This post represents the solution and explanation for quiz #5. Have a look at the quiz to understand the problem.
At first look, the quiz seemed tricky because of OSPFv3/IPv6, but the thing is that the problem/quiz applies to both OSPFv2 and OSPFv3!
As most of you already indicated in the Comments section, the junior engineer did make a mistake: he put/left the Vlan102 interface in area 0.0.0.0 (clearly shown in the output of command “show ipv6 ospf int b“) which makes from Dist-2 router an ABR (Area Border Router).
As most of you already indicated in the Comments section, the junior engineer did make a mistake: he put/left the Vlan102 interface in area 0.0.0.0 (clearly shown in the output of command “show ipv6 ospf int b“) which makes from Dist-2 router an ABR (Area Border Router).
My next question to all of you would be: “so, what?… why an ABR cannot accept that default route received from another ABR (the COREs in our quiz)?” … let’s see why:
We all know that the motivation of having an NSSA is to allow external routes into a Stub area. External routes (learned from different routing domains) are carried within the NSSA area as Type-7 LSAs. As specified in RFC 1587, there are some bits in the Options field that are important in our context:
- N-bit = used in the Hello packets to indicated that the router has NSSA capability on that interface (two routers will not form an ajancency unless they agree on the N-bit, meaning they are both configured as NSSA for that interface)
- P-bit = (P – propagate) only used in type-7 LSAs to tell the ABRs to translate that type-7 LSA into a type-5 LSA. This P-bit is also used as a routing loop prevention mechanism.
Have a look at the picture below:
On the right-hand side, the ASBR (connected to other routing domains) will send the external prefixes within type-7 LSAs with the P-bit set. These LSAs will be translated into type-5 LSAs on both ABRs.
On the left-hand side, the ABR-1 and ABR-2 (COREs in our quiz) originate type-7 default route and they MUST NOT set the P-bit. When these type-7 LSAs reach other ABRs, since they don’t have the P-bit, they will not be considered for SFP calculations and will not get to the routing table.
Let’s have a look at OSPF’s database on our Dist-2:
Dist-2#sh ipv ospf database
...
Type-7 AS External Link States (Area 192.168.1.0)
ADV Router Age Seq# Prefix
192.168.255.1 231 0x80000001 ::/0
192.168.255.2 220 0x80000001 ::/0
...
Dist-2#sh ipv ospf database nssa-external
OSPFv3 Router with ID (192.168.255.4) (Process ID 1)
Type-7 AS External Link States (Area 192.168.1.0)
LS age: 263 LS Type: AS External Link Link State ID: 1 Advertising Router: 192.168.255.1 LS Seq Number: 80000001 Checksum: 0x6565 Length: 28 Prefix Address: :: Prefix Length: 0, Options: None Metric Type: 2 (Larger than any link state path) Metric: 1 | LS age: 252 LS Type: AS External Link Link State ID: 1 Advertising Router: 192.168.255.2 LS Seq Number: 80000001 Checksum: 0x5F6A Length: 28 Prefix Address: :: Prefix Length: 0, Options: None Metric Type: 2 (Larger than any link state path) Metric: 1 |
As you can see, Dist-2 knows the two default injected by cores in the OSPF database, but does not put them into the routing table – as an ABR, it does not accept type-7 LSA without P-bit, in order to avoid routing loops.
Now, let’s fix the mistake ( configure area 192.168.1.0 on Vlan102 interface) and check again:
Dist-2(config)#int vlan 102
Dist-2(config-if)#ipv6 ospf 1 area 192.168.1.0
Dist-2(config-if)#end
Dist-2#
Dist-2#sh ipv route ::/0
...
ON2 ::/0 [110/1]
via FE80::C001:1CFF:FE3C:10, FastEthernet0/1
via FE80::C000:1CFF:FE3C:10, FastEthernet0/0
Dist-2#
| Dist-2#sh ipv osp int b
Interface PID Area Intf ID Cost State Nbrs F/C
Vl102 1 192.168.1.0 30 1 DR 0/0
Vl201 1 192.168.1.0 35 1 DR 0/0
Vl200 1 192.168.1.0 34 1 DR 0/0
Vl105 1 192.168.1.0 33 1 DR 0/0
Vl104 1 192.168.1.0 32 1 DR 0/0
Vl103 1 192.168.1.0 31 1 DR 0/0
Vl101 1 192.168.1.0 29 1 DR 0/0
Vl100 1 192.168.1.0 28 1 DR 0/0
Fa0/1 1 192.168.1.0 5 1 DR 1/1
Fa0/0 1 192.168.1.0 4 1 DR 1/1
Lo0 1 192.168.1.0 27 1 LOOP 0/0
|
you’ll notice the additional information “Routing Bit Set on this LSA” (that did not exist before !!). This is a Cisco implementation to indicate that the LSA is valid (passed all sanity checks) for SFP calculation (please note that this “routing-bit” is not an actual bit in the LSA Option field, it is stored only locally, not propagated to other OSPF routers).
In the end, let’s have a look how a type-7 LSA with P-bit SET looks like: suppose ASBR (Dist-1 in our case) redistributes the external prefix 2003:1:1:1::/64
Dist-2#sh ipv route 2003:1:1:1::/64
...
ON2 2003:1:1:1::/64 [110/20]
via FE80::C001:1CFF:FE3C:10, FastEthernet0/1
via FE80::C000:1CFF:FE3C:10, FastEthernet0/0
Dist-2#
Dist-2#sh ipv ospf database nssa-external
...
Routing Bit Set on this LSA
LS age: 42
LS Type: AS External Link
Link State ID: 2
Advertising Router: 192.168.255.3
LS Seq Number: 80000001
Checksum: 0x89B4
Length: 36
Prefix Address: 2003:1:1:1::
Prefix Length: 64, Options: P
Metric Type: 2 (Larger than any link state path)
Metric: 20
As you can see, this type-7 LSA will be flooded into entire NSSA area and it has the P-bit set (also notice the “Routing Bit Set on this LSA”).
Thanks everyone for your comments into the quiz !
No comments:
Post a Comment