Posted on

Why an NSSA ABR does not inject a default route automatically?

A lot engineers learns especially in CCNP course that in Stub area , an ABR injects automatically a Type-3 default route when executing the area x stub command while in NSSA ares , the ABR does not inject a default route automatically when using the area x nssa command , but it should be done by adding the no-summary keyword, or the default-information originate, the question is why the developpers of OSPF decide that an ABR is free to inject a default route in a stub area while in NSSA the ABR is not able to inject a default route unless you explicitely and manually instruct it to do this action, in this topology you will learn why this difference between stub area and NSSA area.

In this topology if an ASBR inject a default route into OSPF in order to permit internal ospf routers to reach another routing domain, it creates a Type-7 LSA default route and injects it into OSPF, if an NSSA ABR is designated to inject a Type-3 LSA default route automatically, an internal router in NSSA, R3 in this case will prefer a Type-3 LSA default over a Type-7 default according to the rule of OSPF path preference per RFC, as a result R3 will never reach 5.5.5.0/24, this is the reason why unlike with stub area, in NSSA area by default an ABR does not inject a default.route, giving a choice to inject a default route manually.

R4(config)#ip route 0.0.0.0 0.0.0.0 s1/0

R4(config)#router ospf 1

R4(config-router)#area 1 nssa default-information-originate

The routing table of R3 shown an ON2 default route (Type-7 LSA):

R3#show ip route osp | beg Gate

Gateway of last resort is 100.0.0.4 to network 0.0.0.0

O*N2 0.0.0.0/0 [110/1] via 100.0.0.4, 00:01:08, FastEthernet0/0

     1.0.0.0/24 is subnetted, 1 subnets

O IA    1.1.1.0 [110/3] via 100.0.0.2, 00:04:49, FastEthernet0/0

     12.0.0.0/24 is subnetted, 1 subnets

O IA    12.0.0.0 [110/2] via 100.0.0.2, 00:04:49, FastEthernet0/0

R3#

The ping is successfull:

R3#ping 5.5.5.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 96/116/136 ms

R3#

Let’s inject a Type-3 LSA Default route on NSSA ABR R2:

R2(config)#router ospf 1

R2(config-router)#area 1 nssa no-summary

Let’s verify the routing table of R3, indeed the Type-3 default route through R2 is installed:

R3#show ip route osp | beg Gate

Gateway of last resort is 100.0.0.2 to network 0.0.0.0

O*IA 0.0.0.0/0 [110/2] via 100.0.0.2, 00:00:21, FastEthernet0/0

R3#

The ping fails:

R3#ping 5.5.5.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:

UUUUU

Success rate is 0 percent (0/5)

R3#

If an NSSA ASBR originates a default route into the OSPF in order to reach an external domain, the default route is injected as a Type 7 NSSA External LSA. If at the same time the NSSA ABR connecting that NSSA to Area 0 is generating a default route via a Type 3 Summary LSA, what happens?

 Since Inter-Area (Type 3 LSA) MUST be preferred over NSSA External (Type 7) per the RFC, it would mean that you could never default out toward the external domain in that area because the OSPF default route via the NSSA ABR would always be preferred. This is what would be considered “Cold Potato Routing” because you are defaulting further into your network as opposed to defaulting towards an external exit point.

RFC 3101 says in section: 1.3 Proposed Solution

When summary routes are not imported into an NSSA, the default LSA

  originated into it by its border routers must be a Type-3 summary-

  LSA. This default summary-LSA insures intra-AS connectivity to the

  rest of the OSPF domain, as its default summary route is preferred

  over the default route of a Type-7 default LSA. Without a default

  summary route the OSPF domain’s inter-area traffic, which is normally

  forwarded by summary routes, might exit the AS via the default route

  of a Type-7 default LSA originated by an NSSA internal router. The

  Type-7 default LSAs originated by NSSA internal routers and the no-

  summary option are mutually exclusive features. When summary routes

  are imported into the NSSA, the default LSA originated by a NSSA

  border router into the NSSA should be a Type-7 LSA.

 The solution for this problem then is for an NSSA area, tell the NSSA ABR not auto automatically originate the default route as Type 3 LSA into the NSSA. This gives you the choice to prefer the default route from a redistributed source, which would mean you are trying to achieve “Hot Potato Routing”. The recommended default behavior is to import summary routes into NSSA as describe in RFC 3101, see the following section below:

Like stub areas, NSSA border routers optionally import summary routes

  into their NSSAs as Type-3 summary-LSAs. If the import is disabled,

  particular care should be taken to ensure that summary routing is not

  obscured by an NSSA’s Type-7 AS-external-LSAs. This may happen when

  the AS’s other IGPs, like RIP and ISIS, leak routing information into

  the NSSA. In these cases all summary routes should be imported into

  the NSSA. The recommended default behavior is to import summary

  routes into NSSAs. Since Type-5 AS-external-LSAs are not flooded

  into NSSAs, NSSA border routers should not originate Type-4 summary-

  LSAs into their NSSAs. Also an NSSA’s border routers never originate

  Type-4 summary-LSAs for the NSSA’s AS boundary routers, since Type-7

  AS-external-LSAs are never flooded beyond the NSSA’s border.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s