Type 4 LSA when virtual link is used in combo with an NSSA.

wavewave Member Posts: 342
This has really been puzzling me. The lab it 3-7 OSPF Case Study from the Cisco Networking Academy lab manual.

Please see attached topology.

* I have redistributed 10.1.1.12/30 on R3 and configured area 300 has an NSSA.

* There is a virtual link connecting R2 with area 0.

R1 RID = 9.9.9.9
R2 RID = 2.2.2.2
R3 RID = 3.3.3.3

R2 is advertising an ASB Summary LSA (Type 4) into area 0 and area 100:


Summary ASB Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
9.9.9.9 2.2.2.2 7 (DNA) 0x80000001 0x0022AD

I can't understand why the advertising router is R2 and not R1?

When I change area 300 to a regular area the type 4 is advertised into both area 0 and 100 as follows (as expected):

Summary ASB Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
3.3.3.3 9.9.9.9 25 0x80000001 0x006467



ROUTE Passed 1 May 2012
SWITCH Passed 25 September 2012
TSHOOT Passed 23 October 2012
Taking CCNA Security in April 2013 then studying for the CISSP

Comments

  • mattaumattau Member Posts: 218
    I believe the reason is when you have an NSSA something special happens. R1 turns into the LSA type 7 to 5 translator. A router creating type 5 is an ASBR by definition. virtual links are so hard to visualize, i struggle how the LSAs flow. It really gives me a headache :)
    I am still trying to figure out why R2 creates type 4 into area 0 and 100 as I wouldve though R2 is part of both these areas now (given the virtual link has connected it to area 0 ) and it would only need to create an type 4 for area 200 seems those routers wouldnt know how to get to 9.9.9.9. Id say it has something to do with the virtual link though

    When you make area 300 to a regular area then R3 is the ASBR ( creating the type 5 ) so R1 has to tell routers in Area 0 anre 100 how to reach 3.3.3.3 go through me 9.9.9.9

    that post is probably confusing
    _____________________________________
    CCNP ROUTE - passed 20/3/12
    CCNP SWITCH - passed 25/10/12
    CCNP TSHOOT - passed 11/12/12




  • wavewave Member Posts: 342
    Yeah...I see how it works as a standard area but as soon as 300 becomes a NSSA everything changes. God knows why R2 is advertising it as I would have thought R1 should be doing that seeing as R2 doesn't have an interface in area 300. Hopefully someone knows...

    ROUTE Passed 1 May 2012
    SWITCH Passed 25 September 2012
    TSHOOT Passed 23 October 2012
    Taking CCNA Security in April 2013 then studying for the CISSP
  • mattaumattau Member Posts: 218
    just labbed this up again and the only thing that I could think of is that when R2 creates the T4 lsa for area 200 it just sends it into all the other areas

    generally all things networking happen for a reason and have tried to find documentation on the situation but its hard to find.
    _____________________________________
    CCNP ROUTE - passed 20/3/12
    CCNP SWITCH - passed 25/10/12
    CCNP TSHOOT - passed 11/12/12




  • wavewave Member Posts: 342
    But why doesn't advertise that LSA into area 200, 100 and 0 when area 300 is converted to a regular area?

    It has to have something to do with the NSSA. It's like R1 is saying "I don't need to create a Type 4 LSA because I don't need it, R2 does need it so I'm passing the responsibility to it....but I'll still remain the ABR"

    So weird!

    ROUTE Passed 1 May 2012
    SWITCH Passed 25 September 2012
    TSHOOT Passed 23 October 2012
    Taking CCNA Security in April 2013 then studying for the CISSP
  • wavewave Member Posts: 342
    It has to be the NSSA and not the virtual link. I just looked again. These are the LSAs on R1 when the NSSA is enabled:

    As you can see, the Do Not Age bit is set indicating that LSA must have been pumped into area 0 through the virtual link. But for area 100 it's gone directly into area from R2.

    Summary ASB Link States (Area 0)

    Link ID ADV Router Age Seq# Checksum
    9.9.9.9 2.2.2.2 11 (DNA) 0x80000001 0x0022AD


    Summary ASB Link States (Area 100)

    Link ID ADV Router Age Seq# Checksum
    9.9.9.9 2.2.2.2 15 0x80000001 0x0022AD

    The Type 5 LSA on R2 looks correct:

    R2#sh ip ospf database external

    OSPF Router with ID (2.2.2.2) (Process ID 1)

    Type-5 AS External Link States

    Routing Bit Set on this LSA
    LS age: 614
    Options: (No TOS-capability, DC)
    LS Type: AS External Link
    Link State ID: 10.1.1.12 (External Network Number )
    Advertising Router: 9.9.9.9
    LS Seq Number: 80000001
    Checksum: 0x90C4
    Length: 36
    Network Mask: /30
    Metric Type: 2 (Larger than any link state path)
    TOS: 0
    Metric: 20
    Forward Address: 10.1.1.6 (R3...R4 in the lab manual)
    External Route Tag: 0

    R1#sh ip ospf database asbr-summary

    OSPF Router with ID (9.9.9.9) (Process ID 1)

    Summary ASB Link States (Area 0)

    LS age: 11 (DoNotAge)
    Options: (No TOS-capability, DC, Upward)
    LS Type: Summary Links(AS Boundary Router)
    Link State ID: 9.9.9.9 (AS Boundary Router address)
    Advertising Router: 2.2.2.2
    LS Seq Number: 80000001
    Checksum: 0x22AD
    Length: 28
    Network Mask: /0
    TOS: 0 Metric: 64


    Summary ASB Link States (Area 100)

    Adv Router is not-reachable
    LS age: 1272
    Options: (No TOS-capability, DC, Upward)
    LS Type: Summary Links(AS Boundary Router)
    Link State ID: 9.9.9.9 (AS Boundary Router address)
    Advertising Router: 2.2.2.2
    LS Seq Number: 80000001
    Checksum: 0x22AD
    Length: 28
    Network Mask: /0
    TOS: 0 Metric: 64

    ROUTE Passed 1 May 2012
    SWITCH Passed 25 September 2012
    TSHOOT Passed 23 October 2012
    Taking CCNA Security in April 2013 then studying for the CISSP
  • mattaumattau Member Posts: 218
    its certainly weird lol. When area 300 is a normal area R1 behaves how you would think doing the Type 4 into area 0 and 100 its just R2 I am not sure why but just creates a type 4 for Area 200 not for area 100 or 0. Im assuming its got something to do with the virtual link like not sending redundant LSA's back out the virtual link seems if the transit routers in area 100 went down its not like routers could use R2 to get to R3 to the asbr since it is relying on the transit routers in area 100 to be up to have the virtual link stay up. I have no idea just a thought.

    As for when the NSSA is in play, its got me completely stumped, hopefully someone can shed some light on this
    _____________________________________
    CCNP ROUTE - passed 20/3/12
    CCNP SWITCH - passed 25/10/12
    CCNP TSHOOT - passed 11/12/12




  • wavewave Member Posts: 342
    I emailed Joe Astorino, a CCIE about this and he responded with this (below)...As you can see from the sentence I bolded, we still don't have a firm conclusion as to why R2 is injecting the type 4 LSA into area 0 and 100 (sure, 200 makes sense). R2 decides it needs to assume the advertising role once that NSSA is enabled, but R1 remains the ABR.

    I had stumbled upon Joe's two very helpful blog posts on the type 4 LSA:

    OSPF Type-4 LSA & The Forward-Address Part 1
    OSPF Type-4 LSA & The Forward-Address Part 2

    His email:


    OK. The reason has to do with how NSSA works. I'd have to lab it to be 100% sure but this should give you a good idea
    Area 300 Configured as NSSA

    R3 redistributes 10.1.1.12/30 into area 300. This is a type 7 LSA at this point by nature of how NSSA works. It cannot have type 5 LSA's so any redistributed routes into the area are injected as type 7 LSAs. The ABR between the NSSA and any other areas then converts the LSA to a standard type 5 external LSA and floods it into all areas. Therefore, when R1 receives this type 7 LSA from R3, it converts it to a standard external type 5 LSA and injects that LSA into area 0 and area 100. At this point, R1 actually becomes the originating router of that type 5 LSA. The originating RID of that type 5 will be R1.

    Now, R2 receives this type 5 LSA and needs to flood it into all the areas it is connected to. At this point, the originating RID of 10.1.1.12/30 is STILL going to be R1. R2 has links in area 200 and any routers that might be in area 200 have no idea who R1 is, because routers in an OSPF area only know the RIDs of routers in their own area (via type 1 LSA). Therefore, R2 injects the type 4 LSA. You should see a type 4 LSA in area 200 as well there if you look on R2. The type 4 LSA will be originated by R2 as you observed because R2 is the ABR between area 0/100/200. R1 will not generate a type 4 LSA in this case. Why? Because every router in every area R1 is directly connected to (areas 0 and 100) already know how to get to R1 and R1 is the originator of the type 5 LSA. So why does R2 inject the type 4 into area 0 and area 100 at all? Why not just area 200? I would have to check to see but it is probably just the mechanics of the ABR that is injects it into all areas.



    Area 300 Configured as a normal area

    Things change here considerably, because the route redistributed by R3 is injected as a plain type 5 external LSA and NOT a type 7 LSA as before. That means the originating RID is now R3 and will remain R3 throughout the topology. R1 receives this and sends the LSA into area 0 and area 100 but again, the originating RID does not change. Because of this, when routers in area 0 and area 100 receive the LSA they will have no idea how to route to 10.1.1.12/30 because the originating RID is still R3. Therefore, R1 injects the type 4 LSA into those areas to tell those routers "if you need to get to 10.1.1.12/30 go through me". Check your LSDB for a type 4 in area 200 on R2 as well. I suspect you will find one.

    ROUTE Passed 1 May 2012
    SWITCH Passed 25 September 2012
    TSHOOT Passed 23 October 2012
    Taking CCNA Security in April 2013 then studying for the CISSP
  • mattaumattau Member Posts: 218
    awesome thanks for that. it does clear up abit and you were right - it must just be how that ABR works when an NSSA is involved. just one of those things we should just accept it does what it does :)

    if you find out anything more, would love to know
    _____________________________________
    CCNP ROUTE - passed 20/3/12
    CCNP SWITCH - passed 25/10/12
    CCNP TSHOOT - passed 11/12/12




  • wavewave Member Posts: 342
    Another email from Joe:

    "I think the reason is redundancy. Imagine that there were other routers in area 0, but for some reason they were no longer able to get to R1's RID in area 0. Since R2 injects the type-4 LSA into area 0, that opens up another way for other routers in area 0 to get to 1.1.1.1 .....through R2 and then through area 100.
    The same could be said for area 100. If there were other routers in area 100, but they were unable to directly reach R1 in area 100 they could go through R2 then through area 0 "

    ROUTE Passed 1 May 2012
    SWITCH Passed 25 September 2012
    TSHOOT Passed 23 October 2012
    Taking CCNA Security in April 2013 then studying for the CISSP
  • mattaumattau Member Posts: 218
    that does make alot of good sense, never thought about that!
    _____________________________________
    CCNP ROUTE - passed 20/3/12
    CCNP SWITCH - passed 25/10/12
    CCNP TSHOOT - passed 11/12/12




  • wavewave Member Posts: 342
    Indeed! I've now moved on to controlling routing updates with route maps and distribute lists :D

    ROUTE Passed 1 May 2012
    SWITCH Passed 25 September 2012
    TSHOOT Passed 23 October 2012
    Taking CCNA Security in April 2013 then studying for the CISSP
  • mattaumattau Member Posts: 218
    sounds fun :P
    _____________________________________
    CCNP ROUTE - passed 20/3/12
    CCNP SWITCH - passed 25/10/12
    CCNP TSHOOT - passed 11/12/12




Sign In or Register to comment.