Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1348
Views
0
Helpful
8
Replies

OSPF NSSA Totally Stub area Design question

Go to solution
kevin.hu
Level 3
Level 3

‎01-12-2006 09:48 AM - edited ‎03-03-2019 11:26 AM

Hi, all,

I am designing an OSPF NSSA totally stub area and this area has 4 ABRs. However, I only want ABR1 to generate the default route to the area because this ABR connects to the Internet. ABR2-4 are just redundant path for internal traffic and these 3 ABRs should get their default route from ABR1 as well. So the question is, how do I do this? On ABR1 I should configure "area 1 nssa no summary". What about ABR2-4? If I don't want them to generate default route, can they receive the default route from ABR1 as well? Do I just configure "area 1 nssa" on ABR2-4? But that will let LSA3 leak into area 1 and I don't want that. I just want internal routes only within area 1 and everything else default route to ABR1.

Thank you in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pkhatri
Level 11
Level 11
In response to pkhatri

‎01-12-2006 04:49 PM

Hi Kevin,

To address your original requirements now :-)

First of all, you have a slightly conflicting requirement here. If you want your area to be a totally stubby NSSA, then you cannot have just one ABR generating a default. By definition, to make the area a totally stubby NSSA, you have to ensure that it does not receive any non-default type-3s from any of its ABRs. The only way to do this is to use 'area nssa no-summary'. However, as soon as you do this, all 4 ABRs will start injecting defaults into your area.

Therefore, I suggest you drop the idea of making it a totally stubby NSSA and just make it a standard NSSA area.

SO here's what you should do:

1. Configure ABR1 with:

area nssa default-information-originate

2. COnfigure ABR2-4 with:

area nssa

ABR1 will inject a default which will be used within the area and will also be used by the other ABRs. All of the ABRs (including ABR1) will still be available for routing internal traffic.

Hope that helps.. pls rate the post if it does.

Regards,

Paresh.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
olorunloba
Level 5
Level 5

‎01-12-2006 10:26 AM

You could use the area filter-list command to filter the type 3 announcements by the ABR.

0 Helpful

Go to solution
kevin.hu
Level 3
Level 3
In response to olorunloba

‎01-12-2006 10:31 AM

Another question is if I can configure one ABR as NSSA totally stub area and 3 other ABRs are regular NSSA. I don't think I can do that, can I?

0 Helpful

Go to solution
pkhatri
Level 11
Level 11
In response to kevin.hu

‎01-12-2006 12:06 PM

Hi Kevin,

You can certainly do that but it makes the whole point of making the a area a totally stubby NSSA area a moot point. The ABR configured for totally stubby NSSA will not inject any type-3s into the area whereas the other 3 will. The only advantage I see is that you are now designating this single ABR as the point of exit for all external routes (since it will advertise a type-3 default into the area and the others will not).

Hope that helps - pls rate the post if it does.

Regards,

Paresh.

0 Helpful

Go to solution
mheusinger
Level 10
Level 10
In response to pkhatri

‎01-12-2006 04:21 PM

Hi Paresh,

I think I have to disagree with one statement you gave. All ABRs (totally NSSA or not) will insert a default route into the NSSA area. I believe that is the point of NSSA.

The effect of configuring one ABR for totally NSSA and 3 others for "normal" NSSA will just result in the totally stub one never to be picked for internal routes unless the other 3 are down.

Hope this helps! Please rate all posts

Martin

0 Helpful

Go to solution
pkhatri
Level 11
Level 11
In response to mheusinger

‎01-12-2006 04:37 PM

Hello Martin,

That is not correct (in my opinion).. the reasoning follows :-)

A standard NSSA (that is, one that is not totally NSSA) does not generate a default route, by default. This is the way the Cisco implemenation works. The following document also states this quite clearly:

http://www.cisco.com/en/US/customer/tech/tk365/technologies_tech_note09186a0080094a74.shtml#nssas

I think the history behind this is that the Cisco OSPF implementation seems to be compliant with RFC1587, which states:

"In addition, an NSSA area border router can originate a default type-7 LSA (IP address of 0.0.0.0) into the NSSA."

It states the NSSA can originate a default, but does not mandate it - uses the word 'can'

The newer version of the NSSA RFC, RFC3101 (which I believe, is not fully implemented by Cisco) states:

"In addition, an NSSA border router should originate a default LSA (IP network is 0.0.0.0/0) into the NSSA.

It states the NSSA should originate a default which is a recommendation since it uses the word 'should'

So the difference in semantics within the RFCs can lead to a bit of confusion.

Here's my reasoning on why the standard NSSA does not generate a default: I believe this is to allow one of the ASBRs within the NSSA to generate a type-7 default that can be used without being overridden by the type-3 default that would have otherwise been generated. Making an NSSA totally stubby mandates the use of a default route because inter-area destinations would otherwise be unreachable.

So in the case described, if one ABR is totally NSSA and three are standard NSSA, I still think the behaviour would be that the totally NSSA would generate a type-3 default and suppress specific type-3s. The others would not inject a default but would inject specific type-3s.

Interesting discussion, this...

Regards,

Paresh.

0 Helpful

Go to solution
pkhatri
Level 11
Level 11
In response to pkhatri

‎01-12-2006 04:49 PM

Hi Kevin,

To address your original requirements now :-)

First of all, you have a slightly conflicting requirement here. If you want your area to be a totally stubby NSSA, then you cannot have just one ABR generating a default. By definition, to make the area a totally stubby NSSA, you have to ensure that it does not receive any non-default type-3s from any of its ABRs. The only way to do this is to use 'area nssa no-summary'. However, as soon as you do this, all 4 ABRs will start injecting defaults into your area.

Therefore, I suggest you drop the idea of making it a totally stubby NSSA and just make it a standard NSSA area.

SO here's what you should do:

1. Configure ABR1 with:

area nssa default-information-originate

2. COnfigure ABR2-4 with:

area nssa

ABR1 will inject a default which will be used within the area and will also be used by the other ABRs. All of the ABRs (including ABR1) will still be available for routing internal traffic.

Hope that helps.. pls rate the post if it does.

Regards,

Paresh.

0 Helpful

Go to solution
mheusinger
Level 10
Level 10
In response to pkhatri

‎01-13-2006 03:28 AM

Ooops,

I have overseen that in an NSSA with Ciscos implementation then there is no connectivity to external routes by default other then the ones redistributed into the NSSA area itself.

Thanks!

Martin

P.S.: Before people now start to wonder in which lottery I have won my CCIE: I did that a couple of years ago in WAN Switching. At that time everything above OSI layer2 was just PAYLOAD DATA ;-)

Now I am on my way to investigate the payload and find it quite interesting at times ;-)

0 Helpful

Go to solution
pkhatri
Level 11
Level 11
In response to mheusinger

‎01-13-2006 04:53 PM

That's cool Martin... Having a stub-kinda area and not injecting a default into it does sound non-intuitive at first.

Anyway, I'm glad we've got this sorted out now.

Regards,

Paresh.

P.S. Your participation in the forums is definitely appreciated, regardless of what sort of certification you hold.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card