1 2 Previous Next 15 Replies Latest reply: Feb 21, 2011 2:14 AM by Billy RSS

    OSPF - external route as next-hop question

    Sanjay

      Hello all,

       

      During my studies for the CCIE R&S, I have come across the statement "An OSPF external route cannot use another OSPF external route as its next hop."

       

      I have setup a lab to view this in action, but I have found this statement to be false.  Here is my scenario (all network are 10.10.x.x):

       

      R1 (10.1/24-area 0) -- (10.1/24-area 0) R2 (20.1/24-area 1) -- (20.2/24-area 1) R3 (30.1/24-no ospf ) -- (30.2/24-no ospf) R4 (40.1/24-no ospf)

       

      R1:

      network 10.10.10.0 0.0.0.255 area 0

       

      R2:

      network 10.10.10.0 0.0.0.255 area 0

      network 10.10.20.0 0.0.0.255 area 1

       

      R3:

      network 10.10.20.0 0.0.0.255 area 1

      redistribute connected subnets

      redistribute static subnets

       

      ip route 10.10.40.0 255.255.255.0 10.10.30.2

      ip route 10.10.50.0 255.255.255.0 10.10.40.2

       

      R4:

      ip route 0.0.0.0 0.0.0.0 10.10.30.1

       

       

      On R1 I can see routes to both 10.10.40.0 and 10.10.50.0, which according to that statement, I shouldn't see those route in the routing table.  The route to 10.10.40.0/24 has a next-hop 10.10.30.2 (10.10.30.0/24 is being redistributed via connected) and the route to 10.10.50.0/24 has a next-hop of 10.10.40.2 (10.10.40.0/24 is being redistributed via static).

       

      I have even got rid of the redistribute connected and added "network 10.10.30.0 0.0.0.255 area 1" on R3, but I still get the 10.10.50.0/24 network showing on R1.

       

      Am I missing something here (maybe this statement is only true under certain circumstances) or is this statement really not true???

        • 1. Re: OSPF - external route as next-hop question
          Marko Milivojevic

          You may have missed the point, slightly. OSPF router, as seen on R1, has next-hop of R3. Also, the rule applies to "forwarding-address". In your case, FA will be 0.0.0.0, meaning that next-hop will be ASBR.

           

          [Shameless plug]

           

          I wrote a series of articles on OSPF database and different LSAs. I think you may find them beneficial, especially the one dealing with types 7. Links are below.

           

          Quick Look Into OSPF Database: Router LSA

          Quick Look Into OSPF Database: Network LSA

          Quick Look Into OSPF Database: Summary LSA

          Quick Look Into OSPF Database: External and ASBR-Summary LSA

          Quick Look Into OSPF Database: NSSA External LSA

           

          --

          Marko Milivojevic - CCIE #18427 (SP R&S)

          Senior Technical Instructor - IPexpert

          • 2. Re: OSPF - external route as next-hop question
            Sanjay

            Thanks for the info Marko, great write-ups on the OSPF DBs.

             

            So I think I understand now what that statemenet is saying, but I am having trouble seeing when it would ever come into play.  This is how I understand it -->

             

            With the forwarding address is 0.0.0.0, then the ASBR is the next-hop.  If the forwarding address is non-zeros, then that would effectively become the next hop.  And if that forwarding address is an external route, then it wouldn't be installed as a route based on the statement "An OSPF external route cannot use another OSPF external route as its next hop."

             

            sound right?

             

            If so, I am wondering how a forwarding address would ever become an external address???  as the scenario is above, the forwarding address is 0.0.0.0, making the ASBR the next-hop, reachable by R1 via type 4 LSA.

             

            If area 1 were to become a NSSA, then the forwarding address would be the 10.10.20.2 address which is in the OSPF database via the network command - or the forwarding address could be any other interface injected into the OSPF DB, which also makes it a non-external address.

             

            How would the next-hop ever be an external address?

            • 3. Re: OSPF - external route as next-hop question
              Marko Milivojevic

              For example if you had a static route pointing to FA, or EIGRP route, or eBGP route, or OSPF route was filtered between areas and you happen to have external redistributed from another process... Plenty of situations when this can happen.

               

              --

              Marko Milivojevic - CCIE #18427 (SP R&S)

              Senior Technical Instructor - IPexpert

              • 4. Re: OSPF - external route as next-hop question
                Sanjay

                I am just not seeing it - I am missing a piece.  In the above example, the route to 10.10.50.0/24 has a next hop of 10.10.40.2, where 10.10.40.0/24 is redistributed into OSPF, so technically that shouldn't work.

                 

                 

                I also enabled EIGRP b/t R3 and R4, so R3 would get 10.10.40.0/24 from R4 thru EIGRP.  I then redistributed EIGRP into OSPF and kept the route to 10.10.50.0/24 pointing to 10.10.40.2, while also keeping the redistribute static in the OSPF process.  That didnt stop the 10.10.50.0/24 route from entering the routing table.

                 

                Do you think you could provide an example based on the setup I have been using, that might help make it clearer

                 

                 

                Thanks,
                Sanjay

                • 5. Re: OSPF - external route as next-hop question
                  Marko Milivojevic

                  Sure thing. It will take me some time to prepare, as my rack is busy with another lab at the moment.

                   

                  --

                  Marko Milivojevic - CCIE #18427 (SP R&S)

                  Senior Technical Instructor - IPexpert

                  • 6. Re: OSPF - external route as next-hop question
                    Sanjay

                    No problem - whenever you get a chance.  Thank you for your time and effort on this, I really appreciate the help.

                    • 7. Re: OSPF - external route as next-hop question
                      Marko Milivojevic

                      I had to modify your layout  little bit to use it in my rack. Here's the diagram.

                       

                      Diagram.png

                       

                      Here are the startup configurations, similar to what you proposed.

                       

                      R2:

                      interface Serial0/1/0

                      no ip address

                      encapsulation frame-relay

                      no frame-relay inverse-arp

                      !

                      interface Serial0/1/0.204 point-to-point

                      ip address 10.10.10.1 255.255.255.0

                      frame-relay interface-dlci 204  

                      !

                      router ospf 1

                      log-adjacency-changes

                      network 10.10.10.0 0.0.0.255 area 0

                      !

                       

                      R4:

                      interface Serial0/0/0

                      no ip address

                      encapsulation frame-relay

                      no frame-relay inverse-arp

                      !

                      interface Serial0/0/0.402 point-to-point

                      ip address 10.10.10.2 255.255.255.0

                      frame-relay interface-dlci 402  

                      !

                      interface Serial0/0/0.405 point-to-point

                      ip address 10.10.20.1 255.255.255.0

                      frame-relay interface-dlci 405  

                      !

                      router ospf 1

                      network 10.10.10.0 0.0.0.255 area 0

                      network 10.10.20.0 0.0.0.255 area 1

                      !

                       

                      R5:

                      interface Serial0/1/0

                      no ip address

                      encapsulation frame-relay

                      no frame-relay inverse-arp

                      !

                      interface Serial0/1/0.504 point-to-point

                      ip address 10.10.20.2 255.255.255.0

                      frame-relay interface-dlci 504  

                      !

                      interface Serial0/1/0.506 point-to-point

                      ip address 10.10.30.1 255.255.255.0

                      frame-relay interface-dlci 506  

                      !

                      router ospf 1

                      redistribute connected subnets

                      redistribute static subnets

                      network 10.10.20.0 0.0.0.255 area 1

                      !

                      ip route 10.10.40.0 255.255.255.0 10.10.30.2

                      ip route 10.10.50.0 255.255.255.0 10.10.40.2

                       

                       

                      R6:

                      interface Serial0/1/0

                      no ip address

                      encapsulation frame-relay

                      no frame-relay inverse-arp

                      !

                      interface Serial0/1/0.605 point-to-point

                      ip address 10.10.30.2 255.255.255.0

                      frame-relay interface-dlci 605  

                      !

                      ip route 0.0.0.0 0.0.0.0 10.10.30.1

                       

                       

                      Now, let's examine what we see on R4 to begin with.

                       

                      R4:

                      R4#show ip route ospf

                           10.0.0.0/24 is subnetted, 5 subnets

                      O E2    10.10.30.0 [110/20] via 10.10.20.2, 00:19:02, Serial0/0/0.405

                      O E2    10.10.40.0 [110/20] via 10.10.20.2, 00:18:39, Serial0/0/0.405

                      O E2    10.10.50.0 [110/20] via 10.10.20.2, 00:18:39, Serial0/0/0.405

                       

                      Note the next hop information - regardless of what was the next-hop on R5, it's actually the address of R6 (ASBR). If we examine the same thing on R2:

                       

                      R2:

                      R2#show ip route ospf

                           10.0.0.0/24 is subnetted, 5 subnets

                      O IA    10.10.20.0 [110/128] via 10.10.10.2, 00:21:30, Serial0/1/0.204

                      O E2    10.10.30.0 [110/20] via 10.10.10.2, 00:21:20, Serial0/1/0.204

                      O E2    10.10.40.0 [110/20] via 10.10.10.2, 00:20:58, Serial0/1/0.204

                      O E2    10.10.50.0 [110/20] via 10.10.10.2, 00:20:58, Serial0/1/0.204

                       

                      We can see that the next-hop is the address of R2 (ABR). Let's dive into the database on R2.

                       

                      R2:

                      R2#show ip ospf database external 10.10.30.0

                       

                       

                                  OSPF Router with ID (10.10.10.1) (Process ID 1)

                       

                       

                                      Type-5 AS External Link States

                       

                       

                        Routing Bit Set on this LSA

                        LS age: 1374

                        Options: (No TOS-capability, DC)

                        LS Type: AS External Link

                        Link State ID: 10.10.30.0 (External Network Number )

                        Advertising Router: 10.10.30.1

                        LS Seq Number: 80000001

                        Checksum: 0x1E1D

                        Length: 36

                        Network Mask: /24

                              Metric Type: 2 (Larger than any link state path)

                              TOS: 0

                              Metric: 20

                              Forward Address: 0.0.0.0

                              External Route Tag: 0

                       

                      We can see that "Forward Address" is zero, hence us using the ABR as the gateway and not FA. Note that this LSA is originated by R5. To resolve the router-id of it, we need type 4.

                       

                      R2:

                      R2#show ip ospf database asbr-summary

                       

                       

                                  OSPF Router with ID (10.10.10.1) (Process ID 1)

                       

                       

                                      Summary ASB Link States (Area 0)

                       

                       

                        Routing Bit Set on this LSA

                        LS age: 1494

                        Options: (No TOS-capability, DC, Upward)

                        LS Type: Summary Links(AS Boundary Router)

                        Link State ID: 10.10.30.1 (AS Boundary Router address)

                        Advertising Router: 10.10.20.1

                        LS Seq Number: 80000001

                        Checksum: 0x702F

                        Length: 28

                        Network Mask: /0

                              TOS: 0  Metric: 64

                       

                      Let's now change area 1 to be NSSA to see what will change.

                       

                      R4 and R5:

                      router ospf 1

                      area 1 nssa

                      !

                       

                      R2:

                      R2#show ip route ospf

                           10.0.0.0/24 is subnetted, 5 subnets

                      O IA    10.10.20.0 [110/128] via 10.10.10.2, 00:26:21, Serial0/1/0.204

                      O E2    10.10.30.0 [110/20] via 10.10.10.2, 00:00:13, Serial0/1/0.204

                      O E2    10.10.40.0 [110/20] via 10.10.10.2, 00:00:13, Serial0/1/0.204

                      O E2    10.10.50.0 [110/20] via 10.10.10.2, 00:00:13, Serial0/1/0.204

                       

                      t first glance - nothing. Let's take a look at the database.

                       

                      R2:

                      R2#show ip ospf database external 10.10.30.0

                       

                       

                                  OSPF Router with ID (10.10.10.1) (Process ID 1)

                       

                       

                                      Type-5 AS External Link States

                       

                       

                        Routing Bit Set on this LSA

                        LS age: 63

                        Options: (No TOS-capability, DC)

                        LS Type: AS External Link

                        Link State ID: 10.10.30.0 (External Network Number )

                        Advertising Router: 10.10.20.1

                        LS Seq Number: 80000001

                        Checksum: 0x6CAE

                        Length: 36

                        Network Mask: /24

                              Metric Type: 2 (Larger than any link state path)

                              TOS: 0

                              Metric: 20

                              Forward Address: 10.10.20.2

                              External Route Tag: 0

                       

                      We now have non-zero FA. Let me add a static route to it, pointing the same way where the OSPF route for it is.

                       

                      R2:

                      R2#show ip route 10.10.20.2

                      Routing entry for 10.10.20.0/24

                        Known via "ospf 1", distance 110, metric 128, type inter area

                        Last update from 10.10.10.2 on Serial0/1/0.204, 00:28:17 ago

                        Routing Descriptor Blocks:

                        * 10.10.10.2, from 10.10.20.1, 00:28:17 ago, via Serial0/1/0.204

                            Route metric is 128, traffic share count is 1

                       

                      R2#conf t

                      Enter configuration commands, one per line.  End with CNTL/Z.

                      R2(config)#ip route 10.10.20.0 255.255.255.0 10.10.10.2

                      R2(config)#^C

                      R2#show ip route 10.10.20.2

                      Routing entry for 10.10.20.0/24

                        Known via "static", distance 1, metric 0

                        Routing Descriptor Blocks:

                        * 10.10.10.2

                            Route metric is 0, traffic share count is 1

                       

                      Now, you will agree that this looks... pretty much the same, except we now have static route, don't we? Let's look at our OSPF routing table.

                       

                      R2:

                      R2#show ip route ospf


                       

                      Yup - absolutely nothing! What happened here? The answer is - FA is now reachable via external route and not as internal (intra- or inter-area) OSPF route and is causing all LSAs that use it not to be considered for routing. If I remove FA, routes will pop right back in.

                       

                      R4:

                      router ospf 1

                      area 1 nssa translate type7 suppress-fa

                      !

                       

                      R2:

                      R2#show ip ospf database external 10.10.30.0

                       

                       

                                  OSPF Router with ID (10.10.10.1) (Process ID 1)

                       

                       

                                      Type-5 AS External Link States

                       

                       

                        Routing Bit Set on this LSA

                        LS age: 27

                        Options: (No TOS-capability, DC)

                        LS Type: AS External Link

                        Link State ID: 10.10.30.0 (External Network Number )

                        Advertising Router: 10.10.20.1

                        LS Seq Number: 80000002

                        Checksum: 0x62E1

                        Length: 36

                        Network Mask: /24

                              Metric Type: 2 (Larger than any link state path)

                              TOS: 0

                              Metric: 20

                              Forward Address: 0.0.0.0

                              External Route Tag: 0


                      R2#show ip route ospf                      

                           10.0.0.0/24 is subnetted, 5 subnets

                      O E2    10.10.30.0 [110/20] via 10.10.10.2, 00:00:18, Serial0/1/0.204

                      O E2    10.10.40.0 [110/20] via 10.10.10.2, 00:00:18, Serial0/1/0.204

                      O E2    10.10.50.0 [110/20] via 10.10.10.2, 00:00:18, Serial0/1/0.204

                       

                      More clear now?

                       

                      --

                      Marko Milivojevic - CCIE #18427 (SP R&S)

                      Senior Technical Instructor - IPexpert

                      • 8. Re: OSPF - external route as next-hop question
                        Erick

                        Nice explanation.  You should copy and paste that into a document so that others can access it from "Your Documents area in your profile. 

                        • 9. Re: OSPF - external route as next-hop question
                          Marko Milivojevic

                          Not at all bad idea. I never made a document on CLN, but I guess there's 1st for everything.

                           

                          OSPF - Woes of Forward Address

                           

                          --

                          Marko Milivojevic - CCIE #18427 (SP R&S)

                          Senior Technical Instructor - IPexpert

                          • 10. Re: OSPF - external route as next-hop question
                            Erick

                            Very cool!  It's a nice resource for people who visit your profile.

                            • 11. Re: OSPF - external route as next-hop question
                              Sanjay

                              Thanks - that makes sense ... when there is a route external TO OSPF.  The way that statement is written states that a O E2 route cannot have another O E2 route as its next-hop, which is clearly not the case as 10.10.50.0/24 has a 10.10.40.0/24 address as its next hop (an O E2 route).

                              • 12. Re: OSPF - external route as next-hop question
                                Marko Milivojevic

                                There is no such requirement, that I'm aware of (it is late here, my awareness may be fading). However, if E1/E2/N1/N2 route was to be used for FA, it would have failed in the same fashion as I demonstrated above.

                                 

                                --

                                Marko Milivojevic - CCIE #18427 (SP R&S)

                                Senior Technical Instructor - IPexpert

                                • 13. Re: OSPF - external route as next-hop question
                                  Scott Morris - CCDE/4xCCIE/2xJNCIE

                                  Likely coming from:

                                   

                                  http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481a.shtml#r6

                                   

                                  http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009405a.shtml

                                   

                                  At least one of which deals with a bug case...  but anyway, my brain is fading from cold meds, so I'm not even going to think about labbing this one tonight! 

                                   

                                  Scott

                                  • 14. Re: OSPF - external route as next-hop question
                                    Marko Milivojevic

                                    They both talk about FA, which I believe we covered in the thread. :-)

                                     

                                    --

                                    Marko Milivojevic - CCIE #18427 (SP R&S)

                                    Senior Technical Instructor - IPexpert

                                    1 2 Previous Next