ASBR

OSPF Filtering with Distribute-Lists

In the first installments of the OSPF filtering series, we were able to discuss the three major filtering techniques in OSPF: LSA Type-3 Filtering, NSSA External Routes Filtering and Filtering with Summarization.   I have also mentioned in the first Post of the series some “Corner Cases” where is necessary apply filtering in places other than ABRs or ASBRs.   This is achieved by applying filtering to the OSPF RIB using Distribute-Lists.

Well, time has come to talk about using Distribute-Lists to filter “Routes”.

Please note that I have quoted the word “Routes”.   We must be clear that OSPF is a link-state protocol.   OSPF don’t advertise routes per se, OSPF advertises topology information.   The routers participating in OSPF share an identical copy of the Link-State Database (LSDB) for the areas where are participating.    So far we have been achieving filtering but not by actually filtering routes perse, we have been “modifying” some LSAs in such way OSPF will simply end up discarding the LSA from the LSDB.

When we applied LSA Type-3 filtering, what we have done is modifying the LSA generated by the ABR with the LSA AGE set to its max-age value. Therefore, the LSA is eventually withdrawn from the topology.  We didn’t actually prevent the LSA from being formed.   It’s the same effect when we apply OSPF Filtering with Summarization.   In this case, we have summarized a group of prefixes before generating the LSA with the max-age value set.

For NSSA external route filtering, the only thing we did was just instructing the ASBR to generate the Type-7 LSA without the P-Bit set.   When ASBRs generates Type-7 LSAs, they do it with the P-Bit set by default.   The P-Bit or Propagate-Bit instructs ABRs connecting the area to perform Type-7 to Type-5 translation.   In other words, LSAs without the P-Bit set won’t be advertised beyond the NSSA.

Now, since the Link-State Database (LSDB) must be the identical within areas, what can be done to filter the required routes?

The solution here is filtering the routes from entering the routing table by using the distribute-list {access-list-number|name} {gateway} {prefix-list} {route-map} in|out OSPF process command.

Now, there are some rules to be considered when using distribute-lists:

  • The distribute-list command is used to filter routes from being installed in the routing table or redistributed into another routing protocol, it does not filter LSAs.
  • Using the distribute-list command in the inbound direction is used to filter routes to be installed in the routing table.
  • Using the distribute-list command in the outbound direction filters only the desired redistributed routes. Meaning that is used only on ASBR’s.

We must be careful when using this command, as mentioned before this applies filtering to the Global RIB; it doesn’t prevent the LSAs from being advertised.   Therefore, it may cause a traffic black hole.

Let’s use the following topology for the examples:

OSPF-FILTERING-3-01

Here you can download the diagram and configuration files:  OSPF-Filtering – Part III

Using the distribute-list command in the inbound direction:

Goal 1:

Filter the route to 2.2.2.2 in R4.

First, let’s take a look to the routing table in R4:

OSPF-FILTERING-3-02

As can be seen in the above output, the route 2.2.2.2/32 is in the routing table.  It is displayed as an “O” OSPF route, meaning that it was advertised from another OSPF-enabled router within the same area (intra-area).   From this output, we can conclude that the prefix was advertised via a Type-1 (Router) LSA.

Just as a reference, let’s take a look to the Type-1 (Router) LSA:

OSPF-FILTERING-3-03

As can be seen in the output, the LSA has 3 link advertisements enclosed.  One LSA corresponds to the Stub Network 2.2.2.2/32 and the last two corresponds to the Transit Networks.

Ok, because the advertising router 0.0.0.2 (R2) is placed in the same area, the only possible filtering option is by using distribute-list in the inbound direction.

So, let’s apply the filter using a simple ACL.

In R4:

!
access-list 2 deny   2.2.2.2
access-list 2 permit any
!
router ospf 1
distribute-list 2 in
exit
!

Now, let’s take a look at the routing table of R4:

OSPF-FILTERING-3-04

As can be seen in the output, the route is no longer present.  What about the LSDB?  What was the effect of the filter in there?

OSPF-FILTERING-3-05

As can be seen, the Type-1 LSA is still there.   There was no effect on the LSDB.   Now let’s take a look to the OSPF RIB:

OSPF-FILTERING-3-06

Have you noticed the difference?  Yes, the “greater than symbol” next to the route.  This means the route is present but it wasn’t marked as Best.   Thus, the route is not installed in the Router’s RIB.

Now, we could achieve the same result by using extended ACLS.

Let me show you a trick.    Not long ago I was requested to filter a specific route, the same way it was done before.   However, the request also has included one very specific requirement as well.  The filter must apply only over business hours, Monday thru Friday from 7:00 am to 7:00 pm.

Here goes how to do it:   (This requires time synchronization.)

  1. Create a Time-Based ACL.
  2. Apply the distribute-list referencing the Time-Based ACL.

In R4:

!
time-range NO-ACCESS
periodic weekdays 7:00 to 19:00
!
access-list 102 deny   ip any host 2.2.2.2 time-range NO-ACCESS
access-list 102 permit ip any any
!
router ospf 1
distribute-list 102 in
exit
!

Another way to do it is by using prefix-lists:

In R4:

!
ip prefix-list NO-LO-R2 seq 10 deny 2.2.2.2/32
ip prefix-list NO-LO-R2 seq 20 permit 0.0.0.0/0 le 32
!
router ospf 1
distribute-list prefix NO-LO-R2 in
exit
!

Another possible thing we can do with distribute-list is matching the source of the route.  To clarify this, by the source of the route I mean the gateway used to reach the route to be filtered.

Let’s make a small change to the topology for this:

OSPF-FILTERING-3-07

Let’s add the link in red and remove any configured filtering.

The link configurations are as follows:

In R3:

!
interface Ethernet0/2
ip address 192.168.34.3 255.255.255.0
ip ospf 1 area 0
!

In R4:

!
interface Ethernet0/2
ip address 192.168.34.4 255.255.255.0
ip ospf 1 area 0
!

Ok, now let’s take a look at the routing table in R4:

OSPF-FILTERING-3-08

As can be seen in the above output, by adding this link, R4 has now two equal cost paths to reach networks beyond the transit network 192.168.123.0/24.

Goal 2:

Apply filtering in such way that the Loopback0 in R1 be can be reached from R4 only thru R2.

Ok, so far we know the route to 1.1.1.1/32 (Loopback 0 in R1) is being load-balanced.   This is because OSPF is doing ECMP (Equal Cost Multi-Path) between R2 and R3.   What we must do is filtering only the route through R3.

There are two ways to achieve this.   One applying the distribute-list using one of the different ways we have learned so far (access-list, extended ACL, named ACL or prefix-list) and specify the interface from where is learning the route.

Let’s try it this way:

For this example, I would use a named ACL.

In R4:

!
ip access-list standard R1_Loopback0
deny   1.1.1.1
permit any
!
router ospf 1
distribute-list R1_Loopback0 in Ethernet0/2
!

Now, let’s take a look at the routing table in R4 and to the details of the OSPF RIB for that particular route:

OSPF-FILTERING-3-09

As can be seen in the above output, the route to 1.1.1.1/32 is now reachable only via R2.  The rest of the routes remain to be load-balanced.    Also, take a look to the OSPF RIB.   Both routes are present.   However, the one with the arrow in blue through R3 has no RIB flag, while the other route, thru R2, has it.    Only the route in green was installed into the Router’s routing table.

The other way to achieve this goal is by using Route-Maps.   Route-Maps provide more flexibility than ACLS or Prefix-Lists.   With route-maps we can match multiple options such:

  • match interface
  • match ip {address|next-hop|route-source}
  • match metric
  • match route-type {internal|external [type-1|type-2] | nssa-external [type-1|type-2]}
  • match tag

We could achieve the same result by using the following configuration:

In R4:

!
ip prefix-list Filter-R1-L0 seq 5 permit 1.1.1.1/32
!
route-map FILTER->RIB deny 10
match ip address prefix-list Filter-R1-L0
match interface Ethernet0/2
!
route-map FILTER->RIB permit 100
!
router ospf 1
distribute-list route-map FILTER->RIB in
exit
!

I think that you get the idea.

Now, why have I mentioned that we must be careful when using this command?

I will use another example to illustrate why.  Let’s use the original topology, without any filtering.

OSPF-FILTERING-3-01

 

Goal 3:

Filter the route to 1.1.1.1 only in R2.

It seems a fairly simple task now that we know how to do it.   So let’s apply the filter in R2.

In R2:

!
access-list 1 deny   1.1.1.1
access-list 1 permit any
!
router ospf 1
distribute-list 1 in
exit
!

Now let’s take a look at the routing table in R2:

OSPF-FILTERING-3-10

Ok, as shown in the above output, seems that it worked.  The route to 1.1.1.1 is no longer in the routing table of R2.

Let’s say it’s the last trouble ticket of the day.  Then we proceed to turn off the computer and drive back home.   That’s it for the day.

An hour later, we receive a phone call reporting problems to reach 1.1.1.1 from R4.

OSPF-FILTERING-3-11

But, wait a minute!  We did not make any change to R4.  Do we?

As a matter of fact, yes indirectly we did it. We have created a black hole in the network.

Let me explain this.

When we apply the filter to the route 1.1.1.1, it was applied directly to the routing table.  The LSDB was not altered.  R4 has received an LSA from R2 containing information how to reach 1.1.1.1, thus, R4 has installed the route in its routing table.

Guess what is the next-hop to reach 1.1.1.1 from R4?   Yes.  It’s the same next-hop used to reach any other network, R2.

Now you know why OSPF RIB filtering must be used carefully.   This was just an example, but what if we make the same mistake to a high sensitive area of the production network?   This could be a Resume Generating Event.

Using the distribute-list command in the outbound direction:

As mentioned before, using the distribute-list command in the outbound direction filters only the redistributed routes.   Meaning that is used only on ASBR’s.

Goal 4:

Prevent the route to 55.55.55.55/32 from being advertised beyond R1.

Let’s turn on the debug ip ospf lsa-generation for this example.

In R1:

!
debug ip ospf lsa-generation
!
configure terminal
!
access-list 55 deny   55.55.55.55
access-list 55 permit any
!
router ospf 1
distribute-list 55 out
exit
!

Let’s take a look at the output of the debug.

OSPF-FILTERING-3-12

Immediately after applying the filter, R1 generated a Type-5 LSA with the max-age set (3600 seconds).  Remember, LSAs with max age set are discarded.  Also, note the metric was set to 16777215.  This is the maximum metric for routes in the OSPF database in decimal.  A route with this metric is inaccessible therefore is discarded from the OSPF database.  This metric is also known as LSInfinity.   The result is the filtering of the desired route from the OSPF domain.

Let’s confirm this by looking the routing table in R4:

OSPF-FILTERING-3-13

As can be seen in the above output, the filtering worked as expected.   The route to 55.55.55.55/32 is not present in the routing table.

There is one last thing to mention in regards to filtering.  It has to do with NSSA areas.

Let’s modify a little bit the topology:

OSPF-FILTERING-3-14

 

Let’s put R4 into an NSSA area and create loopback1, let’s redistribute it into the process.  Let’s also remove any filtering in R2.

In R2:

!
router ospf 1
area 24 nssa
!
interface Ethernet0/1
ip ospf 1 area 24
!

In R4:

!
interface Loopback0
ip ospf 1 area 24
!
interface Loopback1
ip address 44.44.44.44 255.255.255.255
!
route-map CONN-LOOPBACKS->OSPF permit 10
match interface Loopback1
!
router ospf 1
area 24 nssa
redistribute connected subnets route-map CONN-LOOPBACKS->OSPF
exit
!

With this configuration applied, R4 has generated and flooded a Type-7 LSA within the area, corresponding to the redistributed route. R2 (ABR) received the Type-7 LSA with the P-bit set; R2 then has generated a Type-5 LSA and start advertising the redistributed route on behalf of R4.

Let’s take a look at the routing table in R2, just to confirm that the route is there.

OSPF-FILTERING-3-15

Ok, the route was installed. Now, let’s apply filtering to 4.4.4.4 (Loopback0) in R2.

In R2:

!
ip access-list standard R4_L0
deny   4.4.4.4
permit any
!
router ospf 1
distribute-list R4_L0 in
exit
!

Finally, let’s take a look at the routing table in R2 and take a look at the results:

OSPF-FILTERING-3-16

Ok, the filtering didn’t work as expected.   The route to 4.4.4.4/32 was filtered, but also, the route to the redistributed 44.44.44.44/32 was removed from the routing table.

So, what happened here?

First, let’s take a look to the LSDB and then to the OSPF RIB in R2:

OSPF-FILTERING-3-17

Ok, as can be seen in the above output, the Type-7 LSA is there, the route 4.4.4.4/32 was filtered in the OSPF RIB (It doesn’t have the greater than symbol or RIB flag).  Also, the route 44.44.44.44/32 is not present in the OSPF RIB.

Now, let’s take a look to the Type-7 LSA and try to figure out what the problem is.

OSPF-FILTERING-3-18

 

Ok, did you find the problem?

The P-bit is there.  Meaning the translation from Type-7 to Type-5 must take place.   That is not the problem.   What about the forward address?   Yup, you got it.   At the moment we filter 4.4.4.4, the route finds itself without next-hop.  Thus, the LSA was discarded.

The problem has to do with the way NSSA advertise redistributed routes.  NSSA choose the forwarding address as follows:

It chooses the highest IP address of an internal address; if an internal address is not available, it will prefer the higher found OSPF stub network.

It is good to emphasize that although filtering the OSPF RIB sometimes seems a good idea, in some cases; it may lead to undesired behaviors and in extreme cases may end in self-inflicted denial of service.   So, use it carefully.

It is time to close this long post. In the next one, we will continue discussing OSPF Filtering but, this time, using Administrative Distance.

Thank you for visiting.

Interconnecting OSPF Areas

In a previous post, we learned how to configure OSPF within a single area. Now it is time to consider what would happen if this single area grows to let’s say, hundreds of routers?

Well, with such large number of routers and segments; the network changes are inevitable.   Having this in mind, we can anticipate some problems like frequent calculations of the shortest path first (SPF) algorithm, large link-state database and of course, a large routing table.  In order to avoid these issues, OSPF allows large areas can be separated into smaller ones.  This is also known as hierarchical routing.

Before go deep into this topic we have to recall the different OSPF router types:

  • Internal Router – Routers that have all interfaces in the same area.
  • Backbone Router – Routers where at least one OSPF interface must belong to area 0 (backbone area).
  • Area Border Router (ABR) – In Cisco IOS are the Routers that have at least one OSPF interface connected to Area 0 and at least one OSPF interface belong to a non-backbone area. This may not be the case for different platforms where the only requirement is having the interfaces in different areas regardless if they are connected to the backbone area or not.   IPEXPERT’s blog has an interesting post about this here.
  • Autonomous System Boundary Router (ASBR) – Routers injecting routes (Redistribution) from another routing protocol.

Let’s take a look at the following example:

OSPF-CONN-ABR

Relevant Configuration:

R1:

!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.12.1 255.255.255.0
ip ospf 1 area 0
!
router ospf 1
router-id 0.0.0.1
!

R2:

!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.12.2 255.255.255.0
ip ospf 1 area 0
!
interface Serial1/0
ip address 192.168.24.2 255.255.255.0
ip ospf 1 area 24
!
router ospf 1
router-id 0.0.0.2
!

R3:

!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.12.3 255.255.255.0
ip ospf 1 area 0
!
router ospf 1
router-id 0.0.0.3
!

R4:

!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
ip ospf 1 area 24
!
interface Ethernet0/0
ip address 192.168.45.4 255.255.255.0
ip ospf 1 area 24
!
interface Serial1/0
ip address 192.168.24.4 255.255.255.0
ip ospf 1 area 24
!
router ospf 1
router-id 0.0.0.4
!

R5:

!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ip ospf 1 area 24
!
interface Ethernet0/0
ip address 192.168.45.5 255.255.255.0
ip ospf 1 area 24
!
router ospf 1
router-id 0.0.0.5
!

Area Border Router

As mentioned earlier, ABR’s are used to connect non-backbone areas to Area 0.  ABRs take the information contained in Type-1 and Type-2 and summarize it into Area 0.  In the above example, R1, R2, and R3 are backbone routers.  R2 is also acting as ABR between Area 0 and Area 24 respectively.   R4 and R5 are internal routers of Area 24.   R2 advertise itself as ABR by setting the “B” bit in its type 1 LSA.

OSPF-CONN-01

The above output displays the self-originated Type-1 (Router) LSA with the “B” bit set.  This is the ABR in the current topology.   Another way to identify ABRs is using the command show ip ospf border-routers.

OSPF-CONN-02

The above output displays the list of known ABRs from the perspective of R1.

Also, we have to keep in mind that an ABR keeps multiple copies of the link-state database, one for each area to which that router is connected.    ABRs create and flood Type-3 (Summary) LSAs within areas; it will generate more than one summary LSA if the address cannot be properly aggregated by a single prefix (i.e. Host Routes or loopbacks).

OSPF-CONN-03

As can be seen in the above output, R2 (ABR) has 2 copies of the link-state database.  The Type-3 Summary LSA information of Area 0 details 2 networks (192.168.24.0/24 and 192.168.45.0) and 2 host routes (4.4.4.4 and 5.5.5.5) belonging to the loopbacks of R4 and R5 while the Summary LSA of Area 24 details a single network (192.168.12.0/24) and 3 host routes (1.1.1.1, 2.2.2.2 and 3.3.3.3) belonging to the loopbacks of R1, R2 and R3 respectively.     In other words, the ABR is actually hiding the topology information within areas.

Now, let’s take a look to the routing table of R1 and see how to reach R5’s loopback:

OSPF-CONN-04

As can be seen in the above output, the routing table shows the routes belonging to area 24 as “O IA” meaning inter-area routing.  The intra-area routes of Area 0 are shown as “O”.   Another important thing to denote is the actual route to the loopback 0 of R5.    As you can see, the metric to reach 5.5.5.5 is 85 from R5.   This is because the metric is additive in this case.  It is the sum of the cost to reach the loopback of R5 from R1.  (R1—10—R2—64—R4—10—R5—1—Lo0 = 85).   The route describes the next hop:  “192.168.12.2, from 0.0.0.2”, which is the next-hop IP address and the Router-ID of R2.  R2 is the advertising the route on behalf of R5, not an IP address.

Now let’s take a look at R2’s information for the same route.

OSPF-CONN-05

Note the difference between the above output and the previous one.  Here we can see the route to 5.5.5.5 shown as “O” intra-area.   This is because R2 has the interface Serial1/0 in area 24; this makes the route internal for it.     From R2, the metric has also decreased to 75.  The route describes the next hop:  “192.168.24.4, from 0.0.0.5”, which is the next-hop IP address of R4 and the Router-ID of R5 which is advertising router.

Let’s take a look at R4’s information for the same route.

OSPF-CONN-06

As can be seen in the above output, the routing table shows the routes belonging to area 0 as “O IA” meaning inter-area routing.  The route to 5.5.5.5 is an intra-area route OSPF.  As expected, the metric has decreased to 11.  The route describes the next hop: “192.168.45.5, from 0.0.0.5”, which is the next-hop IP and the Router-ID of R5.

Finally in R5, ospf advertise the loopback 0 with Cost of 1.

OSPF-CONN-07

ABRs also create and flood Type-4 (ASBR Summary) LSAs when an ASBR is present.  This LSA is used to let other areas know where the ASBR is.

Autonomous System Boundary Router

ASBRs are routers injecting routes from another routing protocol or autonomous system.  The injection is done via Redistribution.   ABRs generate and flood Type-5 LSAs.

To inject routes into the OSPF domain, use the redistribute {connected|static|protocol}{metric <0-16777214>} {metric-type <1|2>} {subnets} {route-map} {tag <0-4294967295>} OSPF process command.

  • The {connected|static|protocol} statement is self-explanatory. It defines the source of the routes to be redistributed.
  • The {metric} keyword set the Cost of the route to be advertised. If the metric is not specified, OSPF will use a default value of 20 when redistributing routes from all IGPs.  When redistributing from BGP, the metric will be 1 by default.
  • The {metric-type} keyword forces the routes to be advertised as External Type 1 or Type 2. By default, Type 2 is used.   For more information about the route Types and LSA Types, please see the post OSPF LSA Flooding Scope.
  • The {subnets} keyword is required when redistributing subnetted networks. Without this keyword, only major networks will be redistributed.
  • The {route-map} keyword is an enhancement to the redistribution process. It allows using different policies for redistribution.
  • The {tag} keyword as its name implies, set a numeric tag value to the routes to be redistributed. This is widely used to control redistribution between protocols.

More on {route-maps} and {tags} in future posts.

For example, let’s use the same topology but we will configure R3 as ASBR:

OSPF-CONN-ABR-ASBR

In R3 we will make the following changes:

First, we will add two loopback interfaces and configure RIP:

!
interface Loopback10
ip address 10.10.10.10 255.255.255.0
!
interface Loopback20
ip address 20.20.20.20 255.255.255.0
!
router rip
version 2
network 10.0.0.0
network 20.0.0.0
no auto-summary
!

Finally, we will redistribute RIP into OSPF:

 

!
router ospf 1
redistribute rip metric 200 subnets
!

After redistribution was configured, R3 advertise itself as ASBR by setting the “E” bit in its type 1 LSA.

OSPF-CONN-07-1

The above output displays the self-originated Type-1 (Router) LSA with the “E” bit set.  This is the ASBR in the current topology.   Another way to identify ASBRs is using the command show ip ospf border-routers.

OSPF-CONN-07-2

Now let’s take a look at the link-state Database of R1 and its routing table.

OSPF-CONN-08

OSPF-CONN-09

As can be seen in the above output, R1 only has Type-1, Type2, Type-3 and Type-5 LSAs in their databases.  R1 and R3 have identical link-state Databases.  The routes to reach the RIP routes are “O E2” OSPF external routes Type 2.

Now, R2 is an ABR and contains identical database information as R1 and R3 for area 0.  R2 also has a database for area 24.

OSPF-CONN-10

The database of R2 for Area 24 contains Type-1, Type-2, Type-3, Type-4 and Type-5 LSAs.  As mentioned before, Type-4 LSAs are used to inform other areas where the ASBR is located.  It is used basically to provide reachability information for the ASBR.

R4 and R5 are internal routers of Area 24; they share the same database information.  For brevity, let’s focus in R5.

OSPF-CONN-11

OSPF-CONN-12

As expected, the link-state Database contains Type-1, Type-2, Type-3, Type-4 and Type-5 LSAs and the routing table show the routes as “O E2” OSPF External routes type 2.

Finally, let’s try to reach the IP address 10.10.10.10 from R5.

Let’s get started looking for the route itself:

OSPF-CONN-13

As you can see, the route is known by OSPF, the reported metric of the route is 200.  We have defined this metric when redistributing the route.  The route is External Type-2.  This is the advertised cost from the ASBR to the external destination network.   The forward metric is 84.   This metric is the total cost to the ASBR from R5.

The route describes the next hop: “192.168.45.4, from 0.0.0.3”, which is the IP address of R4 and the Router-ID of the advertising router R3 (ASBR).

Now let’s check R4 and R2:

OSPF-CONN-14

OSPF-CONN-15

As can be seen in the above outputs, the only change is metric and the next-hop to reach the advertising router.

OSPF-CONN-16

The advertising router remains the same because the forwarding address in the Type-5 LSA is set to 0.0.0.0 (null).   This means that the route is reachable only via the advertising router.

It is time to close this long post. Thank you for visiting.

 

OSPF Areas and Area Types

OSPF provides two levels of hierarchy through the use of Areas.  An easy way to explain what an Area is would be:  An OSPF area is a logical segment or a sub-domain containing networks, routers and links sharing the same area id.

Using multiple areas in OSPF reduces the router resource utilization because the routers belonging to the same area only maintain the network topology of the area where they belong. Thus, less LSA has to be flooded and maintained.  In other words, the Routers in other areas; don’t have information about the topology outside its own area.

An area is a 32-bit number which can be represented the same way as an IP address such  “area 0.0.0.0” or as a decimal number, such as “Area 0”.

OSPF-AT-Single-Area

The Area 0 is the backbone area in an OSPF domain.   If more than one area is configured, then Area 0 is required to provide inter-area communications.   This means that in an OSPF autonomous system, all areas must be physically connected to the backbone area 0.

OSPF-AT-Multi-Area

I’ve mentioned that all areas must be connected to Area 0; But, what about areas that cannot be physically connected to the area 0?

OSPF provides a native solution for this problem, OSPF Virtual-Links.  I will dedicate an entire post for this technology later on.

OSPF-AT-Virtual-Link.PNG

The Routers contained within the same area are called Area Routers (AR), the routers with a link in Area Zero (0) and a Non-Zero area is called Area Border Routers (ABRs).  Finally, the Routers with a link in Area Zero (0) or a Non-Zero area and redistributing from another Routing Protocol are called Autonomous System Boundary Routers (ASBRs).   Summarization can be done only on ABRs and ASBRs.

OSPF-Router-Type

OSPF Area Types

The OSPF area types can be divided into the following types:

  • Normal Areas
    • Standard.
    • Transit.
  • Stub Area.
    • Totally Stubby Area.
  • Not-So-Stubby Area (NSSA).
    • Totally NSSA.

Normal Area

Normal Areas can be standard or transit (backbone) areas.

  • The Standard areas are the non-zero defined areas where LSAs Type-1, 2, 3, 4 and 5 are allowed; this means that can accept intra-area, inter-area, and external routes.
  • The backbone area is, in essence, a Standard area but is the area from which all other areas in OSPF must be connected.

I’ve mentioned that summarization is possible only on ABRs and ASBRs; But, what about the default route?    Well I think is necessary to explain about the default-route in normal areas.

It is allowed to generate the default route in Normal Areas.  The default route is injected as Type-5 LSA.

In order to generate the default route use the default-information originate process command.  If the default route is not present in the Routing Table then won’t be generated unless the [always] keyword is added at the end of the command.

OSPF-AREA-Normal

 

Stub Area

Stub areas are typically used where the access to the rest of the network through a single link.  For these type of networks is not necessary having and maintaining a full link state database.   This area type can only accept intra-area, inter-area and the default route (generated by default).

Stub areas allow only LSAs Type-1, 2 and 3.   Redistribution is not allowed in Stub Areas.

The default route in a Stub area is generated by default and is injected in the area as Type-3 LSA.

To configure a Stub Area use the Area [x] stub process command.  This command must be added to the routers belonging to the stub area and also, must be added to the ABR connecting the stub area.

OSPF-AREA-STUB

 

Totally Stubby Area

Totally Stubby areas are an extension of Stub Areas and are in fact, the most restricted type of OSPF area.

In Totally Stubby Areas, the Routers receive only a default route from the ABRs, no External or Summary routes are allowed except for the default-route.   The default route in Totally Stubby area is generated by default and is injected in the area as Type-3 LSA.

To configure a Totally Stubby Area use the Area [x] stub no-summary process command.  This command with the no-summary keyword is required only on the ABR connecting the area.

The router connecting to the ABR does not require the no-summary keyword but requires to be defined as a stub.

OSPF-AREA-T-STUB

Not-So-Stubby Areas (NSSA)

Not-So-Stubby areas are also an extension of the stub areas.  This type of area adds the flexibility of redistribution of external routes into the area while retaining its stub characteristic.   This area type can only accept intra-area, inter-area, external and the default route (which is not generated by default).   Not-So-Stubby areas allow only LSAs Type-1, 2, 3 and 7.

When the default route in an NSSA is generated, it is injected in the area as Type-7 LSA.

To configure an NSSA use the Area [x] nssa [default-information-originate] process command.  This command must be added to the routers belonging to the NSSA area and must be also added to the ABR connecting the NSSA.  The default-information-originate keyword generates the default-route in NSSA.

OSPF-AREA-NSSA

 

Totally Stubby NSSA

Totally Stubby NSSA is an extension to the NSSA.  As a matter of fact, this is the most recommended form of NSSA area type.  This type of area adds the flexibility of redistribution of external routes into the area while retaining it’s totally stubbed characteristic.   This area type can only accept intra-area, external and the default route (which is generated by default).   Totally Stubby NSSA areas allow only LSAs Type-1, 2, [3] and 7.      The default route in a Stub area is generated by default and is injected in the area as Type-3 LSA.

To configure a Totally Stubby NSSA use the Area [x] nssa no-summary process command.  This command with the no-summary keyword is required only on the ABR connecting the area.

The router connecting to the ABR does not require the no-summary keyword but requires to be defined as NSSA.

OSPF-AREA-T-NSSA

It is time to close this post. Thank you for visiting.