OSPF Path Selection 2

Unanswered Question
Mar 22nd, 2010

An ASBR in AREA 2 redistributes a BGP route as a type 5 LSA E1 route.

A core ABR receives the tyoe 5 advertisement from two sources, one from a router connected to its AREA 2 interface and another from its AREA 0 interface.

Assuming the cost through the AREA 2 interface is higher than the cost through its AREA 0 interface, which path will the ABR take to get to the external network?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (6 ratings)
Loading.
Jon Marshall Mon, 03/22/2010 - 10:02

ex-engineer wrote:

An ASBR in AREA 2 redistributes a BGP route as a type 5 LSA E1 route.

A core ABR receives the tyoe 5 advertisement from two sources, one from a router connected to its AREA 2 interface and another from its AREA 0 interface.

Assuming the cost through the AREA 2 interface is higher than the cost through its AREA 0 interface, which path will the ABR take to get to the external network?

Thanks

Joe

Not sure i fully understand. How does the ABR for area 2 and 0 receive the advertisement from area 0 ?

Jon

ex-engineer Mon, 03/22/2010 - 10:08

From a second ABR

ASBR

|             |

|                 |
| AREA 2           |  AREA 2
|                            |
|                                |
ABR 1-------------------------ABR 2

                Area 0

Jon Marshall Mon, 03/22/2010 - 11:17

Joe

It will still go via it's area 2 interface. I just labbed it up and even though the metric of the E1 route is higher via the area 2 interface that is the route it chooses to install.

It is to do with  the path to get to the advertising router of the E1 route ie.

ABR1 receives the E1 route from ASBR and from ABR2. To get to ASBR from ABR1 is an intra-area route. To get to ABSR via ABR2 is an inter-area route and an intra-area route will always be chosen over the inter-area. So even though the metric is higher the intra-area route is chosen.

Jon

ex-engineer Mon, 03/22/2010 - 12:19

Jon, thanks for the work on this.

Here is my dilemma.

I fully understand the hierarchy when it comes to path selection in OSPF: intra, then inter, then external 1 and lastly external 2...

But the LSA that ABR 1 receives for the external subnet in neither intra-area nor inter-area, its an external type 1.

What address is intra-area as opposed to inter-area. Its not the next hop, because to ABR 1, both next hops are intra-area. [EDIT] - actually, they are directly connected routes [EDIT]

I believe its the Forwarding Address of the external LSA.

ABR 1 will take note that the redistribbuted subnet is an external route, but then it will -- I think -- do a recursive lookup on the forwarding address advertised in the LSA to see which is the better route to get to the external subnet.

Can you please post the route table entry for the external route on ABR1, the OSPF database entry for the external route on the ASBR and ABR, and lastly the route table entry of the forwarding address on ABR1?

I would be very appreciative if you did.

Thank you.

ex-engineer Mon, 03/22/2010 - 10:12

The drawigng says it all....ASBR advertises a type 5 LSA to ABR 1 and ABR 2. ABR 2 advertises the external LSA to ABR 1. So ABR gets 2 type 5 LSA advertisements, one directly from the ASBR AREA 2 interface and another from ABR 2's AREA 0 crosslink.

Jon Marshall Mon, 03/22/2010 - 12:23

Joe

I believe its the Forwarding Address of the external LSA.

ABR 1 will take note that the redistribbuted subnet is an external route, but then it will -- I think -- do a recursive lookup on the forwarding address advertised in the LSA to see which is the better route to get to the external subnet.

It is the ASBR advertising address that is the intra-area vs inter-area route.

You had to ask for outputs just after i had shut down dynamips without saving . No problem, only took a few mins to setup up, i'll get back to you.

Jon

ex-engineer Mon, 03/22/2010 - 12:30

"It is the ASBR advertising address that is the intra-area vs inter-area route."

What is an ASBR advertising address? Isnt that the forwarding address? Or is it the "advertising router" entry in the LSA itself?

Sorry for the hassle...

Giuseppe Larosa Mon, 03/22/2010 - 13:01

Hello Joe,

when forwarding address = 0.0.0.0 the forwarding address is the ASBR router-id.

the concept is clear, the forwarding address is the internal next-hop it needs to be known by means of an OSPF route, intra area or inter-area it cannot be known by means of another external route.

So path selection applies to the path to the ASBR, using O E1 routes the seed metric is added to the internal part of the path but selection criteria still apply and an intra-area route is preferred over an inter-area regardless of cost.

The external LSA is received on both area 2 and area 0, but  the intra area path is the only one installed in the IP routing table.

This is what Jon's tests have showed.

Hope to help

Giuseppe

ex-engineer Mon, 03/22/2010 - 13:26

Giuseppe:

I understand what Jon is saying and I am sure he is 100% correct. I just needed to straighten my own thinking on this...

To me, the external LSA on ABR 1 was being received from the ASBR and ABR 2, so I was wondering how ABR 1 would make the routing decision to the external subnet. Would it use cost or would it use the intra-area over inter-area route preference rule to make the decision. The dilemma was that, if it selected the latter, I didnt know what address was going to be used. Would it be the forwarding address, the ASBR's address, or the next hop address?

I guess the answer is that, if the ASBR has not set the forwarding address, it will use itself as the advertising router in the type 5 LSA it generates. Moreover, that address would be the router-ID of the ASBR. In that case, the forwarding address is 0.0.0.0.

If the forwarding address is set, the ASBR will use its router-id as the "advertising router" address in the external type 5 LSA, and another router with which it has an OSPF adjacency as the forwarding address.

Is all this correct?

Giuseppe Larosa Mon, 03/22/2010 - 13:33

Hello Joe,

your understanding is correct

I would suggest a reading of  RFC 2328 section:

16.4     Calculating AS external routes

http://www.ietf.org/rfc/rfc2328.txt

>> and another router with which it has an OSPF adjacency as the forwarding  address

well, I would say the forwarding address is known via an IP subnet advertised in an OSPF LSA, it does not imply the router owner of forwarding address  is speaking OSPF too.

Practical Example:

if you redistribute a static route defined with an IP next-hop that IP address may appear as the forwarding address.

The IP subnet to which the next-hop belongs cannot be known by redistribute connected (that would make it another external route)

Edit:

if the forwarding address is not 0.0.0.0 and there are multiple ASBRs one can suppress its own type 5 LSA knowing that both devices may advertise a route to forwarding address so thanks to recursion multiple paths to external route can be achieved even if only one LSA is propagated in the OSPF domain.

This is also explained in the RFC and it is a standard behaviour.

Hope to help

Giuseppe

ex-engineer Mon, 03/22/2010 - 13:45

One more question, please....


R1 and R2 are ASBRs that have direct connections to an external AS.....

R3 is a router that is connected to R1 and R2.

R3 receives a type 5 LSA with the "advertising router" set as R1's router ID and the forwarding address set to R2.

Where will R3 forward the traffic to, R1 or R2?

Giuseppe Larosa Mon, 03/22/2010 - 14:18

Hello Joe,

given that a similar case cannot happen in real world and this is a speculation...

the forwarding address should be the answer. the advertising router declares the owner/originator of the LSA data structure, but in this case the forwarding address is the specific field that says how to send traffic for the external destination.

Hope to help

Giuseppe

ex-engineer Tue, 03/23/2010 - 09:39

G:

Why could the scenario i gave you never occur in the real world? Not that Im disagreeing, just want to understand it.

I guess the answer lies in the question of "how does the ASBR select the interface/address to use as a forwarding address"?

lamav Tue, 03/23/2010 - 21:13

Joe:

I dont know why my post is all crunched up the way it is and why it is that you need to use the scroll bar, but I advise you to copy and paste the post into a Word doc and fix the formatting yourself so you can read it easily.

Ever since they changed the NetPro forum, its been acting weird...

Victor

Jon Marshall Tue, 03/23/2010 - 21:22

lamav wrote:

Joe:

I dont know why my post is all crunched up the way it is and why it is that you need to use the scroll bar, but I advise you to copy and paste the post into a Word doc and fix the formatting yourself so you can read it easily.

Ever since they changed the NetPro forum, its been acting weird...

Victor

Victor

Think they are looking into this. If you reply to the original post then you should be alright. If you reply to the last post it kind of indents it and the more posts there are in a thread the more it indents.

By the way, really good post on OSPF behaviour, rated.

Jon

lamav Tue, 03/23/2010 - 21:50

Thanks, Jon....reposted it the way you said. And thanks for the Kudos....

Victor

lamav Tue, 03/23/2010 - 21:46

Joe:

The OSPF forwarding address feature's behavior can actually be a little tricky. Its not as straightforward as one would think -- at least as far as Im concerned. In fact, the bible of TCP/IP routing, Doyle's book, as well as the CCIE written exam certification guide do not cover OSPF forward addresses for external routes with any real attention to detail.

This explanation is long, but necessary.

The behavior differs depending on whether the ASBR is redistributing external subnets into a "normal" OSPF area or an NSSA area.

In a regular area, the ASBR will set its router ID as the "advertising router" address when it creates the type 5 LSA. By default, the forwarding address is 0.0.0.0.

Switch1#sh run | be router ospf
router ospf 1
  router-id 1.1.1.1
  log-adjacency-changes
  redistribute bgp 1 metric 100 metric-type 1 subnets
network 1.1.1.10 0.0.0.0 area 1 <------------------interface facing Sw 2 -- OSPF 1 AREA 1.

Switch1#sh ip ospf data external 1.1.2.0

            OSPF Router with ID (1.1.1.1) (Process ID 1)

                Type-5 AS External Link States

  LS age: 253
   Options: (No TOS-capability, DC)
   LS Type: AS External Link
   Link State ID: 1.1.2.0 (External Network Number )
   Advertising Router: 1.1.1.1
   LS Seq Number: 80000002
   Checksum: 0xD4E7
   Length: 36
   Network Mask: /24
         Metric Type: 1 (Comparable directly to link state metric)
         TOS: 0
         Metric: 100
        Forward Address: 0.0.0.0  <--------------------forwarding address not set.
         External Route Tag: 2

Switch1#

On the other hand, the next hop address in the ASBR's routing table for the external subnets -- in the neighboring AS system -- will become the forwarding address IF:

  OSPF is enabled on the ASBR's next hop interface AND
¨ ASBR's next hop interface is non−passive under OSPF AND
¨ ASBR's next hop interface is not point−to−point AND
¨ ASBR's next hop interface is not point−to−multipoint AND
   ASBR's next hop interface address falls under the network range specified in the router ospf
   command.

Any other conditions besides these set the forwarding address to 0.0.0.0.

Switch1#sh run | be router ospf
router ospf 1
  router-id 1.1.1.1
  log-adjacency-changes
  redistribute bgp 1 metric 100 metric-type 1 subnets
  network 1.1.1.5 0.0.0.0 area 1   <---------ASBR interface that faces next hop for the external subnets.
  network 1.1.1.10 0.0.0.0 area 1 <-----------interface facing Sw 2 -- OSPF 1 AREA 1.

Switch1#sh ip ro bgp
      1.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
B       1.1.2.0/24 [20/0] via 1.1.1.6, 00:37:31
B       1.1.3.0/24 [20/0] via 1.1.1.6, 00:37:31
B       1.1.4.0/24 [20/0] via 1.1.1.6, 00:37:31
Switch1#
Switch1#
Switch1#
Switch1#sh ip ospf data external 1.1.2.0

            OSPF Router with ID (1.1.1.1) (Process ID 1)

                Type-5 AS External Link States

  LS age: 253
   Options: (No TOS-capability, DC)
   LS Type: AS External Link
   Link State ID: 1.1.2.0 (External Network Number )
   Advertising Router: 1.1.1.1
   LS Seq Number: 80000002
   Checksum: 0xD4E7
   Length: 36
   Network Mask: /24
         Metric Type: 1 (Comparable directly to link state metric)
         TOS: 0
         Metric: 100
        Forward Address: 1.1.1.6  <-----------Forwarding address set to ASBR's next hop for external subnets.
         External Route Tag: 2

Switch1#

==============================================================================================================

If the ASBR is in an OSPF NSSA and the P-bit (propagate bit) in the Type 7 LSA Options field is set to 1, that means the NSSA ABR should translate the type 7 LSA into a type 5 LSA and inject it into the backbone area. This is the default behavior for type 7 LSAs. In this case, the forwarding address MUST be set to non-zero.

Unlike in the situation where the ASBR sits in a regular OSPF area, where a 0.0.0.0 forwarding address is allowed to cross the ABR boundary in a type 5 LSA, a 0.0.0.0 forwarding address is not allowed to cross the ABR boundary in an NSSA if the type 7 LSA is to be translated into a type 5 LSA and propagated into the rest of the OSPF domain. Simply put, Type-7 LSAs that are to be translated into Type-5 LSAs must have their forwarding address set.

I have converted OSPF area 1 into an NSSA and I have also stopped running OSPF on the external AS-facing interface.

Switch1#sh run | be router ospf
router ospf 1
  router-id 1.1.1.1
  log-adjacency-changes
  area 1 nssa
  redistribute bgp 1 metric 100 metric-type 1 subnets
  network 1.1.1.10 0.0.0.0 area 1

Notice below how the forwarding address is NOT 0.0.0.0. The ASBR in the NSSA MUST select a forwarding address since the P-bit is set. The address it chose is the highest of all active OSPF IP interface addresses.

Switch1#sh ip ospf data nssa-external 1.1.2.0

            OSPF Router with ID (1.1.1.1) (Process ID 1)

                Type-7 AS External Link States (Area 1)

  LS age: 244
   Options: (No TOS-capability, Type 7/5 translation, DC)  <------------ P-bit is set
   LS Type: AS External Link
   Link State ID: 1.1.2.0 (External Network Number )
   Advertising Router: 1.1.1.1
   LS Seq Number: 80000002
   Checksum: 0x7836
   Length: 36
   Network Mask: /24
         Metric Type: 1 (Comparable directly to link state metric)
         TOS: 0
         Metric: 100
         Forward Address: 1.1.1.10 <--------Router must select forwarding address according to the rules stated above.
         External Route Tag: 2

Switch1#


HTH

Victor

Attachment: 
Giuseppe Larosa Tue, 03/23/2010 - 23:58

Hello Victor,

excellent explanation of  OSPF forwarding address rated as it deserves.

Side note: an effect of OSPF NSSA forwarding address is that the converted to type 5 regular external LSA are accepted outside the original NSSA area if the forwarding address is known.

if an OSPF area filter-list is used tha doesn't allow the ip subnet of the external route forwarding address  to reach the backbone the game is over.

And of course someone faced this issue having made wide use of NSSA areas and with strict inter-area filtering.

Joe:

the case you have described where ASBR1 injects an LSA type 5 with a forwarding address that is that of ASBR2 is rare.

I cannot check here from the office, but there was a big issue years ago and a workaround applied by colleagues was:

ASBR1 had failed its own link to external network A

ASBR2 was connected but not able to generate its own external LSA (because the next-hop was under redistribute connected another external route and the network was behind a firewall so it was a a static route )

the fix they used was:

on ASBR1 they configured a static router for external nework A with next-hop = ASBR2 router-id loopback ip address.

But I would consider this not a clean design

Hope to help

Giuseppe

ex-engineer Wed, 03/24/2010 - 07:00

Victor:

Wow! Thanks a lot for that. You're right about the lack of clarity and detail involving forwarding addresses. I haven't been able to find a document that lays it all out the way you did. I rated your entry, of course.

Giuseppe/Jon:

Thanks a lot for your time and help, too...

lamav Wed, 03/24/2010 - 08:52

Joe, Glad I could help.

Giuseppe, interesting stuff...thanks for the rating....

Actions

This Discussion