Totally NSSA

OSPF NSSA Areas

In my last post, I mentioned that the stub areas are used to provide scalability. Basically, we focus on the stub and totally stubby areas.

But, what if we need redistribute routes from an external source in these stub areas?

It is important to remember that the redistribution is not allowed in stub areas.

In order to cope with this problem, OSPF provides a type of area that performs the same functions as Stub areas while allowing redistribution:  Not-So-Stubby-Areas or NSSA.

OSPF Not-So-Stubby-Areas:

The NSSA filters Type-5 LSAs, the same way the stubby areas does, however, redistribution is allowed.   What it does is generating a Type-7 LSA which is used to advertise the external routes to the ABR.   The ABR then translate the Type-7 LSA into Type-5 before flood it to the rest of the OSPF domain.   To configure an area as NSSA, use the area {area-id} nssa OSPF process command.     Now, a difference that should be mentioned is that NSSA does not automatically create a default route unlike stub areas unless explicitly configured to do so.  To generate the default route in NSSA, simply add the keyword default-information-originate to the NSSA command definition previously described.

OSPF Totally- Not-So-Stubby-Areas:

This type of area expands the NSSA capabilities, in essence, works like totally stubby areas.  It also filters Type-3 LSAs, however, redistribution is allowed.   To configure an area as Totally NSSA, use the area {area-id} nssa no-summary OSPF process command.     Now, this type of NSSA automatically creates a default route.

Let’s use the following topology to demonstrate the NSSA capabilities:

OSPF-NSSA-01

 

The relevant initial configuration files are as follows:

R1:

!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip ospf 1 area 30
!
interface Ethernet0/0
ip address 192.168.30.1 255.255.255.0
ip ospf 1 area 30
!
interface Serial1/0
ip address 192.168.16.1 255.255.255.252
serial restart-delay 0
!
router eigrp Branch-B
!
address-family ipv4 unicast autonomous-system 100
!
topology base
default-metric 10000 100 255 1 1500
redistribute ospf 1
exit-af-topology
network 192.168.16.0 0.0.0.3
eigrp router-id 1.1.1.1
exit-address-family
!
router ospf 1
router-id 0.0.0.1
redistribute eigrp 100 subnets
!

R2:

!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.30.2 255.255.255.0
ip ospf 1 area 30
!
interface Ethernet0/1
ip address 192.168.10.2 255.255.255.0
ip ospf 1 area 0
!
router ospf 1
router-id 0.0.0.2
!

R3:

!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.30.3 255.255.255.0
ip ospf 1 area 30
!
interface Ethernet0/1
ip address 192.168.10.3 255.255.255.0
ip ospf 1 area 0
!
router ospf 1
router-id 0.0.0.3
!

R4:

!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.20.4 255.255.255.0
ip ospf 1 area 20
!
interface Ethernet0/1
ip address 192.168.10.4 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/2
ip address 192.168.254.2 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 192.168.254.1
!
router ospf 1
router-id 0.0.0.4
area 20 stub no-summary
default-information originate
!

R5:

!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ip ospf 1 area 20
!
interface Ethernet0/0
ip address 192.168.20.5 255.255.255.0
ip ospf 1 area 20
!
router ospf 1
router-id 0.0.0.5
area 20 stub
!

R6:

!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Serial1/0
ip address 192.168.16.2 255.255.255.252
serial restart-delay 0
!
router eigrp Branch-B
!
address-family ipv4 unicast autonomous-system 100
!
topology base
exit-af-topology
network 6.6.6.6 0.0.0.0
network 192.168.16.0 0.0.0.3
eigrp router-id 6.6.6.6
exit-address-family
!

R7:

!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
ip ospf 1 area 20
!
interface Ethernet0/0
ip address 192.168.20.7 255.255.255.0
ip ospf 1 area 20
!
interface Ethernet0/2
ip address 192.168.254.5 255.255.255.252
!
router ospf 1
router-id 0.0.0.7
area 20 stub
!

Let’s focus on Area 30. R6 connects to a remote office (Branch B), which operates with EIGRP. R1 performs mutual redistribution between OSPF and EIGRP.   Internet access is being provided to the Branch office from R4 in HQ.

Let’s take a look to the routing table in R6 and test reachability to R5 and R7.

OSPF-NSSA-02

As can be seen in the above output, the Branch office has routes to all segments; the loopbacks in R5 and R7 are reachable from R6.   Another thing to note is the presence of the default route in R6.   It was originated by OSPF in R4 with the command default-information originate and then redistributed into EIGRP from R1.

Now, let’s take a look at the Link-State Database in R1:

OSPF-NSSA-03

As seen in the above output, the default route, the loopback of R6 and the segment 192.168.16.0/30 (Link between R6 and R1) appear as type-5 LSAs.

Now, let’s change Area 30 to NSSA.

To do this, we have to define the NSSA in the border routers connecting the NSSA area (R2 and R3) and the internal routers (R1).

R1, R2, and R3:

!
router ospf 1
area 30 nssa
!

WARNING RGE

Be careful, this is a disruptive change.   Remember, the area types must match for the adjacencies to be formed.   Plan accordingly when making changes in the network.

After applying the changes, let’s take a look at the link-state database of R1 and R4:

OSPF-NSSA-03-1

OSPF-NSSA-03-2

As seen in the above outputs, the redistributed routes generate Type-7 LSAs in R1 then were translated by the ABR (R3) into Type-5 LSAs.   In this topology, R2 and R3 are ABRs for Area 30.  When multiple ABRs are present the ABR with highest Router-ID is elected as the translator for Type-7 into Type-5 LSAs.   R3 was elected translator.

Now, let’s take a look at the routing table in R6 and test reachability again.

OSPF-NSSA-04

It seems like everything is fine.  But wait a minute.  There’s no internet access in the branch office.    If you look closer, the default route has disappeared.   This is because NSSA does not automatically generate a default route.   But you may think, this was generated by R4, so why this happened?

Let’s take a look at the Link-State database in R1:

OSPF-NSSA-05

As seen in the above output, the Type-5 LSAs were replaced by Type-7 LSAs but the default route is not present.   This is because the ABR will not automatically inject the default route into an NSSA.  This has to be explicitly configured.

To solve this problem, we can add the keyword default-information-originate into the NSSA definition in both ABRs for load-balancing or we can choose one of the routers and force the internet traffic to use only one path.

Let’s try these two possibilities.

First, let’s originate the default route from R2:

R2:

!
router ospf 1
area 30 nssa default-information-originate
!

Now, let’s take a look to the routing table of R1 and see if the default route was injected:

OSPF-NSSA-06

As can be seen, the default route was injected as OSPF NSSA external Type 2 (O*N2).

Now let’s take a look to the LSA:

OSPF-NSSA-07

As shown in the output, the advertising router is R2 and was generated as Type-7.  The default route is now present (via redistribution) in the Branch (R6).

OSPF-NSSA-08

As shown above, the path to reach the internet (8.8.2.2) is via R2.   Now, let’s originate the default route in the other ABR (R3):

R3:

!
router ospf 1
area 30 nssa default-information-originate
!

Let’s take a look at the result in R1:

OSPF-NSSA-09

As can be seen, now R1 has 2 equal cost paths to reach the default route.

OSPF-NSSA-10

Another feasible solution would be turning Area 30 into a Totally-Not-So-Stubby-Area. This type of Area suppresses Type-5 and Type-3 LSAs.  It generates the default route as Type-3 LSA.

Let’s change only R2 and R3 to Totally-NSSA and check the results:

R2 and R3:

!
router ospf 1
no area 30 nssa default-information-originate
area 30 nssa no-summary
!

 

OSPF-NSSA-11

As seen in the above output, the default route appears as OSPF Inter-Area (O*IA).

OSPF-NSSA-12

The Type-3 LSAs were replaced by default-routes advertised by the ABRs.

It is time to close this long post. Thank you for visiting.

OSPF Stub Areas

In a multi-area OSPF network, stub areas are basically used to provide scalability.   OSPF scalability is achieved by reducing the flooding domain using areas and reducing the size of the routing table doing summarization.

Now, summarization and filtering are functions of the ABR.  This is due the hierarchical design of OSPF.   A way to reduce the routing information in an area is converting the area into Stub.

When configuring an area as Stub, the ABR will filter whatever LSA (Type-3, Type-4 and/or Type-5) which enter the area depending on the type of Stub Area that is configured.    The filtered LSAs in Stub areas are then replaced with a Type-3 default route (LSA Summarization).  Another consideration when configuring stub areas is that all routers within the stub area must be also configured as stub. Otherwise, they won’t form the adjacency.

OSPF Stub Area Types

There are four stub area types:

  • Stub Area – Filters Type-5 LSAs.
  • Totally Stubby Area – Filters Type-3 and Type-5 LSAs. These LSAs are summarized into a single Type-3 LSA which is the default route.
  • Not-So-Stubby Area (NSSA) – Filter Type-5 LSAs. Allows local redistribution in the area. The router doing redistribution in the NSSA area generates LSA Type-7 for the redistributed prefixes. The ABR translates the Type-7 LSA into Type-5 LSA when advertised to the backbone Area.  In NSSA, the ABR does not automatically originate a default route.
  • Totally-Not-So-Stubby-Area – Like Totally Stubby Area, filters Type-3, Type-4, and Type-5 LSAs and also allows local redistribution. It is, in essence, a combination of the Totally Stubby Area and NSSA.  It also generates Type-7 LSAs for the redistributed prefixes, the ABR translate this Type-7 into Type-5 LSAs when entering the backbone area. In Totally-Not-So-Stubby-Area, the ABR automatically originates the default route.

Today we will focus in the first two Stub Area Types.

To configure an area as Stub, use the area {area-id} stub [no-summary] OSPF process command.   The stub area must be defined in all routers participating in the stubby area.  The no-summary keyword is used to change from stub area to Totally Stubby Area.

Let’s use the following topology for the examples:

OSPF-STUB-01

As can be seen in the topology, the area 234 is defined as a stub area.  R1 and R5 are doing mutual redistribution between RIP and OSPF.

The initial configuration files are as follows:

R1:

!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.12.1 255.255.255.0
ip ospf 1 area 0
!
interface Ethernet0/1
ip address 192.168.15.1 255.255.255.0
!
router ospf 1
router-id 0.0.0.1
redistribute rip subnets
!
router rip
redistribute ospf 1 metric 6
network 192.168.15.0
no auto-summary
!

R2:

!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip ospf 1 area 0
!
interface Ethernet0/0
ip address 192.168.12.2 255.255.255.0
ip ospf 1 area 0
!
router ospf 1
router-id 0.0.0.2
!

R3:

!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip ospf 1 area 234
!
interface Ethernet0/0
ip address 192.168.34.3 255.255.255.0
ip ospf 1 area 234
!
router ospf 1
router-id 0.0.0.3
!

R4:

!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
ip ospf 1 area 234
!
interface Ethernet0/0
ip address 192.168.34.4 255.255.255.0
ip ospf 1 area 234
!
router ospf 1
router-id 0.0.0.4
!

R5:

!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface Ethernet0/1
ip address 192.168.15.5 255.255.255.0
!
router rip
network 5.0.0.0
network 192.168.15.0
no auto-summary
!

At this moment area 234 is a normal area.

Let’s take a look at the routing tables in R5 and R3 and test the reachability between them.

OSPF-STUB-02

OSPF-STUB-03

As can be seen in the above outputs, R5 is learning the redistributed OSPF routes from R1 with a metric of 6.   When doing redistribution between OSPF and RIP the seed metric is required.   RIP has a max-metric of 15.   Also, note R3 is learning redistributed routes from R5.   These routes are being advertised as “O E2” or OSPF External type 2 with a default metric of 20.

Now let’s take a look at the link-state database in R3:

OSPF-STUB-04

As can be seen in the above link-state database output, R3 has Type-1, Type-2, Type-3, Type-4 and Type-5 LSAs.   The Type-3 Summary information is coming from the ABR, detailing the summary information of the networks in Area 0. The Type-5 External LSAs details the redistributed routes, they were generated by R1, the Type-4 LSA details how to reach the ASBR (R1 – RID: 0.0.0.1) from where the Type-5 LSAs were learned.   Also, note the Type-5 External don’t have an explicit area (Area X) attached to the description in the database.   This is because the flooding scope of External Type-5 LSAs is the entire OSPF domain.

Let’s configure the area 234 as stub and let’s see what happens:

R2:

!
router ospf 1
area 234 stub
!

Let’s stop here for a moment and take a look on the adjacency between R2 and R4:

OSPF-STUB-05

As soon we changed the area 234 to stub, the adjacency with R4 went down.   What is the problem?   Let’s debug the hello packets and see what’s going on.

OSPF-STUB-06

According to the above output, R2 has received a hello packet with mismatched Stub/Transit area option bit.   When configuring stub areas, all participating routers must be configured as stub.   Thus, changing from normal to stub areas will tear down your adjacencies.

Let’s continue with the configuration.

R3:

!
router ospf 1
area 234 stub
!

R4:

!
router ospf 1
area 234 stub
!

Let’s take a look to the routing table and the link-state database on R3:

OSPF-STUB-07

OSPF-STUB-08

As can be seen in the above output, the routing table has changed.   Now the “O E2” OSPF external routes have disappeared.   Now the routing table has an Inter-Area default route (O*IA).

Also, note the “O IA” OSPF inter-area routes corresponding to the prefixes in area 0 are still present.

Now, let’s take a look at the link-state database:

OSPF-STUB-09

As can be seen in the above output, the Type-5 LSAs were filtered, thus, the Type-4 LSA was not generated by the ABR.

Totally Stubby Area

The Totally Stubby Area what it does is increase the filtering even more.  This type of areas filters inter-area (O IA) and external routes (O E1|E2).   To configure the area as totally Stub just adds the keyword no-summary at the end of the stub area configuration.  Because the Totally Stubby Area is an extension of stub areas, the no-summary keyword is only required in the ABR connecting the stub area.

Considering that the link between R2 and R4 is the only transit link between the backbone and the area 234, it would make sense to convert it into a totally stubby area.

So let’s make the change:

R2:

!
router ospf 1
area 234 stub no-summary
!

Finally, let’s take a look to the routing table and the link-state database:

OSPF-STUB-10

OSPF-STUB-11

As can be seen in the above outputs, now the inter-area (O IA) and the External (O E1|E2) routes were replaced with a single Inter-Area default route (O*IA).  The Type-3, Type-4 and Type-5 LSAs were filtered from the link-state database.   The full topology is still reachable because the inter-area and external routes fall into the default route.

OSPF-STUB-12

Despite the Stub and Totally Stub Areas seems attractive because of their low overhead, they also have important limitations of which I want to emphasize:

  1. Stub and Totally Stub areas do not support redistribution.
  2. Stub areas, in general, do not support Virtual-Links.

It is time to close this long post.

Thank you for visiting.

OSPF Areas and Area Types

OSPF provides two levels of hierarchy through the use of Areas.  An easy way to explain what an Area is would be:  An OSPF area is a logical segment or a sub-domain containing networks, routers and links sharing the same area id.

Using multiple areas in OSPF reduces the router resource utilization because the routers belonging to the same area only maintain the network topology of the area where they belong. Thus, less LSA has to be flooded and maintained.  In other words, the Routers in other areas; don’t have information about the topology outside its own area.

An area is a 32-bit number which can be represented the same way as an IP address such  “area 0.0.0.0” or as a decimal number, such as “Area 0”.

OSPF-AT-Single-Area

The Area 0 is the backbone area in an OSPF domain.   If more than one area is configured, then Area 0 is required to provide inter-area communications.   This means that in an OSPF autonomous system, all areas must be physically connected to the backbone area 0.

OSPF-AT-Multi-Area

I’ve mentioned that all areas must be connected to Area 0; But, what about areas that cannot be physically connected to the area 0?

OSPF provides a native solution for this problem, OSPF Virtual-Links.  I will dedicate an entire post for this technology later on.

OSPF-AT-Virtual-Link.PNG

The Routers contained within the same area are called Area Routers (AR), the routers with a link in Area Zero (0) and a Non-Zero area is called Area Border Routers (ABRs).  Finally, the Routers with a link in Area Zero (0) or a Non-Zero area and redistributing from another Routing Protocol are called Autonomous System Boundary Routers (ASBRs).   Summarization can be done only on ABRs and ASBRs.

OSPF-Router-Type

OSPF Area Types

The OSPF area types can be divided into the following types:

  • Normal Areas
    • Standard.
    • Transit.
  • Stub Area.
    • Totally Stubby Area.
  • Not-So-Stubby Area (NSSA).
    • Totally NSSA.

Normal Area

Normal Areas can be standard or transit (backbone) areas.

  • The Standard areas are the non-zero defined areas where LSAs Type-1, 2, 3, 4 and 5 are allowed; this means that can accept intra-area, inter-area, and external routes.
  • The backbone area is, in essence, a Standard area but is the area from which all other areas in OSPF must be connected.

I’ve mentioned that summarization is possible only on ABRs and ASBRs; But, what about the default route?    Well I think is necessary to explain about the default-route in normal areas.

It is allowed to generate the default route in Normal Areas.  The default route is injected as Type-5 LSA.

In order to generate the default route use the default-information originate process command.  If the default route is not present in the Routing Table then won’t be generated unless the [always] keyword is added at the end of the command.

OSPF-AREA-Normal

 

Stub Area

Stub areas are typically used where the access to the rest of the network through a single link.  For these type of networks is not necessary having and maintaining a full link state database.   This area type can only accept intra-area, inter-area and the default route (generated by default).

Stub areas allow only LSAs Type-1, 2 and 3.   Redistribution is not allowed in Stub Areas.

The default route in a Stub area is generated by default and is injected in the area as Type-3 LSA.

To configure a Stub Area use the Area [x] stub process command.  This command must be added to the routers belonging to the stub area and also, must be added to the ABR connecting the stub area.

OSPF-AREA-STUB

 

Totally Stubby Area

Totally Stubby areas are an extension of Stub Areas and are in fact, the most restricted type of OSPF area.

In Totally Stubby Areas, the Routers receive only a default route from the ABRs, no External or Summary routes are allowed except for the default-route.   The default route in Totally Stubby area is generated by default and is injected in the area as Type-3 LSA.

To configure a Totally Stubby Area use the Area [x] stub no-summary process command.  This command with the no-summary keyword is required only on the ABR connecting the area.

The router connecting to the ABR does not require the no-summary keyword but requires to be defined as a stub.

OSPF-AREA-T-STUB

Not-So-Stubby Areas (NSSA)

Not-So-Stubby areas are also an extension of the stub areas.  This type of area adds the flexibility of redistribution of external routes into the area while retaining its stub characteristic.   This area type can only accept intra-area, inter-area, external and the default route (which is not generated by default).   Not-So-Stubby areas allow only LSAs Type-1, 2, 3 and 7.

When the default route in an NSSA is generated, it is injected in the area as Type-7 LSA.

To configure an NSSA use the Area [x] nssa [default-information-originate] process command.  This command must be added to the routers belonging to the NSSA area and must be also added to the ABR connecting the NSSA.  The default-information-originate keyword generates the default-route in NSSA.

OSPF-AREA-NSSA

 

Totally Stubby NSSA

Totally Stubby NSSA is an extension to the NSSA.  As a matter of fact, this is the most recommended form of NSSA area type.  This type of area adds the flexibility of redistribution of external routes into the area while retaining it’s totally stubbed characteristic.   This area type can only accept intra-area, external and the default route (which is generated by default).   Totally Stubby NSSA areas allow only LSAs Type-1, 2, [3] and 7.      The default route in a Stub area is generated by default and is injected in the area as Type-3 LSA.

To configure a Totally Stubby NSSA use the Area [x] nssa no-summary process command.  This command with the no-summary keyword is required only on the ABR connecting the area.

The router connecting to the ABR does not require the no-summary keyword but requires to be defined as NSSA.

OSPF-AREA-T-NSSA

It is time to close this post. Thank you for visiting.