OSPF Forward Address
You might have missed or ignored noticing OSPF Forward Address in OSPF command outputs. Forward
address is a IP field seen in LSA 5 and LSA7. It is the IP address to
which the traffic should be forwarded for an advertised external prefix
(LSA5). The output is shown below.
R1#show ip ospf database external 9.9.0.4
OSPF Router with ID (9.9.0.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 243
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 9.9.0.4 (External Network Number )
Advertising Router: 9.9.0.3
LS Seq Number: 80000001
Checksum: 0xE189
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
OSPF Router with ID (9.9.0.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 243
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 9.9.0.4 (External Network Number )
Advertising Router: 9.9.0.3
LS Seq Number: 80000001
Checksum: 0xE189
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
To
view all external LSAs on an OSPF node simply use "show ip ospf
database external" command without mentioning the specific prefix.
If
the value of OSPF Forward Address is generally set to 0.0.0.0 for an
external prefix(for example, route learned from RIP domain), this means
that the traffic should be forwarded to the ASBR(Advertising-Address).
However, in some situations, the OSPF Forwarding Address will be
non-zero, to avoid sub-optimal routing. Below are the criteria that will
lead to a non-zero forwarding address
- When
OSPF is enabled on the ASBR’s next-hop interface. For your
understanding, ASBR's next hop interface is R4's interface IP
(9.9.34.4).
- When the ASBR’s next-hop interface is non-passive to OSPF.
- When the ASBR’s next-hop interface network type is not Point-to-Point or Point-to-Multipoint.
- When the ASBR’s next-hop interface address falls into the OSPF network range
OSPF FORWARD ADDRESS - Scenario 1
When R3-R4 link is advertised in OSPF on R3, Forward Address in external LSA5 for 9.9.0.4/32 shows a non zero IP as 9.9.34.4 (IP Address of R4’s interface).R1#show ip ospf database external 9.9.0.4 | i Forward
Forward Address: 0.0.0.0
Forward Address: 0.0.0.0
When R3-R4 link not advertised in OSPF on R3, Forward Address in external LSA5 for 9.9.0.4/32 shows 0.0.0.0(by default).
R3#show run int f0/1
interface FastEthernet0/1
ip address 9.9.34.3 255.255.255.0
ip ospf 1 area 1
interface FastEthernet0/1
ip address 9.9.34.3 255.255.255.0
ip ospf 1 area 1
R2#show ip ospf database external 9.9.0.4
OSPF Router with ID (9.9.0.2) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 4
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 9.9.0.4 (External Network Number )
Advertising Router: 9.9.0.3
LS Seq Number: 80000007
Checksum: 0xE94D
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 9.9.34.4
External Route Tag: 0
OSPF Router with ID (9.9.0.2) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 4
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 9.9.0.4 (External Network Number )
Advertising Router: 9.9.0.3
LS Seq Number: 80000007
Checksum: 0xE94D
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 9.9.34.4
External Route Tag: 0
OSPF FORWARD ADDRESS - Scenario 2
If
we change the OSPF network to point-to-point on the external link
R3-R4, and even if we enable OSPF on R3-R4 link (only on R3 interface),
OSPF Forward Address will again be 0.0.0.0. Below is the config.
R3#show run int f1/1
interface FastEthernet1/1
ip address 9.9.34.3 255.255.255.0
ip ospf 1 area 1
interface FastEthernet1/1
ip address 9.9.34.3 255.255.255.0
ip ospf 1 area 1
R3(config-if)#int f1/1
R3(config-if)#ip ospf network point-to-point
R3(config-if)#ip ospf network point-to-point
R2#sh ip ospf database external 9.9.0.4
OSPF Router with ID (9.9.0.2) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 4
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 9.9.0.4 (External Network Number )
Advertising Router: 9.9.0.3
LS Seq Number: 80000008
Checksum: 0x244A
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
OSPF Router with ID (9.9.0.2) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 4
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 9.9.0.4 (External Network Number )
Advertising Router: 9.9.0.3
LS Seq Number: 80000008
Checksum: 0x244A
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
OSPF FORWARD ADDRESS - Scenario 3
When
Forward Address is filtered/blocked somewhere in OSPF domain. The
blocking or filtering of Forward Address can create routing issues in
the network as explained below.
Let’s try pinging External Prefix 9.9.0.4 from R1 without blocking the Forward Address. The ping will work fine as shown below.
Let’s try pinging External Prefix 9.9.0.4 from R1 without blocking the Forward Address. The ping will work fine as shown below.
R1#ping 9.9.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/29/32 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/29/32 ms
Now, let’s block the Forward address by applying a distribute-list on ABR R2.
R2#show run | s router ospf
router ospf 1
distribute-list prefix BLOCK_FWD_ADDRESS in
R2#show run | s BLOCK_FWD_ADDRESS
ip prefix-list BLOCK_FWD_ADDRESS seq 5 deny 9.9.34.0/24
ip prefix-list BLOCK_FWD_ADDRESS seq 10 permit 0.0.0.0/0 le 32
router ospf 1
distribute-list prefix BLOCK_FWD_ADDRESS in
R2#show run | s BLOCK_FWD_ADDRESS
ip prefix-list BLOCK_FWD_ADDRESS seq 5 deny 9.9.34.0/24
ip prefix-list BLOCK_FWD_ADDRESS seq 10 permit 0.0.0.0/0 le 32
Once we block the Forward Address subnet, the External prefix 9.9.0.4 will go unreachable from R1. From the below output we can see that we now cannot ping the 9.9.0.4 from R1.
R1#ping 9.9.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.0.4, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.0.4, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
Imp Note: Such scenarios are specifically created in CCIE Written or LAB exams to test the in-depth knowledge of the candidate. We might not find such scenarios though in real time networks.
Also see the important article related to Forward Address selection criteria in NSSA (for LSA 7 and corresponding LSA 5).
