default-information originate (OSPF) and NSSA

cliff.bowles · ‎08-01-2006

Greeetings.

I have a quick question: You have Router-A as an ABR touching Areas 0 and 1.

Area 1 is an NSSA area.

In Area 1, you have Router-B that connects to an ISP. You create a static default route to the ISP.

Can the NSSA Router-B still inject the default-route into OSPF via the default-information originate command?

What about if it is NSSA no-summary?

The reason I ask is that Router-B is a smaller Pix in the case that I'm thinking of, and I'd rather not have the full corporate routing table on there. I'd prefer NSSA no-summary, but then won't that thing see two default routes? (One static and one injected by the ABR)

Thanks in advance for any help.

CWB

ilya.varlashkin · ‎08-01-2006

It's definetely will lead to having two 0.0.0.0/0 routes in that area. And without having view of the rest of the network, how should PIX find other internal networks since its default is statically pointing to ISP?

If your network is well summarised, you could make dedicated normal (non-NSSA) area for your PIX. Sole purpose of this area will be to advertise one aggregate address towards PIX(es) and filter everything else (using Type-3 LSA filtering). Then PIX(es) will have quite small routing table and will be still able to advertise default route.

cliff.bowles · ‎08-02-2006

Ilya, thanks for responding, that was helpful. I don't have the option to change the area type at this time, unfortunately. I think Sundar's suggestion is my best option right now.

Thanks again,

CWB

ilya.varlashkin · ‎08-02-2006

Cliff, I'm glad you find that helpful.

Now thinking of it, even better solution could be to have your two redundant (aren't they?) PIXes just statically routing your internal networks to an virtual IP address maintained by HSRP/VRRP on some of your capable routers, those routers in turn will have static default pointing towards active PIX and in turn redistributing it into OSPF. This way you don't have to worry about route filters and resources, configs will become more simple and easier to maintain, while still providing you with redundancy.

sundar.palaniappan · ‎08-01-2006

Hi,

You do not want to use 'nssa no-summary' option as that would cause Router-A (ABR) to inject a default into Area 1 as Type-7 LSA. Configure area 1 as an nssa area (without the keyword no-summary) and the Router-A would advertise only up to Type-3 LSA to Router-B.

NSSA Router-B , which happens to be the ASBR, can inject a default route with the command 'area 1 nssa default-information originate' command. When Router-A learns the default route it would transalate that into Type-5 LSA (external) and advertise it to the rest of the OSPF domain.

If you have a large corporate routing table and do not want Router-B to learn them configure Area 1 as stub (not NSSA) and summarize type-3 LSAs using the 'area range' command on Router-A into Area 1. In this case you can advertise the default route from Router-B as a type-5 LSA using the redistribute or default-information originate command.

Hope that helps!

Regards,

Sundar

cliff.bowles · ‎08-02-2006

Sundar, thank you, that's very helpful. One further question:

Using the first scenario where area 1 is NSSA, and Router-A learns the default route from Router-B, Router-A will not need to use the 'default-information originate' commands to carry the default route into area 0, correct? It will just be seen like any other external route?

Just making sure...

CWB

sundar.palaniappan · ‎08-02-2006

Hi,

That's correct. Router-A by default will transalate the type-7 LSA (default route) to type-5 (external) LSA and advertise it to all other OSPF routers.

Regards,

Sundar