Policy-Based Route

Introduction*

Policy-based routing provides a tool for forwarding and routing data packets based on policies defined by network administrators. In effect, it is a way to have the policy override routing protocol decisions. Policy-based routing includes a mechanism for selectively applying policies based on access list, packet size or other criteria. The actions taken can include routing packets on user-defined routes, setting the precedence, type of service bits, etc.

Here is the following setup:

I have used OSPF with single area to advertise all links to all routers; each router has 155.1.x.x (where x is the number of the router) when R6 is also advertise his 4 loopbacks – 192.168.10.x to 192.168.40.0.

R2 routing table:

R2#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     155.1.0.0/32 is subnetted, 6 subnets

O       155.1.6.6 [110/21] via 10.1.234.4, 00:02:18, FastEthernet0/1

                  [110/21] via 10.1.234.3, 00:02:18, FastEthernet0/1

O       155.1.5.5 [110/11] via 10.1.25.5, 00:02:18, Serial0/0

O       155.1.4.4 [110/11] via 10.1.234.4, 00:02:18, FastEthernet0/1

O       155.1.3.3 [110/11] via 10.1.234.3, 00:02:18, FastEthernet0/1

C       155.1.2.2 is directly connected, Loopback0

O       155.1.1.1 [110/11] via 10.1.12.1,

O    192.168.30.0/24 [110/21] via 10.1.234.4, 00:02:20, FastEthernet0/1

                     [110/21] via 10.1.234.3, 00:02:20, FastEthernet0/1

O    192.168.10.0/24 [110/21] via 10.1.234.4, 00:02:20, FastEthernet0/1

                     [110/21] via 10.1.234.3, 00:02:20, FastEthernet0/1

O    192.168.40.0/24 [110/21] via 10.1.234.4, 00:02:20, FastEthernet0/1

                     [110/21] via 10.1.234.3, 00:02:20, FastEthernet0/1

O    192.168.20.0/24 [110/21] via 10.1.234.4, 00:02:21, FastEthernet0/1

                     [110/21] via 10.1.234.3, 00:02:21, FastEthernet0/1

     10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks

C       10.1.12.0/24 is directly connected, FastEthernet0/0

O       10.1.6.0/24 [110/20] via 10.1.234.4, 00:02:21, FastEthernet0/1

                    [110/20] via 10.1.234.3, 00:02:21, FastEthernet0/1

C       10.1.25.0/24 is directly connected, Serial0/0

C       10.1.25.5/32 is directly connected, Serial0/0

O       10.1.56.0/24 [110/74] via 10.1.25.5, 00:02:21, Serial0/0

C       10.1.234.0/24 is directly connected, FastEthernet0/1

Now I have configured the following policy-based route on R2:

ip access-list extended NO-IP

!

access-list 10 permit 155.1.1.1

!

route-map PBR permit 10

 match ip address NO-IP

 set interface Serial0/0

!

route-map PBR permit 20

 match ip address 10

 set ip next-hop 10.1.234.3

Note the NO-IP extended ACL which is also configured on the first statement on the route-map PBR, configuring this policy on Fa0/0:

interface FastEthernet0/0

ip address 10.1.12.2 255.255.255.0

ip policy route-map PBR

duplex auto

speed auto

Verify the configuration result on R1:

R1# traceroute 155.1.6.6 source lo0

Type escape sequence to abort.

Tracing the route to 155.1.6.6

  1 10.1.12.2 24 msec 40 msec 28 msec

  2 10.1.25.5 40 msec 36 msec 40 msec

  3 10.1.56.6 52 msec *  52 msec

Note that the trace goes through R5; This is a common mistake to think that only specific ACL will catch the packets, an empty ACL will also do.

Removing route-map statement 10 will fix this issue:

R2(config)#no route-map PBR permit 10

The result:

R1# traceroute 155.1.6.6 source lo0

Type escape sequence to abort.

Tracing the route to 155.1.6.6

  1 10.1.12.2 40 msec 28 msec 20 msec

  2 10.1.234.3 52 msec 40 msec 20 msec

  3 10.1.6.6 72 msec *  84 msec

For the next test I configure R5 as the next-hop and R4 as the default next-hop:

route-map PBR permit 20

 match ip address 10

 set ip next-hop 10.1.25.5

 set ip default next-hop 10.1.234.4

R1 will go through R5 as the PBR dictate:

R1# traceroute 155.1.6.6 source lo0

Type escape sequence to abort.

Tracing the route to 155.1.6.6

  1 10.1.12.2 32 msec 48 msec 20 msec

  2 10.1.25.5 52 msec 20 msec 16 msec

  3 10.1.56.6 56 msec *  60 msec

Now let’s shutdown interface s0/0 on R2, the result:

R1# traceroute 155.1.6.6 source lo0

Type escape sequence to abort.

Tracing the route to 155.1.6.6

  1 10.1.12.2 24 msec 40 msec 16 msec

  2 10.1.234.4 32 msec 56 msec 32 msec

  3 10.1.6.6 76 msec *  80 msec

Next-hop is R4 according to the policy. This can only be achieved by shutting down interface s0/0 on R2, which is the directly connected to R5, else R2 didn’t know that he can’t reach 10.1.25.5 and the policy had failed.

Now let’s do things a little bit more complicated, I have configured an IP SLA, with icmp echo type, and tracking objects toward R3 and R4 loopbacks:

ip sla monitor 3

 type echo protocol ipIcmpEcho 155.1.3.3

ip sla monitor schedule 3 life forever start-time now

ip sla monitor 4

 type echo protocol ipIcmpEcho 155.1.4.4

ip sla monitor schedule 4 life forever start-time now

!

track 3 rtr 3 reachability

!

track 4 rtr 4 reachability

Also changed the route-map to route traffic to each of these routers only if the router loopback is reachable:

route-map PBR permit 20

 match ip address 10

 set ip next-hop verify-availability 10.1.234.3 1 track 3

 set ip next-hop verify-availability 10.1.234.4 2 track 4

Verify-availability command makes sure that as long as the track object is true (up) it will commit the set command, else it will be ignored. In my example the first set is toward R3 10.1.234.3 IP only if R3 loopback is reachable, else it will go to the next-hop sequence in the list which is R4 IP 10.1.234.4.

Where all loopbacks are up:

R1# traceroute 155.1.6.6 source lo0           

Type escape sequence to abort.

Tracing the route to 155.1.6.6

  1 10.1.12.2 28 msec 36 msec 24 msec

  2 10.1.234.3 52 msec 44 msec 16 msec

  3 10.1.6.6 72 msec *  56 msec

Shutting down R3 loopback:

R2#

*Mar  1 01:41:59.951: %TRACKING-5-STATE: 3 rtr 3 reachability Up->Down

R1# traceroute 155.1.6.6 source lo0            

Type escape sequence to abort.

Tracing the route to 155.1.6.6

  1 10.1.12.2 68 msec 28 msec 24 msec

  2 10.1.234.4 28 msec 44 msec 24 msec

  3 10.1.6.6 76 msec *  76 msec

Bring it back up:

R2#

*Mar  1 01:44:54.951: %TRACKING-5-STATE: 3 rtr 3 reachability Down->Up

R1# traceroute 155.1.6.6 source lo0           

Type escape sequence to abort.

Tracing the route to 155.1.6.6

  1 10.1.12.2 60 msec 40 msec 20 msec

  2 10.1.234.3 40 msec 40 msec 36 msec

  3 10.1.6.6 80 msec *  56 msec

Policy-based route debugging

Use the command debug ip policy to debug policy-based route actions:

R2# debug ip policy

Policy routing debugging is on

The result:

R1# traceroute 155.1.6.6 source lo0           

R2#

*Mar  1 02:00:20.291: IP: s=155.1.1.1 (FastEthernet0/0), d=155.1.6.6, len 28, FIB policy match

*Mar  1 02:00:20.291: IP: s=155.1.1.1 (FastEthernet0/0), d=155.1.6.6, g=10.1.234.3, len 28, FIB policy routed

R1# traceroute 155.1.6.6

R2#

*Mar  1 02:00:55.047: IP: s=10.1.12.1 (FastEthernet0/0), d=155.1.6.6, len 28, FIB policy rejected(no match) - normal forwarding

*Mar  1 02:00:55.095: IP: s=10.1.12.1 (FastEthernet0/0), d=155.1.6.6, len 28, FIB policy rejected(no match) - normal forwarding

Policy-based route match and set*

Although there are many route-map matching options, here you can specify only length and/or ip address.

length matches the Level 3 length of the packet.

ip address matches the source or destination IP address that is permitted by one or more standard or extended access lists.

If you do not specify a match command, the route map applies to all packets.

You can specify any or all of the following:

precedence: Sets precedence value in the IP header. You can specify either the precedence number or name.

df: Sets the `Don't Fragment' (DF) bit in the ip header.

vrf: Sets the VPN Routing and Forwarding (VRF) instance.

next-hop: Sets next hop to which to route the packet.

next-hop recursive: Sets next hop to which to route the packet if the hop is to a router which is not adjacent.

interface: Sets output interface for the packet.

default next-hop: Sets next hop to which to route the packet if there is no explicit route for this destination.

default interface: Sets output interface for the packet if there is no explicit route for this destination.

The set interface command is supported only over point-to-point links;

Policy-based route and CEF*

Beginning in Cisco IOS Release 12.0, PBR is supported in the Cisco Express Forwarding (CEF) switching path. CEF-switched PBR has better performance than fast-switched PBR and, therefore, is the optimal way to perform PBR on a router.

No special configuration is required to enable CEF-switched PBR. It is on by default as soon as you enable CEF and PBR on the router.

*taken from Cisco site at: http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr_ps1835_TSD_Products_Configuration_Guide_Chapter.html

OSPF Virtual-link and GRE tunnel

Here is the following scenario:

As you can see we will need to configure some kind of area 0 connection between R1 to R2 and R4 to R5.

Virtual-Link

So for the first example I will use virtual-link, let’s have some notes regarding those:

      1.       Virtual-link configured on an ABR (Area Border Router) which connects, through the    transit area, to Area 0.

      2.       Transit area is an area with next-hop to Area 0

      3.       Virtual-link is configured between router-id’s

For example:

R1 loopback1 is in area 1 and need to be connected to Area 0 in order to advertise his subnet. R1 is also the ABR, which connects area 1 to area 12. Area 12 is the transit area because it connected to R2 which connected to Area 0 (next-hop idea…)

Based on the following example R1 should have virtual-link to R2, while configuring a virtual-link based on the interfaces addresses won’t work:

R1:

R1(config-if)#router ospf 1

R1(config-router)# area 12 virtual-link 10.1.12.2

R1#sh ip ospf virtual-links

Virtual Link OSPF_VL0 to router 10.1.12.2 is down

  Run as demand circuit

  DoNotAge LSA allowed.

  Transit area 12, Cost of using 65535

  Transmit Delay is 1 sec, State DOWN,

  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

R2:

R2(config-if)#router ospf 1

R2(config-router)# area 12 virtual-link 10.1.12.1

R2#sh ip ospf virtual-links

Virtual Link OSPF_VL0 to router 10.1.12.1 is down

  Run as demand circuit

  DoNotAge LSA allowed.

  Transit area 12, Cost of using 65535

  Transmit Delay is 1 sec, State DOWN,

  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

As you may recall router-id is based on highest loopback IP or else higher interface IP, hence in our example were R1 has lo1 and R2 has loopback 0, we will have to configure the virtual-link between these IP’s in order to make it work.

Using show ip protocol will reveal the router-id:

R1#sh ip protocols

Routing Protocol is "ospf 1"

  Outgoing update filter list for all interfaces is not set

  Incoming update filter list for all interfaces is not set

  Router ID 172.16.1.1

  It is an area border router

  Number of areas in this router is 3. 3 normal 0 stub 0 nssa

  Maximum path: 4

  Routing for Networks:

    10.1.12.1 0.0.0.0 area 12

    172.16.1.1 0.0.0.0 area 1

 Reference bandwidth unit is 100 mbps

  Routing Information Sources:

    Gateway         Distance      Last Update

    3.3.3.3              110      00:16:10

    2.2.2.2              110      00:16:10

  Distance: (default is 110)

So correcting the configuration to look like that:

R1:

router ospf 1

 log-adjacency-changes

 area 12 virtual-link 2.2.2.2

 network 10.1.12.1 0.0.0.0 area 12

 network 172.16.1.1 0.0.0.0 area 1

R2:

router ospf 1

 log-adjacency-changes

 area 12 virtual-link 172.16.1.1

 network 2.2.2.2 0.0.0.0 area 0

 network 10.1.12.2 0.0.0.0 area 12

 network 10.1.23.2 0.0.0.0 area 0

Verify the result:

R1#show ip ospf virtual-links

Virtual Link OSPF_VL1 to router 2.2.2.2 is up

  Run as demand circuit

  DoNotAge LSA allowed.

  Transit area 12, via interface FastEthernet0/0, Cost of using 10

  Transmit Delay is 1 sec, State POINT_TO_POINT,

  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

    Hello due in 00:00:02

    Adjacency State FULL (Hello suppressed)

    Index 1/2, retransmission queue length 0, number of retransmission 0

    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)

    Last retransmission scan length is 0, maximum is 0

    Last retransmission scan time is 0 msec, maximum is 0 msec

GRE Tunnel

Now for the second example, we will need to connect area 45 to Area 0 through area 34. For this task I will configure a GRE tunnel between R4, which have interface in area 45, to R3 which have interface in Area 0.

R3:

R3(config)#interface tunnel1

R3(config-if)#ip address 10.0.0.3 255.255.255.0

R3(config-if)#tunnel source 10.1.34.3

R3(config-if)#tunnel destination 10.1.34.4

R4:

R3(config)#interface tunnel1

R3(config-if)#ip address 10.0.0.3 255.255.255.0

R3(config-if)#tunnel source 10.1.34.3

R3(config-if)#tunnel destination 10.1.34.4

Note that I have used the directly connected interface for tunnel source/destination but I could use the loopback as well. 

Now that the tunnel is up but it won’t be enough, we will have to configure the tunnel IP under OSPF process in order to start see area 45 in R3 routing table.

R3#show ip route ospf

     2.0.0.0/32 is subnetted, 1 subnets

O       2.2.2.2 [110/11] via 10.1.23.2, 00:36:59, FastEthernet0/0

     172.16.0.0/24 is subnetted, 1 subnets

O IA    172.16.1.0 [110/21] via 10.1.23.2, 00:36:59, FastEthernet0/0

     10.0.0.0/24 is subnetted, 4 subnets

O IA    10.1.12.0 [110/20] via 10.1.23.2, 00:36:59, FastEthernet0/0

So I have configured the tunnel into OSPF process:

R4:

R4(config)#router ospf 1

R4(config-router)#network 10.0.0.4 0.0.0.0 area 0

R3:

R3#configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

R3(config)#router ospf 1

R3(config-router)#network 10.0.0.3 0.0.0.0 area 0

Note that unlike virtual-link were we configure the transit area, in GRE we need to connect the tunnel to Area 0.

The result:

R3(config-router)#do show ip route ospf

     2.0.0.0/32 is subnetted, 1 subnets

O       2.2.2.2 [110/11] via 10.1.23.2, 00:00:01, FastEthernet0/0

     4.0.0.0/32 is subnetted, 1 subnets

O IA    4.4.4.4 [110/11112] via 10.0.0.4, 00:00:01, Tunnel1

     172.16.0.0/24 is subnetted, 1 subnets

O IA    172.16.1.0 [110/21] via 10.1.23.2, 00:00:01, FastEthernet0/0

     10.0.0.0/24 is subnetted, 5 subnets

O IA    10.1.12.0 [110/20] via 10.1.23.2, 00:00:01, FastEthernet0/0

O IA    10.1.45.0 [110/11121] via 10.0.0.4, 00:00:01, Tunnel1

GRE may be more flexible solution as it may connect through boundaries and segments that doesn’t related to OSPF domain at all.

OSPF Database and LSA's

One of the most useful things we can use to troubleshoot or just to understand the topology of routing protocols is to have the ability to look into their databases or tables and to understand what the routing protocol see and learn and which information he is holding.

OSPF protocol exchange information with his adjacent neighbors using LSA, which stands for Link-State Advertisement. While exchanging LSA’s OSPF is building an LSDB – Link-State Database, which holds all the relevant information which allow OSPF to take routing decisions based on this information.

Each router, in the OSPF AS, is holding an LSDB which relevant and organized from his point of view and the SFP algorithm is applied on the LSDB to choose the shortest path available according to this database.

So following the network topology, in my last post, let’s run some show commands:

R3#show ip ospf database

            OSPF Router with ID (3.3.3.3) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count

2.2.2.2         R2              1197        0x80000035 0x00C1C0 2

3.3.3.3         R3              867         0x80000035 0x0030CC 3

4.4.4.4         R4              530         0x8000003A 0x00CC15 3

5.5.5.5         R5              2     (DNA) 0x80000003 0x00C8E4 1

                Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum

10.1.23.3       R3              867         0x80000032 0x0003C0

10.1.34.3       R3              1364        0x8000002E 0x00F5BE

                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum

1.1.1.1         R2              1197        0x80000032 0x002BC9

5.5.5.5         R4              530         0x8000002A 0x00469E

5.5.5.5         R5              22    (DNA) 0x80000001 0x0016FD

6.6.6.6         R5              22    (DNA) 0x80000001 0x004CB9

10.1.12.0       R2              1198        0x80000032 0x003CA6

10.1.45.0       R4              1775        0x8000002F 0x009923

10.1.45.0       R5              22    (DNA) 0x80000001 0x00D70F

10.1.56.0       R5              22    (DNA) 0x80000001 0x005E7D

192.168.0.0     R2              1198        0x8000002A 0x00D5F7

                Summary ASB Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum

5.5.5.5         R4              532         0x8000002A 0x002EB6

6.6.6.6         R5              22    (DNA) 0x80000001 0x0034D1

                Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag

172.16.0.0      R6              1436        0x80000029 0x00CFEB 999

172.16.4.0      R6              1436        0x80000032 0x001F77 0

172.25.0.0      R5              396         0x80000029 0x00EBB9 0

Displays a quick summary of the LSDB for OSPF router with ID 3.3.3.3 (which is R3 in this case).

The first section, Router Link States (Area 0), refer to LSA type 1 – self-originated links which represent all interfaces in this area, we can also notice the virtual-link from R5 with a DNA (Do Not Age) notification.

The second section, Net Link States (Area 0, LSA type 2 refer to interfaces advertised by the DR in this segment.

The third section, Summary Net Link States (Area 0), LSA type 3 - refer to subnets and interfaces, from other areas, advertised by the ABR into that area.

Forth section, Summary ASB Link States (Area 0), LSA type 4 - point a route to reach an ASBR

The fifth section, Type-5 AS External Link States, refer to LSA type 5, created by an ASBR, for external routes injected into the OSPF domain.

Running the same command, sh ip ospf database, on R6 will result in the following output:

R6#sh ip ospf database

            OSPF Router with ID (6.6.6.6) (Process ID 1)

                Router Link States (Area 6)

Link ID         ADV Router      Age         Seq#       Checksum Link count

5.5.5.5         R5              6           0x8000003E 0x0065C4 1

6.6.6.6         R6              5           0x80000038 0x00AB53 2

                Net Link States (Area 6)

Link ID         ADV Router      Age         Seq#       Checksum

10.1.56.6       R6              0           0x80000034 0x00BCB6

                Summary Net Link States (Area 6)

Link ID         ADV Router      Age         Seq#       Checksum

1.1.1.1         R5              12          0x8000002B 0x00B11A

2.2.2.2         R5              12          0x8000002B 0x001FB2

3.3.3.3         R5              12          0x8000002B 0x008C4B

4.4.4.4         R5              12          0x8000002B 0x00F9E3

5.5.5.5         R5              12          0x8000002B 0x00677C

10.1.12.0       R5              12          0x8000002B 0x00C2F6

10.1.23.0       R5              12          0x8000002B 0x00E4D3

10.1.34.0       R5              14          0x8000002B 0x0007B0

10.1.45.0       R5              14          0x8000002B 0x00298D

192.168.0.0     R5              14          0x8000002C 0x004A51

                Type-7 AS External Link States (Area 6)

Link ID         ADV Router      Age         Seq#       Checksum Tag

172.16.0.0      R6              337         0x80000001 0x00B809 999

172.16.4.0      R6              337         0x80000001 0x001A8B 0

172.25.0.0      R5              13          0x80000001 0x0020AB 0

Note that no LSA type 4 or 5 are exist due to the fact that area 6 has been configured, on R5 and R6, as NSSA area which allows only LSA type 1, 2,3 and 7.

LSA type 7 are much like LSA type 5 (injected external routes) with a difference that they are injected into an NSSA area, which doesn’t allow LSA type 5 so they are converted to type 7.

R5#show ip ospf database adv-router 4.4.4.4 allows us to see all LSA’s advertised by router R4 (router-id 4.4.4.4):

5#show ip ospf database adv-router 4.4.4.4

            OSPF Router with ID (5.5.5.5) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count

4.4.4.4         R4              1     (DNA) 0x80000011 0x001FEB 3

                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum

5.5.5.5         R4              216   (DNA) 0x80000001 0x009875

10.1.45.0       R4              1052  (DNA) 0x80000006 0x00EBF9

                Summary ASB Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum

5.5.5.5         R4              216   (DNA) 0x80000001 0x00808D

                Router Link States (Area 5)

Link ID         ADV Router      Age         Seq#       Checksum Link count

4.4.4.4         R4              719         0x8000003C 0x000150 1

         

                Net Link States (Area 5)

Link ID         ADV Router      Age         Seq#       Checksum

10.1.45.4       R4              719         0x8000002B 0x00AEF0

<OUTPUT OMMITTED>

Show ip ospf database network allows us to see all LSA type 2 (advertised by DR’s), for all areas connected to this router, with much more details such the DR identity, the attached routers to this link, the subnet mask and the advertising router. 

R5#show ip ospf database network

            OSPF Router with ID (5.5.5.5) (Process ID 1)

                Net Link States (Area 0)

  Routing Bit Set on this LSA

  LS age: 919 (DoNotAge)

  Options: (No TOS-capability, DC)

  LS Type: Network Links

  Link State ID: 10.1.23.3 (address of Designated Router)

  Advertising Router: R3

  LS Seq Number: 80000009

  Checksum: 0x5597

  Length: 32

  Network Mask: /24

        Attached Router: 3.3.3.3

        Attached Router: 2.2.2.2

  Routing Bit Set on this LSA

  LS age: 1175 (DoNotAge)

  Options: (No TOS-capability, DC)

  LS Type: Network Links

  Link State ID: 10.1.34.3 (address of Designated Router)

  Advertising Router: R3

  LS Seq Number: 80000005

  Checksum: 0x4895

  Length: 32

  Network Mask: /24

        Attached Router: 3.3.3.3

        Attached Router: 4.4.4.4

                Net Link States (Area 5)

  Routing Bit Set on this LSA

  LS age: 858

  Options: (No TOS-capability, DC)

  LS Type: Network Links

  Link State ID: 10.1.45.4 (address of Designated Router)

  Advertising Router: R4

  LS Seq Number: 8000002B

  Checksum: 0xAEF0

  Length: 32

  Network Mask: /24

        Attached Router: 4.4.4.4

        Attached Router: 5.5.5.5

                Net Link States (Area 6)

  Routing Bit Set on this LSA

  LS age: 479

  Options: (No TOS-capability, DC)

  LS Type: Network Links

  Link State ID: 10.1.56.6 (address of Designated Router)

  Advertising Router: R6

  LS Seq Number: 80000034

  Checksum: 0xBCB6

  Length: 32

  Network Mask: /24

        Attached Router: 6.6.6.6

        Attached Router: 5.5.5.5

Show ip ospf database external will displays all external routes with their relevant information. Note summary prefix 172.16.0.0/22, which has been tagged by R6 in the previous post, is also appear here.

R4#sh ip ospf database external

            OSPF Router with ID (4.4.4.4) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA

  LS age: 930

  Options: (No TOS-capability, DC)

  LS Type: AS External Link

  Link State ID: 172.16.0.0 (External Network Number )

  Advertising Router: R5

  LS Seq Number: 80000001

  Checksum: 0x6B64

  Length: 36

  Network Mask: /22

        Metric Type: 2 (Larger than any link state path)

        TOS: 0

        Metric: 20

        Forward Address: 6.6.6.6

        External Route Tag: 999

  Routing Bit Set on this LSA

  LS age: 930

  Options: (No TOS-capability, DC)

  LS Type: AS External Link

  Link State ID: 172.16.4.0 (External Network Number )

  Advertising Router: R5

  LS Seq Number: 80000001

  Checksum: 0xCCE6

  Length: 36

  Network Mask: /24

        Metric Type: 2 (Larger than any link state path)

        TOS: 0

        Metric: 20

        Forward Address: 6.6.6.6

        External Route Tag: 0

  Routing Bit Set on this LSA

  LS age: 955

  Options: (No TOS-capability, DC)

  LS Type: AS External Link

  Link State ID: 172.25.0.0 (External Network Number )

  Advertising Router: R5

  LS Seq Number: 8000002A

  Checksum: 0xE9BA

  Length: 36

  Network Mask: /21

        Metric Type: 2 (Larger than any link state path)

        TOS: 0

        Metric: 20

        Forward Address: 0.0.0.0

        External Route Tag: 0