OSPF FORWARD ADDRESS CONCEPT

“Forward address” is a field seen in LSA 5 and LSA7. It indicates the address to which the traffic should be forwarded for an advertised external prefix (LSA5). If the value is set to 0.0.0.0, this means that the traffic should be forwarded to the ASBR(Advertising-Address). In some situations, the forwarding address will be nonzero, to avoid sub-optimal routing. The following list describes events that will produce a nonzero forwarding address:
    When OSPF is enabled on the ASBR’s next-hop interface.
    When the ASBR’s next-hop interface is non-passive to OSPF.
    When the ASBR’s next-hop interface network type is not Point-to-Point or Point-to-Multipoint.
    When the ASBR’s next-hop interface address falls into the OSPF network range

    Consider the diagram below:



    Scenerio 1:

    When R3-R4 link not advertised in OSPF on R3, Forward Address in external LSA5 for 9.9.0.4/32 shows 0.0.0.0(by default).

    R1#sh ip ospf database external 9.9.0.4 | i Forward
    Forward Address: 0.0.0.0
    ———————————————————

    When R3-R4 link is advertised in OSPF on R3, Forward Address in external LSA5 for 9.9.0.4/32 shows a non zero IP as 9.9.34.4 (IP Address of R4’s interface).


    R3#sh run int f0/1
    interface FastEthernet0/1
     ip address 9.9.34.3 255.255.255.0  
     ip ospf 1 area 1 
    end
    —————————
    R1#sh ip ospf database external 9.9.0.4 | i Forward
            Forward Address: 9.9.34.4              
     



    Scenerio 2:

    When Forward Address is filtered/blocked somewhere in OSPF domain.

    Let’s try pinging External Prefix 9.9.0.4 from R1 without blocking the Forward Address. The ping will work fine as shown below:

    R1#ping 9.90.4
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 9.9.0.4, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 24/29/32 ms

    Now, let’s block the Forward address by applying a distribute-list on ABR R2.


    R2#sh run | s router ospf
    router ospf 1
     distribute-list  prefix  BLOCK_FWD_ADDRESS   in 


    R2#sh run | s BLOCK_FWD_ADDRESS
    ip prefix-list BLOCK_FWD_ADDRESS seq 5 deny 9.9.34.0/24
    ip prefix-list BLOCK_FWD_ADDRESS seq 10 permit 0.0.0.0/0 le 32


    Once we block the Forward Address subnet, the External prefix 9.9.0.4 will go unreachable from R1 as shown below:


    R1#ping 9.9.0.4
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 9.9.0.4, timeout is 2 seconds:
    UUUUU
    Success rate is 0 percent (0/5)


    Hope you have enjoyed reading this Post. Please share your feedback if you liked this post. You can also write to us on networkurge@gmail.com.