Understanding OSPF Type 4 LSAs
- By Joe Astorino
- June 6, 2011
- 44 Comments
The OSPF ASBR type 4 LSA is probably one of the most misunderstood topics with regards to OSPF for people that are just learning the protocol. In today’s blog we will take a look at what the type 4 LSA is for and where it actually comes from.
To start, let’s look at the following network diagram
What we have going on here is a simple OSPF setup where R2, R4 and R5 are all running interfaces in area 0. R4 is an ASBR that redistributes RIP into OSPF. Technically, we are also redistributing OSPF into RIP but that will not be important for today’s discussion.
Let’s go over to R2 and make sure we can see Cat3’s loopback address and that we can ping it.
R2#show ip route ospf
34.0.0.0/24 is subnetted, 1 subnets
O E2 34.34.34.0 [110/20] via 192.168.25.5, 00:04:39, Serial0/2/0
33.0.0.0/32 is subnetted, 1 subnets
O E2 33.33.33.33 [110/20] via 192.168.25.5, 00:04:49, Serial0/2/0
O 192.168.45.0/24 [110/128] via 192.168.25.5, 00:08:18, Serial0/2/0
R2#ping 33.33.33.33
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/57/60 ms
Excellent, good start! Now, let’s talk about the OSPF type 4 LSA. What is the type 4 ASBR LSA for? The type 4 LSA is an LSA that instructs the rest of the OSPF domain how to get to the ASBR so that other routes in the OSPF domain can route to external prefixes redistributed into OSPF by the ASBR. If we have no way to reach the actual ASBR that redistributed the route, we obviously can’t reach the external route. Makes sense. However, there is a lot of bad information out there about what type of router actually generates the type 4 LSA. Sometimes you hear it said that the ASBR injects a type 4 LSA into OSPF. This is not true. Actually, area border routers (ABRs) are responsible for injecting type 4 LSAs. I will show you why and prove this to be true.
We are redistributing routes from our ASBR. Let’s look at the OSPF database on R2
R2#sh ip ospf database
OSPF Router with ID (192.168.25.2) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
192.168.25.2 192.168.25.2 621 0x80000003 0x0011E5 2
192.168.45.4 192.168.45.4 569 0x80000006 0x002C56 1
192.168.45.5 192.168.45.5 790 0x80000003 0x007FD7 3
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
192.168.45.4 192.168.45.4 791 0x80000001 0x007F4F
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
33.33.33.33 192.168.45.4 568 0x80000002 0x0091EE 0
34.34.34.0 192.168.45.4 569 0x80000001 0x00BAE4 0
Check it out — There are absolutely NO type 4 ASBR LSAs in this database. Why? There is no need for one. Let’s dig into the external LSA for 33.33.33.33 for a second and find out why
R2#sh ip ospf database external 33.33.33.33
OSPF Router with ID (192.168.25.2) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA
LS age: 627
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 33.33.33.33 (External Network Number )
Advertising Router: 192.168.45.4
LS Seq Number: 80000002
Checksum: 0x91EE
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
So what does this tell us? R4 redistributed the route. The OSPF RID of R4 is 192.168.45.4 which is why we see that in the “Advertising Router” field. The forward address is set to 0.0.0.0 which means the router that generated the LSA (R4) is the “next hop”. The only thing that needs to happen for the rest of area 0 to get to the external route is for all the routers to know how to get to the RID of the router that generated the route. Do they? Of course they do! All the routers are in the same area, so all the routers will know about R4’s RID via a type 1 router LSA. Since everybody already knows how to get to the ASBR we have no need for a type 4 LSA.
Clear? Awesome…now let’s make it more interesting. We are going to change the topology as shown below. The ONLY thing we are going to change the R2/R5 link. We will move it from area 0 into area 25.
R2(config)#router ospf 1 R2(config-router)#no network 192.168.25.2 0.0.0.0 area 0 R2(config-router)# *Jun 6 18:07:41.835: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.45.5 on Serial0/2/0 from FULL to DOWN, Neighbor Down: Interface down or detached R2(config-router)#network 192.168.25.2 0.0.0.0 area 25
R5(config)#router ospf 1 R5(config-router)#no network 192.168.25.5 0.0.0.0 area 0 R5(config-router)#network 192.168.25.5 0.0.0.0 area 25 R5(config-router)# *Jul 10 05:50:18.387: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.25.2 on Serial2/1 from LOADING to FULL, Loading Done
OK, so we made our change. NOW let’s take a look at R2’s LSDB.
R2#sh ip ospf data
OSPF Router with ID (192.168.25.2) (Process ID 1)
Router Link States (Area 25)
Link ID ADV Router Age Seq# Checksum Link count
192.168.25.2 192.168.25.2 93 0x80000002 0x0013E4 2
192.168.45.5 192.168.45.5 94 0x80000001 0x00D508 2
Summary Net Link States (Area 25)
Link ID ADV Router Age Seq# Checksum
192.168.45.0 192.168.45.5 95 0x80000001 0x0003C7
Summary ASB Link States (Area 25)
Link ID ADV Router Age Seq# Checksum
192.168.45.4 192.168.45.5 95 0x80000001 0x00CCF8
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
33.33.33.33 192.168.45.4 1519 0x80000002 0x0091EE 0
34.34.34.0 192.168.45.4 1520 0x80000001 0x00BAE4 0
R2#
R2#show ip ospf data external 33.33.33.33
OSPF Router with ID (192.168.25.2) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA
LS age: 1543
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 33.33.33.33 (External Network Number )
Advertising Router: 192.168.45.4
LS Seq Number: 80000002
Checksum: 0x91EE
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
What changed? Well now we do indeed have a type 4 Summary ASBR LSA. Notice that the LSDB entry for 33.33.33.33 did not change. The advertising router is still R4. The only difference is that since R4 is NOT in area 25, we have no idea what R4’s RID is or how to get to it. Since the advertising router for the external route 33.33.33.33 is R4’s RID, we need to know how to get to R4’s RID. THAT is what the type 4 LSA is for. Now, who generated it? Let’s find out!
R2#show ip ospf database asbr-summary
OSPF Router with ID (192.168.25.2) (Process ID 1)
Summary ASB Link States (Area 25)
Routing Bit Set on this LSA
LS age: 76
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(AS Boundary Router)
Link State ID: 192.168.45.4 (AS Boundary Router address)
Advertising Router: 192.168.45.5
LS Seq Number: 80000001
Checksum: 0xCCF8
Length: 28
Network Mask: /0
TOS: 0 Metric: 64
Check it out — R5, the ABR between area 0 and area 25 injected the type 4 summary LSA — NOT the ASBR itself. Basically what happens here when R2 wants to send packets to 33.33.33.33 is that R2 will see in the LSDB that the advertising router is R4’s RID…since R2 has no idea who that RID is, R2 will use the type 4 summary LSA injected by R5 to get there. R2 says “I don’t know who R4 is, but I know the guy that does” and sends it to R5. R5 does know who R4 is due to the area 0 router LSA it gets from R4.
In summary, the type 4 summary LSA is injected into an area by an ABR. It tells other routers in the area how to get to the advertising router of an external route.
I have also made a video walkthru of this topic on my youtube channel. Check it out!
Hope that helps and until next time, keep studying hard!
Great Post Joe! This particular LSA type gave me some problems fully grasping it. Keep up the good work!
Hi joe,
ASBR ID will be advertised by lsa type 3 . LSA Type 4 is necessary to tell who the ASBR is and not how to reach ASBR.
Hemanth,
What you are saying is just not correct. The type-4 LSA is generated and injected into other areas by an ABR, and it’s purpose is to provide routers in a network area with information about an ASBR.
I do have a mistake in my post though — At the end I show “show ip ospf database summary” when I meant to show “show ip ospf database asbr-summary” to demonstrate the type 4 LSA. The first command does show type 3 summary LSA’s which might be why you are confused. I will build this lab again and fix that.
The mistake has been corrected. The last command now correctly shows “show ip ospf database asbr-summary” to demonstrate the type 4 LSA.
Notice that the advertising router RID is 192.168.45.5 (R5), showing that R5 (The ABR of Area0/Area 25) generated the LSA. Also notice that this LSA carries the link state ID of the ASBR, 192.168.45.4
simply the best Type 4 LSA I’ve read. Thanks!
God i finally get it why are so many books wrong, thanks
@Anthony: Dude, I love it! That is why I get the motivation to write these articles, helping people understand. When you just refuse to stop asking “why”, you gain true understanding and that will take you a long way.
great demo and article! thanks.
Good article. So, when will the forward address have any value?
i have a question.
how does the abr know that i have to generate the type 4 lsa for the area 25. what makes the abr to decide to generate the type 4 lsa. is any kind to bit notification send it type 5 lsa’s or in type 1 lsa , based on which it decides to generate the type 4 lsa ?.
Remember, OSPF is a link-state routing protocol. The ABR already has the entire network topology of both area’s that it borders. Therefore, when it sees the forwarding address of the type 5 external LSA is set to a RID of a router not in the area it is injecting the LSA, it knows it needs to inject a type 4 LSA as well.
I think actually the ABR knows to create a type 4 LSA due to the type 1 LSA from Router 4, by setting the E big flag from 0 to 1.
Hi Joe
Awesome work u hav done, hats-off.
I have one query regarding the first “sh ip ospf database” CLI output, in the portion which is given below.
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
192.168.45.4 192.168.45.4 791 0x80000001 0x007F4F
Here the LSA is of (Type2 Network Link LSA) and the ADV Router is 192.168.45.4, ie R4, the ASBR.
So how come an ASBR can advertise a Type2 LSA? As per my knowledge an ASBR can advertise only LSA1 and LSA5. Am I wrong? Could you plz throw some light on this?
The reason you see that is because on the R4/R5 frame-relay link, the OSPF network type is the default, “non-broadcast”. On an OSPF non-broadcast network, a designated router (DR) is elected, and the DR is responsible for sending the type 2 network LSA. In this case, R4 was elected the DR and this LSA is the type 2 LSA for the R4/R5 segment injected by R4. Hope that helps.
Here you can see that R4 has been elected as the DR:
If you examine the OSPF database network LSA more carefully, you can see:
sh ip ospf data network OSPF Router with ID (192.168.25.2) (Process ID 1) Net Link States (Area 0) Routing Bit Set on this LSA LS age: 56 Options: (No TOS-capability, DC) LS Type: Network Links Link State ID: 192.168.45.4 (address of Designated Router) Advertising Router: 192.168.45.4 LS Seq Number: 80000001 Checksum: 0x7F4F Length: 32 Network Mask: /24 Attached Router: 192.168.45.4 Attached Router: 192.168.45.5joe,
this is probably the best description of a type 4 lsa that i’ve ever read. great work!
thank you.
jojo
Good jod done by Joe! really helpful.
Perfect, You explained that which Moy’s book didn’t explain. You can’t imagine how ambiguous is this book.
You are a great trainer !!
Very clear LSA Type-4 explanation. Thanks! ;)
To understand why we use type 4 LSA, you first have to understand that in case the ASBR is in the same area then the router receiving type 5 LSAs, then we don’t need type 4 LSAs => type 4 LSAs does not provide reacheability information at all…
Now in case the receiving type 5 LSA router and ASBR are not in the same area, we still have reacheability for the ASBR ( otherwise you’d better revise all your OSPF studies), but it could happen that we actually received the same prefix information from a second ASBR…now, the local router should decide to whish ASBR he should sends the packet destined to the external prefixes to???
Then he needs a tie breaker which is simply the metric to each ASBR. This metric is contained in the type 4 LSA generated by the ABR.
Why this is not the case when the routers are in the same area? because if both ASBRs are in the same area, then the sending router knows the best exit point for his external traffic=> no need for type 4 LSAs!!
If not, he will receive a type 4 LSA for the remote ASBR and he will be able to tie break using metric.
okay all I said is not actually correct :)
Type 4 LSA are needed actually for reachability reasons because the OSPF RID contained in the type5 LSA has a local significance in its area…other areas does not have any clue of how to reac this RID. Don’t get confused as the OSPF RID is not always your Loopback address…it can be any IP address not even advertized in OSPF, but unique in an AS…
I agree with your explanation Slim. As per my understanding we need LSA4 only when the RID is not advertised in OSPF. Else wise , if loopback of ASBR is RID , and loopback is already advertised in OSPF, this will anyways go through other areas via LSA3 (generated by ABR) just like other connected links.
Slim,
Your answer is best answer.
ASBR Router-ID may not be loopback address and even may not be advertised… In that case, when the External LSAs travel to other areas, they dont’ know how to reach to the ASBR and that’s the reason ABR will inject Type 4 LSA.
Generally people think that ASBR router-id will be it’s loopback id and that is advertised as network statement…. When this router-id is advertised to other areas, other areas can even see that router-id through Type 3 LSA as well. In that case Type 4 LSA is not even needed but still generated.
Great article,i love it,well explained
Crystal clear explanation of LSA4 ..Awosme!!
Type 4 LSA has been confusing to me for quite sometime but not now. Thanks for explaining it in very simple terms!!
I also have a request to add explaination in this article on why they are called summary routes, how they are different from type3 summary routes and details pertaining to it.
Other note maybe in case of using NSSA(or totally-not-so-stubby). In this case because ABR is actually generating LSA5 – there is no LSA4 in Area0. ABR between NSSA and Area0 also is ASBR – and that’s why LSA4 will be generate on another ABR to another regular areas.
Terrific article. Thank you for sharing knowledge!
I have a question I hope you can answer for me:
Why do we need the type 4 LSA?
I understand that it informs the rest of the network of how to reach the
ASBR’s RID and without it, routers in other areas would not know how to
reach that RID.
But… type 5s have the “forward address”. Why don’t we just use type 5
and place an IP from an interface on the ASBR in the type 5 “forward
address” and then the rest of the network will know how to reach it via
type 3s they already have for the “forward address”.
Hi Sean,
The short answer to your question is because of the nature of link state routing protocols like OSPF. The SPF algorithm that is run, is not based on IP addresses, it is based on router IDs. You need to think about it from the perspective that in OSPF, the topology calculated by SPF is what really matters, and that topology graph is calculated based on RIDs not IP addresses.
Now…under normal circumstance, the FA of the type 5 LSA is going to be 0.0.0.0 anyways, meaning sending packets to that destination to the advertising RID. There are *very* specific circumstances where the FA could be a non-zero value. If the FA is a non-zero value, then it can be used to sort of “short cut” route the packet based on that information, but that is kind of a corner case.
I started questioning why a Type 4 was needed after learning about the NSSA and redistributing inside of it. The FA is set in the type 7 and then translated to type 5 by the ABR and flooded into the backbone. So then I wondered why there is no type 4 as well, yet everything works fine. So why type 4?
Excellent questions – When the NSSA ABR translates the type 7 into a type 5 it also becomes the advertising router (The ABRs RID)
That is the difference
Hi,
The routers inside the area can see the router-id for the ASBR via a summary LSA generated by ABR. Why do we need a special type-4 LSA again? Apart from letting the routers know who is the ASBR, any special purpose for this?
Thanks.
Imagine you have more than a single area. Routes are redistributed into the backbone area and come into the OSPF environment as external type 5 LSAs. When this happens, the advertising router field in that LSA is set to the RID of the router that redistributed the route in. Now, when that type 5 LSA moves into other areas, routers in those other areas will have no idea about the RID that is the advertising router. The type 4 alleviates that issue.
Hi,
The question still remains right?
Wouldn’t it be better for the ABR (The ABR that has a Type 1 LSA for the ASBR) to generate a Type 3 LSA for the ASBR RID instead of generating a Type 4 LSA?
Best explanation about Type 4 LSAs.
Thanks.
Hi joe, thanks for sharing this most Confusing Lsa. you cleared in a way that almost every one
who is new to Ospf can understand.
grat work
thank you very much
Best type. 4 LSA explanation !!!
Really nice work. It’s all clear in my head now.
excellent post
Joe one question:
what happens when ASBR is in another area say area 45 , will the area 0 DB show type 4 ???
I have a lab where :
area 1 (NSSA) ABR1 —Area 0– ABR2 —-Area 1 (normal)
nssa asbr
I can see the type 4 in area 1 LSDB but not in area 0
means a type 4 does get created by ABR1 and passed through by area 0
ABR 2 recreates type 4 and injects it into area 1
Area 1 : has type 4 and type 5
Area 0 only has type 5 (not type 4
I have read a lot of documents that state area0 lsdb also has type -4
appreciate your comments
thanks you
Normally, yes, the ABR between area 45 and area 0 would inject the type 4 into area 0.
Your lab is more complicated than that due to the NSSA. I don’t know for certain without labbing it off the top of my head but I think if you investigate the forward-address of the route you are redistributing into area 1, you will find the answer.
My guess is that when the NSSA ABR does type 7 to type 5 conversion, it will set the FA to itself. Thus, there is no need for a type 4 in area 0. On the other hand, it makes perfect sense that a type 4 would then be injected into the “normal” area 1, as routers in the normal area 1 have no knowledge of your NSSA ABR’s RID
Hi Joe,
My understanding is a area 0 does not need a Type 4 as Type 5 created by NSSA ABR is adequate to make all routers in area 0 reach the RID on NSSA ABR.
The Type 4 get created by ABRs in other areas only to make reachability to NSSA ABR possible via that area ABR.
So the area 0 ABRs will not show the Type 4 (ASB Summary ) in their ospf database. All it will have is a Type 5.
But a Type 4 & Type 5 will be present in ospf database for other normal areas
Pl advise if this belief is correct.
I have seen several documents (including Cisco) which list a Type 4 in a area 0 router’s database. !!!!
Thank You again
Excellent ! Thanks you !
Very well explain man with pratically more than a teacher. Thanks man