OSPF Single-Area

Mental model

OSPF doesn’t work like RIP. RIP routers gossip — “hey, I can reach 10.1.1.0/24 in 3 hops” — and trust each other without context. That’s why RIP converges slowly and routing loops can form.

OSPF is the opposite. Every router builds a complete map of the network in memory (the link-state database, or LSDB). Then each router independently runs Dijkstra’s shortest-path-first (SPF) algorithm on its copy of the map and figures out the best path to every destination on its own.

Three consequences:

1. All routers agree on what the network looks like (after convergence). No more inconsistency.
2. Convergence is fast — something changes, the change gets flooded, every router runs SPF, done. Seconds, not minutes.
3. Memory and CPU heavier than distance-vector. Big networks split into areas to keep SPF cheap.

Single-area OSPF is the simple case: one area (almost always area 0), every router in it.

The four things every OSPF router does

1. Find neighbors — Send Hello packets on every OSPF-enabled interface. Other routers respond. If the four matching criteria align (see below), become neighbors.
2. Build the LSDB — Exchange Link-State Advertisements (LSAs) with neighbors until both have identical databases of every router, every link, and every cost in the area.
3. Run SPF — Locally, compute the shortest path tree from this router as root to every destination. Output: routing table entries.
4. Re-flood and re-run on change — When any link changes, the router that owns the change floods a new LSA, every router updates its LSDB, every router re-runs SPF. New routing table in seconds.

That’s the entire protocol. Everything below is detail.

The four neighbor-matching criteria

For two OSPF routers to form an adjacency, all four must match:

1. Area ID — both interfaces must be in the same area.
2. Hello timer + Dead timer — must be identical (defaults: 10s hello / 40s dead on broadcast; 30s/120s on NBMA).
3. Subnet mask on the connected interface — /24 on one side and /30 on the other will never adjacent.
4. Authentication — if used, type + key must match. (Plain text or MD5 or HMAC-SHA.)

Additional gotcha: MTU must match for full adjacency. If MTUs differ, neighbors get stuck in EXSTART/EXCHANGE forever — Hellos succeed but DBD (Database Descriptor) packets fail.

Memorize these five. ~95% of OSPF debug calls boil down to one of them.

The seven neighbor states

Down  →  Init  →  2-Way  →  ExStart  →  Exchange  →  Loading  →  FULL

State	What’s happening
Down	No Hellos seen yet
Init	Heard a Hello but the neighbor doesn’t list us yet
2-Way	Bidirectional Hellos. Election of DR/BDR happens here (broadcast only). Non-DR/non-BDR pairs stay at 2-Way forever — this is normal.
ExStart	Master/slave election for DBD exchange. Stuck here = MTU mismatch.
Exchange	DBD packets summarizing the LSDB are exchanged
Loading	Requesting individual LSAs the other side has that we don’t
FULL	LSDB synchronized. Routes appear. ✓

For CCNA: recognize 2-Way as “normal between non-DR/BDR pairs on Ethernet” and recognize FULL as the goal. Recognize ExStart/Exchange stuck = MTU.

OSPF packet types (the five)

Hello is the famous one. There are actually five:

#	Type	Purpose
1	Hello	Discover + maintain neighbors. Every 10s on broadcast.
2	DBD (Database Descriptor)	Summary of LSDB during sync
3	LSR (Link-State Request)	“Give me this specific LSA”
4	LSU (Link-State Update)	The actual LSA payload
5	LSAck	”Got it” — reliable LSA delivery

OSPF runs directly over IP (protocol number 89), not TCP/UDP. It implements its own reliability via LSAck.

LSA types — what’s in the LSDB

The LSDB is a collection of LSAs (Link-State Advertisements). Different LSA types describe different things:

Type	Name	What it describes	Scope
1	Router LSA	This router + its links + costs	Area
2	Network LSA	A broadcast segment (e.g., Ethernet with DR) + attached routers	Area
3	Summary LSA	A prefix from another area	Inter-area (multi-area only)
4	ASBR Summary	Location of an ASBR	Inter-area (multi-area only)
5	External LSA	A prefix redistributed from another routing protocol	Domain-wide
7	NSSA External	External LSA inside an NSSA area	NSSA only

For single-area OSPF, you’ll see types 1, 2, and 5 (if redistribution exists). Types 3, 4, 7 are multi-area concerns covered in OSPF Multi-Area.

Router ID — the OSPF identity

Every OSPF router has a 32-bit Router ID (RID) that identifies it in the protocol. By default:

1. The highest IP on any active loopback interface, or
2. If no loopback, the highest IP on any active interface.

Always set it explicitly:

R1(config)# router ospf 1
R1(config-router)# router-id 1.1.1.1

The number after router ospf is the process ID — locally significant only, doesn’t have to match across routers. The Router ID does need to be unique across the OSPF domain.

If you don’t set RID and let it auto-pick, then later add a loopback with a higher IP, the RID changes — which restarts every adjacency, briefly black-holing traffic. Don’t leave RID to chance.

DR and BDR — only matter on broadcast networks

On a multi-access broadcast segment (Ethernet with 5 OSPF routers attached), having every router fully adjacent with every other router = O(N²) adjacencies, which doesn’t scale.

OSPF’s solution: elect a Designated Router (DR) and Backup DR (BDR) per segment. Every other router only forms a full adjacency with the DR/BDR. The DR floods LSAs to everyone on the segment.

Election rules

1. Highest OSPF priority wins (default 1; setting priority 0 removes the router from election entirely).
2. Tiebreaker: highest Router ID wins.
3. No preemption — once a DR is elected, a new router showing up does not unseat it. To force a new election, restart OSPF on the segment.

R1(config-if)# ip ospf priority 100        ! make this router a strong DR candidate
R1(config-if)# ip ospf priority 0          ! remove from election entirely

DR/BDR matters less in modern designs because most inter-router OSPF links are point-to-point (no election needed — both routers are simply adjacent). On point-to-point links there’s no DR.

Cost — how OSPF picks the best path

OSPF’s metric is cost, derived from interface bandwidth:

cost = reference-bandwidth / interface-bandwidth

The defaults are bad in 2026:

Reference (Mbps)	100 Mbps link	1 Gbps link	10 Gbps link	100 Gbps link
100 (default)	1	1 (truncated)	1 (truncated)	1 (truncated)
100,000 (recommended)	1,000	100	10	1

Default reference of 100 Mbps was a 1990s choice. With every interface ≥1 Gbps in modern networks, they all get cost 1 — and OSPF can’t distinguish them.

Fix: raise the reference-bandwidth on every router in the OSPF domain.

R1(config-router)# auto-cost reference-bandwidth 100000

(Units: Mbps. 100,000 Mbps = 100 Gbps reference.) Do this on every OSPF router consistently.

You can also override per-interface:

R1(config-if)# ip ospf cost 50

Useful for traffic engineering when you want to discourage a specific path without lowering the bandwidth.

Configuration — the two ways

Network statement (classic)

R1(config)# router ospf 1
R1(config-router)# router-id 1.1.1.1
R1(config-router)# network 10.0.12.0 0.0.0.3 area 0
R1(config-router)# network 192.168.1.0 0.0.0.255 area 0
R1(config-router)# passive-interface default
R1(config-router)# no passive-interface GigabitEthernet0/0
R1(config-router)# auto-cost reference-bandwidth 100000

• Wildcard mask in network is the inverse of subnet mask. 0.0.0.3 = /30. 0.0.0.255 = /24.
• passive-interface default is the magic command. By default OSPF tries to form neighbors on every interface where a network matches — including user-facing ports. That’s a security risk: an attacker on the LAN can send OSPF Hellos and inject routes. passive-interface default makes everything passive, then you explicitly un-passive the ones that should peer.

Per-interface configuration (modern)

R1(config)# router ospf 1
R1(config-router)# router-id 1.1.1.1
R1(config-router)# passive-interface default
R1(config-router)# auto-cost reference-bandwidth 100000

R1(config)# interface GigabitEthernet0/0
R1(config-if)# ip ospf 1 area 0

R1(config)# interface Loopback0
R1(config-if)# ip ospf 1 area 0

No network statements at all. Just enable OSPF on the interfaces you want included, with the area baked in. Cleaner and harder to misconfigure.

Both styles work. Modern operational discipline tends toward per-interface.

Authentication — keep rogue routers out

By default OSPF accepts Hellos from anyone speaking the protocol. An attacker on your network can inject Hellos with crafted LSAs that redirect traffic.

Three flavors of authentication (in increasing strength):

! Plain text (avoid in production)
R1(config-if)# ip ospf authentication
R1(config-if)# ip ospf authentication-key MyKey

! MD5 (acceptable on internal networks)
R1(config-if)# ip ospf authentication message-digest
R1(config-if)# ip ospf message-digest-key 1 md5 MyKey

! HMAC-SHA256 (best, modern IOS-XE)
R1(config-if)# ip ospf authentication key-chain OSPF-CHAIN
R1(config)# key chain OSPF-CHAIN
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string MySecret
R1(config-keychain-key)# cryptographic-algorithm hmac-sha-256

In 2026 production: HMAC-SHA256 on every OSPF-enabled inter-router link. MD5 only if your platform doesn’t support SHA.

Route summarization in single-area

In single-area OSPF, summarization is limited — you can only summarize at the boundary between OSPF and another routing source (i.e., on an ASBR):

R1(config-router)# summary-address 10.1.0.0 255.255.240.0

This is rare in single-area deployments. The big summarization wins come from multi-area OSPF where ABRs summarize between areas. See Route Summarization and OSPF Multi-Area.

Verification — the four commands

R1# show ip ospf neighbor
R1# show ip ospf interface brief
R1# show ip route ospf
R1# show ip protocols

Command	What it tells you
show ip ospf neighbor	Adjacencies + their state. Daily-driver. Want FULL on every neighbor.
show ip ospf interface brief	Which interfaces participate, area, cost, neighbors
show ip route ospf	OSPF-learned routes in the RIB
show ip protocols	Process summary — passive interfaces, networks, reference bandwidth, RID

Deeper diagnostics:

R1# show ip ospf database
R1# show ip ospf neighbor detail
R1# show ip ospf interface Gi0/0
R1# debug ip ospf adj          ! careful in production — high volume
R1# debug ip ospf events

Hello + Dead timer interaction — the rare exam trap

Default values:

• Broadcast networks (Ethernet): Hello 10s, Dead 40s (= 4× Hello)
• NBMA networks (Frame Relay, ATM): Hello 30s, Dead 120s

These must match on both ends. If you change Hello on one router, change Dead too — the 4× ratio is convention, not a rule, but mismatched timers between routers prevent adjacency.

R1(config-if)# ip ospf hello-interval 5
R1(config-if)# ip ospf dead-interval 20

You won’t typically tune these in CCNA-scope networks. They appear on the exam to test whether you know that mismatched timers = no adjacency.

Network types in OSPF

OSPF assigns each interface a network type, which affects DR election and timers:

Network type	DR/BDR?	Default Hello/Dead	Default on
Broadcast	Yes	10s / 40s	Ethernet
Point-to-Point	No	10s / 40s	Serial (HDLC/PPP), GRE tunnels
Point-to-Multipoint	No	30s / 120s	Multipoint over NBMA
NBMA	Yes	30s / 120s	Frame Relay multipoint

You can override:

R1(config-if)# ip ospf network point-to-point

Useful when you have an Ethernet between exactly two OSPF routers — there’s no benefit to DR election. Setting both ends to point-to-point skips election and gets adjacency faster.

The single-area scaling ceiling

Why do networks eventually split into multiple areas?

• LSDB size — every router holds every LSA in the area. Past ~50 routers the LSDB becomes large enough to slow SPF and consume RAM.
• SPF cost — Dijkstra is roughly O(N log N) on N nodes. Doubles routers = roughly double SPF time on each.
• Flood scope — a single link flap floods an LSA to every router in the area. The bigger the area, the more CPU spent on each flap.

Multi-area OSPF solves this by limiting LSDB scope to the area and only sharing summarized info across area boundaries. See OSPF Multi-Area (CCNP-level topic).

For single-area: you’re good up to ~50 routers in practice. Beyond that, plan multi-area.

Common mistakes

1. Mismatched Hello/Dead timers — most common cause of “no neighbor” calls. Run show ip ospf interface on both ends; compare the values.

2. Mismatched MTU — stuck in ExStart/Exchange. show ip ospf interface | i MTU on both sides.

3. Wildcard mask in network statements — 0.0.0.255 matches /24, not 255.255.255.0. Inverse of subnet mask. Get this wrong and OSPF silently doesn’t enable on the interface you expected.

4. Forgetting passive-interface default — OSPF tries to form neighbors on every LAN interface, including user-facing ones. Security risk. Always default to passive and opt-in.

5. Letting Router ID auto-pick — adding a loopback later changes RID, which restarts every adjacency. Always hardcode RID.

6. Default reference-bandwidth = 100 Mbps — every modern interface gets cost 1. OSPF can’t distinguish gigabit from 100 Mbps. Always bump to 100,000 (= 100 Gbps reference) on every router in the domain.

7. Mixing process IDs and forgetting they’re locally significant — router ospf 1 on R1 and router ospf 99 on R2 work fine as long as their interfaces match on the other four criteria. Process ID does NOT need to match across routers.

8. Forgetting that DR/BDR has no preemption — adding a new “preferred” router doesn’t displace the current DR. Either configure priority before connecting, or accept the existing election.

9. Authentication mismatch — one side has it, the other doesn’t, or wrong key. Silent failure.

10. Trying to summarize in single-area without an ASBR — area X range only works on an ABR. In single-area, you only have one area; no ABRs exist.

Worked scenarios

---

Scenario 1. R1 and R2 are directly connected via Ethernet. R1 has Hello 10s/Dead 40s. R2 has Hello 5s/Dead 20s. Both in area 0. Both have unique RIDs. Do they form an adjacency?

Answer: No. Timers must match. They’ll exchange Hellos but never reach 2-Way. Fix: align timers on both sides.

---

Scenario 2. R1 (Gi0/0 = 10.0.0.1/30, area 0) is connected to R2 (Gi0/0 = 10.0.0.2/30, area 1). Will they form an adjacency?

Answer: No. Different areas. Even though same subnet/mask/timers, area mismatch fails the four-criteria test.

---

Scenario 3. R1, R2, R3 share an Ethernet segment. All in area 0. All have priority 0. What happens?

Answer: All three are priority 0 → none eligible for DR election → no DR/BDR is elected → adjacencies stuck in 2-Way → routes never appear. Fix: set at least one router to priority > 0.

---

Scenario 4. R1 has a Loopback 1.1.1.1/32 you want to advertise in OSPF. You configure network 1.1.1.1 0.0.0.0 area 0. Will it advertise the /32?

Answer: Yes — but it advertises as a /32 host route by default. To advertise the actual loopback’s mask (still /32 here), change the OSPF network type on the loopback to point-to-point:

R1(config-if)# ip ospf network point-to-point

(For loopbacks of mask /24 or larger this matters more — without point-to-point, OSPF advertises the loopback as /32 regardless of configured mask.)

---

Scenario 5. Two routers are stuck in ExStart. RID, area, timers, mask all match. What’s the most likely cause?

Answer: MTU mismatch. Run show ip ospf interface | i MTU on both sides. The DBD packet’s MTU field has to match.

---

Scenario 6. R1 sees a route via OSPF cost 3. R2 advertises the same route via EIGRP. Which wins?

Answer: EIGRP. Administrative Distance (AD) ranks routing sources before metric. EIGRP AD = 90; OSPF AD = 110. Lower AD wins → EIGRP is preferred regardless of metric values. See Routing Decision Process.

---

Scenario 7. You want to make sure OSPF Hellos never reach the user-facing VLAN gateway interface. How?

Answer:

R1(config-router)# passive-interface Vlan10

Or set passive-default and explicitly un-passive only the interfaces you trust:

R1(config-router)# passive-interface default
R1(config-router)# no passive-interface Gi0/0    ! only inter-router link

The interface is still advertised in OSPF but doesn’t send Hellos.

---

Scenario 8. You raised reference-bandwidth to 100,000 on R1 but not R2. Symptoms?

Answer: Both routers continue forming adjacencies (reference-bandwidth doesn’t affect Hello matching). But they disagree on costs. Each computes SPF locally with its own cost view — so R1 picks one path, R2 picks another. Asymmetric routing results. Fix: align reference-bandwidth on every router in the domain.

Lab to try tonight

1. Triangle topology — three routers (R1, R2, R3) connected in a full triangle. Each has a loopback (1.1.1.1, 2.2.2.2, 3.3.3.3).
2. Enable OSPF on all three with area 0. Hardcode router IDs to the loopbacks. Enable passive-interface default, then un-passive the inter-router interfaces.
3. Bump reference-bandwidth to 100,000 on all three.
4. Verify neighbors — show ip ospf neighbor on each. You should see two FULL neighbors per router.
5. Verify routes — show ip route ospf — you should see the loopbacks of the other two routers learned via OSPF.
6. Test convergence — shutdown one inter-router link. Time how long until traffic re-routes (should be 1–5 seconds). no shutdown and verify reconvergence.
7. Cost tuning — ip ospf cost 50 on one link. Verify the path selection changes with show ip route ospf.
8. Authentication — enable HMAC-SHA-256 on R1↔R2 only. Watch the adjacency drop until R2 also has it. Restore.
9. MTU trap — change MTU on one interface (mtu 1400). Watch neighbors stick in ExStart. Restore.
10. Bonus: priority tuning — convert R1↔R2 to a broadcast Ethernet segment with a 3rd router on the same segment. Force R1 to be DR via ip ospf priority 200. Verify with show ip ospf interface.

Cheat strip

Concept	Plain English
Link-state	Every router learns the whole map, then runs SPF locally
LSDB	The map — collection of LSAs
SPF / Dijkstra	The algorithm each router runs on its LSDB to compute paths
Area 0	The backbone. Single-area = everyone is here.
Router ID	Unique 32-bit ID per router. Always hardcode it.
Process ID	Locally significant only — does NOT need to match across routers
Hello / Dead timers	10/40 broadcast, 30/120 NBMA. Must match between neighbors.
Wildcard mask	Inverse of subnet mask. Used in network statements
passive-interface default	Security best practice — opt-in to OSPF peering per interface
Four matching criteria	Area · timers · mask · authentication. MTU also for FULL adjacency
Seven states	Down → Init → 2-Way → ExStart → Exchange → Loading → FULL
2-Way is normal	Between non-DR/non-BDR pairs on Ethernet
Stuck in ExStart	MTU mismatch — fix on both sides
DR / BDR	Only on broadcast networks. Priority 0 = ineligible. No preemption.
Cost = bw_ref / bw_iface	Default ref = 100 Mbps (bad). Bump to 100,000 on every router
AD	OSPF AD = 110. Lower AD wins against other sources
LSA types in single-area	Type 1 (Router), Type 2 (Network), Type 5 (External if redistribution)
Authentication	HMAC-SHA-256 in 2026 production; MD5 acceptable on internal; never plaintext
Scaling ceiling	~50 routers per area before SPF cost forces multi-area design