cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2432
Views
22
Helpful
11
Replies

NSSA ASBR refuses to install the default route

tomc.pnnl
Level 1
Level 1

Good day board -

I'm seeking assistance on my OSPF configuration of a XR 9000v 7.2.1 instance. I have a situation in which an ASBR participating in a NSSA receives the default route, but does not install it. As shown in the next sequence of commands, the ABR 0.0.0.1 advertises the default route as LSA type 7. The ASBR does install 172.18.0.0/16, another external route that is advertised by the ABR.

RP/0/RP0/CPU0:asbr#sh ospf vrf vrf10 database 
Thu Jun 10 20:26:29.727 UTC


            OSPF Router with ID (0.0.0.10) (Process ID 1, VRF vrf10)

                Router Link States (Area 10)

Link ID         ADV Router      Age         Seq#       Checksum Link count
0.0.0.1         0.0.0.1         927         0x80000008 0x00ba12 1
0.0.0.10        0.0.0.10        926         0x80000002 0x00cdfc 1

                Type-7 AS External Link States (Area 10)

Link ID         ADV Router      Age         Seq#       Checksum Tag
0.0.0.0         0.0.0.1         1117        0x80000002 0x006ed5 0
172.18.0.0      0.0.0.1         1117        0x80000002 0x00ad28 0
172.18.10.0     0.0.0.10        904         0x80000001 0x004790 0


RP/0/RP0/CPU0:asbr#sh ospf vrf vrf10 database nssa-external 0.0.0.0
Thu Jun 10 20:17:44.470 UTC


            OSPF Router with ID (0.0.0.10) (Process ID 1, VRF vrf10)

                Type-7 AS External Link States (Area 10)

  LS age: 592
  Options: (No TOS-capability, Type 7/5 translation, DC)
  LS Type: AS External Link
  Link State ID: 0.0.0.0 (External Network Number)
  Advertising Router: 0.0.0.1
  LS Seq Number: 80000002
  Checksum: 0x6ed5
  Length: 36
  Network Mask: /0
        Metric Type: 2 (Larger than any link state path)
        TOS: 0 
        Metric: 100 
        Forward Address: 0.0.0.0
        External Route Tag: 0

RP/0/RP0/CPU0:asbr#sh route vrf vrf10 
Thu Jun 10 20:18:35.201 UTC

Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
       U - per-user static route, o - ODR, L - local, G  - DAGR, l - LISP
       A - access/subscriber, a - Application route
       M - mobile route, r - RPL, t - Traffic Engineering, (!) - FRR Backup path

Gateway of last resort is not set

O N2 172.18.0.0/16 [110/20] via 172.18.11.129, 00:07:32, GigabitEthernet0/0/0/0.10
O E2 172.18.10.0/23 [254/0] via 0.0.0.0, 00:07:09, Null0
B    172.18.10.0/24 [200/0] via 192.168.3.1 (nexthop in vrf default), 00:07:10
C    172.18.11.128/31 is directly connected, 00:07:40, GigabitEthernet0/0/0/0.10
L    172.18.11.128/32 is directly connected, 00:07:40, GigabitEthernet0/0/0/0.10

The OSPF configuration follows:

RP/0/RP0/CPU0:jrce#sh run router ospf 1       
Thu Jun 10 20:19:42.445 UTC
router ospf 1
 vrf vrf10
  router-id 0.0.0.10
  network point-to-point
  prefix-suppression
  summary-prefix 172.18.10.0/23
  redistribute bgp 65412
  area 10
   nssa
   interface GigabitEthernet0/0/0/0.10
   !
  !
 !
 vrf vrf12
  router-id 0.0.0.12
  network point-to-point
  prefix-suppression
  summary-prefix 172.18.12.0/23
  redistribute bgp 65412
  area 12
   nssa
   interface GigabitEthernet0/0/0/0.12
   !      
  !
 !
!

Why is the ASBR not install the default route? What am I doing wrong?

 

Much appreciated.

 

~ Tom

1 Accepted Solution

Accepted Solutions

tomc.pnnl
Level 1
Level 1

Found the solution! Because the ASBR is using a vrf, one needs to enable capabiltiy vrf-lite.

RP/0/RP0/CPU0:jrce#sh run router ospf 1       
Thu Jun 10 20:19:42.445 UTC
router ospf 1
 vrf vrf10
  capability vrf-lite
  router-id 0.0.0.10
  network point-to-point
  summary-prefix 172.18.10.0/23
  redistribute bgp 65412
  area 10
   nssa
   interface GigabitEthernet0/0/0/0.10
   !
  !
 !
 vrf vrf12
  capability vrf-lite
  router-id 0.0.0.12
  network point-to-point
  summary-prefix 172.18.12.0/23
  redistribute bgp 65412
  area 12
   nssa
   interface GigabitEthernet0/0/0/0.12
   !      
  !
 !
!

 

View solution in original post

11 Replies 11

forward address is 0.0.0.0 this is not right, you need to see the origin of this default route it must be known by ASRB.

https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/200066-Understand-Selection-of-Forwarding-Addre.html

 

From [1]:

  • These conditions set the forwarding address field to a non-zero address:

    • OSPF is enabled on the ASBR's next hop interface AND

    • ASBR's next hop interface is non-passive under OSPF AND

    • ASBR's next hop interface is not point-to-point AND

    • ASBR's next hop interface is not point-to-multipoint AND

    • ASBR's next hop interface address falls under the network range specified in the 

      router ospf

       command.

  • Any other conditions besides these set the forwarding address to 0.0.0.0.

Since the next hop interface is point-to-point, the conditions means that the forward address _should be_ 0.0.0.0.

ngkin2010
Level 7
Level 7

Hi,

 

Could you show the configuration on ASBR (RID:0.0.0.1)? Is it also the ABR ?

 

I found this interesting why the RID:0.0.0.1 (as an ABR & NSSA border router) is able to advertise type 7 LSA with LSID 0.0.0.0/0.

 

As according to my understanding, if 'default-information originate' is enabled on RID:0.0.0.1, it should be Type 5 LSA, and being filtered in NSSA.  If the external 0.0.0.0/0 route is originate from other routers, it will also be Type 5 LSA, and filtered in NSSA.

 

So, I don't think you should receive 0.0.0.0/0 route on RID:0.0.0.10.

 

Hello @ngkin2010 ,

the TYpe 7 external default route should be the result of applying a default originate at NSSA area level on the ABR node  so it is possible and expected.

What is strange here is that one type 7 route is accepted for prefix

O N2 172.18.0.0/16 [110/20] via 172.18.11.129

but the default route is not accepted.

 

Hope to help

Giuseppe

 

LOL, I found that I missed this command:

 

area XX nssa default-information originate 

Hmmm. The system thinks its _both_ a ASBR and ABR. Don't know why it thinks its an ABR. Configuration follows.

sh ospf vrf vrf10
VRF vrf10 active in Routing Process "ospf 1" with ID 0.0.0.10
 Role: Primary Active
 NSR (Non-stop routing) is Enabled
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 It is an area border and autonomous system boundary router
 Redistributing External Routes from,
    bgp 65412
    Maximum number of redistributed prefixes 10240
    Threshold for warning message 75%
 Router is not originating router-LSAs with maximum metric
 Initial SPF schedule delay 50 msecs
 Minimum hold time between two consecutive SPFs 200 msecs
 Maximum wait time between two consecutive SPFs 5000 msecs
 Initial LSA throttle delay 50 msecs
 Minimum hold time for LSA throttle 200 msecs
 Maximum wait time for LSA throttle 5000 msecs
 Minimum LSA interval 200 msecs. Minimum LSA arrival 100 msecs
 LSA refresh interval 1800 seconds
 Flood pacing interval 33 msecs. Retransmission pacing interval 66 msecs
 Adjacency stagger enabled; initial (per area): 2, maximum: 64
    Number of neighbors forming: 0, 1 full
 Maximum number of configured interfaces 1024
 Number of external LSA 0. Checksum Sum 00000000
 Number of opaque AS LSA 0. Checksum Sum 00000000
 Number of DCbitless external and opaque AS LSA 0
 Number of DoNotAge external and opaque AS LSA 0
 Number of areas in this router is 1. 0 normal 0 stub 1 nssa
 External flood list length 0
 SNMP trap is disabled
 LSD connected, registered, bound, revision 1
 Segment Routing Global Block default (16000-23999), not allocated
 Segment Routing Local Block, unknown
 Strict-SPF capability is enabled
    Area 10
        Number of interfaces in this area is 1
        It is a NSSA area
        Perform type-7/type-5 LSA translation
        SPF algorithm executed 3 times
        Number of LSA 11.  Checksum Sum 0x050fc6
        Number of opaque link LSA 0.  Checksum Sum 00000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0
        Number of LFA enabled interfaces 0, LFA revision 0
        Number of Per Prefix LFA enabled interfaces 0
        Number of neighbors forming in staggered mode 0, 1 full

 

router ospf 1
 vrf vrf10
  router-id 0.0.0.10
  network point-to-point
  prefix-suppression
  summary-prefix 172.18.10.0/23
  redistribute bgp 65412
  area 10
   nssa
   interface GigabitEthernet0/0/0/0.10
   !
  !
 !
 vrf navy-otn-user
  router-id 0.0.0.12
  network point-to-point
  prefix-suppression
  summary-prefix 172.18.12.0/23
  redistribute bgp 65412
  area 12
   nssa
   interface GigabitEthernet0/0/0/0.12
   !      
  !
 !
!
 vrf vrf14
  router-id 0.0.0.14
  network point-to-point
  prefix-suppression
  summary-prefix 172.18.14.0/23
  redistribute bgp 65412
  area 14
   nssa
   interface GigabitEthernet0/0/0/0.14
   !
  !
 !
 vrf vrf16
  router-id 0.0.0.16
  network point-to-point
  prefix-suppression
  summary-prefix 172.18.16.0/23
  redistribute bgp 65412
  area 16
   nssa
   interface GigabitEthernet0/0/0/0.16
   !
  !
 !
!

Hello @tomc.pnnl ,

to qualify as an ABR an OSPF router should connect to two different OSPF areas and one of them should be area 0.

 

Here we have:

 

>>

Number of areas in this router is 1. 0 normal 0 stub 1 nssa

 

It is an area border and autonomous system boundary router

 

Now, if the router is running MP BGP it can think of the superbackbone area for OSPF emulation when used as PE-CE protocol.

 

In addition if it is a PE node it looks for the down bit DN that means a route has been generated by another PE node.

 

if the local router is a PE node you should verify if the LSA type 7 has the DN bit set , this would explain why it is ignored and not installed in the VRF routing table.

In IOS you can disable the check on DN bit with capability

vrf-lite

command. I don't know if IOS XR has a similar command.

 

I can tell you that in the past I had a network design based on this DN bit to make PE nodes to avoid to learn routes generated by another PE node and it worked in this way.

 

Hope to help

Giuseppe

 

Hell0

It looks like  you want router 0.0.0.1 to be generating the type 7 default, is that correct? - Have you specified nssa-default-information-originate on that router.

 

show ospf border-routers
show ospf database router 0.0.0.1

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

From above, the ASBR is receiving the default route.

RP/0/RP0/CPU0:asbr#sh ospf vrf vrf10 border-routers   
Fri Jun 11 15:37:33.984 UTC

OSPF 1, VRF vrf10 Internal Routing Table

Codes: i - Intra-area route, I - Inter-area route

i 0.0.0.1 [1] via 172.18.11.129, GigabitEthernet0/0/0/0.10, ABR/ASBR , Area 10, SPF 3
RP/0/RP0/CPU0:asbr#sh ospf vrf vrf10 database router 0.0.0.1
Fri Jun 11 15:37:43.496 UTC


            OSPF Router with ID (0.0.0.10) (Process ID 1, VRF vrf10)

                Router Link States (Area 10)

  Routing Bit Set on this LSA
  LS age: 1317
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 0.0.0.1
  Advertising Router: 0.0.0.1
  LS Seq Number: 8000002e
  Checksum: 0x6e38
  Length: 36
  Area Border Router
  AS Boundary Router
   Number of Links: 1

    Link connected to: another Router (point-to-point)
     (Link ID) Neighboring Router ID: 0.0.0.10
     (Link Data) Router Interface address: 172.18.11.129
      Number of TOS metrics: 0
       TOS 0 Metrics: 1

tomc.pnnl
Level 1
Level 1

Found the solution! Because the ASBR is using a vrf, one needs to enable capabiltiy vrf-lite.

RP/0/RP0/CPU0:jrce#sh run router ospf 1       
Thu Jun 10 20:19:42.445 UTC
router ospf 1
 vrf vrf10
  capability vrf-lite
  router-id 0.0.0.10
  network point-to-point
  summary-prefix 172.18.10.0/23
  redistribute bgp 65412
  area 10
   nssa
   interface GigabitEthernet0/0/0/0.10
   !
  !
 !
 vrf vrf12
  capability vrf-lite
  router-id 0.0.0.12
  network point-to-point
  summary-prefix 172.18.12.0/23
  redistribute bgp 65412
  area 12
   nssa
   interface GigabitEthernet0/0/0/0.12
   !      
  !
 !
!

 

Thank you, was scratching my head with this one.

In case anyone else is looking for the same solution for Catalyst 9K / IOS-XE, this applies to IOS-XE as well.

Review Cisco Networking for a $25 gift card