cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

OSPF NSSA Area Type In depth Exploration

738
Views
0
Helpful
0
Comments
Meddane
Rising star

OSPF NSSA.PNG

 

Basic configuration of all routers:

 

R1:

ipv uni

!

interface Loopback0

 ipv6 address 1::1/64

!

interface FastEthernet0/0

 ipv6 address 12::1/64

 ipv6 ospf 1 area 0

!

interface FastEthernet0/1

 ipv6 address 13::1/64

 ipv6 ospf 1 area 0

!

ipv6 router ospf 1

 router-id 0.0.0.1

 redistribute connected route-map TEST

!

route-map TEST permit 10

 match interface Loopback0

 

R2:

ipv uni

!

interface FastEthernet0/0

 ipv6 address 12::2/64

 ipv6 ospf 1 area 0

 no shut

!

interface FastEthernet0/1

 ipv6 address 24::2/64

 ipv6 ospf 1 area 1

 no shut

!

ipv6 router ospf 1

 router-id 0.0.0.2

 

R3:

ipv uni

!

interface FastEthernet0/0

 ipv6 address 13::3/64

 ipv6 ospf 1 area 0

 no shut

!

interface FastEthernet0/1

 ipv6 address 34::3/64

 ipv6 ospf 1 area 1

 no shut

!

ipv6 router ospf 1

 router-id 0.0.0.3

 

R4:

ipv uni

!

interface Loopback0

 ipv6 address 4::4/64

!

interface FastEthernet0/0

 ipv6 address 24::4/64

 ipv6 ospf 1 area 1

 no shut

!

interface FastEthernet0/1

 ipv6 address 34::4/64

 ipv6 ospf 1 area 1

 no shut

!

ipv6 router ospf 1

 router-id 0.0.0.4

 area 1 nssa

 redistribute connected route-map TEST

!

route-map TEST permit 10

 match interface Loopback0

 

R4 redistribute the prefix 4::/64 into OSPF, so it creates a Type-7 LSA with the P-bit set and floods this LSA into the NSSA area 1:

 

R4#sh ipv os data nssa self

 

            OSPFv3 Router with ID (0.0.0.4) (Process ID 1)

 

                Type-7 AS External Link States (Area 1)

 

  LS age: 123

  LS Type: AS External Link

  Link State ID: 1

  Advertising Router: 0.0.0.4

  LS Seq Number: 80000001

  Checksum: 0xD6A8

  Length: 52

  Prefix Address: 4::

  Prefix Length: 64, Options: P

  Metric Type: 2 (Larger than any link state path)

  Metric: 20

  Forward Address: 34::4

 

R4#

 

R1 redistributes the prefix 1::/64 into OSPF.

R1 creates and floods a Type-5 LSA for 1::/64.

 

Below the Type-5 LSA received by R2 from R1:

 

R2#sh ipv os data ext adv 0.0.0.1

 

            OSPFv3 Router with ID (0.0.0.2) (Process ID 1)

 

                Type-5 AS External Link States

 

  Routing Bit Set on this LSA

  LS age: 11

  LS Type: AS External Link

  Link State ID: 0

  Advertising Router: 0.0.0.1

  LS Seq Number: 80000001

  Checksum: 0x6B4

  Length: 36

  Prefix Address: 1::

  Prefix Length: 64, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 20

 

R2#

 

Below the Type-5 LSA received by R3 from R1:

 

R3#sh ipv os data ext adv 0.0.0.1

 

            OSPFv3 Router with ID (0.0.0.3) (Process ID 1)

 

                Type-5 AS External Link States

 

  Routing Bit Set on this LSA

  LS age: 31

  LS Type: AS External Link

  Link State ID: 0

  Advertising Router: 0.0.0.1

  LS Seq Number: 80000001

  Checksum: 0x6B4

  Length: 36

  Prefix Address: 1::

  Prefix Length: 64, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 20

 

R3#

 

Since an NSSA area block the Type-5 LSA, the AS-External originated by R1 cannot traverse the area 1, R4 will not learn the external route to 1::/64:

 

R4#sh ipv route 1::/64

% Route not found

R4#

 

The end-to-end connectivity between the loopback interfaces fails:

 

R4#ping 1::1 source 4::4

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1::1, timeout is 2 seconds:

Packet sent with a source address of 4::4

.....

Success rate is 0 percent (0/5)

R4#

 

To reach the prefix 1::/64, R4 should have a default route. There are two ways to have a default route in an NSSA. When you configure an area as NSSA, by default the NSSA ABR does not generate a default inter-area route. In the case of a stub area or an NSSA totally stub area, the NSSA ABR does generate a default inter-area route.

                                            

First method:

 

Default Type-7

 

This configuration generates a Type-7 default route. The NSSA ABR can generate a default route with or without a default route in its own routing table.

 

The command used in to generate an NSSA default route:

 

On R2 and R3:

 

Rx(config)#ipv6 router ospf 1

Rx(config-rtr)#area 1 nssa default-information-originate

 

In the Type-7 LSA there is a P-bit = (P - propagate), it is only used in type-7 LSAs to tell the ABRs to translate that type-7 LSA into a type-5 LSA. This P-bit represents a routing loop prevention mechanism.

 

In this case The ABRs R2 and R3 originate type-7 default route and they MUST NOT set the P-bit. When these type-7 LSAs reach other ABRs, since they don't have the P-bit, they will not be considered for SFP calculations and will not get to the routing table.

 

See RFC 3101 below:

 

Per RFC 3101 The OSPF Not-So-Stubby Area (NSSA) Option section:

 

2.4 Originating Type-7 LSAs

 

   A Type-7 default LSA for the network 0.0.0.0/0 may be originated into

   the NSSA by any NSSA router.  The Type-7 default LSA originated by an

   NSSA border router must have the P-bit clear.  An NSSA ASBR that is

   not an NSSA border router may originate a Type-7 default LSA with the

   P-bit set.  A Type-7 default LSA may be installed by NSSA border

   routers if and only if its P-bit is set..

 

R4 knows two Default Type-7 LSAs injected by R2 and R3 with the P-bit cleared (as denoted by the line: Options: None) in the OSPF database:

 

R4#sh ipv os data nssa adv 0.0.0.2

 

            OSPFv3 Router with ID (0.0.0.4) (Process ID 1)

 

                Type-7 AS External Link States (Area 1)

 

  Routing Bit Set on this LSA

  LS age: 24

  LS Type: AS External Link

  Link State ID: 4

  Advertising Router: 0.0.0.2

  LS Seq Number: 80000001

  Checksum: 0x599E

  Length: 44

  Prefix Address: ::

  Prefix Length: 0, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 1

  Forward Address: 24::2

 

R4#

 

R4#sh ipv os data nssa adv 0.0.0.3

 

            OSPFv3 Router with ID (0.0.0.4) (Process ID 1)

 

                Type-7 AS External Link States (Area 1)

 

  Routing Bit Set on this LSA

  LS age: 21

  LS Type: AS External Link

  Link State ID: 3

  Advertising Router: 0.0.0.3

  LS Seq Number: 80000001

  Checksum: 0x38AE

  Length: 44

  Prefix Address: ::

  Prefix Length: 0, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 1

  Forward Address: 34::3

 

R4#

 

Since R4 is not an ABR, it installs two default routes in the routing table:

 

R4#sh ipv route ::/0

Routing entry for ::/0

  Known via "ospf 1", distance 110, metric 1, type NSSA extern 2

  Route count is 2/2, share count 0

  Routing paths:

    24::2, FastEthernet0/0

      Last updated 00:00:43 ago

    34::3, FastEthernet0/1

      Last updated 00:00:37 ago

 

R4#

 

Now we have the end to end connectivity:

 

R4#ping 1::1 sou lo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1::1, timeout is 2 seconds:

Packet sent with a source address of 4::4

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 104/124/168 ms

R4#

 

As you can see, R3 knows the Default Type-7 LSA injected by R2 in the OSPF database, but does not put them into the routing table - as an ABR, it does not accept Type-7 LSA without P-bit, in order to avoid routing loops.

 

R3#sh ipv os data nssa adv 0.0.0.2

 

            OSPFv3 Router with ID (0.0.0.3) (Process ID 1)

 

                Type-7 AS External Link States (Area 1)

 

  LS age: 81

  LS Type: AS External Link

  Link State ID: 4

  Advertising Router: 0.0.0.2

  LS Seq Number: 80000001

  Checksum: 0x599E

  Length: 44

  Prefix Address: ::

  Prefix Length: 0, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 1

  Forward Address: 24::2

 

R3#

 

The same conclusion is valid for R2, it learns the default Type-7 LSA from R3, since the P-bit is not set, R2 does not install a default route in its routing table:

 

R2#sh ipv os data nssa adv 0.0.0.3

 

            OSPFv3 Router with ID (0.0.0.2) (Process ID 1)

 

                Type-7 AS External Link States (Area 1)

 

  LS age: 93

  LS Type: AS External Link

  Link State ID: 3

  Advertising Router: 0.0.0.3

  LS Seq Number: 80000001

  Checksum: 0x38AE

  Length: 44

  Prefix Address: ::

  Prefix Length: 0, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 1

  Forward Address: 34::3

 

R2#

 

There is no entry for the default route on R2 and R3:

 

R2#sh ipv route ::/0

% Route not found

R2#

 

R3#sh ipv route ::/0

% Route not found

R3#

 

To confirm, enable the debug ipv osp spf external command on R2 and R3:

 

R3#debug ipv os spf ext

OSPFv3 spf external events debugging is on for process 1, IPv6, Default vrf

R3#

 

R2#debug ipv os spf ext

OSPFv3 spf external events debugging is on for process 1, IPv6, Default vrf

R2#

 

Remove the area 1 nssa default-information-originate command and reconfigure it once again:

 

On R2 and R3:

 

Rx(config)#ipv router osp 1

Rx(config-rtr)#no area 1 nssa default-information-originate

 

Rx(config)#ipv router osp 1

Rx(config-rtr)#area 1 nssa default-information-originate

 

The output of the debug command on R2 and R3 shown that they ignore the default Type-7 LSA because it is untranslatable (in other words the P-bit is cleared):

 

R3#debug ipv os spf ext

OSPFv3 spf external events debugging is on for process 1, IPv6, Default vrf

R3#

*Aug  7 13:47:46.863: OSPFv3-1-IPv6 SPF  : Schedule partial SPF - 0.0.0.2/5 type 2007

*Aug  7 13:47:46.867: OSPFv3-1-IPv6 SPF  : Service partial SPF Type3/4:0 Type5:0 Type7:1

*Aug  7 13:47:46.867: OSPFv3-1-IPv6 EXTER: Partial ASE SPF, Prefix ::/0, Type: 2007

*Aug  7 13:47:46.867: OSPFv3-1-IPv6 EXTER:   NSSA LSA 0.0.0.2/5, age 2, seq 0x80000001, metric 1, type 2, ::/0

*Aug  7 13:47:46.871: OSPFv3-1-IPv6 EXTER:     ignored, untranslatable default route

R3#

 

R2#debug ipv os spf ext

OSPFv3 spf external events debugging is on for process 1, IPv6, Default vrf

R2#

*Aug  7 13:48:56.791: OSPFv3-1-IPv6 SPF  : Schedule partial SPF - 0.0.0.3/4 type 2007

*Aug  7 13:48:56.795: OSPFv3-1-IPv6 SPF  : Service partial SPF Type3/4:0 Type5:0 Type7:1

*Aug  7 13:48:56.795: OSPFv3-1-IPv6 EXTER: Partial ASE SPF, Prefix ::/0, Type: 2007

*Aug  7 13:48:56.795: OSPFv3-1-IPv6 EXTER:   NSSA LSA 0.0.0.3/4, age 2, seq 0x80000001, metric 1, type 2, ::/0

*Aug  7 13:48:56.799: OSPFv3-1-IPv6 EXTER:     ignored, untranslatable default route

R2#

 

Second method:

 

Default Type-3

 

By defining an area as a NSSA totally stub area, the NSSA ABR generates a default Inter-Area route. As mentioned previously, if the NSSA area were not defined as totally stub, then a default Inter-Area route is not generated by NSSA ABR.

 

This configuration generates a default Inter-Area route for a NSSA totally stub area.

 

On R2 and R3:

 

Rx(config)#ipv router osp 1

Rx(config-rtr)#area 1 nssa no-summary

 

Below you can see that R4 receives two Default Type-3 LSAs from R2 and R3:

 

R4#sh ipv os data inter-area prefix ::/0

 

            OSPFv3 Router with ID (0.0.0.4) (Process ID 1)

 

                Inter Area Prefix Link States (Area 1)

 

  Routing Bit Set on this LSA

  LS age: 155

  LS Type: Inter Area Prefix Links

  Link State ID: 5

  Advertising Router: 0.0.0.2

  LS Seq Number: 80000002

  Checksum: 0x6DC8

  Length: 28

  Metric: 1

  Prefix Address: ::

  Prefix Length: 0, Options: None

 

  Routing Bit Set on this LSA

  LS age: 6

  LS Type: Inter Area Prefix Links

  Link State ID: 5

  Advertising Router: 0.0.0.3

  LS Seq Number: 80000001

  Checksum: 0x69CC

  Length: 28

  Metric: 1

  Prefix Address: ::

  Prefix Length: 0, Options: None

 

R4#

 

Since R4 is not an ABR, it installs two default routes in the routing table:

 

R4#sh ipv route ::/0

Routing entry for ::/0

  Known via "ospf 1", distance 110, metric 2, type inter area

  Route count is 2/2, share count 0

  Routing paths:

    FE80::C802:1CFF:FEE8:6, FastEthernet0/0

      Last updated 00:03:03 ago

    FE80::C803:1CFF:FE54:6, FastEthernet0/1

      Last updated 00:00:24 ago

 

R4#

 

By definition an ABR advertises only intra-area routes from non-backbone area to the backbone area and advertise intra-area and inter-area routes from backbone area to a non-backbone area. ABRs do not take into account in SPF calculations LSAs received from non-backbone areas.

 

See the draft published in 1999 by ietf: draft-ietf-ospf-abr-behavior-00.txt (OSPF ABR Behavior Alternative Implementation and Deployment Considerations):

 

3.4 Changes to Summary-LSA Origination

 

In order to implement described policy, the paragraph 2 in sec-

       tion 12.4.3 of [Ref1] should be read as follows:

 

          "... Note that only intra-area routes are advertised into the

          backbone, while both intra-area and inter-area routes are

          advertised into the other areas. Also, summary-LSAs for

          inter-area routes are originated if and only if these routes

          are associated with the backbone area (to prevent loops of

          summary-LSAs)."

 

This behavior is confirmed by the RFC 3509 Alternative Implementations of OSPF Area Border Routers published in 2003.

 

1.2 Motivation

 

   In OSPF domains the area topology is restricted so that there must be

   a backbone area (area 0) and all other areas must have either

   physical or virtual connections to the backbone.  The reason for this

   star-like topology is that OSPF inter-area routing uses the

   distance-vector approach and a strict area hierarchy permits

   avoidance of the "counting to infinity" problem.  OSPF prevents

   inter-area routing loops by implementing a split-horizon mechanism,

   allowing ABRs to inject into the backbone only Summary-LSAs derived

   from the

   intra-area routes, and limiting ABRs' SPF calculation to consider

   only Summary-LSAs in the backbone area's link-state database.

 

In this scenario, R2 generates a Type-3 LSA default route, R3 stores this Type-3 LSA in its LSDB as shown below:

 

R3#sh ipv osp data inter-a  prefix ::/0 adv 0.0.0.2

 

            OSPFv3 Router with ID (0.0.0.3) (Process ID 1)

 

                Inter Area Prefix Link States (Area 1)

 

  LS age: 247

  LS Type: Inter Area Prefix Links

  Link State ID: 5

  Advertising Router: 0.0.0.2

  LS Seq Number: 80000002

  Checksum: 0x6DC8

  Length: 28

  Metric: 1

  Prefix Address: ::

  Prefix Length: 0, Options: None

 

R3#

 

R3 generates a Type-3 LSA default route, R2 stores this Type-3 LSA in its LSDB as shown below:

 

R2#sh ipv osp data inter-a  prefix ::/0 adv 0.0.0.2

 

            OSPFv3 Router with ID (0.0.0.2) (Process ID 1)

 

                Inter Area Prefix Link States (Area 1)

 

  LS age: 272

  LS Type: Inter Area Prefix Links

  Link State ID: 5

  Advertising Router: 0.0.0.2

  LS Seq Number: 80000002

  Checksum: 0x6DC8

  Length: 28

  Metric: 1

  Prefix Address: ::

  Prefix Length: 0, Options: None

 

R2#

 

Because the inter-area loop prevention mechanism described above, an ABR ignores a Type-3 LSA learned through a non-backbone area, R2 and R3 do not put the default route in the routing table:

 

R2#sh ipv route ::/0

% Route not found

R2#

 

R3#sh ipv route ::/0

% Route not found

R3#

 

To confirm, execute the debug ipv os spf inter command on R2 and R3, the output of the debug command shown that the default Type-3 LSA is ignored because it is learned through a non-backbone area:

 

R3#debug ipv os spf inter

OSPFv3 spf inter events debugging is on for process 1, IPv6, Default vrf

R3#

*Aug  7 14:00:38.095: OSPFv3-1-IPv6 SPF  : Changed LSA 0.0.0.2/9, type 2003, area 1

*Aug  7 14:00:38.095: OSPFv3-1-IPv6 SPF  : Detect MAXAGE in LSA 0.0.0.2/9, type 2003

*Aug  7 14:00:38.095: OSPFv3-1-IPv6 SPF  : Schedule partial SPF - 0.0.0.2/9 type 2003

*Aug  7 14:00:38.099: OSPFv3-1-IPv6 SPF  : Changed LSA 0.0.0.2/A, type 2003, area 1

*Aug  7 14:00:38.099: OSPFv3-1-IPv6 SPF  : Detect MAXAGE in LSA 0.0.0.2/A, type 2003

*Aug  7 14:00:38.103: OSPFv3-1-IPv6 SPF  : Schedule partial SPF - 0.0.0.2/A type 2003

*Aug  7 14:00:38.103: OSPFv3-1-IPv6 SPF  : Changed LSA 0.0.0.2/8, type 2003, area 1

R3#

*Aug  7 14:00:38.107: OSPFv3-1-IPv6 SPF  : SPF due to NON-MAXAGE in LSA 0.0.0.2/8, type 2003

*Aug  7 14:00:38.107: OSPFv3-1-IPv6 SPF  : Schedule partial SPF - 0.0.0.2/8 type 2003

*Aug  7 14:00:38.111: OSPFv3-1-IPv6 SPF  : Service partial SPF Type3/4:3 Type5:0 Type7:0

*Aug  7 14:00:38.111: OSPFv3-1-IPv6 INTER: Partial IAP SPF, area 1, Prefix ::/0

*Aug  7 14:00:38.111: OSPFv3-1-IPv6 INTER:   IAP LSA 0.0.0.2/8, age 2, seq 0x80000003 (area 1) ::/0

*Aug  7 14:00:38.115: OSPFv3-1-IPv6 INTER:     ignored, Non-backbone LSA

R3#

 

R2#debug ipv ospf spf inter

OSPFv3 spf inter events debugging is on for process 1, IPv6, Default vrf

R2#

*Aug  7 14:01:53.747: OSPFv3-1-IPv6 SPF  : Changed LSA 0.0.0.3/6, type 2003, area 1

*Aug  7 14:01:53.751: OSPFv3-1-IPv6 SPF  : Detect MAXAGE in LSA 0.0.0.3/6, type 2003

*Aug  7 14:01:53.751: OSPFv3-1-IPv6 SPF  : Schedule partial SPF - 0.0.0.3/6 type 2003

*Aug  7 14:01:53.755: OSPFv3-1-IPv6 SPF  : Changed LSA 0.0.0.3/7, type 2003, area 1

*Aug  7 14:01:53.755: OSPFv3-1-IPv6 SPF  : Detect MAXAGE in LSA 0.0.0.3/7, type 2003

*Aug  7 14:01:53.755: OSPFv3-1-IPv6 SPF  : Schedule partial SPF - 0.0.0.3/7 type 2003

*Aug  7 14:01:53.759: OSPFv3-1-IPv6 SPF  : Schedule partial SPF - 0.0.0.3/8 type 2003

R2#

*Aug  7 14:01:53.763: OSPFv3-1-IPv6 SPF  : Service partial SPF Type3/4:3 Type5:0 Type7:0

*Aug  7 14:01:53.763: OSPFv3-1-IPv6 INTER: Partial IAP SPF, area 1, Prefix ::/0

*Aug  7 14:01:53.763: OSPFv3-1-IPv6 INTER:   IAP LSA 0.0.0.3/8, age 2, seq 0x80000001 (area 1) ::/0

*Aug  7 14:01:53.767: OSPFv3-1-IPv6 INTER:     ignored, Non-backbone LSA

R2#