OSPF Multi-Area routing issue - unable to ping

KevinMustong · ‎09-04-2019

Hi Guys,

I'm trying to configure a multi-area OSPF, but there's an issue pinging end-to-end.

(FYI This is an MPLS lab on GNS3 with connection to WAN - using GNS3 NAT cloud.)

Three devices involved: (see attached image for better understand of the network diagram)

RMAD-A <> LON-AGG-02 <> LON-PE-02

PROBLEM:

I am able to from AGG device to WAN (ie. cisco.com or google.com)

but from RMAD, I can only ping as far as the AGG, and the AGG SVI interface facing the PE. I am NOT able to from RMAD to subinterface on the PE or to WAN.

I am not sure what I am missing in the OSPF configuration to get the RMAD to ping pass the ABR (LON-AGG-02).

Below are the configuration involved on this setup for all three devices. any unrelated configs are removed to avoid confusions.

RMAD-A

========

!
version 15.2

!

!
hostname RMAD-A
!

!
interface Loopback0
description Loopback 0
ip address 5.5.5.4 255.255.255.255
!

interface Ethernet0/0
description <Et0/0> Link to LON-AGG-02 <Et0/2>
switchport trunk allowed vlan 20,200,220
switchport trunk encapsulation dot1q
switchport mode trunk
!

!
interface Vlan200
description WAN OSPF
ip address 88.2.2.2 255.255.255.240
ip ospf network broadcast
ip ospf priority 0
ip ospf mtu-ignore
!

!
router ospf 1
router-id 88.2.2.2
auto-cost reference-bandwidth 1000
area 30 nssa
redistribute connected subnets
passive-interface default
no passive-interface Vlan200
network 88.2.2.0 0.0.0.15 area 30
!

-----------------------------

RMAD-A#sh ip route | b Gateway
Gateway of last resort is 88.2.2.1 to network 0.0.0.0

O*IA 0.0.0.0/0 [110/2] via 88.2.2.1, 01:30:41, Vlan200
5.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
R 5.0.0.0/8 [120/2] via 10.10.2.6, 00:00:17, Vlan220
C 5.5.5.4/32 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.10.2.4/30 is directly connected, Vlan220
L 10.10.2.5/32 is directly connected, Vlan220
R 10.10.6.0/30 [120/1] via 10.10.2.6, 00:00:17, Vlan220
S 10.10.11.3/32 [1/0] via 172.16.20.4
88.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 88.2.2.0/28 is directly connected, Vlan200
L 88.2.2.2/32 is directly connected, Vlan200
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.20.0/24 is directly connected, Vlan20
L 172.16.20.3/32 is directly connected, Vlan20

RMAD-A#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
20.2.2.2 10 FULL/DR 00:00:37 88.2.2.1 Vlan200

RMAD-A#sh ip ospf interface
Vlan200 is up, line protocol is up
Internet Address 88.2.2.2/28, Area 30, Attached via Network Statement
Process ID 1, Router ID 88.2.2.2, Network Type BROADCAST, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State DROTHER, Priority 0
Designated Router (ID) 20.2.2.2, Interface address 88.2.2.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:01
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 3, maximum is 3
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 20.2.2.2 (Designated Router)
Suppress hello for 0 neighbor(s)

PING TEST:

RMAD-A#
RMAD-A#ping 8.8.8.8 source vlan 200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 88.2.2.2
.....
Success rate is 0 percent (0/5)
RMAD-A#ping 20.2.2.1 source vlan 200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.2.2.1, timeout is 2 seconds:
Packet sent with a source address of 88.2.2.2
.....
Success rate is 0 percent (0/5)
RMAD-A#ping 20.2.2.2 source vlan 200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 88.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

===================================================================

LON-AGG-02

===========

!
hostname LON-AGG-02
!

!
interface Ethernet0/0
description <Et0/0> Link to LON-PE-02 <Et6/0>
switchport trunk allowed vlan 20,210,220,300
switchport trunk encapsulation dot1q
switchport mode trunk
!

!
interface Ethernet0/2
description <Et0/2> Link to RMAD-A <Et0/0>
switchport trunk allowed vlan 20,200,220
switchport trunk encapsulation dot1q
switchport mode trunk
!

!
interface Vlan200
description CPE WAN OSPF
ip address 88.2.2.1 255.255.255.240
ip ospf network broadcast
ip ospf priority 10
ip ospf mtu-ignore
!
interface Vlan300
description PE WAN OSPF
ip address 20.2.2.2 255.255.255.252
ip ospf network point-to-point
!
router ospf 1
router-id 20.2.2.2
auto-cost reference-bandwidth 1000
area 30 nssa no-summary
passive-interface default
no passive-interface Vlan200
no passive-interface Vlan300
network 20.2.2.0 0.0.0.3 area 0
network 88.2.2.0 0.0.0.15 area 30
!

----------------------------------------------------------------

LON-AGG-02#sh ip route | b Gate
Gateway of last resort is 20.2.2.1 to network 0.0.0.0

O*E2 0.0.0.0/0 [110/1] via 20.2.2.1, 01:37:04, Vlan300
5.0.0.0/32 is subnetted, 1 subnets
O N2 5.5.5.4 [110/20] via 88.2.2.2, 01:36:18, Vlan200
8.0.0.0/24 is subnetted, 1 subnets
O E2 8.1.1.0 [110/1] via 20.2.2.1, 01:37:04, Vlan300
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O N2 10.10.2.4/30 [110/20] via 88.2.2.2, 01:36:18, Vlan200
S 10.10.11.3/32 [1/0] via 172.16.20.4
20.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 20.2.2.0/30 is directly connected, Vlan300
L 20.2.2.2/32 is directly connected, Vlan300
88.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 88.2.2.0/28 is directly connected, Vlan200
L 88.2.2.1/32 is directly connected, Vlan200
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.20.0/24 is directly connected, Vlan20
L 172.16.20.1/32 is directly connected, Vlan20
O E2 192.168.122.0/24 [110/2] via 20.2.2.1, 01:37:04, Vlan300

LON-AGG-02#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
20.2.2.1 0 FULL/ - 00:00:38 20.2.2.1 Vlan300
88.2.2.2 0 FULL/DROTHER 00:00:36 88.2.2.2 Vlan200

LON-AGG-02#sh ip ospf interface
Vlan300 is up, line protocol is up
Internet Address 20.2.2.2/30, Area 0, Attached via Network Statement
Process ID 1, Router ID 20.2.2.2, Network Type POINT_TO_POINT, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:01
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 3, maximum is 3
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 20.2.2.1
Suppress hello for 0 neighbor(s)
Vlan200 is up, line protocol is up
Internet Address 88.2.2.1/28, Area 30, Attached via Network Statement
Process ID 1, Router ID 20.2.2.2, Network Type BROADCAST, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State DR, Priority 10
Designated Router (ID) 20.2.2.2, Interface address 88.2.2.1
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:06
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 2, maximum is 2
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 88.2.2.2
Suppress hello for 0 neighbor(s)

PING-TEST

----------

LON-AGG-02#ping 8.8.8.8 source vlan 200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 88.2.2.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 59/69/75 ms
LON-AGG-02#ping 8.8.8.8 source vlan 300
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 20.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 70/74/81 ms
LON-AGG-02#

================================================================

LON-PE-02

=========

!
hostname LON-PE-02

!
ip vrf WAN
rd 88:88
route-target export 2.2.2.2:88
route-target import 2.2.2.9:88
!
!
interface Ethernet6/0.300
description <Eth6/0.300> WAN OSPF link to LON-AGG-02
encapsulation dot1Q 300
ip vrf forwarding WAN
ip address 20.2.2.1 255.255.255.252
ip ospf network point-to-point
ip ospf 300 area 0
!
!
router ospf 300 vrf WAN
router-id 20.2.2.1
log-adjacency-changes
redistribute static
redistribute bgp 6500 subnets
network 20.2.2.1 0.0.0.0 area 0
default-information originate
!
!
router bgp 6500
!
address-family ipv4 vrf WAN
redistribute ospf 300 vrf WAN match internal external 1 external 2 nssa-external 1 nssa-external 2
no synchronization
exit-address-family
!

!

ip route vrf WAN 0.0.0.0 0.0.0.0 8.1.1.254

-------------------------------------------------------

LON-PE-02#sh ip route vrf WAN | b Gate
Gateway of last resort is 8.1.1.254 to network 0.0.0.0

B 192.168.122.0/24 [200/2] via 2.2.2.9, 02:00:39
20.0.0.0/30 is subnetted, 1 subnets
C 20.2.2.0 is directly connected, Ethernet6/0.300
5.0.0.0/32 is subnetted, 1 subnets
O E2 5.5.5.4 [110/20] via 20.2.2.2, 00:47:56, Ethernet6/0.300
8.0.0.0/24 is subnetted, 1 subnets
B 8.1.1.0 [200/0] via 2.2.2.9, 02:00:39
10.0.0.0/30 is subnetted, 1 subnets
O E2 10.10.2.4 [110/20] via 20.2.2.2, 00:47:56, Ethernet6/0.300
88.0.0.0/28 is subnetted, 1 subnets
O IA 88.2.2.0 [110/11] via 20.2.2.2, 00:47:56, Ethernet6/0.300
S* 0.0.0.0/0 [1/0] via 8.1.1.254

LON-PE-02#sh ip ospf neighbor Ethernet6/0.300

Neighbor ID Pri State Dead Time Address Interface
20.2.2.2 0 FULL/ - 00:00:32 20.2.2.2 Ethernet6/0.300

LON-PE-02#sh ip ospf interface Ethernet6/0.300
Ethernet6/0.300 is up, line protocol is up
Internet Address 20.2.2.1/30, Area 0
Process ID 300, Router ID 20.2.2.1, Network Type POINT_TO_POINT, Cost: 10
Enabled by interface config, including secondary ip addresses
Transmit Delay is 1 sec, State POINT_TO_POINT
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:08
Supports Link-local Signaling (LLS)
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 3, maximum is 3
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 20.2.2.2
Suppress hello for 0 neighbor(s)

Thanks in advance for you help

Kevin

Giuseppe Larosa · ‎09-04-2019

Hello Kevin,

from your network diagram and configuration we see that you have an NSSA area 30 between RMAD-A and LON-AGG-02.

This second device acts as ABR between area 0 and area 30 ABR(0,30).

the third device acts as an ASBR router in area 0 and injects a default route.

Here, the key point is the following ABR(0,30) needs to be configured to generate a default route as O IA into area 30.

Area 30 is defined as NSSA no-summary on the ABR.

The device internal to area 0 is not able to reach any destination outside area 30.

----> the ABR is missing to send a default route in area 30 as an O IA or an LSA type 7.

the ABR configuration is the following:

router ospf 1
router-id 20.2.2.2
auto-cost reference-bandwidth 1000
area 30 nssa no-summary
passive-interface default
no passive-interface Vlan200
no passive-interface Vlan300
network 20.2.2.0 0.0.0.3 area 0
network 88.2.2.0 0.0.0.15 area 30

You would need to add

router ospf 1

area 30 nssa no-summary default-information originate

see the following document

https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/47870-ospfdb11.html

in the case of NSSA areas the ABR does not generate a default route automatically to accomodate for scenarios where the internet connected ASBR is inside the NSSA area.

In your case you need to generate a default route LSA to be sent in area 30.

Hope to help

Giuseppe

KevinMustong · ‎09-04-2019

Hi Guiseppe,

Thanks for the explanation and suggested solution. I have reviewed the article you shared also.

However, the plot thickens. I still can't ping out to ASBR interface and beyond (WAN) from RMAD-A.

I can see the ABR is now sending the default route in area 30 LSA Type 7

See ospf database into from RMAD-A below.

LON-AGG-02#sh run | s router ospf
router ospf 1
router-id 20.2.2.2
auto-cost reference-bandwidth 1000
area 30 nssa default-information-originate no-summary
passive-interface default
no passive-interface Vlan200
no passive-interface Vlan300
network 20.2.2.0 0.0.0.3 area 0
network 88.2.2.0 0.0.0.15 area 30

RMAD-A#sh ip ospf database

OSPF Router with ID (88.2.2.2) (Process ID 1)

Router Link States (Area 30)

Link ID ADV Router Age Seq# Checksum Link count
20.2.2.2 20.2.2.2 387 0x8000000C 0x00012F 1
88.2.2.2 88.2.2.2 387 0x80000006 0x003A73 1

Net Link States (Area 30)

Link ID ADV Router Age Seq# Checksum
88.2.2.1 20.2.2.2 383 0x80000007 0x002825

Summary Net Link States (Area 30)

Link ID ADV Router Age Seq# Checksum
0.0.0.0 20.2.2.2 340 0x80000001 0x005AC1

Type-7 AS External Link States (Area 30)

Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 20.2.2.2 392 0x80000001 0x002E69 0
5.5.5.4 88.2.2.2 1744 0x80000003 0x00477D 0
10.10.2.4 88.2.2.2 1744 0x80000002 0x00DAE6 0
172.16.20.0 88.2.2.2 1744 0x80000002 0x00C344 0

RMAD-A#sh ip ospf database nssa-external 0.0.0.0

OSPF Router with ID (88.2.2.2) (Process ID 1)

Type-7 AS External Link States (Area 30)

LS age: 469
Options: (No TOS-capability, No Type 7/5 translation, DC, Upward)
LS Type: AS External Link
Link State ID: 0.0.0.0 (External Network Number )
Advertising Router: 20.2.2.2
LS Seq Number: 80000001
Checksum: 0x2E69
Length: 36
Network Mask: /0
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 1
Forward Address: 0.0.0.0
External Route Tag: 0

RMAD-A#sh ip route ospf | b Gate
Gateway of last resort is 88.2.2.1 to network 0.0.0.0

O*IA 0.0.0.0/0 [110/2] via 88.2.2.1, 00:02:25, Vlan200