OSPF totally NSSA area is a specific area type that does not allow LSA types 3, 4, and 5. It does permit redistribution of external routes using Type 7 LSAs like NSSA areas. In other words, routers in an entire NSSA (not-so-stubby area) area accept only LSA Type 7 external and intra-area routes. Routers exchange only a limited set of LSA types: LSA Types 1 and 2, LSA Type 3 to propagate the 0.0.0.0/0 route, and LSA Type 7.
OSPF totally NSSA areas can be helpful if you need to isolate or reduce the routing information sent across your network while allowing ASBRs inside the area.
In the rest of this lesson, we will use the following network topology (Figure 1).
The routing domain consists of five routers, one EIGRP routing domain, and four normal OSPF areas, including the backbone area. Here are the initial configurations of the routers.
Router R1 | Router R2 | Router R3 | Router R4 | Router R5 |
Note that we redistributed R5’s loopback interfaces and EIGRP 12 routes into OSPF on routers R2 and R5.
How Does OSPF Totally NSSA Area Work?
OSPF totally NSSA areas deny ABRs from injecting interarea LSAs (Type 3 LSAs), ASBR summary LSAs (Type 4 LSAs), and external routes (Type 5 LSAs) into the area. Additionally, stubby routers within a totally NSSA area can not advertise external networks using Type 5 LSAs.
Each ABR in a totally NSSA area generates a default route and floods it into the area. On the other hand, ASBRs in a totally NSSA area share external networks through Type 7 LSAs. When an ABR receives a Type 7 LSA, it converts the LSA to a Type 5 LSA.
Totally NSSA areas deny LSA Types 3, 4, and 5.
At this, let’s check router R2’s LSDB, which consists of area 23’s LSAs.
R2# show ip ospf database OSPF Router with ID (2.2.2.2) (Process ID 1) Router Link States (Area 23) Link ID ADV Router Age Seq# Checksum Link count 2.2.2.2 2.2.2.2 10 0x8000000A 0x00329E 1 3.3.3.3 3.3.3.3 11 0x80000008 0x00F4D5 1 Net Link States (Area 23) Link ID ADV Router Age Seq# Checksum 10.0.23.3 3.3.3.3 11 0x80000001 0x007184 Summary Net Link States (Area 23) Link ID ADV Router Age Seq# Checksum 10.0.34.0 3.3.3.3 17 0x80000002 0x003DC5 10.0.45.0 3.3.3.3 17 0x80000002 0x00CD29 Summary ASB Link States (Area 23) Link ID ADV Router Age Seq# Checksum 5.5.5.5 3.3.3.3 17 0x80000001 0x004ECB Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 10.0.5.0 5.5.5.5 808 0x80000001 0x0097E5 0 10.0.12.0 2.2.2.2 113 0x80000001 0x00A4DD 0 10.0.50.0 5.5.5.5 808 0x80000001 0x00A6A9 0
The LSDB includes LSAs Type 1, 2, 3, 4, and 5.
We convert area 23 to an OSPF totally NSSA area using the area nssa command on router R2 and the area nssa no-summary command on router R3. The area has one stubby router, which is R2.
The following show ip ospf database command output states that R2’s area 23 LSDB consists of LSA Type 1, 2, and 7 plus a Type 3 LSA for advertising the 0.0.0.0/0 route.
R2# show ip ospf database OSPF Router with ID (2.2.2.2) (Process ID 1) Router Link States (Area 23) Link ID ADV Router Age Seq# Checksum Link count 2.2.2.2 2.2.2.2 5 0x80000006 0x00DFEE 1 3.3.3.3 3.3.3.3 56 0x80000005 0x00A61F 1 Net Link States (Area 23) Link ID ADV Router Age Seq# Checksum 10.0.23.3 3.3.3.3 52 0x80000003 0x0013DA Summary Net Link States (Area 23) Link ID ADV Router Age Seq# Checksum 0.0.0.0 3.3.3.3 83 0x80000001 0x00DE4B Type-7 AS External Link States (Area 23) Link ID ADV Router Age Seq# Checksum Tag 10.0.12.0 2.2.2.2 0 0x80000002 0x00C48F 0
Stubby routers within an OSPF totally NSSA area rely on the default route to reach networks outside the area’s routes.
Since ABRs do not inject LSA Type 3, 4, and 5 into totally NSSA areas, stubby routers may need a way to forward traffic to the networks described in those LSAs. In this case, a default route would solve this issue.
In fact, when you set up a totally NSSA area, each ABR attached to the area injected a default route into the NSSA area, as you notice in the next show ip route command output.
R2# show ip route omitted output Gateway of last resort is 10.0.23.3 to network 0.0.0.0 O*IA 0.0.0.0/0 [110/2] via 10.0.23.3, 00:00:04, GigabitEthernet0/3 10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks C 10.0.12.0/24 is directly connected, GigabitEthernet0/1 L 10.0.12.2/32 is directly connected, GigabitEthernet0/1 C 10.0.23.0/24 is directly connected, GigabitEthernet0/3 L 10.0.23.2/32 is directly connected, GigabitEthernet0/3
OSPF totally NSSA area allows route redistribution.
Unlike stub and totally stubby areas, OSPF totally NSSA areas allow stubby routers to redistribute external routes into the area. For example, in the initial configuration of router R2, we redistribute EIGRP 12 into OSPF.
After converting area 23 to a totally NSSA area, R2 still advertises the EIGRP route into OSPF but this time using a Type 7 LSA, as stated in the next show ip ospf database nssa-external command output.
R2# show ip ospf database nssa-external OSPF Router with ID (2.2.2.2) (Process ID 1) Type-7 AS External Link States (Area 23) LS age: 378 Options: (No TOS-capability, Type 7/5 translation, DC, Upward) LS Type: AS External Link Link State ID: 10.0.12.0 (External Network Number ) Advertising Router: 2.2.2.2 LS Seq Number: 80000001 Checksum: 0xC68E Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) MTID: 0 Metric: 20 Forward Address: 10.0.23.2 External Route Tag: 0
OSPF totally NSSA area’s ABRs covert type 7 LSAs into type 5 LSAs in order to flood the area’s external routes into normal areas.
ABRs connected to OSPF totally NSSA areas advertise LSA Type 7 routes using LSAs Type 5. For example, subnet 10.0.12.0/24 appears on the LSDBs of routers R4, and R5 with an LSA Type 5.
Router R4
R4# show ip ospf database external 10.0.12.0 OSPF Router with ID (4.4.4.4) (Process ID 1) Type-5 AS External Link States LS age: 681 Options: (No TOS-capability, DC, Upward) LS Type: AS External Link Link State ID: 10.0.12.0 (External Network Number ) Advertising Router: 3.3.3.3 LS Seq Number: 80000001 Checksum: 0x3D1E Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) MTID: 0 Metric: 20 Forward Address: 10.0.23.2 External Route Tag: 0
Router R5
R5# show ip ospf database external 10.0.12.0 OSPF Router with ID (5.5.5.5) (Process ID 1) Type-5 AS External Link States LS age: 697 Options: (No TOS-capability, DC, Upward) LS Type: AS External Link Link State ID: 10.0.12.0 (External Network Number ) Advertising Router: 3.3.3.3 LS Seq Number: 80000001 Checksum: 0x3D1E Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) MTID: 0 Metric: 20 Forward Address: 10.0.23.2 External Route Tag: 0
On router R3’s LSDB, the 10.0.12.0/24 network appears with both a type 7 LSA and a type 5 LSA, as you can see in the show ip ospf database command output.
R3# show ip ospf database OSPF Router with ID (3.3.3.3) (Process ID 1) omitted output Router Link States (Area 23) Link ID ADV Router Age Seq# Checksum Link count 2.2.2.2 2.2.2.2 907 0x8000000C 0x00D3F4 1 3.3.3.3 3.3.3.3 905 0x8000000A 0x009C24 1 Net Link States (Area 23) Link ID ADV Router Age Seq# Checksum 10.0.23.3 3.3.3.3 905 0x80000003 0x0013DA Summary Net Link States (Area 23) Link ID ADV Router Age Seq# Checksum 0.0.0.0 3.3.3.3 911 0x80000001 0x00DE4B Type-7 AS External Link States (Area 23) Link ID ADV Router Age Seq# Checksum Tag 10.0.12.0 2.2.2.2 922 0x80000001 0x00C68E 0 Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 10.0.5.0 5.5.5.5 278 0x80000002 0x0095E6 0 10.0.12.0 3.3.3.3 900 0x80000001 0x003D1E 0 10.0.50.0 5.5.5.5 278 0x80000002 0x00A4AA 0
How to Configure an OSPF Totally NSSA Area on Cisco IOS?
Creating an OSPF totally NSSA area is an easy task. The area number nssa no-summary command allows configuring a totally NSSA area, where number is the identifier of the totally NSSA area. You can also use the command to prevent injecting redistributed routes in the area, originate an OSPF default route using an LSA Type 7, and limit the propagation of the LSA Type 7 redistributed route to the area.
Basic OSPF Totally NSSA Area Configuration
This example converts area 23 to a totally NSSA area.
Router R2
R2(config)# router ospf 1 R2(config-router)# area 23 nssa no-summary
Router R3
R3(config)# router ospf 1 R3(config-router)# area 23 nssa no-summary
To verify our configuration, we first check that OSPF is considering the area as NSSA.
R2# show ip ospf Routing Process "ospf 1" with ID 2.2.2.2 omitted output Reference bandwidth unit is 100 mbps Area 23 Number of interfaces in this area is 1 It is a NSSA area Area has no authentication SPF algorithm last executed 00:00:19.286 ago SPF algorithm executed 6 times Area ranges are Number of LSA 5. Checksum Sum 0x0338C3 Number of opaque link LSA 0. Checksum Sum 0x000000 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0
Second, we display the routing table of stubby router R2 to check if it gets a default route from ABR R3.
R2# show ip route omitted output Gateway of last resort is 10.0.23.3 to network 0.0.0.0 O*IA 0.0.0.0/0 [110/2] via 10.0.23.3, 00:08:48, GigabitEthernet0/3 10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks C 10.0.12.0/24 is directly connected, GigabitEthernet0/1 L 10.0.12.2/32 is directly connected, GigabitEthernet0/1 C 10.0.23.0/24 is directly connected, GigabitEthernet0/3 L 10.0.23.2/32 is directly connected, GigabitEthernet0/3
Third, we display R2’s LSDB to check that the redistributed route from EIGRP is advertised using a type 7 LSA.
R2# show ip ospf database nssa-external OSPF Router with ID (2.2.2.2) (Process ID 1) Type-7 AS External Link States (Area 23) LS age: 649 Options: (No TOS-capability, Type 7/5 translation, DC, Upward) LS Type: AS External Link Link State ID: 10.0.12.0 (External Network Number ) Advertising Router: 2.2.2.2 LS Seq Number: 80000001 Checksum: 0xC68E Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) MTID: 0 Metric: 20 Forward Address: 10.0.23.2 External Route Tag: 0
Deny Redistributed Routes from Injected into a Totally NSSA Area
Suppose you want to import external routes into normal areas but not into a totally NSSA area. If the redistributing router is outside the area, we don’t have anything to do in order to achieve this goal because those routes would get flooded to one of the area’s ABRs using LSAs Type 5, and thus cannot get flooded into the area.
If the redistributing router is one of the area’s ABRs, use the area number nssa no-summary no-redistribution command allows configuring a totally NSSA area, where number is the identifier of the totally NSSA area.
In this example, we add a loopback interface with IP address 10.0.3.3/24 to router R3, redistribute the interface into OSPF, and prohibit OSPF from injecting subnet 10.0.3.0/24 into area 23, which is a totally NSSA area.
R3(config)# interface loopback 0
R3(config-if)# ip address 10.0.3.3 255.255.255.0
R3(config-if)# exit
R3(config)#
R3(config)# router ospf 1
R3(config-router)# redistribute connected subnets
R3(config-router)# area 23 nssa no-redistribution
R2 did not learn subnet 10.0.3.0/24, as indicated in the show ip route ospf command output below.
R2# show ip route ospf omitted output Gateway of last resort is 10.0.23.3 to network 0.0.0.0 O*IA 0.0.0.0/0 [110/2] via 10.0.23.3, 00:01:57, GigabitEthernet0/3
However, routers in area 0 and area 45 receive an LSA Type 5 generated by router R3 that advertises external subnet 10.0.3.0/24, as you can see in the following show ip ospf database external command output.
Router R4
R4# show ip ospf database external 10.0.3.0 OSPF Router with ID (4.4.4.4) (Process ID 1) Type-5 AS External Link States LS age: 403 Options: (No TOS-capability, DC, Upward) LS Type: AS External Link Link State ID: 10.0.3.0 (External Network Number ) Advertising Router: 3.3.3.3 LS Seq Number: 80000001 Checksum: 0xE99D Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) MTID: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0
Router R5
R5# show ip ospf database external 10.0.3.0 OSPF Router with ID (5.5.5.5) (Process ID 1) Type-5 AS External Link States LS age: 443 Options: (No TOS-capability, DC, Upward) LS Type: AS External Link Link State ID: 10.0.3.0 (External Network Number ) Advertising Router: 3.3.3.3 LS Seq Number: 80000001 Checksum: 0xE99D Length: 36 Network Mask: /24 Metric Type: 2 (Larger than any link state path) MTID: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0
Related Lessons to OSPF Totally NSSA Area
- OSPF
- OSPF Router ID
- OSPF Null Authentication
- OSPF Plain Text Authentication
- OSPF Default Route
- Basic OSPF Configuration Lab for CCNA
- OSPF Configuration
- OSPF Passive Interface
- OSPF Virtual Link
- OSPF Stub Area
- OSPF LSA Types
- OSPF Graceful Restart
- OSPF Totally Stubby Area
- OSPF Reference Bandwidth
- OSPF Cost
- OSPF DR/BDR Election
- OSPF Hello and Dead Interval
- OSPF Metric
- OSPF MD5 Authentication
- OSPF HMAC-SHA Cryptographic Authentication
- OSPF Multi-Area
- OSPF TTL Security Check
- OSPF Graceful Shutdown
- Route Redistribution between OSPF and RIP
- OSPF Network Types
- OSPF Totally NSSA Area
- OSPF NSSA Area
- OSPF Summarization
- OSPF Route Filtering
- OSPF Type 5 LSA Filtering
- OSPF ABR Type 3 LSA Filtering
- OSPF Prefix Suppression
- OSPF Path Selection
- OSPF LSA Throttling
- OSPF SPF Throttling
- OSPF Incremental SPF
- OSPF Non-Broadcast Network Type
- OSPF Point-to-Point Network Type
- OSPF Broadcast Network Type
- OSPF Point-to-Multipoint Network Type
- OSPF vs RIP
- OSPF LSA Group Pacing
- OSPF LSA Flood Pacing
- OSPF LSA Retransmission Pacing
- Troubleshooting OSPF Neighbor Adjacency
- Troubleshooting OSPF Route Installation
- Troubleshooting OSPF Route Advertisement
- OSPF Stub Router
Conclusion
I hope this blog post helps you learn something.
Now I’d like to turn it over to you:
What did you like about this tutorial?
Or maybe you have an excellent idea that you think I need to add.
Either way, let me know by leaving a comment below right now.