From: Hong Chan (howard.chan34@gmail.com)
Date: Mon Sep 22 2008 - 06:01:11 ART
area 38 nssa no-redistribution no-summary only block the route which are
going to redistribute on that router but won't block the external routes
which are redistributed by other routers.
http://www.cisco.com/en/US/docs/ios/12_2/iproute/command/reference/1rfospf.html#wp1017551
Used when the router is an NSSA Area Border Router (ABR) and you want the *
redistribute* command to import routes only into the normal areas, but not
into the NSSA area.
The subnets on R3, such as lo0 150.1.3.3/32 & E0 158.1.38.3/24, are not
redistributed into NSSA already. only the external route from R1 are learned
from NSSA. But I have a question about your lab. Why such external routes
are learned from NSSA(inter area) rather than area 0 (intra area)??
2008/9/22 Bogdan Sass <bogdan.sass@catc.ro>
> I came across this problem while doing one of the IE labs.
>
> I have 2 routers (R3 and SW4), connected over two paths. One of the
> paths is R3-R1-SW4, running OSPF area 0, while the other is
> R3-SW2-SW3-SW4, running OSPF area 38. Area 38 is configured as totally
> NSSA no-redistribute, on both endpoints (R3 and SW4).
>
> The problem: routes that are being redistributed by R3 show up with
> two next hops in SW4's routing table. One path goes through area 0,
> while the other goes through area 38 (creating a routing loop in the
> process, because devices in area 38 have a default route pointing back
> to SW4).
>
> Rack1SW4#sh ip ro ospf
> 158.1.0.0/16 is variably subnetted, 8 subnets, 3 masks
> O 158.1.23.0/24 [110/2] via 158.1.34.1, 00:00:54, FastEthernet1/13
> O E2 158.1.0.4/32 [110/20] via 158.1.34.1, 00:00:54, FastEthernet1/13
> [110/20] via 158.1.1.1, 00:00:54, Vlan110
> *O E2 158.1.0.0/24 [110/20] via 158.1.34.1, 00:00:54, FastEthernet1/13
> [110/20] via 158.1.1.1, 00:00:54, Vlan110*
> O 158.1.38.0/24 [110/3] via 158.1.34.1, 00:00:54, FastEthernet1/13
> O 158.1.123.1/32 [110/1] via 158.1.1.1, 00:03:16, Vlan110
> O 158.1.123.3/32 [110/65] via 158.1.1.1, 00:03:16, Vlan110
> 150.1.0.0/16 is variably subnetted, 5 subnets, 2 masks
> O 150.1.3.3/32 [110/66] via 158.1.1.1, 00:03:16, Vlan110
> O 150.1.1.1/32 [110/2] via 158.1.1.1, 00:03:16, Vlan110
> O N2 150.1.9.0/24 [110/20] via 158.1.34.1, 00:00:54, FastEthernet1/13
> O N2 150.1.8.0/24 [110/20] via 158.1.34.1, 00:00:51, FastEthernet1/13
>
> As far as I understand NSSAs, this shouldn't happen - the
> "no-redistribute" keyword on R3 should prevent the redistributed routes
> from being sent into area 38 as Type-7 LSAs. And a look at the OSPF
> database from that area confirms the fact that they actually do not
> enter area 38:
>
> Rack1SW4#sh ip ospf data nssa-ex
>
> OSPF Router with ID (150.1.10.10) (Process ID 1)
>
> Type-7 AS External Link States (Area 38)
>
> Routing Bit Set on this LSA
> LS Type: AS External Link
> Link State ID: 150.1.8.0 (External Network Number )
> Advertising Router: 150.1.8.8
> Network Mask: /24
>
> Routing Bit Set on this LSA
> LS Type: AS External Link
> Link State ID: 150.1.9.0 (External Network Number )
> Advertising Router: 150.1.9.9
> Network Mask: /24
>
> The only two type 7 LSAs in the area are the two loopbacks
> redistributed on SW2 and SW3.
>
> However, somehow the updates from R3 make their way to SW4 through
> area 38.
>
> Does anybody know why this is happening, and how I could prevent
> it? ( I have added all the relevant configs at the end of this message)
>
> Thank you,
>
> --
> Bogdan Sass
> CCAI,CCNP,CCSP,JNCIA-ER
> Information Systems Security Professional
> "Curiosity was framed - ignorance killed the cat"
>
>
>
>
> ======================R1============================
> interface Loopback0
> ip address 150.1.1.1 255.255.255.0
> !
> interface FastEthernet0/0
> ip address 158.1.1.1 255.255.255.0
> duplex auto
> speed auto
> !
> interface Serial1/0
> ip address 158.1.123.1 255.255.255.0
> encapsulation frame-relay
> ip ospf network point-to-multipoint non-broadcast
> serial restart-delay 0
> no dce-terminal-timing-enable
> frame-relay map ip 158.1.123.2 102
> frame-relay map ip 158.1.123.3 113
> no frame-relay inverse-arp
> !
> interface Serial1/1
> no ip address
> shutdown
> serial restart-delay 0
> no dce-terminal-timing-enable
> !
> interface Serial1/2
> no ip address
> shutdown
> serial restart-delay 0
> no dce-terminal-timing-enable
> !
> interface Serial1/3
> no ip address
> shutdown
> serial restart-delay 0
> no dce-terminal-timing-enable
> !
> router ospf 1
> router-id 150.1.1.1
> log-adjacency-changes
> network 150.1.1.1 0.0.0.0 area 0
> network 158.1.1.1 0.0.0.0 area 0
> network 158.1.123.1 0.0.0.0 area 0
> neighbor 158.1.123.2
> neighbor 158.1.123.3
> !
> ======================R3============================
> !
> interface Loopback0
> ip address 150.1.3.3 255.255.255.0
> !
> interface Ethernet0/0
> ip address 158.1.38.3 255.255.255.0
> full-duplex
> !
> interface Serial1/0
> no ip address
> encapsulation frame-relay
> serial restart-delay 0
> no dce-terminal-timing-enable
> frame-relay interface-dlci 304 ppp Virtual-Template1
> frame-relay interface-dlci 305 ppp Virtual-Template1
> no frame-relay inverse-arp
> !
> interface Serial1/1
> ip address 158.1.123.3 255.255.255.0
> encapsulation frame-relay
> ip ospf network point-to-multipoint non-broadcast
> serial restart-delay 0
> no dce-terminal-timing-enable
> frame-relay map ip 158.1.123.1 311
> frame-relay map ip 158.1.123.2 312
> no frame-relay inverse-arp
> !
> interface Virtual-Template1
> ip address 158.1.0.3 255.255.255.0
> !
> router ospf 1
> router-id 150.1.3.3
> log-adjacency-changes
> area 38 nssa no-redistribution no-summary
> redistribute connected subnets
> network 150.1.3.3 0.0.0.0 area 0
> network 158.1.38.3 0.0.0.0 area 38
> network 158.1.123.3 0.0.0.0 area 0
> neighbor 158.1.123.1
> neighbor 158.1.123.2
> !
>
> =====================SW2============================
> interface Loopback0
> ip address 150.1.8.8 255.255.255.0
> !
> interface FastEthernet1/11
> no switchport
> ip address 158.1.23.8 255.255.255.0
> !
> interface Vlan38
> ip address 158.1.38.8 255.255.255.0
> !
> interface Vlan110
> ip address 158.1.1.8 255.255.255.0
> !
> router ospf 1
> router-id 150.1.8.8
> log-adjacency-changes
> area 38 nssa
> redistribute connected subnets route-map CONN2OSPF
> network 158.1.23.8 0.0.0.0 area 38
> network 158.1.38.8 0.0.0.0 area 38
> !
> route-map CONN2OSPF permit 10
> match interface Loopback0
> !
> =====================SW3============================
> interface Loopback0
> ip address 150.1.9.9 255.255.255.0
> !
> interface FastEthernet1/11
> no switchport
> ip address 158.1.23.9 255.255.255.0
> !
> interface FastEthernet1/13
> no switchport
> ip address 158.1.34.1 255.255.255.254
> !
> router ospf 1
> router-id 150.1.9.9
> log-adjacency-changes
> area 38 nssa
> redistribute connected subnets route-map CONN2OSPF
> network 158.1.23.8 0.0.0.0 area 38
> network 158.1.23.9 0.0.0.0 area 38
> network 158.1.34.1 0.0.0.0 area 38
> !
> route-map CONN2OSPF permit 10
> match interface Loopback0
> !
> !
> =====================SW4============================
> !
> interface Loopback0
> ip address 150.1.10.10 255.255.255.0
> !
> interface FastEthernet1/13
> no switchport
> ip address 158.1.34.0 255.255.255.254
> !
> interface Vlan110
> ip address 158.1.1.10 255.255.255.0
> !
> router ospf 1
> router-id 150.1.10.10
> log-adjacency-changes
> area 38 nssa no-redistribution no-summary
> network 150.1.10.10 0.0.0.0 area 0
> network 158.1.1.10 0.0.0.0 area 0
> network 158.1.34.0 0.0.0.0 area 38
> !
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:19 ART