OSPF Stub and NSSA

Hi Networkers, I am back with OSPF again. While I was writing my previous blog about LSA I realized that without writing about Stub networks it wouldn’t be complete. So let’s begin with the same topology as we discussed earlier.

In OSPF, Stub is a special area where we filter out some special type of LSA from the Database in order to control the router’s routing table. Less LSA in a database means less memory requirement and less possessing cycle requirements during SPF execution. Also, we know that database of every router in an area remains same, so we can’t control a particular type of LSA at an individual Router level and that’s why we have to restrict them at area level. I believe you all are well aware about OSPF LSA Types (If not I would recommend you to first read my previous blog about OSPF LSA for better understanding about it). I wish to remind you one important thing that, Stub flag is one of the must match parameter, exchanged in Hello packets between two routers to establish the OSPF neighborship. In general we can find three statuses of Stub Flag, OFF (Normal Area), STUB and NSSA. So, all routers in an Area must have same Stub flag status in order to have proper convergence. Let’s begin with different type of stub areas.

STUB AREA is created to simply discard type 4 (ASBR Summary) and 5 (External) LSA from the OSPF database. LSA-4 and LSA-5 are generated on redistribution of routes from other routing protocol into OSPF. Stub Area can be achieved by following command at every router in an AREA including ABRs.

Router(config)#router ospf 1
Router(config-router)#area 1 stub

This command will convert Area 1 into a Stub Area, if applied at every router in this area. In compensation to the LSA-4 and LSA-5 a default route is installed in the database as LSA-3 generated by ABRs. If you see the Database of any router of Area-1 you will find LSA-4 and LSA-5 segment missing. However, you will see a Summary LSA as 0.0.0.0 prefix.

So in a Stub Area there is no information about any external route and only LSAs of OSPF domain remains in the database. Still, you will be able to reach those external prefixes as Stub has a default route towards the backbone area and backbone has information about the reachability to external routes.

In Sort, we can summarize a STUB AREA as,

No LSA-4, No LSA-5

No Redistribution permitted

Default route generated by an ABR (As LSA-3)

TOTALLY STUB AREA is the one, which has only locally originated LSAs from the same area ie. LSA 1 and LSA 2. Rest all other LSAs (propagated from other areas ie. Type-3, Type-4 and other protocols due to redistribution ie. Type-5) is removed. This is one of the most processor efficient areas because routers in a Totally Stub Area have smallest database. Now think about a Stub area, it has already deleted LSA -4 and LSA-5 from the database, so who can best control the LSA-3. Truly, its ABR (since ABR is the one which generates LSA Type-3 into an Area). So if we prevent ABRs to propagate LSA-3 into Stub area, we will form a Totally Stub Area. All we need is to run following command on ABRs (rest all routes in that area will remain like a normal Stub Area router)

Router(config)#router ospf 1
Router(config-router)# area 1 stub no-summary

After running this command database will have information of only its local area, and only one LSA-3 of default route. So routers in a Totally Stub area should still be able to reach everywhere because of this default route.

Summarizing Totally Stub Area,

No LSA-3, No LSA-4 and No LSA-5

No Redistribution permitted

Default route generated by an ABR (as a LSA-3)

Smallest database

NSSA (Not So Stubby Area) is a special type of Stub area. Like we saw earlier Stub is used to discard LSA Type-4 and LSA Type-5, which means any redistribution in this area or any redistributed route from another area will not be installed in the database. Now assume this Stub area is connected with some link where some other routing protocol is running and we need to redistribute external routes in order to have reachability to the external domain. Now either we need to change Stub area back into a normal one or apply some mechanism to install external routes in Stub Network. NSSA uses the second methodology by generating a special LSA called NSSA External (Type-7). In NSSA, OSPF allows redistribution of external prefixes and stores them as Type -7 LSA, However, external routes from other area are still not allowed to get installed into the database of NSSA router. As mentioned initially, NSSA has Flag status different than that of a Stubby Area, so if you are transforming a Stub area into NSSA, you need to remove Stub configuration first and make area as a normal one and then do NSSA configuration on all routers of this Area.

Router(config)#router ospf 1
Router(config-router)# area 1 NSSA

After farming NSSA you will find only Type-1, Type-2, Type-3 and Type-7 LSAs in the database. Now redistributed routes in NSSA will be installed in the routing table as N1 or N2 routes instead of E1 or E2.There is one more difference that no default route is generated by an ABR (Like we were getting a default route of Type-3 in Stub and Totally Stub areas).

This is helpful in a certain situation, say, if we are connected to some gateway at NSSA which is providing a default route by external protocol. So if we would be getting a default route from ABR, this external default route will be discarded.

Please be aware of the route selection procedure of OSPF for a same prefix length.

 O > IA > E1 > E2 N1 > N2

This means OSPF selects Intra-Area routes at first, then it looks for Inter-Area routes. Then it checks for redistributed routes in sequence of External (LSA-5) Type-1 and Type-2 then after it elects NSSA External (LSA-7) Type-1 and Type-2.

So, assume you redistributed a default route in NSSA which is installed as N1 or N2, and also you get a default route from ABR as Type-3 which is supposed to get installed as Inter Area route. I hope you can derive from the sequence above that N1 or N2 (redistributed) default route will be discarded.

However, if you are not in a situation, similar as described above, ABR can generate a default route anytime, to complete the reachability of other routes blocked in the NSSA. Command at ABR, to generate default route in the NSSA,

Router(con)fig#router ospf 1
Router(config-router)# area 1 NSSA default-information-originate

Be informed that this default route will not be a LSA-3, but a LSA-7 of Type-2 (N2). This means if you need to redistribute any external default route, you can install external default route by redistributing it as external type-1 route (N1)

Wrap up the Not-So-Stubby Area (NSSA), we can note following points,

Identical to STUB Area (No LSA-4, No LSA-5)

Redistribution Allowed in NSSA (Redistributed routes installed as special type, LSA-7)

Manual default route may be generated by ABR (as LSA-7 Type-2 ie.N2)

Totally-Stubby-Not-So-Stubby Area, I guess, you will be confused with its name, Stubby,still not so stubby, but totally stubby.. Huh…  I have to confess that I too had such expression at first, but later I realized, it’s not actually that confusing, if you understood all Areas discussed above. It’s just a hybrid of Totally Stubby area and NSSA.

In this Area, we filter-out LSA Type-3 in addition to LSA-4 and LSA-5 like a Totally Stub Area, however redistribution is allowed and external routes are installed in the database as a LSA-7, similar to an NSSA. All routers in this area have NSSA Flag set. But similar to Totally Stub Area, filtering of LSA-3 routes is done by ABR, and to maintain the reachability they generate a default route of LSA Type-3.  So comparing the configuration of NSSA, there is only changed at ABR as below,

Router(con)fig#router ospf 1
Router(config-router)# area 1 NSSA no-summary

You will see only LSA-1, LSA-2, one Default route of LSA-3 and LSA-7 in this Area.

Although you can manually generate a Type-7 (N2) default route in addition to Type-3 default route in this area, but there is no reason why you need to do so.

Router(config-router)# area 1 NSSA no-summary default-information-originate

Summarizing a Not-So-Stubby-Totally-Stubby Area

No LSA-3, No LSA-4, No LSA-5

Redistribution is allowed as a special Type-7 LSA

Default route is generated by an ABR (as LSA Type-3)

LSA-7 generated in NSSA is translated back into LSA-5, when it crosses the area boundary. A normal area doesn’t have a LSA-7 field in its database so, when, ABR propagate the information of NSSA redistributed routes in a normal area, it installs them as a normal external route and stores them as LSA-5. Also, if an NSSA has multiple ABRs, only one ABR with highest Router-ID does this Type-7 to Type-5 conversion, to reduce the duplication of LSAs.

New LSA (translated from Type-7 to Type-5) holds slight different information than that of a normal Type-5 LSA. In a translated LSA-5, translating ABR ID is stored as the Advertizing Router ID while in a typical LSA-5 it is kept as ASBR’s address. And in a translated LSA-5 packet, ASBR address (of NSSA) is represented as Forwarding Address while in a typical LSA-5 this field is left as default which is found using LSA-4.

There is one more scenario when an ABR is connected to Backbone Area and NSSA and doing route redistribution from some other routing protocol into OSPF. Means targeted router is an ABR to an NSSA and an ASBR at the same time. Now if you will redistribute external routes in OSPF, there will be LSA-5 generated against each route in backbone area and at the same time NSSA will install LSA-7 against same routes. Also, when translating back to LSA-5 from LSA-7 there will be another entry in Backbone for the same routes. We can skip such situation by disallowing this router to perform any redistribution in the NSSA and allow redistribution only in normal area as Type 5 LSA. The command line is simple and need to be configured on targeted router,

Router(config-router)# area 1 NSSA no-redistribution

I hope you enjoyed this blog. Do comment your views, and correct me please, if you see any mistake.

OSPF Link State Advertisement (LSA)

I have spoken many folks getting confused about OSPF LSAs. It’s not that confusing if you know the database architecture of OSPF. LSAs (Link State Advertisements) are some sort of routing information about a specific category of routes.  Unlike other routing protocols OSPF stores routing information in a very structured and detailed way in its database. Every LSA contains a unique information about a route advertized in OSPF domain and based on this information OSPF builds its database and stores LSA in an appropriate category. During convergence every router in an area exchange their LSAs and form same database so they end up by plotting the same topology map. Finally, they run Dijkstra's SPF algorithm to calculate the cost to reach other routes advertised by other routers, and best route gets installed in the routing table. (Although, database of every router in an area is exactly same, but their reachability to any particular route differs than the other so they end up with different routing results).

Lets discuss in detail about individual LSA types. There are 11 types of LSAs in OSPF database, however, only LSA 1 to LSA 5 and LSA 7 are used in normal OSPF convergence, other types are used in IPv6 and traffic engineering. Have a look on topology below. Router R1 and R4 are acting as an ABR to Area 2 while R3 acting as an ABR to Area 1. R6 is connected to a RIP network and redistributing RIP routes (172.16.1.0/24, 172.16.2.0/24 and 172.16.3.0/24) into OSPF. Examine the database and individual LSA entries from the router R2 (since database remains same at every router in an area so the same outputs can be found at any router in Area 0).

 R2#show ip ospf database 

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Router Link States (Area 0)

Link ID     ADV Router    Age         Seq#       Checksum Link count

1.1.1.1         1.1.1.1         711         0x8000000B 0x002DB1 2

2.2.2.2         2.2.2.2         899         0x8000000E 0x00D2CF 4

3.3.3.3         3.3.3.3         1915        0x80000008 0x0013B4 2

4.4.4.4         4.4.4.4         913         0x8000000A 0x00527E 3

                Net Link States (Area 0)

Link ID         ADV Router   Age         Seq#       Checksum

10.10.123.3     3.3.3.3         169         0x80000006 0x00F881

                Summary Net Link States (Area 0)

Link ID       ADV Router   Age         Seq#       Checksum

5.5.5.5         1.1.1.1         960         0x80000005 0x00EA2B

5.5.5.5         4.4.4.4         913         0x80000005 0x00AE25

6.6.6.6         3.3.3.3         955         0x80000001 0x00A631

10.10.15.0      1.1.1.1         1467        0x80000005 0x0027E0

10.10.15.0      4.4.4.4         913         0x80000005 0x004F6C

10.10.36.0      3.3.3.3         170         0x80000003 0x002591

10.10.45.0      1.1.1.1         961         0x80000005 0x005E4B

10.10.45.0      4.4.4.4         914         0x80000005 0x009F08

10.10.67.0      3.3.3.3         957         0x80000001 0x003758

               
              Summary ASB Link States (Area 0)
Link ID       ADV Router    Age         Seq#       Checksum
6.6.6.6         3.3.3.3          957         0x80000001 0x008E49 

                Type-5 AS External Link States

Link ID         ADV Router   Age         Seq#       Checksum Tag

172.16.1.0      6.6.6.6         970         0x80000001 0x005616 0

172.16.2.0      6.6.6.6         970         0x80000001 0x004B20 0

172.16.3.0      6.6.6.6         970         0x80000001 0x00402A 0

LSA Type 1 (Router LSA) is generated by every router and it doesn’t cross the area boundary. LSA 1 contains the detailed  information about advertizing router and OSPF enabled its all interfaces, network type and associated prefixes.

Now check in detail an individual Router LSA (eg. R1).

   

R2# show ip ospf database rouer  1.1.1.1

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Router Link States (Area 0)

  Routing Bit Set on this LSA

  LS age: 810

  Options: (No TOS-capability, DC)

  LS Type: Router Links

  Link State ID: 1.1.1.1

  Advertising Router: 1.1.1.1

  LS Seq Number: 80000011

  Checksum: 0x21B7

  Length: 48

  Area Border Router

  Number of Links: 2

    Link connected to: a Stub Network

     (Link ID) Network/subnet number: 1.1.1.1

     (Link Data) Network Mask: 255.255.255.255

      Number of TOS metrics: 0 
       TOS 0 Metrics: 1

    Link connected to: a Transit Network

     (Link ID) Designated Router address: 10.10.123.3

     (Link Data) Router Interface address: 10.10.123.1

      Number of TOS metrics: 0

       TOS 0 Metrics: 10

Now every router in Area 0 know via router LSA of R1 (Router ID 1.1.1.1) about following properties of R1

                It is an ABR and has two links in Area 0. First link is a stub network (Loopback 0) and is reachable at metric of 1 and other link connects to a transit network where DR router address is 10.10.123.3 and this network has a cost of 10 from R1.

LSA Type 2 (Network LSA) is generated only by a DR (Designated Router). DR/BDR is elected in a shared or broadcast segment (Since full adjacency is formed only with DR in that segment, so only DR advertises the information about any change to all routers in that segment).

If you see the router LSA of R1 you will see that it was associated with a transit network and router didn’t have further idea that what are other routers connected to that link. To solve this problem we got LSA type-2. Pick DR address of previous example and check Network LSA for this segment.

R2#show ip ospf database network 10.10.123.3

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Net Link States (Area 0)

  Routing Bit Set on this LSA

  LS age: 547

  Options: (No TOS-capability, DC)

  LS Type: Network Links

  Link State ID: 10.10.123.3 (address of Designated Router)

  Advertising Router: 3.3.3.3

  LS Seq Number: 8000000D

  Checksum: 0xEA88

  Length: 36

  Network Mask: /24

        Attached Router: 3.3.3.3

        Attached Router: 1.1.1.1

        Attached Router: 2.2.2.2

Now you may have following conclusions from the above output about shared segment

DR is advertising router 3.3.3.3, and broadcast segment address is 10.10.123.3. This segment has a network mask of /24 and there are three routers associated in this segment 1.1.1.1, 2.2.2.2 and 3.3.3.3

LSA Type 3 (Summary LSA) are generated by all ABRs (Area Border Routers). So ABRs are responsible for exchanging all prefixes from one area into another (ABRs are connected to area0 so LSA3 are exchanged between backbone area and a non backbone area). If an area has multiple ABRs, there will be duplicate entries of all LSA3 advertised by all ABRs to that Area. However, only one entry is a candidate to be installed in routing table based upon lowest end to end cost (total cost from router to ABR and ABR to prefix).

R2#show ip ospf database summary 5.5.5.5

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Summary Net Link States (Area 0)

  Routing Bit Set on this LSA

  LS age: 787

  Options: (No TOS-capability, DC, Upward)

  LS Type: Summary Links(Network)

  Link State ID: 5.5.5.5 (summary Network Number)

  Advertising Router: 1.1.1.1

  LS Seq Number: 80000001

  Checksum: 0xF227

  Length: 28

  Network Mask: /32

        TOS: 0  Metric: 11

   
  LS age: 787

  Options: (No TOS-capability, DC, Upward)

  LS Type: Summary Links(Network)

  Link State ID: 5.5.5.5 (summary Network Number)

  Advertising Router: 4.4.4.4

  LS Seq Number: 80000001

  Checksum: 0xB621

  Length: 28

  Network Mask: /32

        TOS: 0  Metric: 65

From the above output it is clear that Summary LSA of network 5.5.5.5 is advertised by two ABRs R1 (Router ID-1.1.1.1) and R4 (Router ID-4.4.4.4). This network has a mask of /32 and advertised cast from ABRs R1 and R4 to this network are 11 and 65 respectively. So if a router is at equal distance from both the ABRs, effective prefix installed in the routing table will have the forwarding address of R1 and R1 will be in the data plane of actual data flow.

LSA Type 4 (ASBR Summary LSA)- Will discuss this this LSA type after LSA -5.

LSA Type 5 (External LSA) contains the information of Non-OSPF domain routes. The most confusing thing is that its name says external AS routes and router doing so is called ASBR (Autonomous System Boundary Router). However, it has nothing to deal with actual AS Number assigned by IANA or existing  AS  boundary but with the OSPF domain. Any prefix which is generated and advertised by non-OSPF routing protocol are considered as External Prefix and they are maintained as LSA 5 after redistributing them into OSPF domain.  So any route redistributed from Non-OSPF routing protocol to OSPF domain are managed under the category of LSA-5 and installed in the routing table as External type-1 (E1) or External type 2 (E2).

R2#show ip ospf database external 172.16.1.0

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA

  LS age: 83

  Options: (No TOS-capability, DC)

  LS Type: AS External Link

  Link State ID: 172.16.1.0 (External Network Number )

  Advertising Router: 6.6.6.6

  LS Seq Number: 80000006

  Checksum: 0x982D

  Length: 36

  Network Mask: /24

        Metric Type: 2 (Larger than any link state path)

        TOS: 0

        Metric: 20

        Forward Address: 0.0.0.0

        External Route Tag: 0

Information of Advertising Router (ASBR) is maintained end to end, but next hop information is left to default which is later manipulated by LSA 4 when prefix is installed in the routing table.

From LSA 5 you get to know about external routes and its advertising router. But a router in some other area may not know much about ASBR and information about the reachability of it, because Router LSA (Type 1) is not propagated to other Area so link information of ASBR is also missed. That's why OSPF need an additional LSA (Type-4) telling about reachability information of ASBR.

LSA Type 4 (ASBR Summary LSA) is generated by an ABR along with LSA-5, when propagating LSA-5 to other Area. Based on the LSA-4 information router in different area fetch reachability information of ASBR and redistributed routes. Similar to Summary LSA we get multiple entries of Type-4 LSA in presence of multiple ABRs.

R2#sh ip os da asbr-summary 6.6.6.6

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Summary ASB Link States (Area 0)

  Routing Bit Set on this LSA

  LS age: 359

  Options: (No TOS-capability, DC, Upward)

  LS Type: Summary Links(AS Boundary Router)

  Link State ID: 6.6.6.6 (AS Boundary Router address)

  Advertising Router: 3.3.3.3

  LS Seq Number: 80000004

  Checksum: 0x884C

  Length: 28

  Network Mask: /0

        TOS: 0  Metric: 64

LSA Type 7 (NSSA External LSA) is generated in NSSA (Not So Stubby Area), where redistributed routes from other areas (LSA  -5 and LSA-4) are not permitted to get installed in OSPF database. In order to achieve redistribution of external routes in a Stub area are we need to change it to an NSSA. In an NSSA external routes are directly installed as a special LSA Type-7 but any external routes from other areas are still not permitted to get installed in NSSA. However LSA-7 is translated back to LSA-5 by ABR when LSA-7 is injected into a normal area.
In given topology we converted Area-1 to NSSA by running following command on R3 and R6,

R3(config)#router ospf 1
R3(config-router)#area 1 nssa

As a result of that Type-4 and Type-5 got removed an a new LSA Type-7 appeared as below, which is almost similar to LSA-5.

                Type-7 AS External Link States (Area 1)

Link ID         ADV Router    Age         Seq#       Checksum Tag
172.16.1.0      6.6.6.6         59          0x80000001 0x00C1A0 0
172.16.2.0      6.6.6.6         62          0x80000001 0x00B6AA 0
172.16.3.0      6.6.6.6         62          0x80000001 0x00ABB4 0

Now lets check the output of nssa-external LSA of 172.16.1.0 in the NSSA at router R6.

R6#sh ip os database nssa-external 172.16.1.0

            OSPF Router with ID (6.6.6.6) (Process ID 1)

                Type-7 AS External Link States (Area 1)

  LS age: 278

  Options: (No TOS-capability, Type 7/5 translation, DC)

  LS Type: AS External Link

  Link State ID: 172.16.1.0 (External Network Number )

  Advertising Router: 6.6.6.6

  LS Seq Number: 80000002

  Checksum: 0x396E

  Length: 36

  Network Mask: /24

        Metric Type: 2 (Larger than any link state path)

        TOS: 0

        Metric: 20

        Forward Address: 6.6.6.6

        External Route Tag: 0

Now check the same LSA from the R2 (in R2 this prefix is managed under LSA-5, since it got translated from from LSA-7 to LSA-5 by ABR R3 so advertizing router address also appears as R3's Router ID ).

R2#sh ip os database external 172.16.1.0

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA

  LS age: 1079

  Options: (No TOS-capability, DC)

  LS Type: AS External Link

  Link State ID: 172.16.1.0 (External Network Number) 
  Advertising Router: 3.3.3.3

  LS Seq Number: 80000002

  Checksum: 0x2895

  Length: 36

  Network Mask: /24

        Metric Type: 2 (Larger than any link state path)

        TOS: 0

        Metric: 20

        Forward Address: 6.6.6.6

        External Route Tag: 0

Now you can see that forwarding address is still same as ASBR’s address, however advertising router address got changed as ABR’s address. Also, you will notice that no LSA-4 will be generated in this case, because we already have a forwarding router address with this LSA. Also, you will see that metric type is represented as N1 or N2 in the routing table of  a router in NSSA, and same route again converts back to E1 or E2 respectively when reaches to a router in normal area.

I hope you enjoyed and learnt something helpful from this post. Please do comment if you have any suggestion or correction about this post.