We have a totally stubby NSSA configured. Is there a way we can block the default route generated by the ABR? The reason is we need the routers to learn the default from another ASBR instead of this ABR.
if the ASBR is in the same routing domain as the ABR, you cold use the 'default-information originate always' command on the ASBR.
Not sure about filtering. You can, however, prefer one ABR over another by increasing the cost of the default route on the ABR you want to be less attractive.
area x default-cost [value]
If you choose to use default-information originate on the ASBR, you'll need to make certain you set your metrics as Rob notes.... And you won't be able to get the ABR's default preferred over the ABR's unless you use default information origination on the ASBR (since the ASBR's default is probably an external, rather than an internal). You should be able to filter the ABR's default, though using type 3 filtering:
Or at least I would think so (I've not run it up in the lab to check it, though).
Does it really matter that one is an ASBR and one is an ABR ?
If both routers are connected to the stub they are both injecting an "IA 0.0.0.0/0" route by default.(area x default-cost [value] will make one of the 2 IA routes a better choice.)
Now that I think of it, the route generated using "default-information oringate always" on the ASBR will not even make it into the stub area, right ? This is an external route.
hi. thanks for your advise.
tuning the area cost may not work. ASBR generates default routes as external type, but ABR generates it as IA type, which is preferred by the routers (without comparing cost).
OSPF ABR Type 3 LSA Filtering may be a good idea. we will try it.
From a design perspective, if you have a "totally" stubby NSSA, how do you provide connectivity from this area to the rest of the AS. Usually the default gateway originated by the ABR as a IA is the one route that provides connectivity back to the rest of the AS. Are you really running a NSSA with "no-summary" on the ABR?
Am I missing something,
area x default-cost [value]
does not work ?
The whole purpose of this is to change cost on the default IA route.
yes, the command is to change the IA route cost.
However no matter how much the IA route cost is, it is still preferred than the External route generated by ASBR.
By default, ASBR genenrates default route as external type, and ABR generate IA type.
Well yes, that is sort of my point. The external default route will not make it into the area because it is a stubby area and the default is an External LSA. Even if you filter out the IA route I would think that the default route being advertised by the ASBR would not make it into the area anyways, because it is type 5.
Guess the topology is not clear to me. If you have two routers attached to the stub area, one of them being an ASBR you can cost the links so the ASBR is preferred.
In an NSSA you can generate the default as a type 7 LSA as opposed to a type 5 LSA, which as you said won't be permitted in a stubby or NSSA.
The type 7 LSA will in turn be transLATED into a type 5 by the ABR, which in doing so becomes the ASBR for the external route.
Oh well, I am reminded of how difficult it used to be working in support, reading email and trying to find out what someones network looks like is a bit challenging :-)
I defenitely understand the type 7 to type 5 LSA to provide connectivity for an external network attached to a NSSA. Just not sure how this has anything to do with a default route coming from area 0 into the NSSA.
Hmmm.... I see this committed into 12.1(08a)E, which should be the CAT 6500, right? It's a generic IOS feature, so it should be there someplace, I would think (?).
You are right. It is definitely available in the 12.1E train. I'm running 12.1(8b)E13 and this feature is available.
*Oct 3 10:59:11.271: %SYS-5-CONFIG_I: Configured from console by console
Cisco Internetwork Operating System Software
IOS (tm) MSFC Software (C6MSFC-JSV-M), Version 12.1(8b)E13, EARLY DEPLOYMENT REL
EASE SOFTWARE (fc1)
BXB-MSFC-10:8B(config-router)#area 3 ?
authentication Enable authentication
default-cost Set the summary default-cost of a NSSA/stub area
filter-list Filter networks between OSPF areas
nssa Specify a NSSA area
range Summarize routes matching address/mask (border routers only)
stub Specify a stub area
virtual-link Define a virtual link and its parameters
I'd like to elaborate the original question a bit.
In the Totally Stubby NSSA, we have 2 ABRs, 1 internal router and between 1 of the ABR and the internal router lies the ASBR (doubt as Internet Router).
The reason why we would like to make this as a Totally Stubby NSSA is that we dont want the ASBR and the Internal Router to keep a lot of External and Inter-Area routes from the rest of the network.
Instead, the Internal and the ASBR only need to know the summary of our network which the ABRs are the only way in. The ASBR on the other hand generates the default route to the rest of the OSPF network.
1. Internal router prefers the default route generated by the ABR since it is IA as oppose to ASBR which is N2 (Type 7 2)
2. The rest of the OSPF routers in the whole OSPF domain have the default route in the routing table pointing to the Internet Router (ASBR), including the ABR in the TS NSSA.
3. There's a loop between the Internal router in the TS NSSA and the ABR since the internal router points to the ABR and the ABR points back to the internal router to reach the ASBR.
4. The internal router and the ASBR do not know how to reach the rest of the internal network unless we create a dummy static route in the ABRs with higher distance pointing the interface to the backbone area and redistribute it (any other solution that this? coz this seems to cause a loop between the backbone area and the ABR in the TS NSSA which has the static route). What about we move this static route in the backbone routers pointing to the null0?
Now, the question are:
1. How to make the ABRs not to generate a net summary default route OR make the internal router in the TS NSSA prefer the default route generated by the ASBR ( we tried to increase the cost/metric but it didnt helped due to the fact that the ABR default route is IA and the ASBR is N2, IA is preferred over N2).
2. The internal router and the ASBR do not know how to reach the rest of the internal network unless we create a dummy static route in the ABRs with higher distance pointing the interface to the backbone area and redistribute it (any other solution that this? coz this seems to cause a loop between the backbone area and the ABR in the TS NSSA which has the static route). What about we move this static route in the backbone routers pointing to the null0?
3. Should the area be just a normal area and not TS NSSA? if so, how to achieve our goal?
- Internal Router(s) and ASBR will only know a summary route to the rest of the internal network via the ABR and has a default route to the ISP generated by the ASBR.
NOTE: ASBR is running OSPF and BGP; Internal router(s) are Checkpoint Firewall running OSPF.
I totally concur. From a design standpoint, you don't want to configure the NSSA as a totally stubby if the external route you want to propagate in the AS is the 0/0.
To provide connectivity to the rest of the AS and allow the 0/0 to propagate throughout the AS, you need to allow the type 3 LSA in the NSSA.
As far as allowing only one summary in the NSSA, this could be difficult since it is not possible to further summarize at the NSSA ABR summary LSAs received via area 0. One potential solution would be to have an "area 0 range" command that would include all of the address range present in the AS and to use a "area x filter" to prevent other summary LSAs to make it in the NSSA.