OSPF NSSA

Here is a simple OSPF topology with 3 areas:

Area 15 is NSSA which means it will handle only type-1, 2 and 3 LSA’s, exactly like stub area, but differ from stub area in which it will allow injecting external routes from outside the OSPF domain.

The ASBR will inject the external routes as type-7 into the NSSA area, and the ABR will convert LSA type-7 into LSA type-5 and will inject them to the rest of the OSPF domain.

In our case R5 is the ASBR and R1 is the ABR.

Let’s start with the basic OSPF configuration for each router:

R1:

router ospf 1  router-id 1.1.1.1  log-adjacency-changes  area 15 nssa  network 10.1.12.1 0.0.0.0 area 0  network 10.1.15.1 0.0.0.0 area 15

R2:

router ospf 1  router-id 2.2.2.2  log-adjacency-changes  network 10.1.12.2 0.0.0.0 area 0  network 10.1.23.2 0.0.0.0 area 0

R3:

router ospf 1  router-id 3.3.3.3  log-adjacency-changes  network 10.1.23.3 0.0.0.0 area 0  network 10.1.34.3 0.0.0.0 area 34

R4:

router ospf 1  router-id 4.4.4.4  log-adjacency-changes  network 10.1.34.4 0.0.0.0 area 34

R5:

router ospf 1  router-id 5.5.5.5  log-adjacency-changes  area 15 nssa  redistribute connected subnets route-map RM_CONNECTED  network 10.1.15.5 0.0.0.0 area 15

The route-map RM_CONNECTED in R5 is injecting network 192.168.51.0/24 as external route into OSPF domain.

We can see that R4 is learning network 192.168.51.0/24 as O E2, which means OSPF external route:

R4#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2        i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2        ia - IS-IS inter area, * - candidate default, U - per-user static route        o - ODR, P - periodic downloaded static route Gateway of last resort is not set C    192.168.42.0/24 is directly connected, Loopback2 C    192.168.41.0/24 is directly connected, Loopback1      10.0.0.0/24 is subnetted, 4 subnets O IA    10.1.15.0 [110/4] via 10.1.34.3, 00:27:14, FastEthernet0/0 O IA    10.1.12.0 [110/3] via 10.1.34.3, 00:28:46, FastEthernet0/0 O IA    10.1.23.0 [110/2] via 10.1.34.3, 00:28:46, FastEthernet0/0 C       10.1.34.0 is directly connected, FastEthernet0/0 O E2 192.168.51.0/24 [110/20] via 10.1.34.3, 00:04:37, FastEthernet0/0

And the network appear in the OSPF database as Type-5 LSA:

R4#show ip ospf database external             OSPF Router with ID (4.4.4.4) (Process ID 1)                 Type-5 AS External Link States   Routing Bit Set on this LSA   LS age: 330   Options: (No TOS-capability, DC)   LS Type: AS External Link   Link State ID: 192.168.51.0 (External Network Number )   Advertising Router: 1.1.1.1   LS Seq Number: 80000002   Checksum: 0x6778   Length: 36   Network Mask: /24         Metric Type: 2 (Larger than any link state path)         TOS: 0         Metric: 20         Forward Address: 10.1.15.5         External Route Tag: 0

When looking on R1 OSPF database we can see the same network as LSA Type-5 for area 0 and LSA Type-7 for area 15:

R1#show ip ospf database external             OSPF Router with ID (1.1.1.1) (Process ID 1)                 Type-5 AS External Link States   LS age: 627   Options: (No TOS-capability, DC)   LS Type: AS External Link   Link State ID: 192.168.51.0 (External Network Number )   Advertising Router: 1.1.1.1   LS Seq Number: 80000002   Checksum: 0x6778   Length: 36   Network Mask: /24         Metric Type: 2 (Larger than any link state path)         TOS: 0         Metric: 20         Forward Address: 10.1.15.5         External Route Tag: 0 R1#show ip ospf database nssa-external             OSPF Router with ID (1.1.1.1) (Process ID 1)                 Type-7 AS External Link States (Area 15)   Routing Bit Set on this LSA   LS age: 577   Options: (No TOS-capability, Type 7/5 translation, DC)   LS Type: AS External Link   Link State ID: 192.168.51.0 (External Network Number )   Advertising Router: 5.5.5.5   LS Seq Number: 80000002   Checksum: 0x5A6B   Length: 36   Network Mask: /24         Metric Type: 2 (Larger than any link state path)         TOS: 0         Metric: 20         Forward Address: 10.1.15.5         External Route Tag: 0

Using the network statement I advertised network 192.168.41.0/24, and redistribute connected to advertise network 192.168.42.0/24 on R4 into area 34:

router ospf 1  router-id 4.4.4.4  log-adjacency-changes  redistribute connected subnets route-map RM_CONNECTED  network 10.1.34.4 0.0.0.0 area 34  network 192.168.41.1 0.0.0.0 area 34

Let’s see how R5 sees these networks:

R5#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2        i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2        ia - IS-IS inter area, * - candidate default, U - per-user static route        o - ODR, P - periodic downloaded static route Gateway of last resort is not set      192.168.41.0/32 is subnetted, 1 subnets O IA    192.168.41.1 [110/14] via 10.1.15.1, 00:11:37, FastEthernet0/0      10.0.0.0/24 is subnetted, 4 subnets C       10.1.15.0 is directly connected, FastEthernet0/0 O IA    10.1.12.0 [110/11] via 10.1.15.1, 00:11:37, FastEthernet0/0 O IA    10.1.23.0 [110/12] via 10.1.15.1, 00:11:37, FastEthernet0/0 O IA    10.1.34.0 [110/13] via 10.1.15.1, 00:11:37, FastEthernet0/0 C    192.168.51.0/24 is directly connected, Loopback1

R5 is learning only network 192.168.41.0/24 but not network 192.168.42.0/24 that’s because NSSA area allow only Type-1, 2, 3 and 7 LSA’s.

So even if area 34 was NSSA, R3 were converting Type-7 into Type-5 LSA which couldn’t pass to other NSSA areas.