OSPF Not-So-Stubby Areas
A Note On Section Initial Configuration Files: You must load the
initial configuration files for the section, named Basic OSPF Routing,
which can be found in CCIE R&S v5 Topology Diagrams & Initial
Configurations. Reference the Advanced Technology Labs OSPF
Diagram to complete this task.
Task
Configure Loopback100 on R6 and R8 with IP addressing in the format of
160.1.Y.Y/32, wherr Y is the router number.
Redistribute these prefixes into OSPF.
Configure OSPF area 3 so that R5 filters external routes out as they are sent from
area 0 to area 3.
Routers in area 3 should still be allowed to redistribute into OSPF.
Configuration
R5, R8 , R10:
router ospf 1
area 3 nssa
R6:
interface Loopback100
ip address 160.1.6.6 255.255.255.255
!
route-map CONNECTED->OSPF permit 10
match interface Loopback100
!
router ospf 1
redistribute connected subnets route-map CONNECTED->OSPF
R8:
interface Loopback100
ip address 160.1.8.8 255.255.255.255
!
route-map CONNECTED->OSPF permit 10
match interface Loopback100
!
router ospf 1
redistribute connected subnets route-map CONNECTED->OSPF
Verification
The OSPF Not-So-Stubby Area (NSSA) Option, as defined in RFC 3101, extends
the functionality of a stub area to allow the importing of a subset of external routes
into the area. Recall that with the stub area, Type-5 External LSA information is
suppressed from entering the database and is replaced with a default route
originated by the ABR(s). Because all Type-5 LSAs are suppressed, this also
implies that redistribution cannot occur within the area as well. This problem can be
seen from the parser error generated when redistribution and stub areas are
configured together:
R10#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.R10(config)#router ospf 1
R10(config-router)#area 3 stub
R10(config-router)#redistribute connected subnets
%OSPF-4-ASBR_WITHOUT_VALID_AREA: Router is currently an ASBR while having only one area which is a stub area
The OSPF NSSA option changes this behavior by allowing redistribution to occur
within the stub area, while still blocking external routes from entering the area
through the ABR(s). Specifically, this is implemented through the introduction of a
new link-state advertisement type, the Type-7 NSSA External LSA.
Routes that are redistributed directly into the NSSA are generated as Type-7 NSSA
External LSAs. Like Type-5 External LSAs, two subtypes of Type-7 NSSA External
LSAs exist, type 1 (N1) and type 2 (N2). N1, similar to E1, considers the metric that
the ASBR reports into the OSPF domain along with the metric needed to reach the
ABSR. N2, similar to E2, separates the metric into the flat value that the ASBR
reports into the OSPF domain, which is installed in the routing table, and the value
needed to reach the ASBR, known as the forwarding metric.
From the output below, we can see that with the default redistribution values, R8
originates the Type-7 NSSA External LSAs as metric-type 2, with a metric value of
20. The detailed output from R5’s routing table indicates a metric of 20 reported in
by R8, and a forward metric of 2, R5’s metric to reach R8's Loopback:
R5#show ip route ospf | include N
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
O N2 160.1.8.8 [110/20] via 155.1.58.8, 00:08:26, GigabitEthernet1.58
!
!R5#show ip route 160.1.8.8
Routing entry for 160.1.8.8/32 Known via "ospf 1", distance 110,
metric 20, type NSSA extern 2, forward metric 2
Last update from 155.1.58.8 on GigabitEthernet1.58, 00:08:39 ago
Routing Descriptor Blocks:
* 155.1.58.8, from 150.1.8.8, 00:08:39 ago, via GigabitEthernet1.58
Route metric is 20, traffic share count is 1
!
!R5#show ip ospf database nssa-external
OSPF Router with ID (150.1.5.5) (Process ID 1)
Type-7 AS External Link States (Area 3)
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 646
Options: (No TOS-capability, Type 7/5 translation, DC, Upward)
LS Type: AS External Link Link State ID: 160.1.8.8 (External Network Number )
Advertising Router: 150.1.8.8
LS Seq Number: 80000001
Checksum: 0x187D
Length: 36 Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20 Forward Address: 150.1.8.8
External Route Tag: 0
When the Type-7 NSSA External LSA is received by the ABR and is moved into
area 0, the information contained in the Type-7 LSA is translated to a normal Type-5
External LSA. If multiple ABRs exist, only one of them performs the translation
through an election process, which is discussed in depth in a later task. In this
fashion, OSPF devices outside of the NSSA do not know that the NSSA exists,
which is analogous to how a Confederation works in BGP.
Note that R5 receives the Type-7 NSSA External LSA with the forward address set
to 150.1.8.8, which happens to be R8’s router-ID. With the previous Type-5 external
lookups, we saw the forward address set to 0.0.0.0, which meant to route toward the
advertising router to reach the final destination. In this case, the forward address is
non-zero, which causes the lookup to be performed toward 150.1.8.8. This is a
subtle difference in the lookup process, and this particular case results in the same
path selection even if the lookup had occurred on the advertising router (150.1.8.8)
instead of the forward address (150.1.8.8). There can, however, be certain designs
where there is a shorter path to the forward address than the advertising router’s
address, which is explored in a later task related to multiple exit points out of the
NSSA. The result of the translation on R5 is that devices in area 0 see the routes as
Type-5 External LSAs, not Type-7:
R1#show ip ospf database | begin Type-5
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag 160.1.6.6 150.1.6.6
909 0x80000001 0x0093BB 0
160.1.8.8 150.1.5.5 895 0x80000001 0x00D3D1 0
!
!R1#show ip ospf database external 160.1.8.8
OSPF Router with ID (150.1.1.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 870
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 160.1.8.8 (External Network Number ) Advertising Router: 150.1.5.5
LS Seq Number: 80000001
Checksum: 0xD3D1
Length: 36 Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20 Forward Address: 150.1.8.8
External Route Tag: 0
R1 performs a lookup on the now Type-5 External LSA, and, like R5, sees the
forward address set to 150.1.8.8. Again, note that the lookup process for this
translated Type-7 LSA is performed differently than a normal inter-area Type-5
external LSA lookup, because R1 computes its metric toward 150.1.8.8, and not a
Type-4 LSA describing the ASBR. Furthermore, note that R5 does not generate a
Type-4 ASBR Summary LSA describing R8:
R5#show ip ospf database asbr-summary 150.1.8.8
OSPF Router with ID (150.1.5.5) (Process ID 1) R5#
!
!R5#show ip route 150.1.8.8
Routing entry for 150.1.8.8/32 Known via "ospf 1", distance 110, metric 2, type intra area
Last update from 155.1.58.8 on GigabitEthernet1.58, 00:17:43 ago
Routing Descriptor Blocks: * 155.1.58.8, from 150.1.8.8, 00:17:43 ago, via GigabitEthernet1.58
Route metric is 2, traffic share count is 1
R1’s metric to the forwarding address 150.1.8.8 is 1002 via R5. This is the value
installed as the forward metric for the translated Type-7 LSA, with a metric of 20
from the Type-5 LSA itself:
R1#show ip route 150.1.8.8
Routing entry for 150.1.8.8/32 Known via "ospf 1", distance 110, metric 1002, type inter area
Last update from 155.1.0.5 on Tunnel0, 00:19:03 ago
Routing Descriptor Blocks: * 155.1.0.5, from 150.1.5.5, 00:19:03 ago, via Tunnel0
Route metric is 1002, traffic share count is 1
!
!R1#show ip route 160.1.8.8
Routing entry for 160.1.8.8/32 Known via "ospf 1", distance 110,
metric 20, type extern 2, forward metric 1002
Last update from 155.1.0.5 on Tunnel0, 00:19:06 ago
Routing Descriptor Blocks: * 155.1.0.5, from 150.1.5.5, 00:19:06 ago, via Tunnel0
Route metric is 20, traffic share count is 1
Similar to the stub area, the NSSA flag must be agreed upon by all devices in the
area, or adjacency cannot occur. This implies that the area is a normal area, a stub
area, or an NSSA, but no combination of the three. Furthermore, like the stub area,
Type-5 external LSAs are blocked from entering the NSSA area on the ABR(s), note
that R6's Loopback0 is known in area 0, but not in area 3:
R5#show ip route 160.1.6.6
Routing entry for 160.1.6.6/32 Known via "ospf 1", distance 110,
metric 20, type extern 2, forward metric 2
Last update from 155.1.45.4 on GigabitEthernet1.45, 00:20:55 ago
Routing Descriptor Blocks: * 155.1.45.4, from 150.1.6.6, 00:20:55 ago, via GigabitEthernet1.45
Route metric is 20, traffic share count is 1
!
!R8#show ip route 160.1.6.6
% Subnet not in table
Pitfall
The other key difference between stub and NSSA areas is how default
routing works. The stub area removes external LSAs and replaces them with
a default route. The totally stubby area extends this by replacing external
LSAs and inter-area LSAs with a default route. However, with the NSSA, a
default route is not automatically originated by the ABR. This means that
devices within the NSSA will have reachability to their own area and to other
areas, but not to destinations outside of the OSPF domain:
R8#show ip route 150.1.4.4
Routing entry for 150.1.4.4/32
Known via "ospf 1", distance 110, metric 3, type inter area
Last update from 155.1.58.5 on GigabitEthernet1.58, 00:23:20 ago
Routing Descriptor Blocks: * 155.1.58.5, from 150.1.5.5, 00:23:20 ago, via GigabitEthernet1.58
Route metric is 3, traffic share count is 1
!
!R8#traceroute 150.1.4.4
Type escape sequence to abort.
Tracing the route to 150.1.4.4
VRF info: (vrf in name/id, vrf out name/id)
1 155.1.58.5 11 msec 2 msec 3 msec 2 155.1.45.4 17 msec * 6 msec
!
!R8#show ip cef 160.1.6.6
0.0.0.0/0 no route
!
!R8#traceroute 160.1.6.6 ttl 2 2
Type escape sequence to abort.
Tracing the route to 160.1.6.6
VRF info: (vrf in name/id, vrf out name/id) 2 * * *
Verify that area 3 is configured as NSSA:
R5#show ip ospf | begin Area 3
Area 3
Number of interfaces in this area is 2 It is a NSSA area
Perform type-7/type-5 LSA translation
Area has no authentication
SPF algorithm last executed 00:39:47.094 ago
SPF algorithm executed 36 times
Area ranges are
Number of LSA 28. Checksum Sum 0x0D7257
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
No comments:
Post a Comment