Technical Note : OSPF route summarization for LSAs Type3 (on ABR) and Type5 (on ASBR)

rmetzger · ‎06-25-2009

Purpose

This article provides an example of how to configure OSPF route summarization for Type3 (on ABR) and Type5 (on ASBR) LSAs.

See the related articles for more information about configuration OSPF.

Scope
All Fortigate or VDOM running NAT mode.
Diagram
The following network scenario is used for this example. Note the use of 3 VDOMs one FortiGate 1 (FGT1).

Expectations, Requirements
FortiGate 2 (FGT2) has multiple IP addresses on its interface wan2, with OSPF enabled 10.142.0.1/23 --> 10.146.0.1/23, and multiple static routes that are advertised in OSPF : 10.102.0.0/23 --> 10.107.0.0/23.

The goal is to summarize all those routes across the areas and the routers.
Configuration

Notes.
 
1) The summary of external routes (LSAs Type5) can only be done on the ASBR that is originating those routes, this is FGT2 in the example

2) The summary of LSAs Type3 will be done on the ABR and controls the routes that will advertised into the other areas. In this example, this will be done on FGT1.

3) The command 'config summary-address' applies to ASBR summaries.

4) The commands 'config range, edit 1, set prefix 10.128.0.0 255.192.0.0' apply to ABR summaries.

5) The command 'set prefix 10.128.0.0 255.192.0.0' will cover the following range : 10.128.0.0 - 10.191.255.255.

6) The command 'set prefix 10.64.0.0 255.192.0.0' will cover the following range : 10.64.0.0 - 10.127.255.255.

OSPF configuration on FGT2 (area 0.0.0.1)

config router ospf
config area
edit 0.0.0.1
next
end
config network
edit 1
set area 0.0.0.1
set prefix 0.0.0.0 0.0.0.0
next
end
config redistribute "connected"
end
config redistribute "static"
set status enable
end
config redistribute "rip"
end
config redistribute "bgp"
end
set router-id 10.0.0.20
config summary-address <<< This applies to ASBRs
edit 1
set prefix 10.64.0.0 255.192.0.0
next
end
end

OSPF configuration of FGT1 - VDOM customer 1 (area 0.0.0.1)

config router ospf
config area
edit 0.0.0.1
next
end
config network
edit 1
set area 0.0.0.1
set prefix 0.0.0.0 0.0.0.0
next
end
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
set router-id 10.0.0.11
end

OSPF configuration of FGT1 - VDOM root (backbone area 0.0.0.0)

config router ospf
config area
edit 0.0.0.0
next
edit 0.0.0.1 <<< This applies to ABRs
config range
edit 1
set prefix 10.128.0.0 255.192.0.0
next
end
next
edit 0.0.0.2
next
end
config network
edit 1
set prefix 0.0.0.0 0.0.0.0
next
edit 2
set area 0.0.0.1
set prefix 10.161.0.0 255.255.255.252
next
edit 3
set area 0.0.0.2
set prefix 10.161.0.4 255.255.255.252
next
end
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
set router-id 10.0.0.10
end

OSPF configuration of FGT1 - VDOM customer2 (arear 0.0.0.2)

config router ospf
config area
edit 0.0.0.2
next
end
config network
edit 1
set area 0.0.0.2
set prefix 0.0.0.0 0.0.0.0
next
end
config redistribute "connected"
end
config redistribute "static"
end
config redistribute "rip"
end
config redistribute "bgp"
end
set router-id 10.0.0.30
end

Verification

Verification on FGT1 - VDOM customer1 (area 0.0.0.1)

FGT1 (customer1) # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default

O E2    10.64.0.0/10 [110/10] via 10.160.0.187, internal, 00:56:36
O       10.142.0.0/23 [110/110] via 10.160.0.187, internal, 02:52:09
O       10.143.0.0/23 [110/110] via 10.160.0.187, internal, 02:47:36
O       10.144.0.0/23 [110/110] via 10.160.0.187, internal, 02:47:26
O       10.145.0.0/23 [110/110] via 10.160.0.187, internal, 02:47:26
O       10.146.0.0/23 [110/110] via 10.160.0.187, internal, 02:47:26
C       10.160.0.0/23 is directly connected, internal
C       10.161.0.0/30 is directly connected, Inter-vdom11
C       10.161.0.2/32 is directly connected, Inter-vdom11
O IA    10.161.0.4/30 [110/200] via 10.161.0.1, Inter-vdom11, 01:56:04
O IA    192.168.182.0/23 [110/110] via 10.161.0.1, Inter-vdom11, 02:22:43

Verification on FGT1 - VDOM root

FGT1 (root) # get router info ospf database brief

                Router Link States (Area 0.0.0.0)

Link ID         ADV Router      Age Seq#     CkSum Flag Link count
10.0.0.10       10.0.0.10       1500 80000014 c825 0031 1

                Summary Link States (Area 0.0.0.0)

Link ID         ADV Router      Age Seq#     CkSum Flag Route
10.161.0.4      10.0.0.10       1070 80000004 6aca 0031 10.161.0.4/30

                ASBR-Summary Link States (Area 0.0.0.0)

Link ID         ADV Router      Age Seq#     CkSum Flag
10.0.0.20       10.0.0.10       240 80000005 4b12 0031

                Router Link States (Area 0.0.0.1)

Link ID         ADV Router      Age Seq#     CkSum Flag Link count
10.0.0.10       10.0.0.10       20   8000000b 36a8 0031 2
10.0.0.11       10.0.0.11       1510 8000000b 95e3 0012 3
10.0.0.20       10.0.0.20       408 80000013 692f 0012 6

                Net Link States (Area 0.0.0.1)

Link ID         ADV Router      Age Seq#     CkSum Flag
10.160.0.205    10.0.0.11       1090 80000006 fd97 0012

                Summary Link States (Area 0.0.0.1)

Link ID         ADV Router      Age Seq#     CkSum Flag Route
10.161.0.4      10.0.0.10       1560 80000004 6aca 0031 10.161.0.4/30
192.168.182.0   10.0.0.10       1130 80000005 a07b 0031 192.168.182.0/23

                Router Link States (Area 0.0.0.2)

Link ID         ADV Router      Age Seq#     CkSum Flag Link count
10.0.0.10       10.0.0.10       1610 8000000a 873d 0031 2
10.0.0.30       10.0.0.30       1433 80000007 8e25 0012 2

                Summary Link States (Area 0.0.0.2)

Link ID         ADV Router      Age Seq#     CkSum Flag Route
10.128.0.0      10.0.0.10       90   80000005 83a3 0031 10.128.0.0/10
192.168.182.0   10.0.0.10       1420 80000005 a07b 0031 192.168.182.0/23

                ASBR-Summary Link States (Area 0.0.0.2)

Link ID         ADV Router      Age Seq#     CkSum Flag
10.0.0.20       10.0.0.10       1640 80000004 4d11 0031

                AS External Link States

Link ID         ADV Router      Age Seq#     CkSum Flag Route              Tag
10.64.0.0       10.0.0.20       1198 80000002 efae 0012 E2 10.64.0.0/10    0

Verification on FGT1 - VDOM customer2 (area 0.0.0.2)

FGT1 (customer2) # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default

O E2    10.64.0.0/10 [110/10] via 10.161.0.5, Inter-vdom21, 00:58:47
O IA    10.128.0.0/10 [110/310] via 10.161.0.5, Inter-vdom21, 02:00:07
C       10.161.0.4/30 is directly connected, Inter-vdom21
C       10.161.0.6/32 is directly connected, Inter-vdom21
O IA    192.168.182.0/23 [110/110] via 10.161.0.5, Inter-vdom21, 02:24:26

FGT1 (customer2) # get router info ospf database brief

                Router Link States (Area 0.0.0.2)
Link ID         ADV Router      Age Seq#     CkSum Flag Link count
10.0.0.10       10.0.0.10       1714 8000000a 873d 0012 2
10.0.0.30       10.0.0.30       1535 80000007 8e25 0031 2

                Summary Link States (Area 0.0.0.2)

Link ID         ADV Router      Age Seq#     CkSum Flag Route
10.128.0.0      10.0.0.10       194 80000005 83a3 0012 10.128.0.0/10
192.168.182.0   10.0.0.10       1524 80000005 a07b 0012 192.168.182.0/23

                ASBR-Summary Link States (Area 0.0.0.2)

Link ID         ADV Router      Age Seq#     CkSum Flag
10.0.0.20       10.0.0.10       1744 80000004 4d11 0012

                AS External Link States

Link ID         ADV Router      Age Seq#     CkSum Flag Route              Tag
10.64.0.0       10.0.0.20       1302 80000002 efae 0012 E2 10.64.0.0/10    0

FGT1 (customer2) # get router info ospf database summary lsa

                Summary Link States (Area 0.0.0.2)

LS age: 241
Options: 0x2 (*|-|-|-|-|-|E|-)
LS Type: summary-LSA
Link State ID: 10.128.0.0 (summary Network Number)
Advertising Router: 10.0.0.10
LS Seq Number: 80000005
Checksum: 0x83a3
Length: 28
Network Mask: /10
        TOS: 0 Metric: 210

LS age: 1571
Options: 0x2 (*|-|-|-|-|-|E|-)
LS Type: summary-LSA
Link State ID: 192.168.182.0 (summary Network Number)
Advertising Router: 10.0.0.10
LS Seq Number: 80000005
Checksum: 0xa07b
Length: 28
Network Mask: /23
        TOS: 0 Metric: 10

FGT1 (customer2) # get router info ospf database asbr-summary lsa

ASBR-Summary Link States (Area 0.0.0.2)

LS age: 57
Options: 0x2 (*|-|-|-|-|-|E|-)
LS Type: ASBR-summary-LSA
Link State ID: 10.0.0.20 (AS Boundary Router address)
Advertising Router: 10.0.0.10
LS Seq Number: 80000005
Checksum: 0x4b12
Length: 28
Network Mask: /0
TOS: 0 Metric: 200

Troubleshooting
A common issue could be that on FGT2, the OSPF setting ' redistribute connected' is enabled ; this will have the consequence of advertising the local subnets 10.142.0.1/23 to 10.146.0.1/23 as LSA Type5 (External) instead of LSAs Type2 and will therefore invalidate the desired effect described in this scenario.