Skip to main content
subramanis
Staff
subramanis
Staff
July 25, 2025

Technical Tip: OSPF Summary Null Route Behavior on ABRs (Configuration and Removal Considerations)

  • July 25, 2025
  • 0 replies
  • 1059 views
Description This article explains how to configure a summary address on an OSPF Area Border Router (ABR) and describes how route summarization and the associated null route function.
Scope FortiGate.
Solution

Screenshot 2025-07-23 144945.jpg

 

FG1 (ABR) received four routes from FortiGate3 (20.0.0.2) in Area 1.
 
FortiGate1-ABR (root) # get router  info ospf  neighbor 
OSPF process 0, VRF 0:
Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           1   Full/DR         00:00:37    10.0.0.2        port4
3.3.3.3           1   Full/DR         00:00:31    20.0.0.2        port5
 
FortiGate1-ABR (root) # get router  info routing-table details 
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       V - BGP VPNv4
       * - candidate default
 
Routing table for VRF=0
C       10.0.0.0/24 is directly connected, port4
C       20.0.0.0/24 is directly connected, port5
O       172.16.1.0/24 [110/101] via 20.0.0.2, port5, 00:15:57, [1/0] <-----
O       172.16.2.0/24 [110/101] via 20.0.0.2, port5, 00:15:57, [1/0] <-----
O       172.16.3.0/24 [110/101] via 20.0.0.2, port5, 00:15:57, [1/0] <-----
O       172.16.4.0/24 [110/101] via 20.0.0.2, port5, 00:15:57, [1/0] <-----
 
For route summarization to work, all areas must maintain consistent LSDBs. Therefore, OSPF summarization can only be performed on border routers, specifically, Area Border Routers (ABRs) and Autonomous System Boundary Routers (ASBRs). In this case, FortiGate1-ABR acts as the ABR between the two areas.
 
FortiGate1-ABR (root) # show  router ospf 
config router ospf
    set abr-type cisco
    set router-id 1.1.1.1
        config area
            edit 0.0.0.0
            next
            edit 0.0.0.1
                config range
                    edit 1
                        set prefix 172.16.0.0 255.255.248.0 <---- Summarization.
                    next
                end
            next
end
 
FortiGate1-ABR (root) # get router info routing-table details 
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       V - BGP VPNv4
       * - candidate default
 
Routing table for VRF=0
C       10.0.0.0/24 is directly connected, port4
C       20.0.0.0/24 is directly connected, port5
O       172.16.0.0/21 [110/0] is a summary, Null, 00:20:41, [1/0]  <----- 
O       172.16.1.0/24 [110/101] via 20.0.0.2, port5, 00:20:41, [1/0]
O       172.16.2.0/24 [110/101] via 20.0.0.2, port5, 00:20:41, [1/0]
O       172.16.3.0/24 [110/101] via 20.0.0.2, port5, 00:20:41, [1/0]
O       172.16.4.0/24 [110/101] via 20.0.0.2, port5, 00:20:41, [1/0]
 
After applying the range command, the ABR installs a summary null route. This is expected behavior because it is configured as a /29 summary route covering the range 172.16.0.x to 172.16.7.x, while the actual networks present are only 172.16.1.x to 172.16.4.x.
 
For example, if the summary null route did not exist and a host connected to FortiGate1 tried to reach 172.16.0.1/24 (which falls within the summary range), the traffic would be forwarded, even though the destination does not exist, potentially causing routing loops. The null route ensures such traffic is safely discarded, preventing blackholing or loops for non-existent destinations within the summary range.
 
The summary null route cannot be removed. In scenarios where excluding the summary route is required, direct removal is not possible. Instead, a more specific static route can be added to override the null route behavior.
 
FortiGate2 # get router info routing-table details 
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       V - BGP VPNv4
       * - candidate default
 
Routing table for VRF=0
S*      0.0.0.0/0 [10/0] via 10.0.0.1, port3, [1/0]
C       10.0.0.0/24 is directly connected, port3
C       10.254.1.0/24 is directly connected, port1
O IA    20.0.0.0/24 [110/2] via 10.0.0.1, port3, 00:29:32, [1/0]
O IA    172.16.0.0/21 [110/102] via 10.0.0.1, port3, 00:29:26, [1/0] <--- FortiGate2 Received only summary route as expected.
    Terms & ConditionsAccessibility statement