OSPF FORWARD ADDRESS

You might have missed or ignored noticing OSPF Forward Address in OSPF command outputs. Forward address is a IP field seen in LSA 5 and LSA7. It is the IP address to which the traffic should be forwarded for an advertised external prefix (LSA5). The output is shown below.

R1#show ip ospf database external 9.9.0.4  OSPF Router with ID (9.9.0.1) (Process ID 1)  Type-5 AS External Link States  Routing Bit Set on this LSA in topology Base with MTID 0  LS age: 243  Options: (No TOS-capability, DC)  LS Type: AS External Link  Link State ID: 9.9.0.4 (External Network Number )  Advertising Router: 9.9.0.3  LS Seq Number: 80000001  Checksum: 0xE189  Length: 36  Network Mask: /32        Metric Type: 2 (Larger than any link state path)        MTID: 0        Metric: 20        Forward Address: 0.0.0.0

        External Route Tag: 0

To view all external LSAs on an OSPF node simply use “show ip ospf database external” command without mentioning the specific prefix.

If the value of OSPF Forward Address is generally set to 0.0.0.0 for an external prefix(for example, route learned from RIP domain), this means that the traffic should be forwarded to the ASBR(Advertising-Address). However, in some situations, the OSPF Forwarding Address will be non-zero, to avoid sub-optimal routing. Below are the criteria that will lead to a non-zero forwarding address

  1. When OSPF is enabled on the ASBR’s next-hop interface. For your understanding, ASBR’s next hop interface is R4’s interface IP (9.9.34.4).
  2. When the ASBR’s next-hop interface is non-passive to OSPF.
  3. When the ASBR’s next-hop interface network type is not Point-to-Point or Point-to-Multipoint.
  4. When the ASBR’s next-hop interface address falls into the OSPF network range

Let us understand the OSPF Forward Address concept with help of below lab topology.
   When R3-R4 link is advertised in OSPF on R3, Forward Address in external LSA5 for 9.9.0.4/32 shows a non zero IP as 9.9.34.4 (IP Address of R4’s interface).

R1#show ip ospf database external 9.9.0.4 | i Forward
Forward Address: 0.0.0.0

When R3-R4 link not advertised in OSPF on R3, Forward Address in external LSA5 for 9.9.0.4/32 shows 0.0.0.0(by default).
 

R3#show run int f0/1interface FastEthernet0/1 ip address 9.9.34.3 255.255.255.0  

 ip ospf 1 area 1  

R2#show ip ospf database external 9.9.0.4            OSPF Router with ID (9.9.0.2) (Process ID 1)                Type-5 AS External Link States  Routing Bit Set on this LSA in topology Base with MTID 0  LS age: 4  Options: (No TOS-capability, DC)  LS Type: AS External Link  Link State ID: 9.9.0.4 (External Network Number )  Advertising Router: 9.9.0.3  LS Seq Number: 80000007  Checksum: 0xE94D  Length: 36  Network Mask: /32        Metric Type: 2 (Larger than any link state path)        MTID: 0        Metric: 20        Forward Address: 9.9.34.4        External Route Tag: 0

OSPF FORWARD ADDRESS – Scenario 2

If we change the OSPF network to point-to-point on the external link R3-R4, and even if we enable OSPF on R3-R4 link (only on R3 interface), OSPF Forward Address will again be 0.0.0.0. Below is the config.

R3#show run int f1/1interface FastEthernet1/1 ip address 9.9.34.3 255.255.255.0 ip ospf 1 area 1

R3(config-if)#int f1/1
R3(config-if)#ip ospf network point-to-point

R2#sh ip ospf database external 9.9.0.4            OSPF Router with ID (9.9.0.2) (Process ID 1)                Type-5 AS External Link States  Routing Bit Set on this LSA in topology Base with MTID 0  LS age: 4  Options: (No TOS-capability, DC)  LS Type: AS External Link  Link State ID: 9.9.0.4 (External Network Number )  Advertising Router: 9.9.0.3  LS Seq Number: 80000008  Checksum: 0x244A  Length: 36  Network Mask: /32        Metric Type: 2 (Larger than any link state path)        MTID: 0        Metric: 20

        Forward Address: 0.0.0.0

        External Route Tag: 0

 

OSPF FORWARD ADDRESS – Scenario 3

When Forward Address is filtered/blocked somewhere in OSPF domain. The blocking or filtering of Forward Address can create routing issues in the network as explained below.

Let’s try pinging External Prefix 9.9.0.4 from R1 without blocking the Forward Address. The ping will work fine as shown below.

R1#ping 9.9.0.4Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 9.9.0.4, timeout is 2 seconds:!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/29/32 ms

  Now, let’s block the Forward address by applying a distribute-list on ABR R2.
R2#show run | s router ospfrouter ospf 1 distribute-list  prefix  BLOCK_FWD_ADDRESS   in R2#show run | s BLOCK_FWD_ADDRESSip prefix-list BLOCK_FWD_ADDRESS seq 5 deny 9.9.34.0/24

ip prefix-list BLOCK_FWD_ADDRESS seq 10 permit 0.0.0.0/0 le 32

Once we block the Forward Address subnet, the External prefix 9.9.0.4 will go unreachable from R1. From the below output we can see that we now cannot ping the 9.9.0.4 from R1.
R1#ping 9.9.0.4Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 9.9.0.4, timeout is 2 seconds:

UUUUU

Success rate is 0 percent (0/5)

Imp Note: Such scenarios are specifically created in CCIE Written or LAB exams to test the in-depth knowledge of the candidate. We might not find such scenarios though in real time networks.

Also see the important article related to Forward Address selection criteria in NSSA (for LSA 7 and corresponding LSA 5).

Click Here for other useful OSPF articles