Re: OSPF NSSA forwarding address suppression

From: Nick Griffin (nick.jon.griffin@gmail.com)
Date: Sun Dec 31 2006 - 15:50:51 ART

• Next message: postmaster@traknet.com: "Delivery Status Notification (Failure)"
• Previous message: anthony.sequeira@thomson.com: "CCIE Recertification Question of the Week - DEC2906"
• Maybe in reply to: ccie anees: "OSPF NSSA forwarding address suppression"
• Next in thread: ccie anees: "Re: OSPF NSSA forwarding address suppression"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Good demo Victor. So in short, if you do not know about the forwarding
address (192.168.24.2, above), possibly because of lsa type 3 filtering, you
can suppress the FA, this results in the FA being 0.0.0.0 which forces the
use of the ASBR to reach the destination in question.

On 12/30/06, Victor Cappuccio <vcappuccio@desca.com> wrote:
>
> If I may add
>
> SW1#show ip ospf database external 2.2.2.0
>
> OSPF Router with ID (9.9.9.9) (Process ID 1)
>
> Type-5 AS External Link States
>
> Routing Bit Set on this LSA
> LS age: 58
> Options: (No TOS-capability, DC)
> LS Type: AS External Link
> Link State ID: 2.2.2.0 (External Network Number )
> Advertising Router: 4.4.4.4
> LS Seq Number: 80000001
> Checksum: 0xAC5A
> Length: 36
> Network Mask: /24
> Metric Type: 2 (Larger than any link state path)
> TOS: 0
> Metric: 20
> Forward Address: 192.168.24.2
> External Route Tag: 0
>
> Now If you do not know about 192.168.24.2
>
> SW1#show ip route 192.168.24.2
> % Network not in table
>
> SW1#show ip ospf neighbor
>
> Neighbor ID Pri State Dead Time Address
> Interface
> 4.4.4.4 1 FULL/BDR 00:00:32 192.168.14.4 Vlan14
> 1.1.1.1 255 FULL/DR 00:00:37 192.168.100.1
> Vlan100
> 10.10.10.10 1 FULL/BDR 00:00:36 192.168.100.10
> Vlan100
>
> SW1#show ip ospf database
>
> OSPF Router with ID (150.150.0.1) (Process ID 100)
>
> OSPF Router with ID (9.9.9.9) (Process ID 1)
>
> Router Link States (Area 0)
>
> Link ID ADV Router Age Seq# Checksum Link
> count
> 1.1.1.1 1.1.1.1 86 0x80000142 0x00BB4E 4
> 4.4.4.4 4.4.4.4 20 0x80000005 0x00EA1B 1
> 6.6.6.6 6.6.6.6 897 0x8000012B 0x005A47 3
> 9.9.9.9 9.9.9.9 25 0x80000143 0x006822 4
> 10.10.10.10 10.10.10.10 87 0x8000002B 0x00766C 2
>
> Net Link States (Area 0)
>
> Link ID ADV Router Age Seq# Checksum
> 192.168.14.10 9.9.9.9 26 0x80000001 0x00DB84
> 192.168.100.1 1.1.1.1 70 0x80000002 0x00F71A
>
> Type-5 AS External Link States
>
> Link ID ADV Router Age Seq# Checksum Tag
> 2.2.2.0 4.4.4.4 16 0x80000001 0x00AC5A 0
>
> Looking at the OSPF External database
>
> SW1#show ip ospf database external 2.2.2.0
>
> OSPF Router with ID (150.150.0.1) (Process ID 100)
>
> OSPF Router with ID (9.9.9.9) (Process ID 1)
>
> Type-5 AS External Link States
>
> LS age: 23
> Options: (No TOS-capability, DC)
> LS Type: AS External Link
> Link State ID: 2.2.2.0 (External Network Number )
> Advertising Router: 4.4.4.4
> LS Seq Number: 80000001
> Checksum: 0xAC5A
> Length: 36
> Network Mask: /24
> Metric Type: 2 (Larger than any link state path)
> TOS: 0
> Metric: 20
> Forward Address: 192.168.24.2
> External Route Tag: 0
>
> SW1#show ip route 192.168.24.0
> % Network not in table
> SW1#ping 2.2.2.2
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
> .....
> Success rate is 0 percent (0/5)
> SW1#
> RTR-TS1#4
> [Resuming connection 4 to R4 ... ]
>
> *Mar 2 01:09:09.225: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on
> Serial0.42 from LOADING to FULL, Lo
> R4(config-router)#router ospf 100
> R4(config-router)#
> R4(config-router)#area 42 nssa translate type7 suppress-fa
> R4(config-router)#
> RTR-TS1#2
> [Resuming connection 2 to sw1 ... ]
>
> SW1#show ip ospf database external 2.2.2.0
>
> OSPF Router with ID (150.150.0.1) (Process ID 100)
>
> OSPF Router with ID (9.9.9.9) (Process ID 1)
>
> Type-5 AS External Link States
>
> Routing Bit Set on this LSA
> LS age: 8
> Options: (No TOS-capability, DC)
> LS Type: AS External Link
> Link State ID: 2.2.2.0 (External Network Number )
> Advertising Router: 4.4.4.4
> LS Seq Number: 80000002
> Checksum: 0x2564
> Length: 36
> Network Mask: /24
> Metric Type: 2 (Larger than any link state path)
> TOS: 0
> Metric: 20
> Forward Address: 0.0.0.0 ---------- Forwarding address modified
> External Route Tag: 0
>
> SW1#ping 2.2.2.2
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 59/62/67 ms
> SW1#
>
> SW1#show ip route 2.2.2.2
> Routing entry for 2.2.2.0/24
> Known via "ospf 1", distance 110, metric 20, type extern 2, forward
> metric 1
> Last update from 192.168.14.4 on Vlan14, 00:02:09 ago
> Routing Descriptor Blocks:
> * 192.168.14.4, from 4.4.4.4, 00:02:09 ago, via Vlan14
> Route metric is 20, traffic share count is 1
>
> SW1#show ip route 0.0.0.0
> % Network not in table
> SW1#
>
> Thanks
> Victor.-
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Nick Griffin
> Sent: Saturday, December 30, 2006 10:20 PM
> To: Thiago Vazquez
> Cc: ccie anees; ccielab@groupstudy.com
> Subject: Re: OSPF NSSA forwarding address suppression
>
> This may help:
>
> http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009
> 405a.shtml
>
> On 12/30/06, Thiago Vazquez <thiago.vazquez@uk.easynet.net> wrote:
> >
> > Mate,
> >
> > If you got Doyle's book (vol 1), take a look on Case Study: Address
> > Summarization - pag 435. It will give u great details about it.
> >
> > Cheers, Thiago
> >
> > ----------------------------------------------------------------------
> > Network Operations Center
> > Easynet
> > email: thiago.vazquez@uk.easynet.net
> > team email: networks.support@uk.easynet.net
> > tel.: +44 (0) 207 032 8006
> > ----------------------------------------------------------------------
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > ccie anees
> > Sent: 31 December 2006 01:12
> > To: ccielab@groupstudy.com
> > Subject: OSPF NSSA forwarding address suppression
> >
> >
> > Hi,
> >
> > how this command works?
> >
> > area 2 nssa translate type7 suppress-fa
> >
> > Thanks,
> >
> > Anees.
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam protection around
> > http://mail.yahoo.com
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: postmaster@traknet.com: "Delivery Status Notification (Failure)"
• Previous message: anthony.sequeira@thomson.com: "CCIE Recertification Question of the Week - DEC2906"
• Maybe in reply to: ccie anees: "OSPF NSSA forwarding address suppression"
• Next in thread: ccie anees: "Re: OSPF NSSA forwarding address suppression"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:40 ART