In OSPF and other routing protocols we have something called forwarding address.
This can be used to route traffic in another direction than to the router that
originated the LSA. We start with the following topology.

It’s a basic OSPF setup where area 1 is a NSSA area. As you can see we have
two ABRs. Remember that in NSSA area, redistributed routes will be seen as N
internally but as E outside the area. To make this happen the ABR must translate
the type 7 LSA to type 5 LSA. If we have multiple ABRs, which one is responsible
for this task? The ABR with the highest RID will do the translation.

If we look at the LSA at R1, this is what it looks like.

R1#sh ip ospf data ex 10.10.4.0

            OSPF Router with ID (10.10.13.1) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA
  LS age: 1373
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 10.10.4.0 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000001
  Checksum: 0x7306
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 10.10.234.4
        External Route Tag: 0

So R3 is the ABR doing the translation but the forward address is set to
10.10.234.4 which is the address of R4. This means that traffic doesn’t need
to pass through R3 to reach the R4 network. The router will lookup the
10.10.234.0/24 prefix and use the routing information to reach the
10.10.4.0 network. This is proven by a traceroute.

R1#traceroute 10.10.4.4

Type escape sequence to abort.
Tracing the route to 10.10.4.4

  1 10.10.12.2 44 msec 44 msec 20 msec
  2 10.10.234.4 60 msec *  72 msec

What happens if the forwarding address network is not advertised? We will
do some filtering on R2.

R2(config-router)#area 1 range 10.10.234.0 255.255.255.0 not-advertise
R3(config-router)#area 1 range 10.10.234.0 255.255.255.0 not-advertise

R1#sh ip route 10.10.4.0
% Subnet not in table

There is no reachability for the network any longer? How can we resolve
this without removing the filtering?

We can tell R3 to suppress the FA in the LSA.

R3(config-router)#area 1 nssa translate type7 suppress-fa

The network is back and we have reachability but now traffic must pass
through R3 since the FA is not set.

R1#sh ip route 10.10.4.0
Routing entry for 10.10.4.0/24
  Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 2
  Last update from 10.10.12.2 on FastEthernet0/0, 00:00:07 ago
  Routing Descriptor Blocks:
  * 10.10.12.2, from 3.3.3.3, 00:00:07 ago, via FastEthernet0/0
      Route metric is 20, traffic share count is 1

R1#traceroute 10.10.4.4

Type escape sequence to abort.
Tracing the route to 10.10.4.4

  1 10.10.12.2 52 msec 76 msec 48 msec
  2 10.10.23.3 36 msec 48 msec 40 msec
  3 10.10.234.4 72 msec *  72 msec

So by setting the FA we achieve more effecient routing. The reason to have
a forwarding address is to reduce the number of LSAs needed. If all ABRs were
doing type 7 to type 5 translation then there would be more LSAs than what is
optimal.

Lets take a look at the LSA now. Note that the FA will be set to 0.0.0.0.

R1#sh ip ospf data ex 10.10.4.0

            OSPF Router with ID (10.10.13.1) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA
  LS age: 212
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 10.10.4.0 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000003
  Checksum: 0x6218
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 0.0.0.0
        External Route Tag: 0

By default the FA is always set when using NSSA areas. Now we take a look
at another use case where we have another routing protocol involved and
redistribution is done between the routing domains.

This is our example topology. Very similar to before. We just changed from
OSPF to RIP on the lefthand side.

R3 will be the router doing mutual redistribution between RIP and OSPF.
We will see that the FA will be set to 0.0.0.0. We check the route on R1.

R1#sh ip route 10.10.4.0
Routing entry for 10.10.4.0/24
  Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 2
  Last update from 10.10.12.2 on FastEthernet0/0, 00:01:07 ago
  Routing Descriptor Blocks:
  * 10.10.12.2, from 3.3.3.3, 00:01:07 ago, via FastEthernet0/0
      Route metric is 20, traffic share count is 1

R1#sh ip ospf data ex 10.10.4.0

            OSPF Router with ID (10.10.13.1) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA
  LS age: 79
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 10.10.4.0 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000001
  Checksum: 0x6616
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 0.0.0.0
        External Route Tag: 0

As expected the FA is set to 0.0.0.0. This means that traffic must traverse
R3. We confirm with a traceroute.

R1#traceroute 10.10.4.4

Type escape sequence to abort.
Tracing the route to 10.10.4.4

  1 10.10.12.2 64 msec 28 msec 24 msec
  2 10.10.23.3 68 msec 40 msec 40 msec
  3 10.10.234.4 96 msec *  76 msec

Now what happens if we enable OSPF on R3 interface towards R4?

R3(config-if)#ip ospf 1 area 0

R1#traceroute 10.10.4.4

Type escape sequence to abort.
Tracing the route to 10.10.4.4

  1 10.10.12.2 56 msec 32 msec 24 msec
  2 10.10.234.4 60 msec *  72 msec

Traceroute is now takinig the shorter path. How did this happen? Take a
look at the LSA on R1.

R1#sh ip ospf data ex 10.10.4.0

            OSPF Router with ID (10.10.13.1) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA
  LS age: 59
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 10.10.4.0 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000002
  Checksum: 0x7107
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 10.10.234.4
        External Route Tag: 0

The FA has now been set. How did this happen? The FA will be set for
external routes if we meet the following conditions.

  • OSPF is enabled on the ASBR’s next hop interface AND
  • ASBR’s next hop interface is non-passive under OSPF AND
  • ASBR’s next hop interface is not point-to-point AND
  • ASBR’s next hop interface is not point-to-multipoint AND
  • ASBR’s next hop interface address falls under the network range specified in the router ospf command.

 

So we have met all the conditions needed to set the FA. I hope that
you know have a better understanding of the forwarding address and
as usual always poste questions/feedback in the comments field.

OSPF – Use of forwarding address
Tagged on:                     

31 thoughts on “OSPF – Use of forwarding address

  • August 6, 2012 at 5:25 pm
    Permalink

    Hi Daniels, I read sometime about the forwarding address without getting the entire idea/concept. After reading these post, I can tell you that I got the idea.
    Thanks for your wonderful post!!!!

    Reply
    • August 6, 2012 at 8:04 pm
      Permalink

      Great. That is exactly what I want to hear 🙂

      Reply
  • August 8, 2012 at 6:28 am
    Permalink

    And then I realized that I still have lots to learn about OSPF 🙂 Thanks for an awesome post.

    -P

    Reply
    • August 8, 2012 at 6:47 am
      Permalink

      Thanks for reading Petter 🙂 OSPF is one of those protocols that takes a lot to master. Sure this may be overkill level but if you know it at this level you will be the go to guy 🙂

      Reply
  • August 25, 2012 at 10:51 pm
    Permalink

    Hi Daniel,

    I have a quick question. In your first example where area 1 is configured as a NSSA with 2 ABR exit point, when R4 is receiving LSA Type-3 from R2 and R3 coming from area 0 which exit ABR will R4 use for this LSA Type-3?

    Imagine that the total metric is best via R3 for example, how can we force the traffic to go via R2 using a distribute-list with a route-map matching on the LSA Type-3 prefix and the originator-ID on R4?

    Regards,
    Laurent

    Reply
  • August 25, 2012 at 11:09 pm
    Permalink

    Hi Laurent,

    The type-3 LSA is a summary of LSA coming from another area. The ABR calculates its metric to reach this destination. Let’s say that the link between R2 and R1 is being advertised as a type-3 summary LSA. Then the cost is the cost of R2 interface and then the cost from R4 to R2. The cost to go through R3 would be higher since then it has to go through another link as well.

    The problem here is that R4 is using same interface to reach the ABRs. I guess you could do filtering but then you would lose redundancy if one ABR goes down. One better option would be to try to configure point to multipoint adjacency and then set a neighbor cost on the one you are preferring. This would basically then be Hub and Spoke topology over Ethernet where R4 would be the hub. Does that explain it?

    Reply
  • August 27, 2012 at 7:27 pm
    Permalink

    Hi daniel,
    very very thanks for providing such a clear understanding of forward address.

    i made both topo in this blog , first one , the nssa topology, behaves in same way as u explained. The second topo , however, the case is different. The forward address in this case is
    0.0.0.0, this is expected. when i try to trace 10.10.4.4 from R1 it doesnot traverse R3, which is not expected behaviour.

    plesse reply.

    regards
    pravin

    Reply
    • August 27, 2012 at 10:09 pm
      Permalink

      Hi Pravin,

      Are you sure that you enabled OSPF on the interface leading to the next-hop?

      Reply
      • August 30, 2012 at 5:41 am
        Permalink

        Hi Daniel,

        Sorry for the late reply, actually I was out of station for some urgent work.

        Cisco as well as you documented that if forward address is set to 0.0.0.0 ,the traffic must go through that ABR which is translating the type 7 to type 5 LSA. In second topology R1 has forward address 0.0.0.0. In your case if u trace 10.10.4.4 , it traverse through R3, but In my case R1 has still forward address is 0.0.0.0, but when i trace 10.10.4.4 it doesnot traverse through R3. I enabled OSPF in red circled area only.

        Reply
        • August 30, 2012 at 8:16 am
          Permalink

          Hi,

          Yes, this is expected. You can see the forwarding address in OSPF as next hop in BGP. If it is set to 0.0.0.0 it is the same as using next-hop-self in BGP. The router is saying, come through me to reach x.x.x.x. If the forwarding address is set then the routers can choose the shortest path, this is the same as preserving the next-hop sent by eBGP neighbor.

          To have the forwarding address set in the second example you need to enable OSPF on R3 interface towards R4.

          Reply
  • August 28, 2012 at 6:11 am
    Permalink

    Hi Daniel,
    in the beginning you’ve mentioned that ABR with the highest RID will be the one translating LSA7 into LSA5. Can you explain how the multiple ABRs decide who’s gonna be doing the translation?
    Cheers,
    Michael

    Reply
    • August 28, 2012 at 8:20 am
      Permalink

      Hi Michael,

      RFC1587 describes the NSSA function of OSPF. Here is the relevant part that you will find in section 4.1.

      “This step is performed as part of the NSSA’s Dijkstra calculation after type-5 and type-7 routes have been calculated. If the calculating router is not an area border router this translation algorithm should be skipped. All reachable area border routers in the NSSA should now be examined noting the one with the highest router ID. If this router has the highest router ID, it will be the one translating type-7 LSAs into type-5 LSAs for the NSSA, otherwise the translation algorithm should not be performed.”

      So how do we find all ABRs in one area? For us we could just use show ip ospf border routers but the router can look in the LSDB. It will then check router LSAs and check which of them has the B bit set (area border). For all the router-LSAs with the B bit set pick the one that has the highest RID.

      Does that make sense?

      Reply
      • August 28, 2012 at 9:08 am
        Permalink

        Yep, perfect. So there’s a bit in LSA which indicates that a router is an ABR.
        Thanks!

        Reply
    • August 30, 2012 at 10:56 am
      Permalink

      Hi,

      Ok you said “If forward address is set to 0.0.0.0 it is the same as using next-hop-self in BGP. The router is saying, come through me to reach x.x.x.x. “. I agree , but question is that it is not expecting like that. I already text that, the forward address in R1 is 0.0.0.0 , nevertheless it still use the shortest path to 10.10.4.4. However, It must traverse through R3, if Forward Address is 0.0.0.0.

      Please clear my confusion.

      Reply
      • August 30, 2012 at 11:51 am
        Permalink

        On which router are you doing redistribution? Can you post your config? Please do a show ip ospf data external 10.10.4.0.

        Reply
  • February 3, 2013 at 10:32 am
    Permalink

    I read sometime about the forwarding address without getting the entire idea/concept. After reading these post, I can tell you that I got the idea.
    Thanks for your wonderful post!!!!

    Reply
  • Pingback:Darren's Blog OSPF external prefixes and the Type4 LSA deep dive – part 1 of 2 | Darren's Blog

  • February 22, 2013 at 4:06 pm
    Permalink

    Man you are awsome. This exactly what I needed to undestand

    Reply
  • Pingback:It's my time: Mrock's CCIE thread - Page 13

  • August 7, 2013 at 9:04 am
    Permalink

    Hi, is there any implementation of “translate type7 suppress-fa” in ios xr?

    Reply
    • August 8, 2013 at 3:08 pm
      Permalink

      I’m not sure since I don’t have much exposure to IOS XR. Did you check the command reference?

      Reply
  • August 9, 2013 at 12:02 pm
    Permalink

    Yes, but I didn’t find anything. Thanks anyway.

    Reply
  • July 28, 2015 at 9:35 am
    Permalink

    Hi. You said the elected ABR for the typ7 to 5 translation is the one with the highest router-id. Brian McGahan’s OSPF video said that it was the ABR with the lowest forwarding address + the cost to reach that ABR. So which one is it?

    Reply
  • July 28, 2015 at 1:19 pm
    Permalink

    Hey mate (it’s sg4rb0 off the ieoc forums btw, we’ve spoke a bunch of times about a year ago),

    Yeah I’ve just spent about 4 more hours reading this topic & reading Brians blog post. I have just labbed up an environment to try and make sure I FULLY understand how this works. I think I do. The only thing left that is confusing me is why we need to be able to route the the forward address as opposed to just solving the shortest path to node who owns it. I’ve posted this question on the ieoc forums in the link below, but if you know the answer, please tell me 🙂
    http://ieoc.com/forums/t/32920.aspx

    Reply
    • July 28, 2015 at 1:48 pm
      Permalink

      Hey buddy. Nice seeing you here. I’l lhave to think about that one but calculating the SPT to the RID of the ASBR would be not possible since it’s in another area than the routers in area 0.

      Reply
  • July 28, 2015 at 1:21 pm
    Permalink

    It was defo the router-id by (thanks for that). And the forward address IP is decided by the ASBR, determined by the the highest OSPF enabled interface IP on a loopback on the ASBR, if it does not exist, then it’s the highest OSPF enabled physical interface IP.

    Reply
    • July 28, 2015 at 1:37 pm
      Permalink

      Yeah, exactly. I did a blog post on that as well some time. The FA can be a bit confusing at first, when it is set and when not and so on.

      Reply
  • September 19, 2016 at 3:21 pm
    Permalink

    hi daniel,your post is awesome..can u upload a video about ospf forwarding address.and how it works broadcast network…then it will help me lot.

    Reply
  • June 2, 2017 at 8:01 pm
    Permalink

    Hello Daniel.
    I think after supressing the forwarding address, metric will be calculated partially since ABR is replacing the ADR after translating LSA type 7 to type 5 so metric from ABR to ASBR will be lost. Is that true?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *