Controlling OSPF default-route in NSSA environment
Article ID: 167938
Updated On:
Products
XOS
Issue/Introduction
Example configuration describing how to distribute the default-route in an OSPF NSSA architectureN/A
Cause
This articles explains how to redistribute a default-route into an OSPF NSSA topology.
In an OSPF NSSA (Not-So-Stub-Area) design, there is a need to redistribute the default-route into the area so that all routers know how to forward packets to other areas and the Internet. This is a common requirement, as NSSA only advertises LSA type 7 (routes to external destinations).
The topology below shows an example of an OSPF NSSA architecture. All configurations that follow are based on this topology.
In an OSPF NSSA (Not-So-Stub-Area) design, there is a need to redistribute the default-route into the area so that all routers know how to forward packets to other areas and the Internet. This is a common requirement, as NSSA only advertises LSA type 7 (routes to external destinations).
The topology below shows an example of an OSPF NSSA architecture. All configurations that follow are based on this topology.
Resolution
Here are some configuration examples that can be used to achieve the desired solution in the above scenario:
2) RSW OSPF configuration
interface out
With this configuration, we can verify the OSPF routing table on the chassis CBS1 (with default N2 route via CBS2):
Important note: When distributing the default-route in OSPF NSSA, the configuration should be done in the OSPF area context, not in the OSPF global context; see the example below.
A. Chassis CBS1
1) XOS CLI configuration
#
circuit outside
device-name out
vap-group fw
ip-forwarding
default-egress-vlan-tag 76 hide-vlan-header
ip 172.16.15.1/24 172.16.15.255
#
interface ethernet 1/2
logical l12 ingress-vlan-tag 76 76
circuit outside
#
2) RSW OSPF configuration
interface out
ip ospf hello-interval 1
ip ospf dead-interval 6
!
router ospf 100
ospf router-id 192.168.33.170
area 4.4.1.4 nssa default-information-originate
network 172.16.15.0/24 area 4.4.1.4
!
B. Chassis CBS2
1) XOS CLI configuration
#
circuit outside
device-name out
vap-group fw
ip-forwarding
default-egress-vlan-tag 47 hide-vlan-header
ip 10.128.1.21/24 10.128.1.255
#
circuit inside
device-name in
vap-group fw
ip-forwarding
default-egress-vlan-tag 76 hide-vlan-header
ip 172.16.15.11/24 172.16.15.255
#
interface ethernet 1/2
logical l12 ingress-vlan-tag 76 76
circuit inside
interface ethernet 1/4
logical l14 ingress-vlan-tag 47 47
circuit outside
#
ip route 0.0.0.0 0.0.0.0 10.128.1.11 vap-group fw circuit outside
#
2) RSW OSPF configuration
interface in
ip ospf hello-interval 1
ip ospf dead-interval 6
!
interface out
!
router ospf 100
ospf router-id 192.168.33.50
passive-interface in
area 4.4.1.4 nssa default-information-originate
network 10.128.1.0/24 area 4.4.1.4
network 172.16.15.0/24 area 4.4.1.4
With this configuration, we can verify the OSPF routing table on the chassis CBS1 (with default N2 route via CBS2):
ospfd#show ip ospf route
OSPF process 100:
Codes: C - connected, D - Discard, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
N2 0.0.0.0/0 [20/1] via 172.16.15.11, out, Area 4.4.1.4
O 10.128.1.0/24 [20] via 172.16.15.11, out, Area 4.4.1.4
C 172.16.15.0/24 [10] is directly connected, out, Area 4.4.1.4
ospfd#
Important note: When distributing the default-route in OSPF NSSA, the configuration should be done in the OSPF area context, not in the OSPF global context; see the example below.
router ospf 100
area 4.4.1.4 nssa default-information-originate (OSPF area context; this is the correct configuration)
default-information originate (OSPF global context; this will take effect only on backbone areas)
Workaround
N/AAttachments
Feedback
Powered by
