OSPF: P-bit Setting in Type-7 LSAs

This post represents the solution and explanation for quiz #5. Have a look at the quiz to understand the problem.
At first look, the quiz seemed tricky because of OSPFv3/IPv6, but the thing is that the problem/quiz applies to both OSPFv2 and OSPFv3!
As most of you already indicated in the Comments section, the junior engineer did make a mistake: he put/left the Vlan102 interface in area 0.0.0.0 (clearly shown in the output of command “show ipv6 ospf int b“) which makes from Dist-2 router an ABR (Area Border Router).
My next question to all of you would be: “so, what?… why an ABR cannot accept that default route received from another ABR (the COREs in our quiz)?” … let’s see why:
We all know that the motivation of having an NSSA is to allow external routes into a Stub area. External routes (learned from different routing domains) are carried within the NSSA area as Type-7 LSAs. As specified in RFC 1587, there are some bits in the Options field that are important in our context:
  • N-bit = used in the Hello packets to indicated that the router has NSSA capability on that interface (two routers will not form an ajancency unless they agree on the N-bit, meaning they are both configured as NSSA for that interface)
  • P-bit = (P – propagate) only used in type-7 LSAs to tell the ABRs to translate that type-7 LSA into a type-5 LSA. This P-bit is also used as a routing loop prevention mechanism.
Have a look at the picture below:
NSSA_and_P-bit_in_type-7_lsa

On the right-hand side, the ASBR (connected to other routing domains) will send the external prefixes within type-7 LSAs with the P-bit set. These LSAs will be translated into type-5 LSAs on both ABRs.
On the left-hand side, the ABR-1 and ABR-2 (COREs in our quiz) originate type-7 default route and they MUST NOT set the P-bit. When these type-7 LSAs reach other ABRs, since they don’t have the P-bit, they will not be considered for SFP calculations and will not get to the routing table.


Let’s have a look at OSPF’s database on our Dist-2:
Dist-2#sh ipv ospf database
...
                Type-7 AS External Link States (Area 192.168.1.0)

ADV Router      Age         Seq#        Prefix
192.168.255.1   231         0x80000001  ::/0
192.168.255.2   220         0x80000001  ::/0
...
Dist-2#sh ipv ospf database nssa-external

            OSPFv3 Router with ID (192.168.255.4) (Process ID 1)

                Type-7 AS External Link States (Area 192.168.1.0)
LS age: 263 LS Type: AS External Link Link State ID: 1 Advertising Router: 192.168.255.1 LS Seq Number: 80000001 Checksum: 0x6565 Length: 28 Prefix Address: :: Prefix Length: 0, Options: None Metric Type: 2 (Larger than any link state path) Metric: 1 LS age: 252 LS Type: AS External Link Link State ID: 1 Advertising Router: 192.168.255.2 LS Seq Number: 80000001 Checksum: 0x5F6A Length: 28 Prefix Address: :: Prefix Length: 0, Options: None Metric Type: 2 (Larger than any link state path) Metric: 1
Dist-2#sh ipv route ::/0 % Route not found
As you can see, Dist-2 knows the two default injected by cores in the OSPF database, but does not put them into the routing table – as an ABR, it does not accept type-7 LSA without P-bit, in order to avoid routing loops.
Now, let’s fix the mistake ( configure area 192.168.1.0 on Vlan102 interface) and check again:
Dist-2(config)#int vlan 102
Dist-2(config-if)#ipv6 ospf 1 area 192.168.1.0
Dist-2(config-if)#end
Dist-2#
Dist-2#sh ipv route ::/0
...
ON2  ::/0 [110/1]
     via FE80::C001:1CFF:FE3C:10, FastEthernet0/1
     via FE80::C000:1CFF:FE3C:10, FastEthernet0/0
Dist-2#
Dist-2#sh ipv osp int b
Interface    PID   Area            Intf ID    Cost  State Nbrs F/C
Vl102        1     192.168.1.0     30         1     DR    0/0
Vl201        1     192.168.1.0     35         1     DR    0/0
Vl200        1     192.168.1.0     34         1     DR    0/0
Vl105        1     192.168.1.0     33         1     DR    0/0
Vl104        1     192.168.1.0     32         1     DR    0/0
Vl103        1     192.168.1.0     31         1     DR    0/0
Vl101        1     192.168.1.0     29         1     DR    0/0
Vl100        1     192.168.1.0     28         1     DR    0/0
Fa0/1        1     192.168.1.0     5          1     DR    1/1
Fa0/0        1     192.168.1.0     4          1     DR    1/1
Lo0          1     192.168.1.0     27         1     LOOP  0/0



you’ll notice the additional information “Routing Bit Set on this LSA” (that did not exist before !!). This is a Cisco implementation to indicate that the LSA is valid (passed all sanity checks) for SFP calculation (please note that this “routing-bit” is not an actual bit in the LSA Option field, it is stored only locally, not propagated to other OSPF routers).
In the end, let’s have a look how a type-7 LSA with P-bit SET looks like: suppose ASBR (Dist-1 in our case) redistributes the external prefix 2003:1:1:1::/64
Dist-2#sh ipv route 2003:1:1:1::/64
...
ON2  2003:1:1:1::/64 [110/20]
     via FE80::C001:1CFF:FE3C:10, FastEthernet0/1
     via FE80::C000:1CFF:FE3C:10, FastEthernet0/0
Dist-2#
Dist-2#sh ipv ospf database nssa-external
...
  Routing Bit Set on this LSA
  LS age: 42
  LS Type: AS External Link
  Link State ID: 2
  Advertising Router: 192.168.255.3
  LS Seq Number: 80000001
  Checksum: 0x89B4
  Length: 36
  Prefix Address: 2003:1:1:1::
  Prefix Length: 64, Options: P
  Metric Type: 2 (Larger than any link state path)
  Metric: 20
As you can see, this type-7 LSA will be flooded into entire NSSA area and it has the P-bit set (also notice the “Routing Bit Set on this LSA”).
Thanks everyone for your comments into the quiz !

No comments: