CCNP Recertification

Posted on Friday, 24th August 2007 by sean

When an EIGRP enabled router loses a neighbour, all routes through that neighbour need to be re-evaluated. Any feasible successors are immediately promoted to successors, and any other routes go active.

“go active” means that the EIGRP router asks all its neighbours if they have a route to the destination. Each router that is queried either responds in the affirmative, or it in turn asks its neighbours if any exist. Only after a router hears back from all its neighbours does it pass a “I don’t have this route” message back up the chain. This is the Diffusing Update Algorithm, or DUAL.

When DUAL takes too long to resolve a query, such as if the network gets busy, you get the stuck-in-active error, which means the query took more than 3 minutes to complete.

The solution (besides “get a smaller network”) to SIA is to limit the scope of your queries. There are two methods to do this. The first is summarization. When an EIGRP router summarizes a network out an interface, any queries for a summarized network coming in that interface are answered and not passed along. The second way is to declare routers as stub routers, which means that you don’t want them to act as a transit anyway.

I’ve written about EIGRP stub routers before, but after taking the BSCI exam I realized my knowledge on that topic wasn’t enough.

Read the rest of this entry…

Posted in Routing | Comments (0)

Posted on Wednesday, 25th July 2007 by sean

A month or so ago I was sent a package from Train Signal containing their video training for the CCNA, BCMSN, and BSCI exams.

I had the chance to go through several of the BSCI videos and have to say I was really impressed. The videos are done by Chris Bryant who writes other certification related items and also contributes to Tech Republic. I’ve read his work in the past and thought him to be a smart guy with a good way of explaining things.

The videos are about an hour each, and are a screencast of a OneNote presentation, graphics, and console sessions. I found them to be informative and well paced. After having watched a few of the Video Mentor series from Cisco Press I was happy to be listening to someone without a heavy Texas accent!

The content of the videos is more or less what you’d expect from a classroom. Unlike the CCNP Video Mentor, this covers all the topics a class would.

A couple of things I didn’t like — the website claims that a PDF should be on the DVD containing a lab guide, which I didn’t find. That’s one thing I like about the CCNP Video Mentor series. Secondly, the practice exams on the DVD are terrible. The questions themselves aren’t too bad, but the interface is so brutal that I gave up on it.

At $199 per exam it’s far cheaper than taking a $3,000 class, and covers the same information. If you’re the kind of person that learns visually, checking out Train Signal’s offerings would be a smart move.

Posted in Reviews | Comments (0)

Posted on Tuesday, 17th July 2007 by sean

Cisco announced that Vue is the exclusive test vendor, meaning you can’t use Prometric anymore. Last day to schedule a Prometric exam is July 31st.

Posted in General | Comments (0)

Posted on Tuesday, 26th June 2007 by sean

It was a year or two ago that Cisco split up the CCNA into two exams. (ICND and INTRO). Yesterday it was announced that things were changing again into ICND1 and ICND2 exams along with creating another certification. Passing just the first ICND makes you a Cisco Certified Entry Network Technician, then passing the second gets you the CCNA. From the news release:

Laying the groundwork for more rigorous certification, CCENT validates the knowledge and skills needed to configure and verify small routed and switched networks, including the ability to configure IP addressing, implement basic security measures and understand the concepts of wireless networking.

Cisco Press, of course, has both new CCNA and CCNENT books on the way. For those that will be doing their studying during this transition and already bought books, using the Digital Short Cuts would be cheaper than buying new books. (I previously looked at a couple of PDF based products)

A cursory look at the new CCNA exam shows that the trend of migrating content from the CCNP stream into the CCNA stream is continuing. I see some basic IPv6 and Wireless, DHCP, and security topics in there, and some more details on switching protocols.

If you don’t want to take the one big exam, you take both ICND1 (640-822) and ICND2 (640-816). Last day to test the old exams is November 6th, with the new exams coming out August 1st.

I’m always in favour of raising the bar on certifications, though I’m not sure how much traction this CCENT certification will get seeing as it’s a stepping stone to an already entry level certification. However, if it helps get more people into the game, I’m all for that.

Posted in General | Comments (0)

Posted on Thursday, 21st June 2007 by sean

Earlier I looked at stub areas. One problem we found was that you can’t have an ASBR in a stub area — no “redistribute static” on any external links. What a pity!

Not so stubby areas get around this by allowing the ASBR to exist and propagate LSAs. The problem is that stub areas can’t have type 5 LSAs (external), so NSSAs use a type 7 LSA which is converted back to a type 5 on the ABR as the LSA is flooded to the backbone. Because of this functionality, all routers need to be configured as a NSSA.

R4#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R4(config)#router ospf 1
R4(config-router)#area 2 nssa
OSPF: Area is configured as stub area already
R4(config-router)#no area 2 stub
R4(config-router)#area 2 nssa

And on the ABR:

r3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
r3(config)#router ospf 1
r3(config-router)#no area 2 stub
r3(config-router)#area 2 nssa

Like the stub area, we have lost our external route to 1.1.1.1:

R4#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     4.0.0.0/24 is subnetted, 1 subnets
S       4.4.4.0 is directly connected, Null0
     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C       10.0.2.0/24 is directly connected, FastEthernet0/0
O IA    10.0.0.0/24 [110/3] via 10.0.2.3, 00:00:27, FastEthernet0/0
O IA    10.0.1.0/24 [110/2] via 10.0.2.3, 00:00:27, FastEthernet0/0
O IA    10.0.33.1/32 [110/4] via 10.0.2.3, 00:00:27, FastEthernet0/0

Note there is no static route injected by the ABR! Another option is needed:

r3(config)#router ospf 1
r3(config-router)#area 2 nssa ?
default-information-originate Originate Type 7 default into NSSA area
no-redistribution No redistribution into this NSSA area
no-summary Do not send summary LSA into NSSA

r3(config-router)#area 2 nssa default-information-originate

Now, R4 has a default route:

O*N2 0.0.0.0/0 [110/1] via 10.0.2.3, 00:00:49, FastEthernet0/0

Note it is N2, meaning it is a type 7 (pseudo type 5) LSA.

R4#show ip ospf database nssa-external

            OSPF Router with ID (10.0.2.4) (Process ID 1)

                Type-7 AS External Link States (Area 2)

  Routing Bit Set on this LSA
  LS age: 102
  Options: (No TOS-capability, No Type 7/5 translation, DC)
  LS Type: AS External Link
  Link State ID: 0.0.0.0 (External Network Number )
  Advertising Router: 10.0.2.3
  LS Seq Number: 80000001
  Checksum: 0x454E
  Length: 36
  Network Mask: /0
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 1
        Forward Address: 10.0.2.3
        External Route Tag: 0

Remarkably similar to the default route we saw in the stub area!

Now, to make use of the nssa features.

R4(config)#router ospf 1
R4(config-router)#redistribute static subnets

With redistribute static subnets on, R4 generates type 7 LSAs for the 4.4.4.0 prefix:

R4#show ip ospf database nssa-external 4.4.4.0

            OSPF Router with ID (10.0.2.4) (Process ID 1)

                Type-7 AS External Link States (Area 2)

  LS age: 79
  Options: (No TOS-capability, Type 7/5 translation, DC)
  LS Type: AS External Link
  Link State ID: 4.4.4.0 (External Network Number )
  Advertising Router: 10.0.2.4
  LS Seq Number: 80000001
  Checksum: 0x367
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 10.0.2.4
        External Route Tag: 0

And R3 sees it as a N2 route:

r3#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
O E2    1.1.1.0 [110/10] via 10.0.1.2, 00:02:13, FastEthernet0/0
     4.0.0.0/24 is subnetted, 1 subnets
O N2    4.4.4.0 [110/20] via 10.0.2.4, 00:00:08, FastEthernet1/0
     9.0.0.0/24 is subnetted, 1 subnets
S       9.9.9.0 is directly connected, Null0
     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C       10.0.2.0/24 is directly connected, FastEthernet1/0
O IA    10.0.0.0/24 [110/2] via 10.0.1.2, 00:02:13, FastEthernet0/0
C       10.0.1.0/24 is directly connected, FastEthernet0/0
O IA    10.0.33.1/32 [110/3] via 10.0.1.2, 00:02:13, FastEthernet0/0
r3#

And way over on R1, it looks like a regular old external route:

r1>show ip route 4.4.4.0
Routing entry for 4.4.4.0/24
  Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 3
  Last update from 10.0.0.2 on FastEthernet0/0, 00:01:11 ago
  Routing Descriptor Blocks:
  * 10.0.0.2, from 10.0.2.3, 00:01:11 ago, via FastEthernet0/0
      Route metric is 20, traffic share count is 1

r1>show ip ospf data
r1>show ip ospf database e
r1>show ip ospf database external 4.4.4.0

            OSPF Router with ID (10.0.33.1) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA
  LS age: 87
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 4.4.4.0 (External Network Number )
  Advertising Router: 10.0.2.3
  LS Seq Number: 80000001
  Checksum: 0x9DD7
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 10.0.2.4
        External Route Tag: 0

There is also a "no-summary" option to creating an NSSA, which does exactly the same thing as in stub areas.

How Does OSPF Generate Default Routes?
OSPF Not-So-Stubby Area (NSSA)

Posted in Routing | Comments (0)

Posted on Tuesday, 19th June 2007 by sean

I was excited to receive Practical Packet Analysis in the mail. A book on the topic of packet analysis is one of those “gee, I wish I had thought of that!” type of things.

PPA is all about using Ethereal/Wireshark to solve network problems. While not explicitly written as such, the book is done on two parts. The first is using the Wireshark software, the second brings up scenarios where Wireshark is used to solve the problem.

Packet sniffing is like real estate, it’s all about location. I was happy to see that several mentions were made about the most appropriate place to put your tracer, talk of SPAN/Remote monitoring ports, switches vs hubs, and all that. In the scenario sections, each scenario starts with a decision of where to sniff. It’s excellent for the beginner.

The advanced user will be disappointed. There is very little here that you won’t already know. Despite the chapter on “Advanced Wireshark Features”, it’s just talking about conversations, protocol statistics, TCP streams, and I/O graphs.

The book is only 164 pages long, meaning it covers a fraction of what Wireshark can do. With another 100 pages it could have shown how to use some of the statistics, actually show how I/O graphs can help you profile an application, and how to troubleshoot VoIP. Yes, that’s right, a book on network problem solving written in 2007 and there’s no VoIP. If I can describe how to use Wireshark to Solve VoIP problems in under 2500 words, it could have fit in the book.

To its credit, there is a chapter on wireless troubleshooting. It’s OK for 15 pages, but like the rest of the advanced chapters, left me wanting more.

The capture file for each example is downloadable from the author’s site. Despite being contrived examples, they are quite effective. Besides just showing screen shots, the book makes each a learning experience, gathering a description of the problem, locating the sniffer, and walking through the process of capturing the packets and analyzing them.

For the person getting started with packet tracing (and if you don’t know it, you should) this is a good start. You’ll learn how to find a spot to sniff, how to use capture and display filters effectively, and learn some of the basic protocols and how to spot problems.

Posted in Reviews | Comments (0)

Posted on Sunday, 17th June 2007 by sean

I’ve got a bunch of books on my shelf I’ve been meaning to review, but I really wanted to mention the CCNP BSCI Portable Command Guide. It was sent to me a few weeks ago and I’ve recently had the chance to go through it.

It’s a lot like O’Reilly’s cookbook series, but more concise. The inside front cover has a list of “I want to…” type statements, grouped by protocol, along with the page number. The pages inside have examples of command usage. What’s not to love?

This book is remarkable not for its study value, but for its helpfulness in the field. It’s a small book, both in page count and form (6×9). It’s got all the stuff you need to help jog your memory on routing commands. This one is going on my desk come Monday.

For some reason Cisco Press chose to offer a downloadable version for the same price. I can’t see the value of that. While people studying for BSCI won’t be hurt by having this book, it’s far more valuable for when you’re doing some work.

There are 3 others coming out for the remaining 3 exams. I’m looking forward to the switching one most of all…

Posted in Reviews | Comments (0)

Posted on Wednesday, 13th June 2007 by sean

Earlier I gave a description of OSPF special areas (stubby, not so stubby, totally stubby). Here’s some examples to back it up.

I use dynagen to simulate my environment, it’s so good I ended up selling my routers! Here’s the config:

autostart = false 

[localhost]

    [[7200]]
   image = ..\images\c7200-jk9s-mz.122-40.bin
   npe = npe-400
    ram = 192

    [[ROUTER R1]]
    f0/0 = LAN 1

    [[ROUTER R2]]
    f0/0 = LAN 1
    f1/0 = LAN 2

    [[ROUTER R3]]
    f0/0 = LAN 2
    f1/0 = LAN 3

    [[ROUTER R4]]
    f0/0 = LAN 3

That sets up 4 7200 series routers, basically with crossover cables between them. (picture to come).

R1-R2 is area 1
R2-R3 is area 0
R3-R4 is area 2

R1 redistributes 1.1.1.0/24 into OSPF. R4 redistributes 4.4.4.0/24 into OSPF.

R4#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
O E2    1.1.1.0 [110/10] via 10.0.2.3, 00:00:27, FastEthernet0/0
     4.0.0.0/24 is subnetted, 1 subnets
S       4.4.4.0 is directly connected, Null0
     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C       10.0.2.0/24 is directly connected, FastEthernet0/0
O IA    10.0.0.0/24 [110/3] via 10.0.2.3, 00:01:24, FastEthernet0/0
O IA    10.0.1.0/24 [110/2] via 10.0.2.3, 00:01:24, FastEthernet0/0
O IA    10.0.33.1/32 [110/4] via 10.0.2.3, 00:01:24, FastEthernet0/0
R4#

In the default OSPF config, the routes from both the backbone and area 1 are seen as O IA routes (interarea), and the redistributed route from R1 is E2 (note how the metric is always 10, no matter how far away it is, that's because it's E2 and not E1).

Area 2 is, topology wise, a stub (ditto R1). Everything has to leave by R3. By filtering the types of routes that make it into area 2 (on the ABR... remember we're in link state land here), the number of routes can be reduced allowing lower end routers to do the same job.

First order of business is to change area 2 into a stub with the "area 2 stub" command on R3 and R4. I had to remove the "redistribute static subnets" on R4 because an ASBR is not allowed within a stub area (more on this later)

r3(config)#router ospf 1
r3(config-router)#area 2 stub

R4(config)#router ospf 1
R4(config-router)#area 2 stub
OSPF: Stub command is invalid when it is ASBR

R4(config-router)#no redistribute static
R4(config-router)#area 2 stub

After OSPF reconverges, R4 has no more external routes. They have been replaced by a default route to an ABR:

R4#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.0.2.3 to network 0.0.0.0

     4.0.0.0/24 is subnetted, 1 subnets
S       4.4.4.0 is directly connected, Null0
     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C       10.0.2.0/24 is directly connected, FastEthernet0/0
O IA    10.0.0.0/24 [110/3] via 10.0.2.3, 00:00:05, FastEthernet0/0
O IA    10.0.1.0/24 [110/2] via 10.0.2.3, 00:00:05, FastEthernet0/0
O IA    10.0.33.1/32 [110/4] via 10.0.2.3, 00:00:05, FastEthernet0/0
O*IA 0.0.0.0/0 [110/2] via 10.0.2.3, 00:00:05, FastEthernet0/0

And, of course, there are no type 5 LSAs on R4:

R4#show ip ospf database external

            OSPF Router with ID (10.0.2.4) (Process ID 1)

But there are on R3, because it's the one connected to the backbone:

r3#show ip ospf database external

            OSPF Router with ID (10.0.2.3) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA
  LS age: 544
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 1.1.1.0 (External Network Number )
  Advertising Router: 10.0.33.1
  LS Seq Number: 80000001
  Checksum: 0x1764
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 10
        Forward Address: 0.0.0.0
        External Route Tag: 0

Looking back at the stub area, there are still a bunch of IntraArea routes (type 3 summary LSAs). At the ABR we can filter those out and rely on the default route.

r3(config)#router ospf 1
r3(config-router)#area 2 stub no-summary

Remember the no-summary means no type 3 summary LSAs, and has nothing to do with summarization of routes!

This has the effect of cleaning up R4's routing table nicely:

R4#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.0.2.3 to network 0.0.0.0

     4.0.0.0/24 is subnetted, 1 subnets
S       4.4.4.0 is directly connected, Null0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.2.0 is directly connected, FastEthernet0/0
O*IA 0.0.0.0/0 [110/2] via 10.0.2.3, 00:01:19, FastEthernet0/0

R4#show ip ospf database summary

            OSPF Router with ID (10.0.2.4) (Process ID 1)

                Summary Net Link States (Area 2)

  Routing Bit Set on this LSA
  LS age: 46
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 0.0.0.0 (summary Network Number)
  Advertising Router: 10.0.2.3
  LS Seq Number: 80000004
  Checksum: 0x31FA
  Length: 28
  Network Mask: /0
        TOS: 0  Metric: 1

The only summary route is the default route (0.0.0.0/0) advertised by R3.

This post has sat in draft long enough. I'll do a separate post about not-so-stubby areas, which fix the "no ASBR in stub zones" problem above.

Posted in Routing | Comments (1)

Posted on Saturday, 19th May 2007 by sean

Every so often I get a comment or email from someone working on their CCNP which is great. I thought I’d post an update on where I am.

My CCNP expired a couple of years ago. I started this website so that I could post my study notes for the recert exam and hopefully help others.

A few months into that, I got the opportunity to write a book which I took. This unfortunately caused me to miss my deadline, so my CCNP was then invalid.

My agent from my book also got me into writing about UNIX for various parties, which slowed down the pace of my recertification. Eventually I got my CCNA again, and BCMSN.

Late last year when the CCNP changed I contacted Cisco Press about becoming a technical editor for any of their new books. I got on as the technical editor for the upcoming ISCW book, and managed to get roped into writing the questions that go in the back of the BCMSN book that just came out, the ISCW book that I edited, and the BSCI book that’s coming out. I’m almost done all but the last part.

I’ve also been busy helping b5media with systems administration and LAMP scaling, which has further pushed off my recert.

I’m happy to say I passed ISCW a couple of weeks ago. I think the book that’s coming out is well written, and I owe my success on that exam to having spent so much time studying the manuscript as it was being written.

I hope to write BSCI fairly soon. I’ve been focusing my studying on IPv6, multicast, and SONA largely because those are the areas I am concentrating on for the practice questions. However I’ve also been working on OSPF and IS-IS because those are my weak spots.

I’ve also got a pile of Cisco Press books that I’d like to share my opinion on in the coming weeks. The new CCNP video mentor is quite good, and I just received the BSCI pocket reference. If you like O’Reilly’s Hacks or Cookbooks series, I think you’ll be happy with these references.

Posted in General | Comments (0)

Posted on Saturday, 19th May 2007 by sean

I’ve been doing some prep for BSCI lately and am back into OSPF. One thing I ran into was keeping the various types of areas straight, and remembering all the restrictions that come with them. It wasn’t helped by an unclear description I read in the book, which caused me to really get into the details of NSSA areas.

Stub areas exist to reduce the number of LSAs that are processed within an area. This is done by sacrificing some information. Practically, this means we filter out various routes that are coming into the area and replace it with a default route. Remember that as a link state protocol, all routers within the area have to have the same information, so most of the work is done on the ABR.

A stubby area ignores external routes (O E1, O E2), and permits both inter and intra area routes (O IA and O). The path to the external routes is replaced by a default route injected by the ABR.

Leaving a default route to the ABR to get to the external destinations leads you to say “If I can do that for external routes, why not do the same thing to the interarea routes?”. That would be a totally stubby area. Totally stubby areas have only intra area routes (O), with the ABRs injecting default routes. Because an ABR, by definition, is on the backbone, it knows all the routes.

From an LSA perspective, the area itself is flooding type 1 and 2 LSAs to represent the various router and link states. The ABR sorts through those and issues type 3 LSAs to the backbone, where it becomes an O IA route. External routes are type 5 LSAs.

So an ABR operating in stubby mode filters out type 5 LSAs. An ABR in totally stubby mode filters out both type 5 and 3. This is also why only the ABR needs the “no-summary” attribute (referring to the type 3 summary LSA, not a summary route), because only the ABR filters and injects a default route.

Anyone who’s been around a network for long knows that it’s hard to predict where you’re going to have a connection to another system where you might need to redistribute a route into your IGP. Any route redistributed into OSPF is automatically an external route, and makes the router an ASBR. However, ASBRs and external routes are not allowed in stubs, hence the NSSA. An NSSA behaves the same as a stubby area except that ASBRs are allowed, with some trickery happening to get around the rules.

In an NSSA, external routes are allowed if they originate inside. The ABRs still filter out the type 5 LSAs at the border. Any ASBR within an NSSA advertises external routes as type 7 routes instead of type 5. Thus, they show up in the routing table as O N1 instead of O E1. The ABR converts the type 7 LSA into a type 5 LSA before it advertises the LSA to the backbone.

Because of the restriction on the type 5 LSAs, and the need to understand type 7 LSAs, all routers in the area need to be configured as an NSSA.

The “no-summary” still exists, and is only needed on the ABR. So, in addition to the NSSA behaviour, you’re still allowed to filter out those interarea type 3 LSAs at the border.

NSSAs are goofy in that you need to originate a default route explicitly in the nssa command.

I have a labbed up example using dyna-gen that shows how it works using 3 routers. I’ll post all the configs and network descriptions if you want to follow along with real gear or simulated gear…. Stay tuned.

Posted in Routing | Comments (0)