Updated: Mar 1, 2019
Let’s first talk about type-5 LSAs and understand what it does and what problem it presents that a type-4 LSA resolves.
The type-5 LSA is the external LSA. As the name suggests, it describes networks that are external to the OSPF domain, injected into OSPF via some form of redistribution. When redistributing into OSPF, the routes can be of two types - E1 and E2 external routes. An E1 external route considers the total cost till the destination (which means that the cost increments as it goes from node to node), while an E2 type external route maintains a static cost till the point of redistribution. The default type when redistributing into OSPF is E2 and the cost is 20.
The LSA itself includes the external network (as a link state ID), the advertising router ID, the subnet mask, the metric type (1 or 2, corresponding to E1/E2), the metric and the forwarding address (a forwarding address set to 0.0.0.0 means that the advertising router itself is the ASBR and anybody that wants to reach that route can go through it).
To look at an external LSA, we can use the command ‘show ip ospf database external <network>’. Alternatively, to look at all external LSAs advertised by a particular router ID, we can use the command ‘show ip ospf database external adv-router <router ID>’
Do you notice a problem here? The advertising router is R8 with a router ID of 18.104.22.168. However, R1 has no knowledge of this router since it is outside its area. So how is it supposed to know how to reach R8 in order to reach the external network? This is where the type-4 ASBR-summary LSA comes into the picture. As you can see, as an external LSA is flooded throughout an OSPF domain, the advertising router ID remains unchanged. This is okay for routers in the same area as the ASBR, however, for routers that are not in the same area, there needs to be a way to provide them additional information so as to reach the ASBR. This is achieved via the type-4 LSA.
This type-4 LSA is generated by an ABR, providing information to reach an ASBR. The LSA itself includes the router ID of the ASBR, the advertising router ID (which is the ABR) and a network mask of all 0s. Essentially what the ABR is saying is this - to get to the ASBR, you can go through me.
To zoom into a type-4 LSA, we can use the command ‘show ip ospf database asbr-summary <router ID of ASBR>’.
Let’s take a look at E1 vs E2 routes in more detail. As an example for E2, we looked at the following:
This states that the metric to reach the external network is 20. Let’s look at the RIB to see what is the final metric.
While the actual metric is set as 20 here, there is another variable added to the RIB for this prefix, which is called the forward metric. The forward metric is basically the routers metric to reach the ASBR. This comes into play when the router has two (or more) E2 routes to the same destination. Even though the metric is the same here (20), we will look at the forward metric as well and the lower forward metric route will get installed in the RIB.
Now let’s have EIRGP redistribute into OSPF with type E1 now and take a look at the LSDB.
We can see that the type has changed to E1. Look at the routing table now.
The metric is 276. We are now taking into account the metric to reach the ASBR as well. How did we arrive there?
To get to R8, R3 says its metric is 128. To get to R3, we already know R1s metric is 128. So this gives us a total of 128 + 128 + 20, which is 276.
So when would you use E1 as opposed to E2? If there is just one exit point for the external networks, then does it really matter what the cost is to reach that exit point? Not really. In this case, you should use the E2 metric-type. If there are multiple exit points for the same external networks, then it does matter what the metric is to reach each exit point - you would want to exit out of the closest node. In this case, you would use an E1 metric type. Let’s take a simple example to understand this more - say you had two doors to exit your home and both doors lead to the same road. You would naturally want to take the door that is closer to you. In such a scenario, you want to understand the difference in distance to each door (exit point) - this corresponds to using the E1 metric type. On the other hand, if you have only one door to exit your home, does it matter how far you are from the door? No, it doesn’t - this corresponds to using the E2 metric type.
Remember that a router first evaluates the cost to the forward address set in type-5 LSAs. Only if the forward address is 0.0.0.0 do we directly evaluate cost to the ASBR.
Forward address rules are as follows (taken from http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13682-10.html):
The forwarding address is set to 0.0.0.0 if the ASBR redistributes routes and OSPF is not enabled on the next hop interface for those routes.
The forwarding address is set to non-zero in the following conditions:
OSPF is enabled on the ASBR's next hop interface AND
ASBR's next hop interface is non-passive under OSPF AND
ASBR's next hop interface is not point-to-point AND
ASBR's next hop interface is not point-to-multipoint AND
ASBR's next hop interface address falls under the network range specified in the router ospf command.
To look at this in some more detail, let’s take a look at the following topology.
R2 has an OSPF peering with R3 over the Ethernet segment and it has a BGP peering with R4 over the same segment as well. Typical use case (of a non-zero forward address) is when only one ISP facing router (out of two or more) can peer with the ISP but you may have other routers in the same segment in your internal network. Now it doesn’t make sense for these other routers to go to the internal OSPF router peering with the ISP just to go to networks behind the ISP. They can directly go to the ISP router itself since they are all in the same segment. However, traditional implementation of OSPF would set forwarding address to 0.0.0.0 which would force all routers to go to the ASBR (which would be the router peering with the ISP) to reach the networks advertised in the type-5 LSA. With this new implementation, the ASBR can set the forward address to the next hop IP for the networks it is advertising within type-5 LSAs.
In our case, R2 is the ASBR and is redistributing the network 22.214.171.124/32 into OSPF. Let’s see how it has learnt this network.
The route is learnt via BGP and the next hop is 10.1.23.4. Now, when R2 injects this into OSPF, this is the forward address it will use (as long as all the aforementioned rules are satisfied, which they are in this case).
R3 will install this forward address as the next hop instead of going to R2 to reach 126.96.36.199/32.
From R1s perspective, things don’t look a whole lot different because to reach 10.1.23.4 it still has to go to R2 (because of how the topology is designed). However, note that if there were a better path to 10.1.23.4, it would take that. R1 is still looking at forward address only and not at how to reach the ASBR. Only if the forward is 0.0.0.0 do we recurse to the ASBR directly.
How is the forward metric calculated in this case? We calculate the metric till forward address by calculating the metric to each next hop (which is 10.1.12.2 in this case).
We use a metric of 64 to reach subnet 10.1.12.0/24. That is node R2. We then look at metric to reach the 10.1.23.0/24 from R2. From the above output itself, we can see that is 1. We also can easily derive this metric from the following command:
Note that by default, RFC states that type-7 LSAs must have forward address set. We will talk more about that when we look at type-7 LSAs.
This concludes type-4 and type-5 LSAs.
Note: a type-4 LSA “appears” to be generated when a type-5 LSA is generated, but that is not entirely true. A type-4 LSA is actually generated when a ABR receives an OSPF type-1 LSA with the E-bit set, signifying that the neighbor is actually acting as an ASBR. As an example, you can redistribute phantom routes (using ‘redistribute static subnets’ on a router and force it to act as an ASBR without it actually redistributing any routes, considering there are no static routes). This forces a change in the router LSA and the change is the E bit being set. When the peer receives this, it realizes that the router generating this LSA is an ASBR and it generates a type-4 LSA for that router ID.