NSSA with Default Route vs Totally NSSA

A question recently came up on CLN about the differences of NSSA with a default route and a Totally NSSA area. The community member was asking if there even was a difference. This is a short example that demonstrates what the differences are.

The best way understand something like this is to let the devices show us the operation. For this example, I have built out the following topologies. The ASBRs are created by redistributing a connected loopback into the OSPF Process.

NSSAwSumvsTot

A0-ASBR

!
hostname A0-ASBR
!
interface Loopback0
 description Loopback
 ip address 192.168.0.1 255.255.255.255
!
interface Loopback10
 ip address 1.0.0.1 255.255.255.0
!
interface GigabitEthernet0/1
 description to ABR
 ip address 10.0.0.5 255.255.255.252
!
router ospf 1
 redistribute connected subnets
 passive-interface Loopback0
 network 10.0.0.4 0.0.0.3 area 0
 network 192.168.0.1 0.0.0.0 area 0

ABR

!
hostname ABR
!
interface Loopback0
 description Loopback
 ip address 192.168.0.3 255.255.255.255
!
interface GigabitEthernet0/1
 description to A0-ASBR
 ip address 10.0.0.6 255.255.255.252
!
interface GigabitEthernet0/2
 description to A1-ASBR
 ip address 10.0.0.10 255.255.255.252
!
router ospf 1
 area 1 nssa default-information-originate
 passive-interface Loopback0
 network 10.0.0.4 0.0.0.3 area 0
 network 10.0.0.8 0.0.0.3 area 1
 network 192.168.0.3 0.0.0.0 area 0

A1-ASBR

hostname A1-ASBR
!
interface Loopback0
 description Loopback
 ip address 192.168.0.2 255.255.255.255
!
interface Loopback10
 ip address 2.0.0.2 255.255.255.0
!
interface GigabitEthernet0/1
 description to ABR
 ip address 10.0.0.9 255.255.255.252
!
router ospf 1
 area 1 nssa
 redistribute connected subnets
 passive-interface Loopback0
 network 10.0.0.8 0.0.0.3 area 1
 network 192.168.0.2 0.0.0.0 area 1
A1-ASBR#v

Based on this configuration we should see that Area 1 is an NSSA. The ABR should create a default route so the NSSA area has a path out.

show ip route (A1-ASBR)

A1-ASBR#show ip route ospf | beg Gateway
Gateway of last resort is 10.0.0.10 to network 0.0.0.0

O*N2  0.0.0.0/0 [110/1] via 10.0.0.10, 00:04:36, GigabitEthernet0/1
      10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O IA     10.0.0.4/30 [110/2] via 10.0.0.10, 00:04:44, GigabitEthernet0/1
      192.168.0.0/32 is subnetted, 3 subnets
O IA     192.168.0.1 [110/3] via 10.0.0.10, 00:04:44, GigabitEthernet0/1
O IA     192.168.0.3 [110/2] via 10.0.0.10, 00:04:44, GigabitEthernet0/1

show ip ospf database (A1-ASBR)

A1-ASBR#show ip ospf database

            OSPF Router with ID (192.168.0.2) (Process ID 1)

		Router Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Link count
192.168.0.2     192.168.0.2     135         0x80000016 0x001D7E 2
192.168.0.3     192.168.0.3     196         0x80000016 0x0028EB 1

		Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.0.10       192.168.0.3     196         0x80000013 0x00FECD

		Summary Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.0.4        192.168.0.3     322         0x80000001 0x005E60
192.168.0.1     192.168.0.3     322         0x80000001 0x0069F4
192.168.0.3     192.168.0.3     322         0x80000001 0x004B12

		Type-7 AS External Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Tag
0.0.0.0         192.168.0.3     314         0x80000001 0x00EE56 0
2.0.0.0         192.168.0.2     901         0x8000000D 0x00555C 0

From this output, we can see that the OSPF Database has a type 7 LSA for the default route (as well as the route being injected). The OSPF Database also has the type 1 and type 2 entries from its local area and the type 3 summary LSAs from Area 0.

If we compare this to the output of a totally NSSA, we should see some fairly significant differences.

ASR Reconfiguration for Totally NSSA

//changes to ABR
ABR(config-router)#no area 1 nssa default-information-originate
ABR(config-router)#area 1 nssa no-summary

show ip route (A1-ASBR)

A1-ASBR#show ip route ospf | beg Gateway
Gateway of last resort is 10.0.0.10 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 10.0.0.10, 00:00:49, GigabitEthernet0/1

show ip ospf database (A1-ASBR)

A1-ASBR#show ip route ospf | beg Gateway
Gateway of last resort is 10.0.0.10 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 10.0.0.10, 00:00:49, GigabitEthernet0/1
A1-ASBR#show ip ospf database

            OSPF Router with ID (192.168.0.2) (Process ID 1)

		Router Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Link count
192.168.0.2     192.168.0.2     404         0x80000016 0x001D7E 2
192.168.0.3     192.168.0.3     465         0x80000016 0x0028EB 1

		Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.0.10       192.168.0.3     465         0x80000013 0x00FECD

		Summary Net Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum
0.0.0.0         192.168.0.3     65          0x80000001 0x001BAE

		Type-7 AS External Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Tag
2.0.0.0         192.168.0.2     1170        0x8000000D 0x00555C 0

From this output, we can see that the OSPF Database still has the same type 1 and 2 (Router and Network) LSAs. However, there is now only a single type 3 LSA that represents the default route. Additionally, the only type 7 LSA is the one injected locally.

Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may does not reflect the position of past, present or future employers.

No related content found.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in invis. Bookmark the permalink.