- Create new Loopback interfaces on R5 and SW4 with IP addresses 5.5.5.5/32 and 10.10.10.10/32 respectively, and redistribute them into the OSPF domain.
- Configure area 3 as an NSSA so R5 blocks all LSA types 3, 4, and 5 and replaces them with a default route.
- Modify area 3 so that R5’s redistributed Loopback is injected into area 0 as LSA Type-5, but is not injected into area 3 as LSA Type-7.
initial configuration:
R5:
interface Loopback5
ip address 5.5.5.5 255.255.255.255
!
router ospf 1
redistribute connected subnets
area 3 nssa no-summary
SW2:
router ospf 1
area 3 nssa
SW4:
interface Loopback10
ip address 10.10.10.10 255.255.255.255
!
router ospf 1
redistribute connected subnets
area 3 nssa
in some NSSA situations the ABRcan be an ASBR at the same time. so this means when routes are redistributed directly on the ABR they are originated into area 0 as type-5 external LSA and into NSSA as type-7 NSSA external. these origination as type-7 into NSSA may be unneeded overhead if the ABR performing redistribution is the only exit point out of the area.
in this scenario R5 is both ABR and ASBR and is the only exit point for SW2 and SW4 to route packets to area 0.
output below, when R5 has not yet performed any redistribution, only SW4 does. there are 2 type-7 NSSA external entry from SW4. has 2 DR in Area 3. and an inter-area default type-3 summary route advertised by R5.
Rack1SW2#show ip osp database
OSPF Router with ID (150.1.8.8) (Process ID 1)
Router Link States (Area 3)
Link ID ADV Router Age Seq# Checksum Link count
150.1.5.5 150.1.5.5 1 (DNA) 0x80000008 0x00F1D2 3
150.1.8.8 150.1.8.8 238 0x8000000C 0x007238 4
150.1.10.10 150.1.10.10 1 (DNA) 0x8000000A 0x00C6C0 3
Net Link States (Area 3)
Link ID ADV Router Age Seq# Checksum
155.1.58.8 150.1.8.8 285 0x80000003 0x008CD5
155.1.108.10 150.1.10.10 1 (DNA) 0x80000003 0x00AD72
Summary Net Link States (Area 3)
Link ID ADV Router Age Seq# Checksum
0.0.0.0 150.1.5.5 40 (DNA) 0x80000006 0x009AF4
Type-7 AS External Link States (Area 3)
Link ID ADV Router Age Seq# Checksum Tag
10.10.10.10 150.1.10.10 1 (DNA) 0x80000001 0x0043D3 0
223.255.255.255 150.1.10.10 1 (DNA) 0x80000001 0x00B2AC 0
Rack1R5(config)#router ospf 1
Rack1R5(config-router)#redistribute connected subnets
Rack1R5(config-router)#redistribute connected subnets
after R5 redistribute the connected subnets int OSPF. R5 originates 5.5.5.5/32 into area 3 as type-8 NSSA external as well into Area0 as type-5 external.
Rack1R5#show ip ospf database | begin Type-7
Type-7 AS External Link States (Area 3)
Link ID ADV Router Age Seq# Checksum Tag
5.5.5.5 150.1.5.5 16 0x80000001 0x005098 0
10.10.10.10 150.1.10.10 2 (DNA) 0x80000001 0x0043D3 0
223.255.255.255 150.1.10.10 2 (DNA) 0x80000001 0x00B2AC 0
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
5.5.5.5 150.1.5.5 16 0x80000001 0x006C7E 0
9.9.9.9 150.1.30.30 468 0x80000003 0x00E11B 0
10.10.10.10 150.1.5.5 278 0x80000001 0x001912 0
30.0.0.0 150.1.4.4 932 0x80000004 0x00D20D 0
30.1.0.0 150.1.4.4 932 0x80000004 0x00C618 0
30.2.0.0 150.1.4.4 932 0x80000004 0x00BA23 0
30.3.0.0 150.1.4.4 932 0x80000004 0x00AE2E 0
31.0.0.0 150.1.4.4 932 0x80000004 0x00C519 0
31.1.0.0 150.1.4.4 932 0x80000004 0x00B924 0
31.2.0.0 150.1.4.4 932 0x80000004 0x00AD2F 0
31.3.0.0 150.1.4.4 932 0x80000004 0x00A13A 0
51.51.51.51 192.10.1.254 923 0x80000005 0x009470 0
54.1.1.0 150.1.6.6 960 0x80000005 0x00665A 0
the problem here is that unnecessary information is now in the database of area 3, since area 3 has already a default route via R5, area 0 N2 5.5.5.5 routes is redundant.
Rack1SW2#show ip route ospf
155.1.0.0/24 is subnetted, 5 subnets
O 155.1.10.0 [110/180] via 155.1.108.10, 00:05:21, Port-channel1
O 155.1.5.0 [110/31] via 155.1.58.5, 00:05:21, Vlan58
223.255.255.0/32 is subnetted, 1 subnets
O N2 223.255.255.255 [110/20] via 155.1.108.10, 00:05:21, Port-channel1
5.0.0.0/32 is subnetted, 1 subnets
O N2 5.5.5.5 [110/20] via 155.1.58.5, 00:00:57, Vlan58
10.0.0.0/32 is subnetted, 1 subnets
O N2 10.10.10.10 [110/20] via 155.1.108.10, 00:05:21, Port-channel1
150.1.0.0/24 is subnetted, 3 subnets
O 150.1.5.0 [110/31] via 155.1.58.5, 00:05:21, Vlan58
O 150.1.10.0 [110/151] via 155.1.108.10, 00:05:21, Port-channel1
O*IA 0.0.0.0/0 [110/31] via 155.1.58.5, 00:05:21, Vlan58
solution: it is good to suppress type-7 LSA in this situation on the ABR itself. using the no-redistribution keyword onto the area 3 nssa statement. the type-7 are not generated for locally redistributed routes. but this will not prevent other devices inside the NSSA from performing redistribution such as SW4.
Rack1R5(config)#router ospf 1
Rack1R5(config-router)#area 3 nssa no-redistribution no-summary
Rack1R5(config-router)#area 3 nssa no-redistribution no-summary
verification: Area 3 has no longer a specific route to 5.5.5.5/32
Rack1SW2#show ip route ospf
155.1.0.0/24 is subnetted, 5 subnets
O 155.1.10.0 [110/180] via 155.1.108.10, 00:08:01, Port-channel1
O 155.1.5.0 [110/31] via 155.1.58.5, 00:08:01, Vlan58
223.255.255.0/32 is subnetted, 1 subnets
O N2 223.255.255.255 [110/20] via 155.1.108.10, 00:00:57, Port-channel1
10.0.0.0/32 is subnetted, 1 subnets
O N2 10.10.10.10 [110/20] via 155.1.108.10, 00:00:57, Port-channel1
150.1.0.0/24 is subnetted, 3 subnets
O 150.1.5.0 [110/31] via 155.1.58.5, 00:08:01, Vlan58
O 150.1.10.0 [110/151] via 155.1.108.10, 00:08:02, Port-channel1
O*IA 0.0.0.0/0 [110/31] via 155.1.58.5, 00:01:03, Vlan58
Rack1SW2#ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/11/25 ms
155.1.0.0/24 is subnetted, 5 subnets
O 155.1.10.0 [110/180] via 155.1.108.10, 00:08:01, Port-channel1
O 155.1.5.0 [110/31] via 155.1.58.5, 00:08:01, Vlan58
223.255.255.0/32 is subnetted, 1 subnets
O N2 223.255.255.255 [110/20] via 155.1.108.10, 00:00:57, Port-channel1
10.0.0.0/32 is subnetted, 1 subnets
O N2 10.10.10.10 [110/20] via 155.1.108.10, 00:00:57, Port-channel1
150.1.0.0/24 is subnetted, 3 subnets
O 150.1.5.0 [110/31] via 155.1.58.5, 00:08:01, Vlan58
O 150.1.10.0 [110/151] via 155.1.108.10, 00:08:02, Port-channel1
O*IA 0.0.0.0/0 [110/31] via 155.1.58.5, 00:01:03, Vlan58
Rack1SW2#ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/11/25 ms
while devices in Area 0 has the specific route for 5.5.5.5/32 as type-5 external LSA.
Routing entry for 5.5.5.5/32
Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 64
Last update from 155.1.0.5 on Serial1/0, 00:04:37 ago
Routing Descriptor Blocks:
* 155.1.0.5, from 150.1.5.5, 00:04:37 ago, via Serial1/0
Route metric is 20, traffic share count is 1
No comments:
Post a Comment