP routes/routing ospf instance set default redistribute=connected,static,bgpOSPF Area Configuration
Section titled “OSPF Area Configuration”Sub-menu: /routing ospf area
Area configuration defines the OSPF areas to which the router belongs. Each area requires explicit configuration with an area ID and optional area type specification. The backbone area must exist and contain at least one router interface for OSPF to function correctly.
| Property | Type | Description | Default |
|---|---|---|---|
| instance | string | OSPF instance this area belongs to (required) | |
| name | string | Area name for identification | |
| area-id | IP address | Area identifier | 0.0.0.0 |
| type | default | stub | nssa | Area type | default |
| no-summaries | yes | no | Block Type 3 summary LSAs (creates totally stubby or totally NSSA area). Configure on ABR only. | no |
| default-cost | integer | ABR-generated default route cost for stub/NSSA areas | 1 |
| nssa-translator | candidate | NSSA translator role | candidate |
| disabled | yes | no | Disable the area | no |
# Configure backbone area/routing ospf area add instance=default area-id=0.0.0.0 name=backbone
# Configure stub area/routing ospf area add instance=default area-id=0.0.0.10 name=stub-area type=stub
# Configure NSSA area/routing ospf area add instance=default area-id=0.0.0.20 name=nssa-area type=nssa
# Configure totally stubby area (blocks both external and summary LSAs; ABR only)/routing ospf area add instance=default area-id=0.0.0.15 name=totally-stub type=stub no-summariesOSPF Interface Template Configuration
Section titled “OSPF Interface Template Configuration”Sub-menu: /routing ospf interface-template
Interface templates control OSPF behavior on specific router interfaces, including hello interval, dead interval, and authentication settings. Each template binds one or more interfaces to an OSPF area. The /routing ospf interface sub-menu shows dynamically created read-only entries reflecting active OSPF interfaces.
| Property | Type | Description | Default |
|---|---|---|---|
| area | string | Area name (required) | |
| interfaces | string | Interface name(s) to apply this template to | |
| type | broadcast | ptp | ptmp | nbma | OSPF network type | broadcast |
| hello-interval | time | Hello packet interval | 10s |
| dead-interval | time | Neighbor dead detection interval | 40s |
| retransmit-interval | time | LSA retransmission interval | 5s |
| transmit-delay | time | LSA transmission delay | 1s |
| priority | integer: 0..255 | Router priority for DR election | 128 |
| cost | integer: 1..65535 | Interface cost for metric calculation | 1 |
| auth | md5 | Authentication method | (none) |
| auth-key | string | Authentication key | |
| instance-id | integer: 0..255 | OSPFv3 instance ID | 0 |
| disabled | yes | no | Disable this template | no |
# Configure OSPF on interface in backbone area/routing ospf interface-template add area=backbone interfaces=ether1
# Configure point-to-point interface/routing ospf interface-template add area=backbone interfaces=ether2 type=ptp
# Configure with custom hello and dead intervals/routing ospf interface-template add area=backbone interfaces=ether3 hello-interval=5s dead-interval=20s
# Configure priority for DR election (0 = non-DR-eligible)/routing ospf interface-template add area=backbone interfaces=ether4 priority=100
# Configure cost manually/routing ospf interface-template add area=backbone interfaces=ether5 cost=10
# Configure MD5 authentication/routing ospf interface-template add area=backbone interfaces=ether6 auth=md5 auth-key=secret
# View active OSPF interfaces (read-only dynamic list)/routing ospf interface printOSPF Neighbor States
Section titled “OSPF Neighbor States”Understanding OSPF neighbor states is essential for troubleshooting adjacency formation issues. Each state represents a stage in the adjacency establishment process, with specific events triggering transitions between states.
Neighbor State Machine
Section titled “Neighbor State Machine”| State | Description |
|---|---|
| Down | Initial state; no hello received from neighbor |
| Attempt | NBMA networks; manual neighbor specification |
| Init | Hello received; bidirectional communication not confirmed |
| 2-Way | Bidirectional communication established |
| ExStart | Master/slave election for database synchronization |
| Exchange | Database description packets exchanged |
| Loading | Link-state request packets sent for missing LSAs |
| Full | Databases synchronized; adjacency complete |
# View OSPF neighbor status/routing ospf neighbor print
# View detailed neighbor information/routing ospf neighbor print detail
# Monitor neighbor state changes/routing ospf neighbor print where state=fullDR/BDR Election
Section titled “DR/BDR Election”On broadcast multi-access networks, designated router (DR) and backup designated router (BDR) election reduces the number of adjacencies and LSA flooding. The router with the highest priority becomes DR, with the second-highest becoming BDR. Ties are broken by router ID.
# Verify DR/BDR election/routing ospf neighbor print
# Check interface priority configuration/routing ospf interface printFirewall Considerations for OSPF
Section titled “Firewall Considerations for OSPF”OSPF uses IP protocol number 89 for all protocol traffic, including hello packets, database descriptions, link-state requests, and link-state updates. Unlike protocols that use TCP or UDP ports, OSPF directly encapsulates packets in IP with protocol 89. This is a critical consideration when configuring firewall rules, as many firewall configurations inadvertently block OSPF traffic by only allowing specific TCP/UDP ports.
Firewall Rules for OSPF
Section titled “Firewall Rules for OSPF”To allow OSPF traffic through the router’s firewall, you must add rules for protocol 89. These rules should typically be placed in the input chain on the OSPF interface or in a forward chain if OSPF traffic needs to pass through the router.
# Allow OSPF on internal interfaces (input chain)/ip firewall filter add chain=input protocol=89 action=accept comment="Allow OSPF"
# Allow OSPF on specific interface/ip firewall filter add chain=input in-interface=ether1 protocol=89 action=accept
# Allow OSPF for forwarding between interfaces (if needed)/ip firewall filter add chain=forward protocol=89 action=accept comment="Allow OSPF forwarding"Common OSPF Firewall Issues
Section titled “Common OSPF Firewall Issues”When firewall rules block OSPF protocol traffic, routers cannot form neighbor adjacencies. Common symptoms include:
- Neighbors stuck in Init or 2-Way state: Hello packets are not reaching the neighbor
- Neighbors stuck in ExStart/Exchange state: Database description packets cannot be exchanged
- No OSPF routes in routing table: Adjacency never reaches Full state
- Intermittent adjacency flaps: Some OSPF packets getting through but others blocked
Troubleshooting step: Verify OSPF is not being blocked:
# Check if OSPF packets are being filtered (RouterOS stores protocol=89 as "ospf")/ip firewall filter print where protocol=ospf
# Monitor OSPF packet counts on interfaces/routing ospf interface printIf OSPF traffic is being blocked, the neighbor will remain in a state other than Full, and the routing table will not contain OSPF-learned routes.
OSPF LSA Types
Section titled “OSPF LSA Types”Link-state advertisements communicate routing information throughout the OSPF domain. Each LSA type serves a specific purpose in the routing process, carrying different types of information about the network topology.
| Type | Name | Description | Scope |
|---|---|---|---|
| 1 | Router LSA | Describes router’s directly connected links | Area |
| 2 | Network LSA | Describes multi-access network and attached routers | Area |
| 3 | Summary LSA | Advertises routes from other areas (ABR) | Area |
| 4 | Summary LSA | Advertises ASBR location (ABR) | Area |
| 5 | External LSA | Advertises external routes (ASBR) | AS |
| 7 | NSSA External LSA | External routes from NSSA (ASBR) | NSSA |
# View link-state database/routing ospf lsa print
# View database by LSA type/routing ospf lsa print where type=router/routing ospf lsa print where type=network/routing ospf lsa print where type=inter-area-prefix/routing ospf lsa print where type=external
# View database with details/routing ospf lsa print detailRoute Summarization
Section titled “Route Summarization”Inter-Area Summarization
Section titled “Inter-Area Summarization”Sub-menu: /routing ospf area range
Route summarization at area boundaries reduces routing table size and limits LSA propagation. ABRs summarize routes from one area before advertising them into another, replacing multiple specific routes with a single summary route.
# Summarize 10.0.0.0/16 from stub area/routing ospf area range add area=stub-area prefix=10.0.0.0/16 advertise=yes
# Summarize 172.16.0.0/22 from NSSA/routing ospf area range add area=nssa-area prefix=172.16.0.0/22 advertise=yesOSPF Metrics and Cost
Section titled “OSPF Metrics and Cost”Interface Cost Calculation
Section titled “Interface Cost Calculation”OSPF cost represents the forwarding metric for each interface and must be configured manually in RouterOS 7. Lower costs indicate preferred paths, with traffic flowing along the lowest-cost route to each destination.
# Configure manual interface cost/routing ospf interface-template set [find interfaces=ether1] cost=10Route Metric Types
Section titled “Route Metric Types”External routes can use type 1 or type 2 metrics, affecting route selection when multiple ASBRs advertise the same destination.
| Type | Description |
|---|---|
| type1 | Metric includes external cost plus internal cost to ASBR |
| type2 | Metric is only the external cost (default) |
# Originate a default route into OSPF/routing ospf instance set default originate-default=alwaysOSPF Authentication
Section titled “OSPF Authentication”Simple Authentication
Section titled “Simple Authentication”Simple authentication uses a plaintext password included in OSPF packets. While providing basic authentication, this method transmits passwords in cleartext and should only be used where security requirements are minimal.
RouterOS 7 OSPF supports MD5 authentication configured via interface templates. Simple plaintext authentication is not supported.
# Configure MD5 authentication on interface template/routing ospf interface-template add area=backbone interfaces=ether1 auth=md5 auth-key=YourPasswordMD5 Authentication
Section titled “MD5 Authentication”MD5 authentication provides cryptographic verification of OSPF packets using shared secret keys. Each router must have matching auth-key values on the same link.
# Configure MD5 authentication/routing ospf interface-template add area=backbone interfaces=ether2 auth=md5 auth-key=SecretKeyOSPFv3 for IPv6
Section titled “OSPFv3 for IPv6”In RouterOS 7, OSPFv3 uses the same /routing ospf instance, /routing ospf area, and /routing ospf interface-template sub-menus as OSPFv2. Set version=3 on the instance to enable OSPFv3.
# Create an OSPFv3 instance for IPv6/routing ospf instance add name=ospfv3 router-id=1.1.1.1 version=3
# Configure backbone area for OSPFv3/routing ospf area add instance=ospfv3 area-id=0.0.0.0 name=backbone-v3
# Configure stub area for OSPFv3/routing ospf area add instance=ospfv3 area-id=0.0.0.10 name=ipv6-stub type=stub
# Assign interface to OSPFv3 area/routing ospf interface-template add area=backbone-v3 interfaces=ether1OSPF Filters
Section titled “OSPF Filters”Export Filters
Section titled “Export Filters”Sub-menu: /routing filter
Filters control which routes enter or exit the OSPF routing table, enabling route manipulation and policy-based routing.
# Create filter to allow specific routes/routing filter rule add chain=ospf-out rule="if (dst in 10.0.0.0/8) {accept}"
# Create filter to deny specific routes/routing filter rule add chain=ospf-out rule="if (dst in 172.16.0.0/12) {reject}"
# Apply output filter chain to OSPF instance/routing ospf instance set default out-filter-chain=ospf-outImport Filters
Section titled “Import Filters”# Create import filter for OSPF/routing filter rule add chain=ospf-in rule="accept"
# Apply import filter chain to OSPF instance/routing ospf instance set default in-filter-chain=ospf-inOSPF Monitoring and Troubleshooting
Section titled “OSPF Monitoring and Troubleshooting”Database Monitoring
Section titled “Database Monitoring”# View complete OSPF database/routing ospf lsa print
# View database summary by area/routing ospf lsa print where area=backbone
# View specific LSA details/routing ospf lsa print detail where type=router
# Monitor LSA origination/routing ospf lsa print where self-originatedNeighbor Monitoring
Section titled “Neighbor Monitoring”# View all neighbors/routing ospf neighbor print
# View neighbors in FULL state/routing ospf neighbor print where state=full
# View neighbor details/routing ospf neighbor print detail
# Monitor adjacency changes/routing ospf neighbor print interval=5Route Table Monitoring
Section titled “Route Table Monitoring”# View OSPF routes/ip route print where ospf~"."
# View route details/ip route print detail where routing-table=main ospf
# Check route costs/ip route print where ospf~"." and dst-address in 10.0.0.0/8Interface Statistics
Section titled “Interface Statistics”# View OSPF interface statistics/routing ospf interface print
# View detailed interface information/routing ospf interface print detailTroubleshooting Commands
Section titled “Troubleshooting Commands”# Check OSPF instance status/routing ospf instance print
# Verify area configuration/routing ospf area print
# Test neighbor reachability/ping 192.168.1.2 count=5
# Check interface OSPF status/routing ospf interface print where interface=ether1
# View LSA database (includes age field in output)/routing ospf lsa print
# Check for flapping LSAs (look for rapidly incrementing sequence numbers)/routing ospf lsa print detailOSPF Best Practices
Section titled “OSPF Best Practices”Area design should minimize the backbone area size while ensuring connectivity between all areas. Deploy ABRs at network distribution points where traffic naturally crosses area boundaries. Avoid virtual links except for temporary connectivity restoration, as they complicate troubleshooting and reduce network stability.
Interface cost configuration should reflect actual bandwidth to ensure traffic follows optimal paths. Calculate costs using reference bandwidth divided by interface bandwidth, maintaining consistent calculation methods across the network. Manual cost configuration provides explicit control when auto-calculation produces undesired results.
Authentication on all OSPF links prevents unauthorized router participation and route manipulation. Deploy MD5 authentication on all production networks, with matching key IDs and passwords across all participating routers. Plan key rotation procedures to maintain security without disrupting adjacencies.
Summarize routes at area boundaries to reduce routing table size and LSA flooding. Aggregate routes where possible without creating black holes or suboptimal routing. Test summarization changes in a lab environment before production deployment.
Monitoring OSPF health through regular inspection of neighbor states, LSA counts, and route table convergence ensures early problem detection. Configure logging for adjacency changes and implement SNMP monitoring for large deployments. Establish baseline metrics for comparison during troubleshooting.
Related Documentation
Section titled “Related Documentation”- BGP - Border Gateway Protocol configuration for inter-domain routing
- RIP - Routing Information Protocol for small networks
- MPLS - MPLS integration with OSPF
- Routing Overview - General IP routing configuration
- VRRP - Virtual Router Redundancy Protocol for gateway redundancy