OSPF is an interior gateway routing protocol that uses link
states rather than distance vectors for path selection. OSPF propagates
link-state advertisements rather than routing table updates. Because only LSAs
are exchanged instead of the entire routing tables, OSPF networks converge more
quickly than RIP networks.
OSPF uses a link-state algorithm to build and calculate the
shortest path to all known destinations. Each router in an OSPF area contains
an identical link-state database, which is a list of each of the router usable
interfaces and reachable neighbors.
The advantages of OSPF over RIP include the following:
OSPF link-state database updates are sent less frequently than
RIP updates, and the link-state database is updated instantly, rather than
gradually, as stale information is timed out.
Routing decisions are based on cost, which is an indication of
the overhead required to send packets across a certain interface. The
calculates the cost of an interface based on link bandwidth rather than the
number of hops to the destination. The cost can be configured to specify
The disadvantage of shortest path first algorithms is that they
require a lot of CPU cycles and memory.
can run two processes of OSPF protocol simultaneously on different sets of
interfaces. You might want to run two processes if you have interfaces that use
the same IP addresses (NAT allows these interfaces to coexist, but OSPF does
not allow overlapping addresses). Or you might want to run one process on the
inside and another on the outside, and redistribute a subset of routes between
the two processes. Similarly, you might need to segregate private addresses
from public addresses.
You can redistribute routes into an OSPF routing process from
another OSPF routing process, a RIP routing process, or from static and
connected routes configured on OSPF-enabled interfaces.
supports the following OSPF features:
Intra-area, inter-area, and external (Type I and Type II)
Authentication to OSPF packets (both password and MD5
as a designated router or a designated backup router. The
also can be set up as an ABR.
Stub areas and not-so-stubby areas.
Area boundary router Type 3 LSA filtering.
OSPF supports MD5 and clear text neighbor authentication.
Authentication should be used with all routing protocols when possible because
route redistribution between OSPF and other protocols (such as RIP) can
potentially be used by attackers to subvert routing information.
If NAT is used, if
OSPF is operating on public and private areas, and if address filtering is
required, then you need to run two OSPF processes—one process for the public
areas and one for the private areas.
A router that has
interfaces in multiple areas is called an Area Border Router (ABR). A router
that acts as a gateway to redistribute traffic between routers using OSPF and
routers using other routing protocols is called an Autonomous System Boundary
An ABR uses LSAs to send information
about available routes to other OSPF routers. Using ABR Type 3 LSA filtering,
you can have separate private and public areas with the ASA acting as an ABR.
Type 3 LSAs (inter-area routes) can be filtered from one area to other, which
allows you to use NAT and OSPF together without advertising private networks.
Only Type 3 LSAs can be filtered. If you configure the
as an ASBR in a private network, it will send Type 5 LSAs describing private
networks, which will get flooded to the entire AS, including public areas.
If NAT is employed
but OSPF is only running in public areas, then routes to public networks can be
redistributed inside the private network, either as default or Type 5 AS
external LSAs. However, you need to configure static routes for the private
networks protected by the
Also, you should not mix public and private networks on the same
You can have two OSPF routing processes, one RIP routing
process, and one EIGRP routing process running on the
at the same time.