Home > CCIE, OSPF > ASBR in NSSA – Choosing what IP to use as forwarding address

ASBR in NSSA – Choosing what IP to use as forwarding address


OSPF is one of the protocols where the details are very important. It has lots
of bits and pieces to make it run in a proper way. I have described the forwarding
address in an earlier post and this time I want to show how the IP that is used
as the forwarding address is selected. We start out with this simple topology.

It’s a very basic config where R1 is redistributing a route and running in a
NSSA area.

R1#sh run | s router ospf|ip route
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 area 10 nssa
 redistribute static subnets
ip route 100.0.0.0 255.0.0.0 Null0

Which IP will R1 use for its forwarding address? We look at R3.

R3#sh ip route ospf | i E2
O E2 100.0.0.0/8 [110/20] via 23.23.23.2, 00:57:59, FastEthernet0/0
R3#sh ip ospf data ex 100.0.0.0

            OSPF Router with ID (3.3.3.3) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA
  LS age: 120
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 100.0.0.0 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000005
  Checksum: 0x4AC0
  Length: 36
  Network Mask: /8
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 12.12.12.1
        External Route Tag: 0

It has chosen its interface address towards R2. What if we enable OSPF on the other
Ethernet interface of R1?

R1(config)#int f0/1
R1(config-if)#ip ospf 1 area 10

We check R3 again.

R3#sh ip ospf data ex 100.0.0.0

            OSPF Router with ID (3.3.3.3) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA
  LS age: 25
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 100.0.0.0 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000006
  Checksum: 0x6676
  Length: 36
  Network Mask: /8
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 112.112.112.1
        External Route Tag: 0

The forwarding address has changed. It selected the IP of the other Ethernet interface
of R1. We can see that it prefers to choose a higher IP address. What if we announce
the loopback of R1 in the NSSA area?

R1(config-if)#int lo0
R1(config-if)#ip ospf 1 area 10
R3#sh ip ospf data ex 100.0.0.0

            OSPF Router with ID (3.3.3.3) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA
  LS age: 27
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 100.0.0.0 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000007
  Checksum: 0xAE53
  Length: 36
  Network Mask: /8
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 11.11.11.11
        External Route Tag: 0

Now the loopback IP is chosen instead. So since the loopback has a lower IP but still
is preferred we can see that loopbacks are preferred in the selection. To see this
clearly defined in words we reference RFC 3101 section 2.3.

When a router is forced to pick a forwarding address for a Type-7
LSA, preference should be given first to the router's internal
addresses (provided internal addressing is supported).  If internal
addresses are not available, preference should be given to the
router's active OSPF stub network addresses.  These choices avoid the
possible extra hop that may happen when a transit network's address
is used.  When the interface whose IP address is the LSA's forwarding
address transitions to a Down state (see [OSPF] Section 9.3), the
router must select a new forwarding address for the LSA and then re-
originate it.  If one is not available the LSA should be flushed.

So the selection process is to choose the highest IP of a loopback advertised
into the NSSA area. If no loopback is advertised then choose the highest
physical interface IP advertised into the NSSA area.

I hope that I have provide another piece to the OSPF puzzle and you now have
a good understanding of the forwarding address.

  1. September 22, 2012 at 1:02 pm

    Good 🙂 . Thank for share 🙂

  2. Helge
    July 20, 2014 at 11:21 am

    “So the selection process is to choose the highest IP of a loopback advertised
    into the NSSA area. If no loopback is advertised then choose the highest
    physical interface IP advertised into the NSSA area.”

    This is true as long as the “classic” condition to set the FA to a non-zero value isn’t met:
    ASBR’s next-hop interface is
    – OSPF enabled and non-passive
    – no point-to-[multi]point interface

    Otherwise, evaluation the next-hop interface would provide the optimal path, so this condition is checked first.

  3. Matte
    September 19, 2014 at 5:05 pm

    is this true only when redistributing static null routes? I can’t figure out other cases

    Thanks,

  4. Matte
    September 21, 2014 at 2:12 am

    I’ve found myself the answer: the rules for setting the FA apply. If OSPF is enabled on the interface connected to the next-hop of the redistributed networks, the FA value is set to the next-hop IP. However, the interface type seems not to apply.

  5. August 6, 2015 at 12:39 am

    Hey Daniel. I’ve done a bunch of testing on this and had similar results. But I realised something. The forwarding address does not even have to be an IP on the ASBR at all. So I guess this is applicable if the forward address turns out to be an IP on the ASBR. But the forward address could just be on a completely different router, EVEN THOUGH the ASBR is the one who dictates what that IP actually would be.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: