OSPF LSAs and LSDB flooding Tutorial

How exactly does OSPF fill the LSDB? Let’s zoom in on the operation of how OSPF keeps its link-state database up-to-date:

Each LSA has an aging timer that carries the link-state age field. By default, each OSPF LSA is only valid for 30 minutes. If the LSA expires then the router that created the LSA will resend the LSA and increase the sequence number.

Let’s walk through this flowchart together. In this example, a new LSA is arriving at the router, and OSPF has to decide what to do with it:

1. If the LSA isn’t already in the LSDB it will be added, and an LSAck (acknowledgment) will be sent to the OSPF neighbor. The LSA will be flooded to all other OSPF neighbors, and we have to run SPF to update our routing table.
2. If the LSA is already in the LSDB and the sequence number is the same, then we will ignore the LSA.
3. If the LSA is already in the LSDB and the sequence number is different, then we have to take action:
   1. If the sequence number is higher it means this information is newer and we have to add it to our LSDB.
   2. If the sequence number is lower it means our OSPF neighbor has an old LSA and we should help them. We will send a LSU (Link state update) including the newer LSA to our OSPF neighbor. The LSU is an envelope that can carry multiple LSAs in it.

It’s not just the sequence number that OSPF looks at to determine if an LSA is more recent. OSPF compares three fields, but it does not weigh them equally — it checks them in order and stops at the first one that differs:

1. Sequence number: the LSA with the higher sequence number is more recent. The comparison stops here.
2. Checksum: only if the sequence numbers are equal, the LSA with the higher (unsigned) checksum is considered more recent.
3. LS Age: only if both the sequence number and checksum are equal:
   • An LSA with an age of MaxAge (3600 seconds) is considered more recent than one that isn’t. This is how OSPF flushes an LSA from the topology.
   • Otherwise, if the two ages differ by more than 15 minutes (MaxAgeDiff), the LSA with the smaller (younger) age is more recent.
   • If none of the above apply, the two LSAs are considered identical (a duplicate), and OSPF treats them the same.

This answers a common question: “what if an LSA has a higher sequence number but the checksum and age are the same?” Because the sequence number is checked first, a higher sequence number alone makes the LSA more recent — the checksum and age are never even consulted. The checksum and age only act as tie-breakers when the field above them is equal. In practice you almost never see two LSAs with the same sequence number but different content, because any change to an LSA’s content causes the originating router to increment the sequence number (and the checksum changes along with it). We’ll see this for ourselves in a moment.

What do the sequence numbers look like for OSPF LSAs?

• There are 4 bytes or 32 bits.
• Begins with 0x80000001 and ends at 0x7FFFFFFF.
• Every 30 minutes, each LSA will age out and will be flooded:
  • The sequence number will increment by one.

With 32 bits, we have a LOT of sequence numbers, and every 30 minutes, it will increase. If we reach the last sequence number 0x7FFFFFFF, it will wrap around and start again at 0x80000001. Every 30 minutes OSPF will flood an LSA to ensure the LSDB stays up to date, and when it does this, the sequence number will increase, and OSPF will reset the max-age when it receives a new LSA update.

You can view the OSPF link-state database on a Cisco router using the following command:

Router#show ip ospf database 

            OSPF Router with ID (2.2.2.2) (Process ID 1)

		Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
1.1.1.1         1.1.1.1         109         0x80000002 0x004ED8 2
2.2.2.2         2.2.2.2         108         0x80000002 0x003EDB 2

		Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
192.168.12.2    2.2.2.2         108         0x80000001 0x008F1F

Here is the output of the show ip ospf database command, which shows us the LSDB. What interesting things can we see here?

• Each OSPF router has interfaces in an area. For each interface, it will advertise a router LSA. The link ID is the OSPF router ID.
• The first router LSA entry you see is from an OSPF router with router ID 1.1.1.1, and you can see the age, sequence number, and checksum. You can see that the LSA has been updated two times since the sequence number is 0x80000002.

Configuration

The best way to understand the three fields above is to watch them change on a real router. Let’s use a simple topology with two routers, R1 (router ID 1.1.1.1) and R2 (router ID 2.2.2.2), connected on the 192.168.12.0/24 network in area 0.

The summary table is useful, but if you want to see the exact fields OSPF uses to compare LSAs, look at a single LSA in detail. Here is R1’s router LSA as seen on R2:

R2#show ip ospf database router 1.1.1.1

            OSPF Router with ID (2.2.2.2) (Process ID 1)

		Router Link States (Area 0)

  LS age: 9
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 1.1.1.1
  Advertising Router: 1.1.1.1
  LS Seq Number: 80000003
  Checksum: 0x4CD9
  Length: 48
  Number of Links: 2

    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 1.1.1.1
     (Link Data) Network Mask: 255.255.255.255
      Number of MTID metrics: 0
       TOS 0 Metrics: 1

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 192.168.12.2
     (Link Data) Router Interface address: 192.168.12.1
      Number of MTID metrics: 0
       TOS 0 Metrics: 1

There they are: LS age, LS Seq Number, and Checksum. The exact three fields OSPF uses to decide which LSA instance is more recent. Right now R1’s LSA has sequence number 0x80000003, checksum 0x4CD9, and describes 2 links.

Now let’s change something on R1 so it has to originate a new instance of its router LSA. We’ll add a second loopback interface and advertise it in OSPF:

R1(config)#interface Loopback1
R1(config-if)#ip address 11.11.11.11 255.255.255.255
R1(config-if)#router ospf 1
R1(config-router)#network 11.11.11.11 0.0.0.0 area 0

Let’s look at R1’s router LSA again:

R1#show ip ospf database router 1.1.1.1

            OSPF Router with ID (1.1.1.1) (Process ID 1)

		Router Link States (Area 0)

  LS age: 6
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 1.1.1.1
  Advertising Router: 1.1.1.1
  LS Seq Number: 80000004
  Checksum: 0xAC3B
  Length: 60
  Number of Links: 3
  ...

Look at what happened:

• The sequence number incremented from 0x80000003 to 0x80000004.
• The checksum changed from 0x4CD9 to 0xAC3B.
• The LS age reset back to a low value, and the LSA now describes 3 links instead of 2.

This is the key takeaway for the question we asked earlier: the moment the content of R1’s LSA changed, the sequence number went up, and the checksum changed at the same time. That’s why you essentially never get a higher sequence number with an identical checksum and age. The sequence number is the primary tie-breaker, and it changes on every update.

Because R1 originated a newer instance, it floods it to R2. We can confirm R2 received it, note the same sequence number and checksum now appear in R2’s database:

R2#show ip ospf database

            OSPF Router with ID (2.2.2.2) (Process ID 1)

		Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
1.1.1.1         1.1.1.1         6           0x80000004 0x00AC3B 3
2.2.2.2         2.2.2.2         31          0x80000004 0x003ADD 2

		Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
192.168.12.2    2.2.2.2         36          0x80000001 0x008F1F

R2 compared the incoming LSA against the copy in its LSDB, saw a higher sequence number, accepted it as more recent, installed it, and re-ran SPF. This is the flowchart at the top of this lesson playing out in real life.

That’s all for now. It’s best to look at the OSPF link-state database yourself as you are doing labs. If you have any questions feel free to ask!