OSPF NSSA

OSPF NSSA

RFC3101 describes an OSPF area called not-so-stubby area (NSSA). The motivation behind NSSA is to allow OSPF Stub areas to carry External routes (routes learned using other routing protocols like RIP, EIGRP, BGP, etc). Stub areas are defined as areas that are not capable of importing routes external to OSPF.

N-bit

RFC 3101 defines a new bit N in the Options field and a new Type 7 LSA to support NSSA. Together, the N-bit (NSSA supported bit) and E-bit (External Routing Capability of the area) reflect an interface's external LSA flooding capability. When the peers exchange Hello messages, they check for the N-bit (should be set to 1) and E-bit (should be set to 0), along with Area ID. A mismatch in the Options field could result in failed adjacency.

Type 7 LSA

External routes are imported into OSPF NSSA as Type 7 LSAs by NSSA ASBR. The NSSA ASBR redistributes routes from different routing protocol(s) into OSPF, and vice versa. This router sets the E-bit in Router LSA flag. The ASBR originates a separate Type 7 LSA for each external route.

Type 7 LSAs are only flooded within the originating NSSA. The NSSA ABR (the routers connecting NSSA to backbone area 0) translates Type 7 LSA into Type 5 LSA, and flooded into the OSPF topology.

In Cisco IOS, by default, the NSSA ASBR always set the N/P-bit (Propagate) in the Options field of Type 7 LSA. The P-bit is not set only when the NSSA ASBR and NSSA ABR are the same router for the area. The P-bit tells the NSSA ABR to translate a Type 7 LSA to Type 5 LSA. These translated Type 5 LSAs copy the Forwarding Address (FA) from Type 7 LSA.

The following packet capture shows a Type 7 LSA.

Type 7 Translator Election

If multiple NSSA ABR routers are present, it is recommended that not all ABRs perform Type 7-to-5 translation to avoid routing loops. RFC 3101 defines a configurable parameter NSSATranslatorRole which specifies whether a router will perform Type 7-to-5 translation or not. Cisco IOS does not support this parameter yet. Cisco IOS uses Router ID to elect the Type 7-to-5 translator.

If there exists multiple NSSA ABRs capable of performing Type 7-to-5 translation, the router advertising with higher Router ID is elected as the translator. The NSSA ABR that is no longer required to perform translation, flushes its Type 5 LSAs.

Sample Scenario

The configuration of the routers is as below:

R1 and ASBR Configuration

R1 router

interface Loopback 0

 ip address 101.1.1.1 255.255.255.255

interface Fastethernet 0/0

 ip address 100.100.100.1 255.255.255.0

router rip

 version 2

 no auto-summary

 network 100.100.100.0

 network 101.1.1.0

 ASBR router

interface Fasthethernet 0/0

 ip address 100.100.100.2 255.255.255.0

interface Serial 0/0

 ip address 10.23.1.1 255.255.255.252

ip ospf cost 50

interface Serial 0/1

 ip address 10.24.1.1 255.255.255.252

ip ospf cost 100

router ospf 1

 router-id 2.2.2.2

 network 0.0.0.0 255.255.255.255 area 10

 area 10 nssa

 redistribute rip subnets

router rip

 version 2

 no auto-summary

 redistribute ospf 1 metric 5 match internal external 1 external 2

 network 100.100.100.0

ABR1, ABR2 and R5 Configuration

 ABR1 Router

interface Serial 0/0

 ip address 10.23.1.2 255.255.255.252

 ip ospf 1 area 10

 ip ospf cost 50

interface Fastethernet 0/0

 ip address 10.34.5.1 255.255.255.0

 ip ospf 1 area 0

router ospf 1

 router-id 3.3.3.3

 area 10 nssa

 ABR2 Router

interface Serial 0/0

 ip address 10.24.1.2 255.255.255.252

 ip ospf 1 area 10

 ip ospf cost 100

interface Fastethernet 0/0

 ip address 10.34.5.2 255.255.255.0

 ip ospf 1 area 0

router ospf 1

 router-id 4.4.4.4

 area 10 nssa

 R5 Router

interface Fasthethernet 0/0

 ip address 10.34.5.3 255.255.255.0

router ospf 1

 router-id 5.5.5.5

 network 0.0.0.0 255.255.255.255 area 0

The ASBR router learns about 101.1.1.1/32 via RIP as seen below:

RIP learned routes on ASBR router

ASBR# show ip route rip

     101.0.0.0/32 is subnetted, 1 subnets

R       101.1.1.1 [120/1] via 100.100.100.1, 00:00:19, FastEthernet0/0

The ASBR router performs redistribution between RIP and OSPF. Thus, ASBR router is responsible for originating Type 7 LSAs. Also note that OSPF is enabled on all interfaces on this router including the interface (Fa0/0) connecting to the R1 router. This causes ASBR router to set the FA address of Type 7 LSA for prefix 101.1.1.1/32 to IP address of R1 router i.e. 100.100.100.1.

The NSSA-External Type 7 LSA generated by ASBR router can be seen as below:

ASBR advertises Type 7 LSA in NSSA

ASBR# show ip ospf database nssa-external

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Type-7 AS External Link States (Area 10)

  LS age: 228

  Options: (No TOS-capability, Type 7/5 translation, DC)

  LS Type: AS External Link

  Link State ID: 101.1.1.1 (External Network Number )

  Advertising Router: 2.2.2.2

  LS Seq Number: 80000026

  Checksum: 0xB121

  Length: 36

  Network Mask: /32

        Metric Type: 2 (Larger than any link state path)

        TOS: 0

        Metric: 20

        Forward Address: 100.100.100.1

        External Route Tag: 0

This Type 7 LSA is only forwarded in NSSA and is not forwarded out the NSSA area 10. ABR1 and ABR2 routers receive this LSA 7 with P-bit (Propagate) set to 1.

ABR1 and ABR2 receives LSA 7

ABR1# show ip ospf database nssa-external

            OSPF Router with ID (3.3.3.3) (Process ID 1)

                Type-7 AS External Link States (Area 10)

  LS age: 260

  Options: (No TOS-capability, Type 7/5 translation, DC)

  LS Type: AS External Link

  Link State ID: 101.1.1.1 (External Network Number )

  Advertising Router: 2.2.2.2

  LS Seq Number: 80000026

  Checksum: 0xB121

  Length: 36

  Network Mask: /32

        Metric Type: 2 (Larger than any link state path)

        TOS: 0

        Metric: 20

        Forward Address: 100.100.100.1

        External Route Tag: 0

ABR2# show ip ospf database nssa-external

            OSPF Router with ID (4.4.4.4) (Process ID 1)

                Type-7 AS External Link States (Area 10)

  Routing Bit Set on this LSA

  LS age: 289

  Options: (No TOS-capability, Type 7/5 translation, DC)

  LS Type: AS External Link

  Link State ID: 101.1.1.1 (External Network Number )

  Advertising Router: 2.2.2.2

  LS Seq Number: 80000026

  Checksum: 0xB121

  Length: 36

  Network Mask: /32

        Metric Type: 2 (Larger than any link state path)

        TOS: 0

        Metric: 20

        Forward Address: 100.100.100.1

        External Route Tag: 0

This causes both, ABR1 and ABR2, routers to perform the role of Type 7-to-5 translator. However, when ABR1 receives translated Type 5 LSAs from ABR2 with a higher Router ID (4.4.4.4) compared to its own RID (3.3.3.3), it flushes its Type 5 LSAs.

ABR2 wins Type 7-to-5 Translator role due to higher RID

ABR1# show ip ospf

 Routing Process "ospf 1" with ID 3.3.3.3

 Start time: 00:06:22.056, Time elapsed: 1d01h

 Supports only single TOS(TOS0) routes

 Supports opaque LSA

 Supports Link-local Signaling (LLS)

 Supports area transit capability

 It is an area border and autonomous system boundary router

 Redistributing External Routes from,

 Router is not originating router-LSAs with maximum metric

 Initial SPF schedule delay 5000 msecs

 Minimum hold time between two consecutive SPFs 10000 msecs

 Maximum wait time between two consecutive SPFs 10000 msecs

 Incremental-SPF disabled

 Minimum LSA interval 5 secs

 Minimum LSA arrival 1000 msecs

 LSA group pacing timer 240 secs

 Interface flood pacing timer 33 msecs

 Retransmission pacing timer 66 msecs

 Number of external LSA 1. Checksum Sum 0x005F6F

 Number of opaque AS LSA 0. Checksum Sum 0x000000

 Number of DCbitless external and opaque AS LSA 0

 Number of DoNotAge external and opaque AS LSA 0

 Number of areas in this router is 2. 1 normal 0 stub 1 nssa

 Number of areas transit capable is 0

 External flood list length 0

    Area BACKBONE(0)

        Number of interfaces in this area is 1

        Area has no authentication

        SPF algorithm last executed 21:34:23.424 ago

        SPF algorithm executed 14 times

        Area ranges are

        Number of LSA 9. Checksum Sum 0x067AF5

        Number of opaque link LSA 0. Checksum Sum 0x000000

        Number of DCbitless LSA 0

        Number of indication LSA 0

        Number of DoNotAge LSA 0

        Flood list length 0

    Area 10

        Number of interfaces in this area is 1

        It is a NSSA area

        Area has no authentication

        SPF algorithm last executed 21:34:13.432 ago

        SPF algorithm executed 14 times

        Area ranges are

        Number of LSA 6. Checksum Sum 0x0655F5

        Number of opaque link LSA 0. Checksum Sum 0x000000

        Number of DCbitless LSA 0

        Number of indication LSA 0

        Number of DoNotAge LSA 0

        Flood list length 0

ABR2# show ip ospf

 Routing Process "ospf 1" with ID 4.4.4.4

 Start time: 00:03:50.040, Time elapsed: 1d00h

 Supports only single TOS(TOS0) routes

 Supports opaque LSA

 Supports Link-local Signaling (LLS)

 Supports area transit capability

 It is an area border and autonomous system boundary router

 Redistributing External Routes from,

 Router is not originating router-LSAs with maximum metric

 Initial SPF schedule delay 5000 msecs

 Minimum hold time between two consecutive SPFs 10000 msecs

 Maximum wait time between two consecutive SPFs 10000 msecs

 Incremental-SPF disabled

 Minimum LSA interval 5 secs

 Minimum LSA arrival 1000 msecs

 LSA group pacing timer 240 secs

 Interface flood pacing timer 33 msecs

 Retransmission pacing timer 66 msecs

 Number of external LSA 1. Checksum Sum 0x000ACA

 Number of opaque AS LSA 0. Checksum Sum 0x000000

 Number of DCbitless external and opaque AS LSA 0

 Number of DoNotAge external and opaque AS LSA 0

 Number of areas in this router is 2. 1 normal 0 stub 1 nssa

 Number of areas transit capable is 0

 External flood list length 0

    Area BACKBONE(0)

        Number of interfaces in this area is 1

        Area has no authentication

        SPF algorithm last executed 21:32:41.780 ago

        SPF algorithm executed 3 times

        Area ranges are

        Number of LSA 9. Checksum Sum 0x097987

        Number of opaque link LSA 0. Checksum Sum 0x000000

        Number of DCbitless LSA 0

        Number of indication LSA 0

        Number of DoNotAge LSA 0

        Flood list length 0

    Area 10

        Number of interfaces in this area is 1

        It is a NSSA area

        Perform type-7/type-5 LSA translation

        Area has no authentication

        SPF algorithm last executed 21:32:51.800 ago

        SPF algorithm executed 2 times

        Area ranges are

        Number of LSA 6. Checksum Sum 0x08C11E

        Number of opaque link LSA 0. Checksum Sum 0x000000

        Number of DCbitless LSA 0

        Number of indication LSA 0

        Number of DoNotAge LSA 0

        Flood list length 0

ABR2 copies the Forwarding Address (FA) from Type 7 LSA and inserts the same in Type 5 LSA. The following output shows that R5 router receives Type 5 LSA from ABR2 (4.4.4.4) router only.

Only ABR2 advertises Type 5 LSA

R5# show ip ospf database external

            OSPF Router with ID (5.5.5.5) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA

  LS age: 1675

  Options: (No TOS-capability, DC)

  LS Type: AS External Link

  Link State ID: 101.1.1.1 (External Network Number )

  Advertising Router: 4.4.4.4

  LS Seq Number: 80000026

  Checksum: 0xACA

  Length: 36

  Network Mask: /32

        Metric Type: 2 (Larger than any link state path)

        TOS: 0

        Metric: 20

        Forward Address: 100.100.100.1

        External Route Tag: 0

Since FA 100.100.100.1 does not belong to the same area as R5, it performs an inter-area (IA) lookup on Type-3 LSA. It finds that ABR1 and ABR2 are advertising the route to 100.100.100.0/24 with a metric of 51 and 101, respectively.

R5 performs Type 3 LSA lookup for FA address

R5# show ip ospf database summary 100.100.100.0

            OSPF Router with ID (5.5.5.5) (Process ID 1)

                Summary Net Link States (Area 0)

  Routing Bit Set on this LSA

  LS age: 205

  Options: (No TOS-capability, DC, Upward)

  LS Type: Summary Links(Network)

  Link State ID: 100.100.100.0 (summary Network Number)

  Advertising Router: 3.3.3.3

  LS Seq Number: 80000030

  Checksum: 0xB2EE

  Length: 28

  Network Mask: /24

        TOS: 0  Metric: 51

  LS age: 725

  Options: (No TOS-capability, DC, Upward)

  LS Type: Summary Links(Network)

  Link State ID: 100.100.100.0 (summary Network Number)

  Advertising Router: 4.4.4.4

  LS Seq Number: 80000032

  Checksum: 0x86E2

  Length: 28

  Network Mask: /24

        TOS: 0  Metric: 101

R5 router now needs to find out the metric to reach the ABRs. To find out, it looks up the Type 1 Router LSAs in LSDB. From the below output, the metric to reach both ABRs is 10.

R5's metric to both ABRs

R5# show ip ospf database router 3.3.3.3

            OSPF Router with ID (5.5.5.5) (Process ID 1)

                Router Link States (Area 0)

  Routing Bit Set on this LSA

  LS age: 67

  Options: (No TOS-capability, DC)

  LS Type: Router Links

  Link State ID: 3.3.3.3

  Advertising Router: 3.3.3.3

  LS Seq Number: 80000002

  Checksum: 0xAAFC

  Length: 36

  Area Border Router

  AS Boundary Router

  Number of Links: 1

    Link connected to: a Transit Network

     (Link ID) Designated Router address: 10.34.5.3

     (Link Data) Router Interface address: 10.34.5.1

      Number of TOS metrics: 0

       TOS 0 Metrics: 10

R5# show ip ospf database router 4.4.4.4

            OSPF Router with ID (5.5.5.5) (Process ID 1)

                Router Link States (Area 0)

  Routing Bit Set on this LSA

  LS age: 64

  Options: (No TOS-capability, DC)

  LS Type: Router Links

  Link State ID: 4.4.4.4

  Advertising Router: 4.4.4.4

  LS Seq Number: 80000002

  Checksum: 0x6C32

  Length: 36

  Area Border Router

  AS Boundary Router

  Number of Links: 1

    Link connected to: a Transit Network

     (Link ID) Designated Router address: 10.34.5.3

     (Link Data) Router Interface address: 10.34.5.2

      Number of TOS metrics: 0

       TOS 0 Metrics: 10

The alternative way to find out the metric to ABRs is as below:

Alternative way to find the metric to reach ABRs

R5# show ip ospf border-routers

OSPF Process 1 internal Routing Table

Codes: i - Intra-area route, I - Inter-area route

i 4.4.4.4 [10] via 10.34.5.2, FastEthernet0/0, ABR/ASBR, Area 0, SPF 3

i 3.3.3.3 [10] via 10.34.5.1, FastEthernet0/0, ABR/ASBR, Area 0, SPF 3

So, the intra-area cost to reach ABRs is 10. Also, ABR1 and ABR2 reported a cost of 51 and 101 to the forwarding address 100.100.100.1, respectively. So, the total forward metric through ABR1 is 61, and through ABR2 is 111. Hence, R5 chooses ABR1 as the next-hop for the route 101.1.1.1/32, although, the route is originated by ABR2, type 7-to-5 translator, the traffic does not actually flow through ABR2.

Thus R5 installs the path through ABR1 with the default redistribution metric of 20 for OSPF E2 route and forward metric of 61.

R5 installs the path through ABR1

R5# show ip route 101.1.1.1

Routing entry for 101.1.1.1/32

  Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 61

  Last update from 10.34.5.1 on FastEthernet0/0, 00:02:15 ago

  Routing Descriptor Blocks:

  * 10.34.5.1, from 4.4.4.4, 00:02:15 ago, via FastEthernet0/0

      Route metric is 20, traffic share count is 1

R5# traceroute 101.1.1.1

Type escape sequence to abort.

Tracing the route to 101.1.1.1

  1 10.34.5.1 64 msec 80 msec 92 msec

  2 10.23.1.1 72 msec 92 msec 60 msec

  3 100.100.100.1 124 msec 100 msec *

Page updated

Google Sites

Report abuse