OSPFv2 Single Area Configuration

OSPFv2 Single Area Configuration

RouterOS Version: 7.x+ Difficulty: Intermediate Estimated Time: 30 minutes

TL;DR (Quick Start)

For the impatient: here’s the 30-second version.

# Minimal OSPF single-area configuration
/routing ospf instance add name=main-ospf version=2 router-id=1.1.1.1
/routing ospf area add name=backbone area-id=0.0.0.0 instance=main-ospf
/routing ospf interface-template add area=backbone networks=10.0.0.0/24
/ip address add address=10.0.0.1/24 interface=ether2

Overview

Open Shortest Path First (OSPF) is a link-state routing protocol that enables dynamic route discovery and automatic network convergence. Unlike distance-vector protocols such as RIP, OSPF builds a complete topology map of the network, allowing for faster convergence and loop-free routing.

This guide focuses on single-area OSPF configuration - the foundation that every OSPF deployment builds upon. Understanding single-area operation is essential before tackling multi-area designs, as it establishes the core concepts of neighbor relationships, LSA flooding, and SPF calculation.

Understanding OSPF Fundamentals

The Link-State Paradigm

OSPF operates fundamentally differently from distance-vector protocols:

Key advantages:

• No hop count limitations - Routes based on cost, not hop count
• Fast convergence - Topology changes flood immediately to all routers
• Loop prevention - SPF algorithm guarantees loop-free paths
• Scalability - Hierarchical design with areas

Trade-offs:

• Higher resource usage - CPU and memory intensive
• Complexity - More moving parts than simple protocols
• Initial convergence time - Building topology takes longer than RIP

OSPF Network Types

RouterOS supports several OSPF network types, each optimized for different physical topologies:

Network Type	Physical Media	DR/BDR Election	Adjacencies
broadcast	Ethernet, WiFi	Yes	DR/BDR only
point-to-point	PPP, Tunnel	No	Full mesh
point-to-multipoint	Frame Relay	No	Hub-spoke
NBMA	ATM, X.25	Yes	Manual config

For most MikroTik deployments:

• Use broadcast for Ethernet/WiFi connections
• Use point-to-point for tunnels and direct links
• RouterOS auto-detects the appropriate type

The OSPF Packet Exchange Process

OSPF routers establish and maintain relationships through a structured packet exchange:

Hello Protocol Functions:

• Neighbor discovery - Find other OSPF routers
• Parameter verification - Ensure compatible settings
• Keepalive mechanism - Detect neighbor failures
• DR/BDR election - Choose designated routers on broadcast networks

Router-ID: The OSPF Identity

Every OSPF router must have a unique Router-ID - a 32-bit identifier that looks like an IP address but functions as a name:

Router-ID Selection Priority:
1. Manually configured router-id
2. Highest IP on loopback interface
3. Highest IP on any interface
4. RouterOS default: "main" (uses system identity)

Best practice: Always set Router-ID manually to ensure predictable behavior:

/routing id add name=ospf-id id=1.1.1.1

Cost Calculation and Metric

OSPF uses cost as its metric - lower cost = preferred path. RouterOS calculates interface cost based on bandwidth:

Default Cost = 100,000,000 / interface-bandwidth-bps

Examples:
- 1 Gbps Ethernet: 100,000,000 / 1,000,000,000 = 10
- 100 Mbps Ethernet: 100,000,000 / 100,000,000 = 100
- 10 Mbps Ethernet: 100,000,000 / 10,000,000 = 1000

Path selection example:

Network: 10.0.0.0/24

Path 1: R1 → R2 → R3 (Cost: 10 + 10 = 20)
Path 2: R1 → R4 → R3 (Cost: 100 + 10 = 110)

OSPF chooses Path 1 (lower total cost)

Prerequisites

• RouterOS 7.x device with at least two interfaces
• Basic IP addressing knowledge
• Understanding of subnet masks and routing concepts
• Access to configure interface ether2 (ether1 reserved for management)

Configuration Steps

This minimal example demonstrates OSPF single-area operation between two routers.

Step 1: Create OSPF Instance

Create an OSPF instance with explicit Router-ID:

/routing ospf instance add name=main-ospf version=2 router-id=1.1.1.1

Step 2: Create Backbone Area

Every OSPF network requires Area 0 (backbone area):

/routing ospf area add name=backbone area-id=0.0.0.0 instance=main-ospf

Step 3: Configure Interface Template

Define which networks participate in OSPF:

/routing ospf interface-template add area=backbone networks=10.0.0.0/24

Step 4: Assign IP Address

Configure the interface that will participate in OSPF:

/ip address add address=10.0.0.1/24 interface=ether2

Verification

Confirm your OSPF configuration is working correctly.

Check 1: OSPF Instance Status

Verify the OSPF instance is running:

/routing ospf instance print

Expected Output:

Flags: X - disabled
#   NAME        VERSION  ROUTER-ID  REDISTRIBUTE  VRF
0   main-ospf   2        1.1.1.1                  main

Check 2: Area Configuration

Confirm the backbone area exists:

/routing ospf area print

Expected Output:

#   NAME       AREA-ID   INSTANCE    TYPE
0   backbone   0.0.0.0   main-ospf   default

Check 3: Interface Template

Verify the interface template matches your network:

/routing ospf interface-template print

Expected Output:

#   AREA       NETWORKS     INTERFACES
0   backbone   10.0.0.0/24

Check 4: Active OSPF Interfaces

See which interfaces are actively running OSPF:

/routing ospf interface print

Expected Output:

Flags: D - dynamic
#   INTERFACE  AREA       COST  STATE  NEIGHBORS
0 D ether2     backbone   10    dr     0

Advanced Configuration

Authentication

Secure OSPF communications with authentication:

# Simple password authentication
/routing ospf interface-template set [find] auth=simple authentication-key=mypassword

# MD5 authentication (recommended)
/routing ospf interface-template set [find] auth=md5 auth-id=1 authentication-key=strongpassword

Timers Optimization

Adjust hello and dead intervals for faster convergence:

/routing ospf interface-template set [find] hello-interval=5s dead-interval=20s

Guidelines:

• Fast networks: hello=5s, dead=20s
• Slow/unstable links: hello=30s, dead=120s
• Dead interval should be 4x hello interval

Cost Manipulation

Override automatic cost calculation:

/routing ospf interface-template set [find] cost=50

Route Redistribution

Import routes from other protocols into OSPF:

# Basic redistribution (all connected and static routes)
/routing ospf instance set main-ospf redistribute=static,connected

With filtering (recommended):

# Create filter to control what gets redistributed
/routing filter rule add chain=ospf-out \
    rule="if (protocol connected && dst in 192.168.0.0/16) { accept; }"
/routing filter rule add chain=ospf-out \
    rule="if (protocol static && dst in 10.0.0.0/8) { set ospf-ext-metric 100; accept; }"
/routing filter rule add chain=ospf-out rule="reject;"

# Apply filter and enable redistribution
/routing ospf instance set main-ospf redistribute=static,connected out-filter-chain=ospf-out

External route types:

• Type 1 (E1): Metric includes internal OSPF cost to ASBR
• Type 2 (E2): Metric is only the external cost (default)

# Set external type in filter
/routing filter rule add chain=ospf-out \
    rule="if (protocol connected) { set ospf-ext-type type1; accept; }"

Network Topology Examples

Simple Two-Router Setup

Router A Configuration:

/routing ospf instance add name=main-ospf version=2 router-id=1.1.1.1
/routing ospf area add name=backbone area-id=0.0.0.0 instance=main-ospf
/routing ospf interface-template add area=backbone networks=10.0.0.0/24
/ip address add address=10.0.0.1/24 interface=ether2

Router B Configuration:

/routing ospf instance add name=main-ospf version=2 router-id=2.2.2.2
/routing ospf area add name=backbone area-id=0.0.0.0 instance=main-ospf
/routing ospf interface-template add area=backbone networks=10.0.0.0/24
/ip address add address=10.0.0.2/24 interface=ether2

Three-Router Triangle

Each router participates in multiple networks, creating redundant paths.

Troubleshooting

Problem: No OSPF Neighbors

Symptoms: /routing ospf neighbor print shows no entries

Common causes:

1. Mismatched area configuration - Verify both routers use same area-id
2. Authentication mismatch - Check auth settings match exactly
3. Timer mismatch - Hello/dead intervals must match
4. Network type mismatch - Ensure compatible network types
5. Firewall blocking - OSPF uses IP protocol 89

Solution steps:

# Check interface is in OSPF
/routing ospf interface print

# Verify area configuration
/routing ospf area print

# Check for authentication issues
/routing ospf interface-template print detail

# Monitor hello packets
/tool sniffer quick interface=ether2 ip-protocol=89

Problem: Routes Not Appearing

Symptoms: OSPF neighbors exist but routes missing from routing table

Diagnostic commands:

# Check OSPF database
/routing ospf lsa print

# Verify routing table
/ip route print where protocol=ospf

# Check SPF calculation
/routing ospf instance print detail

Common fixes:

• Verify network statements cover all required subnets
• Check for duplicate Router-IDs (must be unique)
• Ensure interfaces are not passive when they should be active

Problem: Slow Convergence

Symptoms: Network takes long time to reconverge after topology changes

Optimization strategies:

# Reduce timer intervals
/routing ospf interface-template set [find] hello-interval=5s dead-interval=20s

# Enable fast hello
/routing ospf interface-template set [find] hello-interval=1s dead-interval=4s

Warning: Aggressive timers increase CPU usage and network traffic.

Problem: Route Redistribution Filter Not Working

Symptoms: Redistributed routes not appearing in OSPF, or all redistributed routes being rejected.

Common causes:

1. Filter chain not applied - The filter exists but isn’t referenced in OSPF instance
2. Default reject behavior - RouterOS v7 filters default to reject; no explicit accept statement
3. v6 syntax used in v7 - Filter syntax completely changed between versions

Solution steps:

1. Verify filter chain is applied to OSPF:

   /routing ospf instance print detail

   Look for out-filter-chain= showing your filter name.

2. Check filter rules have explicit accept:

   /routing filter rule print where chain=ospf-out

   Ensure the chain ends with accept; for routes you want to redistribute.

3. Example working filter configuration:

   # Create filter rules - accept connected routes from specific network
   /routing filter rule add chain=ospf-out \
       rule="if (protocol connected && dst in 192.168.0.0/16) { set ospf-ext-metric 10; accept; }"
   
   # Reject everything else (explicit, though default)
   /routing filter rule add chain=ospf-out rule="reject;"
   
   # Apply filter to OSPF instance
   /routing ospf instance set main-ospf out-filter-chain=ospf-out redistribute=connected

4. Verify routes are being processed:

   # Check for filtered routes in RIB
   /routing route print where filtered
   
   # Check OSPF external LSAs
   /routing ospf lsa print where type=external

Problem: Cannot Filter OSPF Internal Routes

Symptoms: Filters have no effect on OSPF intra-area or inter-area routes.

Explanation: OSPF is a link-state protocol - routers exchange link state information, not routes. Filtering only works on:

• Routes being redistributed into OSPF (external routes)
• Routes being imported from OSPF into the routing table

Internal routes (Type 1, Type 2 LSAs) cannot be filtered because all routers in an area must have identical link-state databases.

Workarounds:

1. Use area summarization on ABRs to control inter-area route propagation:

   /routing ospf area range add area=backbone range=10.0.0.0/8 advertise=no

2. Convert area to NSSA with no-summary for stub-like behavior:

   /routing ospf area set [find name=area1] type=nssa no-summary=yes

3. Filter at RIB level to prevent specific OSPF routes from being used:

   /routing filter rule add chain=ospf-in \
       rule="if (dst in 10.99.0.0/16 && ospf-type intra) { reject; }"
   /routing ospf instance set main-ospf in-filter-chain=ospf-in

   Note: This only affects local routing table, not OSPF database or advertisements.

Problem: v6 Filter Syntax Not Working in v7

Symptoms: Filters migrated from RouterOS v6 have no effect or cause errors.

Cause: RouterOS v7 uses completely different filter syntax - script-based if-then-else instead of property-based rules.

Migration examples:

v6 Syntax	v7 Syntax
/routing filter add chain=ospf-out prefix=192.168.0.0/16	/routing filter rule add chain=ospf-out rule="if (dst in 192.168.0.0/16) { accept; }"
set-ospf-metric=100	set ospf-ext-metric 100;
action=accept	accept;
action=discard	reject;

Complete v7 OSPF redistribution filter example:

# Accept connected routes with modified metric
/routing filter rule add chain=ospf-redistribute \
    rule="if (protocol connected && dst in 10.0.0.0/8) { set ospf-ext-metric 50; set ospf-ext-type type1; accept; }"

# Accept static routes as type2
/routing filter rule add chain=ospf-redistribute \
    rule="if (protocol static) { set ospf-ext-type type2; accept; }"

# Reject everything else
/routing filter rule add chain=ospf-redistribute rule="reject;"

# Apply to OSPF
/routing ospf instance set main-ospf out-filter-chain=ospf-redistribute redistribute=connected,static

Tip: RouterOS 7.20+ includes a filter wizard that generates v7 syntax from v6-like parameters:

/routing filter filter-wizard action=accept chain=test prefix=10.0.0.0/8

Debugging Commands

# Monitor neighbor state changes
/routing ospf neighbor print detail

# View LSA database
/routing ospf lsa print where type=router

# Check interface statistics
/routing ospf interface print stats

# Monitor OSPF packets
/tool sniffer quick interface=ether2 ip-protocol=89

Performance Considerations

CPU Impact

OSPF is CPU-intensive due to:

• SPF calculations - Triggered by topology changes
• LSA processing - Database synchronization overhead
• Hello processing - Regular neighbor maintenance

Optimization tips:

• Use appropriate hello intervals (don’t over-optimize)
• Limit network size (single area: max ~50 routers)
• Consider hardware capabilities when scaling

Memory Usage

OSPF maintains several databases:

• Neighbor table - Adjacent routers
• Topology database - Complete network map
• Routing table - Best paths to destinations

Memory scales with:

• Number of routers in area
• Number of networks advertised
• Frequency of topology changes

Network Overhead

OSPF generates several types of traffic:

• Hello packets - Every 10 seconds by default
• LSA updates - When topology changes
• Database synchronization - New neighbor establishment

Bandwidth considerations:

• Hello traffic is minimal (small packets, multicast)
• LSA flooding can be significant during convergence
• Steady-state overhead is very low

Security Best Practices

Authentication

Always enable authentication in production:

# MD5 authentication (recommended)
/routing ospf interface-template set [find] auth=md5 auth-id=1 authentication-key=ComplexPassword123

# SHA authentication (RouterOS 7.x)
/routing ospf interface-template set [find] auth=sha256 auth-id=1 authentication-key=VeryStrongPassword456

Access Control

Limit OSPF participation:

# Make interfaces passive (advertise but don't form adjacencies)
/routing ospf interface-template add area=backbone interfaces=ether3 passive=yes

# Use interface lists for better management
/interface list add name=ospf-interfaces
/interface list member add list=ospf-interfaces interface=ether2
/routing ospf interface-template add area=backbone interfaces=ospf-interfaces

Firewall Considerations

OSPF uses IP protocol 89 and multicast addresses:

• 224.0.0.5 - AllSPFRouters (Hello packets)
• 224.0.0.6 - AllDRRouters (LSA updates)

Ensure firewall rules don’t block OSPF traffic between trusted routers.

Migration and Integration

From Static Routes

Gradual migration approach:

1. Deploy OSPF alongside static routes
2. Increase OSPF administrative distance initially
3. Verify OSPF routes appear correctly
4. Lower OSPF distance to prefer over static
5. Remove static routes once confident

# Temporary higher distance for testing
/routing ospf instance set main-ospf distribute-default=if-installed

# Normal OSPF distance is 110 (lower than static 1)

With Other Protocols

OSPF can redistribute routes from:

• Static routes - Manual configurations
• Connected routes - Directly attached networks
• RIP - Legacy protocol migration
• BGP - External routing integration

# Redistribute static and connected routes
/routing ospf instance set main-ospf redistribute=static,connected

# Control redistribution with filters
/routing ospf instance set main-ospf out-filter-chain=ospf-redistribute

Related Topics

Prerequisites

• IP Address Configuration - interfaces need IPs for OSPF neighbors
• Static Routes - understand routing basics first

Alternative Routing Protocols

• BGP Peering - inter-AS routing for ISP connectivity
• RIP - simpler distance-vector protocol (limited use)
• BFD - fast failure detection for OSPF neighbors

Related Topics

• Routing Tables - policy routing with multiple tables
• Routing Filters - control route redistribution
• Firewall Basics - OSPF uses protocol 89

References

• MikroTik OSPF Documentation
• RFC 2328 - OSPF Version 2
• MikroTik Routing Protocol Reference
• OSPF Design Guidelines