OSFP Forwarding Address Part I: Type 5 LSA Suppression

OSPF (Open Shortest Path First) is mostly seen as a pretty nasty routing protocol, with a load of subtleties and corner cases. I’ve decided to talk about a subject which usually gives a lot of troubles to most network professionals – the Forwarding Address (FA).

So, we’re going to clear things on why does OSPF set or doesn’t set the FA, what is it used for, how is the best path selection is influenced by the setting of the FA and we’ll also see some examples that may throw some light on this subject. But first, let’s clarify what the forward address is. As per the RFC, the forward address is defined as:

Forwarding address
        Data traffic for the advertised destination will be forwarded to
        this address.  If the Forwarding address is set to 0.0.0.0, data
        traffic will be forwarded instead to the LSA's originator (i.e.,
        the responsible AS boundary router).

Probably the most important thing when you start the deep dive into this subject is having the right topology to work with, which allows you to see the less usual cases regarding how redistribution into OSPF works.

Considering the network topology below, I have started with the simplest case of OSPF implementation, meaning a single area, the backbone area 0, one backbone router, R1, and one ASBR, R2. R2 has a connection to R0, which is an external router, via which has a static route to Loopback X, 100.100.100.100/32.

ospf1

All good, topology defined. Now, R2 will perform a classical redistribution of the static route into OSPF, without any changes in the default parameters (the redistributed route will be of type E2, metric 20). Let’s see how that looks like:

R2’s routing table:

R2#sh ip ro      2.0.0.0/32 is subnetted, 1 subnets
C        2.2.2.2 is directly connected, Loopback0
      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.10.12.0/24 is directly connected, FastEthernet0/0
L        10.10.12.2/32 is directly connected, FastEthernet0/0
C        10.10.20.0/24 is directly connected, FastEthernet1/0
L        10.10.20.1/32 is directly connected, FastEthernet1/0
      100.0.0.0/32 is subnetted, 1 subnets
S        100.100.100.100 [1/0] via 10.10.20.254

Note 1: The static route has been configured with a next-hop, not an exit interface. R1 and R2 are OSPF adjacent in area 0:

R2#sh ip ospf neigh
Neighbor ID     Pri      State            Dead Time    Address         Interface
1.1.1.1                   1   FULL/DR         00:00:37    10.10.12.1      FastEthernet0/0

Note 2: the network between R1 and R1 doesn’t matter (default is multi-access)

R2 redistributes the static route

R2#sh run | s r o
router ospf 1
 redistribute static subnets

And R2’s database is:

R2#sh ip ospf data
            OSPF Router with ID (2.2.2.2) (Process ID 1)
                            Router Link States (Area 0)
Link ID         ADV Router      Age              Seq#               Checksum          Link count
1.1.1.1             1.1.1.1              458         0x80000002              0x003CAB          1
2.2.2.2             2.2.2.2               62          0x80000003              0x0002D9           1
                            Net Link States (Area 0)
Link ID         ADV Router      Age         Seq#                  Checksum
10.10.12.1      1.1.1.1              458         0x80000001       0x007E8A
                            Type-5 AS External Link States
Link ID                  ADV Router      Age             Seq#            Checksum       Tag
100.100.100.100         2.2.2.2           62          0x80000001       0x00A165       0

If we are to see the Type 5 External LSA that R2 injected into the OSPF domain:

R2#sh ip ospf data external
            OSPF Router with ID (2.2.2.2) (Process ID 1)
                            Type-5 AS External Link States
  LS age: 292
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 100.100.100.100 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000001
  Checksum: 0xA165
  Length: 36
  Network Mask: /32
              Metric Type: 2 (Larger than any link state path)
              MTID: 0
              Metric: 20
              Forward Address: 0.0.0.0
              External Route Tag: 0

We can notice that there is a field in the LSA called Forward Address. In our case it’s 0.0.0.0 which actually means that no forward address is set. Why is that? Because there are some very strict conditions that need to be fulfilled in order for an ASBR to set the FA in the T5 LSA (or in the T7 NSSA External LSA, if it’s an ASBR in an NSSA area, but we’ll come back to that later).

So what need to happen in order for R2 to set the FA? Well, the conditions are below:

  • The next hop of a redistributed route needs to be reachable over a link that:
    • Is reachable in the OSPF domain as an internal link (network statement is needed, doesn’t work with redistribution)
    • Is of DR type (the network type allows the election of DR/BDR – according to the RFC, that would be the multi access network type)
    • It is not marked as PASSIVE (we’ll see the influence of that in a subsequent case, and why it needs to be non-passive)
  • Another thing is that the next hop cannot be a recursive one!

Let’s see this happening. I’m just going to include R2’s interface towards R0 in area 0:

R2(config)#int fa1/0
R2(config-if)#ip ospf 1 area 0

Looking at the database, we can see that R2 regenerated the T5 LSA, this time with a forward address:

R2#sh ip ospf data external
            OSPF Router with ID (2.2.2.2) (Process ID 1)
                            Type-5 AS External Link States
  LS age: 18
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 100.100.100.100 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000002
  Checksum: 0x7D61
  Length: 36
  Network Mask: /32
              Metric Type: 2 (Larger than any link state path)
              MTID: 0
              Metric: 20
              Forward Address: 10.10.20.254
              External Route Tag: 0

Now you may ask what if I change this…or that… :). Well, just try it: make the network type point to point, or make the interface passive. No FA will be set in the new T5 LSAs.

Moving on with the example, I am going to add a new ASBR to area 0, R3, connected to the same multi-access external network, 10.10.20.0/24, redistributing the same static route.

ospf2

R3#sh ip ro
      3.0.0.0/32 is subnetted, 1 subnets
C        3.3.3.3 is directly connected, Loopback0
      10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O        10.10.12.0/24 [110/2] via 10.10.13.1, 00:00:42, FastEthernet1/0
C        10.10.13.0/24 is directly connected, FastEthernet1/0
L        10.10.13.3/32 is directly connected, FastEthernet1/0
C        10.10.20.0/24 is directly connected, FastEthernet0/0
L        10.10.20.3/32 is directly connected, FastEthernet0/0
      100.0.0.0/32 is subnetted, 1 subnets
S        100.100.100.100 [1/0] via 10.10.20.254

This is a very common routing case with OSPF, as R2 and R3 could be the border routers attached to the ISP, and they would redistribute into OSPF a default route.

To begin with, I am going to use default settings on R3 as well, and I am not going to include R3’s interface towards R0 in OSPF. R3 should not have an FA set in it’s T5 LSA right?

R3#sh ip ospf data ext adv-router 3.3.3.3
            OSPF Router with ID (3.3.3.3) (Process ID 1)
                            Type-5 AS External Link States
  LS age: 64
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 100.100.100.100 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000001
  Checksum: 0x837F
  Length: 36
  Network Mask: /32
              Metric Type: 2 (Larger than any link state path)
              MTID: 0
              Metric: 20
              Forward Address: 0.0.0.0
              External Route Tag: 0

So, no FA set on R3’s T5 LSA. Good. Let’s see what R1 sees:

R1#sh ip ospf data ext
            OSPF Router with ID (1.1.1.1) (Process ID 1)
                            Type-5 AS External Link States
  LS age: 1233
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 100.100.100.100 (External Network Number)
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000002
  Checksum: 0x7D61
  Length: 36
  Network Mask: /32
              Metric Type: 2 (Larger than any link state path)
              MTID: 0
              Metric: 20
              Forward Address: 10.10.20.254
              External Route Tag: 0
  Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 120
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 100.100.100.100 (External Network Number)
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000001
  Checksum: 0x837F
  Length: 36
  Network Mask: /32
              Metric Type: 2 (Larger than any link state path)
              MTID: 0
              Metric: 20
              Forward Address: 0.0.0.0
              External Route Tag: 0

Only one LSA has the routing bit set, which is the one from R3, without an FA. Surprisingly, that’s not actually the reason why R1 chose the path from R3 as the best path. As per the RFC, R1 compared the metric it has to the FA in R2’s LSA with the metric to the advertising router in R3’s LSA.

Key Points here are:

  1. Now we see why the first condition to set the FA is needed: if the FA (next hop of the route) would not be advertised into OSPF as an internal route, R1 wouldn’t be able to compute the cost to it
  2. You may think that R1 is comparing eggs and nuts to make a decision, but that’s not actually the case. R1 needs to choose the shortest path and this is the way OSPF makes sure the best path is indeed chosen. So, R1 compares the cost to 10.10.10.254 (FA in R2’s LSA) which is the cost to the ASBR + cost of the ASBR to the FA, which is 1 + 1 = 2 and the cost to the advertising router in R3’s LSA = 1. So R3 won.

Let’s change the cost on the link from R1 to R3, from 1 (default for FastEthernet) to 5

R1(config)#int fa1/0
R1(config-if)#ip ospf cost 5

Looking now at R1’s decision, it’s clear it chooses R2 as an exit point this time, as 2 (metric towards R2’s FA) < 5 (metric towards ASBR R3).

R1#sh ip ospf data ext
            OSPF Router with ID (1.1.1.1) (Process ID 1)
                            Type-5 AS External Link States
  Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 220
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 100.100.100.100 (External Network Number)
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000003
  Checksum: 0x7B62
  Length: 36
  Network Mask: /32
              Metric Type: 2 (Larger than any link state path)
              MTID: 0
              Metric: 20
              Forward Address: 10.10.20.254
              External Route Tag: 0

  LS age: 921
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 100.100.100.100 (External Network Number)
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000001
  Checksum: 0x837F
  Length: 36
  Network Mask: /32
              Metric Type: 2 (Larger than any link state path)
              MTID: 0
              Metric: 20
              Forward Address: 0.0.0.0
              External Route Tag: 0

Key point here is that no one cares about the actual metric of the route in the LSAs, which is always 20 for E2 external routes 🙂 .

Now, let’s make R3 set the FA as well, so we’re activating OSPF on R3’s interface towards R0. I have also returned the cost on the link between R1 and R3 to default. Obviously R3 will set the same FA as R2. And R2 and R3 will establish and adjacency on this link, in area 0.

R3(config)#int fa0/0
R3(config-if)#ip ospf 1 area 0

Let’s see what happens. R3 has only one T5 LSA, his own:

R3#sh ip ospf data
            OSPF Router with ID (3.3.3.3) (Process ID 1)
                            Router Link States (Area 0)
Link ID         ADV Router      Age               Seq#             Checksum      Link count
1.1.1.1               1.1.1.1           489         0x80000008       0x00CEB8             2
2.2.2.2               2.2.2.2            16          0x80000006       0x00E491              2
3.3.3.3               3.3.3.3            15          0x80000005       0x002B3D             2
                            Net Link States (Area 0)
Link ID         ADV Router      Age               Seq#               Checksum
10.10.12.1      1.1.1.1             1994        0x80000002       0x007C8B
10.10.13.3      3.3.3.3             1480        0x80000001       0x0035C4
10.10.20.1      2.2.2.2               16          0x80000001       0x005C98
                            Type-5 AS External Link States
Link ID                    ADV Router      Age             Seq#             Checksum     Tag
100.100.100.100           3.3.3.3           18          0x80000002      0x005F7B       0

There’s only one T5 LSA. Generated by R3. Why is that? Because OSPF thought about shrinking the LSA database once more. J So there’s an election between ASBRs that inject the same T5 LSA with the same FA, and the one with the highest RID wins. Great. So, R1 receives only one T5 LSA.

R1#sh ip ospf data ext
            OSPF Router with ID (1.1.1.1) (Process ID 1)
                            Type-5 AS External Link States
  Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 430
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 100.100.100.100 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000003
  Checksum: 0x5D7C
  Length: 36
  Network Mask: /32
              Metric Type: 2 (Larger than any link state path)
              MTID: 0
              Metric: 20
              Forward Address: 10.10.20.254
              External Route Tag: 0

And load-balances across the two equal cost paths it has to reach the FA:

R1#sh ip ro
      1.0.0.0/32 is subnetted, 1 subnets
C        1.1.1.1 is directly connected, Loopback0
      10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C        10.10.12.0/24 is directly connected, FastEthernet0/0
L        10.10.12.1/32 is directly connected, FastEthernet0/0
C        10.10.13.0/24 is directly connected, FastEthernet1/0
L        10.10.13.1/32 is directly connected, FastEthernet1/0
O        10.10.20.0/24 [110/2] via 10.10.13.3, 00:47:20, FastEthernet1/0
                                  [110/2] via 10.10.12.2, 00:59:29, FastEthernet0/0
      100.0.0.0/32 is subnetted, 1 subnets
O E2     100.100.100.100 [110/20] via 10.10.13.3, 00:47:20, FastEthernet1/0
                                         [110/20] via 10.10.12.2, 00:49:24, FastEthernet0/0

Now, what actually can go wrong here? Well there is one case in which things can go quite strange, but we’ll see that in the next post, together with some other tricky things regarding NSSA areas and T7 LSAs.

 

Go to Part II

Facebook Comments
Rating

Leave a Reply