When an NSSA ABR originates a Type-7 default route, the P-bit must be cleared in order to tell to other NSSAs ABR : don’t translate this LSA 7 and don’t install it in the routing table. This P-bit is used as routing loop prevention mechanism. “An ABR, it does not accept type-7 LSA without P-bit, in order to avoid routing loops.”
RFC 3101 and RFC 1587 say that a Type-7 default route originated by an NSSA ABR must have P-bit cleared or reset.
RFC 3101 section 2.4 Originating Type-7 LSAs
A Type-7 default LSA for the network 0.0.0.0/0 may be originated into
the NSSA by any NSSA router. The Type-7 default LSA originated by an
NSSA border router must have the P-bit clear. An NSSA ASBR that is
not an NSSA border router may originate a Type-7 default LSA with the
P-bit set. A Type-7 default LSA may be installed by NSSA border
routers if and only if its P-bit is set.
RFC 1587 section 3.4 Originating Type-7 LSAs
A type-7 default route (network 0.0.0.0) may be originated into the
NSSA by an NSSA area border router or by an NSSA AS boundary router
which is internal to the NSSA. The type-7 default route originated
by the NSSA area border router must have the P-bit reset so that the
default route originated by the NSSA area border router will not find
its way out of the NSSA into the rest of the AS system via another
NSSA area border router. The type-7 default route originated by an
NSSA AS boundary router which is not an NSSA area border router may
have the P-bit set. Type-7 routes which are originated by the NSSA
area border router will not get added to other NSSA area border
router’s routing table.
Now How OSPF forms a loop if the P bit is not cleared by ABR in the Type-7 default route.
In this topology let’s imagine the P-bit is set in the Type-7 default route.
- R1 learns an external prefix 1.1.1.0/24 and injects it into OSPF.
- ABR-1 and ABR-2 inject a Type-7 default route with P-bit set .
- ABR-1 will translate the Type-7 ‘s ABR-2 and vice versa.
- R1 will receive two Type-5 default from ABR-1 and ABR-2 and installs load balancing.
- ABR-1 is facing to two choices, either a Type-7 learned via area 1 or Type-5 learned through area 1, with the default RFC 3101 it prefers the Type-7 and installs a default route through ASBR. The same thing for ABR-2.
- the ASBR located in area 1 will use a default routes load balancing (Type-7) learned from ABR-1 and ABR-2.
Now assume R1 loses the external route to 1.1.1.0/24, the ASBR needs to send a packet to 1.1.1.1.
With RFC 3101 enabled : ABR-1 and ABR-2 receives this packet and will use the default route through ASBR and so on. The loop will occur between ABRs and the ASBR.
With RFC 1587 enabled : ABR-1 and ABR-2 receives this packet and will use the default route through R1 to send the packet to 1.1.1.1, R1 has already a default routes load balancing via ABR-1 and ABR-2 and so on. The loop will occur between R1 and the ASBR.
This is why the P-bit must be cleared when an ABR generates a Type-7 default route.
Demystify and Simplify 