OSPF Stub and NSSA

Hi Networkers, I am back with OSPF again. While I was writing my previous blog about LSA I realized that without writing about Stub networks it wouldn’t be complete. So let’s begin with the same topology as we discussed earlier.

In OSPF, Stub is a special area where we filter out some special type of LSA from the Database in order to control the router’s routing table. Less LSA in a database means less memory requirement and less possessing cycle requirements during SPF execution. Also, we know that database of every router in an area remains same, so we can’t control a particular type of LSA at an individual Router level and that’s why we have to restrict them at area level. I believe you all are well aware about OSPF LSA Types (If not I would recommend you to first read my previous blog about OSPF LSA for better understanding about it). I wish to remind you one important thing that, Stub flag is one of the must match parameter, exchanged in Hello packets between two routers to establish the OSPF neighborship. In general we can find three statuses of Stub Flag, OFF (Normal Area), STUB and NSSA. So, all routers in an Area must have same Stub flag status in order to have proper convergence. Let’s begin with different type of stub areas.

STUB AREA is created to simply discard type 4 (ASBR Summary) and 5 (External) LSA from the OSPF database. LSA-4 and LSA-5 are generated on redistribution of routes from other routing protocol into OSPF. Stub Area can be achieved by following command at every router in an AREA including ABRs.

Router(config)#router ospf 1
Router(config-router)#area 1 stub

This command will convert Area 1 into a Stub Area, if applied at every router in this area. In compensation to the LSA-4 and LSA-5 a default route is installed in the database as LSA-3 generated by ABRs. If you see the Database of any router of Area-1 you will find LSA-4 and LSA-5 segment missing. However, you will see a Summary LSA as 0.0.0.0 prefix.

So in a Stub Area there is no information about any external route and only LSAs of OSPF domain remains in the database. Still, you will be able to reach those external prefixes as Stub has a default route towards the backbone area and backbone has information about the reachability to external routes.

In Sort, we can summarize a STUB AREA as,

No LSA-4, No LSA-5

No Redistribution permitted

Default route generated by an ABR (As LSA-3)

TOTALLY STUB AREA is the one, which has only locally originated LSAs from the same area ie. LSA 1 and LSA 2. Rest all other LSAs (propagated from other areas ie. Type-3, Type-4 and other protocols due to redistribution ie. Type-5) is removed. This is one of the most processor efficient areas because routers in a Totally Stub Area have smallest database. Now think about a Stub area, it has already deleted LSA -4 and LSA-5 from the database, so who can best control the LSA-3. Truly, its ABR (since ABR is the one which generates LSA Type-3 into an Area). So if we prevent ABRs to propagate LSA-3 into Stub area, we will form a Totally Stub Area. All we need is to run following command on ABRs (rest all routes in that area will remain like a normal Stub Area router)

Router(config)#router ospf 1
Router(config-router)# area 1 stub no-summary

After running this command database will have information of only its local area, and only one LSA-3 of default route. So routers in a Totally Stub area should still be able to reach everywhere because of this default route.

Summarizing Totally Stub Area,

No LSA-3, No LSA-4 and No LSA-5

No Redistribution permitted

Default route generated by an ABR (as a LSA-3)

Smallest database

NSSA (Not So Stubby Area) is a special type of Stub area. Like we saw earlier Stub is used to discard LSA Type-4 and LSA Type-5, which means any redistribution in this area or any redistributed route from another area will not be installed in the database. Now assume this Stub area is connected with some link where some other routing protocol is running and we need to redistribute external routes in order to have reachability to the external domain. Now either we need to change Stub area back into a normal one or apply some mechanism to install external routes in Stub Network. NSSA uses the second methodology by generating a special LSA called NSSA External (Type-7). In NSSA, OSPF allows redistribution of external prefixes and stores them as Type -7 LSA, However, external routes from other area are still not allowed to get installed into the database of NSSA router. As mentioned initially, NSSA has Flag status different than that of a Stubby Area, so if you are transforming a Stub area into NSSA, you need to remove Stub configuration first and make area as a normal one and then do NSSA configuration on all routers of this Area.

Router(config)#router ospf 1
Router(config-router)# area 1 NSSA

After farming NSSA you will find only Type-1, Type-2, Type-3 and Type-7 LSAs in the database. Now redistributed routes in NSSA will be installed in the routing table as N1 or N2 routes instead of E1 or E2.There is one more difference that no default route is generated by an ABR (Like we were getting a default route of Type-3 in Stub and Totally Stub areas).

This is helpful in a certain situation, say, if we are connected to some gateway at NSSA which is providing a default route by external protocol. So if we would be getting a default route from ABR, this external default route will be discarded.

Please be aware of the route selection procedure of OSPF for a same prefix length.

 O > IA > E1 > E2 N1 > N2

This means OSPF selects Intra-Area routes at first, then it looks for Inter-Area routes. Then it checks for redistributed routes in sequence of External (LSA-5) Type-1 and Type-2 then after it elects NSSA External (LSA-7) Type-1 and Type-2.

So, assume you redistributed a default route in NSSA which is installed as N1 or N2, and also you get a default route from ABR as Type-3 which is supposed to get installed as Inter Area route. I hope you can derive from the sequence above that N1 or N2 (redistributed) default route will be discarded.

However, if you are not in a situation, similar as described above, ABR can generate a default route anytime, to complete the reachability of other routes blocked in the NSSA. Command at ABR, to generate default route in the NSSA,

Router(con)fig#router ospf 1
Router(config-router)# area 1 NSSA default-information-originate

Be informed that this default route will not be a LSA-3, but a LSA-7 of Type-2 (N2). This means if you need to redistribute any external default route, you can install external default route by redistributing it as external type-1 route (N1)

Wrap up the Not-So-Stubby Area (NSSA), we can note following points,

Identical to STUB Area (No LSA-4, No LSA-5)

Redistribution Allowed in NSSA (Redistributed routes installed as special type, LSA-7)

Manual default route may be generated by ABR (as LSA-7 Type-2 ie.N2)

Totally-Stubby-Not-So-Stubby Area, I guess, you will be confused with its name, Stubby,still not so stubby, but totally stubby.. Huh…  I have to confess that I too had such expression at first, but later I realized, it’s not actually that confusing, if you understood all Areas discussed above. It’s just a hybrid of Totally Stubby area and NSSA.

In this Area, we filter-out LSA Type-3 in addition to LSA-4 and LSA-5 like a Totally Stub Area, however redistribution is allowed and external routes are installed in the database as a LSA-7, similar to an NSSA. All routers in this area have NSSA Flag set. But similar to Totally Stub Area, filtering of LSA-3 routes is done by ABR, and to maintain the reachability they generate a default route of LSA Type-3.  So comparing the configuration of NSSA, there is only changed at ABR as below,

Router(con)fig#router ospf 1
Router(config-router)# area 1 NSSA no-summary

You will see only LSA-1, LSA-2, one Default route of LSA-3 and LSA-7 in this Area.

Although you can manually generate a Type-7 (N2) default route in addition to Type-3 default route in this area, but there is no reason why you need to do so.

Router(config-router)# area 1 NSSA no-summary default-information-originate

Summarizing a Not-So-Stubby-Totally-Stubby Area

No LSA-3, No LSA-4, No LSA-5

Redistribution is allowed as a special Type-7 LSA

Default route is generated by an ABR (as LSA Type-3)

LSA-7 generated in NSSA is translated back into LSA-5, when it crosses the area boundary. A normal area doesn’t have a LSA-7 field in its database so, when, ABR propagate the information of NSSA redistributed routes in a normal area, it installs them as a normal external route and stores them as LSA-5. Also, if an NSSA has multiple ABRs, only one ABR with highest Router-ID does this Type-7 to Type-5 conversion, to reduce the duplication of LSAs.

New LSA (translated from Type-7 to Type-5) holds slight different information than that of a normal Type-5 LSA. In a translated LSA-5, translating ABR ID is stored as the Advertizing Router ID while in a typical LSA-5 it is kept as ASBR’s address. And in a translated LSA-5 packet, ASBR address (of NSSA) is represented as Forwarding Address while in a typical LSA-5 this field is left as default which is found using LSA-4.

There is one more scenario when an ABR is connected to Backbone Area and NSSA and doing route redistribution from some other routing protocol into OSPF. Means targeted router is an ABR to an NSSA and an ASBR at the same time. Now if you will redistribute external routes in OSPF, there will be LSA-5 generated against each route in backbone area and at the same time NSSA will install LSA-7 against same routes. Also, when translating back to LSA-5 from LSA-7 there will be another entry in Backbone for the same routes. We can skip such situation by disallowing this router to perform any redistribution in the NSSA and allow redistribution only in normal area as Type 5 LSA. The command line is simple and need to be configured on targeted router,

Router(config-router)# area 1 NSSA no-redistribution

I hope you enjoyed this blog. Do comment your views, and correct me please, if you see any mistake.