Skip to main content

OSPFv3 Forwarding Address under NSSA vs Regular External

ospfv3_simple

I am sharing something I researched recently at work, and still do not have the final answer, however it is interesting so I decided to write about it, some of the development group asked us why and if it is really important to use the Forwarding address in OSPFv3 implementation.

I have used the above model (and another that may be I will share later).

External NSSA

External without NSSA

  • I am advertising from R6 and R5 net 2001:11:145:56::
  • On the External database of R1 there is only a single selected although under R3 both options (from R5 and R6) are there, so it looks like it is being filtered.

R1#sh ipv ospf database external

            OSPFv3 Router with ID (150.1.1.1) (Process ID 1)

                Type-5 AS External Link States

  …

  Routing Bit Set on this LSA

  LS age: 143

  LS Type: AS External Link

  Link State ID: 1

  Advertising Router: 150.3.3.3

  LS Seq Number: 80000002

  Checksum: 0xEC3F

  Length: 56

  Prefix Address: 2001:11:145:56::

  Prefix Length: 64, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 20

Forward Address: 2001:11:143:36::2

  External Route Tag: 600

  • R3 is the ABR and as such it translate the LSA-7 to 5
  • To reach Advertising router we must use link local

R1#sh ipv ospf database link

            OSPFv3 Router with ID (150.1.1.1) (Process ID 1)

                Link (Type-8) Link States (Area 0)

  LS age: 1175

  Options: (V6-Bit, E-Bit, R-bit, DC-Bit)

  LS Type: Link-LSA (Interface: FastEthernet1/1)

  Link State ID: 4 (Interface ID)

  Advertising Router: 150.1.1.1

  LS Seq Number: 80000001

  Checksum: 0x8CFC

  Length: 56

  Router Priority: 1

  Link Local Address: FE80::C800:19FF:FE9C:1D

  Number of Prefixes: 1

  Prefix Address: 2001:11:141:13::

  Prefix Length: 64, Options: None

  LS age: 1131

  Options: (V6-Bit, E-Bit, R-bit, DC-Bit)

  LS Type: Link-LSA (Interface: FastEthernet1/1)

  Link State ID: 5 (Interface ID)

Advertising Router: 150.3.3.3

  LS Seq Number: 80000001

  Checksum: 0xCC98

  Length: 56

  Router Priority: 1

Link Local Address: FE80::C802:19FF:FE9C:38

  Number of Prefixes: 1

  Prefix Address: 2001:11:141:13::

  Prefix Length: 64, Options: None

R1#

R1#show ipv route 2001:11:145:56::

Routing entry for 2001:11:145:56::/64

  Known via "ospf 1", distance 110, metric 20

  Tag 600, type extern 2

  Route count is 1/1, share count 0

  Routing paths:

FE80::C802:19FF:FE9C:38, FastEthernet1/1

      Last updated 00:16:00 ago

R1#

  • The FWD address used is the selected default gateway to reach the External prefix as it can have 2 paths (one from R5 and the other from R6)
  • However it looks like the FWD address is ignored as R3 install both paths and use both of them

R1#traceroute 2001:11:145:56::1

Type escape sequence to abort.

Tracing the route to 2001:11:145:56::1

  1  *

    2001:11:141:13::2 8 msec 4 msec

  2 2001:11:143:36::2 16 msec

    2001:11:143:35::2 16 msec

    2001:11:143:36::2 12 msec

R1#traceroute 2001:11:145:56::2

Type escape sequence to abort.

Tracing the route to 2001:11:145:56::2

  1 2001:11:141:13::2 4 msec 4 msec 8 msec

  2 2001:11:143:36::2 20 msec

    2001:11:143:35::2 8 msec

    2001:11:143:36::2 16 msec

R1#

  • On that case we both LSA to the External route

R1#show ipv os database external

            OSPFv3 Router with ID (150.1.1.1) (Process ID 1)

                Type-5 AS External Link States

  …

  Routing Bit Set on this LSA

  LS age: 54

  LS Type: AS External Link

  Link State ID: 7

  Advertising Router: 150.5.5.5

  LS Seq Number: 80000001

  Checksum: 0x442

  Length: 40

  Prefix Address: 2001:11:145:56::

  Prefix Length: 64, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 20

  External Route Tag: 500

Routing Bit Set on this LSA

  LS age: 28

  LS Type: AS External Link

  Link State ID: 4

  Advertising Router: 150.6.6.6

  LS Seq Number: 80000001

  Checksum: 0xAC35

  Length: 40

  Prefix Address: 2001:11:145:56::

  Prefix Length: 64, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 20

  External Route Tag: 600

  • To reach them R3 the ABR is advertising an Inter area router (similar to LSA 4)

R1#show ipv os database inter-area router

            OSPFv3 Router with ID (150.1.1.1) (Process ID 1)

                Inter Area Router Link States (Area 0)

  Routing Bit Set on this LSA

  LS age: 143

  Options: (V6-Bit, E-Bit, R-bit, DC-Bit)

  LS Type: Inter Area Router Links

  Link State ID: 2516911365

  Advertising Router: 150.3.3.3

  LS Seq Number: 80000001

  Checksum: 0x45D5

  Length: 32

  Metric: 1

  Destination Router ID: 150.5.5.5

  Routing Bit Set on this LSA

  LS age: 116

  Options: (V6-Bit, E-Bit, R-bit, DC-Bit)

  LS Type: Inter Area Router Links

  Link State ID: 2516977158

  Advertising Router: 150.3.3.3

  LS Seq Number: 80000001

  Checksum: 0x4BC9

  Length: 32

  Metric: 1

  Destination Router ID: 150.6.6.6

R1#

  • And again we need link local to reach ABR

R1#show ipv os database link

            OSPFv3 Router with ID (150.1.1.1) (Process ID 1)

                Link (Type-8) Link States (Area 0)

  LS age: 1959

  Options: (V6-Bit, E-Bit, R-bit, DC-Bit)

  LS Type: Link-LSA (Interface: FastEthernet1/1)

  Link State ID: 4 (Interface ID)

  Advertising Router: 150.1.1.1

  LS Seq Number: 80000001

  Checksum: 0x8CFC

  Length: 56

  Router Priority: 1

  Link Local Address: FE80::C800:19FF:FE9C:1D

  Number of Prefixes: 1

  Prefix Address: 2001:11:141:13::

  Prefix Length: 64, Options: None

  LS age: 34

  Options: (V6-Bit, E-Bit, R-bit, DC-Bit)

  LS Type: Link-LSA (Interface: FastEthernet1/1)

  Link State ID: 5 (Interface ID)

  Advertising Router: 150.3.3.3

  LS Seq Number: 80000002

  Checksum: 0xCA99

  Length: 56

  Router Priority: 1

Link Local Address: FE80::C802:19FF:FE9C:38

  Number of Prefixes: 1

  Prefix Address: 2001:11:141:13::

  Prefix Length: 64, Options: None

R1#

· Forwarding is correctly.

R1#traceroute 2001:11:145:56::1

Type escape sequence to abort.

Tracing the route to 2001:11:145:56::1

  1 2001:11:141:13::2 4 msec 8 msec 4 msec

  2 2001:11:143:35::2 8 msec

    2001:11:143:36::2 32 msec

    2001:11:143:35::2 12 msec

R1#traceroute 2001:11:145:56::2

Type escape sequence to abort.

Tracing the route to 2001:11:145:56::2

  1 2001:11:141:13::2 4 msec 4 msec 8 msec

  2 2001:11:143:35::2 8 msec

    2001:11:143:36::2 20 msec

    2001:11:143:35::2 16 msec

R1#

I have to say that the following implementation was based on Cisco IOS 15.2, older versions, do not use the Forwarding address at all although from the results above technically I do not see how it is used here as well forwarding wise.

As for the RFC’s the reference is https://tools.ietf.org/html/rfc5340

  • The forwarding address is present in the AS-external-LSA if and only if the AS-external-LSA's bit F is set.
  • case the F bit is marked:
  • It MUST NOT be set to the IPv6 Unspecified Address (0:0:0:0:0:0:0:0) or an IPv6 Link-Local Address (Prefix FE80/10)
  • forwarding address MUST advertise a global IPv6 address
  • Section A.4.8.  NSSA-LSAs

"The selection should proceed the same as OSPFv2 NSSA support [NSSA]with additional checking to ensure IPv6 link-local address are not selected."

  • that is referencing to NSSA RFC 3031 where it clearly indicate under section 2.3  Type-7 LSAs

          "6. Those Type-7 LSAs that are to be translated into Type-5 LSAs must have their forwarding address set."

What do you think?

1 comment

Popular posts from this blog

Step By Step MPLS – Basic MPLS Setup

Initial configuration , very basic with no MPLS, connectivity only to directly connected interfaces.R1R2R3R4!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.31.1 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.42.2 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.31.3 255.255.255.0
duplex auto
speed auto
  no clns route-cache
!
interface Serial1/0
ip address 10.0.43.3 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.42.4 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
ip address 10.0.43.4 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
adding to the following configuration MPLS labels we will start wi…

VRF Maximum Routes

Maximum routes under customer vrf, if the service provider had unlimited resources he would not have needed that!
however normally resources are limited and expensive, and Service provider would like to make money from his available resources. maximum routes configured under VRF provide a mean of controlling PE local resource and abuse avoidance from the CE side.I have vrf called DC_EXTRANET, you can see that I have 16 routes, I have configured 10 maximum routes under that vrf however I did not want to be aggressive so I have set the warning only option. See that immediately I get a notice that I have more routes then the maximum, however no action is taken other then alerting and sending a syslog. ! PE_ashdod_otherisp.n(config-vrf)# maximum routes 10 warning-only % The current number of routes in the routing table is equal to, or exceeds the configured warning limit PE_ashdod_otherisp.n(config-vrf)# *Nov 26 20:39:41.175: %IPRT-3-ROUTELIMITWARNING: IP routing table limit warning - DC_…

ISIS Database Reading

ISIS is simple to operate normally while everything is working, most common deployments are flat network based on L2, however when there is a problem and we need to start troubleshooting then people start to get lost.So I would like to provide some tools on how to read ISIS database.notice to the “*” sign, that mean LSP was generated on the router you did the show command, you can see that host name from the show command match also host name on the LSPID,LSPID identified by hostname.xx-yy,  xx is normally 00 unless that LSP is pseudo node LSP generated by DIS , yy is representing the number of fragments for that LSP 00 – FF (max 255 fragments, plenty), most cases all the important information will be in 00 unless there are many fragments.LSP Holdtime is the amount of time an LSP will stay in database without any refresh.ATT/P/OL - 0/0/0, ATT bit or attached bit is used on L1/L2 connected to L1 node, if set to 1 L1 node will generate default route to the best L1/L2 node (best metric)AT…