OSPF LSA5: Forward Address or optimal routing bypassing the ASBR
The training materials for CCNP Route state that if there are several external OSPF routes of the same type, the route with the best metric will be selected, in case of metrics matching, the route announced by the nearest ASBR is selected. At the same time, it seems that traffic to external networks should always pass through the ASBR. In practice, this description is incomplete and one aspect is omitted, which can lead to suboptimal routing.
So, we have a simple network topology of three routers.
R1 is the OSPF router, R3 is the EIGRP router and R2 is the ASBR router, which redistributes the EIGRP 10.3.3.0/24 route into the OSPF domain, i.e. The redistribute eigrp 1 subnets command has been entered on this router. OSPF works only on a direct link between R1 and R2 and is disabled on the interfaces of R2 and R1 routers interfaced with switch SW1. EIGRP is running on R2 and R3 interfaces connected to SW1. As a result of this configuration, the route from R1 to the subnet 10.3.3.0/24 will run through 192.168.55.2, i.e. via ASBR router R2:
')
Obviously, as a result, we get a situation with suboptimal routing, because a more efficient route between the router R1 and R3 through SW1 remains untapped.
As it is known, external routes in the OSPF protocol are described by LSA5 announcements, the LSA5 structure provides the Forward Address field, for the considered route this field in LSA5 is filled with zeros:
Empirically, it was found out that if this field has a zero value, as in the described case, then the traffic is always, as it should be, sent to the ASBR router whose address is specified in the Advertising Router field of the corresponding LSA5. This situation is described in most of the materials for CCNP: Route. If the Forward Address has a non-zero value, then the traffic will be redirected to the address specified in this field bypassing the ASBR. Using this field for the existing topology, you can achieve a more optimal routing by directing traffic directly between R1-> R3, bypassing the ASBR R2. Forward Address will automatically be filled in if the condition is met - the subnet 192.168.0.0/24 associated with SW2 must be advertised in the OSPF domain. To do this, you need to enable OSPF on the corresponding interfaces R1 and R2, connected to SW1. As a result of fulfilling these requirements, the Forward Address field in the corresponding LSA5 changes:
Then the entry in the routing table R1 is changed:
As a result, a more optimal route from R1 is used directly to the R3 router, bypassing the ASBR router R2. Interestingly, the traffic is sent directly to the router that belongs to another routing protocol bypassing the ASBR.
Now let's look at how routing is performed when there are two ASBRs in the network. To do this, add the ASBR router R4 to the topology in question:
For the 10.3.3.0/24 route, each ASBR generates a separate LSA5. In the case when LSA5 are of the same type with different metrics, LSA5 wins with a smaller metric and the traffic is sent either to the ASBR that generated the winning announcement, or to the FA, if this field is set in the winning announcement. Those. if the LSA5 metric from R4 is better than the R2 metric, traffic is routed to the ASBR router R4. In the reverse situation, if LSA5 is better from R2, the traffic is forwarded bypassing R2 directly to R3, since FA field in the winning announcement is set.
In a more difficult situation, when the metrics of announcements are the same, the choice of the best route is not so obvious. If FA is zero, the closest ASBR is selected as the route on the current router. In the design topology, ASBR routers have the following costs:
Those. according to the scheme described in the educational literature, the traffic should be directed to the ASBR router R4, but this does not happen, the corresponding entry for the route in the routing table looks like this:
Those. traffic is still sent to R3 bypassing all ASBR routers. The fact is that the costs to the ASBR are compared only if FA have zero value. If FA is set in any announcement, when comparing from this announcement it is the cost to the FA network that is used, the cost to the ASBR is ignored. This topology compares the cost of the FA network from the R2 announcement, with the cost up to the ASBR router R4, and since the FA network has metric 1, the path R1-> R3 wins, despite the fact that the distance to R4 is better than to R2. If the FA and ASBR values for different LSA5 are equal, load balancing will be performed.
Unlike the standard zone, where under normal conditions the FA is filled with zeros, the ASBR router located in the NSSA zone, generating LSA7, always fills the FA field with the address of the corresponding interface. During the broadcast on the ABR router, the FA field does not change and is stored in LSA5, which indicates the ASBR in the NSSA zone. As a result, the traffic will go not through ABR, which performed the LSA7-> LSA5 broadcast, but via the shortest route to FA, i.e. traffic in the NSSA zone to the ASBR can be driven through any ABR. You can change this behavior with the command
area 1 nssa translate type7 suppress-fa
which forcibly resets FA during translation, forcing ASBR NSSA traffic to pass only and only through a single ABR translator.
In the NSSA zone, you can send traffic bypassing the ASBR to a router from another routing domain, as is done in standard zones in the situations described above, for this you need to fulfill a number of conditions, in particular, to declare the common subnet to the OSPF domain.
Strictly speaking, to set the address of the router in the FA field from another routing domain, it is not enough to advertise the common network to the OSPF domain, the following conditions must be met:
- OSPF must be enabled on the ASBR interface connected to the router from another routing domain.
- The ASBR interface of the router connected to the router from another routing domain should not be passive
- The ASBR interface of the router connected to the router from another routing domain should not be point-to-point
- The ASBR interface of the router connected to the router from another routing domain should not be point-to-multipoint
So, we have a simple network topology of three routers.
R1 is the OSPF router, R3 is the EIGRP router and R2 is the ASBR router, which redistributes the EIGRP 10.3.3.0/24 route into the OSPF domain, i.e. The redistribute eigrp 1 subnets command has been entered on this router. OSPF works only on a direct link between R1 and R2 and is disabled on the interfaces of R2 and R1 routers interfaced with switch SW1. EIGRP is running on R2 and R3 interfaces connected to SW1. As a result of this configuration, the route from R1 to the subnet 10.3.3.0/24 will run through 192.168.55.2, i.e. via ASBR router R2:
')
Obviously, as a result, we get a situation with suboptimal routing, because a more efficient route between the router R1 and R3 through SW1 remains untapped.
As it is known, external routes in the OSPF protocol are described by LSA5 announcements, the LSA5 structure provides the Forward Address field, for the considered route this field in LSA5 is filled with zeros:
Empirically, it was found out that if this field has a zero value, as in the described case, then the traffic is always, as it should be, sent to the ASBR router whose address is specified in the Advertising Router field of the corresponding LSA5. This situation is described in most of the materials for CCNP: Route. If the Forward Address has a non-zero value, then the traffic will be redirected to the address specified in this field bypassing the ASBR. Using this field for the existing topology, you can achieve a more optimal routing by directing traffic directly between R1-> R3, bypassing the ASBR R2. Forward Address will automatically be filled in if the condition is met - the subnet 192.168.0.0/24 associated with SW2 must be advertised in the OSPF domain. To do this, you need to enable OSPF on the corresponding interfaces R1 and R2, connected to SW1. As a result of fulfilling these requirements, the Forward Address field in the corresponding LSA5 changes:
Then the entry in the routing table R1 is changed:
As a result, a more optimal route from R1 is used directly to the R3 router, bypassing the ASBR router R2. Interestingly, the traffic is sent directly to the router that belongs to another routing protocol bypassing the ASBR.
Now let's look at how routing is performed when there are two ASBRs in the network. To do this, add the ASBR router R4 to the topology in question:
For the 10.3.3.0/24 route, each ASBR generates a separate LSA5. In the case when LSA5 are of the same type with different metrics, LSA5 wins with a smaller metric and the traffic is sent either to the ASBR that generated the winning announcement, or to the FA, if this field is set in the winning announcement. Those. if the LSA5 metric from R4 is better than the R2 metric, traffic is routed to the ASBR router R4. In the reverse situation, if LSA5 is better from R2, the traffic is forwarded bypassing R2 directly to R3, since FA field in the winning announcement is set.
In a more difficult situation, when the metrics of announcements are the same, the choice of the best route is not so obvious. If FA is zero, the closest ASBR is selected as the route on the current router. In the design topology, ASBR routers have the following costs:
Those. according to the scheme described in the educational literature, the traffic should be directed to the ASBR router R4, but this does not happen, the corresponding entry for the route in the routing table looks like this:
Those. traffic is still sent to R3 bypassing all ASBR routers. The fact is that the costs to the ASBR are compared only if FA have zero value. If FA is set in any announcement, when comparing from this announcement it is the cost to the FA network that is used, the cost to the ASBR is ignored. This topology compares the cost of the FA network from the R2 announcement, with the cost up to the ASBR router R4, and since the FA network has metric 1, the path R1-> R3 wins, despite the fact that the distance to R4 is better than to R2. If the FA and ASBR values for different LSA5 are equal, load balancing will be performed.
Unlike the standard zone, where under normal conditions the FA is filled with zeros, the ASBR router located in the NSSA zone, generating LSA7, always fills the FA field with the address of the corresponding interface. During the broadcast on the ABR router, the FA field does not change and is stored in LSA5, which indicates the ASBR in the NSSA zone. As a result, the traffic will go not through ABR, which performed the LSA7-> LSA5 broadcast, but via the shortest route to FA, i.e. traffic in the NSSA zone to the ASBR can be driven through any ABR. You can change this behavior with the command
area 1 nssa translate type7 suppress-fa
which forcibly resets FA during translation, forcing ASBR NSSA traffic to pass only and only through a single ABR translator.
In the NSSA zone, you can send traffic bypassing the ASBR to a router from another routing domain, as is done in standard zones in the situations described above, for this you need to fulfill a number of conditions, in particular, to declare the common subnet to the OSPF domain.
Strictly speaking, to set the address of the router in the FA field from another routing domain, it is not enough to advertise the common network to the OSPF domain, the following conditions must be met:
- OSPF must be enabled on the ASBR interface connected to the router from another routing domain.
- The ASBR interface of the router connected to the router from another routing domain should not be passive
- The ASBR interface of the router connected to the router from another routing domain should not be point-to-point
- The ASBR interface of the router connected to the router from another routing domain should not be point-to-multipoint
Source: https://habr.com/ru/post/195610/
All Articles