Pages

3.27.2014

OSPF Areas (Part 5) - NSSA

Links:
RFC 3101 - The OSPF Not-So-Stubby Area (NSSA) Option
RFC 1587 - The OSPF NSSA Option (Obsoleted by 3101)
RFC 2740 – OSPF for IPv6
Cisco - OSPF Not-So-Stubby Area (NSSA)

Breakdown of the NSSA (Not-So-Stubby-Area) Area:
  • Redistribution allowed by ASBRs in NSSA areas
  • NSSA ASBRs generate Type-7 LSAs for all external routes
    • Appears in the routing table as N1 or N2 external.
  • NSSA ABRs convert Type-7 LSAs to Type-5 LSAs before advertising
  • Blocks Type-5 External LSAs and Type-4 ASBR LSAs into the NSSA area
    • Just like Stub, Inter-Area Type-3 LSAs allowed into the area
  • ABRs will not generate a default route (0.0.0.0/0) for the area (by default)
  • All routers in NSSA area must be configured as NSSA to form an adjacency
    • N-Bit is set to 0 in Hello packet
  • Cannot be backbone area (area 0)
  • Virtual links are not allowed to transit NSSA areas
The best way to think about the NSSA area type is a Stub area that allows redistribution. This can be redistribution from any external source, EIGRP, BGP, IS-IS etc. It can even be just local redistribution of static or connected subnets. Once the redistribution command is added under OSPF the router then converts to an ASBR. Once the ASBR is created a Type-4 LSA is generated by the ABR advertising how to reach the newly formed ASBR.

Once a router is an ASBR the only way to utilize the features of a stub area is to configure the area as an NSSA area.

Just like a stub area NSSA areas block Type-5 External LSAs. So in order to pass external routes through the NSSA area, the ASBR generates a Type-7 LSA. These Type-7 LSAs never leave the NSSA area and are converted to Type-5 LSA by the ABR. 

Alright enough of this theory crap (who needs it anyways!) and lets hit the lab.


All areas are still configured and Totally-Stubby Areas and all networks are now internal to their local area. A new Loopback has been configured on R5 with the above ip addresses.

After configuring the new loopback interfaces on R5 lets try and redistribute them in OSPF on R5 and convert him into an ASBR.



As expected area 3 is still configured as a totally stubby area and R5 starts to complain about not allowing external routes.

We need to change all routers in area 3 to NSSA areas.



Now check and see if the changes took with show ip ospf.



Im skipping OSPFv3 for IPv6 to save space as it shows the exact same output. Notice how the second line under Area 3 now shows the area as an NSSA? That's what we wanted.

Now check out what has changed on the LSDB of one of the ABRs for area 3. We will look at R2.



You can now see all the Type-3 LSAs are back since this is not a Totally Stubby area anymore. You will also see the Type-7 AS External Link LSAs for area 3 which are generated by R5.

Notice the Type-5 AS External link LSA is generated by R3. This is the converted Type-7 LSA which will be advertised by R3 into area 0.

If you look at the external LSAs on R1 you will notice this LSA is only learned from R3 and not both ABRs like other LSA types. More on that in a second.



Two things to note here.
  • The Forwarding Address is R5
    • Normally you see the farwarding address (or Prefix Address for OSPFv3) set to null or 0.0.0.0  for type-5 LSAs. But when a Type-7 is converted to a type-5 by an ABR the forwarding address is set to the ABSRs address.
    • On the ABR which translates and advertises the Type-5 LSA you can configure translate type7 suppress-fa to set the forwarding address to null when advertised into area 0. Routers will then use the Advertising router address in the LSA to determine how to route the traffic.
  • The Advertising Router is R3. 
    • OSPF external routes are only advertised out of an area by a single ABR. This happens on the ABR with the highest router ID. For reference RFC 3101 is a little difficult to interpret but if you check out the older RFC 1587 its spells it out pretty clear. Thanks srg!
Looking at the routing table on R1 we can see that traffic to the external networks are equal-cost load balanced across both R2 and R3. 




Notice the metric of 20? Look up at the external LSA on R1 I just showed and you will see the same metric of 20 set in the LSA. By default OSPF uses type N2 for Type-7 LSAs and E2 for the translated Type-5 LSAs.

Remember Type 2 routes use only the configured redistribution metric value at the ASBR for metric. Type 1 uses the cumulative metric of all links to reach the ASBR plus the configured redistribution metric value. No metric values were set with the redistribute subnets command so the defaults of 20 and N2 are used.

The only other thing to address now is how NSSA ABRs do not generate a default Type-3 LSA for the area. Check out the routing table on R5 to verify.



With area 3 being a NSSA area and blocking External Type-5 LSAs the area routers will only know how to reach external links introduced by the local ASBR (via Type-7) and inter-area routes (Type-3). So any other networks outside the OSPF domain will not be reachable from within area 3.

The solution is to add the default-information-originate option to the NSSA area configuration on the ABRs of the NSSA area.





Sorry that one got long guys the NSSA rabbit hole just kept going! Next up Totally-Stubby NSSA!!