OSPF (Open Shortest Path First) is the most widely deployed interior gateway protocol in enterprise networks, and the protocol most CCNP and CCIE candidates spend the longest time in the lab with. It is fast-converging, vendor-neutral, scales cleanly to thousands of routers when you design it right, and has just enough complexity (LSA types, area types, DR/BDR election, virtual links) to keep it interesting for a long career.
This is the cluster overview for the full PingLabz OSPF series: 38 articles covering fundamentals, configuration, troubleshooting, internals, and enterprise design, all built on Cisco IOS XE 17.x. If you are studying for CCNA/CCNP/CCIE, designing a multi-area campus, or troubleshooting a stuck adjacency at 2 AM, start here. We will work through what OSPF is, how the protocol operates, the LSA types you actually need to know, and the configuration commands to bring up a working topology, with links into the deeper articles where you need them.
What OSPF Solves
Inside a single autonomous system you need a routing protocol that can react to a link failure in well under a second, scale to thousands of routes without flooding the network with updates, and let multiple network operators express decisions about which links to prefer. RIP is too slow and does not scale. EIGRP is fast but proprietary (open since 2013, but adoption beyond Cisco is rare). BGP is too slow on purpose and the wrong abstraction for intra-domain routing.
OSPF is what most networks reach for. It is:
- Link-state. Every router floods its view of the local topology to every other router in the area, so all routers build the same map and run the same shortest-path computation independently.
- Standards-based (RFC 2328 for OSPFv2, RFC 5340 for OSPFv3). Vendor interop is genuinely good.
- Fast-converging. Sub-second failover is achievable with the default timers and trivial with BFD.
- Hierarchical. Areas let you contain LSA flooding and SPF computation to a sub-region, which is how OSPF scales past a few hundred routers.
- Cost-based. The metric is a 16-bit integer derived from interface bandwidth, with a single tiebreaker (equal-cost multipath, ECMP, by default up to 4 paths and tunable).
You will run OSPF underneath BGP on most production networks: OSPF for fast internal reachability, BGP at the edge for inter-AS policy. The two are complementary, not competitive. What is OSPF? A Complete Guide to Open Shortest Path First has the long-form intro.
How OSPF Works (the 10,000-Foot View)
OSPF runs directly on top of IP (protocol number 89, no TCP or UDP). It uses two multicast addresses on broadcast networks: 224.0.0.5 (AllSPFRouters) and 224.0.0.6 (AllDRouters). The protocol moves through three phases on every link it activates:
- Neighbor discovery. Routers send Hello packets. If the Hello parameters match (area ID, hello/dead timers, subnet mask on broadcast links, authentication, MTU), the routers form a neighbor relationship.
- Database synchronization. Once neighbors are at ExStart/Exchange, they swap Database Description (DBD) packets summarizing their LSDB, then request and exchange any missing LSAs via LSR/LSU/LSAck.
- SPF computation. When the LSDB stabilizes, every router runs Dijkstra's SPF algorithm against its own copy and installs the resulting routes. Because every router in the area has an identical LSDB, every router computes the same topology. That is the link-state guarantee.
The full mechanics are in Introduction to OSPF: How It Works and Why It Matters, with packet-level detail in OSPF Packet Types Explained: Hello, DBD, LSR, LSU, LSAck.
OSPF Neighbor States: What show ip ospf neighbor Tells You
Every OSPF adjacency walks through these states. If you see a neighbor stuck somewhere along the way, the state itself is the diagnostic clue:
| State | What's happening | Stuck here means... |
|---|---|---|
| Down | No Hellos received yet | L2 problem, OSPF not enabled, ACL |
| Attempt | NBMA only: trying to send unicast Hello | Manual neighbor config issue |
| Init | Hello received but our router ID is not yet in their Hello | One-way Hello, asymmetric ACL/filter |
| 2-Way | Bidirectional Hellos confirmed; this is the final state for non-DR/BDR pairs on broadcast links | Healthy on broadcast non-DR pairs |
| ExStart | Negotiating master/slave for DBD exchange | MTU mismatch (#1 cause) |
| Exchange | DBD packets being swapped | MTU mismatch, packet drop |
| Loading | Requesting missing LSAs via LSR | Rare; LSU loss |
| Full | LSDBs synchronized; healthy steady state | This is what you want |
Stuck-in-ExStart is so common it has its own article: OSPF MTU Mismatch: Symptoms and Fixes. The full state walkthrough with packet captures is in OSPF Neighbor States Explained.
LSA Types: The Heart of OSPF Internals
OSPF carries topology information in Link-State Advertisements (LSAs). Different LSA types describe different scopes and propagate differently. Memorize the first six; the rest are special-case:
| Type | Name | Originated by | Scope | Carries |
|---|---|---|---|---|
| 1 | Router LSA | Every router | Single area | Router's own links and costs |
| 2 | Network LSA | DR on broadcast/NBMA | Single area | Routers attached to the segment |
| 3 | Summary LSA (network) | ABR | Other areas | Inter-area prefix |
| 4 | Summary LSA (ASBR) | ABR | Other areas | How to reach an ASBR |
| 5 | External LSA | ASBR | Whole AS (not stub) | Redistributed external routes |
| 7 | NSSA External LSA | ASBR in NSSA | NSSA only, then converted to Type 5 by ABR | External routes from inside an NSSA |
| 9-11 | Opaque LSAs | Various | Link / area / AS | MPLS-TE, traffic engineering, segment routing |
The reason area types exist (stub, totally stubby, NSSA, totally NSSA) is to control which of these LSA types make it into the area, which is how you keep small areas small. The full reference, including how each LSA looks in show ip ospf database, is in OSPF LSA Types Explained (Type 1-7).
Areas: Why OSPF Scales
OSPF scales by splitting a network into areas. Every router in an area has an identical LSDB, but routers in different areas only see summarized inter-area information. Three rules govern area design:
- Every multi-area OSPF deployment must have an Area 0 (the backbone).
- All non-backbone areas must connect to Area 0, either directly via an Area Border Router (ABR), or indirectly through a virtual link (try to avoid these).
- Inter-area traffic must transit Area 0. The protocol does not support arbitrary area-to-area shortcuts.
The four area flavors and what they filter:
| Area type | Type 3 summary? | Type 4 summary? | Type 5 external? | Type 7 NSSA? |
|---|---|---|---|---|
| Standard | Yes | Yes | Yes | No |
| Stub | Yes | No | No | No |
| Totally stubby | No (default route only) | No | No | No |
| NSSA | Yes | No | No | Yes (converted to T5 at ABR) |
| Totally NSSA | No (default route only) | No | No | Yes |
Use stub areas wherever you can; the smaller the LSDB the faster the SPF run. The full design walkthrough is in OSPF Areas Explained: Why and How to Use Them, configuration in OSPF Stub Area Configuration, and the rare-but-needed OSPF Virtual Links Configuration for backbone discontinuities.
DR/BDR Election on Multi-Access Links
On a broadcast or NBMA segment with N routers, full-mesh adjacencies would require N(N-1)/2 sessions. Instead, OSPF elects one Designated Router (DR) and one Backup DR (BDR), and every other router only forms full adjacencies with those two. The DR generates the Type 2 LSA describing the segment.
Election rules in order:
- Highest OSPF priority (default 1, range 0-255; 0 means "never DR")
- Highest router ID (which itself defaults to the highest loopback IP, falling back to highest physical interface IP at process start)
The election is non-preemptive. If you bring up a router with priority 100 onto a segment that already has a DR, the existing DR stays put. To force a change, bounce the OSPF process or take the link down. OSPF DR and BDR: What They Are and Why They Matter has the full election walkthrough.
On point-to-point links (the default network type for most modern WAN circuits), there is no DR election. Full adjacencies form directly between the two routers.
OSPF Network Types: The One Setting Most Engineers Forget
OSPF behaves differently depending on the network type assigned to each interface. The default depends on the interface (broadcast on Ethernet, point-to-point on serial, NBMA on Frame Relay), but you can override it:
| Network type | DR election? | Hello/Dead | Neighbor discovery | Use when |
|---|---|---|---|---|
| Broadcast | Yes | 10/40 | Multicast | Default Ethernet, multi-access |
| Point-to-point | No | 10/40 | Multicast | Point-to-point links |
| Point-to-multipoint | No | 30/120 | Multicast | Hub-and-spoke without DR overhead |
| NBMA | Yes | 30/120 | Manual neighbor config | Frame Relay full mesh (rare today) |
| Loopback | No | n/a | n/a | Default for loopback interfaces |
The single most useful trick: change a broadcast interface to point-to-point with ip ospf network point-to-point. It skips DR election and shaves a few seconds off neighbor formation. OSPF Network Types Explained covers when to do this and when not to.
Configuration on Cisco IOS XE: Minimum Viable OSPF
The smallest possible single-area OSPF config:
R1(config)# router ospf 1
R1(config-router)# router-id 1.1.1.1
R1(config-router)# network 10.0.0.0 0.0.255.255 area 0
R1(config-router)# passive-interface default
R1(config-router)# no passive-interface GigabitEthernet0/0/1Three things to notice. First, the process ID (1) is locally significant only; you do not have to match it on neighbors. Second, the wildcard mask in the network statement is inverted from a regular subnet mask (0.0.255.255 is the inverse of /16). Third, passive-interface default followed by selective no passive-interface is the safe pattern: it stops you from accidentally forming OSPF adjacencies on every interface in the network statement.
You will also see the interface-based form, which is cleaner for multi-process or selective enablement:
R1(config)# interface GigabitEthernet0/0/1
R1(config-if)# ip ospf 1 area 0Once both sides are up, verification:
R1# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/DR 00:00:36 10.0.12.2 GigabitEthernet0/0/1If you see anything other than FULL/- on a P2P link or FULL/DR or FULL/BDR on a broadcast link, you have a problem. Walk back up the neighbor states table.
The full configuration walkthrough is in How to Configure Single-Area OSPF on Cisco Routers and Configuring Multi-Area OSPF on Cisco Routers. Other essentials:
- OSPF Passive Interfaces: When and How to Use Them - the single most important hardening control
- OSPF Router ID: What It Is and How to Configure It - always set this manually
- OSPF Timers: Hello and Dead Intervals Explained - tune for sub-second failover with BFD
- OSPF Authentication Configuration (Plain Text and MD5) - mandatory on any shared Layer 2
- How to Advertise a Default Route in OSPF - the classic
default-information originate
Metric and Cost: How OSPF Picks the Best Path
OSPF uses cost (a 16-bit integer) as its only metric. Lower cost wins, and the SPF algorithm sums costs along the path. The default Cisco formula is:
cost = reference_bandwidth / interface_bandwidthThe default reference bandwidth is 100 Mbps, which means anything 100 Mbps or faster gets a cost of 1. That is wrong on any modern network. Set the reference bandwidth high enough to differentiate your fastest link:
R1(config)# router ospf 1
R1(config-router)# auto-cost reference-bandwidth 100000 ! 100 GbpsSet the same value on every router in the OSPF domain. How OSPF Calculates Metric and Cost walks through the math and the gotchas.
Get the OSPF Field Reference - 9 pages, free
Everything in this pillar, on nine printable pages. State machine diagram, LSA types, troubleshooting decision tree, copy-paste IOS XE templates, and real lab captures from a Cisco Modeling Labs build. Free for PingLabz members - just sign up with your email.
OSPF vs Other Routing Protocols
| Trait | OSPF | EIGRP | IS-IS | BGP |
|---|---|---|---|---|
| Type | Link-state | Distance-vector (DUAL) | Link-state | Path-vector |
| Standards | Open (RFC 2328) | Open since 2013, Cisco-led | Open (ISO 10589) | Open (RFC 4271) |
| Default AD (Cisco) | 110 | 90 internal / 170 external | 115 | 20 / 200 |
| Convergence | Sub-second with tuning | Sub-second (DUAL) | Sub-second with tuning | Slow on purpose |
| Metric | Cost (bandwidth-derived) | Composite (bandwidth, delay) | Cost (configurable) | Path attributes |
| Hierarchy | Areas with strict rules | None native | Two-level (L1/L2) | Confederations / RR |
| Scope | Intra-AS | Intra-AS | Intra-AS (huge ISPs) | Inter-AS |
If you also run BGP (and most production networks do), see the BGP pillar at BGP (Border Gateway Protocol): The Complete Guide for how the two coexist. The dedicated head-to-head is BGP vs OSPF: When to Use Each Routing Protocol, and OSPF vs Other Routing Protocols goes deeper on the trade-offs.
Redistribution: Bringing Routes In and Out of OSPF
Every multi-protocol network needs redistribution somewhere: from connected/static into OSPF, between OSPF processes, between OSPF and BGP, between OSPF and EIGRP. Two things matter:
- Filter aggressively. Redistribution defaults are dangerous (one ASBR can pull thousands of routes into OSPF Type 5 LSAs and explode the LSDB). Use route maps with prefix-list matches.
- Pick external metric type carefully. Type 1 (E1) adds the OSPF cost to reach the ASBR; Type 2 (E2, default) does not. Use E1 inside a single AS to allow internal cost tiebreakers; E2 for routes coming in from outside.
The full walkthrough with worked examples is in OSPF Redistribution: How to Inject Routes from Other Protocols, and summarization at the ABR / ASBR boundary is in OSPF Route Summarization: Strategy and Configuration.
OSPF Security and the Common Mistakes
OSPF was not designed with hostile networks in mind, but the modern hardening checklist is short and well-understood:
- Authentication on every adjacency. MD5 minimum, SHA where supported. Plain-text exists only for migration scenarios.
- Passive-interface default followed by explicit
no passive-interfaceon the interfaces that should peer. This is by far the most common control failure: a network statement that accidentally pulls in a customer-facing interface. - Strict TTL check (GTSM) with
ip ospf ttl-security hops 1on point-to-point links to defeat off-link attackers. - maxprefix-style redistribution filtering to cap blast radius from a misconfigured ASBR.
- Stub or NSSA on edge areas to limit the LSAs a compromised router can inject.
The full hardening pattern is in OSPF Design Best Practices for Enterprise Networks.
Troubleshooting: The Five Failures You Will See
- OSPF Neighbors Not Forming: Complete Troubleshooting Guide
- Fixing OSPF Area Mismatch Issues
- OSPF MTU Mismatch: Symptoms and Fixes (the #1 cause of stuck-in-ExStart)
- OSPF Authentication Mismatch Troubleshooting
- Fixing Duplicate OSPF Router ID Issues
- OSPF Routes Not Appearing in Routing Table
- Common OSPF Passive Interface Mistakes
- OSPF Subnet Mask Mismatch: How to Troubleshoot and Fix
The Full OSPF Cluster, in Reading Order
Fundamentals
1. What is OSPF? A Complete Guide to Open Shortest Path First
2. OSPF Key Terms and Concepts Every Network Engineer Should Know
3. OSPF Neighbor States Explained
4. OSPF Areas Explained: Why and How to Use Them
5. OSPF DR and BDR: What They Are and Why They Matter
6. How OSPF Calculates Metric and Cost
7. OSPF Router ID: What It Is and How to Configure It
8. OSPF Packet Types Explained
9. OSPF vs Other Routing Protocols
Configuration
10. How to Configure Single-Area OSPF on Cisco Routers
11. Configure Single Area OSPFv2: Complete Lab Guide
12. OSPF Passive Interfaces: When and How to Use Them
13. Interface-Based OSPF Configuration
14. How to Advertise a Default Route in OSPF
15. Configuring Multi-Area OSPF on Cisco Routers
16. OSPF Authentication Configuration
17. OSPF Stub Area Configuration
18. OSPF Virtual Links Configuration
19. OSPF Timers: Hello and Dead Intervals Explained
20. OSPF Network Types Explained
21. Cisco OSPF Configuration Guide: Step-by-Step Tutorial
22. Configuring OSPF Router IDs and Why They Matter
Troubleshooting
23. OSPF Neighbors Not Forming
24. Fixing OSPF Area Mismatch Issues
25. OSPF MTU Mismatch
26. OSPF Authentication Mismatch
27. Fixing Duplicate OSPF Router ID Issues
28. OSPF Routes Not Appearing in Routing Table
29. Common OSPF Passive Interface Mistakes
30. OSPF Subnet Mask Mismatch
Deep Dives
31. OSPF LSA Types Explained (Type 1-7)
32. How OSPF SPF Algorithm and LSDB Work
33. OSPF Neighbor Relationships: The Foundation of OSPF
34. Understanding OSPF Terminology and Concepts
Design and Scaling
35. OSPF Route Summarization
36. OSPF Redistribution
37. OSPF Design Best Practices for Enterprise Networks
38. OSPF Basics: How It Works and Why It Matters
Hands-on OSPF - 5 CCNA labs included
Configure OSPF single-area (free preview), multi-area with ABRs and inter-area routes, network types, DR/BDR election, and MD5 authentication on real Cisco IOS XE 17.16 routers. Downloadable CML topology .yaml + starter configs. Open the PingLabz CCNA Labs library to start.
Frequently Asked Questions
What does OSPF stand for?
OSPF stands for Open Shortest Path First. It is a link-state interior gateway protocol defined in RFC 2328 (OSPFv2 for IPv4) and RFC 5340 (OSPFv3 for IPv6 and now IPv4 too).
What protocol number does OSPF use?
OSPF runs directly on top of IP using protocol number 89. It does not use TCP or UDP. Hellos and most updates are sent to multicast 224.0.0.5 (AllSPFRouters) and DR/BDR-only traffic to 224.0.0.6 (AllDRouters).
What is the administrative distance of OSPF?
110 on Cisco. Lower than RIP (120) and IS-IS (115), higher than EIGRP internal (90) and eBGP (20). The AD is used when multiple routing protocols offer routes to the same prefix; the protocol with the lowest AD wins.
OSPF vs EIGRP, which one should I use?
EIGRP converges slightly faster on small networks because of DUAL's local computation, but OSPF is the safer enterprise choice in 2026: it is genuinely vendor-neutral, scales further (multiple areas), and every certification track expects you to know it. Most CCIE candidates run both in the lab and OSPF in production.
OSPF vs BGP, when do you use each?
OSPF for fast intra-AS reachability. BGP for inter-AS policy and DFZ-scale prefix counts. You almost always run both: OSPF underneath BGP so the iBGP TCP sessions stay up and BGP NEXT_HOPs resolve. See the BGP pillar for the inter-AS half of the story.
How many OSPF neighbor states are there?
Eight: Down, Attempt, Init, 2-Way, ExStart, Exchange, Loading, Full. The first four are about discovering the neighbor; the last four are about synchronizing the LSDB. A healthy adjacency on a point-to-point link ends in Full; on a broadcast link, non-DR/BDR pairs stay at 2-Way and only the DR/BDR pair reaches Full.
Key Takeaways
If you take one thing away from this guide, make it this: OSPF rewards careful design at the area level. Every other concept (LSA types, area types, DR/BDR, network types) becomes obvious once you understand why areas exist. Memorize the neighbor states and the LSA types, set passive-interface default on every router, set the reference bandwidth on every router, and verify with show ip ospf neighbor after every change. Bookmark this page, work through the cluster articles in order, and lab every configuration. By the time you finish, you will be ready for any OSPF question a CCIE lab or a 3 AM ticket can throw at you.