Why IETF changed and inverted OSPF Type-7 LSA VS Type-5 LSA election In RFC 3101 compared to OLD RFC 1587?
Many people learns that the Type-7 LSA and Type-5 election (ON Versus OE routes) depends on RFC 3101 for NSSA published in 2003 and RFC 1587 for NSSA published in 1994?
Per RFC 1587 for NSSA says that if a router receive a Type-7 LSA and Type-5 for the same destination the cost to the forwarding address or ASBR are equal, the Type-5 LSA is always preferred.
RFC 1587, section 3.5 Calculating Type-7 AS External Routes:
When a type-5 LSA and a type-7 LSA are found to have the
same type and an equal distance, the following priorities
apply (listed from highest to lowest) for breaking the tie.
a. Any type 5 LSA.
b. A type-7 LSA with the P-bit set and the forwarding
c. Any other type-7 LSA.
Per RFC 3101, the order is inverted, in others words, if a router receive a Type-7 LSA and Type-5 for the same destination the cost to the forwarding address or ASBR are equal, the Type-7 LSA is always preferred.
RFC 3101, Section: 2.5 Calculating Type-7 AS External Routes says:
If the current LSA is functionally the same as an
installed LSA (i.e., same destination, cost and non-zero
forwarding address) then apply the following priorities in
deciding which LSA is preferred:
1. A Type-7 LSA with the P-bit set.
2. A Type-5 LSA.
3. The LSA with the higher router ID.
As you notice RFC 3101 inverted the LSA election. While RFC 1587 prefers the Type-5 LSA, RFC 3101 elects the Type-7 LSA.
Many people asks the question: Why IETF changed and inverted the election by publishing RFC 3101 in 2003 to replace RFC 1587 published in 1994?
Let's demystify it.RFC 2328 for OSPFv2 published in 1998, indicates the following rules which paths are preferred when multiple intra-AS paths are available to ASBRs or forwarding addresses:
1-Intra-area paths using nonbackbone areas are always the most preferred. 2-The other paths, intra area backbone paths and interarea paths, are of equal preference.
This means that an external route with an ASBR reachable through a non-backbone area such as an NSSA area is always preferred, in other words a Type-7 LSA learned through a non-backbone area is always preferred than a Type-5 LSA learned from a backbone area (intra area route) or another area (inter-area route) regardless the cost, this rule makes the RFC 1587 published earlier in 1994 obsolete, where in a special case, when a router receives both Type-7 LSA and Type-5 LSA for the same destination with equal cost to the Forward Address and/OR ASBR, the Type-5 LSA is always preferred.
This why when you enable RFC 1587 you should ensure that RFC 1583 is enable, because unlike with RFC 2328, the selection of external route is based solely on the cost.
To avoid the compatiblity issues between RFC 1587 and RFC 2328, RFC 3101 has been published in 2003 to adjust and to invert the Type-7/Type-5 preference "when a router receives both Type-7 LSA and Type-5 LSA for the same destination with equal cost to the Forward Address and/OR ASBR, the Type-5 LSA is always preferred" and to be compatible with both RFC 1583 and RFC 2328, which avoids undesirable behaviors regarding Path Selection decision caused by RFC compatibility between RFC 1587 and 2328.
And This is why on Cisco Routers RFC 3101 and RFC 1583 is enabled by default. So that when you disable RFC 1583 (which means you enable RFC 2328), there is no compatibility issues between RFC 3101 and RFC 2328.
OSPF with RFC is a BIG Topic to understand OSPF behavior per RFC.
Hello,we've a WS-C3850-24T running software 16.09.06 with ipbasek9 license. When we tried to put the config to the interface we got below,c3850(config-if)#mka policy mkapolicy1 % GCM-AES-256 is not supported % Cannot apply MKA Policy "mkapolicy1"...- Inte...
I am currently trying to set up the gigabit ports. I need to have atleast 40 end devices. But these 2 ip addresses i entered for the gigabit ports are overlapping% 192.168.1.0 overlaps with GigabitEthernet0/0Can anyone explain why this is how to fox...
We have failed to buy an IPsec license in time expecting that it must be a part of advipservises or just RTU as it was earlier. Now I hope that the evaluation period will be enough to complete all accountants procedures and buy an IPsec license meanwhile ...
Hello All, We are currently deploying DNA-c to our enterprise network, and for one of our new campus sites we want to create an SDA fabric. In our shared services block we have one ISE doing NAC that will serve as the policy plane for the fabric (Tru...
I have been trying to recover this CAT3850 since last week. I learned yesterday that usb drive needed to be formatted FAT16. I reformatted usb drive which contained IOS XE bin files. I tried to install 16.12.05b. Installer fails.&n...