Configuring NSSA for OSPFv2

Information About Configuring NSSA for OSPF

Characteristics of RFC 3101

RFC 3101 describes the following features:

  • Provides an option of importing OSPF summary routes into a Not-So-Stubby Area (NSSA) as Type-3 summary-Link State Advertisement (LSA).

  • Refines the setting of the forwarding address in Type-7 LSAs.

  • Revises the Type-7 external route calculation.

  • Strengthens the process of translating Type-7 LSAs into Type-5 LSAs.

  • Modifies the process of flushing translated Type-7 LSAs.

  • Defines the P-bit (propagate bit) default as clear.

RFC 1587 Compliance

RFC 3101 compliance is automatically enabled on the devices. Use the compatible rfc1587 command in router configuration mode to revert to route selection that is based on RFC 1587. When you configure the device to be compatible with RFC 1587, the device performs the following actions:

  • Reverts the route selection process to RFC 1587.

  • Configures Autonomous System Border Router (ASBR) to configure the P (propagate bit) and zero-forwarding address.

  • Disables always translating Area Border Router (ABR).

How to Configure NSSA for OSPF

Configuring an OSPFv2 NSSA Area and Its Parameters

Procedure

  Command or Action Purpose

Step 1

enable

Example:


Device>enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device#configure terminal

Enters global configuration mode.

Step 3

router ospf process-id

Example:


Device(config)#router ospf 10

Enables OSPF routing and enters router configuration mode.

  • The process-id argument identifies the OSPF process. The range is from 1 to 65535.

Step 4

redistribute protocol [process-id ] {level-1 | level-1-2 | level-2 } [autonomous-system-number ] [metric {metric-value | transparent }] [metric-type type-value ] [match {internal | external 1 | external 2 }] [tag tag-value ] [route-map map-tag ] [subnets ] [nssa-only ]

Example:


Device(config-router)#redistribute rip subnets

Redistributes routes from one routing domain to another routing domain.

  • In the example, Routing Information Protocol (RIP) subnets are redistributed into the OSPF domain.

Step 5

network ip-address wildcard-mask area area-id

Example:


Device(config-router)#network 192.168.129.11 0.0.0.255 area 1

Defines the interfaces on which OSPF runs and the area ID for those interfaces.

Step 6

area area-id nssa [no-redistribution ] [default-information-originate [metric ] [metric-type ]] [no-summary ] [nssa-only ]

Example:


Device(config-router)#area 1 nssa

Configures a Not-So-Stubby Area (NSSA) area.

Step 7

summary-address prefix mask [not-advertise ] [tag tag ] [nssa-only ]

Example:


Device(config-router)#summary-address 10.1.0.0 255.255.0.0 not-advertise
 

Controls the route summarization and filtering during the translation and limits the summary to NSSA areas.

Step 8

end

Example:


Device(config-router)#end

Exits router configuration mode and returns to privileged EXEC mode.

Configuring an NSSA ABR as a Forced NSSA LSA Translator

Procedure

  Command or Action Purpose

Step 1

enable

Example:


Device>enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device#configure terminal

Enters global configuration mode.

Step 3

router ospf process-id

Example:


Device(config)#router ospf 1

Enables OSPF routing and enters router configuration mode.

  • The process-id argument identifies the OSPF process. The range is from 1 to 65535.

Step 4

area area-id nssa translate type7 always

Example:


Device(config-router)#area 10 nssa translate type7 always

Configures a Not-So-Stubby Area Area Border Router (NSSA ABR) device as a forced NSSA Link State Advertisement (LSA) translator.

Note

 

You can use the always keyword in the area nssa translate command to configure an NSSA ABR device as a forced NSSA LSA translator. This command can be used if RFC 3101 is disabled and RFC 1587 is used.

Step 5

area area-id nssa translate type7 suppress-fa

Example:


Device(config-router)#area 10 nssa translate type7 suppress-fa

Allows ABR to suppress the forwarding address in translated Type-5 LSA.

Step 6

end

Example:


Device(config-router)#end

Exits router configuration mode and returns to privileged EXEC mode.

Disabling RFC 3101 Compatibility and Enabling RFC 1587 Compatibility

Procedure

  Command or Action Purpose

Step 1

enable

Example:


Device>enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device#configure terminal

Enters global configuration mode.

Step 3

router ospf process-id

Example:


Device(config)#router ospf 1

Enables OSPF routing and enters router configuration mode.

  • The process-id argument identifies the OSPF process.

  • Use router ospf process-id command to enable OSPFv2 routing.

Step 4

compatible rfc1587

Example:


Device(config-router)#compatible rfc1587

Enables the device to be RFC 1587 compliant.

Step 5

end

Example:


Device(config-router)#end

Exits router configuration mode and returns to privileged EXEC mode.

Configuration Examples for OSPF NSSA

Example: Configuring OSPF NSSA

In the following example, an Open Shortest Path First (OSPF) stub network is configured to include OSPF Area 0 and OSPF Area 1, using five devices. Device 3 is configured as the NSSA Autonomous System Border Router (ASBR). Device 2 configured to be the NSSA Area Border Router (ABR). OSPF Area 1 is defined as a Not-So-Stubby Area (NSSA).

Device 1

Device#hostname Device1
!
interface Loopback1
 ip address 10.1.0.1 255.255.255.255
!
interface Ethernet0/0
 ip address 192.168.0.1 255.255.255.0
 ip ospf 1 area 0
 no cdp enable
!
interface Serial10/0
 description Device2 interface s11/0
 ip address 192.168.10.1 255.255.255.0
 ip ospf 1 area 1
 serial restart-delay 0
 no cdp enable
!
router ospf 1
 area 1 nssa
!
end

Device 2

Device#hostname Device2
!
!
interface Loopback1
 ip address 10.1.0.2 255.255.255.255
!
interface Serial10/0
 description Device1 interface s11/0
 no ip address
 shutdown
 serial restart-delay 0
 no cdp enable
!
interface Serial11/0
 description Device1 interface s10/0
 ip address 192.168.10.2 255.255.255.0
 ip ospf 1 area 1
 serial restart-delay 0
 no cdp enable
!
interface Serial14/0
 description Device3 interface s13/0
 ip address 192.168.14.2 255.255.255.0
 ip ospf 1 area 1
 serial restart-delay 0
 no cdp enable
!
router ospf 1
 area 1 nssa
!
end

Device 3

Device#hostname Device3
!
interface Loopback1
 ip address 10.1.0.3 255.255.255.255
!
interface Ethernet3/0
 ip address 192.168.3.3 255.255.255.0
 no cdp enable
!
interface Serial13/0
 description Device2 interface s14/0
 ip address 192.168.14.3 255.255.255.0
 ip ospf 1 area 1
 serial restart-delay 0
 no cdp enable
!
router ospf 1
 log-adjacency-changes
 area 1 nssa
 redistribute rip subnets
!
router rip
 version 2
 redistribute ospf 1 metric 15
 network 192.168.3.0
end

Device 4

Device#hostname Device4
!
interface Loopback1
 ip address 10.1.0.4 255.255.255.255
!
interface Ethernet3/0
 ip address 192.168.3.4 255.255.255.0
 no cdp enable
!
interface Ethernet4/1
 ip address 192.168.41.4 255.255.255.0
!
router rip
 version 2
 network 192.168.3.0
 network 192.168.41.0
!
end

Device 5

Device#hostname Device5
!
interface Loopback1
 ip address 10.1.0.5 255.255.255.255
!
interface Ethernet0/0
 ip address 192.168.0.10 255.255.255.0
 ip ospf 1 area 0
 no cdp enable
!
interface Ethernet1/1
 ip address 192.168.11.10 255.255.255.0
 ip ospf 1 area 0
!
router ospf 1
!
end

Example: OSPF NSSA Area with RFC 3101 Disabled and RFC 1587 Active

In the following example, the output for the show ip ospf and show ip ospf database nssa commands shows an Open Shortest Path First Not-So-Stubby Area (OSPF NSSA) area where RFC 3101 is disabled, RFC 1587 is active, and an NSSA Area Border Router (ABR) device is configured as a forced NSSA LSA translator. If RFC 3101 is disabled, the forced NSSA LSA translator remains inactive.


Device#show ip ospf

Routing Process "ospf 1" with ID 10.0.2.1
Start time: 00:00:25.512, Time elapsed: 00:01:02.200
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 1587)
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 0 normal 0 stub 1 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
Area 1
Number of interfaces in this area is 1
It is a NSSA area
Configured to translate Type-7 LSAs, inactive (RFC3101 support
disabled)
Area has no authentication
SPF algorithm last executed 00:00:07.160 ago
SPF algorithm executed 3 times
Area ranges are
Number of LSA 3. Checksum Sum 0x0245F0
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0

The table below describes the show ip ospf display fields and their descriptions.

Table 1. show ip ospf Field Descriptions

Field

Description

Supports NSSA (compatible with RFC 1587)

Specifies that RFC 1587 is active or that the OSPF NSSA area is RFC 1587 compatible.

Configured to translate Type-7 LSAs, inactive (RFC3101 support disabled)

Specifies that OSPF NSSA area has an ABR device configured to act as a forced translator of Type 7 LSAs. However, it is inactive because RFC 3101 is disabled


Device2# show ip ospf database nssa

Router Link States (Area 1)
LS age: 28
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 10.0.2.1
Advertising Router: 10.0.2.1
LS Seq Number: 80000004
Checksum: 0x5CA2
Length: 36
Area Border Router
AS Boundary Router
Unconditional NSSA translator
Number of Links: 1
Link connected to: a Stub Network
(Link ID) Network/subnet number: 192.0.2.5
(Link Data) Network Mask: 255.255.255.0
Number of MTID metrics: 0
TOS 0 Metrics: 10

The table below describes the show ip ospf database nssa display fields and their descriptions.

Table 2. show ip ospf database nssa Field Descriptions

Field

Description

Unconditional NSSA translator

Specifies that NSSA ASBR device is a forced NSSA LSA translator

Example: Verifying OSPF NSSA

The following is sample output from the show ip ospf command. The output displays that OSPF Area 1 is an NSSA area.


Device2#show ip ospf

 Routing Process "ospf 1" with ID 10.1.0.2
 Start time: 00:00:01.392, Time elapsed: 12:03:09.480
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Supports Link-local Signaling (LLS)
 Supports area transit capability
 Router is not originating router-LSAs with maximum metric
 Initial SPF schedule delay 5000 msecs
 Minimum hold time between two consecutive SPFs 10000 msecs
 Maximum wait time between two consecutive SPFs 10000 msecs
 Incremental-SPF disabled
 Minimum LSA interval 5 secs
 Minimum LSA arrival 1000 msecs
 LSA group pacing timer 240 secs
 Interface flood pacing timer 33 msecs
 Retransmission pacing timer 66 msecs
 Number of external LSA 0. Checksum Sum 0x000000
 Number of opaque AS LSA 0. Checksum Sum 0x000000
 Number of DCbitless external and opaque AS LSA 0
 Number of DoNotAge external and opaque AS LSA 0
 Number of areas in this router is 1. 0 normal 0 stub 1 nssa
 Number of areas transit capable is 0
 External flood list length 0
    Area 1
  Number of interfaces in this area is 2
! It is a NSSA area
  Area has no authentication
  SPF algorithm last executed 11:37:58.836 ago
  SPF algorithm executed 3 times
  Area ranges are
  Number of LSA 7. Checksum Sum 0x045598
  Number of opaque link LSA 0. Checksum Sum 0x000000
  Number of DCbitless LSA 0
  Number of indication LSA 0
  Number of DoNotAge LSA 0
  Flood list length 0


Device2#show ip ospf data

            OSPF Router with ID (10.1.0.2) (Process ID 1)
		Router Link States (Area 1)
Link ID         ADV Router      Age         Seq#       Checksum Link count
10.1.0.1        10.1.0.1        1990        0x80000016 0x00CBCB 2
10.1.0.2        10.1.0.2        1753        0x80000016 0x009371 4
10.1.0.3        10.1.0.3        1903        0x80000016 0x004149 2

		Summary Net Link States (Area 1)
Link ID         ADV Router      Age         Seq#       Checksum
192.168.0.0     10.1.0.1        1990        0x80000017 0x00A605
192.168.11.0    10.1.0.1        1990        0x80000015 0x009503

		Type-7 AS External Link States (Area 1)
Link ID         ADV Router      Age         Seq#       Checksum Tag
192.168.3.0     10.1.0.3        1903        0x80000015 0x00484F 0
192.168.41.0    10.1.0.3        1903        0x80000015 0x00A4CC 0

The following is sample output from the show ip ospf database data command. The output displays additional information about redistribution between Type 5 and Type 7 LSAs for routes that are injected into the NSSA area and then flooded through the OSPF network.


Device2#show ip ospf database data

            OSPF Router with ID (10.1.0.2) (Process ID 1)
Area 1 database summary
  LSA Type      Count    Delete   Maxage
  Router        3        0        0       
  Network       0        0        0       
  Summary Net   2        0        0       
  Summary ASBR  0        0        0       
  Type-7 Ext    2        0        0 
      
Prefixes redistributed in Type-7  0
  Opaque Link   0        0        0       
  Opaque Area   0        0        0       
  Subtotal      7        0        0 
      
Process 1 database summary
  LSA Type      Count    Delete   Maxage
  Router        3        0        0       
  Network       0        0        0       
  Summary Net   2        0        0       
  Summary ASBR  0        0        0       
  Type-7 Ext    2        0        0       
  Opaque Link   0        0        0       
  Opaque Area   0        0        0       
  Type-5 Ext    0        0        0     
  
Prefixes redistributed in Type-5  0
  Opaque AS     0        0        0       
  Total         7        0        0       

The following is sample output from the show ip ospf database nssa command. The output displays detailed information for Type 7 to Type 5 translations:


Device2#show ip ospf database nssa

  OSPF Router with ID (10.1.0.2) (Process ID 1)
  Type-7 AS External Link States (Area 1)
  Routing Bit Set on this LSA
  LS age: 1903
  Options: (No TOS-capability, Type 7/5 translation, DC)
  LS Type: AS External Link
  Link State ID: 192.168.3.0 (External Network Number )
  Advertising Router: 10.1.0.3
  LS Seq Number: 80000015
  Checksum: 0x484F
  Length: 36
  Network Mask: /24
  Metric Type: 2 (Larger than any link state path)
  TOS: 0 
  Metric: 20 
  Forward Address: 192.168.14.3
  External Route Tag: 0
  Routing Bit Set on this LSA
  LS age: 1903
! Options: (No TOS-capability, Type 7/5 translation, DC)
  LS Type: AS External Link
  Link State ID: 192.168.41.0 (External Network Number )
  Advertising Router: 10.1.0.3
  LS Seq Number: 80000015
  Checksum: 0xA4CC
  Length: 36
  Network Mask: /24
  Metric Type: 2 (Larger than any link state path)
  TOS: 0 
  Metric: 20 
  Forward Address: 192.168.14.3
  External Route Tag: 0

Example: OSPF NSSA Area with RFC 3101 Disabled and RFC 1587 Active

The following sample output from the show ip ospf command displays that the device is acting as an ASBR and OSPF Area 1 is configured as an NSSA area:

Device3#show ip ospf

 Routing Process "ospf 1" with ID 10.1.0.3
 Start time: 00:00:01.392, Time elapsed: 12:02:34.572
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Supports Link-local Signaling (LLS)
 Supports area transit capability
!It is an autonomous system boundary router
 Redistributing External Routes from,
    rip, includes subnets in redistribution
 Router is not originating router-LSAs with maximum metric
 Initial SPF schedule delay 5000 msecs
 Minimum hold time between two consecutive SPFs 10000 msecs
 Maximum wait time between two consecutive SPFs 10000 msecs
 Incremental-SPF disabled
 Minimum LSA interval 5 secs
 Minimum LSA arrival 1000 msecs
 LSA group pacing timer 240 secs
 Interface flood pacing timer 33 msecs
 Retransmission pacing timer 66 msecs
 Number of external LSA 0. Checksum Sum 0x000000
 Number of opaque AS LSA 0. Checksum Sum 0x000000
 Number of DCbitless external and opaque AS LSA 0
 Number of DoNotAge external and opaque AS LSA 0
 Number of areas in this router is 1. 0 normal 0 stub 1 nssa
 Number of areas transit capable is 0
 External flood list length 0
    Area 1
  Number of interfaces in this area is 1
! It is a NSSA area
  Area has no authentication
  SPF algorithm last executed 11:38:13.368 ago
  SPF algorithm executed 3 times
  Area ranges are
  Number of LSA 7. Checksum Sum 0x050CF7
  Number of opaque link LSA 0. Checksum Sum 0x000000
  Number of DCbitless LSA 0
  Number of indication LSA 0
  Number of DoNotAge LSA 0
  Flood list length 0

The table below describes the significant fields shown in the show ip ospf command output.

Table 3. show ip ospf Field Descriptions

Field

Description

Routing process "ospf 1" with ID 10.1.0.3

Process ID and OSPF router ID.

Supports ...

Number of types of service supported (Type 0 only).

Summary Link update interval

Specifies summary update interval in hours:minutes:seconds, and time until next update.

External Link update interval

Specifies external update interval in hours:minutes:seconds, and time until next update.

Redistributing External Routes from

Lists of redistributed routes, by protocol.

SPF calculations

Lists start, hold, and maximum wait interval values in milliseconds.

Number of areas

Number of areas in router, area addresses, and so on.

SPF algorithm last executed

Shows the last time an SPF calculation was performed in response to topology change event records.

Link State Update Interval

Specifies router and network link-state update interval in hours:minutes:seconds, and time until next update.

Link State Age Interval

Specifies max-aged update deletion interval, and time until next database cleanup, in hours:minutes:seconds.

In the following example, the output for the show ip ospf and show ip ospf database nssa commands shows an Open Shortest Path First Not-So-Stubby Area (OSPF NSSA) area where RFC 3101 is disabled, RFC 1587 is active, and an NSSA Area Border Router (ABR) device is configured as a forced NSSA LSA translator. If RFC 3101 is disabled, the forced NSSA LSA translator remains inactive.


Device#show ip ospf

Routing Process "ospf 1" with ID 10.0.2.1
Start time: 00:00:25.512, Time elapsed: 00:01:02.200
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 1587)
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 0 normal 0 stub 1 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
Area 1
Number of interfaces in this area is 1
It is a NSSA area
Configured to translate Type-7 LSAs, inactive (RFC3101 support
disabled)
Area has no authentication
SPF algorithm last executed 00:00:07.160 ago
SPF algorithm executed 3 times
Area ranges are
Number of LSA 3. Checksum Sum 0x0245F0
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0

The table below describes the significant fields shown in the show ip ospf command output.

Table 4. show ip ospf Field Descriptions

Field

Description

Supports NSSA (compatible with RFC 1587)

Specifies that RFC 1587 is active or that the OSPF NSSA area is RFC 1587 compatible.

Configured to translate Type-7 LSAs, inactive (RFC3101 support disabled)

Specifies that OSPF NSSA area has an ABR device configured to act as a forced translator of Type 7 LSAs. However, it is inactive because RFC 3101 is disabled


Device2#show ip ospf database nssa

Router Link States (Area 1)
LS age: 28
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 10.0.2.1
Advertising Router: 10.0.2.1
LS Seq Number: 80000004
Checksum: 0x5CA2
Length: 36
Area Border Router
AS Boundary Router
Unconditional NSSA translator
Number of Links: 1
Link connected to: a Stub Network
(Link ID) Network/subnet number: 192.0.2.5
(Link Data) Network Mask: 255.255.255.0
Number of MTID metrics: 0
TOS 0 Metrics: 10

The table below describes the significant fields shown in the show ip ospf database nssa command output.

Table 5. show ip ospf database nssa Field Description

Field

Description

Unconditional NSSA translator

Specifies that NSSA ASBR device is a forced NSSA LSA translator

Additional References for OSPF Not-So-Stubby Areas (NSSA)

Related Documents

Related Topic

Document Title

OSPF commands

Cisco IOS IP Routing: OSPF Command Reference

Protocol-independent features that work with OSPF

“Configuring IP Routing Protocol-Independent Features” module in IP Routing: Protocol-Independent Configuration Guide

RFCs

RFC

Title

RFC 1587

The OSPF NSSA Option, March 1994

RFC 3101

The OSPF NSSA Option January 2003

Feature History for NSSA for OSPFv2

This table provides release and related information for the features explained in this module.

These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.

Release

Feature

Feature Information

Cisco IOS XE Gibraltar 16.11.1

NSSA for OSPFv2

OSPFv2 allows you to configure a Not-So-Stubby Area (NSSA).

Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/.