OSPF Packets and Neighbor Discovery

In this lesson I’m going to show you the different packets OSPF uses and how neighbor discovery works.

OSPF Header

OSPF uses its own protocol like EIGRP and doesn’t use a transport protocol like TCP or UDP. If you would look at the IP packet in wireshark you can see that OSPF has protocol ID 89 for all its packets.

R2#debug ip ospf packet 
OSPF packet debugging is on
OSPF: rcv. v:2 t:1 l:48 rid:
      aid: chk:4D40 aut:0 auk: from FastEthernet0/0

If we use debug ip ospf packet we can look at the OSPF packet on our router. Let’s look at the different fields we have:

  • V:2 stands for OSPF version 2. If you are running IPv6 you’ll version 3.
  • T:1 stands for OSPF packet number 1 which is a hello packet. I’m going to show you the different packets in a bit.
  • L:48 is the packet length in bytes. This hello packet seems to be 48 bytes.
  • RID is the Router ID.
  • AID is the area ID in dotted decimal. You can write the area in decimal (area 0) or dotted decimal (area
  • CHK 4D40 is the checksum of this OSPF packet so we can check if the packet is corrupt or not.
  • AUT:0 is the authentication type. You have 3 options:
    • 0 = no authentication
    • 1 = clear text
    • 2 = MD5
    • AUK: If you enable authentication you’ll see some information here.

Let’s continue by looking at the different OSPF packet types:

OSPF Packets

I’m throwing them right at you; here are all the OSPF packet types we have. In my debug ip ospf packet at the previous page you could see T:1 which stands for packet type 1. Here you see that it corresponds to an OSPF hello packet. What is the role of each OSPF packet?

  • Hello: neighbor discovery, build neighbor adjacencies and maintain them.
  • DBD: This packet is used to check if the LSDB between 2 routers is the same. The DBD is a summary of the LSDB.
  • LSR: Requests specific link-state records from an OSPF neighbor.
  • LSU: Sends specific link-state records that were requested. This packet is like an envelope with multiple LSAs in it.
  • LSAck: OSPF is a reliable protocol so we have a packet to acknowledge the others.

OSPF has to get through 7 states in order to become neighbors…here they are:

  1. Down: no OSPF neighbors detected at this moment.
  2. Init: Hello packet received.
  3. Two-way: own router ID found in received hello packet.
  4. Exstart: master and slave roles determined.
  5. Exchange: database description packets (DBD) are sent.
  6. Loading: exchange of LSRs (Link state request) and LSUs (Link state update) packets.
  7. Full: OSPF routers now have an adjacency.

Let’s have a detailed look at this process! You can also see it in this packet capture:

OSPF Neighbor Adjacency – Network Type Broadcast

router r1 r2

This is the topology I’m using. R1 and R2 are connected using a single link and we will see how R1 learns about the /24 network.

ospf down state

As soon as I configure OSPF on R1 it will start sending hello packets. R1 has no clue about other OSPF routers at this moment so it’s in the down state. The hello packet will be sent to the multicast address

ospf init state

R2 receives the hello packet and will put an entry for R1 in the OSPF neighbor table. We are now in the init state.

ospf two way state

R2 has to respond to R1 with a hello packet. This packet is not sent using multicast but with unicast and in the neighbor field it will include all OSPF neighbors that R2 has. R1 will see its own name in the neighbor field in this hello packet.

R1 will receive this hello packet and sees its own router ID. We are now in the two-way state.

I have to take a pause here. If the link we are using is a multi-access network OSPF has to elect a DR (Designated Router) and BDR (Backup Designated Router). This has to happen before we can continue with the rest of the process. In another lesson I’m going to teach you DR/BDR…for now just hold the thought that the DR/BDR election happens right after the two-way state ok?

ospf exstart state

Our next stop is the exstart state. Our routers are ready to sync their LSDB. At this step we have to select a master and slave role. The router with the highest router ID will become the master. R2 has the highest router ID and will become the master.

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 731 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

511 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,

Forum Replies

  1. Kishor,
    I assume you mean the “ExStart” or “Exchange” state, so I will write about those. If OSPF is having an authentication problem, you will not see the routers stuck in ExStart or Exchange. In fact, you won’t see anything at all. The output for “show ip ospf neighbors” will just be blank (if a neighbor relationship hadn’t already formed). If a neighbor relationship already formed, and then an authentication problem is introduced, the neighbors will just drop once the dead interval is reached. The reason, in both cases, is because if there is an authent

    ... Continue reading in our forum

  2. Below is my scenario with 2 Routers and each router configured with 3 loopback interface and two Fast Ethernet interfaces are up.
    (Router A - loopback networks:,, and Fast Ethernet 0/1 and Fast Ethernet 0/0

     (	     (
        Router A  			Router B
            ----------Down staste----------
    	----------init staste----------
    	----------two-way staste-------
    	----------extart staste--------

    After master Slave negotiation, Router A considered as Slave and send below DBD packet wi

    ... Continue reading in our forum

  3. Hello sim!

    Concerning your question “Why R1 again sending an hello packet to multicast (sequence no 3 )”

    I assume you’re talking about the cloudshark capture that Rene posted on this thread on November 8 2015. Just for reference, the cloudshark output can be found here: https://www.cloudshark.org/captures/111cb2076caa

    If you’ll notice, R1 has an IP address of Sequence number 1 shows that R1 sent a hello packet, and sequence number 3 shows another hello packet from R1. Notice the time difference of 9.8 seconds. Remember that the defa

    ... Continue reading in our forum

  4. I had a question on this forum post. I was curious at what level you learn of this such as CCNP TSHOOT? or if this is not something you pick up any regular cisco training but from trouble shooting experience in real word. I think its great piece of information though especially for multi vendor companies such as mine that might have Brocade and Cisco and the possibility of different MTU`s

    andrewAndrew P

    Aug '16

    I assume you mean the “ExStart” or “Exchange” state, so I will write about those. If OSPF is having an authentication problem, you wil

    ... Continue reading in our forum

  5. Hello Alil,
    Attempt state is only valid on nonbrodcast networks, where it indicates that hello packet was sent towards specific nehighbor, but router still havent received any hello from the specific neighbor. You can lab this using GNS3 by telling OSPF to threat Ethernet interface as Non-Broadcast and specify neighbor with ip address in same subnet.
    Imagine following scenario with one switch and one router. The switch is there only to allow interface g0/0 on R1 to be in up/up state. There are not any other routers connected to the switch.


    ... Continue reading in our forum

88 more replies! Ask a question or join the discussion by visiting our Community Forum