Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
516
Views
0
Helpful
0
Comments

NSSA ABRs translator with RFC 3101 and 1587

Meddane
VIP
VIP
‎09-02-2021 06:39 AM

1.PNG

 

Basic configuration of all routers:

R1:

ipv uni

!

interface FastEthernet0/0

 ip address 123.0.0.1 255.255.255.0

 ipv6 enable

 ospfv3 1 ipv4 area 0

 no shut

!

router ospfv3 1

 !

 address-family ipv4 unicast

  router-id 1.1.1.1

 exit-address-family

 

R2:

ipv uni

!

interface FastEthernet0/0

 ip address 123.0.0.2 255.255.255.0

 ipv6 enable

 ospfv3 1 ipv4 area 0

 no shut

!

interface Serial1/0

 ip address 24.0.0.2 255.255.255.0

 ipv6 enable

 ospfv3 1 ipv4 area 1

 no shut

!

router ospfv3 1

 !

 address-family ipv4 unicast

  router-id 2.2.2.2

 exit-address-family

 

R3:

ipv uni

!

interface FastEthernet0/0

 ip address 123.0.0.3 255.255.255.0

 ipv6 enable

 ospfv3 1 ipv4 area 0

 no shut

!

interface Serial1/0

 ip address 34.0.0.3 255.255.255.0

 ipv6 enable

 ospfv3 1 ipv4 area 1

 no shut

!

router ospfv3 1

 !

 address-family ipv4 unicast

  router-id 3.3.3.3

 exit-address-family

 

R4:

ipv uni

!

interface Loopback0

 ip address 4.4.4.4 255.255.255.0

!

interface Serial1/0

 ip address 24.0.0.4 255.255.255.0

 ipv6 enable

 ospfv3 1 ipv4 area 1

 no shut

!

interface Serial1/1

 ip address 34.0.0.4 255.255.255.0

 ipv6 enable

 ospfv3 1 ipv4 area 1

 no shut

!

router ospfv3 1

 router-id 4.4.4.4

 !

 address-family ipv4 unicast

  redistribute connected route-map CONNECTED

  area 1 nssa

 exit-address-family

!

route-map CONNECTED permit 10

 match interface Loopback0

 

Area 1 an NSSA.

R2 and R3 are ABRs NSSA.

R4 is ASBR NSSA and redistributes the prefix 4.4.4.0/24 into NSSA:

 

We can see below that R4 creates LSA Type 7 for the prefix 4.4.4.0/24:

 

R4#show ospfv3 database nssa-external

 

          OSPFv3 1 address-family ipv4 (router-id 4.4.4.4)

 

                Type-7 AS External Link States (Area 1)

 

  LS age: 63

  LS Type: AS External Link

  Link State ID: 1

  Advertising Router: 4.4.4.4

  LS Seq Number: 80000001

  Checksum: 0x6148

  Length: 48

  Prefix Address: 4.4.4.0

  Prefix Length: 24, Options: P

  Metric Type: 2 (Larger than any link state path)

  Metric: 20

  Forward Address: 34.0.0.4

 

R4#

 

From RFC 3101, If there are multiple NSSA ABRs capable of performing Type 7-to-5 translation, the router advertising with higher Router ID is elected as the translator. The NSSA ABR that is no longer required to perform translation, flushes its Type 5 LSAs. In this case the RID of R2 is 2.2.2.2 and the RID of R3 is 3.3.3.3 thus R3 wins and performs the translation of LSA 7 into LSA5, the show ospv3 data ext command below shown the LSA Type 5 originated by R3:

 

R3#show ospfv3 database external

 

          OSPFv3 1 address-family ipv4 (router-id 3.3.3.3)

 

                Type-5 AS External Link States

 

  LS age: 116

  LS Type: AS External Link

  Link State ID: 0

  Advertising Router: 3.3.3.3

  LS Seq Number: 80000001

  Checksum: 0x8315

  Length: 48

  Prefix Address: 4.4.4.0

  Prefix Length: 24, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 20

  Forward Address: 34.0.0.4

 

R3#

 

We can verify that R2 does not originate LSA Type 5 using the show ospfv3 database external self-originate command and it learns the LSA Type 5 from R3 as shown by the show ospfv3 database external adv 3.3.3.3 command:

 

R2#show ospfv3 database external self-originate

 

          OSPFv3 1 address-family ipv4 (router-id 2.2.2.2)

R2#

R2#show ospfv3 database external adv 3.3.3.3

 

          OSPFv3 1 address-family ipv4 (router-id 2.2.2.2)

 

                Type-5 AS External Link States

 

  LS age: 286

  LS Type: AS External Link

  Link State ID: 0

  Advertising Router: 3.3.3.3

  LS Seq Number: 80000001

  Checksum: 0x8315

  Length: 48

  Prefix Address: 4.4.4.0

  Prefix Length: 24, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 20

  Forward Address: 34.0.0.4

 

R2#

 

R3#show ospfv3 database external self-originate

 

          OSPFv3 1 address-family ipv4 (router-id 3.3.3.3)

 

              Type-5 AS External Link States

 

  LS age: 217

  LS Type: AS External Link

  Link State ID: 0

  Advertising Router: 3.3.3.3

  LS Seq Number: 80000001

  Checksum: 0x8315

  Length: 48

  Prefix Address: 4.4.4.0

  Prefix Length: 24, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 20

  Forward Address: 34.0.0.4

 

R3#

 

The show ospfv3 is another way to verify which NSSA ABR is performing the translation, below the output displayed on R3 shown that it is the translator, notice line "Perform type-7/type-5 LSA translation" :

 

R3#show ospfv3

 OSPFv3 1 address-family ipv4

 Router ID 3.3.3.3

 Supports NSSA (compatible with RFC 3101)

 Event-log enabled, Maximum number of events: 1000, Mode: cyclic

 It is an area border and autonomous system boundary router

 Redistributing External Routes from,

 Router is not originating router-LSAs with maximum metric

 Initial SPF schedule delay 5000 msecs

 Minimum hold time between two consecutive SPFs 10000 msecs

 Maximum wait time between two consecutive SPFs 10000 msecs

 Minimum LSA interval 5 secs

 Minimum LSA arrival 1000 msecs

 LSA group pacing timer 240 secs

 Interface flood pacing timer 33 msecs

 Retransmission pacing timer 66 msecs

 Retransmission limit dc 24 non-dc 24

 Number of external LSA 1. Checksum Sum 0x00791E

 Number of areas in this router is 2. 1 normal 0 stub 1 nssa

 Graceful restart helper support enabled

 Reference bandwidth unit is 100 mbps

 RFC1583 compatibility enabled

    Area BACKBONE(0)

        Number of interfaces in this area is 1

        SPF algorithm executed 7 times

        Number of LSA 12. Checksum Sum 0x065EE8

        Number of DCbitless LSA 0

        Number of indication LSA 0

        Number of DoNotAge LSA 0

        Flood list length 0

    Area 1

        Number of interfaces in this area is 1

        It is a NSSA area

        Perform type-7/type-5 LSA translation

        SPF algorithm executed 10 times

        Number of LSA 11. Checksum Sum 0x0551F8

        Number of DCbitless LSA 0

        Number of indication LSA 0

        Number of DoNotAge LSA 0

        Flood list length 0

 

R3#

 

The same command show ospfv3 can be used on R2 to verify that there is no mention of the message "Perform type-7/type-5 LSA translation":

 

R2#show ospfv3

 OSPFv3 1 address-family ipv4

 Router ID 2.2.2.2

 Supports NSSA (compatible with RFC 3101)

 Event-log enabled, Maximum number of events: 1000, Mode: cyclic

 It is an area border and autonomous system boundary router

 Redistributing External Routes from,

 Router is not originating router-LSAs with maximum metric

 Initial SPF schedule delay 5000 msecs

 Minimum hold time between two consecutive SPFs 10000 msecs

 Maximum wait time between two consecutive SPFs 10000 msecs

 Minimum LSA interval 5 secs

 Minimum LSA arrival 1000 msecs

 LSA group pacing timer 240 secs

 Interface flood pacing timer 33 msecs

 Retransmission pacing timer 66 msecs

 Retransmission limit dc 24 non-dc 24

 Number of external LSA 1. Checksum Sum 0x009704

 Number of areas in this router is 2. 1 normal 0 stub 1 nssa

 Graceful restart helper support enabled

 Reference bandwidth unit is 100 mbps

 RFC1583 compatibility enabled

    Area BACKBONE(0)

        Number of interfaces in this area is 1

        SPF algorithm executed 12 times

        Number of LSA 12. Checksum Sum 0x065EE8

        Number of DCbitless LSA 0

        Number of indication LSA 0

        Number of DoNotAge LSA 0

        Flood list length 0

    Area 1

        Number of interfaces in this area is 1

        It is a NSSA area

        SPF algorithm executed 17 times

        Number of LSA 11. Checksum Sum 0x057503

        Number of DCbitless LSA 0

        Number of indication LSA 0

        Number of DoNotAge LSA 0

        Flood list length 0

 

R2#

 

In the outputs of the show ospfv3 command displayed above on R2 and R3, we can see that the RFC 3101 is enabled as shown by the line "Supports NSSA (compatible with RFC 3101)".

 

We can Configure the NSSA ABR R2 as a forced NSSA LSA 7 translator using the area 1 nssa translate type7 always command, the always keyword configures an NSSA ABR as a forced NSSA LSA  7 translator:

 

R2(config)#router ospfv3 1

R2(config-router)#address-family ipv4 unicast

R2(config-router-af)#area 1 nssa translate type7 always

 

Below we can see that R2 is originating the LSA Type 5:

 

R2#show ospfv3 database external

 

          OSPFv3 1 address-family ipv4 (router-id 2.2.2.2)

 

                Type-5 AS External Link States

 

  LS age: 31

  LS Type: AS External Link

  Link State ID: 2

  Advertising Router: 2.2.2.2

  LS Seq Number: 80000001

  Checksum: 0x8D0D

  Length: 48

  Prefix Address: 4.4.4.0

  Prefix Length: 24, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 20

  Forward Address: 34.0.0.4

 

R2#

 

Let's confirm with the show ospfv3 command that R2 is the translator:

 

1-The line "Configured to translate Type-7 LSAs" tells us that R2 is configured as a forced NSSA

ABR translator.

2-The line "Perform type-7/type-5 LSA translation" tells us that R2 is NSSA ABR performing the

translation.

 

R2#show ospfv3 | incl 7

 Configured to translate Type-7 LSAs

 Perform type-7/type-5 LSA translation

R2#

 

RFC 5340 defines a new bit Nt bit (Nt stands for NSSA translation) in the Type-1 LSA for OSPFv3.

 

RFC 5340 section: A.4.3.  Router-LSAs

 

Bit Nt

      When set, the router is an NSSA border router that is

      unconditionally translating NSSA-LSAs into AS-external-LSAs (Nt

      stands for NSSA translation).  Note that such routers have their

      NSSATranslatorRole area configuration parameter set to Always.

      (See [NSSA].)

 

RFC 3101 includes also the Nt Bit explained in the following option:

 

Appendix B: Router-LSAs

 

bit Nt

          When set, the router is an NSSA border router that is

          unconditionally translating Type-7 LSAs into Type-5 LSAs (Nt

          stands for NSSA translation).  Note that such routers have

          their NSSATranslatorRole area configuration parameter set to

          Always.  (See Appendix D and Section 3.1.)

 

Appendix   Configuration Parameters

 

      NSSATranslatorRole

 

         Specifies whether or not an NSSA border router will

         unconditionally translate Type-7 LSAs into Type-5 LSAs.  When

         it is set to Always, an NSSA border router always translates

         Type-7 LSAs into Type-5 LSAs regardless of the translator state

         of other NSSA border routers.  When it is set to Candidate, an

         NSSA border router participates in the translator election

         process described in Section 3.1.  The default setting is

         Candidate.

 

The LSA Type 1 originated by R2 in Area 1 shows the line "The “Unconditional NSSA translator", it indicates that the status of the NSSA ASBR router is as a forced NSSA LSA translator. This means that the Nt-Bit is set in LSA Type 1:

 

R2#show ospfv data router self | beg Area 1

             Router Link States (Area 1)

 

  LS age: 226

  Options: (N-Bit, R-bit, DC-Bit, AF-Bit)

  LS Type: Router Links

  Link State ID: 0

  Advertising Router: 2.2.2.2

  LS Seq Number: 80000002

  Checksum: 0x8006

  Length: 40

  Area Border Router

  AS Boundary Router

  Unconditional NSSA translator

  Number of Links: 1

 

    Link connected to: another Router (point-to-point)

      Link Metric: 64

      Local Interface ID: 4

      Neighbor Interface ID: 4

      Neighbor Router ID: 4.4.4.4

 

 

R2#

 

By default the RFC 3101 is enabled on R2, let's enable RFC 1587 using the compatible rfc1587 command:

 

R2(config)#router ospfv 1

R2(config-router)#address-family ipv4 uni

R2(config-router-af)#compatible rfc1587

 

Let's see what happen for the translation, below we can see that R3 is originating the LSA Type 5 and it is the translator:

 

R2#show ospfv3 database external

 

          OSPFv3 1 address-family ipv4 (router-id 2.2.2.2)

 

                Type-5 AS External Link States

 

  Routing Bit Set on this LSA

  LS age: 13

  LS Type: AS External Link

  Link State ID: 2

  Advertising Router: 3.3.3.3

  LS Seq Number: 80000001

  Checksum: 0x6F27

  Length: 48

  Prefix Address: 4.4.4.0

  Prefix Length: 24, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 20

  Forward Address: 34.0.0.4

 

R2#

 

Let's verify the always keyword on R2, it's clear the area 1 nssa translate type7 always command is still here:

 

R2#show run | s router

router ospfv3 1

 !

 address-family ipv4 unicast

  router-id 2.2.2.2

  compatible rfc1587

  area 1 nssa translate type7 always

 exit-address-family

R2#

 

Let's confirm that R3 is the translator using the show ospfv3 command:

 

R3#show ospfv3 | incl 7|RFC

 Supports NSSA (compatible with RFC 3101)

 Number of external LSA 1. Checksum Sum 0x006F27

 RFC1583 compatibility enabled

        SPF algorithm executed 7 times

        Perform type-7/type-5 LSA translation

R3#

 

Why R3 is the translator even though R2 is the forced NSSA ABR translator ?

 

Let's see the show ospfv3 command on R2, two things we can deduce from the output:

 

From cisco:

 

1-the line "Supports NSSA (compatible with RFC 1587)" Specifies that RFC 1587 is active or that the OSPFv3 NSSA area is RFC 1587 compatible.

2-the line "Configured to translate Type-7 LSAs, inactive (RFC3101 support disabled)" Specifies that the OSPFv3 NSSA area has an ABR device configured to act as a forced translator of Type 7 LSA. However, it is inactive because RFC 3101 is disabled.

 

As a result, because R2 is implementing the RFC 1587 and the RFC 3101 is disabled, OSPFv3 ignores the area 1 nssa translate type7 always command, and the tie breaker is the router-id:

 

R2#show ospfv3

 OSPFv3 1 address-family ipv4

 Router ID 2.2.2.2

 Supports NSSA (compatible with RFC 1587)

 Event-log enabled, Maximum number of events: 1000, Mode: cyclic

 It is an area border and autonomous system boundary router

 Redistributing External Routes from,

 Router is not originating router-LSAs with maximum metric

 Initial SPF schedule delay 5000 msecs

 Minimum hold time between two consecutive SPFs 10000 msecs

 Maximum wait time between two consecutive SPFs 10000 msecs

 Minimum LSA interval 5 secs

 Minimum LSA arrival 1000 msecs

 LSA group pacing timer 240 secs

 Interface flood pacing timer 33 msecs

 Retransmission pacing timer 66 msecs

 Retransmission limit dc 24 non-dc 24

Number of external LSA 1. Checksum Sum 0x006F27

 Number of areas in this router is 2. 1 normal 0 stub 1 nssa

 Graceful restart helper support enabled

 Reference bandwidth unit is 100 mbps

 RFC1583 compatibility enabled

    Area BACKBONE(0)

        Number of interfaces in this area is 1

        SPF algorithm executed 13 times

        Number of LSA 12. Checksum Sum 0x065EE8

        Number of DCbitless LSA 0

        Number of indication LSA 0

        Number of DoNotAge LSA 0

        Flood list length 0

    Area 1

        Number of interfaces in this area is 1

        It is a NSSA area

        Configured to translate Type-7 LSAs, inactive (RFC3101 support disabled)

        SPF algorithm executed 21 times

        Number of LSA 11. Checksum Sum 0x057105

        Number of DCbitless LSA 0

        Number of indication LSA 0

        Number of DoNotAge LSA 0

        Flood list length 0

 

R2#

 

Let's enable RFC 1587 on R3:

 

R3(config)#router ospfv 1

R3(config-router)#address-family ipv4 unicast

R3(config-router-af)#compatible rfc1587

 

The show ospfv3 command shown that R3 is the translator because it has a higher router-id:

 

R3#show ospfv3 | sec type-7|RFC

 Supports NSSA (compatible with RFC 1587)

 RFC1583 compatibility enabled

    Area BACKBONE(0)

    Perform type-7/type-5 LSA translation

 

R3#

 

Therefore R3 originates LSA Type 5 as shown by the show ospfv3 database external command:

 

R3#show ospfv3 database external

 

          OSPFv3 1 address-family ipv4 (router-id 3.3.3.3)

 

                Type-5 AS External Link States

 

  LS age: 709

  LS Type: AS External Link

  Link State ID: 2

  Advertising Router: 3.3.3.3

  LS Seq Number: 80000001

  Checksum: 0x6F27

  Length: 48

  Prefix Address: 4.4.4.0

  Prefix Length: 24, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 20

  Forward Address: 34.0.0.4

 

R3#

 

Let's confirm by changing the router-id of R2 to be higher than 3.3.3.3, for example 22.22.22.22, clear the OSPFv3 process using the clear ospfv3 process command:

 

R2(config)#router ospfv 1

R2(config-router)#address-family ipv4 unicast

R2(config-router-af)#router-id 22.22.22.22

% OSPFv3-1-IPv4: Reload or use "clear ospfv3 process" command, for this to take effect

R2(config-router-af)#do clea ospfv3 pro

Reset selected OSPFv3 processes? [no]: y

R2(config-router-af)#

*Sep 18 08:57:51.563: %OSPFv3-5-ADJCHG: Process 1, IPv4, Nbr 1.1.1.1 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached

*Sep 18 08:57:51.567: %OSPFv3-5-ADJCHG: Process 1, IPv4, Nbr 3.3.3.3 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached

*Sep 18 08:57:51.647: %OSPFv3-5-ADJCHG: Process 1, IPv4, Nbr 4.4.4.4 on Serial1/0 from FULL to DOWN, Neighbor Down: Interface down or detached

*Sep 18 08:57:52.375: %OSPFv3-5-ADJCHG: Process 1, IPv4, Nbr 4.4.4.4 on Serial1/0 from LOADING to FULL, Loading Done

 

Now R2 is the Translator because it has a higher router-id:

 

R2#show ospfv3 | incl 7|RFC

 Supports NSSA (compatible with RFC 1587)

 RFC1583 compatibility enabled

 Configured to translate Type-7 LSAs, inactive (RFC3101 support disabled)

 Perform type-7/type-5 LSA translation

R2#

 

R3#show ospfv3 | beg Area 1

    Area 1

        Number of interfaces in this area is 1

        It is a NSSA area

        SPF algorithm executed 17 times

        Number of LSA 11. Checksum Sum 0x049B1A

        Number of DCbitless LSA 0

        Number of indication LSA 0

        Number of DoNotAge LSA 0

        Flood list length 0

 

R3#

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents