OSPF – when you should suppress forward address in type7/5 translation

This topic really piqued my curiosity. You can see from my previous post that I know how to do this but could not think of an example of when it would be necessary. Well now I have found one. After reading a bunch of cisco doc’s I came up with this scenario:

ospf - 4 routers

R2 —> R5 in area 25
R5 —> R4 in area 0
R4 —> R3 in area 345

Area 25 is an NSSA.
R2 is an ASBR redistruting a static route to R1’s Loopback into OSPF:

R2#show run | section router ospf|ip route
router ospf 1
log-adjacency-changes
area 25 nssa
redistribute connected subnets
redistribute static subnets
network 172.12.25.0 0.0.0.255 area 25
ip route 1.1.1.1 255.255.255.255 172.12.123.1
ip route 192.168.254.0 255.255.255.0 Null0

R2#ping 1.1.1.1
Translating “1.1.1.1”

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/31/84 ms

R2 generates a type 7 LSA for this route:

R2#show ip ospf database nssa-external 1.1.1.1

OSPF Router with ID (2.2.2.5) (Process ID 1)

Type-7 AS External Link States (Area 25)

LS age: 114
Options: (No TOS-capability, Type 7/5 translation, DC)
LS Type: AS External Link
Link State ID: 1.1.1.1 (External Network Number )
Advertising Router: 2.2.2.5
LS Seq Number: 80000002
Checksum: 0x337F
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 172.12.25.2
External Route Tag: 0

R5 converts this to a type 5 LSA and eventually winds up in area 345 on R3:

R3#show ip ospf database external 1.1.1.1

OSPF Router with ID (3.3.3.3) (Process ID 1)

Type-5 AS External Link States

LS age: 69
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 1.1.1.1 (External Network Number )
Advertising Router: 5.5.5.5
LS Seq Number: 80000004
Checksum: 0x7B36
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 172.12.25.2
External Route Tag: 0

Notice the forwarding address for this LSA is 172.12.25.2. This address is being filtered on R4 as follows:

R4(config)#ip prefix-list BLOCK25 deny 172.12.25.0/24
R4(config)#ip prefix-list BLOCK25 permit 0.0.0.0/0 le 32
R4(config)#router ospf 1
R4(config-router)#area 345 filter-list prefix BLOCK25 in

R3#show ip ospf data summ 172.12.25.0

OSPF Router with ID (3.3.3.3) (Process ID 1)

R3#show ip route 1.1.1.1
% Network not in table
R3#

R3 cannot put this route in the route table if it does not have an LSA for the forwarding address. The only way to let R3 install this route is to make the forward address of the type 5 LSA for 1.1.1.1 to 0.0.0.0. This way R3 will forward traffic to the advertising router.

Let’s try it:

R5(config)#router ospf 1
R5(config-router)#area 25 nssa translate type7 suppress-fa

Now let’s look on R3:

R3#show ip ospf data ex 1.1.1.1

OSPF Router with ID (3.3.3.3) (Process ID 1)

Type-5 AS External Link States

Routing Bit Set on this LSA
LS age: 326
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 1.1.1.1 (External Network Number )
Advertising Router: 5.5.5.5
LS Seq Number: 80000007
Checksum: 0x176B
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0

R3#show ip route 1.1.1.1
Routing entry for 1.1.1.1/32
Known via “ospf 1”, distance 110, metric 20, type extern 2, forward metric 65599
Redistributing via eigrp 1
Advertised by eigrp 1
Last update from 172.12.34.4 on FastEthernet0/1, 00:00:06 ago
Routing Descriptor Blocks:
* 172.12.34.4, from 5.5.5.5, 00:00:06 ago, via FastEthernet0/1
Route metric is 20, traffic share count is 1

Ta-da!

Source

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s