cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Why an NSSA ABR does not inject a default route automatically?

91
Views
0
Helpful
0
Comments
meddane
Frequent Contributor

OSPF.PNG

 

Why an NSSA ABR does not inject a default route automatically into NSSA unlike with stub area ?

 

In this topology if an ASBR inject a default route into OSPF in order to permit internal ospf routers to reach another routing domain, it creates a Type-7 LSA default route and injects it into OSPF, if an NSSA ABR is designated to inject a Type-3 LSA default route automatically, an internal router in NSSA, R3 in this case will prefer a Type-3 LSA default over a Type-7 default according to the rule of OSPF path preference per RFC, as a result R3 will never reach 5.5.5.0/24, this is the reason why unlike with stub area, in NSSA area by default an ABR does not inject a default.route, giving a choice to inject a default route manually.

 

R4(config)#ip route 0.0.0.0 0.0.0.0 s1/0

R4(config)#router ospf 1

R4(config-router)#area 1 nssa default-information-originate

 

The routing table of R3 shown an ON2 default route (Type-7 LSA):

 

R3#show ip route osp | beg Gate

Gateway of last resort is 100.0.0.4 to network 0.0.0.0

 

O*N2  0.0.0.0/0 [110/1] via 100.0.0.4, 00:01:08, FastEthernet0/0

      1.0.0.0/24 is subnetted, 1 subnets

O IA     1.1.1.0 [110/3] via 100.0.0.2, 00:04:49, FastEthernet0/0

      12.0.0.0/24 is subnetted, 1 subnets

O IA     12.0.0.0 [110/2] via 100.0.0.2, 00:04:49, FastEthernet0/0

R3#

 

The ping is successfull:

 

R3#ping 5.5.5.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 96/116/136 ms

R3#

 

Let's inject a Type-3 LSA Default route on NSSA ABR R2:

 

R2(config)#router ospf 1

R2(config-router)#area 1 nssa no-summary

 

Let's verify the routing table of R3, indeed the Type-3 default route through R2 is installed:

 

R3#show ip route osp | beg Gate

Gateway of last resort is 100.0.0.2 to network 0.0.0.0

 

O*IA  0.0.0.0/0 [110/2] via 100.0.0.2, 00:00:21, FastEthernet0/0

R3#

 

The ping fails:

 

R3#ping 5.5.5.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:

UUUUU

Success rate is 0 percent (0/5)

R3#

 

If an NSSA ASBR originates a  default route into the OSPF in order to reach an external domain, the default route is injected as a Type 7 NSSA External LSA.  If at the same time the NSSA ABR connecting that NSSA to Area 0 is generating a default route via a Type 3 Summary LSA, what happens?

 

Since Inter-Area (Type 3 LSA) MUST be preferred over NSSA External (Type 7) per the RFC, it would mean that you could never default out toward the external domain in that area because the OSPF default route via the NSSA ABR would always be preferred.  This is what would be considered “Cold Potato Routing” because you are defaulting further into your network as opposed to defaulting towards an external exit point.

 

RFC 3101 says in section: 1.3 Proposed Solution

 

When summary routes are not imported into an NSSA, the default LSA

   originated into it by its border routers must be a Type-3 summary-

   LSA.  This default summary-LSA insures intra-AS connectivity to the

   rest of the OSPF domain, as its default summary route is preferred

   over the default route of a Type-7 default LSA.  Without a default

   summary route the OSPF domain's inter-area traffic, which is normally

   forwarded by summary routes, might exit the AS via the default route

   of a Type-7 default LSA originated by an NSSA internal router.  The

   Type-7 default LSAs originated by NSSA internal routers and the no-

   summary option are mutually exclusive features. When summary routes

   are imported into the NSSA, the default LSA originated by a NSSA

   border router into the NSSA should be a Type-7 LSA.

 

The solution for this problem then is for an NSSA area, tell the NSSA ABR not auto automatically originate the default route as Type 3 LSA into the NSSA.  This gives you the choice to prefer the default route from a redistributed source, which would mean you are trying to achieve “Hot Potato Routing”. The recommended default behavior is to import summary routes into NSSA as describe in RFC 3101, see the following section below:

 

Like stub areas, NSSA border routers optionally import summary routes

   into their NSSAs as Type-3 summary-LSAs.  If the import is disabled,

   particular care should be taken to ensure that summary routing is not

   obscured by an NSSA's Type-7 AS-external-LSAs.  This may happen when

   the AS's other IGPs, like RIP and ISIS, leak routing information into

   the NSSA.  In these cases all summary routes should be imported into

   the NSSA.  The recommended default behavior is to import summary

   routes into NSSAs.  Since Type-5 AS-external-LSAs are not flooded

   into NSSAs, NSSA border routers should not originate Type-4 summary-

   LSAs into their NSSAs.  Also an NSSA's border routers never originate

   Type-4 summary-LSAs for the NSSA's AS boundary routers, since Type-7

   AS-external-LSAs are never flooded beyond the NSSA's border.