Enhance your Career in Networking With IPinBits!!!​

NSSA

We have seen Stub and Totally Stub area, so the question arises, why do we need another Stub area type. ( also asked in interviews).

To answer this question, since we are making area 1 as stub and totally stub are the external routes are not allowed in OSPF domain, so if we want to allow this since we do always having external routing into our OSPF domain be it ISP or be it any other domains, we make Stub area as NSSA i;.e not so stubby, which allows Type 7 LSA, but it will still block type 4,5 LSA’s. The type 7 LSA are converted into type 5 by the ABR (R2) who knows this ASBR (R1) by flipping a bit P in type 1 LSA, we will see that short below in captures as well ( Another mostly asked interview question !!!!). Also know as type 7-5 conversion.

Also there is one more catch here and this is how its design, the default route that ABR used to push inside the stub area will not be present i will show with the lab scenarios and this is only Specific to NSSA type not even totally NSSA. To sum it up Default routes are injected in STUB, Totally STUB, Totally NSSA, not in NSSA, so we need to manually give default route for NSSA so we can communicate to external prefixes, enough theory lets do it in lab.

Let’s check the above concept and theory with the help of this Lab.

Before making it NSSA, let’s see how the routing table and OSPF database looks like on R1,

R1#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

      20.0.0.0/24 is subnetted, 1 subnets
O E2     20.20.20.0 [110/20] via 192.168.12.2, 00:00:04, Ethernet0/0
      21.0.0.0/24 is subnetted, 1 subnets
O E2     21.21.21.0 [110/20] via 192.168.12.2, 00:00:04, Ethernet0/0
      22.0.0.0/24 is subnetted, 1 subnets
O E2     22.22.22.0 [110/20] via 192.168.12.2, 00:00:04, Ethernet0/0
      23.0.0.0/24 is subnetted, 1 subnets
O E2     23.23.23.0 [110/20] via 192.168.12.2, 00:00:04, Ethernet0/0
      40.0.0.0/24 is subnetted, 1 subnets
O E2     40.40.40.0 [110/20] via 192.168.12.2, 00:00:04, Ethernet0/0
      41.0.0.0/24 is subnetted, 1 subnets
O E2     41.41.41.0 [110/20] via 192.168.12.2, 00:00:04, Ethernet0/0
      42.0.0.0/24 is subnetted, 1 subnets
O E2     42.42.42.0 [110/20] via 192.168.12.2, 00:00:04, Ethernet0/0
      43.0.0.0/24 is subnetted, 1 subnets
O E2     43.43.43.0 [110/20] via 192.168.12.2, 00:00:04, Ethernet0/0
O IA  192.168.23.0/24 [110/20] via 192.168.12.2, 00:00:04, Ethernet0/0
O IA  192.168.34.0/24 [110/30] via 192.168.12.2, 00:00:04, Ethernet0/0
R1#

R1#show ip ospf database 

            OSPF Router with ID (13.13.13.13) (Process ID 1)

                Router Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Link count
13.13.13.13     13.13.13.13     68          0x80000019 0x006A4F 1
23.23.23.23     23.23.23.23     133         0x80000017 0x0084E4 1

                Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
192.168.12.2    23.23.23.23     334         0x80000013 0x001AA9

                Summary Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
192.168.23.0    23.23.23.23     340         0x80000002 0x0087CD
192.168.34.0    23.23.23.23     340         0x80000002 0x0072CD

                Summary ASB Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
43.43.43.43     23.23.23.23     340         0x80000001 0x00CD51

                Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
1.1.1.0         13.13.13.13     395         0x80000001 0x003C2D 0
5.0.0.0         13.13.13.13     395         0x80000001 0x001F48 0
10.10.10.0      13.13.13.13     395         0x80000001 0x00F657 0
11.11.11.0      13.13.13.13     395         0x80000001 0x00D278 0
12.12.12.0      13.13.13.13     395         0x80000001 0x00AE99 0
13.13.13.0      13.13.13.13     395         0x80000001 0x008ABA 0
20.20.20.0      23.23.23.23     1613        0x80000003 0x005CA9 0
21.21.21.0      23.23.23.23     1613        0x80000003 0x0038CA 0
22.22.22.0      23.23.23.23     1613        0x80000003 0x0014EB 0
23.23.23.0      23.23.23.23     1613        0x80000003 0x00EF0D 0
40.40.40.0      43.43.43.43     1674        0x80000003 0x002F4A 0
41.41.41.0      43.43.43.43     1674        0x80000003 0x000B6B 0
42.42.42.0      43.43.43.43     1674        0x80000003 0x00E68C 0
43.43.43.0      43.43.43.43     1674        0x80000003 0x00C2AD 0
51.51.51.0      13.13.13.13     395         0x80000001 0x002DA5 0
R1#

Now we will configure area 1 as NSSA, by now we know that neighbor bounces and comes up once we configure R1 and R2 as NSSA.
R1(config-router)#area 1 nssa 
R1(config-router)#
*Jan 17 09:31:28.786: %OSPF-5-ADJCHG: Process 1, Nbr 23.23.23.23 on Ethernet0/0 from FULL to DOWN, Neighbor Down: Adjacency forced to reset
R1(config-router)#
*Jan 17 09:31:38.093: %OSPF-5-ADJCHG: Process 1, Nbr 23.23.23.23 on Ethernet0/0 from LOADING to FULL, Loading Done
R1(config-router)#

Let’s check the ospf database and route table now, we will definitely see some changes, NSSA will also block LSA 4, 5 but here we will see a new LSA 7 in the database, and this LSA is allowed till ABR (R2) who knows this ASBR (R1).

First let’s see the Routing table and database.

R1#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

      20.0.0.0/24 is subnetted, 1 subnets
O N2     20.20.20.0 [110/20] via 192.168.12.2, 00:09:57, Ethernet0/0
      21.0.0.0/24 is subnetted, 1 subnets
O N2     21.21.21.0 [110/20] via 192.168.12.2, 00:09:57, Ethernet0/0
      22.0.0.0/24 is subnetted, 1 subnets
O N2     22.22.22.0 [110/20] via 192.168.12.2, 00:09:57, Ethernet0/0
      23.0.0.0/24 is subnetted, 1 subnets
O N2     23.23.23.0 [110/20] via 192.168.12.2, 00:09:57, Ethernet0/0
O IA  192.168.23.0/24 [110/20] via 192.168.12.2, 00:03:25, Ethernet0/0
O IA  192.168.34.0/24 [110/30] via 192.168.12.2, 00:03:25, Ethernet0/0
R1#

R1#show ip ospf database 

            OSPF Router with ID (13.13.13.13) (Process ID 1)

                Router Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Link count
13.13.13.13     13.13.13.13     631         0x80000022 0x00FDAC 1
23.23.23.23     23.23.23.23     240         0x8000001F 0x001A41 1

                Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
192.168.12.2    23.23.23.23     627         0x8000001A 0x00B105

                Summary Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
192.168.23.0    23.23.23.23     230         0x80000001 0x002F21
192.168.34.0    23.23.23.23     230         0x80000001 0x001A21

                Type-7 AS External Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Tag
1.1.1.0         13.13.13.13     631         0x80000003 0x007E68 0
5.0.0.0         13.13.13.13     631         0x80000003 0x006183 0
10.10.10.0      13.13.13.13     631         0x80000003 0x003992 0
11.11.11.0      13.13.13.13     631         0x80000003 0x0015B3 0
12.12.12.0      13.13.13.13     631         0x80000003 0x00F0D4 0
13.13.13.0      13.13.13.13     631         0x80000003 0x00CCF5 0
20.20.20.0      23.23.23.23     239         0x80000003 0x0040C3 0
21.21.21.0      23.23.23.23     239         0x80000003 0x001CE4 0
22.22.22.0      23.23.23.23     239         0x80000003 0x00F706 0
23.23.23.0      23.23.23.23     239         0x80000003 0x00D327 0
51.51.51.0      13.13.13.13     631         0x80000003 0x006FE0 0
R1#

So it we match the routing table and database before and after you will see that the type 7 LSA is introduced now for all the external routes and the default route type for NSSA is O N2, we will have one more short article on all the OSPF route type and how to read the ospf routing table.

Thing to note now there is no default route present here so we can reach the external routes from R3, R4, R5.

R1#ping 41.41.41.41  
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 41.41.41.41, timeout is 2 seconds:
....
Success rate is 0 percent (0/4)
R1#

To do so, we need to manually give the default route in NSSA area, as follow and it should work as expected then, lets see by labbing it up.

We will give the default route on R2 as its the ABR which knows the ASBR (R5).

R2#
R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#router ospf 1
R2(config-router)#area 1 nssa defau
R2(config-router)#area 1 nssa default-information-originate 
R2(config-router)#do wr
Building configuration...
[OK]
R2(config-router)#
R2(config-router)#

R1#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is 192.168.12.2 to network 0.0.0.0

O*N2  0.0.0.0/0 [110/1] via 192.168.12.2, 00:01:34, Ethernet0/0
      20.0.0.0/24 is subnetted, 1 subnets
O N2     20.20.20.0 [110/20] via 192.168.12.2, 00:01:47, Ethernet0/0
      21.0.0.0/24 is subnetted, 1 subnets
O N2     21.21.21.0 [110/20] via 192.168.12.2, 00:01:47, Ethernet0/0
      22.0.0.0/24 is subnetted, 1 subnets
O N2     22.22.22.0 [110/20] via 192.168.12.2, 00:01:47, Ethernet0/0
      23.0.0.0/24 is subnetted, 1 subnets
O N2     23.23.23.0 [110/20] via 192.168.12.2, 00:01:47, Ethernet0/0
O IA  192.168.23.0/24 [110/20] via 192.168.12.2, 00:01:47, Ethernet0/0
O IA  192.168.34.0/24 [110/30] via 192.168.12.2, 00:01:47, Ethernet0/0
R1#

Now we see the default route and we can reach the external prefixes.

R1#ping 41.41.41.41
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 41.41.41.41, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

This is how NSSA works, last thing to discuss is how does the type 7 to 5 conversion happen between ABR and ASBR , lets see in the capture, the ASBR i.e. R1 will flip P bit (* cisco IOS doesn’t show P bit exactly, it will be shown as N bit or NSSA) as show below, this is how the ABR (R2) comes to knows, that I need to convert the external routes from type 7 to type 5.

This is all about NSSA, hope you enjoyed it , see you soon in the next article.

Related blog posts