Thursday, February 20, 2020

How to configure OSPF Totally NSSA Area

OSPF has different special area types, I covered these before:
Now it’s time to demonstrate the totally NSSA area. Here is the topology we will use:
ospf stub area
And here’s the configuration. We will turn OSPF Area 1 into a stub area:
R1(config)#router ospf 1
R1(config-router)#network 192.168.12.0 0.0.0.255 area 0
R1(config-router)#redistribute connected subnets
R2(config)#router ospf 1
R2(config-router)#area 1 stub
R2(config-router)#network 192.168.12.0 0.0.0.255 area 0 
R2(config-router)#network 192.168.23.0 0.0.0.255 area 1
R3(config)#router ospf 1
R3(config-router)#area 1 stub
R3(config-router)#network 192.168.23.0 0.0.0.255 area 1
Let’s see what the routing table of R3 looks like:
R3#show ip route ospf 
O IA 192.168.12.0/24 [110/2] via 192.168.23.2, 00:00:42, FastEthernet0/0
O*IA 0.0.0.0/0 [110/2] via 192.168.23.2, 00:00:42, FastEthernet0/0
When we look at R3 you’ll see network 192.168.12.0 /24 as inter-area (LSA Type 3) and 1.1.1.0 /24 as external type 2 (LSA Type 5). First we’ll create a loopback interface on R3 and redistribute it into OSPF to show you the NSSA area.
R3(config)#interface loopback 0
R3(config-if)#ip address 3.3.3.3 255.255.255.0
R3(config-if)#exit
R3(config)#router ospf 1
R3(config-router)#redistribute connected subnets
I’ll add a new loopback interface and try to redistribute it into OSPF on R3, here’s what you’ll see:
R3# %OSPF-4-ASBR_WITHOUT_VALID_AREA: Router is currently an ASBR while having only one area which is a stub area
The stub and totally stub area block LSA Type 5 so it’s impossible to have an ASBR within these areas. First I’ll change area 1 into an NSSA to allow this ASBR:
R2(config)#router ospf 1
R2(config-router)#no area 1 stub
R2(config-router)#area 1 nssa
R3(config)#router ospf 1
R3(config-router)#no area 1 stub
R3(config-router)#area 1 nssa
We’ll convert area 1 into a NSSA area. Check the routing table of R3:
R3#show ip route ospf
O IA 192.168.12.0/24 [110/2] via 192.168.23.2, 00:00:44, FastEthernet0/0
And take a look at the routing table of R1 so you can see that the ASBR is allowed:
R1#show ip route ospf 
     3.0.0.0/24 is subnetted, 1 subnets
O E2    3.3.3.0 [110/20] via 192.168.12.2, 00:07:25, FastEthernet0/0
O IA 192.168.23.0/24 [110/2] via 192.168.12.2, 00:07:41, FastEthernet0/0
There you go. We can see network 3.3.3.0 /24 as an external type 2 route on R1. Now to finish this story we’ll turn the NSSA into a totally NSSA and you can see the difference:
R2(config-router)#no area 1 nssa
R2(config-router)#area 1 nssa no-summary
First I’ll get rid of the default route and secondly I’ll turn the area into a totally NSSA. I only have to do this on the ABR.
R3#show ip route ospf
O*IA 0.0.0.0/0 [110/2] via 192.168.23.2, 00:00:39, FastEthernet0/0
Now you can see R3 only has a default route since LSA type 3 and 5 are blocked. We don’t have to enable the default route for the totally NSSA area, only for the NSSA. To be honest I have no idea why they don’t enable the default route by default for the NSSA but it’s something to remember!
R1#show ip route ospf 
     3.0.0.0/24 is subnetted, 1 subnets
O E2    3.3.3.0 [110/20] via 192.168.12.2, 00:23:17, FastEthernet0/0
O IA 192.168.23.0/24 [110/2] via 192.168.12.2, 00:23:33, FastEthernet0/0
R1 still has the 3.3.3.0 /24 route in the routing table.
In case you are wondering, this is what the LSA for network 3.3.3.0 /24 looks like on each of the routers:
R3#show ip ospf database | begin Type-7
  Type-7 AS External Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Tag
3.3.3.0         192.168.23.3    1791        0x80000001 0x00ADD8 0
On R3 it’s a type 7 because the NSSA and totally NSSA areas use type 7 for external routes (remember LSA type 5 is blocked).
R2#show ip ospf database | begin Type-7
  Type-7 AS External Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Tag
3.3.3.0         192.168.23.3    29          0x80000002 0x00ABD9 0

  Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
1.1.1.0         1.1.1.1         544         0x80000002 0x00A3F4 0
3.3.3.0         192.168.23.2    1797        0x80000001 0x004849 0
On R2 it’s also a type 7 LSA but it will be converted to a type 5 LSA and flooded into area 0.
R1#show ip ospf database | begin Type-5
  Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
1.1.1.0         1.1.1.1         597         0x80000002 0x00A3F4 0
3.3.3.0         192.168.23.2    1852        0x80000001 0x004849 0
And R1 only has the LSA type 5 for network 3.3.3.0 /24. That’s all there is to it! If you want to test this yourself I can advise to take the topology that I used and start with the stub area, then the totally stub, nssa and finish it with the totally NSSA.
hostname R2
!
interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
!         
interface FastEthernet1/0
 ip address 192.168.23.2 255.255.255.0
!
router ospf 1
 area 1 nssa no-summary
 network 192.168.12.0 0.0.0.255 area 0
 network 192.168.23.0 0.0.0.255 area 1
!
end
hostname R1
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
!
router ospf 1
 redistribute connected subnets
 network 192.168.12.0 0.0.0.255 area 0
!
end
hostname R3
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.0
!
interface FastEthernet0/0
 ip address 192.168.23.3 255.255.255.0
!
router ospf 1
 area 1 nssa
 redistribute connected subnets
 network 192.168.23.0 0.0.0.255 area 1
!
end
at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)