Controlling OSPF default-route in NSSA environment

Article Id: 167938
Status: Published
Updated On: 03-10-2017 21:53
Legacy Id: TECH244099
Products:
XOS
Issue/Introduction:

Example configuration describing how to distribute the default-route in an OSPF NSSA architectureN/A

Cause:

This articles explains how to redistribute a default-route into an OSPF NSSA topology.

In an OSPF NSSA (Not-So-Stub-Area) design, there is a need to redistribute the default-route into the area so that all routers know how to forward packets to other areas and the Internet. This is a common requirement, as NSSA only advertises LSA type 7 (routes to external destinations).

The topology below shows an example of an OSPF NSSA architecture. All configurations that follow are based on this topology.

User-added image

Resolution:

Here are some configuration examples that can be used to achieve the desired solution in the above scenario:

A. Chassis CBS1

1) XOS CLI configuration
 
#
circuit outside
  device-name out
  vap-group fw
    ip-forwarding
    default-egress-vlan-tag 76 hide-vlan-header
    ip 172.16.15.1/24 172.16.15.255
#
interface ethernet 1/2
  logical l12 ingress-vlan-tag 76 76
    circuit outside
#

2) RSW OSPF configuration

interface out
 ip ospf hello-interval 1
 ip ospf dead-interval 6
!
router ospf 100
 ospf router-id 192.168.33.170
 area 4.4.1.4 nssa default-information-originate
 network 172.16.15.0/24 area 4.4.1.4
!
 
B. Chassis CBS2

1) XOS CLI configuration
 
#
circuit outside
  device-name out
  vap-group fw
    ip-forwarding
    default-egress-vlan-tag 47 hide-vlan-header
    ip 10.128.1.21/24 10.128.1.255
#
circuit inside
  device-name in
  vap-group fw
    ip-forwarding
    default-egress-vlan-tag 76 hide-vlan-header
    ip 172.16.15.11/24 172.16.15.255
#
interface ethernet 1/2
  logical l12 ingress-vlan-tag 76 76
    circuit inside
interface ethernet 1/4
  logical l14 ingress-vlan-tag 47 47
    circuit outside
#
ip route 0.0.0.0 0.0.0.0 10.128.1.11 vap-group fw circuit outside
#
 
2) RSW OSPF configuration
 
interface in
 ip ospf hello-interval 1
 ip ospf dead-interval 6
!
interface out
!
router ospf 100
 ospf router-id 192.168.33.50
 passive-interface in
 area 4.4.1.4 nssa default-information-originate
 network 10.128.1.0/24 area 4.4.1.4
 network 172.16.15.0/24 area 4.4.1.4
 

With this configuration, we can verify the OSPF routing table on the chassis CBS1 (with default N2 route via CBS2): 
 
ospfd#show ip ospf route
 
OSPF process 100:
Codes: C - connected, D - Discard, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
 
N2 0.0.0.0/0 [20/1] via 172.16.15.11, out, Area 4.4.1.4
O  10.128.1.0/24 [20] via 172.16.15.11, out, Area 4.4.1.4
C  172.16.15.0/24 [10] is directly connected, out, Area 4.4.1.4
ospfd#


Important note:  When distributing the default-route in OSPF NSSA, the configuration should be done in the OSPF area context, not in the OSPF global context; see the example below.

router ospf 100
 area 4.4.1.4 nssa default-information-originate (OSPF area context; this is the correct configuration)
 default-information originate (OSPF global context; this will take effect only on backbone areas)
 

Workaround

N/A