OSPF NSSA problems

From: Bogdan Sass (bogdan.sass@catc.ro)
Date: Sun Sep 21 2008 - 14:08:20 ART

    I came across this problem while doing one of the IE labs.

    I have 2 routers (R3 and SW4), connected over two paths. One of the
paths is R3-R1-SW4, running OSPF area 0, while the other is
R3-SW2-SW3-SW4, running OSPF area 38. Area 38 is configured as totally
NSSA no-redistribute, on both endpoints (R3 and SW4).

    The problem: routes that are being redistributed by R3 show up with
two next hops in SW4's routing table. One path goes through area 0,
while the other goes through area 38 (creating a routing loop in the
process, because devices in area 38 have a default route pointing back
to SW4).

Rack1SW4#sh ip ro ospf
     158.1.0.0/16 is variably subnetted, 8 subnets, 3 masks
O 158.1.23.0/24 [110/2] via 158.1.34.1, 00:00:54, FastEthernet1/13
O E2 158.1.0.4/32 [110/20] via 158.1.34.1, 00:00:54, FastEthernet1/13
                     [110/20] via 158.1.1.1, 00:00:54, Vlan110
*O E2 158.1.0.0/24 [110/20] via 158.1.34.1, 00:00:54, FastEthernet1/13
                     [110/20] via 158.1.1.1, 00:00:54, Vlan110*
O 158.1.38.0/24 [110/3] via 158.1.34.1, 00:00:54, FastEthernet1/13
O 158.1.123.1/32 [110/1] via 158.1.1.1, 00:03:16, Vlan110
O 158.1.123.3/32 [110/65] via 158.1.1.1, 00:03:16, Vlan110
     150.1.0.0/16 is variably subnetted, 5 subnets, 2 masks
O 150.1.3.3/32 [110/66] via 158.1.1.1, 00:03:16, Vlan110
O 150.1.1.1/32 [110/2] via 158.1.1.1, 00:03:16, Vlan110
O N2 150.1.9.0/24 [110/20] via 158.1.34.1, 00:00:54, FastEthernet1/13
O N2 150.1.8.0/24 [110/20] via 158.1.34.1, 00:00:51, FastEthernet1/13

    As far as I understand NSSAs, this shouldn't happen - the
"no-redistribute" keyword on R3 should prevent the redistributed routes
from being sent into area 38 as Type-7 LSAs. And a look at the OSPF
database from that area confirms the fact that they actually do not
enter area 38:

Rack1SW4#sh ip ospf data nssa-ex

            OSPF Router with ID (150.1.10.10) (Process ID 1)

                Type-7 AS External Link States (Area 38)

  Routing Bit Set on this LSA
  LS Type: AS External Link
  Link State ID: 150.1.8.0 (External Network Number )
  Advertising Router: 150.1.8.8
  Network Mask: /24

  Routing Bit Set on this LSA
  LS Type: AS External Link
  Link State ID: 150.1.9.0 (External Network Number )
  Advertising Router: 150.1.9.9
  Network Mask: /24

    The only two type 7 LSAs in the area are the two loopbacks
redistributed on SW2 and SW3.
  
    However, somehow the updates from R3 make their way to SW4 through
area 38.

    Does anybody know why this is happening, and how I could prevent
it? ( I have added all the relevant configs at the end of this message)

    Thank you, 

-- 
Bogdan Sass
CCAI,CCNP,CCSP,JNCIA-ER
Information Systems Security Professional
"Curiosity was framed - ignorance killed the cat"

======================R1============================
interface Loopback0
 ip address 150.1.1.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 158.1.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial1/0
 ip address 158.1.123.1 255.255.255.0
 encapsulation frame-relay
 ip ospf network point-to-multipoint non-broadcast
 serial restart-delay 0
 no dce-terminal-timing-enable
 frame-relay map ip 158.1.123.2 102
 frame-relay map ip 158.1.123.3 113
 no frame-relay inverse-arp
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
 no dce-terminal-timing-enable
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
 no dce-terminal-timing-enable
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
 no dce-terminal-timing-enable
!
router ospf 1
 router-id 150.1.1.1
 log-adjacency-changes
 network 150.1.1.1 0.0.0.0 area 0
 network 158.1.1.1 0.0.0.0 area 0
 network 158.1.123.1 0.0.0.0 area 0
 neighbor 158.1.123.2
 neighbor 158.1.123.3
!
======================R3============================
!
interface Loopback0
 ip address 150.1.3.3 255.255.255.0
!
interface Ethernet0/0
 ip address 158.1.38.3 255.255.255.0
 full-duplex
!
interface Serial1/0
 no ip address
 encapsulation frame-relay
 serial restart-delay 0
 no dce-terminal-timing-enable
 frame-relay interface-dlci 304 ppp Virtual-Template1
 frame-relay interface-dlci 305 ppp Virtual-Template1
 no frame-relay inverse-arp
!
interface Serial1/1
 ip address 158.1.123.3 255.255.255.0
 encapsulation frame-relay
 ip ospf network point-to-multipoint non-broadcast
 serial restart-delay 0
 no dce-terminal-timing-enable
 frame-relay map ip 158.1.123.1 311
 frame-relay map ip 158.1.123.2 312
 no frame-relay inverse-arp
!
interface Virtual-Template1 
 ip address 158.1.0.3 255.255.255.0
!
router ospf 1
 router-id 150.1.3.3
 log-adjacency-changes
 area 38 nssa no-redistribution no-summary
 redistribute connected subnets
 network 150.1.3.3 0.0.0.0 area 0
 network 158.1.38.3 0.0.0.0 area 38
 network 158.1.123.3 0.0.0.0 area 0
 neighbor 158.1.123.1
 neighbor 158.1.123.2
!

=====================SW2============================
interface Loopback0
 ip address 150.1.8.8 255.255.255.0
!
interface FastEthernet1/11
 no switchport
 ip address 158.1.23.8 255.255.255.0
!
interface Vlan38
 ip address 158.1.38.8 255.255.255.0
!
interface Vlan110
 ip address 158.1.1.8 255.255.255.0
!
router ospf 1
 router-id 150.1.8.8
 log-adjacency-changes
 area 38 nssa
 redistribute connected subnets route-map CONN2OSPF
 network 158.1.23.8 0.0.0.0 area 38
 network 158.1.38.8 0.0.0.0 area 38
!
route-map CONN2OSPF permit 10
 match interface Loopback0
!
=====================SW3============================
interface Loopback0
 ip address 150.1.9.9 255.255.255.0
!
interface FastEthernet1/11
 no switchport
 ip address 158.1.23.9 255.255.255.0
!
interface FastEthernet1/13
 no switchport
 ip address 158.1.34.1 255.255.255.254
!
router ospf 1
 router-id 150.1.9.9
 log-adjacency-changes
 area 38 nssa
 redistribute connected subnets route-map CONN2OSPF
 network 158.1.23.8 0.0.0.0 area 38
 network 158.1.23.9 0.0.0.0 area 38
 network 158.1.34.1 0.0.0.0 area 38
!
route-map CONN2OSPF permit 10
 match interface Loopback0
!
!
=====================SW4============================
!
interface Loopback0
 ip address 150.1.10.10 255.255.255.0
!
interface FastEthernet1/13
 no switchport
 ip address 158.1.34.0 255.255.255.254
!
interface Vlan110
 ip address 158.1.1.10 255.255.255.0
!
router ospf 1
 router-id 150.1.10.10
 log-adjacency-changes
 area 38 nssa no-redistribution no-summary
 network 150.1.10.10 0.0.0.0 area 0
 network 158.1.1.10 0.0.0.0 area 0
 network 158.1.34.0 0.0.0.0 area 38
!

Blogs and organic groups at http://www.ccie.net

This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:19 ART