introduction
I have been asked about “how to limit OSPF type-4 LSA if we had too many ASBR’s”
it’s interesting, how ever i am not quite sure what is the reason for such limitation.
since there is no topology, and no goal like Path manipulation or filtering, and thinking from the perspective that the goal is to minimize type-4 number without factoring any thing else.
- i have created this topology to maintain the type-5 but limiting the type-4 number for those type-5
fast revision about OSPF type-4
- Type-4 will be created by the ABR not the ASBR.
- Type-4 will only injected into areas that ‘s is not “directly connected” with the ASBR.
- If an ASBR is connected to area 1 then all other areas except that area 1 will have type-4 for that ASBR (including area 0).
- Type-4 provide network reachability to the type-5 advertising “router-id” which is the only lead to the redistributed network.
Explaining normal operation
Database out put’s (as a lab enviroment all ASBR’s are connected to R6 & R6 connected to ABR R7)
R7#show ip ospf database
OSPF Router with ID (7.7.7.7) (Process ID 1)
Router Link States (Area 0) Type-1
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 585 0x8000000A 0x00DA07 2
2.2.2.2 2.2.2.2 293 0x80000008 0x0023B0 2
3.3.3.3 3.3.3.3 202 0x80000006 0x006B5A 2
4.4.4.4 4.4.4.4 417 0x80000008 0x00AB08 2
5.5.5.5 5.5.5.5 1755 0x80000006 0x00F3B1 2
6.6.6.6 6.6.6.6 1710 0x8000000E 0x0049A1 12 (ASBR's p2p to R6 links)
7.7.7.7 7.7.7.7 1743 0x80000003 0x00FC93 2
Summary Net Link States (Area 0) Type-3
Link ID ADV Router Age Seq# Checksum
192.168.1.0 7.7.7.7 1743 0x80000002 0x005C4F
Router Link States (Area 1) Type-1
Link ID ADV Router Age Seq# Checksum Link count
7.7.7.7 7.7.7.7 1743 0x80000007 0x00F214 1
8.8.8.8 8.8.8.8 1893 0x80000005 0x00B54B 1
Net Link States (Area 1) Type-2
Link ID ADV Router Age Seq# Checksum
192.168.1.8 8.8.8.8 1895 0x80000002 0x00105A
Summary Net Link States (Area 1) Type-3
Link ID ADV Router Age Seq# Checksum
172.16.16.0 7.7.7.7 1745 0x80000002 0x0046EB
note about this type-3 it's/27 summarized the 6 links between R6 and the ASBRs
Summary ASB Link States (Area 1) Type-4
Link ID ADV Router Age Seq# Checksum
1.1.1.1 7.7.7.7 ABR 1745 0x80000002 0x007D1D
2.2.2.2 7.7.7.7 ABR 1745 0x80000002 0x004F47
3.3.3.3 7.7.7.7 ABR 1745 0x80000002 0x002171
4.4.4.4 7.7.7.7 ABR 1745 0x80000002 0x00F29B
5.5.5.5 7.7.7.7 ABR 1745 0x80000002 0x00C4C5
Type-5 AS External Link States (same of all areas)
Link ID ADV Router Age Seq# Checksum Tag
180.0.0.0 1.1.1.1 ASBR 587 0x80000004 0x004BE4 180
190.0.0.0 2.2.2.2 ASBR 297 0x80000004 0x005FB8 190
200.0.0.0 3.3.3.3 ASBR 206 0x80000004 0x00738C 200
210.0.0.0 4.4.4.4 ASBR 421 0x80000004 0x008760 210
220.0.0.0 5.5.5.5 ASBR 255 0x80000004 0x009B34 220
so any router on area 1 want to reach the networks advertised by type-5, has first to get to the ADV router.
area 1 database has no 1.1.1.1 or 2.2.2.2 …etc, so they don’t know how to reach them
the ABR has Router 1 information since it has interface on area 0, which the area that the adv-router lives in.
R7#show ip ospf database router adv-router 1.1.1.1 OSPF Router with ID (7.7.7.7) (Process ID 1) Router Link States (Area 0) Routing Bit Set on this LSA LS age: 1729 Options: (No TOS-capability, DC) LS Type: Router Links Link State ID: 1.1.1.1 Advertising Router: 1.1.1.1 LS Seq Number: 8000000A Checksum: 0xDA07 Length: 48 AS Boundary Router Number of Links: 2 Link connected to: another Router (point-to-point) (Link ID) Neighboring Router ID: 6.6.6.6 (Link Data) Router Interface address: 172.16.16.1 Number of TOS metrics: 0 TOS 0 Metrics: 64 Link connected to: a Stub Network (Link ID) Network/subnet number: 172.16.16.0 (Link Data) Network Mask: 255.255.255.252 Number of TOS metrics: 0 TOS 0 Metrics: 64
Only members of area 0 will know that 1.1.1.1 IP address is 172.16.16.1
and that’s why the ABR injected type-4 into area 1, because type-5 doesn’t say 172.16.16.1 but instead it say 1.1.1.1.
- if the forward-address inside the type is set then the traffic is calculated to that address instead of the advertiser RID, but type-4 would still exist.
if we have 30 ASBR connected to area 0 then we would have 30 type 5 advertiser + 30 type type-4 for those 30 advertiser’s
A Solution
A solution is abstraction (like programming), instead of connecting the ASBR’s to area 0, we isolated them on a different OSPF process (different domain) “let’s call it Isolation-Layer to avoid confusion”
and then this isolation-layer is injected into the OSPF Process 2.
now all areas on OSPF Process 2 will have 1 ASBR connecting them to the isolation layer.(ASBR100 on the photo)
how ever that this a point of failure and we should add another ASBR as a backup & load blanacing.
- now you can add 1000 ASBR to the isolation-layer and the OSPF will see them 1 type-4
- also the isolation layer doesn’t contain Type-4, because it’s directly connected with the ASBR’s
the real operation is done behind the scene in the isolation layer, security measures can also be implemented there without getting into the complexity of the inter-area intersection.
Router outputs
R7#show ip ospf database
OSPF Router with ID (7.7.7.7) (Process ID 2)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
7.7.7.7 7.7.7.7 415 0x80000001 0x00B1C9 2
100.100.100.2 100.100.100.2 416 0x80000003 0x0082E3 2
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
192.168.1.0 7.7.7.7 410 0x80000001 0x005E4E
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
7.7.7.7 7.7.7.7 44 0x80000003 0x00196E 2
192.168.1.8 192.168.1.8 19 0x80000004 0x00F23D 2
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
172.16.16.20 7.7.7.7 410 0x80000001 0x0028DA
Summary ASB Link States (Area 1)Type-4
Link ID ADV Router Age Seq# Checksum
100.100.100.2 7.7.7.7 413 0x80000001 0x00F8B7 (ONLY one type 4)
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
180.0.0.0 100.100.100.2 566 0x80000001 0x00F90E 180
190.0.0.0 100.100.100.2 566 0x80000001 0x002CC7 190
200.0.0.0 100.100.100.2 566 0x80000001 0x005E81 200
210.0.0.0 100.100.100.2 566 0x80000001 0x00903B 210
220.0.0.0 100.100.100.2 566 0x80000001 0x00C2F4 220
now the “five” type-4 became only “one”
let’s complete the fun by looking at the isolation layer from ASBR 100 point of view
ASBR100#show ip ospf 1 database (isolation-layer database) OSPF Router with ID (100.100.100.1) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 1124 0x80000005 0x008B45 2 2.2.2.2 2.2.2.2 1105 0x80000005 0x00CFF0 2 3.3.3.3 3.3.3.3 1103 0x80000005 0x00149C 2 4.4.4.4 4.4.4.4 1104 0x80000005 0x005848 2 5.5.5.5 5.5.5.5 1113 0x80000007 0x0098F5 2 100.100.100.1 100.100.100.1 1098 0x80000008 0x002A15 10 (p2p to ASBR's) Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 180.0.0.0 1.1.1.1 1183 0x80000002 0x004FE2 180 190.0.0.0 2.2.2.2 1189 0x80000002 0x0063B6 190 200.0.0.0 3.3.3.3 1209 0x80000002 0x00778A 200 210.0.0.0 4.4.4.4 1218 0x80000002 0x008B5E 210 220.0.0.0 5.5.5.5 1208 0x80000002 0x009F32 220
we are not done yet
- even tough you might think that the goal is finished, unfortunately it’s not that easy.
- what’s is done so far is the easiest example, which is all ASBR’s connected to one area .
- what if those ASBR locations are different ?
A more Complex example ( not finished)
next goal