|
OSPF routers establish connections with one another through eight states:
Down State:
Down State is known as the initial stage of neighbor in which no data (Hellos) have been received from the neighbor, but it is still possible to send them hello packets.
OSPF neighbor state changes from Full to Down occur under two conditions. Firstly, if an adjacent firewall fails to receive a hello packet from a neighboring firewall within the specified Router Dead Interval time, which is typically set to 4* the Hello Interval. Secondly, if a manually configured neighbor is removed from the configuration.
Attempt State:
Attempt state is the second stage in which the building of the neighborship process starts. It is only for manually configured neighbors on NBMA (Non-Broadcast Multi-Access) networks. One such example of NBMA networks is frame relay.
At this stage, the firewall is attempting to connect with its neighbors via OSPF, but it has not been successful so far.
The attempt state is valid for neighbors on NBMA networks. It means no information is received from the neighbor but a serious effort is being made to contact neighbors.
Init State:
In the Init state, the firewall knows the existence of another firewall. However, it needs the necessary information to engage in the exchange of routing updates with that router.
In simple words, when a firewall receives a hello packet from a neighbor, it must list the sender’s router ID in its next hello packet as an acknowledgment that it received a valid hello packet. But at this stage, only the hello packet is received from the neighbor, but 2-way communication has yet to be established.
2-Way State:
This state signifies that bi-directional communication has been established between two firewalls. Bi-directional means that each firewall has seen the other firewall’s hello packet and acknowledged it by listing its router ID in the neighbor list.
At this state, a firewall decides whether to become adjacent to the neighbor or not. On broadcast networks (such as Ethernet) and NBMA networks, a firewall becomes fully adjacent only with the Designated Router (DR) and the Backup Designated Router (BDR); it stays in the 2-Way state with all other neighbors.
On point-to-point networks (such as serial links) and point-to-multipoint networks (such as MPLS), a firewall becomes fully adjacent to every neighbor.
Note: Both DR and BDR are elected on broadcast and NBMA networks to minimize the number of adjacencies and reduce the amount of link-state information exchanged. When talking specifically about DR, it is responsible for distributing LSAs to all other routers/firewalls on the network segment, whereas BDR acts as a backup in case DR fails.
Exstart State:
The Exstart state acts as the initial stage in the process of forming adjacencies. During this state, the local firewall and its neighboring firewall/ work together to determine which firewall will be responsible for synchronizing the database.
Once the master/slave relationship is established, the router with the highest router ID becomes the master and the next highest is selected as a slave device.
At this stage, the firewall negotiates with the neighbor to exchange DBDs (Database Description packets). If talking about DBDs, these are mainly used to describe the contents of link-state databases and also detect any missing or outdated LSAs.
Also, the master-slave relationship is established at this stage. The master router is the one that starts the DBD exchange and assigns the sequence numbers to the DBDs. The slave router is the one that follows the master’s sequence numbers and acknowledges the received DBDs.
Note: The router with the highest router ID becomes the master and the one with the lower router ID becomes a slave.
Exchange State:
This state is where the actual DBD exchange takes place. The firewalls send and receive DBDs that contain summaries of their LSAs. Each DBD has a sequence number that is incremented by one for each new packet. The firewall must keep track of the sequence numbers and acknowledge each received DBD.
Further, the router checks for updated or extra link-state information from its neighbor by comparing the contents of the Database Descriptor (DBD) it receives with the contents of its own Link State Database (LSD). After this, the state changes to loading.
Loading State:
During the loading state, OSPF firewalls engage in the exchange of Link State Requests (LSR) and Link State Updates (LSU), which include all Link State Advertisements (LSA). The updates are derived from the DDP or Data Base Descriptors (DBD) of neighboring entities.
Link State Updates (LSUs) are packets that encapsulate all of the Link State Advertisements (LSAs) that have been transmitted to OSPF neighbors, transmitting recent updates or newly discovered network information.
The Loading state is complete when both firewalls/routers have received all the requested LSAs from their neighbors. At this point, both firewalls/routers have identical link-state databases and can calculate their shortest paths using the SPF algorithm. The state then changes to Full.
Full State:
The full state is the operational state of OSPF, indicating that the network is functioning as expected. The databases of all firewalls are in perfect sync, and periodic Link State Advertisements (LSAs) are sent and received by all firewalls in the network.
It is noteworthy that in the case of Broadcast networks and NBMA media, firewalls will only achieve Full State with their designated router (DR) and backup designated router (BDR) routers. In the context of point-to-point and point-to-multipoint networks, a firewall must maintain its full state concerning each neighboring firewall.
To troubleshoot the OSPF at different stages, refer to the below guide:
Technical Tip: How to troubleshoot OSPF neighborship in various states
|
