OSPF LSA5: Forward Address or optimal routing bypassing ASBR
The CCNP Route training materials state that if there are several external OSPF routes of the same type, the route with the best metric will be selected, if the metrics match, the route declared by the nearest ASBR will be selected. At the same time, it seems that traffic to external networks should always go through ASBR. In practice, this description is incomplete and one aspect is omitted that may lead to suboptimal routing.
So, we have a simple network topology of three routers.
R1 is the OSPF router, R3 is the EIGRP router, and R2 is the ASBR router, which redistributes the EIGRP 10.3.3.0/24 route to the OSPF domain, i.e. The redistribute eigrp 1 subnets command has been entered on this router. OSPF only works on a direct link between R1 and R2 and is turned off on the interfaces of routers R2 and R1 paired with switch SW1. EIGRP runs on the R2 and R3 interfaces connected to SW1. As a result of this configuration, the route from R1 to the 10.3.3.0/24 subnet will run through 192.168.55.2, i.e. via ASBR router R2:
Obviously, as a result, we get a situation with suboptimal routing, as a more efficient route between router R1 and R3 through SW1 remains idle.
As you know, external routes in the OSPF protocol are described by LSA5 announcements, the LSA5 structure provides the Forward Address field, for the route in question, this field in LSA5 is filled with zeros:
Empirically, it was found that if this field has a zero value, as in the described case, then the traffic is always, as expected, sent to the ASBR router, whose address is specified in the Advertising Router field of the corresponding LSA5. This situation is described in most materials for CCNP: Route. If Forward Address has a nonzero value, then traffic will be redirected to the address specified in this field, bypassing ASBR. Using this field for the existing topology, a more optimal routing can be achieved by directing traffic directly between R1-> R3 bypassing ASBR R2. Forward Address will be automatically populated if the condition is met - the 192.168.0.0/24 subnet associated with SW2 must be declared in the OSPF domain. To do this, enable OSPF on the corresponding interfaces R1 and R2, switched on SW1.
After that, the entry in the routing table R1 also changes:
As a result, a more optimal route from R1 is used directly to router R3, bypassing ASBR router R2. Interestingly, traffic is transmitted directly to a router that belongs to another routing protocol bypassing ASBR.
Now we will consider how routing is performed when there are two ASBRs in the network, for this we add the ASBR router R4 to the topology under consideration:
For route 10.3.3.0/24, each ASBR generates a separate LSA5. In the case where LSA5 are of the same type with different metrics, LSA5 wins with a lower metric and traffic is sent either to the ASBR that generated the winning announcement, or to FA, if this field is set in the winning announcement. Those. if the LSA5 metric from R4 is better than the R2 metric, traffic is routed to the R4 ASBR router. In the opposite situation, if LSA5 from R2 is better, traffic is forwarded bypassing R2 directly to R3, because the FA field in the winning announcement is set.
In a more difficult situation, when the announcement metrics are the same, the choice of the best route is not so obvious. If FAs are zero, the nearest ASBR is selected as the route on the current router. In the considered topology, ASBR routers have the following costs:
Those. according to the scheme described in the training literature, the traffic should be directed to the R4 ASBR router, but this does not happen, the corresponding entry for the route in the routing table is as follows:
Those. traffic is still sent to R3 bypassing all ASBR routers. The fact is that the values before ASBR are compared only if the FAs have a zero value. If the FA is installed in any announcement, when comparing from this announcement, the cost to the FA network is used, the cost to ASBR is ignored. In this topology, the cost of the FA network from the announcement of R2 is compared with the cost to the ASBR router R4, and since the network FA has metric 1, the path R1-> R3 wins, despite the fact that the distance to R4 is better than to R2. If the cost of FA and ASBR for different LSA5 are equal, load balancing will be performed.
Unlike the standard zone, where under normal conditions the FA is filled with zeros, the ASBR router located in the NSSA zone, generating LSA7, always fills the FA field with the address of the corresponding interface. During the broadcast on the ABR router, the FA field does not change and is stored in LSA5, which indicates the ASBR in the NSSA zone. As a result, the traffic will go not through the ABR, which performed the broadcast LSA7-> LSA5, but along the shortest route to FA, i.e. Traffic in the NSSA zone until the ASBR can be routed through any ABR. You can change this behavior with the
area 1 nssa translate type7 suppress-fa command,
which forces the FA to zero during translation, forcing ASBR NSSA traffic to pass only through a single ABR translator.
In the NSSA zone, you can direct traffic bypassing the ASBR to the router from another routing domain, as is done in standard zones in the situations described above, for this you need to fulfill a number of conditions, in particular, declare a common subnet in the OSPF domain.
Strictly speaking, to set the router address in the FA field from another routing domain, it is not enough to declare a shared network in the OSPF domain, the following conditions must be met:
- OSPF must be enabled on the ASBR interface connected to the router from another routing domain.
- The ASBR interface of the router connected to the router from another routing domain should not be passive
- The ASBR interface of the router connected to the router from another routing domain should not be point-to-point
- The ASBR interface of the router connected to the router from another routing domain should not be point-to-multipoint
So, we have a simple network topology of three routers.
R1 is the OSPF router, R3 is the EIGRP router, and R2 is the ASBR router, which redistributes the EIGRP 10.3.3.0/24 route to the OSPF domain, i.e. The redistribute eigrp 1 subnets command has been entered on this router. OSPF only works on a direct link between R1 and R2 and is turned off on the interfaces of routers R2 and R1 paired with switch SW1. EIGRP runs on the R2 and R3 interfaces connected to SW1. As a result of this configuration, the route from R1 to the 10.3.3.0/24 subnet will run through 192.168.55.2, i.e. via ASBR router R2:
Obviously, as a result, we get a situation with suboptimal routing, as a more efficient route between router R1 and R3 through SW1 remains idle.
As you know, external routes in the OSPF protocol are described by LSA5 announcements, the LSA5 structure provides the Forward Address field, for the route in question, this field in LSA5 is filled with zeros:
Empirically, it was found that if this field has a zero value, as in the described case, then the traffic is always, as expected, sent to the ASBR router, whose address is specified in the Advertising Router field of the corresponding LSA5. This situation is described in most materials for CCNP: Route. If Forward Address has a nonzero value, then traffic will be redirected to the address specified in this field, bypassing ASBR. Using this field for the existing topology, a more optimal routing can be achieved by directing traffic directly between R1-> R3 bypassing ASBR R2. Forward Address will be automatically populated if the condition is met - the 192.168.0.0/24 subnet associated with SW2 must be declared in the OSPF domain. To do this, enable OSPF on the corresponding interfaces R1 and R2, switched on SW1.
After that, the entry in the routing table R1 also changes:
As a result, a more optimal route from R1 is used directly to router R3, bypassing ASBR router R2. Interestingly, traffic is transmitted directly to a router that belongs to another routing protocol bypassing ASBR.
Now we will consider how routing is performed when there are two ASBRs in the network, for this we add the ASBR router R4 to the topology under consideration:
For route 10.3.3.0/24, each ASBR generates a separate LSA5. In the case where LSA5 are of the same type with different metrics, LSA5 wins with a lower metric and traffic is sent either to the ASBR that generated the winning announcement, or to FA, if this field is set in the winning announcement. Those. if the LSA5 metric from R4 is better than the R2 metric, traffic is routed to the R4 ASBR router. In the opposite situation, if LSA5 from R2 is better, traffic is forwarded bypassing R2 directly to R3, because the FA field in the winning announcement is set.
In a more difficult situation, when the announcement metrics are the same, the choice of the best route is not so obvious. If FAs are zero, the nearest ASBR is selected as the route on the current router. In the considered topology, ASBR routers have the following costs:
Those. according to the scheme described in the training literature, the traffic should be directed to the R4 ASBR router, but this does not happen, the corresponding entry for the route in the routing table is as follows:
Those. traffic is still sent to R3 bypassing all ASBR routers. The fact is that the values before ASBR are compared only if the FAs have a zero value. If the FA is installed in any announcement, when comparing from this announcement, the cost to the FA network is used, the cost to ASBR is ignored. In this topology, the cost of the FA network from the announcement of R2 is compared with the cost to the ASBR router R4, and since the network FA has metric 1, the path R1-> R3 wins, despite the fact that the distance to R4 is better than to R2. If the cost of FA and ASBR for different LSA5 are equal, load balancing will be performed.
Unlike the standard zone, where under normal conditions the FA is filled with zeros, the ASBR router located in the NSSA zone, generating LSA7, always fills the FA field with the address of the corresponding interface. During the broadcast on the ABR router, the FA field does not change and is stored in LSA5, which indicates the ASBR in the NSSA zone. As a result, the traffic will go not through the ABR, which performed the broadcast LSA7-> LSA5, but along the shortest route to FA, i.e. Traffic in the NSSA zone until the ASBR can be routed through any ABR. You can change this behavior with the
area 1 nssa translate type7 suppress-fa command,
which forces the FA to zero during translation, forcing ASBR NSSA traffic to pass only through a single ABR translator.
In the NSSA zone, you can direct traffic bypassing the ASBR to the router from another routing domain, as is done in standard zones in the situations described above, for this you need to fulfill a number of conditions, in particular, declare a common subnet in the OSPF domain.
Strictly speaking, to set the router address in the FA field from another routing domain, it is not enough to declare a shared network in the OSPF domain, the following conditions must be met:
- OSPF must be enabled on the ASBR interface connected to the router from another routing domain.
- The ASBR interface of the router connected to the router from another routing domain should not be passive
- The ASBR interface of the router connected to the router from another routing domain should not be point-to-point
- The ASBR interface of the router connected to the router from another routing domain should not be point-to-multipoint