New OSPF Updates + OSPF NSSA Teaser

Tonight I’m posting some updates to the IEWB-RS Volume 1 Version 5.0 section of OSPF, along with an interesting teaser on how OSPF path selection works towards external routes originated in an NSSA. In my pursuit of networking Nirvana, I have a motto; learn something new every day. This topic for sure will fall into that category for many engineers.
We all (hopefully) know what an NSSA is in OSPF. It’s that cute little area that’s sort of stubby, but not completely, which allows us to cut down on the size of the OSPF database while still doing redistribution into an area. What is a little lesser known fact however, is how calculation towards an external route originated in an NSSA differs from a normal route redistributed into OSPF. Check the above link for the detailed walkthrough of how this works, along with the diagram and initial configs for those of you that don’t already have a subscription to the product, but the spirit of the situation is as follows…
As previously seen with OSPF Not-So-Stubby Areas, Type-7 NSSA External LSAs are translated to Type-5 External LSAs by the ABR connecting the NSSA to area 0. When multiple ABRs connect the NSSA to area 0, the ABR with the highest router-id is elected as the Type-7 to 5 translator, and is responsible for re-originating the Type-5 LSA into area 0. This election process is an optimization of the OSPF database, and relates to how the Type-7 NSSA External route uses the forward address field to ensure optimal routing.
Recall that with normal external routes, only one Type-5 LSA is originated by the router performing the redistribution. When the route moves between areas, each ABR originates a Type-4 ASBR Summary LSA advertising their reachability to the ASBR. This means that for all Type-5 External LSA inter-area lookups OSPF would require Ext_Routes + Num_ABRs + Num_Routers LSAs, where Ext_Routes is the number of Type-5 LSAs, Num_ABRs is the number of ABRs generating Type-4 ASBR summaries, and Num_Routers is the number of Type-1 LSAs from the routers in the local area.
Now with Type-7 LSAs the situation becomes more complicated, because this information needs to be re-originated at the ABR level as the route moves into area 0. Let’s suppose for the sake of argument that each ABR connecting the NSSA to area 0 did do a translation of Type-7 to 5. This would mean for all inter-area lookups on a Type-5 External LSAs that were translated from Type-7, there would be (NSSA_Routes * Num_ABRs) + Num_ABRs + Num_Routers LSAs, where NSSA_Routes is the number of Type-7 LSAs to start.
This operation would be highly redundant and inefficient, because each ABR would re-originate the same Type-5 LSA, each with the same forwarding address. To avoid this only one ABR performs the Type-7 to 5 translation, but maintains the forward address field, essentially separating the relationship between the routing advertisement and the traffic flow. This principle can be illustrated as follows.
Before any modification in the OSPF domain, R5 performs a lookup on the Type-5 LSA for 9.9.9.9 that was translated from a Type-7 LSA. At this point R3 has an OSPF Router-ID of 150.1.3.3, and R6 has 150.1.6.6. The advertising router R5 sees is 150.1.6.6 (R6), since R6 won the translator election due to the higher RID. Note however, the forward address is set to 150.1.9.9 (SW3). This means that R5 next needs to figure out how to route towards 150.1.9.9.
Rack1R5#show ip ospf database external 9.9.9.9

            OSPF Router with ID (150.1.5.5) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA
  LS age: 224
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 9.9.9.9 (External Network Number )
  Advertising Router: 150.1.6.6
  LS Seq Number: 80000001
  Checksum: 0x1F10
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 150.1.9.9
        External Route Tag: 0
Since 150.1.9.9 does not belong to a device in the same area as R5, an inter-area lookup is performed on the Type-3 LSA. R5 finds that two ABRs are advertising the route to 150.1.9.9, 150.1.3.3 (R3) and 150.1.6.6 (R6), both with a metric of 3.
Rack1R5#show ip ospf database summary 150.1.9.9

            OSPF Router with ID (150.1.5.5) (Process ID 1)

                Summary Net Link States (Area 0)

  Routing Bit Set on this LSA
  LS age: 603
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 150.1.9.9 (summary Network Number)
  Advertising Router: 150.1.3.3
  LS Seq Number: 80000001
  Checksum: 0xBD35
  Length: 28
  Network Mask: /32
        TOS: 0  Metric: 3 

  LS age: 4 (DoNotAge)
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 150.1.9.9 (summary Network Number)
  Advertising Router: 150.1.6.6
  LS Seq Number: 80000001
  Checksum: 0x9656
  Length: 28
  Network Mask: /32
        TOS: 0  Metric: 3
R5 now needs to find what the metric is to reach these ABRs. R5 checks its locally originated Type-1 Router LSA and finds that 150.1.1.1 (R1) and 150.1.3.3 (R3) are directly attached, both with a metric of 64.
Rack1R5#show ip ospf database router 150.1.5.5 self-originate 

            OSPF Router with ID (150.1.5.5) (Process ID 1)

                Router Link States (Area 0)

  LS age: 1620
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 150.1.5.5
  Advertising Router: 150.1.5.5
  LS Seq Number: 80000019
  Checksum: 0x7DAE
  Length: 108
  Area Border Router
  Number of Links: 7

*snip*
    Link connected to: another Router (point-to-point)
     (Link ID) Neighboring Router ID: 150.1.1.1
     (Link Data) Router Interface address: 155.1.0.5
      Number of TOS metrics: 0
       TOS 0 Metrics: 64
*snip*

    Link connected to: another Router (point-to-point)
     (Link ID) Neighboring Router ID: 150.1.3.3
     (Link Data) Router Interface address: 155.1.0.5
      Number of TOS metrics: 0
       TOS 0 Metrics: 64
*snip*
R5 asks R1 who it is adjacent with, and finds 150.1.6.6 (R6) is connected over the a Virtual-Link with a metric of 1.
Rack1R5#show ip ospf database router 150.1.1.1

            OSPF Router with ID (150.1.5.5) (Process ID 1)

                Router Link States (Area 0)

  Routing Bit Set on this LSA
  LS age: 773
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 150.1.1.1
  Advertising Router: 150.1.1.1
  LS Seq Number: 8000001B
  Checksum: 0xFA2E
  Length: 72
  Area Border Router
  Number of Links: 4

    Link connected to: a Virtual Link
     (Link ID) Neighboring Router ID: 150.1.6.6
     (Link Data) Router Interface address: 155.1.146.1
      Number of TOS metrics: 0
       TOS 0 Metrics: 1
This means that R5’s intra-area cost to R3 is 64, and to R6 is 65. Since both R3 and R6 reported a cost of 3 to the forward address 150.1.9.9, the total forward metric through R6 is 65+3 = 68, but is only 64+3 = 67 through R3. Therefore although the route is originated into area 0 by R6, the Type-7 to 5 translator, the traffic does not actually flow through R6. Instead the path through R3 installed with the default redistribution metric of 20 for the E2 route, and a forward metric of 67 through R3.
Rack1R5#show ip route 9.9.9.9
Routing entry for 9.9.9.9/32
  Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 67
  Last update from 155.1.0.3 on Serial0/0, 00:17:27 ago
  Routing Descriptor Blocks:
  * 155.1.0.3, from 150.1.6.6, 00:17:27 ago, via Serial0/0
      Route metric is 20, traffic share count is 1

Rack1R5#traceroute 9.9.9.9

Type escape sequence to abort.
Tracing the route to 9.9.9.9

  1 155.1.0.3 28 msec 32 msec 32 msec
  2 155.1.37.7 32 msec 32 msec 32 msec
  3 155.1.79.9 28 msec *  28 msec
This illustrates why a Type-5 External route that was translated from a Type-7 NSSA External route does not use a Type-4 ASBR Summary LSA, because the forward address lookup replaces the need for the ASBR Summary lookup. Since the forward address is preserved only one router needs to do the translation, while the calculation of the final forwarding path stays independent
The Type-7 to 5 translator election can be modified by increasing R3’s router-id to be higher than R6’s.
Rack1R3#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Rack1R3(config)#router ospf 1
Rack1R3(config-router)#router-id 150.1.30.30
Reload or use "clear ip ospf process" command, for this to take effect
Rack1R3(config-router)#end
Rack1R3#clear ip ospf 1 process
Reset OSPF process? [no]: yes
Rack1R3#

Rack1R5#show ip ospf database external 9.9.9.9

            OSPF Router with ID (150.1.5.5) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA
  LS age: 42
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 9.9.9.9 (External Network Number )
  Advertising Router: 150.1.30.30
  LS Seq Number: 80000001
  Checksum: 0xE519
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 150.1.9.9
        External Route Tag: 0
R5 now sees the advertising router as 150.1.30.30 (R3), because this is the highest router-id of the ABRs connecting the NSSA to area 0.
Although the advertising router has changed, the forward address is still 150.1.9.9, which means the traffic flow has not changed.
Rack1R5#traceroute 9.9.9.9

Type escape sequence to abort.
Tracing the route to 9.9.9.9

  1 155.1.0.3 28 msec 32 msec 28 msec
  2 155.1.37.7 32 msec 32 msec 32 msec
  3 155.1.79.9 28 msec *  28 msec
Only once the forward metric via R3 is higher than the forward metric via R6 will the path selection change. This can be accomplished by changing the OSPF cost on R3’s link to SW1.
Rack1R3#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Rack1R3(config)#interface Fa0/0
Rack1R3(config-if)#ip ospf cost 1000
Rack1R3(config-if)#end
Now when R5 computes the forward metric through R3 it sees the same intra-area cost of 64 to R3, but R3 increased the advertised metric to 150.1.9.9 to 1002.
Rack1R5#show ip ospf database summary 150.1.9.9 adv-router 150.1.30.30

            OSPF Router with ID (150.1.5.5) (Process ID 1)

                Summary Net Link States (Area 0)

  Routing Bit Set on this LSA
  LS age: 70
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 150.1.9.9 (summary Network Number)
  Advertising Router: 150.1.30.30
  LS Seq Number: 80000002
  Checksum: 0x854B
  Length: 28
  Network Mask: /32
        TOS: 0  Metric: 1002
The final result is that the route is installed via R6 with a metric of 20 reported by the ASBR, plus the forward metric of 68 through R6.
Rack1R5#show ip route 9.9.9.9
Routing entry for 9.9.9.9/32
  Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 68
  Last update from 155.1.0.1 on Serial0/0, 00:02:06 ago
  Routing Descriptor Blocks:
  * 155.1.0.1, from 150.1.30.30, 00:02:06 ago, via Serial0/0
      Route metric is 20, traffic share count is 1

Rack1R5#traceroute 9.9.9.9

Type escape sequence to abort.
Tracing the route to 9.9.9.9

  1 155.1.0.1 29 msec 28 msec 28 msec
  2 155.1.146.6 28 msec 32 msec 28 msec
  3 155.1.67.7 32 msec 32 msec 28 msec
  4 155.1.79.9 32 msec *  28 msec
If R6 loses connectivity to area 0 its route to the forward address is lost, and traffic is rerouted to R3.
Rack1R6#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Rack1R6(config)#interface Fa0/0.146
Rack1R6(config-subif)#shutdown
Rack1R6(config-subif)#

Rack1R5#traceroute 9.9.9.9 

Type escape sequence to abort.
Tracing the route to 9.9.9.9

  1 155.1.0.3 28 msec 32 msec 28 msec
  2 155.1.37.7 28 msec 28 msec 28 msec
  3 155.1.79.9 32 msec *  28 msec

0 comments:

About US

Network Bulls is Best Institute for Cisco CCNA, CCNA Security, CCNA Voice, CCNP, CCNP Security, CCNP Voice, CCIP, CCIE RS, CCIE Security Version 4 and CCIE Voice Certification courses in India. Network Bulls is a complete Cisco Certification Training and Course Coaching Institute in Gurgaon/Delhi NCR region in India. Network Bulls has Biggest Cisco Training labs in India. Network Bulls offers all Cisco courses on Real Cisco Devices. Network Bulls has Biggest Team of CCIE Trainers in North India, with more than 90% of passing rate in First Attempt for CCIE Security Version 4 candidates.
  • Biggest Cisco Training Labs in India
  • More than 90% Passing Rate in First Attempt
  • CCIE Certified Trainers for All courses
  • 24x7 Lab Facility
  • 100% Job Guaranteed Courses
  • Awarded as Best Network Security Institute in 2011 by Times
  • Only Institute in India, to provide CCIE Security Version 4.0 Training
  • CCIE Security Version 4 Training available
  • Latest equipments available for CCIE Security Version 4

Network Bulls Institute Gurgaon

Network Bulls Institute in Gurgaon is one of the best Cisco Certifications Training Centers in India. Network Bulls has Biggest Networking Training and Networking courses labs in North India. Network Bulls is offering Cisco Training courses on real Cisco Routers and Switches. Labs of Network Bulls Institute are 24x7 Available. There are many coaching Centers in Delhi, Gurgaon, Chandigarh, Jaipur, Surat, Mumbai, Bangalore, Hyderabad and Chennai, who are offering Cisco courses, but very few institutes out of that big list are offering Cisco Networking Training on real Cisco devices, with Live Projects. Network Bulls is not just an institute. Network Bulls is a Networking and Network Security Training and consultancy company, which is offering Cisco certifications Training as well support too. NB is awarded in January 2012, by Times, as Best Network Security and Cisco Training Institute for the year 2011. Network Bulls is also offering Summer Training in Gurgaon and Delhi. Network Bulls has collaboration with IT companies, from which Network Bulls is offering Networking courses in Summer Training and Industrial Training of Btech BE BCA MCA students on real Live projects. Job Oriented Training and Industrial Training on Live projects is also offered by network bulls in Gurgaon and Delhi NCR region. Network Bulls is also providing Cisco Networking Trainings to Corporates of Delhi, Gurgaon, bangalore, Jaipur, Nigeria, Chandigarh, Mohali, Haryana, Punjab, Bhiwani, Ambala, Chennai, Hyderabad.
Cisco Certification Exams are also conducted by Network Bulls in its Gurgaon Branch.
Network Bulls don't provide any Cisco CCNA, CCNP simulations for practice. They Provide High End Trainings on Real topologies for high tech troubleshooting on real Networks. There is a list of Top and best Training Institutes in India, which are providing CCNA and CCNP courses, but NB has a different image from market. Many students has given me their feedbacks and reviews about Network bulls Institute, but there were no complaints about any fraud from this institute. Network Bulls is such a wonderful place to get trained from Industry expert Trainers, under guidance of CCIE Certified Engineers.

About Blog

This Blog Contains Links shared by sites: Cisco Guides, Dumps collection, Exam collection, Career Cert, Ketam Mehta, GodsComp.co.cc.

NB

NB
Cisco Networking Certifications Training

Cisco Training in Delhi

ccna training in gurgaon. ccnp course institute in gurgaon, ccie coaching and bootcamp training near gurgaon and delhi. best institute of ccna course in delhi gurgaon india. network bulls provides ccna,ccnp,ccsp,ccie course training in gurgaon, new delhi and india. ccsp training new delhi, ccie security bootcamp in delhi.

Testimonials : Network Bulls

My Name is Rohit Sharma and i Have done CCNA and CCNP Training in Gurgaon Center of Network Bulls and it was a great experience for me to study in Network Bulls.

Cisco Networking Certifications

Myself Komal Verma and i took CCSP Training from Network Bulls in Gurgaon. The day i joined Network Bulls, the day i get addicted with Networking Technologies and I thank Mr. Vikas Sheokand for this wonderful session of Networking. :)
I must say that Network Bulls is Best Institute of CCNA CCNP CCSP CCIE Course Training in Gurgaon, New Delhi and in India too.
Komal Verma

About a wonderfull CCIE Training Institute in Gurgaon

I am Kiran shah from New Delhi. I have recently completed my CCNA CCNP & CCIE Training in Gurgaon from Network Bulls and i recommend Network Bulls for Cisco Training in India.

Kiran Shah

Cisco Coaching and Learning Center

Disclaimer: This site does not store any files on its server. I only index and link to content provided by other sites. If you see any file on server that is against copy right you can inform me at (sidd12341 [at] gmail.com). I will delete that materials within two days. This Website is not official Website of any Institute like INE, Network Bulls, IP Expert. Thanks

CCIE Security Version 4

Cisco Finally updated CCIE Security Lab exam blueprint. WSA Ironport and ISE devices are added in CCIE Security Version 4 Lab Exam Syllabus Blueprint. In Updated CCIE Security Version 4 Syllabus blueprint, new technologies like Mobile Security, VoIP Security and IPV6 Security along with Network Security, are added. As in CCIE Security Version 3 blueprint, Cisco had focused on Network Security only, but now as per market demand, Cisco is looking forward to produce Internet gear Security Engineer, not only Network Security engineers.
In CCIE Security Version 4 Bluerpint, Lab Exam is going to be more interested than before. What is Difference in CCIE Security Version 3 and Version 4? Just go through the CCIE Security Version 4 Lab Equipment and Lab Exam Syllabus Blueprints and find out!