Back to Blog
โ˜…โ˜…โ˜†Intermediate๐Ÿ”€ Routing & Switching
OSPFRoutingTroubleshootingBest PracticesCisco

OSPF Troubleshooting and Best Practices

March 8, 2026ยท11 min read

Overview

OSPF is the most widely deployed IGP in enterprise networks โ€” and when it breaks, it usually breaks quietly. Adjacencies stay down, routes disappear from the RIB, or SPF runs continuously and pegs the CPU. This guide walks through systematic OSPF troubleshooting from neighbor establishment through route calculation, followed by design and hardening best practices.

// OSPF Multi-Area Topology
Area 0 (Backbone)Area 1Area 2 (Stub) ASBRExt Routes R11.1.1.1 R22.2.2.2 ABR-1Area 0/13.3.3.3 R34.4.4.4 R45.5.5.5 ABR-2Area 1/26.6.6.6 R57.7.7.7 Type5Yellow=ABR | Red=ASBR | Purple area=Stub (blocks Type-5 LSAs)
// OSPF DR/BDR Election โ€” Broadcast Segment
DRPriority: 25510.0.0.1 BDRPriority: 10010.0.0.2 DROther-1Priority: 010.0.0.3 DROther-2Priority: 010.0.0.4 FullFullFullFull w/ BDRFull w/ BDR2-Way only โ€” no adjacency between DROthersDROthers are Full with DR+BDR only | 2-Way with each other

Step 1 โ€” Verify Neighbor Adjacency

cisco
! Check all OSPF neighborsR1# show ip ospf neighborR1# show ip ospf neighbor detail! Check interface OSPF configR1# show ip ospf interface GigabitEthernet0/0! Verify OSPF is running on the interfaceR1# show run interface GigabitEthernet0/0 | include ospf|ip addressR1# show ip protocols | include ospf|network|area

Key values to verify between neighbors:

  • Area ID must match
  • Hello/Dead timers must match (default 10s/40s on broadcast, 30s/120s on NBMA)
  • Subnet must match (same network and mask)
  • MTU must match (or ip ospf mtu-ignore on both sides)
  • Authentication type and key must match

Step 2 โ€” Hello Parameter Mismatches

The most common adjacency failure. OSPF neighbors will not form if these don't match.

cisco
! Check hello/dead timers on both routersR1# show ip ospf interface Gi0/0 | include Hello|Dead|Timer! Fix timer mismatchinterface GigabitEthernet0/0 ip ospf hello-interval 10 ip ospf dead-interval 40! Check area type mismatch (stub vs non-stub)R1# show ip ospf | include AreaR1# show ip ospf neighbor detail | include area|options! Fix โ€” both sides of a link must have same area typerouter ospf 1 area 10 stub          ! must be same on ALL routers in area 10

Step 3 โ€” Stuck at ExStart / Exchange (MTU Mismatch)

ExStart/Exchange stuck is almost always an MTU problem. OSPF DBD packets must fit inside the interface MTU.

cisco
! Check MTU on both sidesR1# show interface Gi0/0 | include MTUR2# show interface Gi0/0 | include MTU! Workaround (not recommended long-term โ€” fix the MTU instead)interface GigabitEthernet0/0 ip ospf mtu-ignore! Check for duplicate Router-IDs (also causes ExStart issues)R1# show ip ospf | include Router ID! Router-ID must be unique across entire OSPF domain! Fix by setting explicit router-idrouter ospf 1 router-id 1.1.1.1      ! always set this explicitly โ€” never rely on auto-selection

Step 4 โ€” Adjacency Up but Routes Missing

Neighbors are Full but expected routes aren't in the routing table.

cisco
! Check OSPF database โ€” is the LSA present?R1# show ip ospf databaseR1# show ip ospf database router 2.2.2.2     ! specific router LSAR1# show ip ospf database summary             ! Type 3 LSAs (inter-area)R1# show ip ospf database external            ! Type 5/7 LSAs (redistributed)! Check if route is in OSPF topology tableR1# show ip ospf rib 10.10.0.0/24! Check if route is being filteredR1# show ip protocols | include distribute|filterR1# show run | include distribute-list|area.*filter

Common causes of missing routes:

cisco
! 1. Area not connected to backbone (Area 0) โ€” virtual-link requiredrouter ospf 1 area 2 virtual-link 3.3.3.3    ! 3.3.3.3 = transit area ABR router-id! 2. Stub area blocking external routes! Type 5 LSAs cannot enter stub areas โ€” use NSSA insteadrouter ospf 1 area 10 nssa          ! allows external routes as Type 7 LSAs! 3. Summarization dropping subnets! Summary range swallows more specific prefixes โ€” verify range is correctrouter ospf 1 area 10 range 10.10.0.0 255.255.0.0    ! summarize at ABR

Step 5 โ€” Redistribution Issues

cisco
! Check redistributed routes in OSPF databaseR1# show ip ospf database external! Verify redistribution configR1# show run | section router ospf | include redistribute! Common mistake โ€” redistributing without a metricrouter ospf 1 redistribute eigrp 100 subnets metric 20 metric-type E2!                        ^ must include "subnets" or only classful routes redistribute! Check if redistributed routes are being filtered at ABR/ASBRR1# show ip ospf border-routersR1# show ip ospf database external | include Link State|Metric

Step 6 โ€” High CPU from SPF / LSA Flooding

cisco
! Check SPF run frequencyR1# show ip ospf | include SPF|algorithm|Last! Check for flapping adjacencies causing LSA churnR1# show ip ospf neighbor | include EXSTART|EXCHANGE|LOADINGR1# debug ip ospf adj              ! WARNING: verbose in large networksR1# undebug all! Tune SPF timers to reduce CPU impact during instabilityrouter ospf 1 timers throttle spf 200 1000 10000   ! initial 200ms, min 1s, max 10s between SPF runs timers throttle lsa 100 1000 5000    ! LSA origination throttle! Check for Type 1/2 LSA sequence number wrapping (rare but causes full LSA flush)R1# show ip ospf database router | include Seq

OSPF Best Practices

CategoryBest PracticeReason
DesignAlways set explicit router-idPrevents ID changes on interface flap
DesignUse loopbacks as router-id sourceStable, always up
DesignKeep Area 0 as backbone, minimize transit areasReduces LSA flooding scope
DesignUse stub/NSSA for edge areasReduces LSDB size on spoke routers
DesignSummarize at ABR boundariesHides topology churn, reduces SPF scope
StabilitySet SPF and LSA throttle timersPrevents CPU spikes during instability
StabilityUse BFD for fast failure detectionFaster than dead-interval tuning
StabilitySet interface cost explicitlyAuto cost based on bandwidth is unreliable above 100Mbps
SecurityUse MD5 authentication on all interfacesPrevents rogue router injection
SecurityUse passive-interface on all non-OSPF-facing interfacesStops hello flooding to hosts

OSPF Hardening Config

cisco
router ospf 1 router-id 1.1.1.1 auto-cost reference-bandwidth 100000    ! set to 100Gbps so cost scales correctly timers throttle spf 200 1000 10000 timers throttle lsa 100 1000 5000 timers lsa arrival 900 passive-interface default              ! block hellos on all interfaces by default no passive-interface GigabitEthernet0/0 ! explicitly enable only on OSPF links area 10 stub no-summary               ! totally stub โ€” only default route into area area 20 nssa                          ! NSSA for areas with redistributed routes! Per-interface auth and costinterface GigabitEthernet0/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 MyOSPFKey ip ospf cost 100                      ! explicit cost โ€” do not rely on auto ip ospf dead-interval minimal hello-multiplier 4  ! sub-second failure detection

Quick Reference โ€” OSPF Troubleshoot Checklist

SymptomFirst CheckFix
No neighbor at allshow ip ospf interface โ€” is OSPF enabled?Add network stmt or ip ospf area on interface
Stuck in InitUnidirectional link, ACL blockingFix physical, remove ACL on hello traffic
Stuck in ExStartMTU mismatch, duplicate router-idFix MTU or set explicit unique router-id
2-Way only (broadcast)DROther to DROther โ€” is this expected?Normal; set priority to force DR if needed
Full but routes missingshow ip ospf database โ€” LSA present?Check area type, filtering, redistribution
High CPUSPF frequency, flapping adjacencyTune SPF throttle timers, fix flapping link
Suboptimal pathInterface cost valuesSet explicit cost; fix reference-bandwidth