Tuesday, April 10, 2012

The OSPF Totally Not-So-Stubby-Area (NSSA)

The Open Shortest Path First routing protocol is a critical piece of knowledge for any networking professional working in an enterprise environment. Most major networking certifications covering routing and switching including the Cisco Certified Network Associate (CCNA), Cisco Certified Network Professional (CCNP), and Cisco Certified Internetwork Expert (CCIE) extensively test OSPF knowledge and skills. OSPF is the most popular dynamic routing protocol used in complex enterprise networks. This example will demonstrate the concepts and configuration involved with setting up a totally NSSA OSPF area. This lab is built using Dynamips/GNS3 utilizing Cisco c3725 routers.

The OSPF implementation in Cisco IOS recognizes 5 main classifications of areas:
Similar to the totally stubby area, the totally NSSA is not a standard area defined in the RFC specifications for OSPF. Vendors including Microsoft, Cisco, Juniper, and others have implemented these areas as their own custom extensions to the OSPF protocol.

The design principles around totally NSSAs are similar to totally stubby areas, with the exception that the underlying assumptions are relaxed to indicate that the routers that are internal to the totally NSSAs need to have no knowledge of subnets outside of the area (with the exception of the routes injected by the NSSA ASBRs).

The following topology provides everything necessary to examine the mechanics of the totally NSSA:



Here we have E1 and E2 routes created by the ASBR in area 0 and N1 and N2 routes created by the ASBR in area 1 (the totally NSSA). The configuration of the ASBR and NSSA_ASBR routers follows a similar configuration to the NSSA example.
On ASBR:

router ospf 1
 log-adjacency-changes
 redistribute connected subnets route-map redist-lo-into-ospf
 network 10.0.0.0 0.0.0.255 area 0
!
ip prefix-list lo-into-ospf-e1 seq 5 permit 172.16.1.0/24
!
ip prefix-list lo-into-ospf-e2 seq 5 permit 172.16.2.0/24
!
! **Make 172.16.1.0/24 an E1 route**
!
route-map redist-lo-into-ospf permit 10
 match ip address prefix-list lo-into-ospf-e1
 set metric-type type-1
!
! **Make 172.16.2.0/24 an E2 route**
!
route-map redist-lo-into-ospf permit 20
 match ip address prefix-list lo-into-ospf-e2
 set metric-type type-2
!


On NSSA_ASBR:

router ospf 1
 log-adjacency-changes
 area 1 nssa no-summary
 redistribute connected subnets route-map lo-to-ospf
 network 192.168.1.0 0.0.0.255 area 1
!
ip prefix-list lo-to-ospf-t1 seq 5 permit 192.168.100.0/24
!
ip prefix-list lo-to-ospf-t2 seq 5 permit 192.168.200.0/24
!
route-map lo-to-ospf permit 10
 match ip address prefix-list lo-to-ospf-t1
 set metric-type type-1
!
route-map lo-to-ospf permit 20
 match ip address prefix-list lo-to-ospf-t2
 set metric-type type-2
!


For ABRs that have interfaces in area 1, the area nssa no-summary command is required to identify the area as a totally NSSA. The no-summary option instructs the ABRs not to propagate type-3 LSAs into the totally NSSAs. The no-summary option is also only required on ABRs, as there are no other sources of type 3 LSAs. Type-5 LSAs are not propagated into stub or NSSA areas.

The area 1 ABRs still create type-3 summary LSAs and type 5 external LSAs (from the type-7 NSSA external LSAs) and propagate these into the backbone area and other type-5 capable areas.

Let's examine the routing table and OSPF database on the internal area 1 router and the internal area 0 router. Since area 1 is totally NSSA, we would only expect to find networks advertised in area 1 and the external routes from NSSA_ASBR:

Area1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route


Gateway of last resort is 192.168.0.1 to network 0.0.0.0

O N2 192.168.200.0/24 [110/20] via 192.168.1.2, 20:17:53, Serial0/1
C    192.168.0.0/24 is directly connected, Serial0/0
C    192.168.1.0/24 is directly connected, Serial0/1
O N1 192.168.100.0/24 [110/84] via 192.168.1.2, 20:17:53, Serial0/1
O*IA 0.0.0.0/0 [110/65] via 192.168.0.1, 10:06:39, Serial0/0


Similar to the stub and totally stubby areas, the default route is propagated as a type-3 LSA originating from the ABR and there are no other LSAs advertising routes/networks from outside of area 1:

Area1#show ip ospf database

            OSPF Router with ID (192.168.1.1) (Process ID 1)

                Router Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Link count
192.168.0.1     192.168.0.1     1434        0x8000002B 0x002A33 2
192.168.1.1     192.168.1.1     1046        0x80000029 0x009A1E 4
192.168.200.1   192.168.200.1   656         0x80000027 0x00418C 2

                Summary Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
0.0.0.0         192.168.0.1     661         0x80000013 0x0003B6

                Type-7 AS External Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Tag
192.168.100.0   192.168.200.1   656         0x80000025 0x004F36 0
192.168.200.0   192.168.200.1   656         0x80000025 0x00821E 0


In the backbone area, the routing table shows all of the networks that are advertised into OSPF (either through redistribution or OSPF configuration):

Area0#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 2 subnets
O E1    172.16.1.0 [110/84] via 10.0.0.1, 16:28:13, Serial0/0
O E2    172.16.2.0 [110/20] via 10.0.0.1, 16:28:13, Serial0/0

O E2 192.168.200.0/24 [110/20] via 10.0.1.2, 16:28:33, Serial0/1
     10.0.0.0/24 is subnetted, 2 subnets
C       10.0.0.0 is directly connected, Serial0/0
C       10.0.1.0 is directly connected, Serial0/1

O IA 192.168.0.0/24 [110/128] via 10.0.1.2, 16:32:30, Serial0/1
O IA 192.168.1.0/24 [110/192] via 10.0.1.2, 16:32:30, Serial0/1
O E1 192.168.100.0/24 [110/212] via 10.0.1.2, 16:28:34, Serial0/1


Looking at Area 0, we see type 5 LSAs for the external routes advertised by NSSA_ASBR and we see type 3 LSAs for the networks that are internal to area 1:

Area0#show ip ospf database


            OSPF Router with ID (10.0.1.1) (Process ID 1)


                Router Link States (Area 0)


Link ID         ADV Router      Age         Seq#       Checksum Link count
10.0.1.1        10.0.1.1        933         0x8000004F 0x0074D3 4
172.16.2.1      172.16.2.1      1063        0x8000004E 0x00F9BA 2
192.168.0.1     192.168.0.1     1748        0x8000002A 0x00F38B 2

                Summary Net Link States (Area 0)


Link ID         ADV Router      Age         Seq#       Checksum
192.168.0.0     192.168.0.1     1748        0x80000025 0x00FF05
192.168.1.0     192.168.0.1     1748        0x80000025 0x00774C



                Type-5 AS External Link States


Link ID         ADV Router      Age         Seq#       Checksum Tag
172.16.1.0      172.16.2.1      1305        0x8000004A 0x009ABF 0
172.16.2.0      172.16.2.1      1316        0x8000004A 0x0013C5 0

192.168.100.0   192.168.0.1     1759        0x80000025 0x0061F6 0
192.168.200.0   192.168.0.1     1759        0x80000025 0x0094DE 0



See Also,
The Road to the CCIE



No comments:

Post a Comment