How Is The Forwarding Address decided?

http://postimg.org/image/d9pabsijd/

See the link above for my topology. All links are P2P and R4 is redistributing the 99.0.0.0 prefix into OSPF.

I want to know how the forwarding address is decided for any external routes that R4 redistributes into OSPF? Currently R3 is the type 7 to 5 translator.

 

R1#sh ip ospf database external 99.0.0.0

OSPF Router with ID (1.1.1.1) (Process ID 1)

Type-5 AS External Link States

Routing Bit Set on this LSA
LS age: 1012
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 99.0.0.0 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000005
Checksum: 0x59AD
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 10.0.24.4
External Route Tag: 0


And I can see that R4 has set the forward address to 10.0.24.4. I don't understand why? If I look on R4 I can see, from the output below, that he also has an ospf enabled interface on fa0/0 with a higher IP address. So I expected to see that 10.0.34.4 (as it's a higher value) would be forwarding address. But that's not the case here and I can't understand why?

R4#sh ip ospf int brief
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Fa0/1 1 1 10.0.24.4/24 10 P2P 1/1
Fa0/0 1 1 10.0.34.4/24 10 P2P 1/1


I also don't understand Cisco's website on this forwarding address. The website says that for the forward address to be set to a non-zero value that the "ASBR's next hop interface is not point-to-point". Yet I have a P2P network only here and the forward address is not zero.

 

FYI If I do actually turn the NSSA into a broadcast network, I do get the desired behaviour. Where the forward address changes to 10.0.34.4 instead.

Comments

  • MartinlMartinl ✭✭✭

    well, it looks like it is the lowest IP and not highest; someone else mentioned here that FA IP is the first IP that runs in OSPF domain.

    for non-zero FA IP, there are 4 rules and all those must be true for non-zero FA.

     

  • If the area ASBR is into is NSSA there are some rules, if the area is a regular area, there are other rules. What is your use case? And it is NOT the highest or the lowest IP, as it wuld defeat the purpose of the FA address.

  • After much research I understand your comment now. Yeah the forward address could be an IP on a completely different router.

     

    What has actually made me confused is the list of criteria used to decide if the forward address is allowed to be a non-zero value. Cisco has the following critiea listed on their website

    • "These conditions set the forwarding address field to a non-zero
      address:

      • OSPF is enabled on the ASBR's next hop interface AND

      • ASBR's next hop interface is non-passive under OSPF AND

      • ASBR's next hop interface is not
        point-to-point
        AND

      • ASBR's next hop interface is not
        point-to-multipoint AND

      • ASBR's next hop interface address falls under the network range
        specified in the router ospf command.

    • Any other conditions besides these set the forwarding address to
      0.0.0.0.
      "

     

    So I created the topology in the link below (R4 is doing mutual redistribution between ospf and eigrp).

    http://ccieblog.co.uk/wp-content/uploads/2015/07/Understanding-LSA-Recursion.png

    In this network, R4 set the forward address to 10.0.34.4. HOWEVER, all links in the entire OSPF domain
    are configured as P2P. So this means that I have not met the criteria specified by Cisco (because in the steps above it says i must not set the ASBR next hop to p2p), YET, the forward address is a non-zero value. So can you explain this, because I can't?

     

  • is there cisco site with "These conditions set the forwarding address field to a non-zero
    address"?

  • Hi all,

    Here is a link, but the topology looks somehow different.

    http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13682-10.html

  • In your topology, the two routers towards R4 do not share the same ethernet link. Cisco recommendations are from 2005 and those could change with the time and new IOS implementation. Nowadays, even the ethernet shared media is not shared by more than two routers so that condition does not apply here. my 2 cents

    HTH

     

     

     

    After much research I understand your comment now. Yeah the forward address could be an IP on a completely different router.

     

    What has actually made me confused is the list of criteria used to decide if the forward address is allowed to be a non-zero value. Cisco has the following critiea listed on their website

    • "These conditions set the forwarding address field to a non-zero
      address:

      • OSPF is enabled on the ASBR's next hop interface AND

      • ASBR's next hop interface is non-passive under OSPF AND

      • ASBR's next hop interface is not
        point-to-point
        AND

      • ASBR's next hop interface is not
        point-to-multipoint AND

      • ASBR's next hop interface address falls under the network range
        specified in the router ospf command.

    • Any other conditions besides these set the forwarding address to
      0.0.0.0.
      "

     

    So I created the topology in the link below (R4 is doing mutual redistribution between ospf and eigrp).

    http://ccieblog.co.uk/wp-content/uploads/2015/07/Understanding-LSA-Recursion.png

    In this network, R4 set the forward address to 10.0.34.4. HOWEVER, all links in the entire OSPF domain
    are configured as P2P. So this means that I have not met the criteria specified by Cisco (because in the steps above it says i must not set the ASBR next hop to p2p), YET, the forward address is a non-zero value. So can you explain this, because I can't?

     

     

  • So does anyone know why the forwarding address is set to that particular IP yet? I am going to lab it up again and see if I can figure it out.

  • Ok I have created a similar topology on the INE's LAB. See the image below for the setup.

    http://postimg.org/image/a71o2rdcf/

    On r7 I redistributed EIGRP into OSPF. However, I left ALL OSPF enabled interfaces on R7 shutdown so that I could enable them one by one to check the behaviour of the forward address, as shown below

    R7#sh ip ospf int brief
    Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
    Gi1.7        1     1               155.1.7.7/24       1     DOWN  0/0
    Gi1.67       1     1               155.1.67.7/24      1     DOWN  0/0
    Gi1.37       1     1               155.1.37.7/24      1     DOWN  0/0

     

    Ok so then I enabled them one by one

    R7(config-subif)#int gi1.67
    R7(config-subif)# no shut

    Now I checked the forward address for the external eigrp prefix 155.1.79.0 on R1.

    R1#sh ip ospf da ex 155.1.79.0

                OSPF Router with ID (1.1.1.1) (Process ID 1)

            Type-5 AS External Link States

      LS age: 22
      Options: (No TOS-capability, DC, Upward)
      LS Type: AS External Link
      Link State ID: 155.1.79.0 (External Network Number )
      Advertising Router: 6.6.6.6
      LS Seq Number: 80000001
      Checksum: 0x6055
      Length: 36
      Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 155.1.67.7
        External Route Tag: 0

    Ok so currently its 155.1.67.7. So next I enabled another interface on R7 (specifically gi1.37). Note that this interface IP is 155.1.37.7, which is LOWER than the current forward address 155.1.67.7.

    R7(config-subif)#int gi1.37
    R7(config-subif)#no shut

    Then I checked the external prefix again on R1, but the forward adderss stayed the SAME.

    R1#sh ip ospf da ex 155.1.79.0

                OSPF Router with ID (1.1.1.1) (Process ID 1)

            Type-5 AS External Link States

      LS age: 50
      Options: (No TOS-capability, DC, Upward)
      LS Type: AS External Link
      Link State ID: 155.1.79.0 (External Network Number )
      Advertising Router: 6.6.6.6
      LS Seq Number: 80000001
      Checksum: 0x6055
      Length: 36
      Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 155.1.67.7
        External Route Tag: 0

    So I then tried enabling the final interface on R7 (gi1.7), which has the IP address 155.1.7.7 (which again is LOWER than the current forward address 155.1.67.7)

    R7(config-subif)#int gi1.7
    R7(config-subif)#no shut

    And then I checked the database on R1 one final time

    R1#sh ip ospf da ex 155.1.79.0

                OSPF Router with ID (1.1.1.1) (Process ID 1)

            Type-5 AS External Link States

      LS age: 10
      Options: (No TOS-capability, DC, Upward)
      LS Type: AS External Link
      Link State ID: 155.1.79.0 (External Network Number )
      Advertising Router: 6.6.6.6
      LS Seq Number: 80000002
      Checksum: 0x4FA1
      Length: 36
      Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 155.1.7.7
        External Route Tag: 0

    AND ITS CHANGED!!!!!! So it isn't clear why the IP changes at all. And according to RFC 1587, it just states this:

             If the network between the NSSA AS boundary router and the
             adjacent AS is advertised into OSPF as an internal OSPF
             route, the forwarding address should be the next hop
             address as is currently done in type-5 LSAs, but unlike
             type-5 LSAs if the intervening network is not advertised
             into OSPF as an internal OSPF route, the forwarding
             address should be any one of the router's active OSPF
             interface addresses.

    In my case, my OSPF boundary router is R7. And the connection towards R9 is not OSPF enabled, so it means that R7 should just pick an any one of the routers active OSPF interfaces. Which is exactly what it is doing. But the point it this, Cisco's implementation of the forwarding address does not excplitily state what IP address will be chosen. And I cannot see any logic in my testing lab that would identify why the forward address changes to 155.1.7.7. So as a question to Christian or Brian, do you know any more than this? As at the moment, the selected IP address appears to be completely random.

     

  • if the ASBR is not in NSSA area, you have to meet the rules for setting the FA to non-zero; if you meet the rules, the FA value is the next-hop value of the route from RIB (show ip route).

     

  • I have to politely disagree, as proven my my second lab.

  • Hi cristian,

    I think rg is looking for clarification on the following:

    Buried in the bowels of RFC 3101 Section 2.3

       "When a router is forced to pick a forwarding address for a Type-7

       LSA, preference should be given first to the router's internal                   <<< 1

       addresses (provided internal addressing is supported).  If internal

       addresses are not available, preference should be given to the

       router's active OSPF stub network addresses.  These choices avoid the  <<< 2

       possible extra hop that may happen when a transit network's address    <<< 3

       is used.  When the interface whose IP address is the LSA's forwarding

       address transitions to a Down state (see [OSPF] Section 9.3), the

       router must select a new forwarding address for the LSA and then re-

       originate it.  If one is not available the LSA should be flushed."

     

    1)  internal addresses -- looback addressing

    2)  stub networks -- 155.1.7.7

    3)  transit network -- 155.1.67.7

    Doesn't address p2p networks, or why one transit network is selected over another.  Guess some things remain proprietary.

    If I'm way off the mark then I apologize.//RandyB

  • Randy this is exactly what I was looking for, thanks! I've just re-labbed this up for more testing. The only thing different now is that I have added a new stub interface on R7 for testing, Gi1.17. All interfaces are up, as shown below.

    R7#sh ip ospf int brief
    Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
    Gi1.17       1     1               155.1.17.7/24      1     P2P   0/0
    Gi1.7        1     1               155.1.7.7/24       1     P2P   0/0
    Gi1.37       1     1               155.1.37.7/24      1     P2P   1/1
    Gi1.67       1     1               155.1.67.7/24      1     P2P   1/1

    R7#sh ip ospf da router self

                OSPF Router with ID (7.7.7.7) (Process ID 1)

            Router Link States (Area 1)

      LS age: 147
      Options: (No TOS-capability, DC)
      LS Type: Router Links
      Link State ID: 7.7.7.7
      Advertising Router: 7.7.7.7
      LS Seq Number: 8000000C
      Checksum: 0xE0ED
      Length: 96
      AS Boundary Router
      Number of Links: 6

        Link connected to: a Stub Network
         (Link ID) Network/subnet number: 155.1.17.0
         (Link Data) Network Mask: 255.255.255.0
          Number of MTID metrics: 0
           TOS 0 Metrics: 1

        Link connected to: a Stub Network
         (Link ID) Network/subnet number: 155.1.7.0
         (Link Data) Network Mask: 255.255.255.0
          Number of MTID metrics: 0
           TOS 0 Metrics: 1

        Link connected to: another Router (point-to-point)
         (Link ID) Neighboring Router ID: 3.3.3.3
         (Link Data) Router Interface address: 155.1.37.7
          Number of MTID metrics: 0
           TOS 0 Metrics: 1

        Link connected to: a Stub Network
         (Link ID) Network/subnet number: 155.1.37.0
         (Link Data) Network Mask: 255.255.255.0
          Number of MTID metrics: 0
           TOS 0 Metrics: 1

        Link connected to: another Router (point-to-point)
         (Link ID) Neighboring Router ID: 6.6.6.6
         (Link Data) Router Interface address: 155.1.67.7
          Number of MTID metrics: 0
           TOS 0 Metrics: 1

        Link connected to: a Stub Network
         (Link ID) Network/subnet number: 155.1.67.0
         (Link Data) Network Mask: 255.255.255.0
          Number of MTID metrics: 0
           TOS 0 Metrics: 1

     

    So now if I look at R1's forward address, it appears to have selected the highest stub network IP.

    R1#sh ip ospf da external 155.1.79.0

                OSPF Router with ID (1.1.1.1) (Process ID 1)

            Type-5 AS External Link States

      LS age: 218
      Options: (No TOS-capability, DC, Upward)
      LS Type: AS External Link
      Link State ID: 155.1.79.0 (External Network Number )
      Advertising Router: 6.6.6.6
      LS Seq Number: 80000005
      Checksum: 0xCB18
      Length: 36
      Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 155.1.17.7
        External Route Tag: 0

     

    If I shut gi1.17 down now. Let's see the results on R1.

    R7(config)#int gi1.17
    R7(config-subif)#shut

    R1#sh ip ospf da external 155.1.79.0

                OSPF Router with ID (1.1.1.1) (Process ID 1)

            Type-5 AS External Link States

      LS age: 4
      Options: (No TOS-capability, DC, Upward)
      LS Type: AS External Link
      Link State ID: 155.1.79.0 (External Network Number )
      Advertising Router: 6.6.6.6
      LS Seq Number: 80000006
      Checksum: 0x47A5
      Length: 36
      Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 155.1.7.7
        External Route Tag: 0

    So now the router is preferring the ONLY stub network IP, so this follows suit to the info you found. So now I will shutdown gi1.7 so that only the transit P2P links are available to choose an IP from.

    R7(config)#int gi1.7
    R7(config-subif)#shut

    R1#sh ip ospf da external 155.1.79.0

                OSPF Router with ID (1.1.1.1) (Process ID 1)

            Type-5 AS External Link States

      LS age: 21
      Options: (No TOS-capability, DC, Upward)
      LS Type: AS External Link
      Link State ID: 155.1.79.0 (External Network Number )
      Advertising Router: 6.6.6.6
      LS Seq Number: 80000007
      Checksum: 0xCC01
      Length: 36
      Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 155.1.37.7
        External Route Tag: 0

     

    So now the forward address appears to be the lowest transit P2P link. And finally, if I shut down gi1.37, it should get set to .67.

    R7(config)#int gi1.37
    R7(config-subif)#shut

    R1#sh ip ospf da external 155.1.79.0

                OSPF Router with ID (1.1.1.1) (Process ID 1)

            Type-5 AS External Link States

      LS age: 12
      Options: (No TOS-capability, DC, Upward)
      LS Type: AS External Link
      Link State ID: 155.1.79.0 (External Network Number )
      Advertising Router: 6.6.6.6
      LS Seq Number: 80000008
      Checksum: 0x525C
      Length: 36
      Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 155.1.67.7
        External Route Tag: 0

     

     

     

    ################################################

    I've just done more testing and got clearer results. I'm 100% confident now

    ################################################

    The forward IP  address selection order that Randy stated seems definately correct in my testing, 100%. So now I was interested in identifying which IP is selected if you used only one kind of link. So for this example, I am going to use ONLY P2P transit links in my network. How does the R7 decide which IP it will use for the forwarding address now (is it the highest or lowest ip?). Actually it turns out that the selected IP address is the newest interface that OSPF was enabled on. So Currently, the only OSPF interfaces on R7 are below.

    R7#sh ip ospf int brief
    Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
    Gi1.37       1     1               155.1.37.7/24      1     P2P   1/1
    Gi1.67       1     1               155.1.67.7/24      1     P2P   1/1

     

    And on R1 the forward address is chosen as 155.1.37.7

     

    R1#sh ip ospf da external 155.1.79.0

                OSPF Router with ID (1.1.1.1) (Process ID 1)

            Type-5 AS External Link States

      LS age: 174
      Options: (No TOS-capability, DC, Upward)
      LS Type: AS External Link
      Link State ID: 155.1.79.0 (External Network Number )
      Advertising Router: 6.6.6.6
      LS Seq Number: 80000003
      Checksum: 0xD4FC
      Length: 36
      Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 155.1.37.7
        External Route Tag: 0

     

    So now it looks like the lowest IP address has been selected. So what if I change the IP on the Gi1.67 link to use a higher IP address? By this logic, you would expect that the forward address would not change since it looks like the lowest IP is always selected. Now watch this.

    R7(config)#int gi1.67
    R7(config-subif)#ip address 200.1.67.7 255.255.255.0

    R6(config)#int gi1.67
    R6(config-subif)#ip address 200.1.67.6 255.255.255.0

    But now look what's happened to the fowarding address now on R1.

    R1#sh ip ospf da external 155.1.79.0

                OSPF Router with ID (1.1.1.1) (Process ID 1)

            Type-5 AS External Link States

      LS age: 18
      Options: (No TOS-capability, DC, Upward)
      LS Type: AS External Link
      Link State ID: 155.1.79.0 (External Network Number )
      Advertising Router: 6.6.6.6
      LS Seq Number: 80000001
      Checksum: 0x5137
      Length: 36
      Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 200.1.67.7
        External Route Tag: 0

    It's changed to the ospf interface with the highest IP address on R7. And I've tested this over and over, and my results are 100% consistent.

     

    So to summarise

    The selection order for the forwarding IP in an NSSA area is as follows.

    1)  internal addresses -- looback addressing
    2)  stub networks -- 155.1.7.7
    3)  transit network -- 155.1.67.7

    Now within each category (1, 2, or 3) if there are multiple interfaces then the forwarding IP will always be the newest interface that OSPF was enabled on. The only exception I've found is the loopback addressing. The forwarding address selected by a loopback interface IP is always OLDEST OSPF enabled loopback interface IP address.

    Thank god! I never thought I'd get there, but I did.

  • JoeMJoeM ✭✭✭

    Hi SG,

    I really enjoyed watching your methodology for proving the final answer to yourself.

    Nothing beats labbing it and showing the true results.   You remind me of both my CCIE study partners. They were always asking the hard questions -- which also helped me raise my own game.

    Not just accepting the fast answer, but proving it to yourself (and showing it to everyone else).

    You are on the right road to your CCIE.   Soon you will find that doing troubleshooting is a breeze, because you did your homework.

    Keep doing this.  Cheers!  ;-)

     

    ....

    So to summarise


    The selection order for the forwarding IP in an NSSA area is as follows.


    1)  internal addresses -- looback addressing
    2)  stub networks -- 155.1.7.7
    3)  transit network -- 155.1.67.7


    Now within each category (1, 2, or 3) if there are multiple interfaces then the forwarding IP will always be the newest interface that OSPF was enabled on. The only exception I've found is the loopback addressing. Loopbacks always choose the OLDEST interface IP address as the forwarding address.


    Thank god! I never thought I'd get there, but I did.

     

  • Thanks. I was very determined to work this out as I couldn't find it documented anywhere and my forward address kept changing using the exact same lab. Now I know!

    Credit to Randy for finding the newer RFC for NSSA's. I read RFC 1587, which is the RFC about NSSAs. However, I didn't realise it was made obselete by RFC 3101. And the info I really needed was in this new document.

  • Hi all,

    Great work; thank you for the lab results.

  • MartinlMartinl ✭✭✭

    Wow, Great work and thanks for both Randy and SG4. As a side note: Cisco implemetation may vary from standard one. 

    What was IOS used in the labbing of that "proof"?

  • I just used whatever IOS is in the INE topology, I just checked the rack I used and it was rs5rack2. I am planning to do a full writeup on my blog about this if anyone is interested. Check ccieblog.co.uk in the upcoming days.

  • MartinlMartinl ✭✭✭

    Will do, thx

  • FA is being set as follows:

    - if the ASBR is in a regular area it is NOT required to set the FA to non-zero, and it can set the FA to non-zero ONLY for routes with a next-hop value, thus it cannot do it for connected routes or static routes with only the exit interface. If the route has a next-hop value, the FA address will be the next-hop value(as this is the scope of FA in the end), if that interface over which OSPF recurses meets the rules to set the FA: is OSPF enabled, is transit network type (broadcast/non-broadcast and non-passive)

    -if the ASBR is in a NSSA area and is also an ABR, because it will NOT set the P-bit, it does NOT need to set the FA for all Type7 LSAs; to set the FA to non-zero it needs to meet the regular ASBR rules from above

    - if the ASBR is in a NSSA area and is NOT an ABR as well, in order to set the P-bit, it needs to set the FA to non-zero, thus the algorithm is different than regular ASBR as it needs to set FA for all routes with P-bit set:

            1. if the route has a next-hop value and it recurses over just an OSPF enabled interface in the NSSA area, set the FA to the next-hop value

            2. if the route does NOT have a next-hop value or it does not recurse over an OSPF enabled interface in the NSSA area, set the FA to a value as follows, and this process is preemptive, meaning the FA address can be changed on the fly as interfaces are added or removed in the NSSA area(basically walk all interfaces active in the NSSA area and pick up the first enabled Loopback, if no Loopbacks pick up the first enabled interface; all this is based on “show ip ospf interface brief” which shows up the order in which interfaces have been OSPF enabled):

                 - the first loopback/internal address that was OSPF enabled (so not necessarily the highest Loopback); based on testing it seems loopbacks are added/ordered into OSPF based on the Loopback number, thus Loopback5 will have priority over Loopback9 as the value for the FA

                 - the first non-loopback interface that was OSPF enabled (you see which interfaces were enabled first with “show ip ospf interface brief”); based on testing it seems interfaces are added/ordered into OSPF based on reverse interface numbers, where Gi0/1 will have preference over Gi0/0

                 - RFC 3101 states that order of preference for FA should be:internal addresses, stub networks (non-DR), transit networks (DR); Cisco does not follow up with the RFC and neither does Juniper as far as i'm aware, Juniper follows up on Cisco

     

    I hope this clarifies it all.

    Regards,

  • Hi Cristian and All,

    This part must have been difficult to figure out.  Thank you.

                 - the first non-loopback interface that was OSPF enabled (you see which interfaces were enabled first with “show ip ospf interface brief”); based on testing it seems interfaces are added/ordered into OSPF based on reverse interface numbers, where Gi0/1 will have preference over Gi0/0

                 - RFC 3101 states that order of preference for FA should be:internal addresses, stub networks (non-DR), transit networks (DR); Cisco does not follow up with the RFC and neither does Juniper as far as i'm aware, Juniper follows up on Cisco

     

  • Hi Cristian and All,

    Here is a cartoon on some of the things discussed above.  Idea is to demonstrate tools for moving the Forwarding Address.   IOS 15.3(1)  IOL.  Note the reference points: 1 2 3 and 4.  They show where the Forwarding Address (FA) is moved when configuration on R4-ASBR is changed.

    image

Sign In or Register to comment.