OSPF Hello Packet

OSPF uses packets to communicate and establish OSPF Operation. It has different OSPF packets type:

In this part start with Type 1: Hello Packets, because it is the first packet that sends by the OSPF process on their interfaces to establish and maintain neighbor relationships

With this packet, you ensure that you have two-way communication with other routers because if you don’t get any Hello packets, you understand that you don’t have any OSPF communication with your neighbor.

All of the OSPF routers periodically send Hello packet as soon as enable OSPF on their interfaces. This is known as the (Hello Interval) and this time is different in each of the OSPF network types.

One of the ways that the router understands that the neighbor is dead is it cannot get any hello packets after a specific time that the router waits to receive the hello packet. (It’s called Router Dead Interval.)

The destination of the hello packet is on IPv4 and FF02::5 on IPV6 and for the layer two destinations MAC address is 01:00:5E:00:00:05, but don’t forget that if you have a non-broadcast network or point to multipoint non-broadcast the destination is unicast.

Responsive image

Let’s config a basic OSPF on one of the routers and check Hello packets on Wireshark

In this scenario, I have just three routers R1 and R2, and R3 that are connecting together by the switch.

Responsive image

Let’s enable OSPF on R1.

Responsive image

This command (Network with wildcard mask enabled OSPF in every interface that starts with 10.10.10

Look at the interface fast 0/0 on R1 with IP address that’s enabled OSPF on it.

Check the network types and Hello and Dead Interval in this interface.

Responsive image

As soon as the OSPF process is enabling on the interface it sends a Hello packet to the destination because the network type in this interface is Broadcast. You can see this with run #debug ip ospf hello on your router.

Responsive image

But when you look at debugging, don’t forget that area information in debugging is not sending by Hello packets, it sends by OSPF header, as you know all of the OSPF packet types have OSPF header, and area information not included in the Hello packets, it’s inside of the OSPF header.

Let me show you the Wireshark.

Responsive image

Look at the destinations at layer 2 and layer 3.

In layer two, information destinations are IPv4 multicast with MAC address 01:00:5e:00:00:05.

Now check the OSPF information.

Responsive image

Every OSPF packet type has an OSPF header and inside that, you can see area information and other parameters that send by it. You can see Message Type in the OSPF header is Hello packet type 1.

In this section, we have the OSPF authentication field and the source of the packet that it is R1 but don’t confuse it is IP address of the source of the packet, it’s not Router-ID of R1.

Responsive image

Now check the OSPF Hello Packets in Wireshark.

Responsive image

Hello packets consist of the parameters that some of them must be the same as neighbors’ parameters, otherwise, the packets will be dropped and they cannot establish an adjacency.

Network Mask, this is the address mask of the interface which sends hello packets. This field is mandatory parameters that must be matched on OSPF routers to become adjacency.

Hello Interval, is the specific time at which the OSPF routing process sends hello packets to its directly connected neighbor with a TTL of one. All routers on a shared network must use the same hello interval. It is the second parameter that must be matched with neighbors to establish an adjacency.

Options,this is included in Hello packets and Database Description packets, and all LSAs. OSPF uses these options to ensure the neighbors have compatible capabilities and if they are not matched in these capabilities the router might reject the neighbor .

Router Priority,it is used to determine which router becomes the DR and the BDR in the Ethernet networks. default is 1 and it can be config between 0-255 in the interfaces of the routers. Don't forget that priority of 0 means that the router will never be the DR.

Router Dead Interval,the time that router waits to receiving OSPF packets from the neighbors before declaring that router to be down.

Designated Router,this is the IP address of the designated router in the area. If we don’t have any DR, the IP address will be

Backup Designated Router,this is IP address of the backup designated router. If we don’t have any BDR, the IP address will be

Neighbor,The Router IDs of all OSPF routers which valid hello packets have been received within the network.