8 Replies Latest reply: Jan 15, 2020 5:54 AM by jh RSS

    OSPF 7/5 Translation

    JeffA

      1.PNG


      Why is area 0 only getting one T5 LSA from NSSA ABR SP10?

      - SP10 has ECMP to 8.8.4.0/24 (N2 route)

      - SP10 has two T7 LSAs (one from SP11 and one from SP12), the T7s have different FA

      - SP10 is doing 7/5 translation.

      - Area 0 only gets one T5 (originally FA was 175.1.11.11, see output below) 

      - I don't understand why SP10 doesn't create a second T5 for SP12 route (with FA 175.1.12.12) 


      NOTE: After I rebooted SP10 there is still a single T5 in Area 0 (but FA switched to 175.1.12.12)



      SP10# ---------------------------=-------------------------------------------------------------------------------

      router ospf 1

      router-id 175.1.10.10

      area 10 nssa

      area 10 filter-list prefix NO-FA out

       

      ip prefix-list NO-FA seq 10 deny 175.1.11.11/32

      ip prefix-list NO-FA seq 20 deny 175.1.12.12/32

      ip prefix-list NO-FA seq 30 permit 0.0.0.0/0 le 32



      SP10#sh ip route 8.8.4.0 -------------------------------------------------------------------------------------

      Routing entry for 8.8.4.0/24

        Known via "ospf 1", distance 110, metric 20

        Tag 10000, type NSSA extern 2, forward metric 11

        Last update from 175.1.0.78 on Ethernet0/0, 00:37:38 ago

        Routing Descriptor Blocks:

          175.1.0.78, from 175.1.12.12, 00:37:38 ago, via Ethernet0/0

            Route metric is 20, traffic share count is 1

            Route tag 10000

        * 175.1.0.74, from 175.1.11.11, 00:37:38 ago, via Ethernet0/2

            Route metric is 20, traffic share count is 1

            Route tag 10000

       

       

      SP10#sh ip ospf data nssa-external 8.8.4.0 ------------------------------------------------------------------

      THIS SHOWS TWO T7 LSAs w/ DIFFERENT FAs


                  OSPF Router with ID (175.1.10.10) (Process ID 1)

                      Type-7 AS External Link States (Area 10)


        Routing Bit Set on this LSA in topology Base with MTID 0

        LS age: 566

        Options: (No TOS-capability, Type 7/5 translation, DC, Upward)

        LS Type: AS External Link

        Link State ID: 8.8.4.0 (External Network Number )

        Advertising Router: 175.1.11.11

        LS Seq Number: 80000002

        Checksum: 0x15A7

        Length: 36

        Network Mask: /24

              Metric Type: 2 (Larger than any link state path)

              MTID: 0

              Metric: 20

              Forward Address: 175.1.11.11

              External Route Tag: 10000


        Routing Bit Set on this LSA in topology Base with MTID 0

        LS age: 936

        Options: (No TOS-capability, Type 7/5 translation, DC, Upward)

        LS Type: AS External Link

        Link State ID: 8.8.4.0 (External Network Number )

        Advertising Router: 175.1.12.12

        LS Seq Number: 80000002

        Checksum: 0x2395

        Length: 36

        Network Mask: /24

              Metric Type: 2 (Larger than any link state path)

              MTID: 0

              Metric: 20

              Forward Address: 175.1.12.12

              External Route Tag: 10000


       

      SP10#sh ip ospf data external 8.8.4.0 ---------------------------------------------------------

      THIS SHOWS ONLY ONE T5 BEING CREATED.  WHY ISN'T THERE A T5 WITH FA 175.1.12.12?

                  OSPF Router with ID (175.1.10.10) (Process ID 1)


                      Type-5 AS External Link States


        LS age: 263

        Options: (No TOS-capability, DC, Upward)

        LS Type: AS External Link

        Link State ID: 8.8.4.0 (External Network Number )

        Advertising Router: 175.1.10.10

        LS Seq Number: 8000000B

        Checksum: 0xA41B

        Length: 36

        Network Mask: /24

              Metric Type: 2 (Larger than any link state path)

              MTID: 0

              Metric: 20

              Forward Address: 175.1.11.11

              External Route Tag: 10000



        • 1. Re: OSPF 7/5 Translation
          jh

          That's a good question. Perhaps you can look at it another way and ask, why would there need to be two?

          • 2. Re: OSPF 7/5 Translation
            Elvin Arias

            The answer you are looking for is on RFC 3101 section 3.1/3.2.

             

            RFC 3101 - The OSPF Not-So-Stubby Area (NSSA) Option

             

            A single translator is fine, since routing from other areas will be performed by looking into the Forwarding Address advertised, which SHOULD be reachable via both translator, which means that from a control plane perspective, a single ABR will be performing the translation, but from a data plane perspective, both routers should be getting traffic due to the Forwarding Address.

             

            Note that you could also instruct IOS so that both (multiple) ABRs translate and not choose the one with the highest router ID (default) by issuing the "area <AREA ID> nssa translate type7 always" command.


            Elvin

            • 3. Re: OSPF 7/5 Translation
              JeffA

              Hi jh-  Two T5 LSAs with different FAs in Area 0 (and beyond) give the opportunity to ECMP out both ASBRs (SP11 and SP12).

               

              I agree with you in a different scenario where there are two ABRs with one (the same) T7 LSA.  In that case, there is no need for each ABR to generate a T5 w FA since they would both contain the same forwarding info.   

              • 4. Re: OSPF 7/5 Translation
                JeffA

                Hi Elvin-  I think your RFC reference is related to my response to jh above -- a scenario where two ABRs have one (the same) T7 LSA.  In that case, only one ABR needs to do 7/5 translations because devices downstream compute a path to the FA to get to the destination.

                 

                It's interesting you mentioned ..translate type7 always [suppress-fa] because that is part of the solution to the lab.  ie each ABR has two T7s but one is better.  Each ABR generate T5 for their respective 'best T7' then suppress FA so downstream devices can ECMP via both ABRs.

                 

                My question is more related to seeing something I didn't expect while troubleshooting and wanting to verify.  To clarify/simplify the main question:

                 

                If an ABR is designated the 7/5 translator and has two different T7 LSAs for a route (unique due to different FAs).  Why aren't there two T5 LSAs generated?  I would expect one T5 with FA 175.1.11.11 and a second T5 with FA 175.1.12.12

                • 5. Re: OSPF 7/5 Translation
                  jh

                  JeffA wrote:

                   

                  Hi jh-  Two T5 LSAs with different FAs in Area 0 (and beyond) give the opportunity to ECMP out both ASBRs (SP11 and SP12).

                   

                  Hi Jeff

                  Which routers in your area 0 and beyond make the decision about the ASBR to use and how?

                  • 6. Re: OSPF 7/5 Translation
                    JeffA

                    1.PNG

                     

                    Spoiler alert: this is Jaziri Mega TS1 lab.  Don't keep reading if you don't want the details yet.

                     

                    SW5 needs to ECMP to 8.8.4.4 (ie out SP11 and SP12)

                     

                    The scenario involved both ABRs (SP9 and SP10) having two T7s (diff FAs), but one was better due IGP metric for ASBRs.  The ABRs generate one T5 since they only have one best route.  Getting way off topic, but solution includes ABRs using translate type7 always suppress-fa.  That results in two unique T5s in area 0, (now diff due Adv RTR  ie ABR RID).

                     

                    In my scenario, there was a fault that let SP10 have ECMP to 8.8.4.4. Since it had two uniques T7s (albeit for the same route) and it was the 7/5 translator, I expected it to generate two T5s in area 0.

                    • 7. Re: OSPF 7/5 Translation
                      JeffA

                      I labbed this again in VIRL (above was in EVE-NG) and got same results.

                       

                      Elvin's comment triggered a deeper look into RFC 3101 which suggests this is required behavior. I'm reading below as "an ABR should not do 7/5 translation if it has already generated a T5 LSA for a network".   

                       

                      ---------------------------------------------

                      RFC 3101, The OSPF Not-So-Stubby Area (NSSA) Option

                      3.2 Translating Type-7 LSAs into Type-5 LSAs

                      (2) ...a Type-5 LSA should be generated if there is currently no Type-5 LSA originating from this router corresponding to the Type-7 LSA's network, ...

                      -----------------------------------------------


                      In my case, the ABR (7/5 translator) had two T7 LSAs for the same network (8.8.4.0/24 from diff ASBRs), but only relays one as T5.  It is interesting because all non-NSSA areas only know about one exit point because the 7/5 translator doesn't relay info about the other ASBR.


                      Thanks for the input/comments!

                      • 8. Re: OSPF 7/5 Translation
                        jh

                        Hi Jeff

                        Glad you have found a resolution. OSPF is wonderful, but very complex; every time I come to it I learn something new. An interesting lab to filter out the FA prefixes, thanks.