06-10-2021 01:44 PM
Good day board -
I'm seeking assistance on my OSPF configuration of a XR 9000v 7.2.1 instance. I have a situation in which an ASBR participating in a NSSA receives the default route, but does not install it. As shown in the next sequence of commands, the ABR 0.0.0.1 advertises the default route as LSA type 7. The ASBR does install 172.18.0.0/16, another external route that is advertised by the ABR.
RP/0/RP0/CPU0:asbr#sh ospf vrf vrf10 database Thu Jun 10 20:26:29.727 UTC OSPF Router with ID (0.0.0.10) (Process ID 1, VRF vrf10) Router Link States (Area 10) Link ID ADV Router Age Seq# Checksum Link count 0.0.0.1 0.0.0.1 927 0x80000008 0x00ba12 1 0.0.0.10 0.0.0.10 926 0x80000002 0x00cdfc 1 Type-7 AS External Link States (Area 10) Link ID ADV Router Age Seq# Checksum Tag 0.0.0.0 0.0.0.1 1117 0x80000002 0x006ed5 0 172.18.0.0 0.0.0.1 1117 0x80000002 0x00ad28 0 172.18.10.0 0.0.0.10 904 0x80000001 0x004790 0 RP/0/RP0/CPU0:asbr#sh ospf vrf vrf10 database nssa-external 0.0.0.0 Thu Jun 10 20:17:44.470 UTC OSPF Router with ID (0.0.0.10) (Process ID 1, VRF vrf10) Type-7 AS External Link States (Area 10) LS age: 592 Options: (No TOS-capability, Type 7/5 translation, DC) LS Type: AS External Link Link State ID: 0.0.0.0 (External Network Number) Advertising Router: 0.0.0.1 LS Seq Number: 80000002 Checksum: 0x6ed5 Length: 36 Network Mask: /0 Metric Type: 2 (Larger than any link state path) TOS: 0 Metric: 100 Forward Address: 0.0.0.0 External Route Tag: 0 RP/0/RP0/CPU0:asbr#sh route vrf vrf10 Thu Jun 10 20:18:35.201 UTC Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, su - IS-IS summary null, * - candidate default U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP A - access/subscriber, a - Application route M - mobile route, r - RPL, t - Traffic Engineering, (!) - FRR Backup path Gateway of last resort is not set O N2 172.18.0.0/16 [110/20] via 172.18.11.129, 00:07:32, GigabitEthernet0/0/0/0.10 O E2 172.18.10.0/23 [254/0] via 0.0.0.0, 00:07:09, Null0 B 172.18.10.0/24 [200/0] via 192.168.3.1 (nexthop in vrf default), 00:07:10 C 172.18.11.128/31 is directly connected, 00:07:40, GigabitEthernet0/0/0/0.10 L 172.18.11.128/32 is directly connected, 00:07:40, GigabitEthernet0/0/0/0.10
The OSPF configuration follows:
RP/0/RP0/CPU0:jrce#sh run router ospf 1 Thu Jun 10 20:19:42.445 UTC router ospf 1 vrf vrf10 router-id 0.0.0.10 network point-to-point prefix-suppression summary-prefix 172.18.10.0/23 redistribute bgp 65412 area 10 nssa interface GigabitEthernet0/0/0/0.10 ! ! ! vrf vrf12 router-id 0.0.0.12 network point-to-point prefix-suppression summary-prefix 172.18.12.0/23 redistribute bgp 65412 area 12 nssa interface GigabitEthernet0/0/0/0.12 ! ! ! !
Why is the ASBR not install the default route? What am I doing wrong?
Much appreciated.
~ Tom
Solved! Go to Solution.
06-11-2021 11:06 AM - edited 06-11-2021 11:07 AM
Found the solution! Because the ASBR is using a vrf, one needs to enable capabiltiy vrf-lite.
RP/0/RP0/CPU0:jrce#sh run router ospf 1 Thu Jun 10 20:19:42.445 UTC router ospf 1 vrf vrf10 capability vrf-lite router-id 0.0.0.10 network point-to-point summary-prefix 172.18.10.0/23 redistribute bgp 65412 area 10 nssa interface GigabitEthernet0/0/0/0.10 ! ! ! vrf vrf12 capability vrf-lite router-id 0.0.0.12 network point-to-point summary-prefix 172.18.12.0/23 redistribute bgp 65412 area 12 nssa interface GigabitEthernet0/0/0/0.12 ! ! ! !
06-10-2021 04:50 PM
forward address is 0.0.0.0 this is not right, you need to see the origin of this default route it must be known by ASRB.
06-10-2021 06:59 PM - last edited on 11-07-2023 11:02 PM by Translator
From [1]:
These conditions set the forwarding address field to a non-zero address:
OSPF is enabled on the ASBR's next hop interface AND
ASBR's next hop interface is non-passive under OSPF AND
ASBR's next hop interface is not point-to-point AND
ASBR's next hop interface is not point-to-multipoint AND
ASBR's next hop interface address falls under the network range specified in the
router ospf
command.
Any other conditions besides these set the forwarding address to 0.0.0.0.
Since the next hop interface is point-to-point, the conditions means that the forward address _should be_ 0.0.0.0.
06-11-2021 07:38 AM
Hi,
Could you show the configuration on ASBR (RID:0.0.0.1)? Is it also the ABR ?
I found this interesting why the RID:0.0.0.1 (as an ABR & NSSA border router) is able to advertise type 7 LSA with LSID 0.0.0.0/0.
As according to my understanding, if 'default-information originate' is enabled on RID:0.0.0.1, it should be Type 5 LSA, and being filtered in NSSA. If the external 0.0.0.0/0 route is originate from other routers, it will also be Type 5 LSA, and filtered in NSSA.
So, I don't think you should receive 0.0.0.0/0 route on RID:0.0.0.10.
06-11-2021 07:44 AM
Hello @ngkin2010 ,
the TYpe 7 external default route should be the result of applying a default originate at NSSA area level on the ABR node so it is possible and expected.
What is strange here is that one type 7 route is accepted for prefix
O N2 172.18.0.0/16 [110/20] via 172.18.11.129
but the default route is not accepted.
Hope to help
Giuseppe
06-11-2021 07:48 AM
LOL, I found that I missed this command:
area XX nssa default-information originate
06-11-2021 08:35 AM
Hmmm. The system thinks its _both_ a ASBR and ABR. Don't know why it thinks its an ABR. Configuration follows.
sh ospf vrf vrf10 VRF vrf10 active in Routing Process "ospf 1" with ID 0.0.0.10 Role: Primary Active NSR (Non-stop routing) is Enabled Supports only single TOS(TOS0) routes Supports opaque LSA It is an area border and autonomous system boundary router Redistributing External Routes from, bgp 65412 Maximum number of redistributed prefixes 10240 Threshold for warning message 75% Router is not originating router-LSAs with maximum metric Initial SPF schedule delay 50 msecs Minimum hold time between two consecutive SPFs 200 msecs Maximum wait time between two consecutive SPFs 5000 msecs Initial LSA throttle delay 50 msecs Minimum hold time for LSA throttle 200 msecs Maximum wait time for LSA throttle 5000 msecs Minimum LSA interval 200 msecs. Minimum LSA arrival 100 msecs LSA refresh interval 1800 seconds Flood pacing interval 33 msecs. Retransmission pacing interval 66 msecs Adjacency stagger enabled; initial (per area): 2, maximum: 64 Number of neighbors forming: 0, 1 full Maximum number of configured interfaces 1024 Number of external LSA 0. Checksum Sum 00000000 Number of opaque AS LSA 0. Checksum Sum 00000000 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 0 normal 0 stub 1 nssa External flood list length 0 SNMP trap is disabled LSD connected, registered, bound, revision 1 Segment Routing Global Block default (16000-23999), not allocated Segment Routing Local Block, unknown Strict-SPF capability is enabled Area 10 Number of interfaces in this area is 1 It is a NSSA area Perform type-7/type-5 LSA translation SPF algorithm executed 3 times Number of LSA 11. Checksum Sum 0x050fc6 Number of opaque link LSA 0. Checksum Sum 00000000 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 Number of LFA enabled interfaces 0, LFA revision 0 Number of Per Prefix LFA enabled interfaces 0 Number of neighbors forming in staggered mode 0, 1 full
router ospf 1 vrf vrf10 router-id 0.0.0.10 network point-to-point prefix-suppression summary-prefix 172.18.10.0/23 redistribute bgp 65412 area 10 nssa interface GigabitEthernet0/0/0/0.10 ! ! ! vrf navy-otn-user router-id 0.0.0.12 network point-to-point prefix-suppression summary-prefix 172.18.12.0/23 redistribute bgp 65412 area 12 nssa interface GigabitEthernet0/0/0/0.12 ! ! ! ! vrf vrf14 router-id 0.0.0.14 network point-to-point prefix-suppression summary-prefix 172.18.14.0/23 redistribute bgp 65412 area 14 nssa interface GigabitEthernet0/0/0/0.14 ! ! ! vrf vrf16 router-id 0.0.0.16 network point-to-point prefix-suppression summary-prefix 172.18.16.0/23 redistribute bgp 65412 area 16 nssa interface GigabitEthernet0/0/0/0.16 ! ! ! !
06-11-2021 08:50 AM - last edited on 11-07-2023 11:05 PM by Translator
Hello @tomc.pnnl ,
to qualify as an ABR an OSPF router should connect to two different OSPF areas and one of them should be area 0.
Here we have:
>>
Number of areas in this router is 1. 0 normal 0 stub 1 nssa
It is an area border and autonomous system boundary router
Now, if the router is running MP BGP it can think of the superbackbone area for OSPF emulation when used as PE-CE protocol.
In addition if it is a PE node it looks for the down bit DN that means a route has been generated by another PE node.
if the local router is a PE node you should verify if the LSA type 7 has the DN bit set , this would explain why it is ignored and not installed in the VRF routing table.
In IOS you can disable the check on DN bit with capability
vrf-lite
command. I don't know if IOS XR has a similar command.
I can tell you that in the past I had a network design based on this DN bit to make PE nodes to avoid to learn routes generated by another PE node and it worked in this way.
Hope to help
Giuseppe
06-11-2021 08:21 AM - last edited on 11-07-2023 10:59 PM by Translator
Hell0
It looks like you want router 0.0.0.1 to be generating the type 7 default, is that correct? - Have you specified nssa-default-information-originate on that router.
show ospf border-routers
show ospf database router 0.0.0.1
06-11-2021 08:41 AM
From above, the ASBR is receiving the default route.
RP/0/RP0/CPU0:asbr#sh ospf vrf vrf10 border-routers Fri Jun 11 15:37:33.984 UTC OSPF 1, VRF vrf10 Internal Routing Table Codes: i - Intra-area route, I - Inter-area route i 0.0.0.1 [1] via 172.18.11.129, GigabitEthernet0/0/0/0.10, ABR/ASBR , Area 10, SPF 3 RP/0/RP0/CPU0:asbr#sh ospf vrf vrf10 database router 0.0.0.1 Fri Jun 11 15:37:43.496 UTC OSPF Router with ID (0.0.0.10) (Process ID 1, VRF vrf10) Router Link States (Area 10) Routing Bit Set on this LSA LS age: 1317 Options: (No TOS-capability, DC) LS Type: Router Links Link State ID: 0.0.0.1 Advertising Router: 0.0.0.1 LS Seq Number: 8000002e Checksum: 0x6e38 Length: 36 Area Border Router AS Boundary Router Number of Links: 1 Link connected to: another Router (point-to-point) (Link ID) Neighboring Router ID: 0.0.0.10 (Link Data) Router Interface address: 172.18.11.129 Number of TOS metrics: 0 TOS 0 Metrics: 1
06-11-2021 11:06 AM - edited 06-11-2021 11:07 AM
Found the solution! Because the ASBR is using a vrf, one needs to enable capabiltiy vrf-lite.
RP/0/RP0/CPU0:jrce#sh run router ospf 1 Thu Jun 10 20:19:42.445 UTC router ospf 1 vrf vrf10 capability vrf-lite router-id 0.0.0.10 network point-to-point summary-prefix 172.18.10.0/23 redistribute bgp 65412 area 10 nssa interface GigabitEthernet0/0/0/0.10 ! ! ! vrf vrf12 capability vrf-lite router-id 0.0.0.12 network point-to-point summary-prefix 172.18.12.0/23 redistribute bgp 65412 area 12 nssa interface GigabitEthernet0/0/0/0.12 ! ! ! !
11-06-2023 05:31 AM
Thank you, was scratching my head with this one.
In case anyone else is looking for the same solution for Catalyst 9K / IOS-XE, this applies to IOS-XE as well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide