Open Shortest Path First

This section gives a basic snapshot of the Open Shortest Path First (OSPF) Protocol and configuring the OSPF Protocol on the FWSM.

OSPF is a link state routing protocol developed by the Internet Engineering Task Force (IETF). An OSPF can operate within a hierarchy. An autonomous system (AS) is the largest entity within the hierarchy, which is a collection of networks under a common administration that share a common routing strategy. OSPF is an IGP routing protocol and uses the Dijsktra algorithm to calculate the shortest path first (SPF) for route computation. Routing from one area to another will have to pass through the backbone area (area 0), which gives OSPF two levels of hierarchy for routing. SPF is independently performed for each area. The routing protocol supports classless interdomain routing (CIDR) and variable length subnet masking (VLSM). Routing decisions are made based on the cost of the links. All links have a cost, and the total path cost from source to destination is used to make routing decisions at the first hop router.

SPF Algorithm

The SPF algorithm is calculated for an area. All the routers in the area share the same database. The OSPF database is built based on link-state advertisement (LSA). OSPF uses LSAs to advertise the networks configured in the node to other nodes in the area. Some of the information in an LSA includes the interface and subnet of the node. A network change triggers an LSA. The periodic refresh is sent every 30 seconds (default value).

The following are some of the OSPF routing protocol packets:

• Hello: Hello uses multicast for all routers ( In a LAN, the hello is 10 seconds, and in a non-broadcast multi-access (NBMA) network, the hello is 30 seconds. This is used to form adjacency between routers and maintain neighbor relationship.

• Database Descriptor: Gives the topology information of the database and is exchanged when adjacency is established.

• Link State Request: If a router receives a database request with new information, this request is sent to the neighbors to get more details.

• Link State Update: This is a response to the link state request. Several LSAs are included within a single link state update packet.

• Link State Acknowledgment: This acknowledges a link state update.

OSPF Network Types

There are five OSPF network types:

• Broadcast multi-access: Any LAN or Ethernet segment represents this type of OSPF network. In this network, OSPF will have a designated router (DR) and a backup designated router (BDR). The designated router is responsible to maintain the OSPF topology. DR and BDR elections are done based on OSPF priority. A DR is selected based on the highest OSPF priority. In case of a tie, the router with the highest router ID wins the election. BDR is used as a DR in case the designated router fails. The default for interface OSPF priority on Cisco routers is one. The routers send their advertisement to the DR using multicast group.

• Point-to-point: One router is directly connected to the other router. For example, a serial link connection between the two routers is a point-to-point link. There is no DR/ BDR election in this network type.

• Point-to-multipoint: This is a single interface that connects to multiple destinations. There is no DR/BDR election. OSPF sends its messages using multicast.

• Non-Broadcast Multi-access (NBMA): Typically seen in Frame Relay circuits when multiple sites are connected to a hub with a single interface. All the interfaces will have a single IP subnet. DR/BDR election takes place here.

• Virtual Links: When an area does not have connection to the backbone (all areas defined in the OSPF process should have connection to the backbone), a virtual link needs to be configured between the area and the backbone (area 0).

Concept of Areas

OSPF uses a hierarchy for route exchanges in a domain. An area is a group of routers in the OSPF domain that exchanges and maintains the LSA database. The concept of areas in OSPF builds a two-level hierarchy for routing. Route exchanges from one area to the other is through area 0, which is the backbone for the OSPF network. Figure 9-1 shows the concept of areas and its components.

Figure 9-1 Hierarchy in OSPF

Figure 9-1 Hierarchy in OSPF

There are different types of routers in an area, and each has a different functionality: • Internal routers: Routers that are inside an area.

Area Backbone Router (ABR): This connects one or more areas to the backbone (area 0) and acts as a gateway for inter-area traffic.

Autonomous System Router (ASBR): Any redistribution of routes makes a router an ASBR. They act as gateways for external traffic.

Backbone Router: All areas are connected to area 0 (also called the backbone). The routers within this area are referred to as the backbone router.


The ABR routers must have a link in area 0.

OSPF Link State Advertisement

OSPF routers use LSAs to advertise their networks. Figure 9-2 shows the different types of LSAs in an OSPF network.

Figure 9-2 LSA Types and Stub Area

Figure 9-2 LSA Types and Stub Area

• Router link LSA: Every router in a particular area will generate this LSA. This LSA type will be sent to all the routers in the same area to maintain the database for SPF calculation. This type of LSA is identified as Type 1 LSA.

• Network link LSA: This LSA is originated by a DR. This LSA advertises the multiaccess network and all routers attached to the network. This is a Type 2 LSA.

• Network summary link LSA: Describes the destination outside the area and is flooded throughout a single area originated by an ABR. This is a Type 3 LSA.

• AS external ASBR summary link LSA: This is originated from the ABR and contains the metric cost from the ABR to the ASBR. It is identified as a Type 4 LSA.

• External link LSA: This is originated from the ASBR routers. The route information in this LSA is the destination learned from another routing process (autonomous system). The external metric field in this LSA describes whether the route is external type 1 or external type 2. The difference between the two types is in the way the cost of the route is calculated. The cost of a type 2 route is always the external cost, irrespective of the interior cost to reach that route. A type 1 cost is the addition of the external cost and the internal cost used to reach that route. This is identified as a Type 5 LSA.

• NSSA External LSA: When an external route is redistributed in the OSPF NSSA area, Type 7 LSAs are created by ASBRs in NSSA. Type 5 LSAs are not allowed in the NSSA area, so the NSSA ASBR generates a Type 7 LSA instead, which remains within the NSSA. This Type 7 LSA gets translated back into a Type 5 LSA by the NSSA ABR.

Types of Stub Area in OSPF

The types of stub areas in OSPF are as follows:

• Stub area: The ABR will not send external LSAs to the routers configured as stub. All the routers in the stub area should have all the interfaces configured as stub. In this case, the hello flag with E bit changes to 0.

• Totally stubby area: No external routes or Type 3 LSAs are allowed. The routers inside the area get the default route to make the routing decision.

• Not so stubby area: Type 5 LSAs (external routes) are not allowed in a stubby area. Not so stubby area (NSSA) must be configured to support external routes in a stubby area. This is featured in RFC 1587.


The FWSM can run only two OSPF processes simultaneously. OSPF restricts the FWSM to have overlapping IP addresses. This is traditionally possible through NAT. It is common to see one OSPF process used in each of the two security domains. The redistribution is possible only between two OSPF processes representing each security domain. Static routes can also be redistributed into the OSPF process. Redistribution between RIP and OSPF routes cannot be configured. OSPF and RIP cannot be enabled together in the FWSM.

OSPF Features Supported in FWSM

The following are the important features of OSPF supported in FWSM:

• Only two OSPF processes are supported in the FWSM.

• Redistribution is possible between the two OSPF processes or static routes only.

• Support of virtual link.

• Authentication via message digest algorithm 5 (MD5).

• Supports inter-area, intra-area, and external routes (Type 1 and Type 2).

• Advertisement of static and global address translations.

• Advanced LSA filtering—Type 3 filtering.

Was this article helpful?

0 0

Post a comment