Today we’ll go over Not So Stubby Areas (NSSA). We will be using a slightly different topology here, we will make R4 an ASBR with a connection to the internet.

Quick refresher, OSPF NSSAs have inter and intra-area routes (Type 2 and Type 3 LSAs) and also external routes in the form of Type 7 LSAs, which are converted to Type 5 LSAs by the ABR.
(For more detailed information on LSAs and Area Types, check out this post.)

Here’s the topology:

I’m not going through the basic OSPF config, so assume everything is configured as the diagram suggests. I’ve also redistributed loopbacks on each router (“redistribute connected subnets” under the OSPF process) to give us some external routes, and I added 34.34.34.34/32 to Area 34 so we have an intra-area route to look at. I’ve also added a static default route on R4 which I’m injecting into OSPF with the “default-information originate” command. Let’s look at some show commands BEFORE we make area 34 an NSSA:

First we’ll check out “sh ip route ospf” on R3:

R3#sh ip route ospf
     1.0.0.0/32 is subnetted, 1 subnets
O E2    1.1.1.1 [110/20] via 10.1.123.1, 00:03:42, FastEthernet0/0
     2.0.0.0/32 is subnetted, 1 subnets
O E2    2.2.2.2 [110/20] via 10.1.123.2, 00:03:42, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O E2    4.4.4.4 [110/20] via 10.1.34.4, 00:04:22, Serial0/0
O*E2 0.0.0.0/0 [110/1] via 10.1.34.4, 00:03:59, Serial0/0

Here we see all the loopbacks and the default come through as external type 2, which is the default.

Now let’s check out the RIB on R4:

R4#sh ip route
     34.0.0.0/32 is subnetted, 1 subnets
O       34.34.34.34 [110/65] via 10.1.34.3, 00:06:39, Serial0/0
     1.0.0.0/32 is subnetted, 1 subnets
O E2    1.1.1.1 [110/20] via 10.1.34.3, 00:06:02, Serial0/0
     2.0.0.0/32 is subnetted, 1 subnets
O E2    2.2.2.2 [110/20] via 10.1.34.3, 00:06:02, Serial0/0
     3.0.0.0/32 is subnetted, 1 subnets
O E2    3.3.3.3 [110/20] via 10.1.34.3, 00:06:39, Serial0/0
     4.0.0.0/32 is subnetted, 1 subnets
C       4.4.4.4 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.34.0 is directly connected, Serial0/0
O IA    10.1.123.0 [110/74] via 10.1.34.3, 00:06:39, Serial0/0
S*   0.0.0.0/0 is directly connected, Null0

We see one intra-area route (O – LSA 2) to 34.34.34.34/32, one inter-area route (O IA – LSA 3) to 10.1.123.0/23 and three external type 2 (O E2 – LSA 5) routes to the respective loopbacks. Also notice the static default to null0, which we’re injecting into the OSPF domain.

Now we’ll configure area 34 as an NSSA:

R3(config)#router ospf 100
R3(config-router)#area 34 nssa
 
R4(config)#router ospf 100
R4(config-router)#no default-information originate
R4(config-router)#area 34 nssa default-information-originate

Pretty basic config, we configure area 34 as NSSA on R3 (ABR), then we remove the “default-information originate” command from R4 (ASBR) and use “area 34 nssa default-information-originate” to change the area to an NSSA and inject the default route.

Let’s examine the new RIB on R4:

R4#sh ip route ospf
     34.0.0.0/32 is subnetted, 1 subnets
O       34.34.34.34 [110/65] via 10.1.34.3, 00:02:56, Serial0/0
     3.0.0.0/32 is subnetted, 1 subnets
O N2    3.3.3.3 [110/20] via 10.1.34.3, 00:02:56, Serial0/0
     10.0.0.0/24 is subnetted, 2 subnets
O IA    10.1.123.0 [110/74] via 10.1.34.3, 00:02:56, Serial0/0

We see some cool stuff here, our O and IA routes are still present, but we also have an N2 (LSA 7) route now for R3′s loopback, which is being redistributed.

Here’s R4′s OSPF Database:

R4#sh ip ospf d
            OSPF Router with ID (4.4.4.4) (Process ID 100)
 
                Router Link States (Area 34)
Link ID         ADV Router      Age         Seq#       Checksum Link count
3.3.3.3         3.3.3.3         300         0x80000005 0x00A3D4 3
4.4.4.4         4.4.4.4         299         0x80000004 0x002FDF 2
 
                Summary Net Link States (Area 34)
Link ID         ADV Router      Age         Seq#       Checksum
10.1.123.0      3.3.3.3         492         0x80000002 0x005A3F
 
                Type-7 AS External Link States (Area 34)
Link ID         ADV Router      Age         Seq#       Checksum Tag
0.0.0.0         4.4.4.4         304         0x80000001 0x008ADD 0
3.3.3.3         3.3.3.3         491         0x80000001 0x00E69F 0
4.4.4.4         4.4.4.4         304         0x80000001 0x0090B4 0

First we see the router LSAs for R3 and R4, which are normal. Next we see the Type 3 LSA for 10.1.123.0 and finally we see three Type 7 LSAs, one for each external network injected into area 34.

Last we’ll look at R1′s RIB so we can get a full picture of how NSSAs affect OSPF domains:

R1#sh ip route ospf
     34.0.0.0/32 is subnetted, 1 subnets
O IA    34.34.34.34 [110/11] via 10.1.123.3, 00:20:46, FastEthernet0/0
     2.0.0.0/32 is subnetted, 1 subnets
O E2    2.2.2.2 [110/20] via 10.1.123.2, 00:22:14, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
O E2    3.3.3.3 [110/20] via 10.1.123.3, 00:20:46, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O E2    4.4.4.4 [110/20] via 10.1.123.3, 00:08:16, FastEthernet0/0
     10.0.0.0/24 is subnetted, 2 subnets
O IA    10.1.34.0 [110/74] via 10.1.123.3, 00:20:46, FastEthernet0/0
O*E2 0.0.0.0/0 [110/1] via 10.1.123.3, 00:08:16, FastEthernet0/0

The table looks normal. The important thing to note here is that the external routes from R4 are showing up as O E2 (LSA 5s), which we know is caused by R3 converting them from the Type 7s which only exist in NSSAs to Type 5s, which are allowed in normal areas.

NSSAs are interesting, I’ve never seen one used in production, but I can see how they may be needed in some situations. The key concepts are simply that LSA Type 5s are not allowed in NSSA, external routes originated in the NSSA will show as N (LSA 7s) in the RIB and are converted to Type 5s on the ABR before leaving the area.

Colby

Colby Glass has been in IT since 2002. He is currently a Systems Engineer (presales) with a Cisco Gold partner and holds the CCNP R/S, CCNP DC, CCDP, CCIP, JNCIA-ER.

More Posts