OSPF NSSA

Konrad Kręciwilk konrad.kreciwilk at korbank.pl
Thu Feb 16 12:46:53 CET 2023


W dniu 22.01.2023 o 20:59, Konrad Kręciwilk via Bird-users pisze:
> W dniu 2023-01-21 18:23, Ondrej Zajicek napisał(a):
>> On Sat, Jan 21, 2023 at 04:18:47PM +0100, Konrad Kręciwilk wrote:
>>> As you can see show ospf state from R1 has extrenal 10.7.100.0/24 via
>>> 212.127.92.29 (which is local link via vlan4001) which is 
>>> interrupted (L2).
>>> Its look like R3 does not update database (via) when neighbor is lost
>>> (vlan4001)
>>>
>>> area 0.0.0.0
>>>
>>>     router 212.127.92.1
>>>         distance 2
>>>         router 212.127.92.2 metric 2
>>>         stubnet 212.127.92.0/30 metric 2
>>>         xnetwork 212.127.92.28/30 metric 110
>>>         xnetwork 212.127.92.128/30 metric 10
>>>         external 10.7.100.0/24 metric 20 via 212.127.92.29
>>
>> I think i understand the issue. LSSA-LSA must contain forwarding 
>> address.
>> The route exported to OSPF on R3 was a direct route, so it does not have
>> one. BIRD has to choose one from interfaces that are part of OSPF 
>> domain,
>> i.e. "vlan4001" (212.127.92.29) and "vlan4011" (212.127.92.129).
>>
>> It chose the first one, and announced NSSA-LSA with that IP address. 
>> When
>> link  R1-R3 broke, there is no need to choose a different one, as
>> 212.127.92.29 is still valid IP for R3.
>>
>> Now R1 sees Ext-LSA with forwarding address 212.127.92.29 (translated by
>> R2 from NSSA-LSA), and it considers 212.127.92.29 reachable (due to
>> local network 212.127.92.28/30 on vlan4011). That is kind of blind spot
>> for OSPF - when a stub network is announced, all addresses on that
>> network are considered reachable, even if the network is really 
>> splitted.
>>
>> If the iface vlan4001 on R3 is disabled, R3 has to announce NSSA-LSA 
>> with
>> a different forwarding address, so it will work eventually. But that is
>> not a real issue - if the iface is up, its IP address is valid to be 
>> used
>> as forwarding address.
>>
>> I see two ways how to fix it:
>>
>> 1) Configuration fix - you should have some loopback/stub IP (with /32
>> mask) on R3 in OSPF domain. In that case BIRD would prefer such address
>> as forwarding address for originated NSSA-LSAs.
>
> I added interface with /32 as a stub, now /32 becomes a forwarding 
> address for originated NSSA-LSAs. Its works good now
> Thank you !
>
>
>
>
>>
>> 2) I think that OSPF routers should annouce all their local addresses as
>> /32 (in addition to real prefixes), that would mitigate the blind spot.
>> Or at least ones that are used as forwarding addresses in LSAs. If R3
>> announced 212.127.92.129/32 stub, then R2 would translate it to backbone
>> and R1 would use path to 212.127.92.129/32 via R2, even if it has direct
>> 212.127.92.28/30.
>>
>> Just curious, how is this situation solved by Quagga and Mikrotik, if
>> you bring it to the similar situation, what is output of 'show ospf
>> state' on R1/R2?
>
> Sorry it was my mistake. Quagga/Frr/Mikrotik they behave the same way.

additional info,
Mikrotik not always elect /32 stub as forwarding-address. I dont know 
why for one solution /32 is forwarding-address but for another not. The 
choice is not obvious
but since v7.X is possible to set forwarding-address using filters (set 
ospf-ext-fwd):

rul:

if (protocol connected && dst in OSPF-ANNOUNCE) { set ospf-ext-type 
type1; set ospf-ext-fwd 10.81.254.3; accept }


and then it works predictably :)



-- 
Pozdrawiam,
Konrad Kręciwilk
Inżynier sieci
GSM +48 883 131 165
tel.: +48 71 735 15 31
e-mail:konrad.kreciwilk at korbank.pl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20230216/904db022/attachment.htm>


More information about the Bird-users mailing list