Search This Blog

Friday, November 5, 2010

OSPF NSSA and STUB

Playing a little with OSPF areas - NSSA and Stub, see the following network diagram:


Loopback 1 and 2 interfaces on R6 and R7 are redistributed into OSPF using route-map, hence both prefixes on each router are advertised as external routes into the OSPF AS.

Examining R7 OSPF database:

R7#sh ip ospf database

OSPF Router with ID (192.168.77.1) (Process ID 1)


Router Link States (Area 1)


Link ID ADV Router Age Seq# Checksum Link count

5.5.5.5 5.5.5.5 47 0x80000008 0x009088 3

192.168.77.1 192.168.77.1 47 0x80000007 0x008EE2 3


Summary Net Link States (Area 1)


Link ID ADV Router Age Seq# Checksum

1.0.0.0 5.5.5.5 52 0x80000003 0x006E76

2.0.0.0 5.5.5.5 52 0x80000003 0x00C514

3.0.0.0 5.5.5.5 52 0x80000004 0x00528F

4.0.0.0 5.5.5.5 52 0x80000003 0x00C9D7

6.0.0.0 5.5.5.5 33 0x80000001 0x00362B

10.1.14.0 5.5.5.5 52 0x80000003 0x00CAC2

10.1.15.0 5.5.5.5 52 0x80000003 0x003D8F

10.1.24.0 5.5.5.5 52 0x80000003 0x00C0B8

10.1.35.0 5.5.5.5 52 0x80000004 0x005E59

10.1.46.0 5.5.5.5 52 0x80000003 0x00EB41

10.1.123.0 5.5.5.5 52 0x80000003 0x00F85D


Summary ASB Link States (Area 1)


Link ID ADV Router Age Seq# Checksum

192.168.66.1 5.5.5.5 33 0x80000001 0x00D7E2


Type-5 AS External Link States


Link ID ADV Router Age Seq# Checksum Tag

192.168.6.0 192.168.66.1 44 0x80000001 0x001272 0

192.168.7.0 192.168.77.1 62 0x80000001 0x00B9BE 0

192.168.66.0 192.168.66.1 44 0x80000001 0x007BCC 0

192.168.77.0 192.168.77.1 62 0x80000001 0x00B47D 0


We can see an LSA Type 4, which called Summary ASB Link States, pointing on R6 as an ASBR and 4 prefixes which have been flooded as LSA Type 5 - External routes by R7 and R6.

Now I will configure area 1 as NSSA in order to prevent LSA Type 5 into this area, in order to do that I will configure area 1 nssa on R5 and R7.

Looking again on R7 OSPF database revels:

R7#sh ip ospf database


OSPF Router with ID (192.168.77.1) (Process ID 1)


Router Link States (Area 1)


Link ID ADV Router Age Seq# Checksum Link count

5.5.5.5 5.5.5.5 55 0x8000000A 0x0038D6 3

192.168.77.1 192.168.77.1 56 0x80000009 0x003039 3


Summary Net Link States (Area 1)


Link ID ADV Router Age Seq# Checksum

1.0.0.0 5.5.5.5 60 0x80000004 0x0012CB

2.0.0.0 5.5.5.5 60 0x80000004 0x006969

3.0.0.0 5.5.5.5 60 0x80000005 0x00F5E4

4.0.0.0 5.5.5.5 60 0x80000004 0x006D2D

6.0.0.0 5.5.5.5 60 0x80000002 0x00D980

10.1.14.0 5.5.5.5 60 0x80000004 0x006E18

10.1.15.0 5.5.5.5 60 0x80000004 0x00E0E4

10.1.24.0 5.5.5.5 60 0x80000004 0x00640E

10.1.35.0 5.5.5.5 60 0x80000005 0x0002AE

10.1.46.0 5.5.5.5 60 0x80000004 0x008F96

10.1.123.0 5.5.5.5 60 0x80000004 0x009CB2


Type-7 AS External Link States (Area 1)


Link ID ADV Router Age Seq# Checksum Tag

192.168.7.0 192.168.77.1 63 0x80000001 0x0084CD 0

192.168.77.0 192.168.77.1 63 0x80000001 0x007F8C 0

As we can see no LSA Type 4 or 5 and no routes to 192.168.6x.0/24, we have minimized R7 LSDB and route table, which in OSPF is always a desired target.

Looking on R6 OSPF database shows:

R6# sh ip ospf database


OSPF Router with ID (192.168.66.1) (Process ID 1)


Router Link States (Area 2)


Link ID ADV Router Age Seq# Checksum Link count

4.4.4.4 4.4.4.4 572 0x80000008 0x00D46F 3

192.168.66.1 192.168.66.1 569 0x80000007 0x008E15 3


Summary Net Link States (Area 2)


Link ID ADV Router Age Seq# Checksum

1.0.0.0 4.4.4.4 589 0x80000003 0x008C5C

2.0.0.0 4.4.4.4 589 0x80000004 0x007D69

3.0.0.0 4.4.4.4 589 0x80000003 0x00D606

5.0.0.0 4.4.4.4 589 0x80000003 0x00DAC9

7.0.0.0 4.4.4.4 306 0x80000001 0x00471D

10.1.14.0 4.4.4.4 589 0x80000003 0x00666B

10.1.15.0 4.4.4.4 589 0x80000003 0x00DDB2

10.1.24.0 4.4.4.4 589 0x80000004 0x00F5D0

10.1.35.0 4.4.4.4 589 0x80000003 0x00650D

10.1.57.0 4.4.4.4 589 0x80000003 0x009095

10.1.123.0 4.4.4.4 589 0x80000003 0x001743


Summary ASB Link States (Area 2)


Link ID ADV Router Age Seq# Checksum

5.5.5.5 4.4.4.4 316 0x80000001 0x002176


Type-5 AS External Link States


Link ID ADV Router Age Seq# Checksum Tag

192.168.6.0 192.168.66.1 574 0x80000001 0x001272 0

192.168.7.0 5.5.5.5 302 0x80000001 0x00B14E 0

192.168.66.0 192.168.66.1 574 0x80000001 0x007BCC 0

192.168.77.0 5.5.5.5 304 0x80000001 0x00AC0D 0

Take note that R6 sees prefix 192.168.7x.0/24 as LSA Type 5.

Configuring area 2 as stub, using the command area 2 stub on R4 and R6, and looking again on R6 OSPF database:

R6# sh ip ospf database


OSPF Router with ID (192.168.66.1) (Process ID 1)


Router Link States (Area 2)


Link ID ADV Router Age Seq# Checksum Link count

4.4.4.4 4.4.4.4 423 0x8000000E 0x00C875 3

192.168.66.1 192.168.66.1 19 0x8000000F 0x009609 3


Summary Net Link States (Area 2)


Link ID ADV Router Age Seq# Checksum

0.0.0.0 4.4.4.4 20 0x80000001 0x0039F4

1.0.0.0 4.4.4.4 20 0x8000000A 0x009C47

2.0.0.0 4.4.4.4 20 0x8000000B 0x008D54

3.0.0.0 4.4.4.4 20 0x8000000A 0x00E6F0

5.0.0.0 4.4.4.4 20 0x8000000A 0x00EAB4

7.0.0.0 4.4.4.4 20 0x80000008 0x005708

10.1.14.0 4.4.4.4 20 0x8000000A 0x007656

10.1.15.0 4.4.4.4 20 0x8000000A 0x00ED9D

10.1.24.0 4.4.4.4 20 0x8000000B 0x0006BB

10.1.35.0 4.4.4.4 20 0x8000000A 0x0075F7

10.1.57.0 4.4.4.4 20 0x8000000A 0x00A080

10.1.123.0 4.4.4.4 20 0x8000000A 0x00272E

Only LSA Type 1 and 3 are seen, no LSA Type 3 because it's a point-to-point network type, also default route 0.0.0.0/0 has been installed automatically pointing next-hop R4, So for R6 reaching R7 networks is by using default route.

Using stub area cause the external networks of R6, 192.168.6x.0/24, not to appear at the OSPF AS, so in order to fix that we will have to configure area 2 as an NSSA area.

After configuring area 2 as an NSSA area R4 sees:

R4#sh ip route | in 192.168.6

O N2 192.168.66.0/24 [110/20] via 10.1.46.6, 00:02:24, Serial0/2

O N2 192.168.6.0/24 [110/20] via 10.1.46.6, 00:02:24, Serial0/2

The default cost for external routes is 20 and the type is N2 - external route with the cost calculated from the ASBR, changing the metric-type to type 1, using the command R6(config-router)#redistribute connected subnets route-map CNT metric-type 1 will show the full cost:

R4#sh ip route | in 192.168.6

O N1 192.168.66.0/24 [110/85] via 10.1.46.6, 00:00:02, Serial0/2

O N1 192.168.6.0/24 [110/85] via 10.1.46.6, 00:00:02, Serial0/2

Let's have a look on R6 route table:

R6#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route


Gateway of last resort is not set


O IA 1.0.0.0/8 [110/129] via 10.1.46.4, 08:00:16, Serial0/0

O IA 2.0.0.0/8 [110/129] via 10.1.46.4, 08:00:16, Serial0/0

O IA 3.0.0.0/8 [110/139] via 10.1.46.4, 08:00:16, Serial0/0

O 4.0.0.0/8 [110/65] via 10.1.46.4, 08:00:16, Serial0/0

O IA 5.0.0.0/8 [110/193] via 10.1.46.4, 08:00:16, Serial0/0

C 6.0.0.0/8 is directly connected, Loopback0

O IA 7.0.0.0/8 [110/257] via 10.1.46.4, 08:00:16, Serial0/0

C 192.168.66.0/24 is directly connected, Loopback2

10.0.0.0/24 is subnetted, 7 subnets

O IA 10.1.15.0 [110/192] via 10.1.46.4, 08:00:16, Serial0/0

O IA 10.1.14.0 [110/128] via 10.1.46.4, 08:00:16, Serial0/0

O IA 10.1.24.0 [110/128] via 10.1.46.4, 08:00:16, Serial0/0

C 10.1.46.0 is directly connected, Serial0/0

O IA 10.1.35.0 [110/202] via 10.1.46.4, 08:00:16, Serial0/0

O IA 10.1.57.0 [110/256] via 10.1.46.4, 08:00:16, Serial0/0

O IA 10.1.123.0 [110/138] via 10.1.46.4, 08:00:16, Serial0/0

C 192.168.6.0/24 is directly connected, Loopback1

Now as we can see R6 still holds Intra-area (LSA Type 3) routes, so i will configure area 2 to Totally NSSA which in turn will accept only LSA Type 1,2 and 7, this will be accomplished by the command:

R6(config-router)#area 2 nssa no-summary

(Again on all routers that belong to this area)

Now look at R6 route table:

R6#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route


Gateway of last resort is 10.1.46.4 to network 0.0.0.0


O 4.0.0.0/8 [110/65] via 10.1.46.4, 00:00:19, Serial0/0

C 6.0.0.0/8 is directly connected, Loopback0

C 192.168.66.0/24 is directly connected, Loopback2

10.0.0.0/24 is subnetted, 1 subnets

C 10.1.46.0 is directly connected, Serial0/0

C 192.168.6.0/24 is directly connected, Loopback1

O*IA 0.0.0.0/0 [110/65] via 10.1.46.4, 00:00:06, Serial0/0

Much smaller and by that more effective, now R6 consume much less memory and CPU time and it will converge much more quicker due to the fact that SPF will have much less to calculate. Also pay attention to the default-route which have been installed automatically, using totally NSSA/Stub will reduce the possibility for the router to learn routes outside from his area so a default one will do great.
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)