OSPF Stub Areas, OSPF Totally Stubby Areas, OSPF NSSAs, OSPF Totally NSSAs.

Lessons Learned:

OSPF Filtering Overview

OSPF is an link-state routing protocol

-To calculate identical SPTs everyone must have the same input to the SPF (The LSDB)

-Implies that filtering cannot be configured within an area

Inter-are filtering through

-Stub areas

-LSA 3 Filter

--------------------------------

Used to control the specific LSA types that are allowed to pass through certain areas, or in the case of LSA 3s the specific routes that are allowed to pass through certain areas.

The issue with OSPF and filtering, is that everyone in the area needs to have the same copy of the LSDB. In order to get the same result of the SPT (shortest path tree). This mean that we cannot do filtering within the area but we can between areas as long as everyone inside the Link-state area has the same copy of the DB.

Stub Areas are one feature that can be used to accomplish this type of filtering.

OSPF Stub Areas.

Stub areas used to limit type of LSAs allowed to enter an area.

--Intra Area routes (O)

---LSA 1 & 2 (LSA1 = Router LSA / All links in an area |  LSA2 = Network, generated by the DR)

-Inter Area routes (O IA)

---LSA 3& 4 (LSA 3 = the summary of the routing info – moving intra to inter are a routes | LSA 4 = is the inter area reachability for the ASBR )

-External routes (E1 & E2)

---LSA 5  - (Generated by redistribution into OSPF)

-NSSA external routes (N1 & N2)

---LSA 7 (NSSA area routes )

All routers in the must agree on the Stub flag. When doing the Stub area configuration.

So either the area is a normal area an external area or it is an NSSA.

Note: Stub areas are not used to filter on a per-route basis but on a per link state type basis.

OSPF Stub:

Stub Area –

Removes external routes (LSA 5)

Removes ASBR advertisement (LSA4)

ABR  originates Inter-area default route (LSA 3)

Ebanbled on all routers in the area

#Area (area) stub

Note: the overall goal for the Stub areas type, is to inject a default route into them for external information.  This will limit the routes and simply add a default route to the area.

Best used when the ABR is the only physical path to the Area.

The only time when you might not want to do this is when there are multiple exit points out of the area. By removing the area types, it will give them less visibly into diverse paths.

Topology:

----------------

Configuration -

For this – I will configure area 10 as a Stub area, this means  I will need to configure everyone in the area as a Stub…..

So from this Topology I will need to configure R4, R6, R1 and R2 as Stub routers.

R6(config-router)#area 10 stub

R6(config-router)#

*Mar  1 00:09:03.615: %OSPF-5-ADJCHG: Process 10, Nbr 4.4.4.4 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Adjacency forced to reset

R6(config-router)#

================

R4(config-router)#area 10 stub

R4(config-router)# *Mar  1 00:09:54.287: %OSPF-5-ADJCHG: Process 10, Nbr 2.2.2.2 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Adjacency forced to reset

*Mar  1 00:09:54.291: %OSPF-5-ADJCHG: Process 10, Nbr 1.1.1.1 on FastEthernet0/1 from FULL to DOWN, Neighbor Down: Adjacency forced to reset

R4(config-router)#

*Mar  1 00:09:57.039: %OSPF-5-ADJCHG: Process 10, Nbr 6.6.6.6 on FastEthernet1/0 from LOADING to FULL, Loading Done

R4(config-router)#

================

R2(config-router)#area 10 stub

*Mar  1 00:11:24.051: %OSPF-5-ADJCHG: Process 10, Nbr 4.4.4.4 on FastEthernet0/1 from LOADING to FULL, Loading Done

R2(config-router)#

================

R2(config-router)#area 10 stub

R2(config-router)#

*Mar  1 00:11:24.051: %OSPF-5-ADJCHG: Process 10, Nbr 4.4.4.4 on FastEthernet0/1 from LOADING to FULL, Loading Done

R2(config-router)#

================

Note: we lose the ADJ because we have to do new flooding of LSAs.

We can now see that we will still have our O routes and our O IA routes but we will not have our E1 or E2 routes.

We will now have a default route that the ABR will be generating to the Stub area:

O*IA 0.0.0.0/0 [110/2] via 10.1.24.2, 00:01:33, FastEthernet0/0

               [110/2] via 10.1.14.1, 00:01:33, FastEthernet0/1

R4#

This should not change to forwarding path, the only difference is the now when we show an IP OSPF Database there should no longer be any TYPE 5 LSAs.

R4#sh ip ospf database

            OSPF Router with ID (4.4.4.4) (Process ID 10)

                Router Link States (Area 10)

Link ID         ADV Router      Age         Seq#       Checksum Link count

1.1.1.1         1.1.1.1         275         0x80000004 0x0010AF 2

2.2.2.2         2.2.2.2         265         0x80000004 0x00CCA3 3

4.4.4.4         4.4.4.4         264         0x80000009 0x0028A2 4

6.6.6.6         6.6.6.6         354         0x80000005 0x0098BD 2

                Net Link States (Area 10)

Link ID         ADV Router      Age         Seq#       Checksum

10.1.14.4       4.4.4.4         270         0x80000003 0x00AA4E

10.1.24.4       4.4.4.4         259         0x80000003 0x006E7C

10.1.46.6       6.6.6.6         354         0x80000001 0x00D7E4

                Summary Net Link States (Area 10)

Link ID         ADV Router      Age         Seq#       Checksum

0.0.0.0         1.1.1.1         285         0x80000001 0x0093A6

0.0.0.0         2.2.2.2         269         0x80000001 0x0075C0

1.1.1.0         1.1.1.1         285         0x80000002 0x006DC8

1.1.1.0         2.2.2.2         271         0x80000002 0x0063CC

3.3.3.0         1.1.1.1         287         0x80000002 0x002FFF

3.3.3.0         2.2.2.2         271         0x80000002 0x00111A

30.30.30.0      1.1.1.1         287         0x80000002 0x005F7E

30.30.30.0      2.2.2.2         271         0x80000002 0x004198

172.16.13.0     1.1.1.1         287         0x80000002 0x007CF2

172.16.13.0     2.2.2.2         271         0x80000002 0x006802

192.168.23.0    1.1.1.1         287         0x80000002 0x00EBCB

192.168.23.0    2.2.2.2         271         0x80000002 0x00C3F0

R4#

========================

Also – we should note that we now have the 0.0.0.0 routes generated by the ABRs. This is the default route that the ABR is advertising,  

OSPF Stub –

Totally Stubby Area

-removes External routes (LSA 5)

-Removes ASBR advertisements (LSA 4)

-Removes Inter-area default route (LSA 3)

Stub enabled on all routes in the area

#Area (Area) stub

Totally Stubby enabled in the ABR9s) of the area

# area (area) stub no-summary

========================

This will replace all the E 1 & 2 routes and even the LSA 3 routes and simply generate a default-route into the area.

So on R1 and R2 – we will need to change the stub area config and add the “no-summary” command.

R1(config)#router ospf 10

R1(config-router)#area 10 stub no-summary

------------------------------------------------------

R2(config-router)#area 10 stub no-summary

Now from the database –

R4#sh ip ospf database

            OSPF Router with ID (4.4.4.4) (Process ID 10)

                Router Link States (Area 10)

Link ID         ADV Router      Age         Seq#       Checksum Link count

1.1.1.1         1.1.1.1         1002        0x80000004 0x0010AF 2

2.2.2.2         2.2.2.2         991         0x80000004 0x00CCA3 3

4.4.4.4         4.4.4.4         990         0x80000009 0x0028A2 4

6.6.6.6         6.6.6.6         1081        0x80000005 0x0098BD 2

                Net Link States (Area 10)

Link ID         ADV Router      Age         Seq#       Checksum

10.1.14.4       4.4.4.4         997         0x80000003 0x00AA4E

10.1.24.4       4.4.4.4         986         0x80000003 0x006E7C

10.1.46.6       6.6.6.6         1081        0x80000001 0x00D7E4

                Summary Net Link States (Area 10)

Link ID         ADV Router      Age         Seq#       Checksum

0.0.0.0         1.1.1.1         73          0x80000002 0x0091A7

0.0.0.0         2.2.2.2         34          0x80000002 0x0073C1

R4#

The size of the DB is reduced and we now have only zero routes for form the ABRs. The only routes we should have are from routes within our own area.

The potential issues we could run into with the Stub area or the Totally stubby area. Is that since we’re filtering out the type 5 externals. It would not be valid to have a stub area that has other external information being redistributed into it.

Example, is if the stub area had other IGP routes being learned – EIGRP for example – These would not be allowed to be redistributed into the area because are 10 will disallow and external routes into the database.

This is where the Not-so-Stubby Area (NSSA) comes is.

NSSA

-allows NSSA external generation (LSA 7)

-Removes External routes (LSA 5)

- Removes ASBR Advertisements (LSA 4)

All routers must agree on the NSSA

# area (area) NSSA (Will appear in routing table as N1 or N2 routes)

ABR does not originate and default automatically

-Can be configured to generate LSA 7 default

#area (area) nssa default-information-originate

Once again all routers in the area will need to be configured as NSSA stub routers.

Now if I show the Ip ospf database -  should no longer have any type 5 LSAa but I will have the type 7

R7#sh ip ospf database

            OSPF Router with ID (19.19.19.7) (Process ID 10)

                Router Link States (Area 10)

Link ID         ADV Router      Age         Seq#       Checksum Link count

1.1.1.1         1.1.1.1         1009        0x80000002 0x0014AD 2

2.2.2.2         2.2.2.2         1009        0x80000002 0x00D0A1 3

4.4.4.4         4.4.4.4         238         0x80000006 0x001006 4

6.6.6.6         6.6.6.6         226         0x80000006 0x00F7E8 3

19.19.19.7      19.19.19.7      225         0x80000005 0x00DF1C 1

                Net Link States (Area 10)

Link ID         ADV Router      Age         Seq#       Checksum

10.1.67.7       19.19.19.7      225         0x80000001 0x00D570

                Summary Net Link States (Area 10)

Link ID         ADV Router      Age         Seq#       Checksum

0.0.0.0         1.1.1.1         1050        0x80000001 0x0093A6

0.0.0.0         2.2.2.2         1049        0x80000001 0x0075C0

1.1.1.0         1.1.1.1         1045        0x80000001 0x006FC7

1.1.1.0         2.2.2.2         1004        0x80000001 0x0065CB

3.3.3.0         1.1.1.1         1007        0x80000001 0x0031FE

3.3.3.0         2.2.2.2         1006        0x80000001 0x001319

30.30.30.0      1.1.1.1         1007        0x80000001 0x00617D

30.30.30.0      2.2.2.2         1006        0x80000001 0x004397

172.16.13.0     1.1.1.1         1047        0x80000001 0x007EF1

172.16.13.0     2.2.2.2         1006        0x80000001 0x006A01

192.168.23.0    1.1.1.1         1007        0x80000001 0x00EDCA

192.168.23.0    2.2.2.2         1046        0x80000001 0x00C5EF

                Type-7 AS External Link States (Area 10)

17.17.17.0      19.19.19.7      334         0x80000001 0x00408D 0

18.18.18.0      19.19.19.7      334         0x80000001 0x001CAE 0

19.19.19.0      19.19.19.7      334         0x80000001 0x00F7CF 0

R7#

Note the ABR now does not originate the default. We can configure it to – but it will not do this automatically. # area (area) nssa default-information-originate

R1(config-router)#area 10 nssa default-information-originate

R1(config-router)#^Z

R2(config-router)#area 10 nssa default-information-originate

O*N2 0.0.0.0/0 [110/1] via 10.1.24.2, 00:00:13, FastEthernet0/0

               [110/1] via 10.1.14.1, 00:00:13, FastEthernet0/1

R4#

---------------------------------------

Note: remember the path selection of OSPF.

Also if we we’re to go to a router insde another are – area 0 – we should se the NS1 or 2 route show as an E1 or 2 route.

R1#sh ip route

Gateway of last resort is not set

     17.0.0.0/24 is subnetted, 1 subnets

O E2    17.17.17.0 [110/20] via 10.1.14.4, 00:06:30, FastEthernet0/1

O E2    18.18.18.0 [110/20] via 10.1.14.4, 00:06:30, FastEthernet0/1

This is because it does not know the other area is a NSSA area.

Not so totally stubby area:

Not-so-totally stubby area

-allows NSSA External generation

-Removes External routes (LSA5)

-Removes ASBR advertisements (LSA 4 )

_removes Inter-area default route (LSA3)

NSSA enabled on all routers in area

#area (area )nssa

Totally Stubby enabled on ABR(s) of the are

# area (area nssa no-summary