NSSA区域原理
NSSA区域 no-so-stub-area,次末梢区域。
NSSA区域能够将外部路由引入并传播到整个OSPF自治域中,同时又不会学习来自OSPF网络其它区域的5类LSA
OSPF规定Stub区域是不能引入外部路由的,这样可以避免大量外部路由对Stub区域路由器带宽和存储资源的消耗。对于既需要引入外部路由又要避免外部路由带来的资源消耗的场景,Stub区域就不再满足需求了。因此Stub区域的变形——NSSA区域就产生了。
7类LSA
• 7类LSA是为了支持NSSA区域而新增的一种LSA类型,用于描述引入的外部路由信息。
• 7类LSA由NSSA区域的自治域边界路由器(ASBR)产生,其扩散范围仅限于边界路由器所在的NSSA区域。
• NSSA区域的区域边界路由器(ABR)收到7类LSA时,会有选择地将其转化为5类LSA,以便将外部路由信息通告到OSPF网络的其它区域。
• 缺省路由也可以通过7类LSA来表示,用于指导流量流向其它自治域。
为了将NSSA区域引入的外部路由发布到其它区域,需要把Type-7 LSA转化为Type-5 LSA以便在整个OSPF网络中通告。
• option字段P用于告知转化路由器该条7类LSA是否需要转化。
• 进行转化的是NSSA区域中Router ID最大的区域边界路由器(ABR)。
• 只有P置位并且Forwarding Address不为0的Type-7 LSA才能转化为Type-5 LSA。Forwarding Address用来表示发送的某个目的地址的报文将被转发到Forwarding Address所指定的地址。
• 满足以上条件的缺省7类LSA也可以被转化。
• 区域边界路由器产生的7类LSA不会置位P-bit。
注意事项
• 在NSSA区域中,可能同时存在多个边界路由器。为了防止路由环路产生,边界路由器之间不计算对方发布的缺省路由。
NSSA和Totally NSSA
• NSSA区域允许引入少量通过本区域的ASBR到达的外部路由,但不允许其他区域的外部路由ASE LSA(Type5 LSA)在区域内传播。即到达自治系统外部的路由只能通过本区域的ASBR到达。
• Totally NSSA区域既不允许其他区域的外部路由ASE LSA(Type5 LSA)在区域内传播,也不允许区域间路由(Type3 LSA)在区域内传播。
注意:
如果希望到达自治系统外部的路由通过该区域的ASBR到达,而其它外部路由通过其它区域出去。此时,ABR会产生一条Type7LSA的缺省路由,通告到整个NSSA区域内。这样,除了某少部分路由通过NSSA的ASBR到达,其它路由都可以通过NSSA的ABR到达其它区域的ASBR出去。
如果希望所有的外部路由只有通过本区域NSSA的ASBR到达。则必须在ASBR上手动通过命令进行配置,使ASBR产生一条缺省NSSA lSA(Type7 LSA),通告到整个NSSA区域内。这样,所有的外部路由就只能通过本区域NSSA的ASBR到达。
两种情况的区别是:
在ABR上无论路由是否存在缺省路由0.0.0.0,都会产生Type7LSA的缺省路由。
在ASBR上只有当路由表中存在缺省路由0.0.0.0时,才会产生Type7LSA的缺省路由。
因为缺省路由指示在本NSSA区域内泛洪,并没有泛洪到整个OSPF域中,所以本NSSA区域内的路由器在找不到路由之后可以从该NSSA的ASBR出去,但不能实现其他OSPF域的路由从这个出口出去。Type7LSA缺省路由不会再ABR上转换成Type5LSA缺省路由泛洪到整个OSPF域。
always参数:
ASBR已经有缺省路由,执行default-route-advertise命令,将在整个OSPF区域中通告缺省路由0.0.0.0。
ASBR没有缺省路由,执行default-route-advertise命令时按照以下需求选择是否配置always参数。
如果配置always参数,无论ASBR是否有缺省路由都将在整个OSPF区域中通告缺省路由0.0.0.0,并且不再计算来自其他设备的缺省路由。
如果没有配置always参数,ASBR的路由表中必须有激活的非OSPF(BGP除外)缺省路由时才生成缺省路由的LSA。
实验配置
配置步骤
1.将各设备的IP地址完成配置。
<Huawei>system-view
[Huawei]sysname AR1
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip address 10.1.12.1 24
[AR1-GigabitEthernet0/0/0]quit
[AR1]
<Huawei>system-view
[Huawei]sysname AR2
[AR2]interface GigabitEthernet 0/0/0
[AR2-GigabitEthernet0/0/0]ip address 10.1.12.2 24
[AR2-GigabitEthernet0/0/0]quit
[AR2]interface GigabitEthernet 0/0/1
[AR2-GigabitEthernet0/0/1]ip address 10.1.23.2 24
[AR2-GigabitEthernet0/0/1]quit
[AR2]
<Huawei>system-view
[Huawei]sysname AR3
[AR3]interface GigabitEthernet 0/0/1
[AR3-GigabitEthernet0/0/1]ip address 10.1.23.3 24
[AR3-GigabitEthernet0/0/1]quit
[AR3]interface GigabitEthernet 0/0/2
[AR3-GigabitEthernet0/0/2]ip address 10.1.34.3 24
[AR3-GigabitEthernet0/0/2]quit
[AR3]
<Huawei>system-view
[Huawei]sysname AR4
[AR4]interface GigabitEthernet 0/0/2
[AR4-GigabitEthernet0/0/2]ip address 10.1.34.4 24
[AR4-GigabitEthernet0/0/2]quit
[AR4]interface GigabitEthernet 0/0/0
[AR4-GigabitEthernet0/0/0]ip address 10.1.45.4 24
[AR4-GigabitEthernet0/0/0]quit
[AR4]
<Huawei>system-view
[Huawei]sysname AR5
[AR5]interface GigabitEthernet 0/0/0
[AR5-GigabitEthernet0/0/0]ip address 10.1.45.5 24
[AR5-GigabitEthernet0/0/0]quit
[AR5]interface LoopBack 0
[AR5-LoopBack0]ip address 10.1.1.1 32
[AR5-LoopBack0]quit
[AR5]
2.配置OSPF协议,将各网段IP地址通告。
[AR1]ospf 1 router-id 1.1.1.1
[AR1-ospf-1]area 1
[AR1-ospf-1-area-0.0.0.1]network 10.1.12.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.1]quit
[AR1-ospf-1]
[AR2]ospf 1 router-id 2.2.2.2
[AR2-ospf-1]area 0
[AR2-ospf-1-area-0.0.0.0]network 10.1.23.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]quit
[AR2-ospf-1]area 1
[AR2-ospf-1-area-0.0.0.1]network 10.1.12.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.1]quit
[AR2-ospf-1]
[AR3]ospf 1 router-id 3.3.3.3
[AR3-ospf-1]area 0
[AR3-ospf-1-area-0.0.0.0]network 10.1.23.0 0.0.0.255
[AR3-ospf-1-area-0.0.0.0]quit
[AR3-ospf-1]area 2
[AR3-ospf-1-area-0.0.0.2]network 10.1.34.0 0.0.0.255
[AR3-ospf-1-area-0.0.0.2]quit
[AR3-ospf-1]
[AR4]ospf 1 router-id 4.4.4.4
[AR4-ospf-1]area 2
[AR4-ospf-1-area-0.0.0.2]network 10.1.34.0 0.0.0.255
[AR4-ospf-1-area-0.0.0.2]qui
[AR4-ospf-1]
3.在AR4和AR5设备配置静态路由。
[AR4]ip route-static 10.1.1.1 32 10.1.45.5
[AR5]ip route-static 0.0.0.0 0.0.0.0 10.1.45.4
4.将Area2配置为NSSA To他利用区域。
[AR3]ospf 1
[AR3-ospf-1]area 2
[AR3-ospf-1-area-0.0.0.2]nssa no-summary
[AR4]ospf 1
[AR4-ospf-1]area 2
[AR4-ospf-1-area-0.0.0.2]nssa
[AR4-ospf-1-area-0.0.0.2]quit
5.在R4设备将静态路由引入到OSPF域中。
[AR4]ospf 1
[AR4-ospf-1]import-route static
验证结果
1.检查IP地址配置。
[AR1]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.1.12.1/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
[AR1]
[AR2]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.1.12.2/24 up up
GigabitEthernet0/0/1 10.1.23.2/24 up up
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
[AR2]
[AR3]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 unassigned down down
GigabitEthernet0/0/1 10.1.23.3/24 up up
GigabitEthernet0/0/2 10.1.34.3/24 up up
NULL0 unassigned up up(s)
[AR3]
[AR4]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.1.45.4/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 10.1.34.4/24 up up
NULL0 unassigned up up(s)
[AR4]
[AR5]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 2
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 2
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.1.45.5/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 10.1.1.1/32 up up(s)
NULL0 unassigned up up(s)
[AR5]
2.检查OSPF协议邻居建立情况。
[AR2]display ospf peer brief
OSPF Process 1 with Router ID 2.2.2.2
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/1 3.3.3.3 Full
0.0.0.1 GigabitEthernet0/0/0 1.1.1.1 Full
----------------------------------------------------------------------------
[AR2]
[AR3]display ospf peer brief
OSPF Process 1 with Router ID 3.3.3.3
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/1 2.2.2.2 Full
0.0.0.2 GigabitEthernet0/0/2 4.4.4.4 Full
----------------------------------------------------------------------------
[AR3]
3.在AR1设备检查路由学习情况。
[AR1]display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 3 Routes : 3
OSPF routing table status : <Active>
Destinations : 3 Routes : 3
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.1/32 O_ASE 150 1 D 10.1.12.2 GigabitEthernet0/0/0
10.1.23.0/24 OSPF 10 2 D 10.1.12.2 GigabitEthernet0/0/0
10.1.34.0/24 OSPF 10 3 D 10.1.12.2 GigabitEthernet0/0/0
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
[AR1]
[AR3]display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 2 Routes : 2
OSPF routing table status : <Active>
Destinations : 2 Routes : 2
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.1/32 O_NSSA 150 1 D 10.1.34.4 GigabitEthernet0/0/2
10.1.12.0/24 OSPF 10 2 D 10.1.23.2 GigabitEthernet0/0/1
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
[AR3]
[AR4]display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 1 Routes : 1
OSPF routing table status : <Active>
Destinations : 1 Routes : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 OSPF 10 2 D 10.1.34.3 GigabitEthernet0/0/2
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
[AR4]
5.检查OSPF协议特殊区域数据库。
[AR4]display ospf lsdb
OSPF Process 1 with Router ID 4.4.4.4
Link State Database
Area: 0.0.0.2
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 4.4.4.4 4.4.4.4 472 36 80000006 1
Router 3.3.3.3 3.3.3.3 633 36 80000005 1
Network 10.1.34.4 4.4.4.4 629 32 80000002 0
Sum-Net 0.0.0.0 3.3.3.3 692 28 80000001 1
NSSA 10.1.1.1 4.4.4.4 472 36 80000001 1
NSSA 0.0.0.0 3.3.3.3 692 36 80000001 1
[AR4
6.检查其他区域的OSPF数据库信息。
[AR1]display ospf lsdb
OSPF Process 1 with Router ID 1.1.1.1
Link State Database
Area: 0.0.0.1
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 2.2.2.2 2.2.2.2 115 36 80000005 1
Router 1.1.1.1 1.1.1.1 114 36 80000005 1
Network 10.1.12.2 2.2.2.2 115 32 80000003 0
Sum-Net 10.1.23.0 2.2.2.2 153 28 80000002 1
Sum-Net 10.1.34.0 2.2.2.2 745 28 80000002 2
Sum-Asbr 3.3.3.3 2.2.2.2 746 28 80000001 1
AS External Database
Type LinkState ID AdvRouter Age Len Sequence Metric
External 10.1.1.1 3.3.3.3 526 36 80000001 1
[AR1]
7.测试地址连通。
[AR1]ping 10.1.1.1
PING 10.1.1.1: 56 data bytes, press CTRL_C to break
Request time out
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=252 time=60 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=252 time=40 ms
Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=252 time=40 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=252 time=30 ms
--- 10.1.1.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 30/42/60 ms
[AR1]ping 10.1.34.4
PING 10.1.34.4: 56 data bytes, press CTRL_C to break
Reply from 10.1.34.4: bytes=56 Sequence=1 ttl=253 time=50 ms
Reply from 10.1.34.4: bytes=56 Sequence=2 ttl=253 time=30 ms
Reply from 10.1.34.4: bytes=56 Sequence=3 ttl=253 time=30 ms
Reply from 10.1.34.4: bytes=56 Sequence=4 ttl=253 time=40 ms
Reply from 10.1.34.4: bytes=56 Sequence=5 ttl=253 time=30 ms
--- 10.1.34.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/36/50 ms
[AR1]