Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ojacinto
Staff
Staff

Created on ‎09-22-2025 11:17 PM

Article Id 411513

Technical Tip: How to validate the last time that SPF was executed on OSPF protocol

Description This article describes how to check the last time the SPF algorithm was executed on the OSPF protocol.
Scope FortiOS v7.2.0 and later, v7.4.0 and later, 7.6.0 and later.
Solution

After OSPF dynamic routing is configured on the FortiGate according to this KB article: Technical Tip: Basic OSPF configuration and MTU settings in OSPF 

It is important to monitor the 'SPF execution algorithm' because this counter tracks the number of times that the SPF algorithm has been run since the OSPF protocol was started on the FortiGate. It indicates how many times the FortiGate has had to recalculate the SPF for the OSPF protocol.

For example:

FGT-HUBDC1 (root) # get router info ospf status
Routing Process "ospf 0" with ID 10.254.0.99
Process uptime is 1 hour 13 minutes
Process bound to VRF default
Conforms to RFC2328, and RFC1583Compatibility flag is disabled
Supports only single TOS(TOS0) routes
Supports opaque LSA
Do not support Restarting
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Refresh timer 10 secs
Number of incomming current DD exchange neighbors 0/5
Number of outgoing current DD exchange neighbors 0/5
Number of external LSA 0. Checksum 0x000000
Number of opaque AS LSA 0. Checksum 0x000000
Number of non-default external LSA 0
External LSA database is unlimited.
Number of LSA originated 2
Number of LSA received 5
Number of areas attached to this router: 1
   Area 0.0.0.0 (BACKBONE)
    Number of interfaces in this area is 3(3)
    Number of fully adjacent neighbors in this area is 2
    Area has no authentication
    SPF algorithm last executed 01:04:12.370 ago
    SPF algorithm executed 4 times
    Number of LSA 2. Checksum 0x013788

 

The above output shows that OSPF process uptime is 1 hour 13 minutes; however, the last time that the SPF algorithm was run was 1 hour 4 minutes and 12 seconds ago.

 

Monitoring this counter is an important part of network health and performance because it could indicate network stability. If this counter is frequently changing it can indicate a part of the network as unstable (it could be a router, link or network that is flapping):

 

FGT-HUBDC1 (root) # get router info ospf status
Routing Process "ospf 0" with ID 10.254.0.99
Process uptime is 1 days 16 hours 27 minutes
...
SPF algorithm last executed 00:00:04.120 ago < --
SPF algorithm executed 25661 times 

Getting the same output after some minutes:

FGT-HUBDC1 (root) # get router info ospf status
Routing Process "ospf 0" with ID 10.254.0.99
Process uptime is 1 days 16 hours 32 minutes
...
SPF algorithm last executed 00:00:03.640 ago < ---
SPF algorithm executed 25724 times 

 

This change has an impact on the FortiGate performance because the SPF algorithm is a CPU-intensive operation.
A best practice under a similar scenario where SPF is constantly changing is to use the 'spf-delay' and 'spf-holdtime' timers.

 

Related article:
Technical Tip: How to Implement OSPF SPF scheduling and throttling 

 

Labels:
137
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.