OSPF Type 4/5/7 LSA and the Forwarding Address
Just doing a quick pass over OSPF this week and ran through some NSSA tasks. As I'm sure everyone is aware, NSSA, short for not-so-stubby-area, is a quirky OSPF stub zone that can optionally import external routes. A normal stub zone prohibits type 5 LSAs, so we couldn't very well import type 5s, so in NSSA, type 7s are used.
The thing that made me scratch my head for a bit was the type5-to-7 translation ABR and its use of the forwarding address. To understand the forwarding address, I took a few minutes and labbed up a basic redistribution (non-stub/NSSA) first. The topology is as follows:
All routers have a loopback of X.X.X.X, where X is the router number.
All routers in OSPF area 0 have a Fast Ethernet interface using 192.168.0.X.
All routers in OSPF area 1 have a Fast Ethernet interface using 192.168.1.X.
The routers in RIP area have a Fast Ethernet interface using 10.0.0.X.
All routers are advertising their appropriate physical interfaces into OSPF or RIP. R2 & R3's Lo0 are advertised into area 0, and R4's Lo0 is advertised into OSPF area 1. Additionally, R4's router-id is manually set to 44.44.44.44. This is not representative of an IP address anywhere on the network. RIP and OSPF are mutually redistributed at R4.
Let's take a look at our external routes on R4.
R4#show ip ospf database external
OSPF Router with ID (44.44.44.44) (Process ID 1)
Type-5 AS External Link States
LS age: 203
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 44.44.44.44 LS Seq Number: 80000002
Checksum: 0xD109
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0 External Route Tag: 0
LS age: 203
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 10.0.0.0 (External Network Number )
Advertising Router: 44.44.44.44 LS Seq Number: 80000002
Checksum: 0x36AE
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0 External Route Tag: 0
I've bolded the important bits here.
So we're seeing 5.5.5.5/32 and 10.0.0.0/24 as external type 5s. This makes perfect sense.
What about type 4s?
R4#sh ip ospf database asbr-summary
OSPF Router with ID (44.44.44.44) (Process ID 1)
R4#
Nothing! Which is also expected. An ASBR doesn't generate a type 4. Type 4s are generated at ABRs so that other areas know how to reach router IDs inside its area. In our case, R2 and R3 will both be generating type 4s, so that R1 can learn how to reach router ID 44.44.44.44. Remember that OSPF doesn't include a forwarding address in type 5s. The "Forward Address: 0.0.0.0" we see above says "route to me, I know how to reach this external router". Type 5s are distributed across the entire OSPF domain unmodified. Let's take one more quick look at one of those Type 5s, from R1's perspective:
Routing Bit Set on this LSA
LS age: 621
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 44.44.44.44
LS Seq Number: 80000002
Checksum: 0xD109
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
Nowhere on there does it mention that you can reach 5.5.5.5 via 4.4.4.4. R1 could figure out how to get to 4.4.4.4 via a type 3 summary LSA, but that doesn't help any if it doesn't know 4.4.4.4 is where it should send the traffic to.
This is where the type 4 comes in to play. Let's look at the type 4s on R1:
R1#show ip ospf database asbr-summary
OSPF Router with ID (1.1.1.1) (Process ID 1)
Summary ASB Link States (Area 0)
Routing Bit Set on this LSA
LS age: 547
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(AS Boundary Router)
Link State ID: 44.44.44.44 (AS Boundary Router address)
Advertising Router: 2.2.2.2
LS Seq Number: 80000002
Checksum: 0xB1C6
Length: 28
Network Mask: /0
TOS: 0 Metric: 10
Routing Bit Set on this LSA
LS age: 501
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(AS Boundary Router)
Link State ID: 44.44.44.44 (AS Boundary Router address)
Advertising Router: 3.3.3.3
LS Seq Number: 80000002
Checksum: 0x93E0
Length: 28
Network Mask: /0
TOS: 0 Metric: 10
Once again, important bits are bolded. These two LSAs are simple: 2.2.2.2 knows how to reach 44.44.44.44; 3.3.3.3 also knows how to reach 44.44.44.44.
Now R1 can lookup the LSA advertising 5.5.5.5, discover that 44.44.44.44 is the ASBR, and discover that 44.44.44.44 is reachable via 2.2.2.2 or 3.3.3.3.
That's type 4 & 5 in a nutshell.
So what got me on this kick, when I was working on NSSA? Well, NSSA doesn't allow type 5s, but it does allow you to perform redistribution into OSPF, as a type 7. NSSA is an "island" on to itself. The routers not participating in the NSSA aren't aware of the NSSA, and technically speaking, don't even have to understand what an NSSA is. So we've got to find a way to take these type 7 LSAs and turn them back in to type 5s.
Let's make area 1 NSSA.
R2-R4:
router ospf 1
area 1 nssa
Let's check out the NSSA external database on R4:
R4#sh ip ospf database nssa-external
OSPF Router with ID (44.44.44.44) (Process ID 1)
Type-7 AS External Link States (Area 1)
LS age: 41
Options: (No TOS-capability, Type 7/5 translation, DC)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 44.44.44.44
LS Seq Number: 80000001
Checksum: 0x8B9
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0
LS age: 41
Options: (No TOS-capability, Type 7/5 translation, DC)
LS Type: AS External Link
Link State ID: 10.0.0.0 (External Network Number )
Advertising Router: 44.44.44.44
LS Seq Number: 80000001
Checksum: 0x6C5F
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0
We're seeing a lot of the same stuff as we did with type 5s earlier, but now we have a forwarding address!
Let's go check out how R1 sees this.
R1#show ip ospf database external
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA
LS age: 261
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000001
Checksum: 0x6F01
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0
Routing Bit Set on this LSA
LS age: 261
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 10.0.0.0 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000001
Checksum: 0xD3A6
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0
Forwarding addresses here, too. Now instead of just having some router ID to refer back to, we have an actual routable ip in the LSA. We also see the advertising router is no longer 44.44.44.44, but 3.3.3.3. We'll go over that in a minute. First, let's see if we still have type 4s:
R1#show ip ospf database asbr-summary
OSPF Router with ID (1.1.1.1) (Process ID 1)
R1#
Nope! Because we don't need them. We can reach 4.4.4.4 as well as anyone else can, so knowing that the ABR knows how to reach the ASBR is now no longer important.
After weighting our traffic a bit to prove a point:
R3:
router ospf 1
int fa0/1
ip ospf cost 1000
Let's make sure we have reachability:
R1#trace 5.5.5.5
Type escape sequence to abort.
Tracing the route to 5.5.5.5
1 192.168.0.2 16 msec
2 192.168.1.4 68 msec
3 10.0.0.5 96 msec * 92 msec
Yes, via R2 -> R4 -> R5.
The type7-to-type5 translation happens on the ABR with the highest router ID. In our case, that was R3. Yet, the traffic routed through R2. This is because R3 is only translating 7-to-5, not rewriting the forwarding address. It does add itself as the adveritsing router (as seen above), but that's about it. R1 will always take what it perceives as the shortest path to R4 (4.4.4.4) to reach R5.
What if we wanted to force traffic through R3, without worrying about the metric?
R3:
router ospf 1
area 1 nssa translate type7 suppress-fa
Let's see what that does to our type 5 on R1:
R1#show ip ospf database external
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA
LS age: 36
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 3.3.3.3 LS Seq Number: 80000002
Checksum: 0xA4DA
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0 External Route Tag: 0
Routing Bit Set on this LSA
LS age: 36
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 10.0.0.0 (External Network Number )
Advertising Router: 3.3.3.3 LS Seq Number: 80000002
Checksum: 0x980
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0 External Route Tag: 0
"translate type7 suppress-fa" tells the router (assuming it is the translating router) to rewrite the forwarding address to 0.0.0.0. In OSPF/LSA speak, this means "use the advertising router as the forward address". In our case, that's 3.3.3.3. Reminds me a lot of "next-hop-self" in iBGP.
Let's try our trace on R1 again:
R1#trace 5.5.5.5
Type escape sequence to abort.
Tracing the route to 5.5.5.5
1 192.168.0.3 40 msec 36 msec 28 msec
2 192.168.1.4 80 msec 56 msec 40 msec
3 10.0.0.5 72 msec * 100 msec
R3 -> R4 -> R5
Really pretty simple, once you get your head around it.
Jeff Kronlage
The thing that made me scratch my head for a bit was the type5-to-7 translation ABR and its use of the forwarding address. To understand the forwarding address, I took a few minutes and labbed up a basic redistribution (non-stub/NSSA) first. The topology is as follows:
All routers in OSPF area 0 have a Fast Ethernet interface using 192.168.0.X.
All routers in OSPF area 1 have a Fast Ethernet interface using 192.168.1.X.
The routers in RIP area have a Fast Ethernet interface using 10.0.0.X.
All routers are advertising their appropriate physical interfaces into OSPF or RIP. R2 & R3's Lo0 are advertised into area 0, and R4's Lo0 is advertised into OSPF area 1. Additionally, R4's router-id is manually set to 44.44.44.44. This is not representative of an IP address anywhere on the network. RIP and OSPF are mutually redistributed at R4.
Let's take a look at our external routes on R4.
R4#show ip ospf database external
OSPF Router with ID (44.44.44.44) (Process ID 1)
Type-5 AS External Link States
LS age: 203
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 44.44.44.44 LS Seq Number: 80000002
Checksum: 0xD109
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0 External Route Tag: 0
LS age: 203
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 10.0.0.0 (External Network Number )
Advertising Router: 44.44.44.44 LS Seq Number: 80000002
Checksum: 0x36AE
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0 External Route Tag: 0
I've bolded the important bits here.
So we're seeing 5.5.5.5/32 and 10.0.0.0/24 as external type 5s. This makes perfect sense.
What about type 4s?
R4#sh ip ospf database asbr-summary
OSPF Router with ID (44.44.44.44) (Process ID 1)
R4#
Nothing! Which is also expected. An ASBR doesn't generate a type 4. Type 4s are generated at ABRs so that other areas know how to reach router IDs inside its area. In our case, R2 and R3 will both be generating type 4s, so that R1 can learn how to reach router ID 44.44.44.44. Remember that OSPF doesn't include a forwarding address in type 5s. The "Forward Address: 0.0.0.0" we see above says "route to me, I know how to reach this external router". Type 5s are distributed across the entire OSPF domain unmodified. Let's take one more quick look at one of those Type 5s, from R1's perspective:
Routing Bit Set on this LSA
LS age: 621
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 44.44.44.44
LS Seq Number: 80000002
Checksum: 0xD109
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
Nowhere on there does it mention that you can reach 5.5.5.5 via 4.4.4.4. R1 could figure out how to get to 4.4.4.4 via a type 3 summary LSA, but that doesn't help any if it doesn't know 4.4.4.4 is where it should send the traffic to.
This is where the type 4 comes in to play. Let's look at the type 4s on R1:
R1#show ip ospf database asbr-summary
OSPF Router with ID (1.1.1.1) (Process ID 1)
Summary ASB Link States (Area 0)
Routing Bit Set on this LSA
LS age: 547
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(AS Boundary Router)
Link State ID: 44.44.44.44 (AS Boundary Router address)
Advertising Router: 2.2.2.2
LS Seq Number: 80000002
Checksum: 0xB1C6
Length: 28
Network Mask: /0
TOS: 0 Metric: 10
Routing Bit Set on this LSA
LS age: 501
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(AS Boundary Router)
Link State ID: 44.44.44.44 (AS Boundary Router address)
Advertising Router: 3.3.3.3
LS Seq Number: 80000002
Checksum: 0x93E0
Length: 28
Network Mask: /0
TOS: 0 Metric: 10
Once again, important bits are bolded. These two LSAs are simple: 2.2.2.2 knows how to reach 44.44.44.44; 3.3.3.3 also knows how to reach 44.44.44.44.
Now R1 can lookup the LSA advertising 5.5.5.5, discover that 44.44.44.44 is the ASBR, and discover that 44.44.44.44 is reachable via 2.2.2.2 or 3.3.3.3.
That's type 4 & 5 in a nutshell.
So what got me on this kick, when I was working on NSSA? Well, NSSA doesn't allow type 5s, but it does allow you to perform redistribution into OSPF, as a type 7. NSSA is an "island" on to itself. The routers not participating in the NSSA aren't aware of the NSSA, and technically speaking, don't even have to understand what an NSSA is. So we've got to find a way to take these type 7 LSAs and turn them back in to type 5s.
Let's make area 1 NSSA.
R2-R4:
router ospf 1
area 1 nssa
Let's check out the NSSA external database on R4:
R4#sh ip ospf database nssa-external
OSPF Router with ID (44.44.44.44) (Process ID 1)
Type-7 AS External Link States (Area 1)
LS age: 41
Options: (No TOS-capability, Type 7/5 translation, DC)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 44.44.44.44
LS Seq Number: 80000001
Checksum: 0x8B9
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0
LS age: 41
Options: (No TOS-capability, Type 7/5 translation, DC)
LS Type: AS External Link
Link State ID: 10.0.0.0 (External Network Number )
Advertising Router: 44.44.44.44
LS Seq Number: 80000001
Checksum: 0x6C5F
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0
We're seeing a lot of the same stuff as we did with type 5s earlier, but now we have a forwarding address!
Let's go check out how R1 sees this.
R1#show ip ospf database external
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA
LS age: 261
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000001
Checksum: 0x6F01
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0
Routing Bit Set on this LSA
LS age: 261
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 10.0.0.0 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000001
Checksum: 0xD3A6
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0
Forwarding addresses here, too. Now instead of just having some router ID to refer back to, we have an actual routable ip in the LSA. We also see the advertising router is no longer 44.44.44.44, but 3.3.3.3. We'll go over that in a minute. First, let's see if we still have type 4s:
R1#show ip ospf database asbr-summary
OSPF Router with ID (1.1.1.1) (Process ID 1)
R1#
Nope! Because we don't need them. We can reach 4.4.4.4 as well as anyone else can, so knowing that the ABR knows how to reach the ASBR is now no longer important.
After weighting our traffic a bit to prove a point:
R3:
router ospf 1
int fa0/1
ip ospf cost 1000
Let's make sure we have reachability:
R1#trace 5.5.5.5
Type escape sequence to abort.
Tracing the route to 5.5.5.5
1 192.168.0.2 16 msec
2 192.168.1.4 68 msec
3 10.0.0.5 96 msec * 92 msec
Yes, via R2 -> R4 -> R5.
The type7-to-type5 translation happens on the ABR with the highest router ID. In our case, that was R3. Yet, the traffic routed through R2. This is because R3 is only translating 7-to-5, not rewriting the forwarding address. It does add itself as the adveritsing router (as seen above), but that's about it. R1 will always take what it perceives as the shortest path to R4 (4.4.4.4) to reach R5.
What if we wanted to force traffic through R3, without worrying about the metric?
R3:
router ospf 1
area 1 nssa translate type7 suppress-fa
Let's see what that does to our type 5 on R1:
R1#show ip ospf database external
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA
LS age: 36
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 3.3.3.3 LS Seq Number: 80000002
Checksum: 0xA4DA
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0 External Route Tag: 0
Routing Bit Set on this LSA
LS age: 36
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 10.0.0.0 (External Network Number )
Advertising Router: 3.3.3.3 LS Seq Number: 80000002
Checksum: 0x980
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0 External Route Tag: 0
"translate type7 suppress-fa" tells the router (assuming it is the translating router) to rewrite the forwarding address to 0.0.0.0. In OSPF/LSA speak, this means "use the advertising router as the forward address". In our case, that's 3.3.3.3. Reminds me a lot of "next-hop-self" in iBGP.
Let's try our trace on R1 again:
R1#trace 5.5.5.5
Type escape sequence to abort.
Tracing the route to 5.5.5.5
1 192.168.0.3 40 msec 36 msec 28 msec
2 192.168.1.4 80 msec 56 msec 40 msec
3 10.0.0.5 72 msec * 100 msec
R3 -> R4 -> R5
Really pretty simple, once you get your head around it.
Jeff Kronlage
