| Solution | The following is a comprehensive list of common reasons why a route appears in the OSPF LSDB but is not installed in the routing table: - OSPF is not in the FULL Adjacency State: a neighbor relationship exists but never reaches the FULL state, so LSA is present but not trusted for installation.
- Lower Administrative Distance (AD): Another route to the same prefix exists with a lower AD (e.g., static, connected, BGP).
- Route is already installed via another protocol: Even with the same AD, FortiGate prefers routes installed earlier (e.g., connected/static).
- Network Type Mismatch: Interface configured with the wrong network type (e.g., point-to-point vs. broadcast), causing incomplete adjacency or DR issues.
- Forwarding Address Unreachable: External LSA includes a forwarding address that is not reachable via OSPF.
- Invalid or Missing Next-Hop: The next-hop in the LSA is not resolvable or incorrect, preventing installation.
- Route Map Filtering on Redistribution: Route is filtered or modified with an invalid metric or tag during redistribution.
- Max-LSA Limit or RIB Overflow: OSPF or the router hits a limit on the number of LSAs or total routes in the RIB.
- Metric Too High: The cost of the redistributed route is too high and considered unusable.
- Route Tagging Conflicts: Route tags used in redistribution may conflict with route maps or policies, preventing installation.
- Redistribution Policy Errors: OSPF is configured to redistribute a source (e.g., static), but the actual route is missing or mismatched.
- Loop Prevention or OSPF Route Preference: FortiGate detects potential loops or prefers an alternative path based on routing policy.
- No OSPF Route to Advertising Router: Although LSAs are received, the originating router is unreachable via OSPF.
- Route not re-originated in NSSA Area: Redistribution into an NSSA area without redistribute or nssa default-information-originate properly configured.
- Missing or Competing LSA Origin (Most Common in Multi-Hub Designs): FortiGate may install a route from a non-preferred peer if that peer is the only one advertising the LSA for that prefix. OSPF does not permit FortiGate to select a neighbor that did not originate the LSA, even if the interface cost is lower.
Check any static route or OSPF Route Filtering are configured, as the route might be learned
through another protocol with a lower ad distance. Additionally, verify whether any filtering mechanisms such as a distribute-list, route-map, or prefix-list are applied, as these could be causing the issue. Please review the relevant configuration. Also, if OSPF area types such as Stub, Totally Stub, NSSA, or Totally NSSA are configured: note that only limited LSA types are allowed in these areas, and not all LSAs are permitted.
Useful commands:
get router info ospf database
get router info ospf route
get router info ospf database brief
get router info routing-table details
get router info routing-table ospf
get router info routing-table ospf | grep <network is learning on ospf>
get router info routing-table all | grep OSPF
get router info routing-table details <network is learning on OSPF and not present on routing table>
show router ospf Related article: Technical Tip: How to troubleshoot OSPF neighborship in various states
|
