Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2414
Views
25
Helpful
5
Replies

Ospf Nssa with vrf not working

Meylaers Jan
Level 1
Level 1

‎07-02-2014 05:16 PM - edited ‎03-05-2019 06:52 AM

Hi all,

 

I have 3 routers. 

R1  Area 0 (advertising 2 loopbacks)

R2 Area 0 and Area 11.0.0.0 (area border router)

R3 Area 11.0.0.0

 

Area 11.0.0.0 is configured as a no so stubby area.

Ip ospf neighbours area UP (Full/DR/BDR)

From Area 0 to 11.0.0.0 I want to advertise only LSA 7 default route.

R2#ip vrf test

R2#router ospf 1 vrf test

R2#area 11.0.0.0 nssa default information-originate no-summary

R2#int fa 0/0

R2#description  area 11.0.0.0

R2#ip vrf forwarding test

R2#ip addr 10.10.10.1 255.255.255.252

R2#ip ospf 1 area 11.0.0.0

 

R3#ip vrf test

R3#router ospf 1 vrf test

R3#area 11.0.0.0 nssa 

R3#int fa 0/0

R3#description  area 11.0.0.0

R3#ip vrf forwarding test

R3#ip addr 10.10.10.2 255.255.255.252

R3#ip ospf 1 area 11.0.0.0

 

R3 is not getting any default routes installed in the routing table. R2 advertises properly the LSA7 via sh ip ospf database but it is not installed in the routing table with a vrf setup.

Problem is that when I don't configure a vrf R3 is receiving a default LSA 7 route installed in the routingtable.

 

NSSA OK with NON vrf model

NSSA NOK with vrf model (interfaces, ospf process properly configured in the vrf name test)

 

Does anyone has some experience with this problem? I will post my GNS3 simulation with configs later on....

 

need some help here. Something for Cisco tac but you never know if somebody has already experienced this prob.

1 person had this problem
Labels:
0 Helpful
5 Replies 5

Rolf Fischer
Level 9
Level 9

‎09-19-2014 02:02 PM

Hi,

 

this behavior should change when you apply capability vrf-lite command under the OSPF (VRF) process.

 

As per documentation, this command suppresses PE-specific checks (DN-bit and VPN-Tag); however, there is no PE/MPLS involved here so the real reason why R3 does not install the routes is hidden behind the following line:

"Note: The OSPF VRF process acts as an Area Border Router (ABR) when you configure 
an OSPF process that is associated with a VRF without the capability vrf-lite."

 

show ip ospf
 (...)
 Connected to MPLS VPN Superbackbone, VRF TEST
 It is an area border router

 

R3 is a non-Backbone Internal Router but the default behavior of the OSPF process associated with a VRF makes it act as an ABR with a partitioned Area 0.

An ABR has to perform Inter-Area loop prevention checks. From RFC 2328 16.2:

If the router has active attachments to multiple areas, only backbone summary-LSAs are examined.

 

In theory, the partioned backbone area could be repaired by a virtual link, but this makes of course no sense at all.

So the solution for such scenarios is to stop the internal routers acting as ABRs, which can be acomplished with the capability vrf-lite command.

 

HTH

Rolf

bcturner
Level 1
Level 1
In response to Rolf Fischer

‎09-19-2014 02:02 PM

Hi Rolf - I found this link while searching for a solution for my ospf stub area issue with vrf-lite.  The command "capability vrf-lite" fixed my issue.  Thanks!!!

0 Helpful

Meylaers Jan
Level 1
Level 1
In response to bcturner

‎09-21-2015 07:20 AM

Hi Guys,

 

got this figured out 10 months ago for our customer. But never underestimate the power of a forum.

Thank you!

 

Kind Regards,

 

Jan Meylaers

0 Helpful

Konstantopoulos Konstantinos
Level 5
Level 5
In response to Rolf Fischer

‎09-21-2015 06:57 AM

I would like to thank you very much for your post. After a 4 hour straggle your post was helpful and insightful enough!!

0 Helpful

vladdar1349
Level 1
Level 1
In response to Rolf Fischer

‎06-29-2016 04:57 AM

Thank you, helped me as well.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card