Page tree


MikroTik RouterOS implements OSPF version 2 (RFC 2328). The OSPF protocol is the link-state protocol that takes care of the routes in the dynamic network structure that can employ different paths to its subnetworks. It always chooses shortest path to the subnetwork first.


  • RFC 2328 - OSPF Version 2
  • RFC 3101 - The OSPF Not-So-Stubby Area (NSSA) Option
  • RFC 3630 - Traffic Engineering (TE) Extensions to OSPF Version 2
  • RFC 4577 - OSPF as the Provider/Customer Edge Protocol for BGP/MPLS IP Virtual Private Networks (VPNs)
  • RFC 5329 - Traffic Engineering Extensions to OSPF Version 3
  • RFC 5340 - OSPF for IPv6
  • RFC 5643 - Management Information Base for OSPFv3
  • RFC 6549 - OSPFv2 Multi-Instance Extensions
  • RFC 6565 - OSPFv3 as a Provider Edge to Customer Edge (PE-CE) Routing Protocol
  • RFC 6845 - OSPF Hybrid Broadcast and Point-to-Multipoint Interface Type
  • RFC 7471 - OSPF Traffic Engineering (TE) Metric Extensions

Configuration Example

To start OSPF v2 and v3 instance, first thing to do is to add the instance and the backbone area:

/routing ospf instance
add name=v2inst version=2 router-id=
add name=v3inst version=3 router-id=
/routing ospf area
add name=backbone_v2 area-id= instance=v2inst
add name=backbone_v3 area-id= instance=v3inst

At this point we can add a template. Template is used to match interfaces on which OSPF should be running, it can be done either by specifying network or interface directly.

/routing ospf interface-template
add network= area=backbone_v2
add network=2001:db8::/64 area=backbone_v3
add network=ether1 area=backbone_v3

Property Reference


domain-id (Hex | Address)MPLS related parameter. Identifies OSPF domain of the instance. This value is attached to OSPF routes redistributed in BGP as VPNv4 routes as BGP extended community attribute, and used when BGP VPNv4 routes are redistributed back OSPF to determine whether to generate inter-area or AS-external LSA for that route. By default Null domain-id is used, as described in RFC 4577.
domain-tag (integer [0..4294967295])if set, then used in route redistribution (as route-tag in all external LSAs generated by this router), and in route calculation (all external LSAs having this route tag are ignored). Needed for interoperability with older Cisco systems. By default not set.
in-filter (string)name of the routing filter chain used for incoming prefixes
mpls-te-address (string)the area used for MPLS traffic engineering. TE Opaque LSAs are generated in this area. No more than one OSPF instance can have mpls-te-area configured.
mpls-te-area (string)the area used for MPLS traffic engineering. TE Opaque LSAs are generated in this area. No more than one OSPF instance can have mpls-te-area configured.
out-filter-chain (name)name of the routing filter chain used for outgoing prefixes filtering
out-filter-select (name)name of the routing filter select chain, used for output selection
router-id (IP | name; Default: main)OSPF Router ID. Can be set explicitly as IP address, or as the name of the router-id instance.
version (2 | 3; Default: 2)OSPF version this instance will be running (v2 for IPv4, v3 for IPv6).
vrf (name of routing table; Default: main)the VRF table this OSPF instance operates on
use-dn (yes | no)Forces to use or ignore DN bit. Useful in some CE PE scenarios to inject intra area routes into VRF. If parameter is unset then DN bit is used according to RFC. Available since v6rc12.


OSPF protocol supports two types of metrics:

  • type1 - ospf metric is the sum of the internal OSPF cost and the external route cost
  • type2 - ospf metric is equal only to the external route cost.


OSPF allows collections of routers to be grouped together. Such a group is called an area. Each area runs a separate copy of the basic link-state routing algorithm. This means that each area has its own link-state database and corresponding shortest path tree.

The structure of an area is invisible from other areas. This isolation of knowledge makes the protocol more scalable if multiple areas are used; routing table calculation takes less CPU resources and routing traffic is reduced.

However, multi-area setups create additional complexity. It is not recommended separate areas with fewer than 50 routers. The maximum number of routers in one area is mostly dependent on CPU power you have for routing table calculation.

area-id (IP address; Default: area identifier. If the router has networks in more than one area, then an area with area-id= (the backbone) must always be present. The backbone always contains all area border routers. The backbone is responsible for distributing routing information between non-backbone areas. The backbone must be contiguous, i.e. there must be no disconnected segments. However, area border routers do not need to be physically connected to the backbone - connection to it may be simulated using a virtual link.
instance (name; mandatory)Name of the OSPF instance this area belongs to.
no-summaries ()Flag parameter if set then area will not flood summary LSAs in stub area.
name (string)the name of the area
translator-role (yes | no | candidate)Parameter indicates which ABR will be used as a translator from type7 to type5 LSA. Applicable only if area type is NSSA
  • yes - router will be always used as translator
  • no - router will never be used as translator
  • candidate - OSPF elects one of the candidate routers to be a translator
type (default | nssa | stub; Default: default)The area type. Read more on the area types in the OSPF case studies.


Prefix ranges are used to aggregate routing information on area boundaries. By default, ABR creates a summary LSA for each route in specific area, and advertises it in adjacent areas.

Using ranges allows to create only one summary LSA for multiple routes and send only single advertisement into adjacent areas, or to suppress advertisements altogether.

If a range is configured with 'advertise' parameter, a single summary LSA is advertised for each range if there are any routes under the range is the specific area. Else ('advertise' parameter disabled) no summary LSAs are created and advertised outside area boundaries at all.

advertise (yes | no; Default: yes)Whether to create summary LSA and advertise it to the adjacent areas.
area (name; mandatory)the OSPF area associated with this range
cost (integer [0..4294967295])the cost of the summary LSA this range will create

default - use the largest cost of all routes used (i.e. routes that fall within this range)

prefix (IP prefix; mandatory)the network prefix of this range

Note: For an active range (i.e. one that has at least one OSPF route from the specified area falling under it), a route with type 'unreachable' is created and installed in the routing table.



Interface template defines common network and interface matchers and what parameters to assign to matched interface.




Interfaces to match. Accepts specific interface name or the name of the interface list.

network (IP prefix)the network prefix associated with the area. OSPF will be enabled on all interfaces that has at least one address falling within this range. Note that the network prefix of the address is used for this check (i.e. not the local address). For point-to-point interfaces this means the address of the remote endpoint.

Assigned Parameters

area (name; mandatory)The OSPF area to which matching interface will be associated.
auth (simple | md5)Specifies authentication method for OSPF protocol messages.
  • simple - plain text authentication
  • md5 - keyed Message Digest 5 authentication

If the parameter is unset, then authentication is not used.

auth-id (integer)The key id is used to calculate message digest (used only when MD5 authentication is enabled). Value should match on all OSPF routers from the same region.
authentication-key (string)The authentication key to be used for simple or MD5 authentication methods.
cost(integer [0..65535])Interface cost expressed as link state metric.
dead-interval (time; Default: 40s)Specifies the interval after which a neighbour is declared as dead. This interval is advertised in hello packets. This value must be the same for all routers on a specific network, otherwise adjacency between them will not form
disabled(yes | no)
hello-interval (time; Default: 10s)The interval between HELLO packets that the router sends out this interface. The smaller this interval is, the faster topological changes will be detected, tradeoff is more OSPF protocol traffic. This value must be the same for all the routers on a specific network, otherwise adjacency between them will not form.
instance-id (integer [0..255]; Default: 0)
passive ()If enabled, then do not send or receive OSPF traffic on the matching interfaces
prefix-list (name)Name of the address list containing networks that should be advertised to v3 interface.
priority (integer: 0..255; Default: 128)Router's priority. Used to determine the designated router in a broadcast network. The router with highest priority value takes precedence. Priority value 0 means the router is not eligible to become designated or backup designated router at all.
retransmit-interval (time; Default: 5s)Time interval the lost link state advertisement will be resent. When a router sends a link state advertisement (LSA) to its neighbour, the LSA is kept until the acknowledgment is received. If the acknowledgment was not received in time (see transmit-delay), router will try to retransmit the LSA.
transmit-delay (time; Default: 1s)Link state transmit delay is the estimated time it takes to transmit a link state update packet on the interface.
type (broadcast | nbma | ptp | ptmp | ptp-unnumbered | virtual-link; Default: broadcast)the OSPF network type on this interface. Note that if interface configuration does not exist, the default network type is 'point-to-point' on PtP interfaces, and 'broadcast' on all other interfaces.
  • broadcast - network type suitable for Ethernet and other multicast capable link layers. Elects designated router
  • nbma - Non-Broadcast Multiple Access. Protocol packets are sent to each neighbors unicast address. Requires manual configuration of neighbors. Elects designated router
  • ptp - suitable for networks that consists only of two nodes. Does not elect designated router
  • ptmp - Point-to-Multipoint. Easier to configure than NBMA because it requires no manual configuration of neighbor. Does not elect designated router. This is the most robust network type and as such suitable for wireless networks, if 'broadcast' mode does not works good enough for them
  • ptp-unnumbered - works the same as ptp, except that remote neighbour does not have associated IP address to a specific PTP interface. For example, in case if IP unnumbered is used on Cisco devices.
  • virtual-link - for virtual link setups.
vlink-neighbor-id (IP)Specifies the router-id of the neighbour which should be connected over the virtual link.
vlink-transit-area (name)A non-backbone area the two routers have in common over which the virtual link will be established. Virtual links can not be established through stub areas.


Read only list of all the LSAs currently in LSA database.

age (integer)How long ago (in seconds) the last update occurred
area (string)Area this LSA belongs to.
body (string)
checksum (string)LSA checksum
dynamic (yes | no)
flushing (yes | no)
id (IP)LSA record ID
instance (string)The instance name this LSA belongs to.
link (string)
link-instance-id (IP)
originator (IP)An originator of the LSA record.
self-originated (yes | no)Whether LSA is originated on the router itself.
sequence (string)Number of times the LSA for a link has been updated.
type (string)
wraparound (string)


Read only list of currently active OSPF neighbours.

address (IP)An IP address of the OSPF neighbour router
adjacency (time)Elapsed time since adjacency was formed
area (string)
bdr (string)An IP address of the Backup Designated Router
comment (string)
db-summaries (integer)
dr (IP)An IP address of the Designated Router
dynamic (yes | no)
inactive (yes | no)
instance (string)
ls-requests (integer)
ls-retransmits (integer)
priority (integer)Priority configured on the neighbour
router-id (IP)neighbor router's RouterID
state (down | attempt | init | 2-way | ExStart | Exchange | Loading | full)
  • Down - No Hello packets has been received from neighbor.
  • Attempt - Applies only to NBMA clouds. State indicates that no recent information was received from neighbor.
  • Init - Hello packet received from the neighbor, but bidirectional communication is not established (Its own RouterID is not listed in Hello packet).
  • 2-way - This state indicates that bi-directional communication is established. DR and BDR election occur during this state, routers build adjacencies based on whether router is DR or BDR, link is point-to-point or a virtual link.
  • ExStart - Routers try to establish the initial sequence number that is used for the packets information exchange. Router with higher ID becomes the master and starts the exchange.
  • Exchange - Routers exchange database description (DD) packets.
  • Loading - In this state actual link state information is exchanged. Link State Request packets are sent to neighbors to request any new LSAs that were found during Exchange state.
  • Full - Adjacency is complete, neighbor routers are fully adjacent. LSA information is synchronized between adjacent routers. Routers achieve the full state with their DR and BDR only, exception is P2P links.
state-changes (integer)Total count of OSPF state changes since neighbor identification


Static configuration of the OSPF neighbours. Required for non-broadcast multi-access networks.

address (IP%iface; mandatory )The unicast IP address of the neighbour.
area (name; mandatory )Name of the area the neighbour belongs to.
comment (string)
disabled (yes | no)
instance-id (integer [0..255]; Default: 0)
poll-interval (time; Default: 2m)How often to send hello messages to the neighbours which are in "down" state (i.e. there is no traffic from them)

Sub-menu: /routing ospf sham-link


A sham-link is required between any two VPN sites that belong to the same OSPF area and share an OSPF backdoor link. If there is no intra-area link between the CE routers, you do not need to configure an OSPF sham link.

Sham link configuration example

Sham link must be configured on both sides.

For a sham link to be active, two conditions must be met:

  • src-address is a valid local address with /32 netmask in OSPF instance's routing table.
  • there is a valid route to dst-address in the OSPF instance's routing table.

When the sham link is active, hello packets are sent on it only until the neighbor reaches full state. After that, hello packet sending on the sham link is suppressed.

RouterOS does not support periodic LSA refresh suppression on sham-links yet.


area (area name)name of area that shares an OSPF backdoor link
cost (integer: 1..65535 )cost of the link
dst-address (IP address)loopback address of link's remote router
src-address (IP address)loopback address of link's local router
  • No labels