Sunday, May 26, 2013

OSPF – Understanding the Forwarding Address (FA)

Here I come with the solution for quiz-12, that I consider to be one of the most difficult quiz published on this blog, until now.
The difficultly is given by fact that some LSAs will contain a non-zero FA (Forwarding Address) while others have it set to 0.0.0.0

In the beginning, let’s see why FA (Forwarding Address) exists in the first place. We all know that packets destined to external destinations are routed through the advertising ASBR. According to RFC 2328 (see page 141), there might be situations when this behaviour is not desirable and they introduced the concept of FA in order to avoid extra hops in the path.
Consider the diagram below, where both RT-A and RT-B are connected to RT-X (a partner company), but only RT-A speaks eBGP with partner company (let’s say that RT-B does not have enough memory to run BGP). RT-A redistributes the BGP routes (ex:172.16.10.0/24) into the OSPF domain, thus becoming an ASBR.

Common_problem_without_FA
Without the concept of FA, traffic from RT-B towards those external destinations will go via the ASBR (RT-A), as shown in the traceroute output.
If RT-A set FA = 192.168.1.3, then RT-B would route directly to FA instead of ASBR, as you can see below:

traceroutes_with_and_without_FA

Now, let’s see what are the conditions required to have a non-zero FA. According to Cisco documentation, all of these conditions need to be true:
  • 1. OSPF is enabled on the ASBR’s next hop interface AND
  • 2. ASBR’s next hop interface is non-passive under OSPF AND
  • 3. ASBR’s next hop interface is not point-to-point AND
  • 4. ASBR’s next hop interface is not point-to-multipoint AND
  • 5. ASBR’s next hop interface address falls under the network range specified in the router ospf command
Note the AND logical operator between each condition. An easier way to remember this: next-hop interface must be a broadcast interface that is natively advertised in OSPF. 


Going back to the quiz, we see that both R1 and R2 are ASBR for external destinations (static routes for 172.16.10.0/24 and 172.16.11.0/24). Each of them injects Type-5 LSAs but with different information:
- R1 sets the FA address to R5′s address (192.168.1.5) because all of the above conditions are true !
- R2 sets the FA address to zero (0.0.0.0) because the connection to R6 is a point-to-point interface !

quiz-12
R3 (and all other OSPF routers) receives two external LSAs for same destinations and it choose the best path based on theforwarding metric with the following comparison:
  • for the Type-5 LSA generated by ASBR R1 – with FA = 192.168.1.5 – it looks for the metric to reach the FA (in this case: 3)
  • for the Type-5 LSA generated by ASBR R2 – with FA = 0.0.0.0 – it looks for the metric to reach the ASBR (in this case: 2)
thus, it considers that best path is via ASBR R2. 

Solutions

There are several solutions to this quiz, each with different result, and you may have to consider what do you want to achieve: load balancing on both exit links (R1 and R2) or use only Fast Ethernet exit on R1.
Basically, the idea is to have same behavior on both ASBRs: either both will set a non-zero FA or both set it to 0.0.0.0 

  • on R1, replace the “network 0.0.0.0” under the ospf process with more specific statements (only for internal interfaces)
    This may or may not be useful in certain scenarios when you want to passively advertise connected interfaces. 
    This will break the 1st condition of setting a non-zero FA as mentioned above, so both ASBRs will set 0.0.0.0 as Forwarding Address.
    FA-specific-networkWith this solution you achieve load-balancing over both exit points from router equally far to both R1 and R2 (for example, R3 is equally far from exit points R1 and R2).

  • on R1, make the interface connected to partner router as passive under the ospf process
    This will break the 2nd condition of setting a non-zero FA, so both ASBRs will set 0.0.0.0 as Forwarding Address.
    FA-passive-interfaceYou get the same load-balancing effect from R3.

  • on R2, configure the interface connected to partner router as broadcast OSPF type
    This will make all conditions TRUE, on R2, for setting a non-zero FA.
    FA-serial-as-broadcast
    In this solution, both Type-5 LSAs have a non-zero FA so the best path is chosen based on the forward metric:
    - LSA Type-5 from R1 (FA = 192.168.1.5) has a forward metric of 3
    - LSA Type-5 from R2 (FA = 192.168.2.6) has a forward metric of 66

In case the primary link between R1 and R5 fails, the external destinations are reachable via serial between R2 and R6 – notice the forward metric:
FA-primary-link-down

Of course, there is much more to discuss about Forwarding Address, but this is one of the first article on this subject – more quizzes to follow :-) 

Thank you for your comments and interest in the quiz!
Related Posts Plugin for WordPress, Blogger...