OSPF NSSA Areas

In my last post, I mentioned that the stub areas are used to provide scalability. Basically, we focus on the stub and totally stubby areas.

But, what if we need redistribute routes from an external source in these stub areas?

It is important to remember that the redistribution is not allowed in stub areas.

In order to cope with this problem, OSPF provides a type of area that performs the same functions as Stub areas while allowing redistribution:  Not-So-Stubby-Areas or NSSA.

OSPF Not-So-Stubby-Areas:

The NSSA filters Type-5 LSAs, the same way the stubby areas does, however, redistribution is allowed.   What it does is generating a Type-7 LSA which is used to advertise the external routes to the ABR.   The ABR then translate the Type-7 LSA into Type-5 before flood it to the rest of the OSPF domain.   To configure an area as NSSA, use the area {area-id} nssa OSPF process command.     Now, a difference that should be mentioned is that NSSA does not automatically create a default route unlike stub areas unless explicitly configured to do so.  To generate the default route in NSSA, simply add the keyword default-information-originate to the NSSA command definition previously described.

OSPF Totally- Not-So-Stubby-Areas:

This type of area expands the NSSA capabilities, in essence, works like totally stubby areas.  It also filters Type-3 LSAs, however, redistribution is allowed.   To configure an area as Totally NSSA, use the area {area-id} nssa no-summary OSPF process command.     Now, this type of NSSA automatically creates a default route.

Let’s use the following topology to demonstrate the NSSA capabilities:

OSPF-NSSA-01

 

The relevant initial configuration files are as follows:

R1:

!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip ospf 1 area 30
!
interface Ethernet0/0
ip address 192.168.30.1 255.255.255.0
ip ospf 1 area 30
!
interface Serial1/0
ip address 192.168.16.1 255.255.255.252
serial restart-delay 0
!
router eigrp Branch-B
!
address-family ipv4 unicast autonomous-system 100
!
topology base
default-metric 10000 100 255 1 1500
redistribute ospf 1
exit-af-topology
network 192.168.16.0 0.0.0.3
eigrp router-id 1.1.1.1
exit-address-family
!
router ospf 1
router-id 0.0.0.1
redistribute eigrp 100 subnets
!

R2:

!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.30.2 255.255.255.0
ip ospf 1 area 30
!
interface Ethernet0/1
ip address 192.168.10.2 255.255.255.0
ip ospf 1 area 0
!
router ospf 1
router-id 0.0.0.2
!

R3:

!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.30.3 255.255.255.0
ip ospf 1 area 30
!
interface Ethernet0/1
ip address 192.168.10.3 255.255.255.0
ip ospf 1 area 0
!
router ospf 1
router-id 0.0.0.3
!

R4:

!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.20.4 255.255.255.0
ip ospf 1 area 20
!
interface Ethernet0/1
ip address 192.168.10.4 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/2
ip address 192.168.254.2 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 192.168.254.1
!
router ospf 1
router-id 0.0.0.4
area 20 stub no-summary
default-information originate
!

R5:

!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ip ospf 1 area 20
!
interface Ethernet0/0
ip address 192.168.20.5 255.255.255.0
ip ospf 1 area 20
!
router ospf 1
router-id 0.0.0.5
area 20 stub
!

R6:

!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Serial1/0
ip address 192.168.16.2 255.255.255.252
serial restart-delay 0
!
router eigrp Branch-B
!
address-family ipv4 unicast autonomous-system 100
!
topology base
exit-af-topology
network 6.6.6.6 0.0.0.0
network 192.168.16.0 0.0.0.3
eigrp router-id 6.6.6.6
exit-address-family
!

R7:

!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
ip ospf 1 area 20
!
interface Ethernet0/0
ip address 192.168.20.7 255.255.255.0
ip ospf 1 area 20
!
interface Ethernet0/2
ip address 192.168.254.5 255.255.255.252
!
router ospf 1
router-id 0.0.0.7
area 20 stub
!

Let’s focus on Area 30. R6 connects to a remote office (Branch B), which operates with EIGRP. R1 performs mutual redistribution between OSPF and EIGRP.   Internet access is being provided to the Branch office from R4 in HQ.

Let’s take a look to the routing table in R6 and test reachability to R5 and R7.

OSPF-NSSA-02

As can be seen in the above output, the Branch office has routes to all segments; the loopbacks in R5 and R7 are reachable from R6.   Another thing to note is the presence of the default route in R6.   It was originated by OSPF in R4 with the command default-information originate and then redistributed into EIGRP from R1.

Now, let’s take a look at the Link-State Database in R1:

OSPF-NSSA-03

As seen in the above output, the default route, the loopback of R6 and the segment 192.168.16.0/30 (Link between R6 and R1) appear as type-5 LSAs.

Now, let’s change Area 30 to NSSA.

To do this, we have to define the NSSA in the border routers connecting the NSSA area (R2 and R3) and the internal routers (R1).

R1, R2, and R3:

!
router ospf 1
area 30 nssa
!

WARNING RGE

Be careful, this is a disruptive change.   Remember, the area types must match for the adjacencies to be formed.   Plan accordingly when making changes in the network.

After applying the changes, let’s take a look at the link-state database of R1 and R4:

OSPF-NSSA-03-1

OSPF-NSSA-03-2

As seen in the above outputs, the redistributed routes generate Type-7 LSAs in R1 then were translated by the ABR (R3) into Type-5 LSAs.   In this topology, R2 and R3 are ABRs for Area 30.  When multiple ABRs are present the ABR with highest Router-ID is elected as the translator for Type-7 into Type-5 LSAs.   R3 was elected translator.

Now, let’s take a look at the routing table in R6 and test reachability again.

OSPF-NSSA-04

It seems like everything is fine.  But wait a minute.  There’s no internet access in the branch office.    If you look closer, the default route has disappeared.   This is because NSSA does not automatically generate a default route.   But you may think, this was generated by R4, so why this happened?

Let’s take a look at the Link-State database in R1:

OSPF-NSSA-05

As seen in the above output, the Type-5 LSAs were replaced by Type-7 LSAs but the default route is not present.   This is because the ABR will not automatically inject the default route into an NSSA.  This has to be explicitly configured.

To solve this problem, we can add the keyword default-information-originate into the NSSA definition in both ABRs for load-balancing or we can choose one of the routers and force the internet traffic to use only one path.

Let’s try these two possibilities.

First, let’s originate the default route from R2:

R2:

!
router ospf 1
area 30 nssa default-information-originate
!

Now, let’s take a look to the routing table of R1 and see if the default route was injected:

OSPF-NSSA-06

As can be seen, the default route was injected as OSPF NSSA external Type 2 (O*N2).

Now let’s take a look to the LSA:

OSPF-NSSA-07

As shown in the output, the advertising router is R2 and was generated as Type-7.  The default route is now present (via redistribution) in the Branch (R6).

OSPF-NSSA-08

As shown above, the path to reach the internet (8.8.2.2) is via R2.   Now, let’s originate the default route in the other ABR (R3):

R3:

!
router ospf 1
area 30 nssa default-information-originate
!

Let’s take a look at the result in R1:

OSPF-NSSA-09

As can be seen, now R1 has 2 equal cost paths to reach the default route.

OSPF-NSSA-10

Another feasible solution would be turning Area 30 into a Totally-Not-So-Stubby-Area. This type of Area suppresses Type-5 and Type-3 LSAs.  It generates the default route as Type-3 LSA.

Let’s change only R2 and R3 to Totally-NSSA and check the results:

R2 and R3:

!
router ospf 1
no area 30 nssa default-information-originate
area 30 nssa no-summary
!

 

OSPF-NSSA-11

As seen in the above output, the default route appears as OSPF Inter-Area (O*IA).

OSPF-NSSA-12

The Type-3 LSAs were replaced by default-routes advertised by the ABRs.

It is time to close this long post. Thank you for visiting.

2 thoughts on “OSPF NSSA Areas

Leave a Reply to Luis Mazariegos Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s