cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
924
Views
7
Helpful
11
Replies

Preferred ABR to inject default to NSSA

MaximBudyonny
Level 1
Level 1

Hello,

I'm trying to implement redundant connection for a branch.

Branch has 2 uplinks to the network core:

-First through wide link but with intermediate router R-2.

-Second through low bandwidth link.

Each link is a separate NSSA area.

R1-CORE==low==>BRANCH<==wide==R-2==wide==R3-CORE

router R1-CORE acts as ABR for NSSA area 555. R3-CORE acts as ABR for NSSA area 3.

R1-CORE inserts default via command “area 555 nssa default-information-originate”

R3-CORE inserts default via command “area 3 nssa default-information-originate”

area 3 is configured on R-2 as NSSA with command “area 3 nssa”

Here is router configs

R1-CORE

=======

router ospf 200

router-id 10.255.255.5

log-adjacency-changes

area 0 authentication message-digest

area 555 authentication message-digest

area 555 nssa default-information-originate

R3-CORE

=======

router ospf 200

router-id 10.255.255.3

log-adjacency-changes

area 0 authentication message-digest

area 3 authentication message-digest

area 3 nssa default-information-originate

R-2

===

router ospf 200

log-adjacency-changes

area 3 authentication message-digest

area 3 nssa

BRANCH

======

router ospf 200

log-adjacency-changes

area 3 authentication message-digest

area 3 nssa

area 555 authentication message-digest

area 555 nssa

For reasons that are unknown to me branch router BRANCH receives default only from R1-CORE.

When low bandwidth link goes down default will not injected to router BRANCH from area 3.

What can cause such a strange behavior?

How can I configure this scheme to make injection of default from area 3 to router BRANCH preferable?

11 Replies 11

a.alekseev
Level 7
Level 7

put all interfaces in Branch in area 3

BRANCH

======

router ospf 200

log-adjacency-changes

area 3 authentication message-digest

area 3 nssa

Thank you for reply but this solution is not desirable.

Area 555 is a special area that's redistributes only from router R1-CORE.

This area was designed only for a low-bandwidth backup links.

Redistribution of area 3 through a low bandwidth link will cause saw-like routing.

e.g. branch will tries to reach other branches through low bandwidth area 3 links and not through a normal links and core area 0.

By the way on other branch routers desired default was regulated with a help of the parameter bandwidth.

Short answer is you are tring to do something that is against the basic design of OSPF.

In your case area 555 is not allowed to pass area 3 to get to area 0. The rule is "All areas in an OSPF autonomous system must be physically connected to the backbone area (area 0)"

Of course there are ways to get around this but both are strongly discouraged.

Preferred method is to use virtual links. This is not allowed in stub areas and I suspect is also not allowed in NSSA as you use.

Your other option is to build a GRE tunnel so that the remote router does not really see the other area. This would work in your case but because all your traffic really passes in a tunnel you may have MTU issues. You would form the OSPF neighbor over the tunnel but be careful because OSPF itself has MTU issue sometimes. You also have to be very careful not to advertise the end points of the tunnel over the tunnel itself or it will flap.

Not sure what to suggest both these options are meant as migration aid not really a good production design.

Dear Tim,

I think that you have not read very carefully my first post.

Area 3 starts on the ABR router R3-CORE than it goes through intermediate router R-2 to branch router BRANCH.

Router R3-CORE is ABR for areas 0 and 3.

That's why no virtual links are needed to connect area 3 to area 0. Area 3 is directly connected to area 0.

At last but not least virtual links couldn't be established through transit NSSA and stub areas, while area 3 is nssa.

Maybe I am misunderstanding but from your configurations the BRANCH router has 2 areas in it. This makes it a ABR router by definition. ABR router must have a connection to the area 0 to function correctly.

You could put the areas in 2 different OSPF processes on the branch router which would then make the router a ASBR which you could then use filters and redistribution to get the better path but this is asking for a routing loop unless you are very careful.

Hello,

Yes, router BRANCH is also ABR. But Area 3 is _DIRECTLY_ connected to area 0.

There are no transit areas between area 3 and area 0. So, virtual links or two OSPF processes etc are not needed.

I can agree that my design is not very optimal.

Let me to clarify situation.

There are 5 premises with routers placed on it. That's why one router was named R1-CORE another one - R3-CORE. These routers are connected to each other via high speed fully-meshed links.

These routers are network core. Area 0 is on all these routers.

Branch router can be connected with a primary high speed channel to any core router.

To carry routing information to the connected branches each core router has NSSA area on it.

Number of this area is equal to the number of the router.

e.g. router R1-CORE has NSSA area 1 and also NSSA area 555 for high cost and low bandwidth backups.

As I've mentioned earlier branch router can be connected to the different core routers.

Primary link to R1-CORE (area 1) backup link to R2-CORE (area 2).

That's why branch router can be ABR but areas on each branch router are always directly connected to area 0.

In a rare cases branch router may have high speed primary channel to core router e. g. R3-CORE (area 3) and backup channel via low speed connection to router R1-CORE (area 555).

In this case is desired that default will be injected from area 3 (or any other except 555) than from 555.

smitty6504
Level 1
Level 1

You should be able to add:

R1

default-information originate 10 or

default-information originate {your metric}

R3

default-information originate 20 or

default-information originate (your metric)

This will hold place one route in the routing table and the other in the ospf database.

Edison Ortiz
Hall of Fame
Hall of Fame

The Branch router will select the router with the highest Router-ID, in your case R1-CORE.

However, if the link goes down, the other router should deliver the default route.

I duplicated your environment and I was able to get the expected behavior.

If you can post the output from

Thank you Edison,

just now high bandwidth link to the branch router is down.

So, requested data will be posted later.

By the way, how many OSPF areas can exists on the router?

In Cisco documentation I saw that up to 3 areas including area 0.

Can you point out the documentation where you read this?

That's incorrect. A router can have 100s of areas, the concern should be on the amount of LSAs on each area as they consume router memory.

The amount of LSAs should be a concerned even when having 1 or 2 areas and that's why it's recommended to summarize between areas.

HTH,

__

Edison.

Hello Edison,

Your reply about more than 3 areas on a router was helpful to me.

Network design was changed dramatically. Each branch router now has only one NSSA area on it.

By the way, I didn't find Cisco document mentioned by me previously.

So, your answer helped me to resolve the issue. I'm greatly appreciated to you.

This topic may be marked as closed.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco