OSPF Stub - joelhill
advertisement
OSPF Stub Not-So-Stub-Area (NSSA) Totally Stub Totally Not-So-Stubby-Area (Totally NSSA) Since the goal of most network engineers is to have the routing table and small as possible sometimes these OSPF area types may help. Stub The stub is simple. Basically any OSPF inter-area route (outside the current area) will be replaced with a default route pointing to the ABR (Area Border Router) of that area. As an example we have R4 as the ABR (or hub in this Figure) and R4_1, R4_2, and R4_3 as the spokes. The configuration on R4_1 is as follows R4_1(config)#do sh run | sec router ospf router ospf 1 router-id 41.41.41.41 log-adjacency-changes network 41.41.41.41 0.0.0.0 area 1 network 172.16.4.0 0.0.0.255 area 1 Our configured loopback is 4.4.4.4 and the 172.16.4.0/24 network exists between R4, R4_1, R4_2, and R4_3. The network 192.168.45.0/24 exists only between R4 and R5. Let us take a look at the routing table on R4_1 R4_1#sh ip route ospf 51.0.0.0/32 is subnetted, 1 subnets O IA 51.51.51.51 [110/4] via 172.16.4.123, 00:03:57, FastEthernet1/0 O IA 192.168.45.0/24 [110/2] via 172.16.4.123, 00:03:57, FastEthernet1/0 4.0.0.0/32 is subnetted, 1 subnets O 4.4.4.4 [110/2] via 172.16.4.123, 00:03:57, FastEthernet1/0 53.0.0.0/32 is subnetted, 1 subnets O IA 53.53.53.53 [110/4] via 172.16.4.123, 00:03:57, FastEthernet1/0 172.16.0.0/24 is subnetted, 2 subnets O IA 172.16.5.0 [110/3] via 172.16.4.123, 00:03:57, FastEthernet1/0 52.0.0.0/32 is subnetted, 1 subnets O IA 52.52.52.52 [110/4] via 172.16.4.123, 00:03:57, FastEthernet1/0 9.0.0.0/32 is subnetted, 1 subnets O E2 9.9.9.9 [110/20] via 172.16.4.123, 00:03:57, FastEthernet1/0 Currently we see 5 routes that are outside of this current area. These routes originate on the other side of R5. The routes beginning with 51, 52, and 53 are all loopbacks brought into this network by the network 5x.5x.5x.5x 0.0.0.0 area 2 command. Pay close attention to the O E2 route of 9.9.9.9 (a static route on R5_1) which is being redistributed into OSPF from R5_1. This makes R5_1 (172.16.5.1) an Autonomous System Border Router. Take a look at the R4_1 OSPF database. R4_1#sh ip ospf database OSPF Router with ID (41.41.41.41) (Process ID 1) Router Link States (Area 1) Link ID count 41.41.41.41 43.43.43.43 172.16.4.2 192.168.45.4 ADV Router Age Seq# Checksum Link 41.41.41.41 43.43.43.43 172.16.4.2 192.168.45.4 365 992 991 365 0x8000002E 0x80000004 0x8000002D 0x8000002F 0x00D830 0x002BEF 0x00ECDD 0x0068CC Net Link States (Area 1) Link ID 172.16.4.123 ADV Router 192.168.45.4 Age 365 Seq# Checksum 0x8000003A 0x009B4F Summary Net Link States (Area 1) Link ID 51.51.51.51 52.52.52.52 53.53.53.53 172.16.5.0 192.168.45.0 ADV Router 192.168.45.4 192.168.45.4 192.168.45.4 192.168.45.4 192.168.45.4 Age 378 378 378 378 378 Seq# 0x80000004 0x80000004 0x80000004 0x80000006 0x8000002A Checksum 0x000EC1 0x00DFEB 0x00B116 0x007663 0x003EA3 2 2 2 2 Summary ASB Link States (Area 1) Link ID 172.16.5.1 ADV Router 192.168.45.4 Age 379 Seq# Checksum 0x80000001 0x006874 Type-5 AS External Link States Link ID 9.9.9.9 R4_1# ADV Router 172.16.5.1 Age 478 Seq# Checksum Tag 0x80000001 0x008C2D 0 You can see we are using both LSA (type 4 and type 5). Let us say that R5_1 is redistributing 10 routes and it is also our internet connection. We want to make our routing table smaller. What we can do in that case is make the area (area 1) a stub area. router ospf 1 router-id 41.41.41.41 log-adjacency-changes area 1 stub network 41.41.41.41 0.0.0.0 area 1 network 172.16.4.0 0.0.0.255 area 1 R4_1(config-router)#do sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 172.16.4.123 to network 0.0.0.0 51.0.0.0/32 is subnetted, 1 subnets O IA 51.51.51.51 [110/4] via 172.16.4.123, 00:00:07, FastEthernet1/0 O IA 192.168.45.0/24 [110/2] via 172.16.4.123, 00:00:07, FastEthernet1/0 4.0.0.0/32 is subnetted, 1 subnets O 4.4.4.4 [110/2] via 172.16.4.123, 00:00:07, FastEthernet1/0 53.0.0.0/32 is subnetted, 1 subnets O IA 53.53.53.53 [110/4] via 172.16.4.123, 00:00:07, FastEthernet1/0 172.16.0.0/24 is subnetted, 2 subnets C 172.16.4.0 is directly connected, FastEthernet1/0 O IA 172.16.5.0 [110/3] via 172.16.4.123, 00:00:07, FastEthernet1/0 52.0.0.0/32 is subnetted, 1 subnets O IA 52.52.52.52 [110/4] via 172.16.4.123, 00:00:07, FastEthernet1/0 41.0.0.0/32 is subnetted, 1 subnets C 41.41.41.41 is directly connected, Loopback0 O*IA 0.0.0.0/0 [110/2] via 172.16.4.123, 00:00:09, FastEthernet1/0 Looking at the OSPF database we can see that both Type 5 and Type 4 LSA’s (LSAs that help to describe the ASBRs) have been removed replaced with just the default route/Link ID of 0.0.0.0. R4_1(config-router)#do sh ip ospf database OSPF Router with ID (41.41.41.41) (Process ID 1) Router Link States (Area 1) Link ID count 41.41.41.41 43.43.43.43 172.16.4.2 192.168.45.4 ADV Router Age Seq# Checksum Link 41.41.41.41 43.43.43.43 172.16.4.2 192.168.45.4 75 74 74 76 0x80000030 0x80000006 0x8000002F 0x80000031 0x00F216 0x0027F1 0x00E8DF 0x0082B2 2 2 2 2 Net Link States (Area 1) Link ID 172.16.4.123 ADV Router 192.168.45.4 Age 71 Seq# Checksum 0x8000003D 0x0077FA Summary Net Link States (Area 1) Link ID 0.0.0.0 51.51.51.51 52.52.52.52 53.53.53.53 172.16.5.0 192.168.45.0 ADV Router 192.168.45.4 192.168.45.4 192.168.45.4 192.168.45.4 192.168.45.4 192.168.45.4 Age 83 83 83 83 83 84 Seq# 0x80000001 0x80000005 0x80000005 0x80000005 0x80000007 0x8000002B Checksum 0x005152 0x002AA6 0x00FBD0 0x00CDFA 0x009248 0x005A88 Not-So-Stubby-Area (NSSA) Let us say that router R4_3 will have a EIGRP router R10 attached to it and R4_3 will redistribute the EIGRP routes into OSPF like the following diagram. The first thing that you will notice is the following warning. R4_3(config-router)#redistribute eigrp 1043 subnets Warning: Router is currently an ASBR while having only one area which is a stub area Previously, we configured the OSPF domain to be a totally stub area. Remember that the only place we added the no-summary option was to the originator (hub) of our routes, namely R4 (172.16.4.123). With a totally stub area we only saw Type 1, 2, and 3 LSAs in the OSPF database. As you can see we have a route for the 10.10.10.10 route, which is the loopback of R10. R4_3(config-router)#do sh ip route | inc ^O|^D O IA 51.51.51.51 [110/4] via 172.16.4.123, 00:00:26, FastEthernet1/0 O IA 192.168.45.0/24 [110/2] via 172.16.4.123, 00:00:26, FastEthernet1/0 O 4.4.4.4 [110/2] via 172.16.4.123, 00:00:26, FastEthernet1/0 O IA 53.53.53.53 [110/4] via 172.16.4.123, 00:00:26, FastEthernet1/0 O IA 172.16.5.0 [110/3] via 172.16.4.123, 00:00:26, FastEthernet1/0 O IA 52.52.52.52 [110/4] via 172.16.4.123, 00:00:26, FastEthernet1/0 O 42.42.42.42 [110/2] via 172.16.4.2, 00:00:26, FastEthernet1/0 D 10.10.10.10/32 [90/156160] via 10.10.43.10, 00:19:58, FastEthernet1/1 O 41.41.41.41 [110/2] via 172.16.4.1, 00:00:26, FastEthernet1/0 O*IA 0.0.0.0/0 [110/2] via 172.16.4.123, 00:00:26, FastEthernet1/0 We are also redistributing this route from EIGRP into OSPF on router R4_3. router ospf 1 router-id 43.43.43.43 log-adjacency-changes area 1 stub redistribute eigrp 1043 subnets network 43.43.43.43 0.0.0.0 area 1 network 172.16.4.0 0.0.0.255 area 1 If this is the case then our R4 neighbor should be seeing the 10.10.10.10/32 route. R4(config-router)#do sh ip route | inc 10.10 R4(config-router)# We do not see it since it appears that the router R4_3 is not actually advertising the AS route of 10.10.10.10/32 and why should it since OSPF stub area’s do not allow Type 5 LSAs. This is also why we are not able to see the 9.9.9.9/32 route originating from R9. In order to enable the redistribution we need to turn off only stub and instead use not-sostub-area (nssa). We turn on nssa on all routers in that specific area. R4_3(config-router)#do sh run | sec router ospf router ospf 1 router-id 43.43.43.43 log-adjacency-changes area 1 nssa redistribute eigrp 1043 subnets network 43.43.43.43 0.0.0.0 area 1 network 172.16.4.0 0.0.0.255 area 1 R4(config)#do sh run | sec router ospf router ospf 1 log-adjacency-changes area 1 nssa network 4.4.4.4 0.0.0.0 area 1 network 172.16.4.0 0.0.0.255 area 1 network 192.168.45.0 0.0.0.255 area 0 What a difference as you can see in both the routing table as well as the OSPF database. R4(config)#do sh ip route ospf | inc 10.10 O N2 10.10.10.10/32 [110/20] via 172.16.4.3, 00:03:42, FastEthernet1/0 O N2 10.10.43.0/24 [110/20] via 172.16.4.3, 00:03:42, FastEthernet1/0 Just remember that Type 7 LSAs exist within the NSSA area but outside they are translated to Type 5. Router R4 is a great demonstration of the LSAs we use within the NSSA area and outside of it. We use Type 7 LSAs within this NSSA area and outside. If you note the Type 5 LSAs are coming from two places. The first NSSA is coming from 172.16.5.1 (Router 5_1) and the second from us since we will be converting the Type 7 LSA into a Type 5 when we are outside of this area. Router Link States (Area 1) Link ID count 41.41.41.41 43.43.43.43 172.16.4.2 192.168.45.4 ADV Router Age Seq# Checksum Link 41.41.41.41 43.43.43.43 172.16.4.2 192.168.45.4 577 596 557 595 0x80000044 0x8000001F 0x80000041 0x80000009 0x00529A 0x008273 0x004C62 0x0060F2 Net Link States (Area 1) Link ID 172.16.4.123 ADV Router 192.168.45.4 Age 557 Seq# Checksum 0x8000005C 0x00C08A Summary Net Link States (Area 1) Link ID 51.51.51.51 52.52.52.52 53.53.53.53 172.16.5.0 192.168.45.0 ADV Router 192.168.45.4 192.168.45.4 192.168.45.4 192.168.45.4 192.168.45.4 Age 600 601 601 601 601 Seq# 0x80000009 0x80000009 0x80000009 0x80000009 0x80000009 Checksum 0x00A91B 0x007B45 0x004D6F 0x0016BA 0x0026D6 Type-7 AS External Link States (Area 1) 2 2 2 2 Link ID 10.10.10.10 10.10.43.0 ADV Router 43.43.43.43 43.43.43.43 Age 360 360 Seq# Checksum Tag 0x80000001 0x00E430 0 0x80000001 0x00DC21 0 Type-5 AS External Link States Link ID 9.9.9.9 10.10.10.10 10.10.43.0 ADV Router 172.16.5.1 192.168.45.4 192.168.45.4 Age 297 360 360 Seq# 0x8000000C 0x80000001 0x80000001 Checksum 0x007638 0x002809 0x0020F9 Tag 0 0 0 The Wireshark capture also highlights that this is a LS Type NSSA AS-External_LSA. Totally Stub Area It would make further sense in this situation, when we have the network topology configured as a hub (R4_1, R4_2, and R4_3) and spoke model (R4) that we only need the default route for all routes outside of our area. This is where Totally Stub Area comes in. This is what it looks like from R4_1. R4_1(config-router)#do sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 172.16.4.123 to network 0.0.0.0 4.0.0.0/32 is subnetted, 1 subnets 4.4.4.4 [110/2] via 172.16.4.123, 00:00:11, FastEthernet1/0 172.16.0.0/24 is subnetted, 1 subnets C 172.16.4.0 is directly connected, FastEthernet1/0 42.0.0.0/32 is subnetted, 1 subnets O 42.42.42.42 [110/2] via 172.16.4.2, 00:00:11, FastEthernet1/0 43.0.0.0/32 is subnetted, 1 subnets O 43.43.43.43 [110/2] via 172.16.4.3, 00:00:11, FastEthernet1/0 41.0.0.0/32 is subnetted, 1 subnets C 41.41.41.41 is directly connected, Loopback0 O*IA 0.0.0.0/0 [110/2] via 172.16.4.123, 00:00:11, FastEthernet1/0 O The simple keyword needs to be added on the ABR (R4). router ospf 1 log-adjacency-changes area 1 stub no-summary network 4.4.4.4 0.0.0.0 area 1 network 172.16.4.0 0.0.0.255 area 1 network 192.168.45.0 0.0.0.255 area 0 We can see that the Type 3 LSA’s have been reduced to just having the default route. No Type 4 or Type 5 (routes outside of the OSPF domain) routes are permitted which is fine R4_1(config-router)#do sh ip ospf data OSPF Router with ID (41.41.41.41) (Process ID 1) Router Link States (Area 1) Link ID count ADV Router Age Seq# Checksum Link 41.41.41.41 43.43.43.43 172.16.4.2 192.168.45.4 41.41.41.41 43.43.43.43 172.16.4.2 192.168.45.4 176 175 171 176 0x80000034 0x80000008 0x80000031 0x80000033 0x00EA1A 0x0023F3 0x00E4E1 0x007EB4 2 2 2 2 Net Link States (Area 1) Link ID 172.16.4.123 ADV Router 192.168.45.4 Age 172 Seq# Checksum 0x80000042 0x006DFF Summary Net Link States (Area 1) Link ID 0.0.0.0 ADV Router 192.168.45.4 Age 779 Seq# Checksum 0x80000001 0x005152 Before adding the no-summary option at a packet level the Summary-LSA (Type 3) can be seen as multiple routes. Once the area 1 stub no-summary command is executed on R4 those LSAs are replaced with just the Link State ID of 0.0.0.0 and netmask of 0.0.0.0. What happens when we want to add a route to this area but it is not a OSPF router, instead it is an EIGRP router. However, one thing to note, when configuring any stub, nssa, or totally nssa, the packet will change. Take a look. You can see that the External Routing Capability is set from R4_1 (172.16.4.1). Let us go ahead and add the area 1 stub to the router configuration. R4_1(config-router)#area 1 stub *May 25 16:30:45.734: %OSPF-5-ADJCHG: Process 1, Nbr 43.43.43.43 on FastEthernet1/0 from 2WAY to DOWN, Neighbor Down: Adjacency forced to reset *May 25 16:30:45.734: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.4.2 on FastEthernet1/0 from 2WAY to DOWN, Neighbor Down: Adjacency forced to reset *May 25 16:30:45.738: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.45.4 on FastEthernet1/0 from FULL to DOWN, Neighbor Down: Adjacency forced to reset R4_1(config-router)#do sh run | sec router ospf router ospf 1 router-id 41.41.41.41 log-adjacency-changes area 1 stub network 41.41.41.41 0.0.0.0 area 1 network 172.16.4.0 0.0.0.255 area 1 As you can see once that happens all neighbors adjacency is reset. They also do not come back. Why? R4_1(config-router)#do sh ip ospf nei Neighbor ID Pri Interface 43.43.43.43 0 FastEthernet1/0 172.16.4.2 0 FastEthernet1/0 192.168.45.4 1 FastEthernet1/0 State Dead Time Address DOWN/DROTHER - 172.16.4.3 DOWN/DROTHER - 172.16.4.2 DOWN/DROTHER - 172.16.4.123 Once those adjacencies reset I would expect R4_1 to reset those adjacencies. The reason that this is not happening is because the hello packet has changed. The one thing you do see is that the External Routing Capability is not set. The remaining routers R4_2, R4_3, and R4 all have this bit set. In order to solve this problem we need to set all of the routers, especially R4 to also be aware that this area is a stub area. Once we add the area 1 stub command under the router’s R4_2 and R4_3 ospf configuration we see the following. R4_2(config-router)#do sh ip ospf nei Neighbor ID Pri Interface 41.41.41.41 0 FastEthernet1/0 43.43.43.43 0 FastEthernet1/0 192.168.45.4 1 FastEthernet1/0 State Dead Time Address 2WAY/DROTHER 00:00:32 172.16.4.1 2WAY/DROTHER 00:00:35 172.16.4.3 DOWN/DROTHER - 172.16.4.123 Remember that R4 (192.168.45.4) has it’s priority at the default of 1 and the other routers have a priority of 0 (Pri) which means that they will not participate in the Designated router / Backup Designated router elections. Totally Not-So-Stub-Area (Totally NSSA) The Totally NSSA is much like the Totally Stub in that we configure it in basically the same way and we get similar results. On the ABR we have area 1 configured to be a nssa area. Which means that we can have an ASBR (namely R4_3, 172.16.4.3) redistribute the EIGRP route (10.10.10.10) into the area. Below is the configuration for the R4 router as well as the routing table of one of the inter-area (within the same area) routers. R4#sh run | sec router ospf router ospf 1 log-adjacency-changes area 1 nssa network 4.4.4.4 0.0.0.0 area 1 network 172.16.4.0 0.0.0.255 area 1 network 192.168.45.0 0.0.0.255 area 0 R4_2(config-router)#do sh ip route ospf 51.0.0.0/32 is subnetted, 1 subnets O IA 51.51.51.51 [110/4] via 172.16.4.123, 00:05:54, FastEthernet1/0 O IA 192.168.45.0/24 [110/2] via 172.16.4.123, 00:05:54, FastEthernet1/0 4.0.0.0/32 is subnetted, 1 subnets O 4.4.4.4 [110/2] via 172.16.4.123, 00:12:19, FastEthernet1/0 53.0.0.0/32 is subnetted, 1 subnets O IA 53.53.53.53 [110/4] via 172.16.4.123, 00:05:54, FastEthernet1/0 172.16.0.0/24 is subnetted, 2 subnets O IA 172.16.5.0 [110/3] via 172.16.4.123, 00:05:54, FastEthernet1/0 52.0.0.0/32 is subnetted, 1 subnets O IA 52.52.52.52 [110/4] via 172.16.4.123, 00:05:54, FastEthernet1/0 43.0.0.0/32 is subnetted, 1 subnets O 43.43.43.43 [110/2] via 172.16.4.3, 00:12:19, FastEthernet1/0 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks O N2 10.10.10.10/32 [110/20] via 172.16.4.3, 00:05:49, FastEthernet1/0 O N2 10.10.43.0/24 [110/20] via 172.16.4.3, 00:05:49, FastEthernet1/0 41.0.0.0/32 is subnetted, 1 subnets O 41.41.41.41 [110/2] via 172.16.4.1, 00:12:19, FastEthernet1/0 Those O Intra-Area routes of 52.52.52.52 , 53.53.53.53 and 172.16.5.0/24 appear but much like the Totally Stub we can collapse these into one default route by simply placing the no-summary keyword on router 4. R4_2(config-router)#do sh ip route ospf 4.0.0.0/32 is subnetted, 1 subnets O 4.4.4.4 [110/2] via 172.16.4.123, 00:22:07, FastEthernet1/0 43.0.0.0/32 is subnetted, 1 subnets O 43.43.43.43 [110/2] via 172.16.4.3, 00:22:07, FastEthernet1/0 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks O N2 10.10.10.10/32 [110/20] via 172.16.4.3, 00:04:15, FastEthernet1/0 O N2 10.10.43.0/24 [110/20] via 172.16.4.3, 00:04:15, FastEthernet1/0 41.0.0.0/32 is subnetted, 1 subnets O 41.41.41.41 [110/2] via 172.16.4.1, 00:22:07, FastEthernet1/0 O*IA 0.0.0.0/0 [110/2] via 172.16.4.123, 00:04:20, FastEthernet1/0 What is more interesting is the LSUpdate packets that are sent out. We not only send out the default LS Update of 0.0.0.0/0.0.0.0 but we also send out the LS Updates of the more specific routes as well.
