I enjoyed Petr’s article regarding explicit next hop.  It reminded me of a scenario where a redistributed route, going into OSPF conditionally worked, depending on which reachable next hop was used.

Here is the topology for the scenario:

3 routers ospf fa blogpost

Here is the relevant (and working :) ) information for R1.

R1 screenshot

When we replace the static route, with a new reachable next hop, we loose the ability to ping

R1 screenshot 2

When we change the next hop for the static route, (which is being redistributed into OSPF), the route to no longer works, even though we have verified ability to ping the new next hop.

Can you solve this puzzle?  Please post your ideas!

For more troubleshooting scenarios, please see our CCIE Route-Switch workbooks, volume 2, for more than 100 challenging troubleshooting scenarios.

We will post the results right here, in a few days, after you have had a chance to post your comments and ideas.

Best wishes.



Thank you for all the great answers, (below in the comments).

R1, using a next hop of in its static route, will include that same address in the LSA as the forwarding address.  Among the requirements that make this possible, the one we are going to focus on here is that this next hop is in the same IP subnet as an OSPF interface (Lo0) on R1. (R1) and (next hop address, owned by R3).

R1 sends as fa

If we use a next hop that isn’t in the same IP subnet as an OSPF interface on R1, the LSA will not include the next hop forwarding address, which will then cause R2 to believe that R1 is the next hop and the route will fail to work.   We could also cause the to show up by changing the ospf network type for R1 Loop 0 to point-to-point, not including Loop 0 in the network statement for OSPF, or by setting Loop 0 as a passive interface for OSPF. (take your pick) :)

R1 sends fa

Again, thanks to all for the EXCELLENT answers and insights.

You rock!

You can leave a response, or trackback from your own site.

37 Responses to “OSPF on the move? Include a Forwarding Address”

  1. Arjan Hummel says:


    When we talk about a next hop it should really BE a next hop, which actually means that it should be an address on a local segment to which (in this case) R1 is connected to.

    The scenario states that “we have verified the ability to ping the new next hop”, but that’s actually not the case since is not a next hop from R1′s point of view (it’s the 2nd hop). A next hop should be reachable on layer 2 as well as layer 3. This is not the case in the scenario. Layer 3 is reachable, which is confirmed by the ping command, but layer 2 (MAC address of R3′s fa0/1 interface) is not reachable from R1.

    You can also look at it like this: if R1 was a PC with the default gateway set to (and no extra routes configured manually), it would only be able to communicate with locally connected segments, but not with any other networks. You can look at a configured static route on a router as the default gateway for a specific network segment.

    In this scenario it would be possible to change the static route to:
    ip route
    That should work.

    For a static route to be included in the actual routing table, the next hop has to be reachable at layer 2 and layer 3. For a route to be redistributed, it has to be in the routing table. The problem in this scenario hasn’t much to do with redistribution though.

    Arjan Hummel

  2. Mike says:

    in the first case, R1 uses FA (because 172.16/16 on lo0 covers next-hop and network on lo0 not p2p or p2mp) when redistributing static, and R2 correctly forwards packets to FA.
    in the second case, FA isn’t used and R2 sends invalid redirect (gw to R1.

  3. James Clifford says:


    Could it be that “redistribute connected metric-type 1 subnets” is missing from R3 OSPF instance?


  4. - R1′s loopback0 interface ip address is int the same network scope with R3′s loopback interface ip address. So R1 thinks that, R3′s ip address is in the same shared network with its own loopback0 interface. So:

    - if the next hop is in static route to network. When R1 is redistributing this static route to ospf, it uses third party forward address( in ospf database for network so R2 send packet to to reach this network

    - if the next hop is in static route to network. When R1 is redistributing this static route to ospf, it uses forward address in it’s ospf updates. (like next hop self). Because is a far next hop address, (not a shared network)
    So there is a loop between R1 and R2 for

  5. Petrit Berisha says:

    When R1 redistributes its static route (in this case with a next-hop of, it becomes an ASBR.
    show ip ospf will show that.
    This means for the other routers that anything that is external should go to R1. This is normal OSPF operation. We can see that if we do a show ip ospf database external on R1, that it advertises the network as Type 5 LSA. (note the F.A. is

    This Type 5 LSA reaches R2, it will enter the RIB in R2 as O E2 and a next-hop of R1, so he forwards it to the ASBR (R1) and the ping fails (the packet loops between R1 and R2 I guess).

    When we change the next-hop on R1 to, almost the same happens as above. With a little difference in the Forwarding Address filed. It’s not anymore but
    show ip ospf database external will show that.

    What I don’t know is why R1 includes a F.A. with a next-hop of and not with

    What I don’t know is why R1 set a F.A. for and not for

  6. Mo_1980 says:

    since the “redistribute static subnet”:

    when ip route was configured, R2′s FA address to reach 100. network was set to R3′s looback address.

    but when the static route changes to ip route, this changes the FA address to all zeros ( so the advertising router (R1 in this case) will be the next hop to reach R3′s address, the causes the packet to be looped.

  7. Jeremy says:

    My guess is that the new route is not being entered into the routing table.

    I notice a couple of interesting things but none of them lead me to the answer specifically:

    1) The OSPF network type is not point-to-point so it’s probably broadcast by default which means it does next-hop-preservation. I don’t think this plays into the scenerio but I noted it.

    2) The R1 and R3 loopbacks are both 172.16.X.X/16 and the original static points to (which is received via OSPF as a /32 and also falls within the connected network). This must be permitting the oritinal route to be added to the routing table and yet still route out of Fa0/0.

    When the static route’s next hop is changed to the route must not be added to the routing table. I’ve never really seen next hop’s, hops-away with an IGP so it’s a bit perplexing for me. >:D

  8. Marcel says:

    If the next hop for the static route is R1 will set the forward address in the external LSA to – in the other case, where the next hop is the LSA is generated with an forward address of

    In the second case R2 will install the prefix with R1 as the next hop which will not work.

  9. DavidP says:

    Following the Petr’s article
    “By default, the LSA is assumed to advertise the external prefix “connected” to the advertising router.”
    In our case advertising router is R1 and FA is zero
    On R2, External redistributed static route to network appears with gateway, routing loop occur

  10. memphis003 says:

    Here it is where forwarding address changes the behaviour of next-hop on multiaccess network with partially ospf adjacent routers.

    In the first case, when static route is pointing to, R1 is changing forwarding address in it’s LSA5 of to, because of the one of the rules of FA, that ospf should be enabled on next-hop interface and it shouldnt be p-t-p or p-t-m and so the R1-s loopback is in common subnet with R3-s loopback according to /16 mask which is next-hop in static route. (R1 acts as ASBR).

    With this feature R1 shows other routers having adjacency with it on the network that’s there’s better next-hop than R1-s interface and avoids traversing traffic via R1 to network. In the given case there’s no adjacent routers for R1, but anyway FA is changed and R2 receives LSA5 from R1 with FA and after spf on lsa R2 sets next-hop to for network

    In the second case of static route forwarding address stays and R2 is inserting route to with the next-hop of advertising router, in our case R1 with ip

    So the main reason for the successful ping with the first static route is that R1-s and R3-s loopbacks are in the common subnet :) ))


  11. Karel V. says:


    there is routing loop between R1 and R2 because R2 have this route in routing table:
    O E2 [110/20] via
    In first case, R1 is advertising as forwarding address in External LSA instead of
    I think this is because R1 have directly connected interface in
    I’m looking forward to read your explanation.

    Karel V

  12. WLchen says:

    This is a very good question to understand about OSPF forward-address. There is one STATIC route issue on R1 which point to different next-hop (R3 Lo0 & R3 F0/1). If R1 using R3 Lo0 as next-hop, the forward-address for the external LSA will be (R3 Lo0). But if R1 using R3 F0/1 as static route next-hop, the forward-address will be That’s why R1 can’t reach 100.100.100/24. Because R2 will learn 100.100.100/24 from R1 and point to R1. This cause routing loop. You might wonder to know “why R3 Lo0 as next-hop is work? ). Well, the external type 5 LSA point the 100.100.00/24 to the address of (R3 Lo0) and R2 know how to reach (R3 Lo0). so R2 will forward dst ip of 100.100.100/24 to R2 interface F0/1. And it work.

    There is rule for in forward-address from
    These conditions set the forwarding address field to a non-zero address:
    OSPF is enabled on the ASBR’s next hop interface AND
    ASBR’s next hop interface is non-passive under OSPF AND
    ASBR’s next hop interface is not point-to-point AND
    ASBR’s next hop interface is not point-to-multipoint AND
    ASBR’s next hop interface address falls under the network range specified in the router ospf command.
    Any other conditions besides these set the forwarding address to

  13. rmatha says:

    SInce the new next-hop is directly connected network on R2. the static redistributed to R2 will have O E2 route next-hop pointing back to R1 forming a routing loop.

    Previously the route was forwarded to R3 since next-hop loopback address ( of R3 was reachable via at R2

  14. Anton N. says:

    Hey, it’s a nice puzzle!
    At first glance, I thought that /16 prefixes at loopbacks were a typo, but they are part of a routing magic :)
    The idea is to tell R1′s OSPF process that is behind loopback0. R1 will add FA to external route advertisement, and even R2 (which even doesn’t know where is will acquire correct route.
    If we make loop0 at R1 OSPF passive interface, or change OSPF network type to point-to-point (multipoint), magic will disappear.

  15. Amit says:


    I labbed this up and not sure why ur’s didn’t work bcoz my pings to from R1 worked fine :) . Honestly, I was expecting it to work. However, the thing that confused me was when I had as the next-hop for the static route, R1 was advertising as the Forwarding Address in LSA 5. That should be the case.

    However, when I had as the next-hop for the static route, R1 was advertising as the FA in LSA 5. This surprised me.

  16. Patricio Villar says:

    Hi, is not a valid next hop for the static route, so this route is never installed in the FIB and no longer redistributed in OSPF.

    All the best

  17. nodo says:

    looks like only R1 is advertising route for
    because if static route is pointing to RID then LSA is created with Forward Address: :

    R1#sh ip route | begin 100.100
    S [1/0] via

    and created LSA is:

    R1#sh ip ospf database external

    OSPF Router with ID ( (Process ID 1)

    Type-5 AS External Link States

    LS age: 144
    Options: (No TOS-capability, DC)
    LS Type: AS External Link
    Link State ID: (External Network Number )
    Advertising Router:
    LS Seq Number: 80000003
    Checksum: 0x4E51
    Length: 36
    Network Mask: /24
    Metric Type: 2 (Larger than any link state path)
    TOS: 0
    Metric: 20
    Forward Address:
    External Route Tag: 0

    so on R2 route is seen facing R3:

    R2#sh ip route | begin 100.100.100.
    O E2 [110/20] via, 00:03:40, FastEthernet1/0 is subnetted, 1 subnets

    in case next hop in R1 is set not to RID of R3, LSA will be genetared with forward address of (for recursive route lookup)

    R1#sh ip route | begin 100.100
    S [1/0] via is subnetted, 1 subnets

    and LSA genetared is:

    R1#sh ip ospf database external

    OSPF Router with ID ( (Process ID 1)

    Type-5 AS External Link States

    LS age: 81
    Options: (No TOS-capability, DC)
    LS Type: AS External Link
    Link State ID: (External Network Number )
    Advertising Router:
    LS Seq Number: 80000001
    Checksum: 0xA7F8
    Length: 36
    Network Mask: /24
    Metric Type: 2 (Larger than any link state path)
    TOS: 0
    Metric: 20
    Forward Address:
    External Route Tag: 0

    R2 will receive that LSA and will install route to facing R1 because of LSA-s forward address is

    R2#sh ip route | begin 100.100.100.
    O E2 [110/20] via, 00:02:29, FastEthernet0/0

    and there is traceroute from R1:

    R1#traceroute numeric

    Type escape sequence to abort.
    Tracing the route to

    1 36 msec 44 msec 8 msec
    2 12 msec 4 msec 8 msec

  18. Alex V says:

    I can`t repeat your experience in my lab.
    I use two Cisco 3825 as the first and the last router and Cisoc ME 4300 in the middle. After all operations I still can ping that address. Here is some proof:

  19. Alex V says:

    Oh, sorry. Probably I`m not able to insert images. Here it is in link format:

  20. Morgan says:


    The R1 router is considered ASBR as he’s redistributing external route, so we have to remember the rule concerning how Forward address is advertised with type 5 LSA :

    - If the next-hop of the external routes is on the same subnet of an interface where ospf is activated (and not pt-to-pt or pt-to-mpt network type) the ASBR will use the external next-hop as Forwarding adress.

    This is case 1 with next-hop of for the static routes as R1 also have an interface with ospf activated on the same network (lo0 is

    -If the external next-hop rule failed, the ASBR will put as Forwarding adress, meaning that he is the forwarder.

    This is the case 2 where the next-hop is, as R1 has no interface on this subnet, he puts as FA, causing a routing loops : R2 will learn network by R1 and R1 by R2

  21. Tod says:

    R2 does not redistribute to R3 since the new static points to a directly attached subnet?

  22. Alejandro Javier Foti says:

    The OSPF forwarding address to the net is set to because R1 not have a OSPF active interface in the net If i shut the lo0 on R1 the ping to the interface does not respond. To solve this, you must create a lo interface with the any ip address in the range (diferent to and activate OSPF.

    Best regards

  23. Aziz says:

    Thanks for this nice tricky scenario

    I think that in the first case (static route), there was no problem because the forward address on the External LSA type-5 is which makes R2 to do a recursive lookup and resolve the address as next-hop …

    In the second case, the forward address is because when R2 received the update and looked to the forward address as, then did a quick lookup process, it realized that this network is directly connected, therfore R2 pointed to the adv router which is R1 ( After doing a recursive lookup on the adv router ID, R2 resolve the next-hop address and this is why the second ping didn’t success …

    Thanks again, and I’m looking forward to your answer


  24. jamal belarj says:

    An OSPF external route cannot use another OSPF external as its next hop.
    Probably the forwarding address is also redistributed in OSPF in R2 using redistribute connected.

  25. Marco Rizzi says:

    First, I noted that the two loopbacks and are on the same subnet (/16).
    R1 believes that the next hop is on the same subnet when using the first static, so sets the forward address on the LSA5 as

    R1(config)# ip route
    R1(config)#do sh ip ospf database external

    OSPF Router with ID ( (Process ID 1)

    Type-5 AS External Link States

    LS age: 300
    Options: (No TOS-capability, DC)
    LS Type: AS External Link
    Link State ID: (External Network Number )
    Advertising Router:
    LS Seq Number: 80000001
    Checksum: 0x524F
    Length: 36
    Network Mask: /24
    Metric Type: 2 (Larger than any link state path)
    TOS: 0
    Metric: 20
    Forward Address:
    External Route Tag: 0

    When we change the static route, the forward address is set as that sounds like “same as originating router”, so R2 installs a route that forward traffic back to R1, and the ping from R1 fails.

    R1(config)#no ip route
    R1(config)#ip route
    R1(config)#do sh ip ospf database external

    OSPF Router with ID ( (Process ID 1)

    Type-5 AS External Link States

    LS age: 3
    Options: (No TOS-capability, DC)
    LS Type: AS External Link
    Link State ID: (External Network Number )
    Advertising Router:
    LS Seq Number: 80000001
    Checksum: 0xA7F8
    Length: 36
    Network Mask: /24
    Metric Type: 2 (Larger than any link state path)
    TOS: 0
    Metric: 20
    Forward Address:
    External Route Tag: 0

    thanks again for the interesting challenge, as usual

  26. Anton Marchenko says:

    This is because when you redistribute routes into OSPF if a next-hop of external route belongs to a directly connected network and OSPF is also active on a local interface into that network, then Forward Address field in generated Type-5 LSA is a next-hop of redistributed route. Otherwise Forward Address in Type-5 LSA is

    In this case when you set next-hop for static route to R1 sees that is has a loopback interface in the network and OSPF is enabled on this loopback interface. Because of that R1 generates Type-5 LSA with Forward Address set to R2 accepts this Type-5 LSA, makes lookup on Forward Address and installs a route to via R3 and routing works fine.

    When you set next-hop for static route to R1 generates Type-5 LSA with Forward Address R2 receives this LSA and makes lookup not on Forward Address but on Advertising Router field which is R1′s OSPF router-id. Because of that R2 installs a route to via R1 which makes a routing loop.

  27. vinu says:

    clear case of recursion failure in R2 .

    in first case , the recursion in R2 will point it out to R1′s lo , second case R2 don’t know where to send the packet , so it drops.

  28. HEMANTH RAJ says:

    It is obviously a loop forming between R1 and R2 when next hop for the static route changes to checking on the ospf database on R2 for the external route ,the forwarding address is and it chooses the forwarding address as R1′s fa 0/0 interface and so recursive loop happens between R1 and R2.

    While setting the next hop to ,the forwarding address is and the packet gets routed correctly to R3


    When the next hop is set to be and when R1 redistributes the static into R2 and when R2 recieves it as external and a forwarding address must be associated with the external address and it sees as a third part next hop because R1′s loopback 0 is also in the same network and so R2 thinks that it is shared network and sees the better next hop as

    So R2 correctly forwards the packet to R3 ‘s loopback 0

  29. jkdrouter says: is on the same shared segment as its Loopback address (from R1′s standpoint).
    Since the network is advertised, not passive, not p2p or p2m – that address is used as next-hop. is not on shared segment on R1 therefore FA is

  30. Tobi says:

    According to, ospf will only set the FA to non-zero if
    (1) ASBR (r1) next-hop is not P-P or P-MP (ethernet in this case, broadcast media)
    (2) OSPF is enabled on next-hop interface (here R1 enables ospf on all interfaces with the network statement
    (3) ASBR next-hop is non-passive (no passive config here on lo0 of r1)
    (4) ASBR next-hop falls under network range in router ospf command i.e and both fall under

    When the static route was changed, the next hop belonged to an IP subnet not on any of the interfaces of R1, hence #2 above fails and FA became and a routing loop would ensue when packets are sent to R2 and then back to R1. Solution would be to create a loopback on R1 in the network.

  31. Chris h says:

    I cant wait … What is the answer ?? !! … and by the way, thanks a lot for doing this ….


  32. Rakesh says:

    on a quick glance no matter what we do ,

    0 > o IA > E

    so , even though technically you are redistributing things there , you are again redistributing an ospf interface which is typically belongs to internal network of ospf .. hence route recursion happens there ….

  33. Sokabi Moses says:

    I agree with Anil and Petrit.

    The reason R1 does not set the F..A and not for, is because R1 thinks and are on the same network. So when it originates the Type-5 LSA it includes the F.A telling its ospf neighbours that i can get to using So instead of send the packet to me and me sending it to, you should send it to directly though it still does a recursive lookup itself to find how to get to which it sends to R2.

    R2 then checks its routing table for the path to

    When the static route was changed to, R1 knows thats on a totally different network, and will use the 3rd party next-hop by changing the next-hop to itself, and a F.A of
    Once R2 gets the route advert, it sees that the next hop to is through R1. And since R1 does a recursive lookup to and knows it through R2. A loop forms.

  34. NET_OG says:

    FIRST OFF: it would have been good to know what AS R2 and R3 are in. I have to assume all in thee same AS.

    I think it comes down to LSAs, ultimately to get anywhere there has to be an LSA1 that identifies the specific link. Let’s start with R1: when it was redistributing the static route it said “to get to go to″. R1 is an ASBR.

    What did that do to you LSDB? Was it a type 5, type 3, or type 1 LSA? How does OSPF handle redistributing connected routes versus static routes? R1, once again is an ASBR, so it is a Type 5 LSA that was sent for the static. the question is what forwarding address did it use in the first scenario versus the second?

    Besides labbing up here is a good article:

    This links to another great article about forwarding Addresses:

    And finally another great link:

    Finally, after three documents tat elaborate on OSPF and peculiarities, I think Tobi (and anyone else that stated the same got it right).

    Thanks for the drill. it is good to get these little puzzlers, and thanks for holding off on posting the solution.

  35. drk235plus1 says:

    int lo23
    ip add
    any other subnet include “″ can set Forwarding Address, too.

  36. Tod says:

    When/where are you posting the answer?

    Thank you.


Leave a Reply


CCIE Bloggers