OSPF metrics and how it is determined

Unanswered Question
Aug 5th, 2007
User Badges:

I have a lab setup with a router, layer three 3550 switch and a PIX firewall.

The router and the firewall are plugged into the switch in seperate VLANs and are using the switch as their default gateway.

All three devices are configured in the same OSPF area, I am using almost identical configs from a production network an I see the same results.

All interfaces are Fastethernet 100/full

I would like to understand how the OSPF metrics are determined for this setup.

For example:

The switch sees the PIX and router as Full/BDR state and the Router's loopback interface as 110/2. Is it 2 because it is considered not directly connected but 1 hop away?

The switch sees the firewall DMZ interface as the neibor ID and as 110/11.

Why is the metric 11?

The router sees the PIX inside interface as 110/2, and the PIX DMZ as 110/12. Because same as above, considered 1 hop away from the connected interface?


router ospf 2

network area 0 (inside)

network area 0 (DMZ1)

redistribute ospf 1 subnets match internal external 1 external 2

default-information originate


router ospf 1


passive-interface Vlan1

passive-interface Vlan2

passive-interface Vlan3

passive-interface Vlan4

network area 0


router ospf 1



passive-interface Loopback0

network area 0 (Ethernet interface on inside)

network area 0 (Loopback0)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Jon Marshall Sun, 08/05/2007 - 10:53
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Wilson

OSPF does not use hop count as it's routng metric. It use the bandwidth of the interface.

The actual calucaltion is reference bandwidth / bandwidth of interface.

To key it simple the refernce bandwidth is 10 to the power 8. So

fast ethernet = 10 power 8 / 10 power 8 = 1

ethernet = 10 power 8 / 10 power 7 = 10

So the switch sees the cost ot the firewall DMZ interface as

1 ( for the cost of the link from the switch to the inside interface of the pix )


10 for the cost of the DMZ interface

This assumes that the firewall DMZ is running as normal ethernet ie. 10 rather than fast-ethernet ie. 100.

Is this the case ?


wilson_1234_2 Sun, 08/05/2007 - 11:16
User Badges:

Thanks Jon,

The cost on the interfaces are as follows:

The cost on the PIX is 10

The cost on the router 1

This is what is calculated from the numbers you gave?:

Ethernet 10

Fastethernet 100

Also, on the bandwidth: suppose the bandwidth xxxx command has not been configured as part of the interface by the person configuring the router. How is it determined by OSPF on say a serial interface where you could have a DS1 or a DS3?

Also why does the PIX show the neighbor address as the DMZ interface and not the inside ethernet address?

Edison Ortiz Sun, 08/05/2007 - 11:29
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

On a serial interface, the hardware determines the default bandwidth. If you have a DS1 card, the hardware will be shown as 1.5Mbps under the interface (type show interface s0/0 and you will see the bandwidth information).

Same goes for a DS3 card.

minumathur Sun, 08/05/2007 - 11:28
User Badges:
  • Bronze, 100 points or more


OSPF Cost will be calculated based on 10 power 8 / Bandwidth.


rajinikanth Sun, 08/05/2007 - 20:27
User Badges:
  • Bronze, 100 points or more

Hi Wilson,

Firewalls ospf router-id is DMZ1 ( because it is the highest configure ip address on firewall.

This is the reason you find in switch the neighbor id ( instead of inside ntw.




This Discussion