OSPF NSSA

OSPF NSSA

RFC3101 describes an OSPF area called not-so-stubby area (NSSA). The motivation behind NSSA is to allow OSPF Stub areas to carry External routes (routes learned using other routing protocols like RIP, EIGRP, BGP, etc). Stub areas are defined as areas that are not capable of importing routes external to OSPF.

N-bit

RFC 3101 defines a new bit N in the Options field and a new Type 7 LSA to support NSSA. Together, the N-bit (NSSA supported bit) and E-bit (External Routing Capability of the area) reflect an interface's external LSA flooding capability. When the peers exchange Hello messages, they check for the N-bit (should be set to 1) and E-bit (should be set to 0), along with Area ID. A mismatch in the Options field could result in failed adjacency.

Type 7 LSA

External routes are imported into OSPF NSSA as Type 7 LSAs by NSSA ASBR. The NSSA ASBR redistributes routes from different routing protocol(s) into OSPF, and vice versa. This router sets the E-bit in Router LSA flag. The ASBR originates a separate Type 7 LSA for each external route.

Type 7 LSAs are only flooded within the originating NSSA. The NSSA ABR (the routers connecting NSSA to backbone area 0) translates Type 7 LSA into Type 5 LSA, and flooded into the OSPF topology.

In Cisco IOS, by default, the NSSA ASBR always set the N/P-bit (Propagate) in the Options field of Type 7 LSA. The P-bit is not set only when the NSSA ASBR and NSSA ABR are the same router for the area. The P-bit tells the NSSA ABR to translate a Type 7 LSA to Type 5 LSA. These translated Type 5 LSAs copy the Forwarding Address (FA) from Type 7 LSA.

The following packet capture shows a Type 7 LSA.

Type 7 Translator Election

If multiple NSSA ABR routers are present, it is recommended that not all ABRs perform Type 7-to-5 translation to avoid routing loops. RFC 3101 defines a configurable parameter NSSATranslatorRole which specifies whether a router will perform Type 7-to-5 translation or not. Cisco IOS does not support this parameter yet. Cisco IOS uses Router ID to elect the Type 7-to-5 translator.

If there exists multiple NSSA ABRs capable of performing Type 7-to-5 translation, the router advertising with higher Router ID is elected as the translator. The NSSA ABR that is no longer required to perform translation, flushes its Type 5 LSAs.

Sample Scenario

The configuration of the routers is as below:

R1 and ASBR Configuration

R1 router
interface Loopback 0
 ip address 101.1.1.1 255.255.255.255
!
interface Fastethernet 0/0
 ip address 100.100.100.1 255.255.255.0
!
router rip
 version 2
 no auto-summary
 network 100.100.100.0
 network 101.1.1.0
!
 ASBR router
interface Fasthethernet 0/0
 ip address 100.100.100.2 255.255.255.0
!
interface Serial 0/0
 ip address 10.23.1.1 255.255.255.252

ip ospf cost 50

!
interface Serial 0/1
 ip address 10.24.1.1 255.255.255.252

ip ospf cost 100

!
router ospf 1
 router-id 2.2.2.2
 network 0.0.0.0 255.255.255.255 area 10
 area 10 nssa
 redistribute rip subnets
!
router rip
 version 2
 no auto-summary
 redistribute ospf 1 metric 5 match internal external 1 external 2
 network 100.100.100.0
!

ABR1, ABR2 and R5 Configuration

 ABR1 Router
interface Serial 0/0
 ip address 10.23.1.2 255.255.255.252
 ip ospf 1 area 10
 ip ospf cost 50
!
interface Fastethernet 0/0
 ip address 10.34.5.1 255.255.255.0
 ip ospf 1 area 0
!
router ospf 1
 router-id 3.3.3.3
 area 10 nssa
!
 ABR2 Router
interface Serial 0/0
 ip address 10.24.1.2 255.255.255.252
 ip ospf 1 area 10
 ip ospf cost 100
!
interface Fastethernet 0/0
 ip address 10.34.5.2 255.255.255.0
 ip ospf 1 area 0
!
router ospf 1
 router-id 4.4.4.4
 area 10 nssa
!
 R5 Router
interface Fasthethernet 0/0
 ip address 10.34.5.3 255.255.255.0
!
router ospf 1
 router-id 5.5.5.5
 network 0.0.0.0 255.255.255.255 area 0
!

The ASBR router learns about 101.1.1.1/32 via RIP as seen below:

RIP learned routes on ASBR router

ASBR# show ip route rip
     101.0.0.0/32 is subnetted, 1 subnets
R       101.1.1.1 [120/1] via 100.100.100.1, 00:00:19, FastEthernet0/0

The ASBR router performs redistribution between RIP and OSPF. Thus, ASBR router is responsible for originating Type 7 LSAs. Also note that OSPF is enabled on all interfaces on this router including the interface (Fa0/0) connecting to the R1 router. This causes ASBR router to set the FA address of Type 7 LSA for prefix 101.1.1.1/32 to IP address of R1 router i.e. 100.100.100.1.

The NSSA-External Type 7 LSA generated by ASBR router can be seen as below:

ASBR advertises Type 7 LSA in NSSA

ASBR# show ip ospf database nssa-external
            OSPF Router with ID (2.2.2.2) (Process ID 1)
                Type-7 AS External Link States (Area 10)
  LS age: 228
  Options: (No TOS-capability, Type 7/5 translation, DC)
  LS Type: AS External Link
  Link State ID: 101.1.1.1 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000026
  Checksum: 0xB121
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 100.100.100.1
        External Route Tag: 0

This Type 7 LSA is only forwarded in NSSA and is not forwarded out the NSSA area 10. ABR1 and ABR2 routers receive this LSA 7 with P-bit (Propagate) set to 1.

ABR1 and ABR2 receives LSA 7

ABR1# show ip ospf database nssa-external
            OSPF Router with ID (3.3.3.3) (Process ID 1)
                Type-7 AS External Link States (Area 10)
  LS age: 260
  Options: (No TOS-capability, Type 7/5 translation, DC)
  LS Type: AS External Link
  Link State ID: 101.1.1.1 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000026
  Checksum: 0xB121
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 100.100.100.1
        External Route Tag: 0
ABR2# show ip ospf database nssa-external
            OSPF Router with ID (4.4.4.4) (Process ID 1)
                Type-7 AS External Link States (Area 10)
  Routing Bit Set on this LSA
  LS age: 289
  Options: (No TOS-capability, Type 7/5 translation, DC)
  LS Type: AS External Link
  Link State ID: 101.1.1.1 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000026
  Checksum: 0xB121
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 100.100.100.1
        External Route Tag: 0

This causes both, ABR1 and ABR2, routers to perform the role of Type 7-to-5 translator. However, when ABR1 receives translated Type 5 LSAs from ABR2 with a higher Router ID (4.4.4.4) compared to its own RID (3.3.3.3), it flushes its Type 5 LSAs.

ABR2 wins Type 7-to-5 Translator role due to higher RID

ABR1# show ip ospf
 Routing Process "ospf 1" with ID 3.3.3.3
 Start time: 00:06:22.056, Time elapsed: 1d01h
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Supports Link-local Signaling (LLS)
 Supports area transit capability
 It is an area border and autonomous system boundary router
 Redistributing External Routes from,
 Router is not originating router-LSAs with maximum metric
 Initial SPF schedule delay 5000 msecs
 Minimum hold time between two consecutive SPFs 10000 msecs
 Maximum wait time between two consecutive SPFs 10000 msecs
 Incremental-SPF disabled
 Minimum LSA interval 5 secs
 Minimum LSA arrival 1000 msecs
 LSA group pacing timer 240 secs
 Interface flood pacing timer 33 msecs
 Retransmission pacing timer 66 msecs
 Number of external LSA 1. Checksum Sum 0x005F6F
 Number of opaque AS LSA 0. Checksum Sum 0x000000
 Number of DCbitless external and opaque AS LSA 0
 Number of DoNotAge external and opaque AS LSA 0
 Number of areas in this router is 2. 1 normal 0 stub 1 nssa
 Number of areas transit capable is 0
 External flood list length 0
    Area BACKBONE(0)
        Number of interfaces in this area is 1
        Area has no authentication
        SPF algorithm last executed 21:34:23.424 ago
        SPF algorithm executed 14 times
        Area ranges are
        Number of LSA 9. Checksum Sum 0x067AF5
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0
    Area 10
        Number of interfaces in this area is 1
        It is a NSSA area
        Area has no authentication
        SPF algorithm last executed 21:34:13.432 ago
        SPF algorithm executed 14 times
        Area ranges are
        Number of LSA 6. Checksum Sum 0x0655F5
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0
ABR2# show ip ospf
 Routing Process "ospf 1" with ID 4.4.4.4
 Start time: 00:03:50.040, Time elapsed: 1d00h
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Supports Link-local Signaling (LLS)
 Supports area transit capability
 It is an area border and autonomous system boundary router
 Redistributing External Routes from,
 Router is not originating router-LSAs with maximum metric
 Initial SPF schedule delay 5000 msecs
 Minimum hold time between two consecutive SPFs 10000 msecs
 Maximum wait time between two consecutive SPFs 10000 msecs
 Incremental-SPF disabled
 Minimum LSA interval 5 secs
 Minimum LSA arrival 1000 msecs
 LSA group pacing timer 240 secs
 Interface flood pacing timer 33 msecs
 Retransmission pacing timer 66 msecs
 Number of external LSA 1. Checksum Sum 0x000ACA
 Number of opaque AS LSA 0. Checksum Sum 0x000000
 Number of DCbitless external and opaque AS LSA 0
 Number of DoNotAge external and opaque AS LSA 0
 Number of areas in this router is 2. 1 normal 0 stub 1 nssa
 Number of areas transit capable is 0
 External flood list length 0
    Area BACKBONE(0)
        Number of interfaces in this area is 1
        Area has no authentication
        SPF algorithm last executed 21:32:41.780 ago
        SPF algorithm executed 3 times
        Area ranges are
        Number of LSA 9. Checksum Sum 0x097987
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0
    Area 10
        Number of interfaces in this area is 1
        It is a NSSA area
        Perform type-7/type-5 LSA translation
        Area has no authentication
        SPF algorithm last executed 21:32:51.800 ago
        SPF algorithm executed 2 times
        Area ranges are
        Number of LSA 6. Checksum Sum 0x08C11E
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

ABR2 copies the Forwarding Address (FA) from Type 7 LSA and inserts the same in Type 5 LSA. The following output shows that R5 router receives Type 5 LSA from ABR2 (4.4.4.4) router only.

Only ABR2 advertises Type 5 LSA

R5# show ip ospf database external
            OSPF Router with ID (5.5.5.5) (Process ID 1)
                Type-5 AS External Link States
  Routing Bit Set on this LSA
  LS age: 1675
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 101.1.1.1 (External Network Number )
  Advertising Router: 4.4.4.4
  LS Seq Number: 80000026
  Checksum: 0xACA
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 100.100.100.1
        External Route Tag: 0

Since FA 100.100.100.1 does not belong to the same area as R5, it performs an inter-area (IA) lookup on Type-3 LSA. It finds that ABR1 and ABR2 are advertising the route to 100.100.100.0/24 with a metric of 51 and 101, respectively.

R5 performs Type 3 LSA lookup for FA address

R5# show ip ospf database summary 100.100.100.0
            OSPF Router with ID (5.5.5.5) (Process ID 1)
                Summary Net Link States (Area 0)
  Routing Bit Set on this LSA
  LS age: 205
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 100.100.100.0 (summary Network Number)
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000030
  Checksum: 0xB2EE
  Length: 28
  Network Mask: /24
        TOS: 0  Metric: 51
  LS age: 725
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 100.100.100.0 (summary Network Number)
  Advertising Router: 4.4.4.4
  LS Seq Number: 80000032
  Checksum: 0x86E2
  Length: 28
  Network Mask: /24
        TOS: 0  Metric: 101

R5 router now needs to find out the metric to reach the ABRs. To find out, it looks up the Type 1 Router LSAs in LSDB. From the below output, the metric to reach both ABRs is 10.

R5's metric to both ABRs

R5# show ip ospf database router 3.3.3.3
            OSPF Router with ID (5.5.5.5) (Process ID 1)
                Router Link States (Area 0)
  Routing Bit Set on this LSA
  LS age: 67
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 3.3.3.3
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000002
  Checksum: 0xAAFC
  Length: 36
  Area Border Router
  AS Boundary Router
  Number of Links: 1
    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.34.5.3
     (Link Data) Router Interface address: 10.34.5.1
      Number of TOS metrics: 0
       TOS 0 Metrics: 10
R5# show ip ospf database router 4.4.4.4
            OSPF Router with ID (5.5.5.5) (Process ID 1)
                Router Link States (Area 0)
  Routing Bit Set on this LSA
  LS age: 64
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 4.4.4.4
  Advertising Router: 4.4.4.4
  LS Seq Number: 80000002
  Checksum: 0x6C32
  Length: 36
  Area Border Router
  AS Boundary Router
  Number of Links: 1
    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.34.5.3
     (Link Data) Router Interface address: 10.34.5.2
      Number of TOS metrics: 0
       TOS 0 Metrics: 10

The alternative way to find out the metric to ABRs is as below:

Alternative way to find the metric to reach ABRs

R5# show ip ospf border-routers
OSPF Process 1 internal Routing Table
Codes: i - Intra-area route, I - Inter-area route
i 4.4.4.4 [10] via 10.34.5.2, FastEthernet0/0, ABR/ASBR, Area 0, SPF 3
i 3.3.3.3 [10] via 10.34.5.1, FastEthernet0/0, ABR/ASBR, Area 0, SPF 3

So, the intra-area cost to reach ABRs is 10. Also, ABR1 and ABR2 reported a cost of 51 and 101 to the forwarding address 100.100.100.1, respectively. So, the total forward metric through ABR1 is 61, and through ABR2 is 111. Hence, R5 chooses ABR1 as the next-hop for the route 101.1.1.1/32, although, the route is originated by ABR2, type 7-to-5 translator, the traffic does not actually flow through ABR2.

Thus R5 installs the path through ABR1 with the default redistribution metric of 20 for OSPF E2 route and forward metric of 61.

R5 installs the path through ABR1

R5# show ip route 101.1.1.1
Routing entry for 101.1.1.1/32
  Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 61
  Last update from 10.34.5.1 on FastEthernet0/0, 00:02:15 ago
  Routing Descriptor Blocks:
  * 10.34.5.1, from 4.4.4.4, 00:02:15 ago, via FastEthernet0/0
      Route metric is 20, traffic share count is 1
R5# traceroute 101.1.1.1
Type escape sequence to abort.
Tracing the route to 101.1.1.1
  1 10.34.5.1 64 msec 80 msec 92 msec
  2 10.23.1.1 72 msec 92 msec 60 msec
  3 100.100.100.1 124 msec 100 msec *