OSPF (Open Shortest Path First)

OSPF (Open Shortest Path First) represents a fundamental shift in how routers think about networks. Instead of asking neighbors "how far is it to X?" and trusting their answers, OSPF routers share complete topology information. Every router builds the same map. Every router calculates its own routes.

This changes everything.

The Map vs. Directions

Distance-vector protocols like RIP work like asking for directions at every intersection. "How far to downtown?" "Three blocks that way." You trust the answer. You don't know if there's construction ahead, or a faster route the person didn't mention. You just follow directions.

OSPF works differently. Every router shares what it can see—its directly connected links—with every other router. From these fragments, each router builds an identical, complete map of the entire network. When you have the map, you don't need to ask for directions. You calculate the best route yourself.

This is the link-state approach: share the topology, not the routes.

How Routers Build the Map

Discovery: Routers send Hello packets on OSPF-enabled interfaces. When two routers see each other's Hellos and agree on timing parameters, they become neighbors.

Sharing: Each router creates link-state advertisements (LSAs) describing its directly connected networks. These LSAs flood throughout the network. Every router receives every other router's LSAs.

Synchronization: Routers ensure their link-state databases match. If a router receives an LSA it doesn't have, it requests the full data. The result: every router has an identical copy of the complete topology.

Calculation: With the full map, each router runs Dijkstra's algorithm (the "Shortest Path First" in OSPF's name) to calculate the best path to every destination. The router becomes the root of a shortest-path tree reaching all networks.

The elegance: no router trusts another router's routing decisions. Every router makes its own decisions from the same source of truth.

Why This Matters

Fast convergence: When a link fails, the detecting router floods a new LSA. All routers receive it, recalculate their paths, and update their routing tables—typically within seconds. No waiting for updates to propagate hop by hop.

Loop-free by design: Since every router calculates from the same map using the same algorithm, routing loops can't form. There's no "count to infinity" problem that plagues distance-vector protocols.

Bandwidth efficiency: LSAs only flood when something changes. No periodic full routing table exchanges.

Equal-cost multipath: When multiple paths have the same cost, OSPF can use them all simultaneously for load balancing.

Scaling with Areas

The complete-map approach has a cost: as networks grow, the map grows. Running Dijkstra's algorithm on a topology with thousands of routers gets expensive. More routers mean more LSAs, more memory, more CPU.

OSPF solves this with areas—logical groupings that contain the complexity.

Area 0 (the backbone): The core that connects everything. All other areas must connect to Area 0.

Non-backbone areas: Each maintains its own complete topology, but only sees summarized routes to other areas. A router in Area 1 doesn't need the detailed topology of Area 2—just "networks X, Y, Z are reachable through Area 0."

Area Border Routers (ABRs): Routers with interfaces in multiple areas. They maintain separate link-state databases for each area and summarize routes between them.

This creates a two-level hierarchy: detailed topology within each area, summarized routing between areas. A network can scale to thousands of routers by keeping each area manageable.

Stub areas take this further. A stub area doesn't receive external routes (routes redistributed from other protocols)—it just uses a default route. Totally stubby areas don't even receive inter-area routes. Less information to store, less calculation to perform.

The Cost Metric

OSPF selects paths by cost, typically derived from bandwidth:

Cost = Reference Bandwidth / Interface Bandwidth

With the default 100 Mbps reference:

• 10 Mbps link: cost 10
• 100 Mbps link: cost 1
• 1 Gbps link: cost 1 (the math floors to 1)

That last line reveals a problem. Modern networks should increase the reference bandwidth—10 Gbps or higher—so faster links actually get lower costs.

Path cost is the sum of all link costs. OSPF always selects the lowest total cost path.

The Designated Router Election

On broadcast networks like Ethernet, OSPF faces a problem. If ten routers share a segment, should each form adjacencies with all nine others? That's 45 adjacencies, 45 separate database synchronizations.

OSPF's solution: elect a Designated Router (DR) and Backup DR (BDR). All routers form adjacencies only with the DR and BDR. The DR represents the network—it generates LSAs on behalf of the segment and manages synchronization.

It's genuinely strange if you think about it. Routers hold an election. The router with the highest priority (or highest router ID as tiebreaker) becomes the spokesperson for the group. Democracy among machines.

Point-to-point links skip this entirely—two routers just form a direct adjacency.

Failure and Recovery

When a router stops receiving Hello packets from a neighbor, it waits (default: 40 seconds, four missed Hellos) then declares the neighbor dead. For faster detection, reduce the timers—or use Bidirectional Forwarding Detection (BFD) for sub-second failure detection.

The detecting router generates new LSAs reflecting the changed topology. These flood reliably—routers acknowledge receipt, and LSAs are retransmitted until acknowledged.

Every router receiving the updated LSAs runs SPF recalculation. In modern routers, this completes in milliseconds. New routes are installed, and traffic shifts to surviving paths.

Total convergence time: often under a second with tuned timers and BFD.

Authentication

OSPF supports authentication to prevent rogue routers from injecting false topology information:

• Null: No authentication (default, not secure)
• Plain text: Passwords in clear text (minimal security)
• Cryptographic: MD5 or SHA-based (use this)

In production networks, always use cryptographic authentication.

OSPF vs. Alternatives

vs. RIP: OSPF scales larger, converges faster, uses bandwidth more efficiently, and makes better path decisions (bandwidth-based cost vs. hop count).

vs. EIGRP: Cisco's proprietary protocol offers similar performance but limits vendor choice. OSPF's open standard wins in multi-vendor environments.

vs. IS-IS: Another link-state protocol, popular with large service providers. Similar capabilities, different heritage (OSI vs. IP). OSPF dominates enterprise networks; IS-IS dominates carrier networks.

When OSPF Fits

• Medium to large networks with dozens to thousands of routers
• Multi-vendor environments requiring open standards
• Networks needing fast failover
• Complex topologies with redundant paths
• Organizations planning significant growth

When to Consider Alternatives

• Very small networks where RIP's simplicity suffices
• All-Cisco environments where EIGRP's efficiency helps
• Massive service provider backbones where IS-IS conventions dominate

Key Takeaways

OSPF's core insight is that sharing the map beats sharing directions. Every router maintains an identical topology database, calculates its own shortest paths, and makes independent routing decisions from shared truth. This eliminates routing loops, enables fast convergence, and scales through hierarchical area design. The backbone area (Area 0) connects all other areas, with Area Border Routers summarizing routes between them. Cost metrics based on bandwidth guide path selection, with support for load balancing across equal-cost paths. As an open standard with universal vendor support, OSPF remains the dominant choice for enterprise and service provider networks requiring scalable, fast-converging interior routing.