translate the type 7 lsa to type 5 lsas into area 0. When they do this they will
not modify the forwarding address in the packet.
If there multiple ABR only 1 of them performs the translation
- NSSA Translator Election chooses the ABR with the higher router id (it will
preempt if a higher router id abr comes on line.
- this is for effeciency of not duplicating the update
- If the forwarding address is non zero the abr that advertises does not
necessarily need to be in the forwarding path
SO you could be in situation where say ABR A is elected as the translator it
converts the type 7 lsa to type 5 not modifying the forwarding address. A router
area 0 needs to to get to the external network being advertised it will look at the
forwarding address in the update if it is less metric for the router in area 0 to
go through say ABR B in the nssa it will go that way so just because A advertises
does not mean it will be definetly in the transit path
LSA 3 Filter
-------------
Another possible way of filtering rather that the stub areas is using the LSA 3
filter
We can filter based on prefix using this method rather that just type. SO an abr
can filter which summary (lsa 3) they generate between area
You apply this under the router ospf process level of the abr
area "area" filter-list prefix "prefix-list" in/out
-in/out allows for control ABR with more than 2 areas
To configure example
ip prefix-list LSA3FILTER deny 150.4.4.4/32
ip prefix-list LSA3FILTER permit 0.0.0.0/0 le 32
router ospf 1
area 1 filter-list prefix LSA3FILTER out
- this going out area 1 into area 0
NSSA ISSue
-----------
A situation can arise if we filter the forwarding address into area 0 on the ABRs
the routers in other areas do not know how to forward to the external routes and
they will fail.
There is feature to resolve this kind of issue that is that we can tell the
translator ABR to modify the filter address the address of itself when translating
lsa type 7 to lsa type 5
router ospf 1
area 1 nssa no-summary translate type 7 suppress-fa
where fa is forwarding address
LAB
----
OK for the LAB we will watch the lsa type 7 to 5 translator in action
So area 1 is a Total nssa area it has 2 abrs. So the router with the higher route
id should get elected
Ok so if we take a look at r3
r3#sh ip ospf database external
OSPF Router with ID (3.3.3.3) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA
LS age: 191
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 22.22.22.22 (External Network Number )
Advertising Router: 44.44.44.44
LS Seq Number: 80000001
Checksum: 0x8431
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 10.164.49.2
External Route Tag: 0
r3#
same on s1
switch1#sh
00:31:22: %SYS-5-CONFIG_I: Configured from console by consoleip ospf database
external
OSPF Router with ID (15.15.15.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA
LS age: 571
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 22.22.22.22 (External Network Number )
Advertising Router: 44.44.44.44
LS Seq Number: 80000001
Checksum: 0x8431
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 10.164.49.2
External Route Tag: 0
switch1#
so safe to say there is only one advertisement of LSA for the external network from
44.44.44.44 (r4) so sw4 is not advertising this network as it was not elected
if we look at the output on both the forward address 10.164.49.2
switch1#sh ip ospf database summary 10.164.49.0
OSPF Router with ID (15.15.15.1) (Process ID 1)
Summary Net Link States (Area 0)
Routing Bit Set on this LSA
LS age: 759
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 10.164.49.0 (summary Network Number)
Advertising Router: 4.4.4.4
LS Seq Number: 80000001
Checksum: 0x281A
Length: 28
Network Mask: /24
TOS: 0 Metric: 11
LS age: 696
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 10.164.49.0 (summary Network Number)
Advertising Router: 44.44.44.44
LS Seq Number: 80000001
Checksum: 0xF56B
Length: 28
Network Mask: /24
TOS: 0 Metric: 75
switch1#
we are recieving from both ABR so it will come down to totol metric to 10.164.49.2
the forwarding address
switch1#traceroute 22.22.22.22
Type escape sequence to abort.
Tracing the route to 22.22.22.22
1 9.9.9.1 8 msec 0 msec 9 msec
2 10.228.254.5 0 msec 0 msec 0 msec
3 10.164.49.2 0 msec 0 msec *
switch1#
the traceroute confirms the traffic for s1 to 22.22.22.22 on bb2 is going via sw4
even though sw4 is not advertising it is r4 that advertised the network. SO
basically it allows only 1 advertisment but still pick the shortest metric route
through either abr
ok we will take a look lsa filters
We will take an example network say we do not want 172.25.13.0 propgated out side
of area 1
If we look on s1 we are learning this Inter Area lsa type 3 route from both r4 and
s4
switch1#sh ip ospf database summary 172.25.13.0
OSPF Router with ID (15.15.15.1) (Process ID 1)
Summary Net Link States (Area 0)
Routing Bit Set on this LSA
LS age: 1171
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 172.25.13.0 (summary Network Number)
Advertising Router: 4.4.4.4
LS Seq Number: 80000001
Checksum: 0xA3B4
Length: 28
Network Mask: /24
TOS: 0 Metric: 2
LS age: 1108
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 172.25.13.0 (summary Network Number)
Advertising Router: 44.44.44.44
LS Seq Number: 80000001
Checksum: 0x6711
Length: 28
Network Mask: /24
TOS: 0 Metric: 65
switch1#
ok so on r4
-----------
r4(config)#ip prefix-list LSAFILTER deny 172.25.13.0/24
r4(config)#ip prefix-list LSAFILTER permit 0.0.0.0/0 le 32
.r4(config)#router ospf 1
r4(config-router)#area 1 filter-list prefix LSAFILTER out
r4(config-router)#
so the command is saying filter the 172.25.13.0/24 going out area 1 to area 0 and
then permit all other routes
if we now look on s1
switch1#sh ip ospf database summary 172.25.13.0
00:44:22: %SYS-5-CONFIG_I: Configured from console by console
OSPF Router with ID (15.15.15.1) (Process ID 1)
Summary Net Link States (Area 0)
Routing Bit Set on this LSA
LS age: 1411
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 172.25.13.0 (summary Network Number)
Advertising Router: 4.4.4.4
LS Seq Number: 80000001
Checksum: 0xA3B4
Length: 28
Network Mask: /24
TOS: 0 Metric: 2
we are not learning from router 4 anymore we are only learning from s4 this could
potentially be used for traffic engineering if r4 was the preferred path and we
wanted it to go by s4 instead
we will filter from s4 to completely get rid of the route in area 0
switch4(config)#ip prefix-list LSAFILTER deny 172.25.13.0/24
switch4(config)#ip prefix-list LSAFILTER permit 0.0.0.0/0 le 32
switch4(config)#router ospf 1
switch4(config-router)#area 0 filter-list prefix LSAFILTER in
this essentially saying the same thing as the above it is saying filter 172.25.13.0
from going into area 0 just another way of specfying it
switch1#sh ip ospf database summary 172.25.13.0
OSPF Router with ID (15.15.15.1) (Process ID 1)
switch1#
on switch 1 the route is gone
Lets have a look potential issue with filtering the forwarding address in nssa
switch1#sh ip ospf database external
OSPF Router with ID (15.15.15.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA
LS age: 1750
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 22.22.22.22 (External Network Number )
Advertising Router: 44.44.44.44
LS Seq Number: 80000001
Checksum: 0x8431
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 10.164.49.2
External Route Tag: 0
from s1 we can see the forwarding address is 10.164.49.2
lets filter this
so on s4
---------
switch4(config)#ip prefix-list LSAFILTER deny 10.164.49.0/24
switch4(config)#ip prefix-list LSAFILTER permit 0.0.0.0/0 le 32
switch4(config)#router ospf 1
switch4(config-router)#area 0 filter-list prefix LSAFILTER in
switch1#sh ip ospf database summary 10.164.49.0
OSPF Router with ID (15.15.15.1) (Process ID 1)
Summary Net Link States (Area 0)
Routing Bit Set on this LSA
LS age: 1952
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 10.164.49.0 (summary Network Number)
Advertising Router: 44.44.44.44
LS Seq Number: 80000001
Checksum: 0xF56B
Length: 28
Network Mask: /24
TOS: 0 Metric: 75
the forwarding address is not being advertised by sw4 anymore
let remove r 4 advertisement aswell so same commands as sw4
s1
---
switch1#sh ip ospf database summary 10.164.49.0
OSPF Router with ID (15.15.15.1) (Process ID 1)
switch1#
it is not in the ospf database
switch1#sh ip ospf database external
OSPF Router with ID (15.15.15.1) (Process ID 1)
Type-5 AS External Link States
LS age: 236
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 22.22.22.22 (External Network Number )
Advertising Router: 44.44.44.44
LS Seq Number: 80000002
Checksum: 0x8232
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 10.164.49.2
External Route Tag: 0
we still have the external route in the database
but since it does not know how to get to the forwarding address 10.164.49.2 as we
have filtered 10.164.49.0
switch1#sh ip route 22.22.22.22
% Network not in table
switch1#
it is not installed in the routing table
If we continue to filter this network but still have access to 22.22.22.22 we need
to change the forwarding address that r4 is advertising
so on r4
---------
r4(config)#router ospf 1
r4(config-router)#area 1 nssa no-summary translate type?
type7
r4(config-router)#area 1 nssa no-summary translate type7 suppress-fa
r4(config-router)#
s1
---
switch1#sh ip ospf database external
OSPF Router with ID (15.15.15.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA
LS age: 211
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 22.22.22.22 (External Network Number )
Advertising Router: 44.44.44.44
LS Seq Number: 80000003
Checksum: 0xBED6
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
is set to 0.0.0.0 so it will go the abr
the route is now in the table
switch1#sh ip route 22.22.22.22
Routing entry for 22.22.22.22/32
Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 2
Last update from 9.9.9.1 on Port-channel20, 00:04:13 ago
Routing Descriptor Blocks:
* 9.9.9.1, from 44.44.44.44, 00:04:13 ago, via Port-channel20
Route metric is 20, traffic share count is 1
switch1#traceroute 22.22.22.22
Type escape sequence to abort.
Tracing the route to 22.22.22.22
1 9.9.9.1 0 msec 0 msec 0 msec
2 10.10.10.2 0 msec 0 msec 0 msec
3 10.229.254.6 17 msec 8 msec 17 msec
4 172.25.13.2 8 msec 9 msec 8 msec
5 10.164.49.2 9 msec 9 msec *
switch1#
it is going out via r4 maintaing the forward address is preferable and not doing
this as it will give both abr options for internal router in area 0 to route
through rather than now the forwarding is address is r4 so the transit must be
through r4
No comments:
Post a Comment