Also we have observed that the ABR linking the NSSA and the backbone area have keep two copies of the redistributed routes, One is a Type 7 LSA and another is a Type 5 LSA. Only the Type 5 LSA were sent as an LSU update to the other OSPF areas. So in general, we have proven that for NSSA, a Type 7 LSA were only keep within the NSSA routers.
There’s another important role that an NSSA routers can be expanded on my post today. In general, NSSA routers does NOT keep a records of Type 5 External LSA and Type 4 LSA are not allowed (this means that LSDB of NSSA routers will not store a copy of LSA type 4). I really have to be clear here. The ASBR that is a member router of NSSA can see the Type 5 and Type 4 LSA but not for the rest of the NSSA member routers.
I would also wanted to show how we can utilized NSSA ASBR to set a default route for the rest of the NSSA member routers.
So here is my laboratory topology,
Laboratory Objective:
1. To proved that Type 7 LSA is only present on the NSSA member routers and that Type 5 LSA were also created for redistributed routes for all NSSA member routers.
2 To verify that MANILA and SYDNEY router will NOT received Type 7 LSA from MELBOURNE router.
3. To ensure that Singapore Router should be able to connect to SYDNEY router Loopback interface via the default route that is created from MELBOURNE router.
So here are my router OSPF configurations ( Take note, I’m using the same topology which I used for Totally Stub Area. I have the configuration previously set up).
MANILA#sh run | sec ospf
router ospf 1
redistribute connected subnets
network 192.168.12.0 0.0.0.255 area 0
network 192.168.14.0 0.0.0.255 area 2
MANILA#
MELBOURNE#sh run | sec ospf
router ospf 1
area 1 stub no-summary
network 20.20.20.0 0.0.0.255 area 0
network 192.168.12.0 0.0.0.255 area 0
network 192.168.23.0 0.0.0.255 area 1
MELBOURNE#
SINGAPORE#sh run | sec ospf
router ospf 1
area 1 stub no-summary
network 30.30.30.0 0.0.0.255 area 1
network 192.168.23.0 0.0.0.255 area 1
SINGAPORE#
DNEY#sh run | sec ospf
router ospf 1
redistribute connected subnets
network 192.168.14.0 0.0.0.255 area 2
SYDNEY#
Now, let me convert SINGAPORE and MELBOURNE router into an NSSA routers and redistributed all the connected networks on both routers.
MELBOURNE(config)#router ospf 1
MELBOURNE(config-router)#no area 1 stub no-summary <<<< I’m removing the Totally Stub Configurations
MELBOURNE(config-router)#area 1 nssa <<< I’m converting the router into NSSA
% OSPF: Area is configured as stub area already
MELBOURNE(config-router)#no network 20.20.20.0 0.0.0.255 area 0
MELBOURNE(config-router)#redistribute connected subnets
MELBOURNE(config-router)#
SINGAPORE(config)#router ospf 1
SINGAPORE(config-router)#no area 1 stub no-summary <<<< I’m removing the Totally Stub Configurations
SINGAPORE(config-router)#area 1 nssa <<< I’m converting the router into NSSA
% OSPF: Area is configured as stub area already
SINGAPORE(config-router)#no network 30.30.30.0 0.0.0.255 area 1
SINGAPORE(config-router)#redistribute connected subnets
SINGAPORE(config-router)#
So here’s my new configurations,
MELBOURNE#sh run | sec ospf
router ospf 1
area 1 nssa
redistribute connected subnets
network 192.168.12.0 0.0.0.255 area 0
network 192.168.23.0 0.0.0.255 area 1
SINGAPORE#sh run | sec ospf
router ospf 1
area 1 nssa
redistribute connected subnets
network 192.168.23.0 0.0.0.255 area 1
Now, let’s take a look into the LSDB of both MELBOURNE & SINGAPORE (NSSA Routers):
MELBOURNE#show ip ospf database
OSPF Router with ID (20.20.20.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
10.10.13.1 10.10.13.1 1388 0x80000002 0x00EB47 2
20.20.20.1 20.20.20.1 295 0x80000004 0x00FB19 2
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
192.168.14.0 10.10.13.1 1384 0x80000001 0x00B3AF
192.168.23.0 20.20.20.1 1386 0x80000001 0x0074CA
Summary ASB Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
40.40.40.1 10.10.13.1 1384 0x80000001 0x00421E
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
20.20.20.1 20.20.20.1 132 0x80000004 0x00DFDF 2
30.30.30.1 30.30.30.1 133 0x80000006 0x009B04 2
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
192.168.12.0 20.20.20.1 162 0x80000003 0x008FB2
192.168.14.0 20.20.20.1 162 0x80000003 0x00FB04
Type-7 AS External Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Tag
20.20.20.0 20.20.20.1 161 0x80000001 0x001114 0
30.30.30.0 30.30.30.1 137 0x80000001 0x00C498 0
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
10.10.10.0 10.10.13.1 1394 0x80000001 0x0072ED 0
10.10.11.0 10.10.13.1 1393 0x80000001 0x0067F7 0
10.10.12.0 10.10.13.1 1393 0x80000001 0x005C02 0
10.10.13.0 10.10.13.1 1393 0x80000001 0x00510C 0
20.20.20.0 20.20.20.1 296 0x80000001 0x002DF9 0
30.30.30.0 20.20.20.1 127 0x80000001 0x004A3B 0
40.40.40.0 40.40.40.1 1397 0x80000001 0x007836 0
MELBOURNE#
>> As we have observed from the LSDB of MELBOURNE router, we have both the redistributed routes (Loopback interfaces) of the NSSA member routers as Type 5 and Type 7 LSA’s.
>> Also we can see that ASBR Summary LSA’s are present.
Let’s take a look into the LSDB of SINGAPORE router,
SINGAPORE#show ip ospf database
OSPF Router with ID (30.30.30.1) (Process ID 1)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
20.20.20.1 20.20.20.1 442 0x80000004 0x00DFDF 2
30.30.30.1 30.30.30.1 441 0x80000006 0x009B04 2
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
192.168.12.0 20.20.20.1 470 0x80000003 0x008FB2
192.168.14.0 20.20.20.1 470 0x80000003 0x00FB04
Type-7 AS External Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Tag
20.20.20.0 20.20.20.1 469 0x80000001 0x001114 0
30.30.30.0 30.30.30.1 445 0x80000001 0x00C498 0
SINGAPORE#
>>> Interesting to note that the LSDB have only the TYPE 7 LSA’s and the Type 3 LSA ( Summary LSA) and the normal Router LSA ( Type 1).
>> So as we observed, we cannot see from the LSA the networks advertise by SYDNEY and MANILA.
Now, let’s proved that the TYPE 7 LSA’s from the NSSA member routers were not sent as an LSA updates on MANILA and SYDNEY router.
MANILA#show ip ospf database
OSPF Router with ID (10.10.13.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
10.10.13.1 10.10.13.1 1957 0x80000002 0x00EB47 2
20.20.20.1 20.20.20.1 866 0x80000004 0x00FB19 2
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
192.168.14.0 10.10.13.1 1952 0x80000001 0x00B3AF
192.168.23.0 20.20.20.1 1956 0x80000001 0x0074CA
Summary ASB Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
40.40.40.1 10.10.13.1 1952 0x80000001 0x00421E
Router Link States (Area 2)
Link ID ADV Router Age Seq# Checksum Link count
10.10.13.1 10.10.13.1 1957 0x80000002 0x0012E0 2
40.40.40.1 40.40.40.1 1961 0x80000002 0x00A8F0 2
Summary Net Link States (Area 2)
Link ID ADV Router Age Seq# Checksum
192.168.12.0 10.10.13.1 1952 0x80000001 0x00C99B
192.168.23.0 10.10.13.1 1952 0x80000001 0x00D247
Summary ASB Link States (Area 2)
Link ID ADV Router Age Seq# Checksum
20.20.20.1 10.10.13.1 855 0x80000001 0x001587
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
10.10.10.0 10.10.13.1 1962 0x80000001 0x0072ED 0
10.10.11.0 10.10.13.1 1962 0x80000001 0x0067F7 0
10.10.12.0 10.10.13.1 1962 0x80000001 0x005C02 0
10.10.13.0 10.10.13.1 1962 0x80000001 0x00510C 0
20.20.20.0 20.20.20.1 868 0x80000001 0x002DF9 0
30.30.30.0 20.20.20.1 704 0x80000001 0x004A3B 0
40.40.40.0 40.40.40.1 1965 0x80000001 0x007836 0
MANILA#
>> As observed from MANILA router’s LSDB, the network 20.20.20.0 and 30.30.30.0 were sent as a Type 5 LSA by MELBOURNE router. NO TYPE 7 LSA at all.
>> It’s also interesting to note that we have two TYPE 4 LSA (Summary Link LSA’s) from Area 1 and Area 2.
What about SYDNEY router LSDB?
SYDNEY# show ip ospf database
OSPF Router with ID (40.40.40.1) (Process ID 1)
Router Link States (Area 2)
Link ID ADV Router Age Seq# Checksum Link count
10.10.13.1 10.10.13.1 129 0x80000003 0x0010E1 2
40.40.40.1 40.40.40.1 148 0x80000003 0x00A6F1 2
Summary Net Link States (Area 2)
Link ID ADV Router Age Seq# Checksum
192.168.12.0 10.10.13.1 129 0x80000002 0x00C79C
192.168.23.0 10.10.13.1 129 0x80000002 0x00D048
Summary ASB Link States (Area 2)
Link ID ADV Router Age Seq# Checksum
20.20.20.1 10.10.13.1 1071 0x80000001 0x001587
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
10.10.10.0 10.10.13.1 129 0x80000002 0x0070EE 0
10.10.11.0 10.10.13.1 129 0x80000002 0x0065F8 0
10.10.12.0 10.10.13.1 129 0x80000002 0x005A03 0
10.10.13.0 10.10.13.1 129 0x80000002 0x004F0D 0
20.20.20.0 20.20.20.1 1083 0x80000001 0x002DF9 0
30.30.30.0 20.20.20.1 920 0x80000001 0x004A3B 0
40.40.40.0 40.40.40.1 148 0x80000002 0x007637 0
SYDNEY#
>> Similarly, we can see that the N2 routes or OSPF NSSA External Type 2 routes from NSSA member routers were sent as an LSA Type 5 update to SYDNEY from MELBOURNE router.
>> It also shows that MELBOURNE is an ASBR router with it s LSA TYPE 4 LSA.
Let’s check the routing entries of the routers,
SINGAPORE#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override
Gateway of last resort is not set
20.0.0.0/24 is subnetted, 1 subnets
O N2 20.20.20.0 [110/20] via 192.168.23.2, 00:19:04, Serial3/1
O IA 192.168.12.0/24 [110/128] via 192.168.23.2, 00:19:04, Serial3/1
O IA 192.168.14.0/24 [110/192] via 192.168.23.2, 00:19:04, Serial3/1
SINGAPORE#
>> I have O N2 routes from MELBOURNE which is correct as they are both NSSA member routers.
>> I have only the O IA routes or Inter-Area routes for Area 0 and Area 2.
>> As observed, there were no entries for the network redistributed by both MANILA and SYDNEY routers. So what does this means? As seen below, we cannot reach the networks of MANILA and SYDNEY from Singapore.
SINGAPORE#ping 10.10.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
SINGAPORE#ping 40.40.40.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 40.40.40.1, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
SINGAPORE#
But as we can see below, MELBOURNE router can see this routes as O E2 or OSPF External Type 2 routes.
MELBOURNE#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 4 subnets
O E2 10.10.10.0 [110/20] via 192.168.12.1, 00:21:22, Serial3/0
O E2 10.10.11.0 [110/20] via 192.168.12.1, 00:21:22, Serial3/0
O E2 10.10.12.0 [110/20] via 192.168.12.1, 00:21:22, Serial3/0
O E2 10.10.13.0 [110/20] via 192.168.12.1, 00:21:22, Serial3/0
30.0.0.0/24 is subnetted, 1 subnets
O N2 30.30.30.0 [110/20] via 192.168.23.3, 00:20:48, Serial3/1
40.0.0.0/24 is subnetted, 1 subnets
O E2 40.40.40.0 [110/20] via 192.168.12.1, 00:21:22, Serial3/0
O IA 192.168.14.0/24 [110/128] via 192.168.12.1, 00:21:22, Serial3/0
MELBOURNE#
This means MELBOURNE router will be able to reach the networks of both SYDNEY and MANILA as seen below.
MELBOURNE#ping 10.10.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/60/80 ms
MELBOURNE#ping 40.40.40.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 40.40.40.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/52/108 ms
MELBOURNE#
Let’s check the SYDNEY’S routing table,
SYDNEY#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 4 subnets
O E2 10.10.10.0 [110/20] via 192.168.14.1, 00:45:12, Serial3/2
O E2 10.10.11.0 [110/20] via 192.168.14.1, 00:45:12, Serial3/2
O E2 10.10.12.0 [110/20] via 192.168.14.1, 00:45:12, Serial3/2
O E2 10.10.13.0 [110/20] via 192.168.14.1, 00:45:12, Serial3/2
20.0.0.0/24 is subnetted, 1 subnets
O E2 20.20.20.0 [110/20] via 192.168.14.1, 00:26:58, Serial3/2
30.0.0.0/24 is subnetted, 1 subnets
O E2 30.30.30.0 [110/20] via 192.168.14.1, 00:24:31, Serial3/2
O IA 192.168.12.0/24 [110/128] via 192.168.14.1, 00:45:12, Serial3/2
O IA 192.168.23.0/24 [110/192] via 192.168.14.1, 00:45:12, Serial3/2
SYDNEY#
>> What I wanted to show here is that SYDNEY router have the routes towards MELBOURNE & SINGAPORE Loopback Interface .
Let’s ping the MELBOURNE Loopback address.
SYDNEY#ping 20.20.20.1 source 40.40.40.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.1, timeout is 2 seconds:
Packet sent with a source address of 40.40.40.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/61/108 ms
SYDNEY#
Life is good! I can reach MELBOURNE Loopback interface but let’s see if we can reach SINGAPORE Loopback.
SYDNEY#ping 30.30.30.1 source 40.40.40.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.30.30.1, timeout is 2 seconds:
Packet sent with a source address of 40.40.40.1
…..
Success rate is 0 percent (0/5)
SYDNEY#
>> The ping fails. So it means that END-TO-END connectivity between SYDNEY and SINGAPORE Loopback interfaces are not working. Although, we have seen from SYDNEY’S routing table the network 30.30.30.0/24 but on SINGAPORE router, we have an incomplete routes. The ASBR router (MELBOURNE) are not allowing TYPE 5 LSA’s or the redistributed routes from SYDNEY and MANILA router, So it does only pass the Inter-Area Routes to SINGAPORE.
Now, let’s allow the NSSA Defaul Information Originate on MELBOURNE so that SINGAPORE can reach this networks.
MELBOURNE(config)#router ospf 1
MELBOURNE(config-router)#area 1 nssa default-information-originate <<< This is required to allow other NSSA members to connect to the outside world.
MELBOURNE(config-router)#
MELBOURNE#sh run | sec ospf
router ospf 1
area 1 nssa default-information-originate
redistribute connected subnets
network 192.168.12.0 0.0.0.255 area 0
network 192.168.23.0 0.0.0.255 area 1
Now, let’s take a look into the OSPF database of both MELBOURNE and SINGAPORE router,
MELBOURNE#show ip ospf database | begin Type-7
Type-7 AS External Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 20.20.20.1 140 0x80000001 0x00254F 0
20.20.20.0 20.20.20.1 2022 0x80000001 0x001114 0
30.30.30.0 30.30.30.1 1999 0x80000001 0x00C498 0
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
10.10.10.0 10.10.13.1 1194 0x80000002 0x0070EE 0
10.10.11.0 10.10.13.1 1194 0x80000002 0x0065F8 0
10.10.12.0 10.10.13.1 1194 0x80000002 0x005A03 0
10.10.13.0 10.10.13.1 1194 0x80000002 0x004F0D 0
20.20.20.0 20.20.20.1 230 0x80000002 0x002BFA 0
30.30.30.0 20.20.20.1 1989 0x80000001 0x004A3B 0
40.40.40.0 40.40.40.1 1215 0x80000002 0x007637 0
MELBOURNE#
SINGAPORE#show ip ospf database
OSPF Router with ID (30.30.30.1) (Process ID 1)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
20.20.20.1 20.20.20.1 10 0x80000005 0x00DDE0 2
30.30.30.1 30.30.30.1 2022 0x80000006 0x009B04 2
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
192.168.12.0 20.20.20.1 10 0x80000004 0x008DB3
192.168.14.0 20.20.20.1 10 0x80000004 0x00F905
Type-7 AS External Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 20.20.20.1 168 0x80000001 0x00254F 0
20.20.20.0 20.20.20.1 10 0x80000002 0x000F15 0
30.30.30.0 30.30.30.1 2026 0x80000001 0x00C498 0
SINGAPORE#
SINGAPORE#show ip route ospf
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override
Gateway of last resort is 192.168.23.2 to network 0.0.0.0
O*N2 0.0.0.0/0 [110/1] via 192.168.23.2, 00:03:19, Serial3/1
20.0.0.0/24 is subnetted, 1 subnets
O N2 20.20.20.0 [110/20] via 192.168.23.2, 00:34:14, Serial3/1
O IA 192.168.12.0/24 [110/128] via 192.168.23.2, 00:34:14, Serial3/1
O IA 192.168.14.0/24 [110/192] via 192.168.23.2, 00:34:14, Serial3/1
SINGAPORE#
>> So what it does when we have added ” area 1 nssa default-information-originate ” from the MELBOURNE router is that it have created a default route for SINGAPORE router.
Let’s ping the SINGAPORE loopback from SYDNEY. As observed, we can reach SINGAPORE’s Loopback interface sourcing SYDNEY’s Loopback interface.
SYDNEY#ping 30.30.30.1 source 40.40.40.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.30.30.1, timeout is 2 seconds:
Packet sent with a source address of 40.40.40.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/92/124 ms
SYDNEY#
>> So here ends my laboratory.
NETWORK LESSON 
Leave a comment