Wednesday, June 29, 2011

LAB: OSPF NSSA Redistribution Filtering


- Create new Loopback interfaces on R5 and SW4 with IP addresses 5.5.5.5/32 and 10.10.10.10/32 respectively, and redistribute them into the OSPF domain.
- Configure area 3 as an NSSA so R5 blocks all LSA types 3, 4, and 5 and replaces them with a default route.
- Modify area 3 so that R5’s redistributed Loopback is injected into area 0 as LSA Type-5, but is not injected into area 3 as LSA Type-7.


initial configuration:

R5:
interface Loopback5
ip address 5.5.5.5 255.255.255.255
!
router ospf 1
redistribute connected subnets
area 3 nssa  no-summary

SW2:
router ospf 1
area 3 nssa

SW4:
interface Loopback10
ip address 10.10.10.10 255.255.255.255
!
router ospf 1
redistribute connected subnets
area 3 nssa

in some NSSA situations the ABRcan be an ASBR at the same time. so this means when routes are redistributed directly on the ABR they are originated into area 0 as type-5 external LSA and into NSSA as type-7 NSSA external.  these origination as type-7 into NSSA may be unneeded overhead if the ABR performing redistribution is  the only exit point out of the area.

in this scenario R5 is both ABR and ASBR and is the only exit point for SW2 and SW4 to route packets to area 0.

output below, when R5 has not yet performed any redistribution, only SW4 does.  there are 2 type-7 NSSA external entry from SW4. has 2 DR in Area 3.  and an inter-area default type-3 summary route advertised by R5.


Rack1SW2#show ip osp database                                            

            OSPF Router with ID (150.1.8.8) (Process ID 1)

                Router Link States (Area 3)

Link ID         ADV Router      Age         Seq#       Checksum Link count
150.1.5.5       150.1.5.5       1     (DNA) 0x80000008 0x00F1D2 3
150.1.8.8       150.1.8.8       238         0x8000000C 0x007238 4
150.1.10.10     150.1.10.10     1     (DNA) 0x8000000A 0x00C6C0 3

                Net Link States (Area 3)

Link ID         ADV Router      Age         Seq#       Checksum
155.1.58.8      150.1.8.8       285         0x80000003 0x008CD5
155.1.108.10    150.1.10.10     1     (DNA) 0x80000003 0x00AD72

                Summary Net Link States (Area 3)

Link ID         ADV Router      Age         Seq#       Checksum
0.0.0.0         150.1.5.5       40    (DNA) 0x80000006 0x009AF4

                Type-7 AS External Link States (Area 3)

Link ID         ADV Router      Age         Seq#       Checksum Tag
10.10.10.10     150.1.10.10     1     (DNA) 0x80000001 0x0043D3 0
223.255.255.255 150.1.10.10     1     (DNA) 0x80000001 0x00B2AC 0


Rack1R5(config)#router ospf 1
Rack1R5(config-router)#redistribute connected subnets 

after R5 redistribute the connected subnets int OSPF. R5 originates 5.5.5.5/32 into area 3 as type-8 NSSA external as well into Area0 as type-5 external.

Rack1R5#show ip ospf database | begin Type-7
                Type-7 AS External Link States (Area 3)

Link ID         ADV Router      Age         Seq#       Checksum Tag
5.5.5.5         150.1.5.5       16          0x80000001 0x005098 0
10.10.10.10     150.1.10.10     2     (DNA) 0x80000001 0x0043D3 0
223.255.255.255 150.1.10.10     2     (DNA) 0x80000001 0x00B2AC 0

                Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
5.5.5.5         150.1.5.5       16          0x80000001 0x006C7E 0
9.9.9.9         150.1.30.30     468         0x80000003 0x00E11B 0
10.10.10.10     150.1.5.5       278         0x80000001 0x001912 0
30.0.0.0        150.1.4.4       932         0x80000004 0x00D20D 0
30.1.0.0        150.1.4.4       932         0x80000004 0x00C618 0
30.2.0.0        150.1.4.4       932         0x80000004 0x00BA23 0
30.3.0.0        150.1.4.4       932         0x80000004 0x00AE2E 0
31.0.0.0        150.1.4.4       932         0x80000004 0x00C519 0
31.1.0.0        150.1.4.4       932         0x80000004 0x00B924 0
31.2.0.0        150.1.4.4       932         0x80000004 0x00AD2F 0
31.3.0.0        150.1.4.4       932         0x80000004 0x00A13A 0
51.51.51.51     192.10.1.254    923         0x80000005 0x009470 0
54.1.1.0        150.1.6.6       960         0x80000005 0x00665A 0

the problem here is that unnecessary information is now in the database of area 3, since area 3 has already a default route via R5, area 0 N2 5.5.5.5  routes is redundant.



Rack1SW2#show ip route ospf
     155.1.0.0/24 is subnetted, 5 subnets
O       155.1.10.0 [110/180] via 155.1.108.10, 00:05:21, Port-channel1
O       155.1.5.0 [110/31] via 155.1.58.5, 00:05:21, Vlan58
     223.255.255.0/32 is subnetted, 1 subnets
O N2    223.255.255.255 [110/20] via 155.1.108.10, 00:05:21, Port-channel1
     5.0.0.0/32 is subnetted, 1 subnets
O N2    5.5.5.5 [110/20] via 155.1.58.5, 00:00:57, Vlan58
     10.0.0.0/32 is subnetted, 1 subnets
O N2    10.10.10.10 [110/20] via 155.1.108.10, 00:05:21, Port-channel1
     150.1.0.0/24 is subnetted, 3 subnets
O       150.1.5.0 [110/31] via 155.1.58.5, 00:05:21, Vlan58
O       150.1.10.0 [110/151] via 155.1.108.10, 00:05:21, Port-channel1
O*IA 0.0.0.0/0 [110/31] via 155.1.58.5, 00:05:21, Vlan58

solution:  it is good to suppress type-7 LSA in this situation on the ABR itself.  using the no-redistribution keyword onto the area 3 nssa statement.  the type-7  are not generated for locally redistributed routes.  but this will not prevent other devices inside the NSSA from performing redistribution such as SW4.

Rack1R5(config)#router ospf 1
Rack1R5(config-router)#area 3 nssa no-redistribution no-summary


verification:  Area 3 has no longer a specific route to 5.5.5.5/32

Rack1SW2#show ip route ospf
     155.1.0.0/24 is subnetted, 5 subnets
O       155.1.10.0 [110/180] via 155.1.108.10, 00:08:01, Port-channel1
O       155.1.5.0 [110/31] via 155.1.58.5, 00:08:01, Vlan58
     223.255.255.0/32 is subnetted, 1 subnets
O N2    223.255.255.255 [110/20] via 155.1.108.10, 00:00:57, Port-channel1
     10.0.0.0/32 is subnetted, 1 subnets
O N2    10.10.10.10 [110/20] via 155.1.108.10, 00:00:57, Port-channel1
     150.1.0.0/24 is subnetted, 3 subnets
O       150.1.5.0 [110/31] via 155.1.58.5, 00:08:01, Vlan58
O       150.1.10.0 [110/151] via 155.1.108.10, 00:08:02, Port-channel1
O*IA 0.0.0.0/0 [110/31] via 155.1.58.5, 00:01:03, Vlan58

Rack1SW2#ping 5.5.5.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/11/25 ms

while devices in Area 0 has the specific route for 5.5.5.5/32 as type-5 external LSA.

Rack1R3#show ip route 5.5.5.5
Routing entry for 5.5.5.5/32
  Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 64
  Last update from 155.1.0.5 on Serial1/0, 00:04:37 ago
  Routing Descriptor Blocks:
  * 155.1.0.5, from 150.1.5.5, 00:04:37 ago, via Serial1/0
      Route metric is 20, traffic share count is 1
Posted by at No comments:
Labels:

LAB: OSPF NSSA Type-7 to Type-5 Translator Election


- Create a new Loopback9 interface on SW3 with the IP address 9.9.9.9/32, and redistribute it into OSPF.
- Modify the OSPF domain so that only R3 advertises this route into area 0, but traffic from R5 going to this destination transits R6.
- If R6 is down this traffic should be rerouted to R3.

initial command sets:

SW3:
interface Loopback9
ip address 9.9.9.9 255.255.255.255
!
router ospf 1
redistribute connected subnets


for Normal External routes, only Type-5 is originated by the router performing the redistribution.  When this routes moves between areas each ABR originates a Type-4 ASBR summary LSA advertising their reachability to the ASBR.

Fort Type-7 LSAs, since this information needed to be re-originated at the ABR level as the route moves into area 0.  if there are 2 or more ABR in the NSSA area, only one ABR will be doing the Type-7 to Type-5 translation, but maintains the forward address field. essentially separating the relationship between the routing advertisement and the traffic flow.  This means it doesn't necessarily that the ABR performing the translation will be the gateway or the router to reach that external network in the NSSA area, metric still is the basis for reaching that NSSA external network.

note:  ABR who has the highest router-id wins the election for the type-7 to type-5 translation.

in our example here R5 performs a lookup on the Type-5 LSA for 9.9.9.9 that was translated from Type-7.  at this point R3 has an OSPF RID 150.1.3.3 and R6 150.1.6.6. So R6 won the translator election due to higher RID.  the forward address is set to 150.1.9.9 (SW3). this means that R5 needs to figure out how to route towards 150.1.9.9



Rack1R5#show ip ospf database external 9.9.9.9

            OSPF Router with ID (150.1.5.5) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA
  LS age: 278
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 9.9.9.9 (External Network Number )
  Advertising Router: 150.1.6.6
  LS Seq Number: 80000002
  Checksum: 0x1D11
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 150.1.9.9
        External Route Tag: 0

since 150.1.9.9 doesnt belong to the same area as R5 inter-area lookup is performed on the type-3 summary.  R5 finds 2 ABRs wit the same metric.

Rack1R5#show ip ospf database summary 150.1.9.0

            OSPF Router with ID (150.1.5.5) (Process ID 1)

                Summary Net Link States (Area 0)

  Routing Bit Set on this LSA
  LS age: 53
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 150.1.9.0 (summary Network Number)
  Advertising Router: 150.1.3.3
  LS Seq Number: 80000004
  Checksum: 0x12E6
  Length: 28
  Network Mask: /24
        TOS: 0  Metric: 3

  LS age: 2 (DoNotAge)
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 150.1.9.0 (summary Network Number)
  Advertising Router: 150.1.6.6
  LS Seq Number: 80000004
  Checksum: 0xEA08
  Length: 28
  Network Mask: /24
        TOS: 0  Metric: 3


from R5, finding the metrics reaching those ABRs

Rack1R5#show ip ospf database router 150.1.5.5 self-originate

            OSPF Router with ID (150.1.5.5) (Process ID 1)

                Router Link States (Area 0)

  LS age: 233
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 150.1.5.5
  Advertising Router: 150.1.5.5
  LS Seq Number: 80000008
  Checksum: 0xE755
  Length: 108
  Area Border Router
  Number of Links: 7
<output omitted>

    Link connected to: another Router (point-to-point)
     (Link ID) Neighboring Router ID: 150.1.1.1
     (Link Data) Router Interface address: 155.1.0.5
      Number of TOS metrics: 0
       TOS 0 Metrics: 64

    Link connected to: another Router (point-to-point)
     (Link ID) Neighboring Router ID: 150.1.3.3
     (Link Data) Router Interface address: 155.1.0.5
      Number of TOS metrics: 0
       TOS 0 Metrics: 64

for R6 since it has a VL with R1.

Rack1R5#sho ip ospf database router 150.1.1.1

            OSPF Router with ID (150.1.5.5) (Process ID 1)

                Router Link States (Area 0)

  Routing Bit Set on this LSA
  LS age: 200
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 150.1.1.1
  Advertising Router: 150.1.1.1
  LS Seq Number: 80000009
  Checksum: 0x96DB
  Length: 72
  Area Border Router
  Number of Links: 4

    Link connected to: a Virtual Link
     (Link ID) Neighboring Router ID: 150.1.6.6
     (Link Data) Router Interface address: 155.1.146.1
      Number of TOS metrics: 0
       TOS 0 Metrics: 1


total metrics via R6 = 3 + 1 + 64 = 68
total metrics vai R3 = 3 + 64 = 67
verification via show ip route command:

Rack1R5#show ip route 9.9.9.9
Routing entry for 9.9.9.9/32
  Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 67
  Last update from 155.1.0.3 on Serial0/0, 00:02:53 ago
  Routing Descriptor Blocks:
  * 155.1.0.3, from 150.1.6.6, 00:02:53 ago, via Serial0/0
      Route metric is 20, traffic share count is 1

to modify the type-7 to type-5 translator  we can increase the RID of R3.

Rack1R3(config-router)#router ospf 1
Rack1R3(config-router)#rout
Rack1R3(config-router)#router-id 150.1.30.30
Reload or use "clear ip ospf process" command, for this to take effect

Rack1R3#clear ip ospf 1 process
Reset OSPF process? [no]: yes

@ R5 after changing the R3 RID. R5 now sees that R3 is the advertising router.

Rack1R5#show ip ospf database external 9.9.9.9

            OSPF Router with ID (150.1.5.5) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA
  LS age: 44
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 9.9.9.9 (External Network Number )
  Advertising Router: 150.1.30.30
  LS Seq Number: 80000001
  Checksum: 0xE519
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 150.1.9.9
        External Route Tag: 0


although the advertising router has change, the forward address is still the same meaning it will still choose the route with smaller metric which in this case is also R3

Rack1R5#show ip route 9.9.9.9
Routing entry for 9.9.9.9/32
  Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 67
  Last update from 155.1.0.3 on Serial0/0, 00:00:12 ago
  Routing Descriptor Blocks:
  * 155.1.0.3, from 150.1.30.30, 00:00:12 ago, via Serial0/0
      Route metric is 20, traffic share count is 1

only when R3's forward metric is higher than R6 forward metric the path selection will change.  we can test it by increasing the ospf cost of R3's fa0/0 interface.

Rack1R3(config)#int fa0/0
Rack1R3(config-if)#ip ospf cost 1000 

verifying the metric for R3.

Rack1R5#show ip ospf database summary 150.1.9.0 adv-router 150.1.30.30

            OSPF Router with ID (150.1.5.5) (Process ID 1)

                Summary Net Link States (Area 0)

  Routing Bit Set on this LSA
  LS age: 2
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 150.1.9.0 (summary Network Number)
  Advertising Router: 150.1.30.30
  LS Seq Number: 80000002
  Checksum: 0xDFF9
  Length: 28
  Network Mask: /24
        TOS: 0  Metric: 1002


resulting route is via R6 which is using the VL link to 155.1.0.1 (R1)

Rack1R5#show ip route 9.9.9.9
Routing entry for 9.9.9.9/32
  Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 68
  Last update from 155.1.0.1 on Serial0/0, 00:00:17 ago
  Routing Descriptor Blocks:
  * 155.1.0.1, from 150.1.30.30, 00:00:17 ago, via Serial0/0
      Route metric is 20, traffic share count is 1

traceroute verification
Rack1R5#traceroute 9.9.9.9

Type escape sequence to abort.
Tracing the route to 9.9.9.9

  1 155.1.0.1 24 msec 76 msec 4 msec
  2 155.1.146.6 16 msec 20 msec 12 msec
  3 155.1.67.7 8 msec 28 msec 12 msec
  4 155.1.79.9 12 msec *  24 msec


Note:  if R6 loses connectivity to Area0, traffic will be re-route to R3.
Posted by at No comments:
Labels:

LAB: OSPF Stub Areas with Multiple Exit Points.

- Re-enable R6’s Loopback0 interface and connection to VLAN 146.
- Modify area 2 in such a way that traffic from devices in area 2 going to area 3 uses R6 as the exit point, while traffic from area 2 going to the RIP routes learned from BB3 uses R3.
- If R3 loses its connection to area 2, traffic for External destinations should be rerouted to R6.
- If R6 loses its connection to area 2, traffic for Inter-Area destinations should be rerouted to R3.
- Do not modify the cost of any links in area 2 to accomplish this.


command sets:

R3:
router ospf 1
area 2 nssa no-summary

R6:
router ospf 1
area 2 nssa default-information-originate

SW1:
router ospf 1
area 2 nssa

SW3:
router ospf 1
area 2 nssa

stub areas can be used also for inter-area traffic engineering. in our case here there are multiple exit points out of area 2.  R3 advertises the default route as a type-3 summary LSA (not so totally stubby area) and R6 advertises all Type-3 Summary LSA, plus type-7 NSSA external default route.

for inter-area routing from devices in area 2 this means  that the longest match learned from R6 will always be used from R6.  and for default routing the type-3 summary LSA will be used from R3.

route preference:
intra-area>inter-area>external>nssa-external

verification:

Rack1SW1#show ip ospf database | begin Summary
                Summary Net Link States (Area 2)

Link ID         ADV Router      Age         Seq#       Checksum
0.0.0.0         150.1.3.3       566         0x80000003 0x00BADB
150.1.1.0       150.1.6.6       234         0x80000001 0x009D2F
150.1.2.0       150.1.6.6       234         0x80000001 0x00AE19
150.1.3.0       150.1.6.6       234         0x80000001 0x00A323
150.1.4.0       150.1.6.6       234         0x80000001 0x00982D
150.1.5.0       150.1.6.6       234         0x80000001 0x000CF8
150.1.6.0       150.1.6.6       249         0x80000001 0x00A351
150.1.6.0       155.1.67.6      391         0x80000001 0x00C9E8
150.1.8.0       150.1.6.6       235         0x80000001 0x00F40C
150.1.10.0      150.1.6.6       235         0x80000001 0x00BFA8
155.1.0.1       150.1.6.6       235         0x80000001 0x005375
155.1.0.2       150.1.6.6       235         0x80000001 0x00655E
155.1.0.3       150.1.6.6       235         0x80000001 0x005B67
155.1.0.4       150.1.6.6       235         0x80000001 0x005170
155.1.0.5       150.1.6.6       235         0x80000001 0x00C53B
155.1.5.0       150.1.6.6       235         0x80000001 0x00CA35
155.1.8.0       150.1.6.6       160         0x80000003 0x00C21D
155.1.13.0      150.1.6.6       235         0x80000001 0x007713
155.1.23.0      150.1.6.6       235         0x80000001 0x008528
155.1.45.0      150.1.6.6       236         0x80000001 0x008810
155.1.58.0      150.1.6.6       235         0x80000001 0x008149
155.1.108.0     150.1.6.6       237         0x80000001 0x003AC7
155.1.146.0     150.1.6.6       252         0x80000001 0x001126
155.1.146.0     155.1.67.6      393         0x80000001 0x0037BD
192.10.1.0      150.1.6.6       237         0x80000001 0x00E187

traffic to other areas is using R6 as a gateway:

Rack1SW1#show ip route 150.1.10.10
Routing entry for 150.1.10.0/24
  Known via "ospf 1", distance 110, metric 3482, type inter area
  Last update from 155.1.67.6 on Vlan67, 00:04:33 ago
  Routing Descriptor Blocks:
  * 155.1.67.6, from 150.1.6.6, 00:04:33 ago, via Vlan67
      Route metric is 3482, traffic share count is 1

while traffic to external-network such as 30.0.0.1 RIP routes redistributed into OSPF on R4, will use R3 as a gateway since it is advertising LSA type-3 summary default route.

Rack1SW1#show ip route 30.0.0.1
% Network not in table

Rack1SW1#show ip route | include _0.0.0.0
Gateway of last resort is 155.1.37.3 to network 0.0.0.0
O*IA 0.0.0.0/0 [110/301] via 155.1.37.3, 00:08:49, FastEthernet0/3


output below shows that sw1 has 2 default routes, one is LSA type 3 and other is type7 nssa-external.  in our case here the metric is the same. but even if the metric for type-7 nssa-external is lower than type-3, summary-type 3 will still be used.

Rack1SW1#show ip ospf database summary 0.0.0.0

            OSPF Router with ID (150.1.7.7) (Process ID 1)

                Summary Net Link States (Area 2)

  Routing Bit Set on this LSA
  LS age: 906
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 0.0.0.0 (summary Network Number)
  Advertising Router: 150.1.3.3
  LS Seq Number: 80000003
  Checksum: 0xBADB
  Length: 28
  Network Mask: /0
        TOS: 0  Metric: 1

Rack1SW1#show ip ospf database nssa-external 0.0.0.0

            OSPF Router with ID (150.1.7.7) (Process ID 1)

                Type-7 AS External Link States (Area 2)

  LS age: 646
  Options: (No TOS-capability, No Type 7/5 translation, DC)
  LS Type: AS External Link
  Link State ID: 0.0.0.0 (External Network Number )
  Advertising Router: 150.1.6.6
  LS Seq Number: 80000001
  Checksum: 0x6BA2
  Length: 36
  Network Mask: /0
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 1
        Forward Address: 0.0.0.0
        External Route Tag: 0


this will also be used to backup each other in-case R3 and R6 fails.

When R3 fails.

Rack1SW1#show ip route | include _0.0.0.0
Gateway of last resort is 155.1.67.6 to network 0.0.0.0
O*N2 0.0.0.0/0 [110/1] via 155.1.67.6, 00:00:00, Vlan67

likewise when R6 fails.

Rack1SW1#show ip route 150.1.10.10
% Subnet not in table

Rack1SW1#show ip route | include _0.0.0.0    
Gateway of last resort is 155.1.37.3 to network 0.0.0.0
O*IA 0.0.0.0/0 [110/301] via 155.1.37.3, 00:00:09, FastEthernet0/3
Posted by at No comments:
Labels:

Monday, June 27, 2011

LAB: OSPF Not-so-Totally-Stubby Areas

Not-so-totally-stubby area is the same as totally stubby area in the concept of blocking type3 summary LSA, type4 ASBR summary LSAs, and Type5 External LSAs and replacing  with only type3 summary LSA default route.

configuration set at ABR

R3
router ospf  1
area 2 nssa no-summary


verification:

Rack1SW3#show ip route ospf
     155.1.0.0/24 is subnetted, 5 subnets
O       155.1.7.0 [110/60] via 155.1.79.7, 00:37:23, Vlan79
O       155.1.37.0 [110/330] via 155.1.79.7, 00:37:23, Vlan79
O       155.1.67.0 [110/60] via 155.1.79.7, 00:37:23, Vlan79
O N2 200.0.0.0/24 [110/20] via 155.1.79.7, 00:00:29, Vlan79
     54.0.0.0/24 is subnetted, 1 subnets
O N2    54.1.1.0 [110/20] via 155.1.79.7, 00:00:29, Vlan79
O N2 200.0.1.0/24 [110/20] via 155.1.79.7, 00:00:29, Vlan79
O N2 200.0.2.0/24 [110/20] via 155.1.79.7, 00:00:29, Vlan79
O N2 200.0.3.0/24 [110/20] via 155.1.79.7, 00:00:29, Vlan79
     150.1.0.0/24 is subnetted, 2 subnets
O       150.1.7.0 [110/31] via 155.1.79.7, 00:37:24, Vlan79
O*IA 0.0.0.0/0 [110/331] via 155.1.79.7, 00:00:34, Vlan79


Rack1SW3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 155.1.79.7 to network 0.0.0.0

     155.1.0.0/24 is subnetted, 5 subnets
C       155.1.9.0 is directly connected, Vlan9
O       155.1.7.0 [110/60] via 155.1.79.7, 00:41:57, Vlan79
O       155.1.37.0 [110/330] via 155.1.79.7, 00:41:57, Vlan79
C       155.1.79.0 is directly connected, Vlan79
O       155.1.67.0 [110/60] via 155.1.79.7, 00:41:57, Vlan79
O N2 200.0.0.0/24 [110/20] via 155.1.79.7, 00:05:02, Vlan79
     54.0.0.0/24 is subnetted, 1 subnets
O N2    54.1.1.0 [110/20] via 155.1.79.7, 00:05:02, Vlan79
O N2 200.0.1.0/24 [110/20] via 155.1.79.7, 00:05:03, Vlan79
O N2 200.0.2.0/24 [110/20] via 155.1.79.7, 00:05:03, Vlan79
O N2 200.0.3.0/24 [110/20] via 155.1.79.7, 00:05:03, Vlan79
     150.1.0.0/24 is subnetted, 2 subnets
O       150.1.7.0 [110/31] via 155.1.79.7, 00:41:59, Vlan79
C       150.1.9.0 is directly connected, Loopback0
O*IA 0.0.0.0/0 [110/331] via 155.1.79.7, 00:05:10, Vlan79
Posted by at No comments:
Labels:

LAB: OSPF Not-So-Stubby Areas (NSSA)



- Shutdown R6’s Loopback0 interface and connection to VLAN 146.
- Configure OSPF area 2 so that R3 filters External routes out as they are
sent from area 0 to area 2.
- R6 should still be allowed to redistribute EIGRP into OSPF.
- Note any reachability problems throughout the domain.

command sets:

R3:
router ospf 1
area 2 nssa

R6:
interface Loopback0
shutdown
!
interface FastEthernet0/0.146
shutdown
!
router ospf 1
area 2 nssa

SW1:
router ospf 1
area 2 nssa

SW3:
router ospf 1

NSSA - extends the functionality of the stub area to allow the importing of a subset of external routes into the area.  This allows the redistribution to occur within the stub area. while blocking external routes from entering the area through the ABRs.

Type-7 NSSA External LSA this was generated inside the NSSA area.

2 subtype:
N1- same as E1considers the metric that the ASBR reports into the OSPF domain along with the metric neeed to reach the ASBR.
N2 - same as E2 separetes the metric into the flat value that the ASBR reports into the OSPF domain. which is installed in the routing table, and the value needed to reach the ASBR, known as forward metric.

verification:

Rack1SW1#show ip route | include N1|N2
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
O N2 200.0.0.0/24 [110/20] via 155.1.67.6, 00:00:41, Vlan67
O N2    54.1.1.0 [110/20] via 155.1.67.6, 00:00:41, Vlan67
O N2 200.0.1.0/24 [110/20] via 155.1.67.6, 00:00:41, Vlan67
O N2 200.0.2.0/24 [110/20] via 155.1.67.6, 00:00:41, Vlan67
O N2 200.0.3.0/24 [110/20] via 155.1.67.6, 00:00:41, Vlan67

Rack1SW1#show ip route 200.0.0.0
Routing entry for 200.0.0.0/24
  Known via "ospf 1", distance 110, metric 20, type NSSA extern 2, forward metric 30
  Last update from 155.1.67.6 on Vlan67, 00:01:19 ago
  Routing Descriptor Blocks:
  * 155.1.67.6, from 150.1.6.6, 00:01:19 ago, via Vlan67
      Route metric is 20, traffic share count is 1


ABR converts Type-7 LSA to type-5 LSA, if multiple ABRs exist only one of them will perform the conversion through an election process.  OSPF devices outside the NSSA do not know that NSSA exists.

Rack1R3#sho ip ospf database | begin Type-7
                Type-7 AS External Link States (Area 2)

Link ID         ADV Router      Age         Seq#       Checksum Tag
54.1.1.0        150.1.6.6       319         0x80000001 0x005480 0
200.0.0.0       150.1.6.6       319         0x80000001 0x00F94A 0
200.0.1.0       150.1.6.6       319         0x80000001 0x00EE54 0
200.0.2.0       150.1.6.6       319         0x80000001 0x00E35E 0
200.0.3.0       150.1.6.6       319         0x80000001 0x00D868 0
<output omitted>
Rack1R3#show ip ospf database nssa-external 200.0.0.0

            OSPF Router with ID (150.1.3.3) (Process ID 1)

                Type-7 AS External Link States (Area 2)

  Routing Bit Set on this LSA
  LS age: 387
  Options: (No TOS-capability, Type 7/5 translation, DC)
  LS Type: AS External Link
  Link State ID: 200.0.0.0 (External Network Number )
  Advertising Router: 150.1.6.6
  LS Seq Number: 80000001
  Checksum: 0xF94A
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 155.1.67.6
        External Route Tag: 0

below is the results of the ABR R3 translations of Type7 to Type5


Rack1R5#show ip ospf database | begin Type-5
                Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
30.0.0.0        150.1.4.4       1     (DNA) 0x80000001 0x00D80A 0
30.1.0.0        150.1.4.4       1     (DNA) 0x80000001 0x00CC15 0
30.2.0.0        150.1.4.4       1     (DNA) 0x80000001 0x00C020 0
30.3.0.0        150.1.4.4       1     (DNA) 0x80000001 0x00B42B 0
31.0.0.0        150.1.4.4       1     (DNA) 0x80000001 0x00CB16 0
31.1.0.0        150.1.4.4       1     (DNA) 0x80000001 0x00BF21 0
31.2.0.0        150.1.4.4       1     (DNA) 0x80000001 0x00B32C 0
31.3.0.0        150.1.4.4       1     (DNA) 0x80000001 0x00A737 0
51.51.51.51     192.10.1.254    50    (DNA) 0x80000001 0x009C6C 0
54.1.1.0        150.1.3.3       521         0x80000001 0x0010D4 0
200.0.0.0       150.1.3.3       521         0x80000001 0x00B59E 0
200.0.1.0       150.1.3.3       521         0x80000001 0x00AAA8
200.0.2.0       150.1.3.3       521         0x80000001 0x009FB2 0
200.0.3.0       150.1.3.3       521         0x80000001 0x0094BC 0
204.12.1.0      150.1.4.4       8     (DNA) 0x80000001 0x005EC8 0
 
Rack1R5#show ip ospf database external 200.0.0.0

            OSPF Router with ID (150.1.5.5) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA
  LS age: 610
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 200.0.0.0 (External Network Number )
  Advertising Router: 150.1.3.3
  LS Seq Number: 80000001
  Checksum: 0xB59E
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 155.1.67.6
        External Route Tag: 0

Rack1R5#show ip route 155.1.67.6
Routing entry for 155.1.67.0/24
  Known via "ospf 1", distance 110, metric 394, type inter area
  Last update from 155.1.0.3 on Serial0/0, 00:11:17 ago
  Routing Descriptor Blocks:
  * 155.1.0.3, from 150.1.3.3, 00:11:17 ago, via Serial0/0
      Route metric is 394, traffic share count is 1

Rack1R5#show ip route 200.0.0.0
Routing entry for 200.0.0.0/24
  Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 394
  Last update from 155.1.0.3 on Serial0/0, 00:10:57 ago
  Routing Descriptor Blocks:
  * 155.1.0.3, from 150.1.3.3, 00:10:57 ago, via Serial0/0
      Route metric is 20, traffic share count is 1

computing the forward metric of 394 = R5 to R3 cost + R3 to SW1 cost + SW1 to R6 cost

Rack1R5#show ip ospf database router 150.1.5.5 self-originate

            OSPF Router with ID (150.1.5.5) (Process ID 1)

                Router Link States (Area 0)

  LS age: 1178
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 150.1.5.5
  Advertising Router: 150.1.5.5
  LS Seq Number: 80000008
  Checksum: 0x694D
  Length: 108
  Area Border Router
  Number of Links: 7
<output omitted>

    Link connected to: another Router (point-to-point)
     (Link ID) Neighboring Router ID: 150.1.3.3
     (Link Data) Router Interface address: 155.1.0.5
      Number of TOS metrics: 0
       TOS 0 Metrics: 64

Rack1R3#show ip ospf database router 150.1.3.3 self-originate

            OSPF Router with ID (150.1.3.3) (Process ID 1)

      <output omitted>

                Router Link States (Area 2)

  LS age: 1021
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 150.1.3.3
  Advertising Router: 150.1.3.3
  LS Seq Number: 80000005
  Checksum: 0xE749
  Length: 36
  Area Border Router
  AS Boundary Router
  Number of Links: 1

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 155.1.37.7
     (Link Data) Router Interface address: 155.1.37.3
      Number of TOS metrics: 0
       TOS 0 Metrics: 300


Rack1SW1#show ip ospf database router 150.1.7.7 self-originate

            OSPF Router with ID (150.1.7.7) (Process ID 1)

                Router Link States (Area 2)

  LS age: 140
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 150.1.7.7
  Advertising Router: 150.1.7.7
  LS Seq Number: 8000000E
  Checksum: 0xE3A2
  Length: 84
  Number of Links: 5

    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 150.1.7.0
     (Link Data) Network Mask: 255.255.255.0
      Number of TOS metrics: 0
       TOS 0 Metrics: 1

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 155.1.37.7
     (Link Data) Router Interface address: 155.1.37.7
      Number of TOS metrics: 0
       TOS 0 Metrics: 300

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 155.1.79.9
     (Link Data) Router Interface address: 155.1.79.7
      Number of TOS metrics: 0
       TOS 0 Metrics: 30

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 155.1.67.6
     (Link Data) Router Interface address: 155.1.67.7
      Number of TOS metrics: 0
       TOS 0 Metrics: 30

    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 155.1.7.0
     (Link Data) Network Mask: 255.255.255.0
      Number of TOS metrics: 0
       TOS 0 Metrics: 30

Important notes;
- NSSA blocks other type5 external LSAs from entering the NSSA area on the ABRs.
- a default route is not automatically originated by NSSA ABR. this means it can reach other areas in the OSPF domain but not other external domains.

Rack1R3#show ip route 30.0.0.1
Routing entry for 30.0.0.0/16
  Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 19494
  Last update from 155.1.0.5 on Serial1/0, 00:25:53 ago
  Routing Descriptor Blocks:
  * 155.1.0.5, from 150.1.4.4, 00:25:53 ago, via Serial1/0
      Route metric is 20, traffic share count is 1

Rack1R3#ping 30.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/44/72 ms


Rack1SW1#show ip ospf database | begin Type-5
Rack1SW1#show ip route 30.0.0.1
% Network not in table
Rack1SW1#ping 30.0.0.1 

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.0.0.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Rack1SW1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     155.1.0.0/16 is variably subnetted, 16 subnets, 2 masks
O IA    155.1.146.0/24 [110/20094] via 155.1.37.3, 00:26:56, FastEthernet0/3
O IA    155.1.23.0/24 [110/301] via 155.1.37.3, 00:26:56, FastEthernet0/3
O       155.1.9.0/24 [110/60] via 155.1.79.9, 00:26:56, Vlan79
O IA    155.1.13.0/24 [110/19730] via 155.1.37.3, 00:26:56, FastEthernet0/3
O IA    155.1.0.2/32 [110/301] via 155.1.37.3, 00:26:56, FastEthernet0/3
O IA    155.1.0.3/32 [110/300] via 155.1.37.3, 00:26:56, FastEthernet0/3
O IA    155.1.0.1/32 [110/78323] via 155.1.37.3, 00:26:56, FastEthernet0/3
C       155.1.7.0/24 is directly connected, Vlan7
O IA    155.1.0.4/32 [110/19794] via 155.1.37.3, 00:26:56, FastEthernet0/3
O IA    155.1.5.0/24 [110/19731] via 155.1.37.3, 00:26:56, FastEthernet0/3
O IA    155.1.0.5/32 [110/19730] via 155.1.37.3, 00:26:56, FastEthernet0/3
O IA    155.1.58.0/24 [110/19731] via 155.1.37.3, 00:26:56, FastEthernet0/3
O IA    155.1.45.0/24 [110/19794] via 155.1.37.3, 00:27:02, FastEthernet0/3
C       155.1.37.0/24 is directly connected, FastEthernet0/3
C       155.1.79.0/24 is directly connected, Vlan79
C       155.1.67.0/24 is directly connected, Vlan67
O N2 200.0.0.0/24 [110/20] via 155.1.67.6, 00:27:02, Vlan67
     54.0.0.0/24 is subnetted, 1 subnets
O N2    54.1.1.0 [110/20] via 155.1.67.6, 00:27:02, Vlan67
O N2 200.0.1.0/24 [110/20] via 155.1.67.6, 00:27:02, Vlan67
O N2 200.0.2.0/24 [110/20] via 155.1.67.6, 00:27:02, Vlan67
O N2 200.0.3.0/24 [110/20] via 155.1.67.6, 00:27:02, Vlan67
O IA 192.10.1.0/24 [110/601] via 155.1.37.3, 00:27:02, FastEthernet0/3
     150.1.0.0/24 is subnetted, 7 subnets
C       150.1.7.0 is directly connected, Loopback0
O IA    150.1.5.0 [110/19731] via 155.1.37.3, 00:27:02, FastEthernet0/3
O IA    150.1.4.0 [110/19795] via 155.1.37.3, 00:27:02, FastEthernet0/3
O IA    150.1.3.0 [110/301] via 155.1.37.3, 00:27:02, FastEthernet0/3
O IA    150.1.2.0 [110/302] via 155.1.37.3, 00:27:02, FastEthernet0/3
O IA    150.1.1.0 [110/78324] via 155.1.37.3, 00:27:03, FastEthernet0/3
O       150.1.9.0 [110/31] via 155.1.79.9, 00:27:03, Vlan79

NSSA Default routing

- configure R3 to advertise a default route into NSSA area 2
- default route must have a default cost of 500.

command sets:

R3
router ospf 1
  area 2 nssa default-information-originate
  area 2 default-cost 500

verification:

Rack1SW1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 155.1.37.3 to network 0.0.0.0

     155.1.0.0/16 is variably subnetted, 16 subnets, 2 masks
O IA    155.1.146.0/24 [110/20094] via 155.1.37.3, 00:02:37, FastEthernet0/3
O IA    155.1.23.0/24 [110/301] via 155.1.37.3, 00:04:45, FastEthernet0/3
O       155.1.9.0/24 [110/60] via 155.1.79.9, 00:04:45, Vlan79
O IA    155.1.13.0/24 [110/19730] via 155.1.37.3, 00:04:45, FastEthernet0/3
O IA    155.1.0.2/32 [110/301] via 155.1.37.3, 00:03:56, FastEthernet0/3
O IA    155.1.0.3/32 [110/300] via 155.1.37.3, 00:03:45, FastEthernet0/3
O IA    155.1.0.1/32 [110/78323] via 155.1.37.3, 00:02:38, FastEthernet0/3
C       155.1.7.0/24 is directly connected, Vlan7
O IA    155.1.0.4/32 [110/19794] via 155.1.37.3, 00:02:38, FastEthernet0/3
O IA    155.1.5.0/24 [110/19731] via 155.1.37.3, 00:02:38, FastEthernet0/3
O IA    155.1.0.5/32 [110/19730] via 155.1.37.3, 00:02:38, FastEthernet0/3
O IA    155.1.58.0/24 [110/19731] via 155.1.37.3, 00:02:38, FastEthernet0/3
O IA    155.1.45.0/24 [110/19794] via 155.1.37.3, 00:02:38, FastEthernet0/3
C       155.1.37.0/24 is directly connected, FastEthernet0/3
C       155.1.79.0/24 is directly connected, Vlan79
C       155.1.67.0/24 is directly connected, Vlan67
O N2 200.0.0.0/24 [110/20] via 155.1.67.6, 00:02:53, Vlan67
     54.0.0.0/24 is subnetted, 1 subnets
O N2    54.1.1.0 [110/20] via 155.1.67.6, 00:02:54, Vlan67
O N2 200.0.1.0/24 [110/20] via 155.1.67.6, 00:02:54, Vlan67
O N2 200.0.2.0/24 [110/20] via 155.1.67.6, 00:02:54, Vlan67
O N2 200.0.3.0/24 [110/20] via 155.1.67.6, 00:02:54, Vlan67
O IA 192.10.1.0/24 [110/601] via 155.1.37.3, 00:04:27, FastEthernet0/3
     150.1.0.0/24 is subnetted, 7 subnets
C       150.1.7.0 is directly connected, Loopback0
O IA    150.1.5.0 [110/19731] via 155.1.37.3, 00:02:38, FastEthernet0/3
O IA    150.1.4.0 [110/19795] via 155.1.37.3, 00:02:39, FastEthernet0/3
O IA    150.1.3.0 [110/301] via 155.1.37.3, 00:04:47, FastEthernet0/3
O IA    150.1.2.0 [110/302] via 155.1.37.3, 00:04:28, FastEthernet0/3
O IA    150.1.1.0 [110/78324] via 155.1.37.3, 00:02:39, FastEthernet0/3
O       150.1.9.0 [110/31] via 155.1.79.9, 00:04:47, Vlan79
O*N2 0.0.0.0/0 [110/500] via 155.1.37.3, 00:00:08, FastEthernet0/3

Rack1SW1#ping 30.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 58/67/92 ms
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)