JNCIP-SP: OSPF Not-So-Stubby-Areas (NSSA).

This article is about the OSPF NSSA area. First I will go over the theory behind the NSSA area. After that I will go through the configuration and verification of an NSSA area on a router running Junos.



The NSSA.

When you use an export policy in OSPF to redistribute information from another protocol into OSPF, you effectively turn the router into an ASBR. The prefixes redistributed into OSPF will be External LSAs. Some people overlook the fact that this is also the case when you redistribute static or directly connected routes.

You can configure an OSPF area as a stub to reduce the LSDB. Turning an area into a stub area has consequences. One of the consequences is that you can no longer generate external LSAs from the stub area.

Redistributing routing information from other sources and shrinking the LSDB by turning the area into a stub do not go together. So what if you wanted to do both? Simply turn the area into a NSSA.

An NSSA is a stub area that can generate External LSAs. Inside the NSSA, contrary to a stub or totally stubby area, the existence of an ASBR is allowed. Instead of having the ASBR generate type 5 External LSAs however, the ASBR in an NSSA will generate type 7 LSAs. The Type 7 LSAs are flooded throughout the NSSA area. The NSSAs ABR that is connected to the backbone will turn the type 7 LSA into ‘regular’ type 5 External LSAs towards other non-stub areas.

In an attempt to further elaborate, I have created the following picture;



scenario


The right-side area is the NSSA area. R12 is this areas border router, also having an active interface in the area.

From the backbone area into the NSSA area, R12 will not simply flood every LSA in the LSDB. An NSSA will not receive External LSAs. Through additional configuration, you can also restrict summary LSAs from entering the NSSA (which was shown in this example and which is how we will configure it later on).

As a consequence, the OSPF LSDB inside the NSSA will be very small. The routers in the NSSA can be turned into ASBR routers by redistributing routing information from other sources. What happens when you do that is shown at the top of the picture. When routing information from sources other than OSPF is redistributed into an NSSA-area, the router doing this will turn into an ASBR. This ASBR will generate and flood Type 7 LSAs. These will be flooded throughout the NSSA. The NSSAs ABR (R12) will not flood this type 7 LSA into other areas. Instead, the type 7 LSA is turned into a type 5 LSA and consequently flooded throughout all other non-stub areas.

Let’s move on and look at this through some configuration and verification.



The configuration and verification of the NSSA.

The configuration and verification will be done in three steps. First, we will configure a basic NSSA area. Then, we will remove the summary routes and inject a default rote. At the end, we will turn R9 into an ASBR router by redistributing a static route into OSPF.

The basic NSSA configuration:

R9:
 
set interfaces xe-0/0/3 unit 31 description R12
set interfaces xe-0/0/3 unit 31 vlan-id 31
set interfaces xe-0/0/3 unit 31 family inet address 18.0.0.5/30

set protocols ospf area 0.0.200.1 nssa
set protocols ospf area 0.0.200.1 interface lo0.9 interface-type p2p
set protocols ospf area 0.0.200.1 interface lo0.9 passive
set protocols ospf area 0.0.200.1 interface xe-0/0/3.31 interface-type p2p
set protocols ospf area 0.0.200.1 interface xe-0/0/3.31 authentication md5 111 key "$9$ZAjH.Qzn69t1Rv8X-sY"
                
R12:
 
set interfaces xe-0/3/1 description MX80-xe-0/0/3
set interfaces xe-0/3/1 unit 31 description R9
set interfaces xe-0/3/1 unit 31 vlan-id 31
set interfaces xe-0/3/1 unit 31 family inet address 18.0.0.6/30

set protocols ospf area 0.0.200.1 nssa
set protocols ospf area 0.0.200.1 interface xe-0/3/1.31 interface-type p2p
set protocols ospf area 0.0.200.1 interface xe-0/3/1.31 authentication md5 111 key "$9$ZAjH.Qzn69t1Rv8X-sY"
                

The configuration show above will turn R9 into an NSSA router:

 
play@MX80:R9> show ospf overview
Instance: master
  Router ID: 1.1.1.9
  Route table index: 21
  NSSA router
  LSA refresh time: 50 minutes
  Area: 0.0.200.1
    Stub type: Stub NSSA
    Authentication Type: None
    Area border routers: 1, AS boundary routers: 1
    Neighbors
      Up (in full state): 1
  Topology: default (ID 0)
    Prefix export count: 0
    Full SPF runs: 9
    SPF delay: 0.200000 sec, SPF holddown: 5 sec, SPF rapid runs: 3
    Backup SPF: Not Needed

play@MX80:R9> show ospf database

    OSPF database, Area 0.0.200.1
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
Router  *1.1.1.9          1.1.1.9          0x80000009    12  0x20 0xb325  72
Router   1.1.1.12         1.1.1.12         0x8000000b     8  0x20 0x6f53  48
Summary  1.1.1.3          1.1.1.12         0x80000001    13  0x20 0x37ed  28
Summary  1.1.1.4          1.1.1.12         0x80000001    13  0x20 0x2302  28
Summary  1.1.1.6          1.1.1.12         0x80000001    13  0x20 0x51f   28
Summary  1.1.1.8          1.1.1.12         0x80000001    13  0x20 0xf031  28
Summary  1.1.1.11         1.1.1.12         0x80000001    13  0x20 0xc857  28
Summary  1.1.1.12         1.1.1.12         0x80000001    13  0x20 0xaa76  28
Summary  1.1.1.13         1.1.1.12         0x80000001    13  0x20 0xaa74  28
Summary  1.1.1.14         1.1.1.12         0x80000001    13  0x20 0xa07d  28
Summary  1.1.1.15         1.1.1.12         0x80000001    13  0x20 0xa07b  28
Summary  1.1.1.16         1.1.1.12         0x80000001    13  0x20 0xa079  28
Summary  2.0.0.36         1.1.1.12         0x80000001    13  0x20 0xe324  28
Summary  2.0.0.120        1.1.1.12         0x80000001    13  0x20 0x6c4d  28
Summary  16.0.0.0         1.1.1.12         0x80000001    13  0x20 0x6eb3  28
Summary  16.0.0.4         1.1.1.12         0x80000001    13  0x20 0x50cc  28
Summary  16.0.0.12        1.1.1.12         0x80000001    13  0x20 0xf520  28
Summary  16.0.0.16        1.1.1.12         0x80000001    13  0x20 0xd739  28
Summary  16.0.0.20        1.1.1.12         0x80000001    13  0x20 0xb952  28
Summary  16.0.0.24        1.1.1.12         0x80000001    13  0x20 0x9b6b  28
Summary  18.0.0.0         1.1.1.12         0x80000001    13  0x20 0x68b5  28
Summary  19.0.0.0         1.1.1.12         0x80000001    13  0x20 0x5bc1  28
Summary  19.0.0.4         1.1.1.12         0x80000001    13  0x20 0x3dda  28
Summary  19.0.0.8         1.1.1.12         0x80000001    13  0x20 0xb0a   28
Summary  25.25.25.25      1.1.1.12         0x80000001    13  0x20 0xe2e5  28
Summary  45.0.0.1         1.1.1.12         0x80000001    13  0x20 0x10ee  28
Summary  80.0.0.0         1.1.1.12         0x80000001    13  0x20 0x9c3a  28
Summary  145.0.0.1        1.1.1.12         0x80000001    13  0x20 0xf6a3  28
Summary  172.16.1.3       1.1.1.12         0x80000001    13  0x20 0xca9f  28
Summary  172.16.1.4       1.1.1.12         0x80000001    13  0x20 0xb6b3  28
Summary  190.0.0.1        1.1.1.12         0x80000001    13  0x20 0xb5b6  28
Summary  190.0.0.2        1.1.1.12         0x80000001    13  0x20 0xabbf  28
                

The NSSA database does not contain any External Summary LSAs, it is still quite large though. To reduce the size of this LSDB, we can configure the following on R12:

 
set protocols ospf area 0.0.200.1 nssa default-lsa default-metric 20
set protocols ospf area 0.0.200.1 nssa no-summaries
                

The first configuration command will have R12 inject a default route into the NSSA. The second configuration command will make R12 withhold all summary LSAs (except for the default route).

Let’s have another look at R9’s database:

 
play@MX80:R9> show ospf database

    OSPF database, Area 0.0.200.1
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
Router  *1.1.1.9          1.1.1.9          0x8000000b    20  0x20 0xaf27  72
Router   1.1.1.12         1.1.1.12         0x8000000d    16  0x20 0x6b55  48
Summary  0.0.0.0          1.1.1.12         0x80000001    21  0x20 0x100c  28
                

Currently, the only thing originating from the NSSA are router LSAs which R12 will turn into summary LSAs before flooding it onwards into other areas. Let’s configure R9 to redistribute routing information from another protocol into ospf, effectively turning it into an ASBR:

 
play@MX80:R9> show ospf overview
Instance: master
  Router ID: 1.1.1.9
  Route table index: 21
  NSSA router
  LSA refresh time: 50 minutes
  Area: 0.0.200.1
    Stub type: Stub NSSA
    Authentication Type: None
    Area border routers: 1, AS boundary routers: 1
    Neighbors
      Up (in full state): 1
  Topology: default (ID 0)
    Prefix export count: 0
    Full SPF runs: 11
    SPF delay: 0.200000 sec, SPF holddown: 5 sec, SPF rapid runs: 3
    Backup SPF: Not Needed

play@MX80:R9> configure
Entering configuration mode
 [edit]
play@MX80:R9# set routing-options static route 56.0.0.0/8 reject
[edit]
play@MX80:R9# set policy-options policy-statement OSPF-STATIC term static from protocol static
[edit]
play@MX80:R9# set policy-options policy-statement OSPF-STATIC term static then accept
 [edit]
play@MX80:R9# set protocols ospf export OSPF-STATIC

[edit]
play@MX80:R9# commit and-quit
commit complete
Exiting configuration mode

play@MX80:R9> show ospf overview
Instance: master
  Router ID: 1.1.1.9
  Route table index: 21
  AS boundary router, NSSA router
  LSA refresh time: 50 minutes
  Area: 0.0.200.1
    Stub type: Stub NSSA
    Authentication Type: None
    Area border routers: 1, AS boundary routers: 1
    Neighbors
      Up (in full state): 1
  Topology: default (ID 0)
    Prefix export count: 1
    Full SPF runs: 12
    SPF delay: 0.200000 sec, SPF holddown: 5 sec, SPF rapid runs: 3
    Backup SPF: Not Needed

play@MX80:R9>
                

We now have an ASBR inside the NSSA. Let’s have another look at the OSPF database:

 
play@MX80:R9> show ospf database

    OSPF database, Area 0.0.200.1
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
Router  *1.1.1.9          1.1.1.9          0x8000000c   139  0x20 0xb320  72
Router   1.1.1.12         1.1.1.12         0x8000000d   482  0x20 0x6b55  48
Summary  0.0.0.0          1.1.1.12         0x80000001   487  0x20 0x100c  28
NSSA    *56.0.0.0         1.1.1.9          0x80000001   139  0x28 0x456   36

play@MX80:R9> show ospf database advertising-router self nssa extensive

    OSPF database, Area 0.0.200.1
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
NSSA    *56.0.0.0         1.1.1.9          0x80000001   154  0x28 0x456   36
  mask 255.0.0.0
  Topology default (ID 0)
    Type: 2, Metric: 0, Fwd addr: 1.1.1.9, Tag: 0.0.0.0
  Gen timer 00:47:26
  Aging timer 00:57:26
  Installed 00:02:34 ago, expires in 00:57:26, sent 00:02:34 ago
  Last changed 00:02:34 ago, Change count: 1, Ours

                

R9 is now redistributing the static route into OSPF as an NSSA type LSA. This NSSA LSA will arrive at R12 as well;

 
play@MX480-TEST:R12> show ospf database area 0.0.200.1

    OSPF database, Area 0.0.200.1
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
Router   1.1.1.9          1.1.1.9          0x8000000c   408  0x20 0xb320  72
Router  *1.1.1.12         1.1.1.12         0x8000000d   749  0x20 0x6b55  48
Summary *0.0.0.0          1.1.1.12         0x80000001   754  0x20 0x100c  28
NSSA     56.0.0.0         1.1.1.9          0x80000001   408  0x28 0x456   36
                

As a result of receiving this NSSA LSA, R12 will do two things. It will change the NSSA LSA into an External LSA and it will generate an ASBR Summary LSA. Observe;

 
play@MX480-TEST:R12> show ospf database asbrsummary advertising-router self lsa-id 1.1.1.9 extensive

    OSPF database, Area 0.0.0.0
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
ASBRSum *1.1.1.9          1.1.1.12         0x80000001   535  0x22 0xa679  28
  mask 0.0.0.0
  Topology default (ID 0) -> Metric: 1
  Gen timer 00:39:22
  Aging timer 00:51:04
  Installed 00:08:55 ago, expires in 00:51:05, sent 00:08:55 ago
  Last changed 00:08:55 ago, Change count: 1, Ours

    OSPF database, Area 0.0.0.1
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
ASBRSum *1.1.1.9          1.1.1.12         0x80000001   535  0x22 0xa679  28
  mask 0.0.0.0
  Topology default (ID 0) -> Metric: 1
  Gen timer 00:40:25
  Aging timer 00:51:04
  Installed 00:08:55 ago, expires in 00:51:05, sent 00:08:55 ago
  Last changed 00:08:55 ago, Change count: 1, Ours

play@MX480-TEST:R12> show ospf database advertising-router self external extensive
    OSPF AS SCOPE link state database
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
Extern  *56.0.0.0         1.1.1.12         0x80000001   538  0x22 0x68f6  36
  mask 255.0.0.0
  Topology default (ID 0)
    Type: 2, Metric: 0, Fwd addr: 1.1.1.9, Tag: 0.0.0.0
  Gen timer 00:38:17
  Aging timer 00:51:01
  Installed 00:08:58 ago, expires in 00:51:02, sent 00:08:58 ago
  Last changed 00:08:58 ago, Change count: 1, Ours

                

The first command shows us that the ASBR summary LSA is generated and flooded into the other areas R12 is connected to. The second command shows us that the R12 router is generating the External LSA itself. This R12 generated External LSA will be flooded throughout the other areas:

 
play@MX480-TEST:R11> show ospf database external lsa-id 56.0.0.0 extensive
    OSPF AS SCOPE link state database
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
Extern   56.0.0.0         1.1.1.12         0x80000001   683  0x22 0x68f6  36
  mask 255.0.0.0
  Topology default (ID 0)
    Type: 2, Metric: 0, Fwd addr: 1.1.1.9, Tag: 0.0.0.0
  Aging timer 00:48:36
  Installed 00:11:21 ago, expires in 00:48:37, sent 00:11:21 ago
  Last changed 00:11:21 ago, Change count: 1

                

The above command shows us that R11 also received the External LSA generated by R12. When you look closely though, you can notice the ‘Fwd addr’ is set to R9.

One other thing, an NSSA ABR can summarize NSSA LSAs. Let’s create three additional routes on R9:

R9:
 
set routing-options static route 55.0.0.0/24 reject
set routing-options static route 55.0.1.0/24 reject
set routing-options static route 55.0.2.0/24 reject
                

These routes will be redistributed throughout the NSSA area. We can summarize these routes on the R12 ABR in the following way:

 
play@MX480-TEST:R12> show ospf database external advertising-router self
    OSPF AS SCOPE link state database
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
Extern  *55.0.0.0         1.1.1.12         0x80000001    58  0x22 0x75ea  36
Extern  *55.0.1.0         1.1.1.12         0x80000001    58  0x22 0x6af4  36
Extern  *55.0.2.0         1.1.1.12         0x80000001    58  0x22 0x5ffe  36
Extern  *56.0.0.0         1.1.1.12         0x80000001  1602  0x22 0x68f6  36
play@MX480-TEST:R12> configure
Entering configuration mode
[edit]
play@MX480-TEST:R12# set protocols ospf area 0.0.200.1 nssa area-range 55.0.0.0/16
[edit]
play@MX480-TEST:R12# commit and-quit
commit complete
Exiting configuration mode

play@MX480-TEST:R12> show ospf database external advertising-router self
    OSPF AS SCOPE link state database
 Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
Extern  *55.0.0.0         1.1.1.12         0x80000002    98  0x22 0xda8f  36
Extern  *56.0.0.0         1.1.1.12         0x80000001  1734  0x22 0x68f6  36

                

The first command shows us that initially, R12 was advertising all three of the newly created static routes. After configuring the area-range command, the three newly created routes are replace with a single summary of those routes.

Hope this helps!

9-10-2014.