Re: Good explanation for "area nssa translate"?

From: Paul Cosgrove (paul.cosgrove@heanet.ie)
Date: Fri Jan 04 2008 - 16:42:24 ARST

• Next message: nhatphuc: "Re: Basic privilege issue"
• Previous message: YourPal: "Re: Basic privilege issue"
• Maybe in reply to: Chris Riling: "Good explanation for "area nssa translate"?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Joseph, very good point. I was trying to differentiate ospf
type-1 & type-2 routes from the type-7 route learnt from the NSSA but I
didn't explain that very well.

Probably clearer to say "If you have a requirement to prevent internal
ospf routes learnt from your nssa area from being available to routers
in other areas...".

As you say type-1 and type-2 LSAs form the NSSA could not be sent into
other areas as anything other than type-3 summary LSAs.

If these are passed as normal type-3 LSAs, or summarised into different
type-3 LSAs there is no problem. Problems arrise when routers in other
areas do not receive (or locally filter) the type-3 which can verify the
 forwarding address as accessible. 'area x nssa translate type7
suppress-fa' on the NSSA ABR means they do not need these other routes.

Paul.

Joseph Saad wrote:
> Paul,
>
> Just going through your perfect explanation. My only note is that LSA type 1
> and 2 are local within an area already. You can only filter type 3-LSA.
>
> You can however prevent the installation of a route in the routing table for
> intra-area routes.
>
> Cheers,
> Joseph
>
> On Jan 4, 2008 3:33 PM, Paul Cosgrove <paul.cosgrove@heanet.ie> wrote:
>
>> A NSSA ASBR creates a type-7 external LSA and sets the forwarding
>> address. Unlike with other areas ASBRs which only sometimes set this
>> value, an NSSA ASBRs will always set it.
>>
>> The NSSA ABR then translates this type-7 LSA into a type-5. While it
>> will specify itself as the advertising router in the type-5, it includes
>> the same forwarding address that it received in the ASBRs type-7 LSA.
>>
>> Routers in different area which receiving the type-5, will check to see
>> that the forwarding address is accessible via an inter area route. They
>> will only use the LSA if such a route is found, otherwise it is ignored.
>>
>> If you have a requirement to suppress type-1 and type-2 LSAs from your
>> NSSA area into other areas, then you may use area range with the
>> not-advertise option to filter the unwanted routes. This is the example
>> given on the cisco link you mentioned but filtering using an area
>> filter-list or distribute-list etc. can also cause the same issue.
>>
>> The problem occurs when the route to the forwarding address IP of the
>> translated type-5 is filtered out, so it no longer advertised into other
>> areas.
>>
>> When a receiving router checks the type-5 forwarding address and find it
>> has no route to that IP, it sees the advertised route as inaccessible
>> and ignores the type-5 LSA.
>>
>> If you set the ABR to override the ASBRs forwarding address and instead
>> specify itself in the forwarding address field (actually using 0.0.0.0
>> in its advertisement, which is understood to mean itself), then the
>> other routers will still accept the type-5.
>>
>> Paul.
>>
>> Luan Nguyen wrote:
>>> Can I look at the workbook also? :)
>>> Would someone kind enough to explain this? I found this:
>>>
>> http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804556e5.html
>>> but I don't see any different with that area XX nssa translate type7
>>> suppress-fa command. By default, the NSSA ABR already used itself to
>>> advertise those type5-translated-from-type7 LSA to its neighbors. What
>> is
>>> the deal here?
>>>
>>> -lmn
>>>
>>> On Jan 3, 2008 8:21 PM, Narbik Kocharians <narbikk@gmail.com> wrote:
>>>
>>>> Look at the last lab in your OSPF section. From the work book in the
>> class
>>>> room.
>>>>
>>>> On 1/3/08, Chris Riling <criling@gmail.com> wrote:
>>>>> Hi Group,
>>>>>
>>>>> Does anyone have a good explanation for "area nssa translate"?
>> Frome
>>>>> the DocCD:
>>>>>
>>>>> area nssa translate
>>>>>
>>>>> To configure an area as a not-so-stubby area (NSSA) and configure the
>>>> Open
>>>>> Shortest Path First (OSPF) Forwarding Address Suppression in
>> Translated
>>>>> Type-5 LSAs feature, use the *area nssa translate *command in router
>>>>> configuration mode. To remove the NSSA distinction from the area, use
>>>> the
>>>>> *
>>>>> no* form of this command.
>>>>>
>>>>> *area* *area-id* *nssa* *translate type7 suppress-fa *
>>>>>
>>>>> no *area* *area-id* *nssa* *translate type7 suppress-fa *
>>>>> Syntax Description
>>>>>
>>>>> *area-id*
>>>>>
>>>>> Identifier of the area for which authentication is to be enabled. The
>>>>> identifier can be specified as either a decimal value or an IP
>> address.
>>>>> *translate*
>>>>>
>>>>> Translates one type of LSA to another type of LSA. This keyword takes
>>>>> effect
>>>>> only on an NSSA area border router (ABR) or NSSA Autonomous System
>>>>> Boundary
>>>>> Router (ASBR).
>>>>>
>>>>> *type7*
>>>>>
>>>>> Translates a Type-7 LSA to a Type-5 LSA. This keyword takes effect
>> only
>>>> on
>>>>> an NSSA ABR or an NSSA ASBR.
>>>>>
>>>>> *suppress-fa*
>>>>>
>>>>> Suppresses the forwarding address of the Type-7 LSAs from being placed
>>>> in
>>>>> the Type-5 LSAs. This keyword takes effect only on an NSSA ABR or an
>>>> NSSA
>>>>> ASBR.
>>>>>
>>>>> Doesn't an NSSA ABR do this by it's very nature? Also, could someone
>>>>> clarify
>>>>> when you might use forward address supression?
>>>>>
>>>>> Thanks,
>>>>> Chris
>>>>>
>>>>>
>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>
>>>> --
>>>> Narbik Kocharians
>>>> CCIE# 12410 (R&S, SP, Security)
>>>> CCSI# 30832
>>>> www.MicronicsTraining.com
>>>> Sr. Technical Instructor
>>>> www.Net-WorkBooks.com
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>
>> --
>> Paul Cosgrove
>> HEAnet Limited, Ireland's Education and Research Network
>> 1st Floor, 5 George's Dock, IFSC, Dublin 1
>> Registered in Ireland, no 275301
>> tel: +353-1-660 9040 fax: +353-1-660 3666
>> web: http://www.heanet.ie/
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>

-- 
Paul Cosgrove
HEAnet Limited, Ireland's Education and Research Network
1st Floor, 5 George's Dock, IFSC, Dublin 1
Registered in Ireland, no 275301
tel: +353-1-660 9040  fax: +353-1-660 3666
web: http://www.heanet.ie/

• Next message: nhatphuc: "Re: Basic privilege issue"
• Previous message: YourPal: "Re: Basic privilege issue"
• Maybe in reply to: Chris Riling: "Good explanation for "area nssa translate"?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:57 ARST