OSPF
RouterOS v7+ includes an enhanced OSPF implementation with improved performance, better scalability, and support for modern OSPF features including graceful restart and traffic engineering extensions.
OSPF fundamentals
How OSPF works
Link-state operation:
Each router maintains complete network topology database
Routers exchange Link State Advertisements (LSAs)
Shortest Path First (SPF) algorithm calculates optimal paths
Hierarchical area design provides scalability
Key concepts:
Areas - Logical subdivisions that limit LSA flooding scope
Router ID - Unique identifier for each OSPF router
Cost - Metric based on bandwidth (100Mbps/interface bandwidth)
Designated Router (DR) - Reduces LSA flooding on broadcast networks
Adjacencies - Full neighbor relationships for LSA synchronization
OSPF advantages
Fast convergence:
Sub-second convergence with proper tuning
Immediate detection of link failures
Incremental SPF calculations for efficiency
Scalability features:
Area hierarchy reduces routing overhead
Route summarization at area boundaries
Support for thousands of routes
Load balancing:
Equal-Cost Multi-Path (ECMP) support
Automatic load distribution across equal paths
Unequal cost load balancing with careful design
# OSPF network topology example
#
# Area 0 (Backbone)
# Router1 ---- Router2
# | |
# Area 1 Area 2
# (Marketing) (Engineering)
#
# Each area maintains separate LSA database
# Area 0 connects all other areas
# Inter-area routing through Area 0 (ABR routers)Basic OSPF configuration
Single area OSPF
Simple OSPF deployment for small to medium networks:
# Basic OSPF configuration for single area
# Enable OSPF instance
/routing ospf instance add name=main router-id=1.1.1.1 disabled=no comment="Main OSPF instance"
# Create backbone area (Area 0)
/routing ospf area add name=backbone area-id=0.0.0.0 instance=main comment="OSPF backbone area"
# Add interfaces to OSPF
/routing ospf interface-template add area=backbone interfaces=ether1,ether2,bridge \
type=broadcast disabled=no comment="OSPF interfaces"
# Verify OSPF operation
/routing ospf neighbor print
/routing ospf lsa print
/ip route print where ospf=yes
# Check OSPF database
/routing ospf lsa print where area=backboneMulti-area OSPF
Hierarchical OSPF design for larger networks:
# Multi-area OSPF configuration
# Router acting as Area Border Router (ABR)
# OSPF instance with unique router ID
/routing ospf instance add name=enterprise router-id=10.1.1.1 disabled=no \
comment="Enterprise OSPF"
# Backbone area (Area 0) - mandatory for multi-area OSPF
/routing ospf area add name=backbone area-id=0.0.0.0 instance=enterprise \
comment="OSPF backbone - connects all areas"
# Regular areas connected to backbone
/routing ospf area add name=sales area-id=0.0.0.1 instance=enterprise \
comment="Sales department area"
/routing ospf area add name=engineering area-id=0.0.0.2 instance=enterprise \
comment="Engineering department area"
# Interface assignments
# Backbone connections (core network)
/routing ospf interface-template add area=backbone interfaces=ether1,ether2 \
type=ptp cost=10 disabled=no comment="Backbone area interfaces"
# Sales area interfaces
/routing ospf interface-template add area=sales interfaces=ether3 \
type=broadcast cost=100 disabled=no comment="Sales area interface"
# Engineering area interfaces
/routing ospf interface-template add area=engineering interfaces=ether4 \
type=broadcast cost=100 disabled=no comment="Engineering area interface"
# Verify multi-area operation
/routing ospf area print
/routing ospf neighbor print
/routing ospf lsa print where type=summary # Inter-area routesAdvanced OSPF features
OSPF area types
Different area types for optimization:
# Standard area (default) - accepts all LSA types
/routing ospf area add name=standard area-id=0.0.0.10 instance=main \
type=default comment="Standard area - all LSA types"
# Stub area - blocks external LSAs, reduces routing table
/routing ospf area add name=branch-offices area-id=0.0.0.20 instance=main \
type=stub default-cost=100 comment="Stub area for branch offices"
# Totally stubby area - blocks external and summary LSAs
/routing ospf area add name=access-layer area-id=0.0.0.30 instance=main \
type=stub no-summaries=yes default-cost=50 \
comment="Totally stubby area for access layer"
# Not-So-Stubby Area (NSSA) - allows limited external routes
/routing ospf area add name=regional area-id=0.0.0.40 instance=main \
type=nssa default-cost=200 comment="NSSA for regional offices"
# Interface assignments for different area types
/routing ospf interface-template add area=branch-offices interfaces=ether5 \
type=broadcast disabled=no comment="Branch office stub area"
/routing ospf interface-template add area=access-layer interfaces=ether6 \
type=broadcast disabled=no comment="Access layer totally stubby"
# Verify area types and their effect on LSA database
/routing ospf area print detail
/routing ospf lsa print where area=branch-offices # Should show fewer LSAs
/routing ospf lsa print where area=access-layer # Should show minimal LSAsOSPF authentication
Secure OSPF communications:
# Area-wide authentication
/routing ospf area add name=secure-area area-id=0.0.1.0 instance=main \
auth-type=md5 comment="Area with MD5 authentication"
# Interface-specific authentication (overrides area setting)
/routing ospf interface-template add area=secure-area interfaces=ether3 \
type=ptp auth-type=md5 auth-key="SecureOSPFKey123!" auth-id=1 \
disabled=no comment="Secure OSPF interface"
# Simple password authentication (less secure)
/routing ospf interface-template add area=backbone interfaces=ether7 \
type=broadcast auth-type=simple auth-key="SimplePassword" \
disabled=no comment="Simple authentication interface"
# Verify authentication is working
/routing ospf neighbor print detail # Should show authenticated neighbors
/log print where topics~"ospf" and message~"auth" # Check for auth errorsOSPF route filtering and summarization
Control route advertisement and summarization:
# Route filtering for OSPF
# Filter specific networks from OSPF advertisement
/routing filter rule add chain=ospf-out action=discard \
prefix=192.168.100.0/24 comment="Block test network from OSPF"
# Allow only specific networks
/routing filter rule add chain=ospf-out action=accept \
prefix=10.0.0.0/8 prefix-length=8-24 comment="Allow corporate networks"
/routing filter rule add chain=ospf-out action=discard \
comment="Block all other networks"
# Route summarization at area borders
/routing ospf area add name=branch-summary area-id=0.0.2.0 instance=main \
area-range=192.168.0.0/16 advertise=yes comment="Summarize branch networks"
# Multiple summarization ranges for different network segments
/routing ospf area set branch-summary \
area-range=192.168.0.0/16,10.100.0.0/16 \
comment="Multiple summary ranges"
# External route summarization (for redistributed routes)
/routing ospf instance set main \
asbr-summary-lsa=yes comment="Enable ASBR summary LSAs"
# Verify summarization is working
/routing ospf lsa print where type=summary # Check summary LSAs
/ip route print where ospf=yes # Verify summarized routes are installedOSPF network types
Point-to-Point networks
Direct connections between two routers:
# Point-to-Point configuration (WAN links, dedicated connections)
/routing ospf interface-template add area=backbone interfaces=ether1 \
type=ptp cost=100 hello-interval=10s dead-interval=30s \
disabled=no comment="P2P WAN link"
# P2P characteristics:
# - No DR/BDR election needed
# - Faster convergence
# - Lower overhead
# - Suitable for WAN links
# Verify P2P operation
/routing ospf interface print where type=ptp
/routing ospf neighbor print # Should show P2P neighbors without DR electionBroadcast networks
Ethernet LANs with multiple routers:
# Broadcast network configuration (Ethernet LANs)
/routing ospf interface-template add area=backbone interfaces=bridge \
type=broadcast cost=10 priority=100 hello-interval=10s dead-interval=40s \
disabled=no comment="LAN broadcast network"
# Broadcast characteristics:
# - DR/BDR election for efficiency
# - Higher priority routers become DR
# - All routers form adjacency with DR/BDR
# - Reduces LSA flooding on multi-access networks
# Control DR election with priority
/routing ospf interface-template set [find interfaces=bridge] priority=200
# Priority 0 = never DR, higher values preferred for DR election
# Verify DR/BDR election
/routing ospf neighbor print # Check DR/BDR status
/routing ospf interface print detail # Show DR/BDR for each interfaceNBMA and Point-to-Multipoint
Non-broadcast networks (Frame Relay, etc.):
# NBMA (Non-Broadcast Multiple Access) configuration
/routing ospf interface-template add area=backbone interfaces=ether2 \
type=nbma cost=200 hello-interval=30s dead-interval=120s \
disabled=no comment="NBMA network (Frame Relay)"
# Manually configure NBMA neighbors (no broadcast capability)
/routing ospf nbma-neighbor add interface=ether2 address=10.1.1.2 \
priority=1 comment="NBMA neighbor 1"
/routing ospf nbma-neighbor add interface=ether2 address=10.1.1.3 \
priority=1 comment="NBMA neighbor 2"
# Point-to-Multipoint (alternative to NBMA)
/routing ospf interface-template add area=backbone interfaces=ether3 \
type=ptmp cost=150 hello-interval=30s dead-interval=120s \
disabled=no comment="Point-to-multipoint network"
# P2MP characteristics:
# - No DR/BDR election
# - Automatic neighbor discovery
# - More resilient than NBMA
# - Better for partial mesh topologiesOSPF performance tuning
Convergence optimization
Tune OSPF for faster convergence:
# Fast convergence tuning
# Reduce hello and dead intervals for faster failure detection
/routing ospf interface-template set [find area=backbone] \
hello-interval=1s \
dead-interval=3s \
retransmit-interval=1s \
comment="Fast convergence timers"
# Tune SPF calculation timers
/routing ospf area set backbone \
spf-delay=200ms \
spf-hold-time=1s \
spf-max-hold-time=5s \
comment="Fast SPF calculation"
# LSA generation throttling
/routing ospf area set backbone \
lsa-min-interval=1s \
comment="Reduce LSA generation delay"
# Enable BFD (Bidirectional Forwarding Detection) for sub-second detection
/routing ospf interface-template set [find area=backbone] \
bfd=yes comment="Enable BFD for fast failure detection"
# Configure BFD parameters
/routing bfd interface add interface=ether1 interval=100ms multiplier=3 \
comment="BFD for OSPF fast convergence"Scalability optimization
Configure OSPF for large-scale deployments:
# Scalability improvements
# Use area summarization to reduce routing table size
/routing ospf area set engineering \
area-range=10.20.0.0/16 advertise=yes \
comment="Summarize engineering networks"
# Implement stub areas to reduce LSA flooding
/routing ospf area set access-networks type=stub \
default-cost=100 comment="Stub area reduces LSA count"
# Tune LSA refresh and aging
/routing ospf area set backbone \
lsa-refresh-time=1800s \
lsa-max-age=3600s \
comment="Optimize LSA refresh timers"
# Control external route advertisement
/routing ospf instance set main \
redistribute=connected,static \
metric-default=20 \
metric-type=2 \
comment="Control external route redistribution"
# Use route filtering to limit route propagation
/routing filter rule add chain=ospf-out action=discard \
prefix=169.254.0.0/16 comment="Block link-local addresses"
/routing filter rule add chain=ospf-out action=discard \
prefix=0.0.0.0/0 prefix-length=0-7 comment="Block too-general prefixes"OSPF monitoring and troubleshooting
Monitoring OSPF health
Track OSPF performance and status:
# Basic OSPF monitoring
/routing ospf neighbor print # Neighbor states and timers
/routing ospf interface print # Interface status and costs
/routing ospf area print # Area information and LSA counts
/routing ospf lsa print # LSA database contents
# Detailed neighbor information
/routing ospf neighbor print detail # Full neighbor details
/routing ospf neighbor monitor [find router-id=2.2.2.2] # Monitor specific neighbor
# LSA database analysis
/routing ospf lsa print where type=router # Router LSAs (topology)
/routing ospf lsa print where type=network # Network LSAs (broadcast segments)
/routing ospf lsa print where type=summary # Summary LSAs (inter-area routes)
/routing ospf lsa print where type=external # External LSAs (redistributed routes)
# Route table verification
/ip route print where ospf=yes # All OSPF routes
/ip route print where ospf=yes and distance=110 # Standard OSPF routes
/ip route print stats where ospf=yes # Route usage statistics
# Interface statistics
/routing ospf interface print stats # OSPF packet counters
/interface print stats where name~"ether" # Physical interface statsTroubleshooting procedures
Systematic OSPF troubleshooting approach:
# Step 1: Check basic connectivity
/ping neighbor-ip count=5 # Test IP connectivity to neighbors
# Step 2: Verify OSPF configuration
/routing ospf instance print detail # Instance configuration
/routing ospf area print detail # Area configuration and ranges
/routing ospf interface print detail # Interface parameters
# Step 3: Check neighbor establishment
/routing ospf neighbor print detail
# Neighbor states: Down -> Init -> 2-Way -> ExStart -> Exchange -> Loading -> Full
# Stuck states indicate specific problems
# Step 4: Examine LSA database synchronization
/routing ospf lsa print where area=backbone count-only # LSA count per area
/routing ospf lsa print where router-id=problem-router # LSAs from specific router
# Step 5: Check route installation
/ip route print where ospf=yes and dst-address~"problem-network"
# Step 6: Monitor OSPF logs
/log print where topics~"ospf" # OSPF-related log messages
/system logging add topics=ospf action=memory # Enable OSPF logging
# Common problems and solutions:
# 1. Neighbor stuck in Init state - Check area ID match
# 2. Neighbor stuck in 2-Way state - Check DR election process
# 3. Neighbor stuck in ExStart - Check authentication
# 4. Missing routes - Check area types and filtering
# 5. Slow convergence - Check timers and BFD configuration
# OSPF diagnostic script
:local checkArea "backbone";
:local expectedNeighbors 3;
/log info ("OSPF Diagnostic for area: " . $checkArea);
# Check area configuration
:local areaConfig [/routing ospf area find name=$checkArea];
:if ([:len $areaConfig] > 0) do={
:local areaInfo [/routing ospf area get $areaConfig];
/log info ("Area " . $checkArea . " type: " . ($areaInfo->"type"));
} else={
/log error ("Area " . $checkArea . " not configured");
};
# Check neighbor states
:local neighbors [/routing ospf neighbor find area=$checkArea];
:local fullNeighbors 0;
:foreach neighbor in=$neighbors do={
:local neighborInfo [/routing ospf neighbor get $neighbor];
:local state ($neighborInfo->"state");
:local routerId ($neighborInfo->"router-id");
/log info ("Neighbor " . $routerId . " state: " . $state);
:if ($state = "Full") do={
:set fullNeighbors ($fullNeighbors + 1);
};
};
/log info ("Full neighbors: " . $fullNeighbors . "/" . [:len $neighbors] . " (expected: " . $expectedNeighbors . ")");
# Check LSA database health
:local lsaCount [/routing ospf lsa print count-only where area=$checkArea];
/log info ("LSA count in " . $checkArea . ": " . $lsaCount);
# Check route installation
:local ospfRoutes [/ip route print count-only where ospf=yes];
/log info ("OSPF routes installed: " . $ospfRoutes);OSPF design best practices
Network design principles
Hierarchical design - Always use Area 0 as backbone, connect other areas to it
Area sizing - Keep areas under 50 routers for optimal performance
Router ID planning - Use loopback addresses or planned IDs for stability
Cost planning - Design consistent cost metrics for predictable paths
Redundancy design - Multiple ABRs between areas for resilience
Configuration guidelines
Authentication - Always enable OSPF authentication in production
Timer consistency - Ensure consistent hello/dead intervals per network
Area types - Use stub areas to reduce routing overhead where appropriate
Summarization - Implement route summarization at area boundaries
Filtering - Control route advertisement with appropriate filters
Operational practices
Monitor actively - Track neighbor states and convergence times
Document topology - Maintain current network diagrams and area designs
Test changes - Verify OSPF behavior after configuration changes
Capacity planning - Monitor LSA database growth and CPU utilization
Backup configuration - Regular backups of OSPF configuration
Complete OSPF examples
Enterprise campus network
# Complete enterprise OSPF deployment
# Multi-area design with backbone, distribution, and access areas
# Main OSPF instance
/routing ospf instance add name=campus router-id=1.1.1.1 disabled=no \
redistribute=connected metric-default=20 comment="Campus OSPF"
# Area hierarchy
# Backbone area (Area 0) - Core network
/routing ospf area add name=backbone area-id=0.0.0.0 instance=campus \
comment="Campus backbone - core switches"
# Distribution areas - Building/department networks
/routing ospf area add name=admin-building area-id=0.0.0.1 instance=campus \
area-range=10.10.0.0/16 advertise=yes comment="Administration building"
/routing ospf area add name=engineering area-id=0.0.0.2 instance=campus \
area-range=10.20.0.0/16 advertise=yes comment="Engineering building"
/routing ospf area add name=manufacturing area-id=0.0.0.3 instance=campus \
type=stub default-cost=100 comment="Manufacturing - stub area"
# Access areas - Floor/subnet networks
/routing ospf area add name=student-access area-id=0.0.1.0 instance=campus \
type=stub default-cost=50 comment="Student access - stub area"
# Interface assignments
# Backbone interfaces (core network)
/routing ospf interface-template add area=backbone interfaces=ether1,ether2 \
type=ptp cost=10 hello-interval=5s dead-interval=15s \
auth-type=md5 auth-key="CampusOSPF2024!" auth-id=1 \
disabled=no comment="Backbone core links"
# Distribution interfaces
/routing ospf interface-template add area=admin-building interfaces=ether3 \
type=broadcast cost=100 priority=200 \
auth-type=md5 auth-key="CampusOSPF2024!" auth-id=1 \
disabled=no comment="Admin building distribution"
/routing ospf interface-template add area=engineering interfaces=ether4 \
type=broadcast cost=100 priority=150 \
auth-type=md5 auth-key="CampusOSPF2024!" auth-id=1 \
disabled=no comment="Engineering distribution"
# Access interfaces (stub areas)
/routing ospf interface-template add area=manufacturing interfaces=ether5 \
type=broadcast cost=1000 \
auth-type=md5 auth-key="CampusOSPF2024!" auth-id=1 \
disabled=no comment="Manufacturing access"
/routing ospf interface-template add area=student-access interfaces=ether6 \
type=broadcast cost=1000 \
auth-type=md5 auth-key="CampusOSPF2024!" auth-id=1 \
disabled=no comment="Student access"
# Route filtering for security and efficiency
/routing filter rule add chain=ospf-out action=discard \
prefix=169.254.0.0/16 comment="Block APIPA addresses"
/routing filter rule add chain=ospf-out action=discard \
prefix=224.0.0.0/4 comment="Block multicast addresses"
/routing filter rule add chain=ospf-in action=discard \
prefix=0.0.0.0/0 prefix-length=0-7 comment="Block too-general prefixes"
# External route redistribution (for internet access)
/routing filter rule add chain=ospf-out action=accept \
prefix=0.0.0.0/0 set-distance=1 comment="Advertise default route"
# QoS integration - prioritize OSPF traffic
/ip firewall mangle add chain=prerouting protocol=ospf \
action=set-priority new-priority=2 comment="Prioritize OSPF packets"
# BFD for fast convergence on critical links
/routing bfd interface add interface=ether1,ether2 interval=200ms \
multiplier=3 comment="BFD for backbone links"
/routing ospf interface-template set [find area=backbone] bfd=yes
# Monitoring and health checks
/tool netwatch add host=1.1.1.2 timeout=1s interval=5s \
comment="Monitor backbone peer"
/tool netwatch add host=10.10.1.1 timeout=2s interval=10s \
comment="Monitor admin building"
# Logging configuration
/system logging add topics=ospf,bfd action=memory
# Verification and monitoring commands
/routing ospf neighbor print # Check all neighbor relationships
/routing ospf area print # Verify area configuration
/routing ospf lsa print count-only # Monitor LSA database size
/ip route print where ospf=yes # Verify route installation
/routing ospf interface print stats # Monitor OSPF packet counters
# Performance monitoring script
:local areas {"backbone"; "admin-building"; "engineering"; "manufacturing"; "student-access"};
:foreach area in=$areas do={
:local neighborCount [/routing ospf neighbor print count-only where area=$area];
:local fullNeighbors [/routing ospf neighbor print count-only where area=$area and state="Full"];
:local lsaCount [/routing ospf lsa print count-only where area=$area];
/log info ("Area " . $area . ": " . $fullNeighbors . "/" . $neighborCount . " neighbors Full, " . $lsaCount . " LSAs");
};Last updated
Was this helpful?