Solved: Different advertisement of redistributed static routes in OSPF on the same router due to OSPF broadc...

jvrooden · ‎03-09-2012

Dear readers,

I hope someone can enlighten me on a case with redistribution of static routes in OSPF. I added a diagram with the partial setup of our network.

My company is managing the routers at Site C. Site A and B are of a company which has been merged with ours. We are now in the process of integrating their network. Site A and B are connected via a layer2 link, on which a L3 vlan is created for routing between the sites. Until the network has been redesigned we will keep this setup. Four new point-to-point links are connected from the routers at Site C to the routers at Site A and B. We will be running OSPF between all these sites.

In our network OSPF is only running on point-to-point links, which is working fine. In this new situation we are facing a OSPF broadcast network between site A and B (vlan 200). I have tried the design in a testlab, and ran into 2 issues which I cannot easily explain.

There are static routes configured on SitaA-R1 and SiteA-R2 which are pointing to two different gateways. Both are redistributed in OSPF as E1 with metric 20. I took two of these static routes for my example.

Ip route 100.100.100.0 /24 via 150.150.150.254

This route is pointing to a gateway in a locally connected network. Redistribution is working fine; the lsa is originated on both SiteA-R1 and R2 and are learned with a cost of 60 on the SiteC routers (20 for the route itself + 40 for the link SiteA <> SiteC. This works as expected.

Ip route 250.250.250.0 /24 via 200.200.200.254

This route is pointing to the SiteA-R3 and R4 routers, which are not running OSPF. The link to these routers is on the vlan200, on which also SiteB-R1 is connected. When both SiteA-R1 and R2 are online, the lsa is only orginated on R2. When I shut int vlan 200 on R2, the lsa is origanated on R1, but when R2 is back online the original situation is restored.

This route is learned on SiteC-R1: 250.250.250.0/24 is known via both 1.0.0.1 and 3.0.0.1 (SiteB-R1) with cost 100!

And on SiteC-R2: 250.250.250.0/24 is known via both 2.0.0.1 and 4.0.0.1 (SiteB-R1), also with cost 100.

So although both static routes are redistributed on the same routers, the way they are advertised seem to depend on the gateway they are pointing to.

Now there are two things that I do not understand:

1) Why is the LSA for 250.250.250.0 /24 only originated on R2, while the one for 100.100.100.0 /24 is originated on both R1 and R2? The difference is that 250.250.250.0 is pointing to a gateway in an OPSF broadcast netwerk. I thought that in a broadcast network only the DR will advertise routes, but the R2 is the BDR, not the DR! Furthermore this behaviour seems to depend on the router-id. When I change the router-id on R1 to a higher value that R2 it is taking over the originating of the LSA! I tried this a few times. Is my assumption that the router with the highest router-id will originate the LSA for a broadcast network correct? And what is the logic behind this all?

2) Why am I learning this route 250.250.250.0 /24 via both SiteB-R1 and SiteA-R1 or R2 on the SiteC routers with a cost of 100? I would think that the cost for this route should only be "60": 40 for the link SiteC <> SiteA + 20 for the metric of the redistributed route. Why is it also adding the 40 for the vlan 200 interface? I don't want site C to actively route to site A via Site B and since we have Equal Cost Multi-path here, this is actually happening. Before I started the test, I really expected this route to be learned with a cost of 60 directly from site A to Site C, just like it's done for the 10.100.100.0 route.

The workaround for this situation will probably be to raise the cost on the vlan200 interface on SiteB-R1, but this could potentially lead to traffic from Site A to Site B being redirect over Site C, which is also undesirable. But I'm more looking for an explanation here than a solution. I could not find anything on the internet nor in my CCIE books on this difference between the advertisement of type5 LSA's on the same router, so I hope that someone here can give me a logical explanation.

Kind regards,

Joris van Rooden

Peter Paluch · ‎03-09-2012

Hello Joris,

Lots of questions and ideas Let's go over the most important of them.

Why is the LSA for 250.250.250.0 /24 only originated on R2, while the one for 100.100.100.0 /24 is originated on both R1 and R2?

I do not know how exactly are the SiteA-R1 and SiteA-R2 configured, but it seems that the next hop 200.200.200.254 for the redistributed network 250.250.250.0/24 itself lies in a network that is being advertised into OSPF, or more precisely, all the following conditions are met:

OSPF is enabled on the ASBR's next hop interface AND
ASBR's next hop interface is non-passive under OSPF AND
ASBR's next hop interface is not point-to-point AND
ASBR's next hop interface is not point-to-multipoint AND
ASBR's next hop interface address falls under the network range specified in the router ospf command.

This set of conditions is taken from the following document:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009405a.shtml

If all these conditions are met then the route 250.250.250.0/24 will be redistributed along with its forwarding address set in the LSA-5. More often, the forwarding address is set to 0.0.0.0 meaning that the ASBR itself is the router through which the external network is reachable. However, if the forwarding address is non-zero then a different router should be considered as the exit point towards that network. Now, assuming that the conditions are met indeed and both SiteA-R1 and SiteA-R2 perform the redistribution with the forwarding address set, they both generate an LSA-5 that describes the very same external network, the very same metric (and metric type), the very same forwarder. We say that these two LSA-5 are functionally equivalent - the routing information they contain is identical. In that case, however, having them twice is a duplication of effort. Therefore, in this case, RFC 2328 Section 12.4.4.1 stipulates:

                                The following rule is
    thereby established: if two routers, both reachable
    from one another, originate functionally equivalent
    AS-external-LSAs (i.e., same destination, cost and
    non-zero forwarding address), then the LSA
    originated by the router having the highest OSPF
    Router ID is used.  The router having the lower OSPF
    Router ID can then flush its LSA.

That would explain why the LSA-5 related to the network 250.250.250.0/24 is originated only by SiteA-R2, assuming it has a higher Router ID, and it would also align with your experiences after changing the Router ID and observing that the LSA-5 is generated only by the router with the higher RID. Please note that the DR/BDR function is irrelevant here.

This elimination of LSA-5 does not apply to LSA-5 that are generated with zero forwarding address - in fact, they are not functionally equivalent, as each of them designates its originating router as the exit point, so their routing information is not identical. That is probably the case with the network 100.100.100.0/24 - it's next hop probably does not meet the criteria above for being used as a non-zero forwarding address. Hence, both R1 and R2 on Site A generate their own LSA-5, and because these two LSA-5 are not functionally equivalent, no elimination of superfluous LSA-5 takes place.

Why am I learning this route 250.250.250.0 /24 via both SiteB-R1 and SiteA-R1 or R2 on the SiteC routers with a cost of 100?

Regarding the cost of 100 related to 250.250.250.0/24 visible on SiteC-R1 - it is the cost related to reaching the appropriate forwarding address, plus the seed metric value used during route redistribution. From the SiteC-R1, to reach the next hop 200.200.200.254, the path cost is 80 (40 by C-R1 to A-R1/A-R2/B-R1 plus 40 by A-R1/A-R2/B-R1 on Vlan200 interface on which the next hop is directly connected). This cost of 80 is then increased by 20 set during the route redistribution, yielding the total cost of 100.

I thought that in a broadcast network only the DR will advertise routes, but the R2 is the BDR, not the DR!

This is not a correct understanding of the function of the DR. The DR is responsible for relaying LSAs on a multiaccess segment (a non-DR router always submits advertised LSAs to DR/BDR and DR in turn relays them to all other routers on the segment). However, there is no limitation as to which router on a multiaccess segment can advertise LSAs - any router can. The DR controls the LSA flooding but it does not limit the origination of LSAs.

I hope this helps but please ask further if there is anything unclear!

Best regards,

Peter

View solution in original post

Peter Paluch · ‎03-09-2012

Hello Joris,

Lots of questions and ideas Let's go over the most important of them.

Why is the LSA for 250.250.250.0 /24 only originated on R2, while the one for 100.100.100.0 /24 is originated on both R1 and R2?

I do not know how exactly are the SiteA-R1 and SiteA-R2 configured, but it seems that the next hop 200.200.200.254 for the redistributed network 250.250.250.0/24 itself lies in a network that is being advertised into OSPF, or more precisely, all the following conditions are met:

OSPF is enabled on the ASBR's next hop interface AND
ASBR's next hop interface is non-passive under OSPF AND
ASBR's next hop interface is not point-to-point AND
ASBR's next hop interface is not point-to-multipoint AND
ASBR's next hop interface address falls under the network range specified in the router ospf command.

This set of conditions is taken from the following document:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009405a.shtml

If all these conditions are met then the route 250.250.250.0/24 will be redistributed along with its forwarding address set in the LSA-5. More often, the forwarding address is set to 0.0.0.0 meaning that the ASBR itself is the router through which the external network is reachable. However, if the forwarding address is non-zero then a different router should be considered as the exit point towards that network. Now, assuming that the conditions are met indeed and both SiteA-R1 and SiteA-R2 perform the redistribution with the forwarding address set, they both generate an LSA-5 that describes the very same external network, the very same metric (and metric type), the very same forwarder. We say that these two LSA-5 are functionally equivalent - the routing information they contain is identical. In that case, however, having them twice is a duplication of effort. Therefore, in this case, RFC 2328 Section 12.4.4.1 stipulates:

                                The following rule is
    thereby established: if two routers, both reachable
    from one another, originate functionally equivalent
    AS-external-LSAs (i.e., same destination, cost and
    non-zero forwarding address), then the LSA
    originated by the router having the highest OSPF
    Router ID is used.  The router having the lower OSPF
    Router ID can then flush its LSA.

That would explain why the LSA-5 related to the network 250.250.250.0/24 is originated only by SiteA-R2, assuming it has a higher Router ID, and it would also align with your experiences after changing the Router ID and observing that the LSA-5 is generated only by the router with the higher RID. Please note that the DR/BDR function is irrelevant here.

This elimination of LSA-5 does not apply to LSA-5 that are generated with zero forwarding address - in fact, they are not functionally equivalent, as each of them designates its originating router as the exit point, so their routing information is not identical. That is probably the case with the network 100.100.100.0/24 - it's next hop probably does not meet the criteria above for being used as a non-zero forwarding address. Hence, both R1 and R2 on Site A generate their own LSA-5, and because these two LSA-5 are not functionally equivalent, no elimination of superfluous LSA-5 takes place.

Why am I learning this route 250.250.250.0 /24 via both SiteB-R1 and SiteA-R1 or R2 on the SiteC routers with a cost of 100?

Regarding the cost of 100 related to 250.250.250.0/24 visible on SiteC-R1 - it is the cost related to reaching the appropriate forwarding address, plus the seed metric value used during route redistribution. From the SiteC-R1, to reach the next hop 200.200.200.254, the path cost is 80 (40 by C-R1 to A-R1/A-R2/B-R1 plus 40 by A-R1/A-R2/B-R1 on Vlan200 interface on which the next hop is directly connected). This cost of 80 is then increased by 20 set during the route redistribution, yielding the total cost of 100.

I thought that in a broadcast network only the DR will advertise routes, but the R2 is the BDR, not the DR!

This is not a correct understanding of the function of the DR. The DR is responsible for relaying LSAs on a multiaccess segment (a non-DR router always submits advertised LSAs to DR/BDR and DR in turn relays them to all other routers on the segment). However, there is no limitation as to which router on a multiaccess segment can advertise LSAs - any router can. The DR controls the LSA flooding but it does not limit the origination of LSAs.

I hope this helps but please ask further if there is anything unclear!

Best regards,

Peter

jvrooden · ‎03-11-2012

Peter, Thank you very much, you answered my questions completely!

I had already figured out that for advertised routes on a broadcast segment the cost for the outgoing interface to this network was added, but now I understand the logic behind it as well. Regarding the conditions for the redistributed routes; this was exactly what I was looking for. Thanks again for this great explanation!

Beste regards,

Joris

Peter Paluch · ‎03-12-2012

Joris,

Thank you very much as well - responding to your well-presented case was a pleasure. Take care and please visit us here at CSC again

Best regards,

Peter

Moyuresh Biswas · ‎02-17-2013

Hi Peter,

Thanks for your precise explanation of this case. I had exactly similar issue as the first problem mentioned in this case (i.e. only one router advertising the redistributed static route), I was thinking along the same line why that would happen, then came across this thread and found the answer !

I understand that, one option to solve the issue is to set the lan-side interface to passive. But in case this is not an option, where can be other possible solutions?

Peter Paluch · ‎03-01-2013

Hello,

I understand that, one option to solve the issue is to set the lan-side interface to passive. But in case this is not an option, where can be other possible solutions?

It has to be stressed that this behavior, i.e. only one ASBR advertising a functionally equivalent LSA-5, is not a bug at all, so in most cases, it also should not be a problem. This reduction of ASBRs advertising the same functionally equivalent LSA-5 is done for the purpose of eliminating unnecessary LSAs in link-state databases of routers. If the current ASBR stops advertising the particular functionally equivalent LSA-5 for whatever reasons, other routers that perform the same redistribution will then elect a new ASBR that will advertise the same functionally equivalent LSA-5. In other words, there is no reachability issue related with this optimization. Do you have any particular reason to consider this as a problem that needs a "solution"?

Best regards,

Peter

Different advertisement of redistributed static routes in OSPF on the same router due to OSPF broadcast network type?