Sigit's Blog

Configuring OSPF Stub and Totally Stub Area

configuring ospf stub and totally stub area

Objective:

  • configure ospf stub area (filter type 5 LSA E1 and E2 from populating stub area's router routing table)
  • configure ospf totally stub area (cisco propietary, filter type 5 LSA, type 3 IA O, and type 4 IA O from populating stub area's router routing table)
  • area 2 is a stub area. Capetown should have least routing table entry.

Topology:

ospf stub and totally stub

Configs:

Usual ConfigsSanJose1:

SanJose1#sh run Building configuration...

Current configuration : 1244 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname SanJose1 ! boot-start-marker boot-end-marker ! enable secret 5 $1$LDb6$zEg.92Fgad6druYY83bUE0 ! no aaa new-model ! resource policy ! ip cef ! ! interface Loopback0 (simulate internal network on SanJose1) ip address 192.168.64.1 255.255.255.0 ! interface Loopback1 ip address 192.168.80.1 255.255.255.0 ! interface Loopback2 ip address 192.168.96.1 255.255.255.0 ! interface Loopback3 ip address 192.168.112.1 255.255.255.0 ! interface Loopback5 ip address 10.0.0.6 255.255.255.252 ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 duplex half ! router ospf 1 log-adjacency-changes redistribute static (static routes redistribution using E2 type 5 LSA) network 192.168.1.0 0.0.0.255 area 0 network 192.168.64.0 0.0.63.255 area 1 default-information originate ! ip route 10.0.0.0 255.0.0.0 Null0 (simulate ISP connection) no ip https server no ip https secure-server ! ! ! logging alarm informational ! ! ! ! ! ! control-plane ! ! ! ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login ! ! end

SanJose1# SanJose3:

SanJose3#sh run Building configuration...

Current configuration : 1783 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname SanJose3 ! boot-start-marker boot-end-marker ! enable secret 5 $1$aHy.$gyYsVc6zVpucwrv99x296/ ! no aaa new-model ! resource policy ! ip cef ! interface Loopback0 ip address 192.168.3.1 255.255.255.0 ! interface FastEthernet0/0 ip address 192.168.1.3 255.255.255.0 duplex half ! interface Serial1/0 ip address 192.168.208.1 255.255.255.252 serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial1/1 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial1/2 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial1/3 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial1/4 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial1/5 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial1/6 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial1/7 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! router ospf 1 log-adjacency-changes network 192.168.1.0 0.0.0.255 area 0 network 192.168.3.0 0.0.0.255 area 0 network 192.168.208.0 0.0.0.3 area 2 ! no ip https server no ip https secure-server ! ! ! logging alarm informational ! ! ! ! ! ! control-plane ! ! ! ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login ! ! end

SanJose3# Capetown:

Capetown#sh run Building configuration...

Current configuration : 1711 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Capetown ! boot-start-marker boot-end-marker ! enable secret 5 $1$FoDT$Gc/68u.1hX6wJWX66t/j2/ ! no aaa new-model ! resource policy ! ip cef ! ! interface Loopback0 ip address 192.168.220.1 255.255.255.0 ! interface FastEthernet0/0 ip address 192.168.216.1 255.255.255.0 duplex half ! interface Serial1/0 ip address 192.168.208.2 255.255.255.252 serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial1/1 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial1/2 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial1/3 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial1/4 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial1/5 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial1/6 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! interface Serial1/7 no ip address shutdown serial restart-delay 0 no dce-terminal-timing-enable ! router ospf 1 log-adjacency-changes network 192.168.208.0 0.0.0.3 area 2 ! no ip https server no ip https secure-server ! ! ! logging alarm informational ! ! ! ! ! ! control-plane ! ! ! ! ! ! gatekeeper shutdown ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 0 0 password cisco logging synchronous login ! ! end

Capetown# result:

Capetown#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

192.168.208.0/30 is subnetted, 1 subnets C 192.168.208.0 is directly connected, Serial1/0 192.168.64.0/32 is subnetted, 1 subnets O IA 192.168.64.1 [110/66] via 192.168.208.1, 00:06:48, Serial1/0 192.168.80.0/32 is subnetted, 1 subnets O IA 192.168.80.1 [110/66] via 192.168.208.1, 00:06:48, Serial1/0 O E2 10.0.0.0/8 [110/20] via 192.168.208.1, 00:06:48, Serial1/0 192.168.96.0/32 is subnetted, 1 subnets O IA 192.168.96.1 [110/66] via 192.168.208.1, 00:06:48, Serial1/0 192.168.112.0/32 is subnetted, 1 subnets O IA 192.168.112.1 [110/66] via 192.168.208.1, 00:06:48, Serial1/0 C 192.168.220.0/24 is directly connected, Loopback0 O IA 192.168.1.0/24 [110/65] via 192.168.208.1, 00:06:48, Serial1/0 192.168.3.0/32 is subnetted, 1 subnets O IA 192.168.3.1 [110/65] via 192.168.208.1, 00:06:49, Serial1/0

  • O IA denotes LSA type 3 or type 4 Inter Area route summary, not filtered.
  • O E2 denotes LSA type 5 external route summary, not filtered.
  • So, Capetown's routing table is full, not efficient for a stub area router. We need to filter type 3 or 4 LSA using stub configuration. More efficiently, we also need to filter type 5 LSA using totally stubby configuration (cisco propietary)
  • gateway of last resort is not set.

Stub Configs:

SanJose3:

just add these lines to make area 2 a stub area.

SanJose3:

SanJose3#conf t Enter configuration commands, one per line. End with CNTL/Z. SanJose3(config)#router ospf 1 SanJose3(config-router)#area 2 stub

Capetown:

Capetown#conf t Enter configuration commands, one per line. End with CNTL/Z. Capetown(config)#router ospf 1 Capetown(config-router)#area 2 stub

result:

Capetown(config-router)#do sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.208.1 to network 0.0.0.0

192.168.208.0/30 is subnetted, 1 subnets C 192.168.208.0 is directly connected, Serial1/0 192.168.64.0/32 is subnetted, 1 subnets O IA 192.168.64.1 [110/66] via 192.168.208.1, 00:09:38, Serial1/0 192.168.80.0/32 is subnetted, 1 subnets O IA 192.168.80.1 [110/66] via 192.168.208.1, 00:09:38, Serial1/0 192.168.96.0/32 is subnetted, 1 subnets O IA 192.168.96.1 [110/66] via 192.168.208.1, 00:09:38, Serial1/0 192.168.112.0/32 is subnetted, 1 subnets O IA 192.168.112.1 [110/66] via 192.168.208.1, 00:09:38, Serial1/0 C 192.168.220.0/24 is directly connected, Loopback0 O IA 192.168.1.0/24 [110/65] via 192.168.208.1, 00:09:38, Serial1/0 192.168.3.0/32 is subnetted, 1 subnets O IA 192.168.3.1 [110/65] via 192.168.208.1, 00:09:40, Serial1/0 O*IA 0.0.0.0/0 [110/65] via 192.168.208.1, 00:09:40, Serial1/0

  • No More O E2 routes because type 5 LSAs are filtered.
  • The routing table become a little bit smaller -just a little bit though.
  • gateway of last resort is automatically added.

Totally Stub Configs:

to configure area 2 as totally stubby, u have to change the configuration above -only at the ABR, in this case SanJose3 router. While Capetown's config doesn't have to be changed.

SanJose3#conf t Enter configuration commands, one per line. End with CNTL/Z. SanJose3(config)# SanJose3(config)#router ospf 1 SanJose3(config-router)#no area SanJose3(config-router)#no area 2 stub SanJose3(config-router)#are SanJose3(config-router)#area SanJose3(config-router)#area 2 stu SanJose3(config-router)#area 2 stub no SanJose3(config-router)#area 2 stub no-summary

result:

Capetown(config-router)#do sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.208.1 to network 0.0.0.0

192.168.208.0/30 is subnetted, 1 subnets C 192.168.208.0 is directly connected, Serial1/0 C 192.168.220.0/24 is directly connected, Loopback0 O*IA 0.0.0.0/0 [110/65] via 192.168.208.1, 00:01:05, Serial1/0

  • No more type 5 LSA (E1 or E2) route summary.
  • No more type 3 or 4 LSA (O IA) route summary.
  • Now, the routing table is definitely small.
  • gateway of last resort is automatically added.

Summary:

  • for stub networks router, it is better to keep the routing table small. use stub or totally stub area.
  • stub configuration applied on both interface of an areas link. stub configuration filter type 5 LSA (E1 or E2) from populating stub networks router routing table. gateway of last resort automatically added by the ABR.
  • totally stub configuration applied only at the ASBRs interface. stub configuration filter type 5 (E1 or E2), type 3 and type 4 LSA (O IA) from populating stub networks router routing table. gateway of last resort automatically added by the ABR.
  • The problem is : network 192.168.220.1 and 192.168.216.1 (both on router Capetown) can not be accessed from SanJose1 and SanJose3 (those networks injected to the OSPF AS using type 5 LSA -remember type 5 LSAs are filtered on stub area). I believe, this will be solved by NSSA configuration.