今回はOSPFのNSSAのtranslate type7 suppress-faオプションを解説します。
この記事の目次
座学
NSSAのtranslate type7 suppress-faオプション
LSA Type 7のForwarding Addressには、再配送を実施したNSSAのASBRのIPアドレスが格納されます。デフォルトで、NSSAのABRはLSA Type 7をLSA Type 5に変換する際、Forwarding Addressの情報をそのままコピーします。
LSA Type 5、または、LSA Type 7のForwarding Addressが0.0.0.0以外の場合、注意が必要です。各ルータは学習したLSA Type 5/7のForwarding Addressに格納されたアドレスがLSA Type 1/2経由で学習したIntra-Areaルート、または、LSA Type 3経由で学習したInter-Areaルータで解決できる場合のみ、LSA T7pe 5/7に格納された外部ルートをルーティングテーブルに投入します。
そのため、下図の様に、R1は「190.1.1.0/24が格納されたLSA Type 5のForwarding Addressの20.1.1.3」をLSA Type 1/2/3経由で学習したルート情報で解決できないため、R1のルーティングテーブルには190.1.1.0/24は投入されません。
上図の様な、何かしらの事情で、NSSAのASBRが生成するLSA Type 7のForwarding Addressのルート情報がNSSA以外のAreaに伝搬されていない状況では、NSSAのABRでLSA Type 7をLSA Type 5を変換する際に、Forwarding Addressを0.0.0.0にクリアする必要があります。NSSAのABRでのLSA Type 7からLSA Type 5への変換時のForwarding Addressのクリアはarea <area-id> nssaコマンドのtranslate type7 suppress-faオプションで可能です。
実機での動作確認
検証内容
R1のg2、R2のg2でOSPF Area 0を有効にします。
R2のg3、R3のg2でOSPF Area 2を有効にします。
Network TypeにはPoint-to-Pointを使用します。
R3でOSPFに対してConnected Routeである190.1.1.0/24を再配送します。
Area 2でNSSAを有効化します。
190.1.1.0/24が格納されたLSA Type 5、LSA Type 7のForwarding Addressの値を観察します。
初期設定
interface GigabitEthernet2
ip address 10.1.1.1 255.255.255.0
ip ospf network point-to-point
!
router ospf 1
router-id 1.1.1.1
network 10.1.1.0 0.0.0.255 area 0
interface GigabitEthernet2
ip address 10.1.1.2 255.255.255.0
ip ospf network point-to-point
!
interface GigabitEthernet3
ip address 20.1.1.2 255.255.255.0
ip ospf network point-to-point
!
router ospf 1
router-id 2.2.2.2
area 2 nssa
network 10.1.1.0 0.0.0.255 area 0
network 20.1.1.0 0.0.0.255 area 2
interface GigabitEthernet2
ip address 20.1.1.3 255.255.255.0
ip ospf network point-to-point
!
interface GigabitEthernet3
ip address 190.1.1.3 255.255.255.0
!
router ospf 1
router-id 3.3.3.3
area 2 nssa
redistribute connected subnets
network 20.1.1.0 0.0.0.255 area 2
translate type-7 suppress-faオプション無し , 20.1.1.0/24の広報あり
OSPFプロセスの状態確認
R2において、Area 2でNSSAが有効なことが確認できます。
R2
R2#show ip ospf
Routing Process "ospf 1" with ID 2.2.2.2
Start time: 2w0d, Time elapsed: 00:20:12.017
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 3101)
Supports Database Exchange Summary List Optimization (RFC 5243)
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
It is an area border and autonomous system boundary router
Redistributing External Routes from,
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 50 msecs
Minimum hold time between two consecutive SPFs 200 msecs
Maximum wait time between two consecutive SPFs 5000 msecs
Incremental-SPF disabled
Initial LSA throttle delay 50 msecs
Minimum hold time for LSA throttle 200 msecs
Maximum wait time for LSA throttle 5000 msecs
Minimum LSA arrival 100 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
EXCHANGE/LOADING adjacency limit: initial 300, process maximum 300
Number of external LSA 2. Checksum Sum 0x008B19
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 2. 1 normal 0 stub 1 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
Area BACKBONE(0)
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm last executed 00:00:32.302 ago
SPF algorithm executed 5 times
Area ranges are
Number of LSA 3. Checksum Sum 0x019B64
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Area 2
Number of interfaces in this area is 1
It is a NSSA area
Perform type-7/type-5 LSA translation
Area has no authentication
SPF algorithm last executed 00:00:24.623 ago
SPF algorithm executed 7 times
Area ranges are
Number of LSA 4. Checksum Sum 0x017BE6
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
LSDBの状態確認
R3が生成した190.1.1.0/24を格納したLSA Type 7のForwarding Addressに20.1.1.3が格納されていることが確認できます。
R3
R3#show ip ospf database nssa-external 190.1.1.0 adv-router 3.3.3.3
OSPF Router with ID (3.3.3.3) (Process ID 1)
Type-7 AS External Link States (Area 2)
LS age: 119
Options: (No TOS-capability, Type 7/5 translation, DC, Upward)
LS Type: AS External Link
Link State ID: 190.1.1.0 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000001
Checksum: 0x525E
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 20.1.1.3
External Route Tag: 0
R2が生成した190.1.1.0/24を格納したLSA Type 5のForwarding Addressに20.1.1.3がコピーされていることが確認できます。
R3
R1#show ip ospf database external 190.1.1.0 adv-router 2.2.2.2
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-5 AS External Link States
LS age: 149
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 190.1.1.0 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0x5B9
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 20.1.1.3
External Route Tag: 0
R1は190.1.1.0/24を格納したLSA Type 5と20.1.1.0/24を格納したLSA Type 3を学習していることが確認できます。
R1
R1#show ip ospf database
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 626 0x8000000B 0x00CB24 2
2.2.2.2 2.2.2.2 195 0x80000018 0x005A80 2
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
20.1.1.0 2.2.2.2 707 0x80000007 0x002FE8
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
190.1.1.0 2.2.2.2 98 0x80000001 0x0005B9 0
SPFの計算結果の確認
R1は190.1.1.0/24へのベストパスを正しく計算できていることが確認できます。
R1
R1#show ip ospf rib
OSPF Router with ID (1.1.1.1) (Process ID 1)
Base Topology (MTID 0)
OSPF local RIB
Codes: * - Best, > - Installed in global RIB
* 10.1.1.0/24, Intra, cost 1, area 0, Connected
via 10.1.1.1, GigabitEthernet2
*> 20.1.1.0/24, Inter, cost 2, area 0
via 10.1.1.2, GigabitEthernet2
*> 190.1.1.0/24, Ext2, cost 20, fwd cost 2, tag 0
via 10.1.1.2, GigabitEthernet2
以下はR1がSPFアルゴリズムにより190.1.1.0/24のベストパスを計算する際のデバックになります。Forwarding Addressの20.1.1.3に到達可能なことが確認できます。
R1
R1#debug ip ospf spf
*May 28 14:45:18.559: OSPF-1 EXTER: Started Building Type 5 External Routes
*May 28 14:45:18.559: OSPF-1 EXTER: Start processing AS External LSA 5/190.1.1.0/2.2.2.2, mask 255.255.255.0
*May 28 14:45:18.559: OSPF-1 EXTER: age 205, seq 0x80000001, lsa_metric 20, metric-type 2, fw-addr 20.1.1.3
*May 28 14:45:18.559: OSPF-1 EXTER: Add forward address reachable 20.1.1.3, allowed types Intra and Inter, to watched queue
*May 28 14:45:18.559: OSPF-1 EXTER: forwarding address 20.1.1.3 is in the GRIB
*May 28 14:45:18.559: OSPF-1 EXTER: forwarding address route path: via 10.1.1.2 on GigabitEthernet2, flags (RIB)
ルーティングテーブルの確認
R1のルーティングテーブルに190.1.1.0/24が投入されていることが確認できます。
R1
R1#show ip route ospf
20.0.0.0/24 is subnetted, 1 subnets
O IA 20.1.1.0 [110/2] via 10.1.1.2, 00:01:13, GigabitEthernet2
190.1.0.0/24 is subnetted, 1 subnets
O E2 190.1.1.0 [110/20] via 10.1.1.2, 00:01:13, GigabitEthernet2
疎通確認
R1の10.1.1.1からR3の190.1.1.3へのPingが成功することが確認できます。
R1
R1#ping 190.1.1.3 source 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 190.1.1.3, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
translate type-7 suppress-faオプション無し , 20.1.1.0/24の広報なし
追加した設定
R2において、Area 0に対して20.1.1.0/24を格納したLSA Type 3の広報を抑制します。
R2
router ospf 1
area 2 range 20.1.1.0 255.255.255.0 not-advertise
OSPFプロセスの状態確認
R2において、Area 2からArea 0に対して20.1.1.0/24の広報が抑制されたことが確認できます。
R2
R2#show ip ospf
Routing Process "ospf 1" with ID 2.2.2.2
Start time: 2w0d, Time elapsed: 01:52:43.801
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 3101)
Supports Database Exchange Summary List Optimization (RFC 5243)
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
It is an area border and autonomous system boundary router
Redistributing External Routes from,
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 50 msecs
Minimum hold time between two consecutive SPFs 200 msecs
Maximum wait time between two consecutive SPFs 5000 msecs
Incremental-SPF disabled
Initial LSA throttle delay 50 msecs
Minimum hold time for LSA throttle 200 msecs
Maximum wait time for LSA throttle 5000 msecs
Minimum LSA arrival 100 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
EXCHANGE/LOADING adjacency limit: initial 300, process maximum 300
Number of external LSA 1. Checksum Sum 0x0005B9
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 2. 1 normal 0 stub 1 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
Area BACKBONE(0)
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm last executed 00:00:05.136 ago
SPF algorithm executed 37 times
Area ranges are
Number of LSA 2. Checksum Sum 0x0125A4
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Area 2
Number of interfaces in this area is 1
It is a NSSA area
Perform type-7/type-5 LSA translation
Area has no authentication
SPF algorithm last executed 00:00:05.136 ago
SPF algorithm executed 48 times
Area ranges are
20.1.1.0/24 Passive DoNotAdvertise
Number of LSA 4. Checksum Sum 0x013A07
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
LSDBの状態確認
R1は190.1.1.0/24を格納したLSA Type 5は学習していますが、20.1.1.0/24を格納したLSA Type 3を学習していないことが確認できます。
R1
R1#show ip ospf database
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 1117 0x8000000B 0x00CB24 2
2.2.2.2 2.2.2.2 687 0x80000018 0x005A80 2
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
190.1.1.0 2.2.2.2 92 0x80000001 0x0005B9 0
SPFの計算結果の確認
R1は190.1.1.0/24へのベストパスの計算に失敗していることが確認できます。
R1
R1#show ip ospf rib
OSPF Router with ID (1.1.1.1) (Process ID 1)
Base Topology (MTID 0)
OSPF local RIB
Codes: * - Best, > - Installed in global RIB
* 10.1.1.0/24, Intra, cost 1, area 0, Connected
via 10.1.1.1, GigabitEthernet2
R1はSPFアルゴリズムにおいて、Forwarding Addressの20.1.1.3の解決に失敗していることが確認できます。
R1
R1#debug ip ospf spf
*May 28 14:42:28.958: OSPF-1 EXTER: Started Building Type 5 External Routes
*May 28 14:42:28.958: OSPF-1 EXTER: Start processing AS External LSA 5/190.1.1.0/2.2.2.2, mask 255.255.255.0
*May 28 14:42:28.958: OSPF-1 EXTER: age 35, seq 0x80000001, lsa_metric 20, metric-type 2, fw-addr 20.1.1.3
*May 28 14:42:28.958: OSPF-1 EXTER: Failed to find route to forwarding address
*May 28 14:42:28.958: OSPF-1 EXTER: Add forward address unreachable 20.1.1.3, allowed types Intra and Inter, to watched queue
ルーティングテーブルの確認
R1のルーティングテーブルに190.1.1.0/24が投入されていないことが確認できます。
R1
R1#show ip route ospf
疎通確認
R1の10.1.1.1からR3の180.1.1.3へのPingが失敗することが確認できます。
R1
R1#ping 190.1.1.3 source 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 190.1.1.3, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
.....
Success rate is 0 percent (0/5)
translate type-7 suppress-faオプション有り , 20.1.1.0/24の広報なし
追加した設定
R2において、Area 0に対して20.1.1.0/24を格納したLSA Type 3の広報を抑制します。同時にR2でLSA Type 7をLSA Type 5に変換する際、Forwarding Addressを0.0.0.0にクリアします。
R2
router ospf 1
area 2 range 20.1.1.0 255.255.255.0 not-advertise
area 2 nssa translate type7 suppress-fa
OSPFプロセスの状態確認
R2において、LSA Type 7をLSA Type 5に変換する際、Forwarding Addressが0.0.0.0にクリアされることが確認できます。
R2
R2#show ip ospf
Routing Process "ospf 1" with ID 2.2.2.2
Start time: 2w0d, Time elapsed: 01:56:19.569
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 3101)
Supports Database Exchange Summary List Optimization (RFC 5243)
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
It is an area border and autonomous system boundary router
Redistributing External Routes from,
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 50 msecs
Minimum hold time between two consecutive SPFs 200 msecs
Maximum wait time between two consecutive SPFs 5000 msecs
Incremental-SPF disabled
Initial LSA throttle delay 50 msecs
Minimum hold time for LSA throttle 200 msecs
Maximum wait time for LSA throttle 5000 msecs
Minimum LSA arrival 100 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
EXCHANGE/LOADING adjacency limit: initial 300, process maximum 300
Number of external LSA 1. Checksum Sum 0x00E4F2
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 2. 1 normal 0 stub 1 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
Area BACKBONE(0)
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm last executed 00:02:49.199 ago
SPF algorithm executed 38 times
Area ranges are
Number of LSA 2. Checksum Sum 0x0123A5
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Area 2
Number of interfaces in this area is 1
It is a NSSA area
Perform type-7/type-5 LSA translation, suppress forwarding address
Area has no authentication
SPF algorithm last executed 00:01:18.802 ago
SPF algorithm executed 51 times
Area ranges are
20.1.1.0/24 Passive DoNotAdvertise
Number of LSA 4. Checksum Sum 0x01340A
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
LSDBの状態確認
R2が生成した190.1.1.0/24を格納したLSA Type 5のForwarding Addressが0.0.0.0にクリアされていることが確認できます。
R3
R1#show ip ospf database external 190.1.1.0 adv-router 2.2.2.2
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-5 AS External Link States
LS age: 149
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 190.1.1.0 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0xE4F2
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
R1は190.1.1.0/24を格納したLSA Type 5は学習していますが、20.1.1.0/24を格納したLSA Type 3を学習していないことが確認できます。
R1
R1#show ip ospf database
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 1117 0x8000000B 0x00CB24 2
2.2.2.2 2.2.2.2 687 0x80000018 0x005A80 2
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
190.1.1.0 2.2.2.2 92 0x80000001 0x0005B9 0
SPFの計算結果の確認
R1は190.1.1.0/24へのベストパスの計算に成功していることが確認できます。
R1
R1#show ip ospf rib
OSPF Router with ID (1.1.1.1) (Process ID 1)
Base Topology (MTID 0)
OSPF local RIB
Codes: * - Best, > - Installed in global RIB
* 10.1.1.0/24, Intra, cost 1, area 0, Connected
via 10.1.1.1, GigabitEthernet2
*> 190.1.1.0/24, Ext2, cost 20, fwd cost 1, tag 0
via 10.1.1.2, GigabitEthernet2
R1はSPFアルゴリズムにおいて、Forwarding Addressが0.0.0.0なので、Forwarding Addressの解決は実施していないことが確認できます。
R1
R1#debug ip ospf spf
*May 28 14:54:51.018: OSPF-1 EXTER: Started Building Type 5 External Routes
*May 28 14:54:51.018: OSPF-1 EXTER: Start processing AS External LSA 5/190.1.1.0/2.2.2.2, mask 255.255.255.0
*May 28 14:54:51.018: OSPF-1 EXTER: age 1, seq 0x80000003, lsa_metric 20, metric-type 2, fw-addr 0.0.0.0
*May 28 14:54:51.018: OSPF-1 EXTER: border table path: ABR/ASBR via 10.1.1.2 on GigabitEthernet2, area 0, cost 1, path cost 1, flags (none)
ルーティングテーブルの確認
R1のルーティングテーブルに190.1.1.0/24が投入されていることが確認できます。
R1
R1#show ip route ospf
190.1.0.0/24 is subnetted, 1 subnets
O E2 190.1.1.0 [110/20] via 10.1.1.2, 00:00:47, GigabitEthernet2
疎通確認
R1の10.1.1.1からR3の190.1.1.3へのPingが成功することが確認できます。
R1
R1#ping 190.1.1.3 source 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 190.1.1.3, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
コメント