Solved: OSPF LSA 5 and 7 protocol design question

omarmontes · ‎09-10-2009

Hi guys! one short question.. just a little doubt that's spinning in my head:

Why LSA 5 does not follow LSA 7 rules regarding the Forwarding Address? I mean, in LSA 7, there's always an IP Address in the Forwarding Address field, and it's the highest IP among the OSPF enabled loopbacks, and if none, highest OSPF enabled Interface.

But, LSA 5 gets an Forwarding Address of 0.0.0.0 if the External route resolves to a non-OSPF interface, so then it needs an LSA 4 so ABRs can show the world how to get to this route. How come it cant get a Forward address just like a LSA 7 (and translated LSA5)? and then removing the need of a LSA 4?

What am I missing :S?

Peter Paluch · ‎09-11-2009

Hello,

The quotation from the RFC 2328 you have quoted is of course correct but it only describes a sanity check after the LSA5 was even considered valid for examination. Also, the "routing table" is not the routing table in the usual sense, rather, it is a routing table as defined by the RFC 2328 section 11 for the needs of OSPF.

The section 16.2 says about the LSA4 processing:

Next, look up the routing table entry for the destination N. (If N is an AS boundary router, look up the "router" routing table entry associated with Area A). If no entry exists for N or if the entry's path type is "type 1 external" or "type 2 external", then install the inter-area path to N, with associated area Area A, cost IAC, next hop equal to the list of next hops to router BR [border router], and Advertising router equal to BR.

In other words, this step installs information from the LSA4 about the ASBR (note - not its IP address but rather its RID because the "destination" in LSA4 is always the ASBR's RID!) into the OSPF routing table. And further, the section 16.4 step 3 says:

Look up the routing table entries (potentially one per attached area) for the AS boundary router (ASBR) that originated the LSA. If no entries exist for router ASBR (i.e., ASBR is unreachable), do nothing with this LSA and consider the next in the list.

Note that what you have quoted is an excerpt from the same step but it takes place only after this test. Here, you have it: the ASBR (its RID) must be present in the OSPF routing table, either by LSA1 if it is in the same area, or by means of LSA4 as described earlier. If it is not, no matter how valid the LSA5 data is, it will be ignored.

Best regards,

Peter

View solution in original post

Peter Paluch · ‎09-11-2009

Hello,

Primarily, the forwarding address field in the LSA5 is to provide more efficient route to the advertised external destination than through the originator of the LSA5 itself. Consider, for example, an Ethernet segment with a couple of routers - R1, R2 and R3. R1 and R2 speak OSPF, R2 and R3 speak, say, EIGRP. R2 learns some routes from R3 and redistributes them via OSPF to R1. Without the forwarding address field, the R1 would have the R2 as the next hop to the external routers, despite being able to send the packets directly to R3. The Forwarding Address here helps to remove the extra hop from via R2.

Also, note that the LSA4 does not solve a reachability problem of the LSA5's forwarding address, rather, it solves the reachability of the ASBR itself. The area in which the ASBR resides does not require or generate LSA4. The LSA4, generated by ABRs, are generated only for other areas that do not have topological information about the presence and distance of the ASBR from their ABR. The LSA5's Originator is set to the ASBR's RID. In other areas, this RID would not be known and therefore this LSA5 would not be usable until something other makes a topological connection between that area routers and the ASBR. That connection is made by the LSA4 generated by the ABR whose Originator is set to the ABR's RID and the Link State ID is set to the ASBR's RID, thereby creating a link in the topological database and allowing LSA5 to be usable (to be actually "attached" to something already reachable).

Also note that without LSA4, there would be a serious problem with Type-2 metric of external routes. If more ASBRs redistribute an external network into the OSPF domain with the same Type-2 metric, then routers in other areas would not be able to decide which ASBR should they use to reach the external network. Using LSA4, however, they can choose which ASBR is closer to them by calculating the total distance from themselves to the ASBR:

From me to my ABR (given by LSA1/2 in my area) + from my ABR to the ASBR (given by LSA4)

You can see here that the LSA4 indeed is not disposable for various reasons.

Also note that the Forwarding Address in the LSA7 refers to the highest loopback or real interface's address that is OSPF-enabled. That means that this address is known to all routers in the NSSA area so there will be no reachability problems with it. You can always put some OSPF-distributed address into it. On the other hand, the forwarding address in the LSA5 may not be known in all areas, therefore the OSPF implementation on Cisco routers performs a rather thorough check if the Forwarding Address in a LSA5 may not be null. Check this document for details:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009405a.shtml#topic1

I hope this clarifies some doubts. Please feel free to ask further.

Best regards,

Peter

Richard Burts · ‎09-11-2009

Peter

Excellent explanation.

HTH

Rick

HTH

Rick

omarmontes · ‎09-11-2009

Agree, nice explanation.. thanks for that :D

but still two more questions:

In LSA 7, the forwarding address is based on the highest ospf loopback/interface IP Address.. does this mean that this LSA does not have the "provide more efficient route to the advertised external destination than through the originator of the LSA" feature? Like in the Ethernet example you mentioned.

And now I understood what the LSA4 does, like you said, it resolves reachability o the ASBR itself, because routers in different Area wouldnt be able to resolve the IP of the originator. But, when using an LSA5 derived or translated from a LSA4, as we know, the Forwarding Address is set to an OPSF enabled interface from the ASBR, and other routers in another areas, resolve to the Forwarding Address, not the originator of the LSA5 (the ABR).

So to make it short, other routers in different areas than the ASBR, get to the ASBR or know how to get to the external route via the Forwarding Address, and they should know how to get there by a LSA3. The lookup goes to the forwarding address, not the Advertising router.

So why a regular LSA5 cant do this from the begining? Even if the next hop of the external route is not a OSPF enabled IF, it can use another OSPF enabled interface, and routers outside the area should know how to get to this Forwarding Address (but not to the Advertising router) via LSA3.

I know this could lead to suboptimal routing, but there would be reachability and without a LSA4 right?

Peter Paluch · ‎09-11-2009

Hello,

To answer your first question about the efficiency in the LSA7 case, let me directly quote the RFC 3101 where the NSSA is specified:

Normally the next hop address of an installed AS external route learned by an NSSA ASBR from an adjacent AS points at one of the adjacent AS's gateway routers. If this address belongs to a network connected to the NSSA ASBR via one of its NSSAs' active interfaces, then the NSSA ASBR copies this next hop address into the forwarding address field of the route's Type-7 LSA that is originated into this NSSA, as is currently done with Type-5 LSAs. (See [OSPF] Section 12.4.4.1.) For an NSSA with no such network the forwarding address field may only be filled with an address from one of the its active interfaces or 0.0.0.0.

So the semantics of the LSA7 with respect to "optimizing" the Forwarding Address here is the same as with LSA5. I admit I have not been entirely complete in my previous response to you.

You wrote: the Forwarding Address is set to an OPSF enabled interface from the ASBR, and other routers in another areas, resolve to the Forwarding Address, not the originator of the LSA5 and later, you stated: The lookup goes to the forwarding address, not the Advertising router. While all this is true from the routing table viewpoint, it is not how the OSPF works.

The OSPF first and foremost works by finding shortest paths to objects in its database. However, these objects are not IP networks themselves. Rather, the topology is modelled as a set of nodes (representing both routers and multiaccess or stub networks) connected with links. The IP addresses are merely attributes of these objects but they are not the objects per se. This database must be "contiguous" or "connected", i.e., no object in that database can exist completely isolated of other objects, without having links to any other object. Otherwise, that object would not be reachable and by doing a walk from one object to another, it would never be possible to visit the isolated node and examine its attributes.

Now, in OSPF database, these objects are described by the different LSAs and the links between objects are created by having one LSA reference other LSA in some of its internal fields. Regarding the LSA5, the object it describes is an individual external network. But this object - an external network - must be connected to something, otherwise it would be simply "floating in the air" without any indication where it actually exists. This connection is indicated in the LSA5 by its Advertising Router ID field. Routers in the same area with the ASBR can locate its LSA1 and link the LSA5 to this LSA1. Now they can be sure that if they know how to reach that ASBR, they also know how to reach the external networks behind it. Note that if there was no LSA1 for the ASBR, the routers would not be able to know where the ASBR actually is and even if they had the LSA5 originated by that ASBR, they would not be able to integrate them successfully in their topological databases becuase they would be isolated - they could not be linked to any other object that is currently reachable in the database. And if they can't be linked, they can't be reached, and if they can't be reached, they can't be considered usable for shortest path calculation.

Continuation follows...

Peter Paluch · ‎09-11-2009

In a different area, routers will still see the LSA5 generated by the ASBR. However, again, this LSA5 could not be linked to any other object in the topological database because as described earlier, the link is indicated by the Advertising Router field, and the LSA1 of the ASBR would not be flooded to another area. Therefore, in other areas, you need the LSA4 to make the database connected again: the Advertising Router in the LSA5 points to the Link State ID of the LSA4, the Advertising Router of the LSA4 points to the Link State ID of the ABR's LSA1 and that one is already known to you.

I understand your doubts that even now, I am talking about reaching the advertising routers and not the next hops. But you have to think in terms of topological objects in OSPF database. These topological objects must first create a connected topology, only then their attributes will be examined. That means that if you have an isolated object in the database, you will not consider it during the shortest path calculation even if the IP networks it describes could already be reached. In other words, an invalid (i.e. disconnected) object in the OSPF database will be ignored even if the networks or next hops described by it are valid and reachable.

You are welcome to ask further. This is not an easy topic.

Best regards,

Peter

omarmontes · ‎09-11-2009

Holy! you know a lot!

Thinking about how OSPF works does makes sense, and let me explain why the confussion:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009405a.shtml#topic1

RFC 2328 leavingcisco.com, section 16.4 (Calculating AS external routes), states:

"If the forwarding address is non-zero, look up the forwarding address in the routing table. The matching routing table entry must specify an intra-area or inter-area path; if no such path exists, do nothing with the LSA and consider the next in the list."

thats why I thought that if a regular LSA 5 has a Forwarding Address = to one of its OSPF enabled interfaces, there would be reachability.

Peter Paluch · ‎09-11-2009

Hello,

The quotation from the RFC 2328 you have quoted is of course correct but it only describes a sanity check after the LSA5 was even considered valid for examination. Also, the "routing table" is not the routing table in the usual sense, rather, it is a routing table as defined by the RFC 2328 section 11 for the needs of OSPF.

The section 16.2 says about the LSA4 processing:

Next, look up the routing table entry for the destination N. (If N is an AS boundary router, look up the "router" routing table entry associated with Area A). If no entry exists for N or if the entry's path type is "type 1 external" or "type 2 external", then install the inter-area path to N, with associated area Area A, cost IAC, next hop equal to the list of next hops to router BR [border router], and Advertising router equal to BR.

In other words, this step installs information from the LSA4 about the ASBR (note - not its IP address but rather its RID because the "destination" in LSA4 is always the ASBR's RID!) into the OSPF routing table. And further, the section 16.4 step 3 says:

Look up the routing table entries (potentially one per attached area) for the AS boundary router (ASBR) that originated the LSA. If no entries exist for router ASBR (i.e., ASBR is unreachable), do nothing with this LSA and consider the next in the list.

Note that what you have quoted is an excerpt from the same step but it takes place only after this test. Here, you have it: the ASBR (its RID) must be present in the OSPF routing table, either by LSA1 if it is in the same area, or by means of LSA4 as described earlier. If it is not, no matter how valid the LSA5 data is, it will be ignored.

Best regards,

Peter

omarmontes · ‎09-11-2009

Thanks a lot for your time and explanation, that last post did it :P

I know its just splitting hairs, but some things like this get stuck in your head and then you cant sleep :P

Peter Paluch · ‎09-11-2009

Hello,

You're heartily welcome. It's not splitting hairs for me :) Like you, I also don't like accepting things "just because it's the way they are". I like to see the logic, the reasons behind it. Questions like yours also help me to think over things that I otherwise take for granted. Thank you!

Best regards,

Peter