OSPF Header Format and Packets Types [Explained with Wireshark Captures]
![OSPF Header Format and Packets Types [Explained with Wireshark Captures]](https://learnduty.com/wp-content/uploads/2023/02/image-3.png)
OSPF runs over Internet Protocol (IP) either IPv4 or IPv6, but does not leverage a transport protocol like UDP or TCP. It encapsulates its data directly in IP packets with protocol number 89. This is in contrast to other routing protocols, as an example Border Gateway Protocol (BGP) uses TCP port 179. OSPF implements its own transport error detection and correction functions.
an OSPF routers uses 5 types of packets to communicate with its neighbors:
- Type 1: Hello
- Type 2: Database description (DBD)
- Type 3: Link State Request (LSR)
- Type 4: Link State Update (LSU)
- Type 5: Link State Acknowledgement (LSAck)
Type 1: Hello
The Hello packet are sent to Multicast address (224.0.0.5 or 224.0.0.6 to the DR), it’s the key message in order establish relationships between adjacencies devices. It define the key parameters on how an OSPF neighbor represent itself in the Area. The information provided like Area, timers and Authentication will indicate if the adjacency will form or not:
Let’s take and Example of an OSPF Hello Packet from a Wireshark capture:
Type 2: Database description (DBD)
Database description messages contain descriptions of the topology of the autonomous system or area. They convey the contents of the link-state database (LSDB) for the area from one router to another.
During the OSPF exchange state, A master and slave election will take place, the master will start the Exchange of the DBD and he is responsible for incrementing the sequence number.
At first both assure master role and start with a sequence number, but, after the slave will use the sequence of the master to send its DBD and only the master is responsible to increment it.
- Please note that this election isn’t related to DR and BDR election.
The main fields/flags of the DBD are:
- Interface MTU: Specifies the largest IP datagram in bytes that the interface can send without fragmentation (can cause the adjacency to be stuck in the Exchange state, if mismatch)
- I (Initial):
– set to 1 if the packet is the first DD packet.
– It is set to 0 if not. - M (More):
– set to 0 if the packet is the last DD packet.
– It is set to 1 if more DD packets are to follow. - MS (Master/Slave): The Master/Slave bit.
– When set to 1, it indicates that the router is the master during the database exchange process.
– When set to 0, the router is the slave router. - DD sequence number: Used to sequence the collection of DD packets.
The initial value is set by the master. The DD sequence number then increments until the complete database description has been sent.
Let’s take and Example of an OSPF BDB Packet from a Wireshark capture:
In this case, the router 192.168.1.1 is elected as master for the DBD exchange and he is incrementing the DBD Sequence:
- DBD message From Slave (sequence 9015):
- DBD message From Master (sequence 9015 + 1):
Type 3: Link State Request
If a portion of the LSDB is missing, Link state request messages can be by one router to request updated information . The message specifies the link(s) for which the requesting device wants more current information.
In this Example, the router 192.168.1.2 is requesting the state of the link: 192.168.2.4
Type 4: Link State Update
- Link-state update messages contain updated information about the state of certain links on the LSDB. They are sent in response to a link state request message, and also broadcast or multicast by routers on a regular basis. Their contents are used to update the information in the LSDBs of routers that receive them.
- Link State Update (LSU) enable the flooding of LSAs. Each LSA contains routing, metric and topology information to describe a portion of OSPF network. The LSA are advertised within an LSU packet to its neighboring routers.
Let’s look at the response of the last LSR from the previous example:
The capture illustrates the LSU as an answer for LSR about the Link state ID 192.168.2.4
The Router 192.168.2.4 is the DROther for the network 192.168.2.0/24, as a result, it will send a transit sub-LSA for it indicating the DR IP address and his own IP.
To understand the advertised LSA, let’s check the Router LSA sub-types:
OSPF LSA-Type-1 Sub-Types | P2P | Transit | Stub | Virtual Link |
Link ID | Neighbor’s ID | IP Address of the DR | IP Network Number | Neighbor’s ID |
Link Data | Interface IP Address | Interface IP | Subnet mask | Interface IP Address |
Network type | Point to point | Broadcast | Non-Broadcast | Point to Multipoint |
Imported in to OSPF LSDB as: | Stub and p2p | Transit | Transit | Stub and p2p |
Note: If the link type Broadcast, but the router didn’t learn any neighbor on that link, it will advertise it as stub sub-LSA-1 (Network IP and mask)
Type 5: Link State Acknowledgement (LSAck)
Link-state acknowledgment messages is used for acknowledging receipt of a Link State Update message. It ensure the reliability to the link-state exchange process.
read more about OSPF LSAs:
References:
1- techhub.hpe.com/eginfolib/networking/docs/switches/3600v2/5998-7619r_l3-ip-rtng_cg/content/442284154.htm
2- en.wikipedia.org/wiki/Open_Shortest_Path_First
