Thursday, 3 March 2016

OSPF NSSA

Introduction

The OSPF not-so-stubby area (NSSA) feature is described by RFC 1587 leavingcisco.com and is first introduced in Cisco IOS® Software release 11.2. It is a non-proprietary extension of the existing stub area feature that allows the injection of external routes in a limited fashion into the stub area. This document explains how the NSSA feature works.
Redistribution into an NSSA area creates a special type of link-state advertisement (LSA) known as type 7, which can only exist in an NSSA area. An NSSA autonomous system boundary router (ASBR) generates this LSA and an NSSA area border router (ABR) translates it into a type 5 LSA, which gets propagated into the OSPF domain. The network diagram demonstrates this principle.

Prerequisites

Requirements

Refer to this network diagram as you use this document:
nssa.gif
In the network diagram, Area 1 is defined as a stub area. IGRP routes cannot be propagated into the OSPF domain because redistribution is not allowed in the stub area. However, if we define Area 1 as NSSA, we can inject IGRP routes into the OSPF NSSA domain with the creation of type 7 LSAs. Redistributed RIP routes are not allowed in Area 1 because NSSA is an extension to the stub area. The stub area characteristics still exist, which includes no type 5 LSAs allowed.

Components Used

This document is not restricted to specific software and hardware versions.
The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.

What Is a Type 7 LSA?

This is a type 7 LSA that is generated by an NSSA ASBR. Type 5 LSAs are not allowed in NSSA areas, so the NSSA ASBR generates a type 7 LSA instead, which remains within the NSSA. This type 7 LSA gets translated back into a type 5 by the NSSA ABR. 
LS age: 36
  Options: (No TOS-capability, No Type 7/5 translation, DC)
  LS Type: AS External Link
  Link State ID: 10.10.10.0 (External Network Number)
  Advertising Router: 141.108.1.21
  LS Seq Number: 80000001
  Checksum: 0x4309
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        TOS: 0 
        Metric: 20 
        Forward Address: 9.9.9.9
        External Route Tag: 0
This output looks similar to an external LSA. These are some important characteristics about this output:
  • Bit P—This bit is used in order to tell the NSSA ABR whether to translate type 7 into type 5.
  • No Type 7/5 translation means bit P = 0.
  • Type 7/5 translation means bit P = 1.
  • If bit P = 0, then the NSSA ABR must not translate this LSA into Type 5. This happens when NSSA ASBR is also an NSSA ABR.
  • If bit P = 1, then the NSSA ABR must translate this type 7 LSA into a type 5 LSA. If there are multiple NSSA ABRs, the one with highest router ID.

Configuration Tasks

There are two flavors in NSSA, just like in stub areas. There are NSSAs that block type 5 and type 4 LSAs, but allow type 3 LSAs, and there are NSSA totally stub areas, which allow only summary default routes and filters everything else.

Defining a Not-So-Stubby Area

In order to make a stub area into an NSSA, issue this command under the OSPF configuration:
router ospf 1
 Area 1 nssa
This command must be configured on every single router in Area 1. After you define Area 1 as an NSSA, it must have these characteristics:
  • No Type 5 LSAs are allowed in Area 1. This means no RIP routes are allowed in Area 1.
  • All IGRP routes are redistributed as type 7. This type 7 can only exist within NSSA.
  • All type 7 LSAs are translated into type 5 LSAs by the NSSA ABR and are leaked into the OSPF domain as type 5 LSAs.

Defining an NSSA Totally Stub Area

In order to configure an NSSA totally stub area, issue this command under the OSPF configuration:
router ospf 1
 Area 1 nssa no-summary
Configure this command on NSSA ABRs only. After you define the NSSA totally stub area, Area 1 has these characteristics in addition to the NSSA characteristics:
  • No type 3 or 4 summary LSAs are allowed in Area 1. This means no inter-area routes are allowed in Area 1.
  • A default route is injected into the NSSA totally stub area as a type 3 summary LSA.

Filtering in NSSA

There are situations where there is no need to inject external routes into the NSSA as type 7. This situation usually occurs when an ASBR is also an NSSA ABR. When redistribution takes place in this scenario, the router generates type 5 as well as type 7 LSAs. You can prevent the router from creating type 7 LSAs for NSSA with this command: 
router ospf 1
 Area 1 nssa no-redistribution
In the network diagram, Area 1 is configured with the no-redistribution option. This means that all IGRP routes are redistributed into area 0, but no type 7 LSAs are generated for Area 1. Only configure this command on an NSSA ASBR that is also an ABR.
nssa1.gif
Another case of filtering is when you need to prevent the type 7 LSAs from being translated outside the NSSA. In other words, when you want to control which type 7 LSAs get translated into type 5. For example, you have a RIP learned route 141.108.10.0/24 that is injected into the OSPF NSSA Area 1. You do not want this route to be leaked into the rest of the OSPF areas. Use this configuration on either the NSSA ASBR or the NSSA ABR in order to accomplish this: 
router ospf 1
 summary-address 141.108.10.0 255.255.255.0 not-advertise
This configuration generates a type 7 LSA that is not translated into type 5 by the NSSA ABR.

Default Route in NSSA

There are two ways to have a default route in an NSSA. When you configure an area as NSSA, by default the NSSA ABR does not generate a default summary route. In the case of a stub area or an NSSA totally stub area, the NSSA ABR does generate a default summary route.

Default Summary Route

By defining an area as a NSSA totally stub area, the NSSA ABR generates a default summary route. As mentioned, if the NSSA area were not defined as totally stub, then a default summary route is not generated by NSSA ABR. This configuration generates a default summary route for a NSSA totally stub area. 
router ospf 1
 Area 1 nssa no-summary

Default Type 7

This configuration generates a type 7 default route. You can configure this command on any NSSA ASBR or NSSA ABR with these rules:
  • NSSA ASBR can generate a default only when it has a default route in its routing table.
  • The default route must be known through non-OSPF protocol
  • NSSA ABR can generate a default route with or without a default route in its own routing table.
This command is used in order to generate an NSSA default route: 
router ospf 1
 Area 1 nssa default-information-originate

Posted by at