OSPF totally NSSA area is a specific area type that does not allow LSA types 3, 4, and 5. It does permit redistribution of external routes using Type 7 LSAs like NSSA areas. In other words, routers in an entire NSSA (not-so-stubby area) area accept only LSA Type 7 external and intra-area routes. Routers exchange only a limited set of LSA types: LSA Types 1 and 2, LSA Type 3 to propagate the 0.0.0.0/0 route, and LSA Type 7.

OSPF totally NSSA areas can be helpful if you need to isolate or reduce the routing information sent across your network while allowing ASBRs inside the area.

In the rest of this lesson, we will use the following network topology (Figure 1).

The routing domain consists of five routers, one EIGRP routing domain, and four normal OSPF areas, including the backbone area. Here are the initial configurations of the routers.

Router R1 Router R2 Router R3 Router R4 Router R5

Note that we redistributed R5’s loopback interfaces and EIGRP 12 routes into OSPF on routers R2 and R5.

How Does OSPF Totally NSSA Area Work?

OSPF totally NSSA areas deny ABRs from injecting interarea LSAs (Type 3 LSAs), ASBR summary LSAs (Type 4 LSAs), and external routes (Type 5 LSAs) into the area. Additionally, stubby routers within a totally NSSA area can not advertise external networks using Type 5 LSAs.

Each ABR in a totally NSSA area generates a default route and floods it into the area. On the other hand, ASBRs in a totally NSSA area share external networks through Type 7 LSAs. When an ABR receives a Type 7 LSA, it converts the LSA to a Type 5 LSA.

Totally NSSA areas deny LSA Types 3, 4, and 5.

At this, let’s check router R2’s LSDB, which consists of area 23’s LSAs.

R2# show ip ospf database

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Router Link States (Area 23)

Link ID         ADV Router      Age         Seq#       Checksum Link count
2.2.2.2         2.2.2.2         10          0x8000000A 0x00329E 1
3.3.3.3         3.3.3.3         11          0x80000008 0x00F4D5 1

                Net Link States (Area 23)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.23.3       3.3.3.3         11          0x80000001 0x007184

                Summary Net Link States (Area 23)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.34.0       3.3.3.3         17          0x80000002 0x003DC5
10.0.45.0       3.3.3.3         17          0x80000002 0x00CD29

                Summary ASB Link States (Area 23)

Link ID         ADV Router      Age         Seq#       Checksum
5.5.5.5         3.3.3.3         17          0x80000001 0x004ECB

                Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
10.0.5.0        5.5.5.5         808         0x80000001 0x0097E5 0
10.0.12.0       2.2.2.2         113         0x80000001 0x00A4DD 0
10.0.50.0       5.5.5.5         808         0x80000001 0x00A6A9 0

The LSDB includes LSAs Type 1, 2, 3, 4, and 5.

We convert area 23 to an OSPF totally NSSA area using the area nssa command on router R2 and the area nssa no-summary command on router R3. The area has one stubby router, which is R2.

The following show ip ospf database command output states that R2’s area 23 LSDB consists of LSA Type 1, 2, and 7 plus a Type 3 LSA for advertising the 0.0.0.0/0 route.

R2# show ip ospf database

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Router Link States (Area 23)

Link ID         ADV Router      Age         Seq#       Checksum Link count
2.2.2.2         2.2.2.2         5           0x80000006 0x00DFEE 1
3.3.3.3         3.3.3.3         56          0x80000005 0x00A61F 1

                Net Link States (Area 23)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.23.3       3.3.3.3         52          0x80000003 0x0013DA

                Summary Net Link States (Area 23)

Link ID         ADV Router      Age         Seq#       Checksum
0.0.0.0         3.3.3.3         83          0x80000001 0x00DE4B

                Type-7 AS External Link States (Area 23)

Link ID         ADV Router      Age         Seq#       Checksum Tag
10.0.12.0       2.2.2.2         0           0x80000002 0x00C48F 0

Stubby routers within an OSPF totally NSSA area rely on the default route to reach networks outside the area’s routes.

Since ABRs do not inject LSA Type 3, 4, and 5 into totally NSSA areas, stubby routers may need a way to forward traffic to the networks described in those LSAs. In this case, a default route would solve this issue.

In fact, when you set up a totally NSSA area, each ABR attached to the area injected a default route into the NSSA area, as you notice in the next show ip route command output.

R2# show ip route

omitted output

Gateway of last resort is 10.0.23.3 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 10.0.23.3, 00:00:04, GigabitEthernet0/3
      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.0.12.0/24 is directly connected, GigabitEthernet0/1
L        10.0.12.2/32 is directly connected, GigabitEthernet0/1
C        10.0.23.0/24 is directly connected, GigabitEthernet0/3
L        10.0.23.2/32 is directly connected, GigabitEthernet0/3

OSPF totally NSSA area allows route redistribution.

Unlike stub and totally stubby areas, OSPF totally NSSA areas allow stubby routers to redistribute external routes into the area. For example, in the initial configuration of router R2, we redistribute EIGRP 12 into OSPF.

After converting area 23 to a totally NSSA area, R2 still advertises the EIGRP route into OSPF but this time using a Type 7 LSA, as stated in the next show ip ospf database nssa-external command output.

R2# show ip ospf database nssa-external

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Type-7 AS External Link States (Area 23)

  LS age: 378
  Options: (No TOS-capability, Type 7/5 translation, DC, Upward)
  LS Type: AS External Link
  Link State ID: 10.0.12.0 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000001
  Checksum: 0xC68E
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0 
        Metric: 20 
        Forward Address: 10.0.23.2
        External Route Tag: 0

OSPF totally NSSA area’s ABRs covert type 7 LSAs into type 5  LSAs in order to flood the area’s external routes into normal areas.

ABRs connected to OSPF totally NSSA areas advertise LSA Type 7 routes using LSAs Type 5. For example, subnet 10.0.12.0/24 appears on the LSDBs of routers R4, and R5 with an LSA Type 5.

Router R4

R4# show ip ospf database external 10.0.12.0

            OSPF Router with ID (4.4.4.4) (Process ID 1)

                Type-5 AS External Link States

  LS age: 681
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 10.0.12.0 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000001
  Checksum: 0x3D1E
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0 
        Metric: 20 
        Forward Address: 10.0.23.2
        External Route Tag: 0

Router R5

R5# show ip ospf database external 10.0.12.0

            OSPF Router with ID (5.5.5.5) (Process ID 1)

                Type-5 AS External Link States

  LS age: 697
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 10.0.12.0 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000001
  Checksum: 0x3D1E
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0 
        Metric: 20 
        Forward Address: 10.0.23.2
        External Route Tag: 0

On router R3’s LSDB, the 10.0.12.0/24 network appears with both a type 7 LSA and a type 5 LSA, as you can see in the show ip ospf database command output.

R3# show ip ospf database

            OSPF Router with ID (3.3.3.3) (Process ID 1)

omitted output

                Router Link States (Area 23)

Link ID         ADV Router      Age         Seq#       Checksum Link count
2.2.2.2         2.2.2.2         907         0x8000000C 0x00D3F4 1
3.3.3.3         3.3.3.3         905         0x8000000A 0x009C24 1

                Net Link States (Area 23)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.23.3       3.3.3.3         905         0x80000003 0x0013DA

                Summary Net Link States (Area 23)

Link ID         ADV Router      Age         Seq#       Checksum
0.0.0.0         3.3.3.3         911         0x80000001 0x00DE4B

                Type-7 AS External Link States (Area 23)

Link ID         ADV Router      Age         Seq#       Checksum Tag
10.0.12.0       2.2.2.2         922         0x80000001 0x00C68E 0

                Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
10.0.5.0        5.5.5.5         278         0x80000002 0x0095E6 0
10.0.12.0       3.3.3.3         900         0x80000001 0x003D1E 0
10.0.50.0       5.5.5.5         278         0x80000002 0x00A4AA 0

How to Configure an OSPF Totally NSSA Area on Cisco IOS?

Creating an OSPF totally NSSA area is an easy task. The area number nssa no-summary command allows configuring a totally NSSA area, where number is the identifier of the totally NSSA area. You can also use the command to prevent injecting redistributed routes in the area, originate an OSPF default route using an LSA Type 7, and limit the propagation of the LSA Type 7 redistributed route to the area.

Basic OSPF Totally NSSA Area Configuration

This example converts area 23 to a totally NSSA area.

Router R2

R2(config)# router ospf 1
R2(config-router)# area 23 nssa no-summary

Router R3

R3(config)# router ospf 1
R3(config-router)# area 23 nssa no-summary

To verify our configuration, we first check that OSPF is considering the area as NSSA.

R2# show ip ospf
 Routing Process "ospf 1" with ID 2.2.2.2

 omitted output 
 Reference bandwidth unit is 100 mbps
    Area 23
        Number of interfaces in this area is 1
        It is a NSSA area
        Area has no authentication
        SPF algorithm last executed 00:00:19.286 ago
        SPF algorithm executed 6 times
        Area ranges are
        Number of LSA 5. Checksum Sum 0x0338C3
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

Second, we display the routing table of stubby router R2 to check if it gets a default route from ABR R3.

R2# show ip route


omitted output

Gateway of last resort is 10.0.23.3 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 10.0.23.3, 00:08:48, GigabitEthernet0/3
      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.0.12.0/24 is directly connected, GigabitEthernet0/1
L        10.0.12.2/32 is directly connected, GigabitEthernet0/1
C        10.0.23.0/24 is directly connected, GigabitEthernet0/3
L        10.0.23.2/32 is directly connected, GigabitEthernet0/3

Third, we display R2’s LSDB to check that the redistributed route from EIGRP is advertised using a type 7 LSA.

R2# show ip ospf database nssa-external

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Type-7 AS External Link States (Area 23)

  LS age: 649
  Options: (No TOS-capability, Type 7/5 translation, DC, Upward)
  LS Type: AS External Link
  Link State ID: 10.0.12.0 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000001
  Checksum: 0xC68E
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0 
        Metric: 20 
        Forward Address: 10.0.23.2
        External Route Tag: 0

Deny Redistributed Routes from Injected into a Totally NSSA Area

Suppose you want to import external routes into normal areas but not into a totally NSSA area. If the redistributing router is outside the area, we don’t have anything to do in order to achieve this goal because those routes would get flooded to one of the area’s ABRs using LSAs Type 5, and thus cannot get flooded into the area.

If the redistributing router is one of the area’s ABRs, use the area number nssa no-summary no-redistribution command allows configuring a totally NSSA area, where number is the identifier of the totally NSSA area.

In this example, we add a loopback interface with IP address 10.0.3.3/24 to router R3, redistribute the interface into OSPF, and prohibit OSPF from injecting subnet 10.0.3.0/24 into area 23, which is a totally NSSA area.

R3(config)# interface loopback 0
R3(config-if)# ip address 10.0.3.3 255.255.255.0
R3(config-if)# exit
R3(config)# 
R3(config)# router ospf 1
R3(config-router)# redistribute connected subnets
R3(config-router)# area 23 nssa no-redistribution

R2 did not learn subnet 10.0.3.0/24, as indicated in the show ip route ospf command output below.

R2# show ip route ospf


omitted output

Gateway of last resort is 10.0.23.3 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 10.0.23.3, 00:01:57, GigabitEthernet0/3

However, routers in area 0 and area 45 receive an LSA Type 5 generated by router R3 that advertises external subnet 10.0.3.0/24, as you can see in the following show ip ospf database external command output.

Router R4

R4# show ip ospf database external 10.0.3.0

            OSPF Router with ID (4.4.4.4) (Process ID 1)

                Type-5 AS External Link States

  LS age: 403
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 10.0.3.0 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000001
  Checksum: 0xE99D
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0 
        Metric: 20 
        Forward Address: 0.0.0.0
        External Route Tag: 0

Router R5

R5# show ip ospf database external 10.0.3.0

            OSPF Router with ID (5.5.5.5) (Process ID 1)

                Type-5 AS External Link States

  LS age: 443
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 10.0.3.0 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000001
  Checksum: 0xE99D
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0 
        Metric: 20 
        Forward Address: 0.0.0.0
        External Route Tag: 0

Related Lessons to OSPF Totally NSSA Area

Conclusion

I hope this blog post helps you learn something.
Now I’d like to turn it over to you:
What did you like about this tutorial?
Or maybe you have an excellent idea that you think I need to add.
Either way, let me know by leaving a comment below right now.

Mohamed Ouamer
Mohamed Ouamer is a computer science teacher and a self-published author. He taught networking technologies and programming for more than fifteen years. While he loves to share knowledge and write, Mohamed's best passions include spending time with his family, visiting his parents, and learning new things.