OSPF NSSA P-bit Explained

Lesson Contents

In this lesson we’ll take a closer look at the OSPF NSSA “P-bit”. When we redistribute something into an OSPF NSSA area then these prefixes are flooded within the NSSA area as LSA type 7. Once these LSAs make it to an ABR, they are translated into LSA type 5 and advertised to other areas.

The P-bit (P stands for propagate) can be found in the options field of an LSA type 7 and it tells the ABR if the LSA type 7 should be translated into a LSA type 5 or not. Only LSAs with the P-bit will be translated and automatically this bit will be set for all prefixes that are redistributed.

Let’s take a look at this P-bit in action. First I’ll show you where you can find it and afterwards we’ll look at some examples how you prevent the translation from LSA type 7 to 5. I’ll use the following topology:

R1 is in area 0, R2 and R3 are our ABR (Area Border Routers) and R4 is within the NSSA area. It has a loopback interface that will be redistributed into OSPF.

Here is the OSPF configuration of all 4 routers:

R1#show running-config | section ospf
router ospf 1
 network 192.168.12.0 0.0.0.255 area 0
 network 192.168.13.0 0.0.0.255 area 0

R2#show running-config | section ospf
router ospf 1
 area 1 nssa
 network 192.168.12.0 0.0.0.255 area 0
 network 192.168.234.0 0.0.0.255 area 1

R3#show running-config | section ospf
router ospf 1
 area 1 nssa
 network 192.168.13.0 0.0.0.255 area 0
 network 192.168.234.0 0.0.0.255 area 1

R4#show running-config | section ospf
router ospf 1
 area 1 nssa
 redistribute connected subnets
 network 192.168.234.0 0.0.0.255 area 1

The OSPF configuration on all routers is pretty straight forward. I used redistribute connected subnets on R4 to redistribute the loopback interface into OSPF. Let’s start by looking at the LSDB on R4:

R4#show ip ospf database nssa-external

            OSPF Router with ID (4.4.4.4) (Process ID 1)

                Type-7 AS External Link States (Area 1)

  LS age: 895
  Options: (No TOS-capability, Type 7/5 translation, DC)
  LS Type: AS External Link
  Link State ID: 4.4.4.4 (External Network Number )
  Advertising Router: 4.4.4.4
  LS Seq Number: 80000001
  Checksum: 0x78A5
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 192.168.234.4
        External Route Tag: 0

Cisco IOS doesn’t show the P-bit as “P-bit” but you can see the OSPF options on top. The “Type 7/5 translation” part means that the P-bit has been set in this OSPF packet. Whenever this LSA reaches an ABR, it will be translated into a LSA type 5. Here’s what this LSA looks like in wireshark:

Here you can see the NP bit. This bit position has two roles:

N-bit: this one is used in hello packets for OSPF NSSA routers. When the N-bit is not supported, the routers won’t become neighbors.
P-bit: this one is only used in the NSSA external LSA header.

Since the N and P bit are never used at the same time, this bit position can be used for both roles.

Let’s take a look at this LSA on R2 and R3 (our ABRs):

R2#show ip ospf database nssa-external

            OSPF Router with ID (192.168.234.2) (Process ID 1)

                Type-7 AS External Link States (Area 1)

  LS age: 1233
  Options: (No TOS-capability, Type 7/5 translation, DC)
  LS Type: AS External Link
  Link State ID: 4.4.4.4 (External Network Number )
  Advertising Router: 4.4.4.4
  LS Seq Number: 80000001
  Checksum: 0x78A5
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 192.168.234.4
        External Route Tag: 0

R3#show ip ospf database nssa-external

            OSPF Router with ID (192.168.234.3) (Process ID 1)

                Type-7 AS External Link States (Area 1)

  Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 1237
  Options: (No TOS-capability, Type 7/5 translation, DC)
  LS Type: AS External Link
  Link State ID: 4.4.4.4 (External Network Number )
  Advertising Router: 4.4.4.4
  LS Seq Number: 80000001
  Checksum: 0x78A5
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 192.168.234.4
        External Route Tag: 0

Both routers have the LSA in their LSDB. Let’s check R1:

R1#show ip ospf database external

            OSPF Router with ID (192.168.13.1) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 1346
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 4.4.4.4 (External Network Number )
  Advertising Router: 192.168.234.3
  LS Seq Number: 80000001
  Checksum: 0xFAE5
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 192.168.234.4
        External Route Tag: 0

R1 has a LSA type 5 for this network and you can see that R3 (192.168.234.3) has translated this LSA. The forward address to reach this network is R4 (192.168.234.4). OSPF separates the advertising router and the address to reach this particular network (forward address). When R1 wants to reach this network it can use both paths since the cost is equal:

R1#show ip route ospf | begin 4.4.4.4
O E2     4.4.4.4 [110/20] via 192.168.13.3, 00:38:49, FastEthernet0/1
                 [110/20] via 192.168.12.2, 00:38:49, FastEthernet0/0

So why did R3 do the translation of LSA type 7 into 5? We have two ABRs after all. Since OSPF uses a forward address, there is no need for both R2 and R3 to translate our LSA type 7 into a LSA type 5. Only one router has to do it.

Forum Replies

Hi Rene,

I know that Type 5 external routes are not normally allowed in a NSSA area, but is there a method by which they can be converted into Type 3/Type 7 so that they can be allowed in the area? Route summarization? I’m stumped.

Thanks.

Hi M,

Hmm not that I know of, if you use any of the stub area types then it’s bye bye LSA type 5. There are no options that I know of that let you convert LSA types (with the exception of LSA type 5 > 7 done by ASBRs within the NSSA area).

Rene

great explanation -
another trick you could do on R2 & R3 is to suppress the FA - say you filtered the 192.168.45.0 0.0.0.255 network into area 0 via an area filter command on R2 & R3 you could then subsequently on R2 & R3 do the following. (in doing area filtering of the 45.x network into area 0 - R1 will not be able to recurse to the 5.5.5.5 network and thus not install 5.5.5.5 in the RIB) to fix this you could then do this on the ABR’s
R2 & R3

ip prefix-list AREA_1_ROUTES deny 192.168.45.5/32
ip prefix-list AREA_1_ROUTES permit 0.0.0.0/0 le 32

router os

... Continue reading in our forum

Hi Rene,

In regards to:
<h3>OSPF NSSA ASBR and ABR</h3>
You say: “When an OSPF NSSA router is both ASBR and ABR then it can flood LSA type 7 or LSA type 5 directly in another area. For this reason, the P-bit will be disabled on type 7 LSAs.”

I feel i am missing something here.

When you make R2 both ABR and ASBR by redistributing R2’s loopback , you say the conversion from 7 to 5 does not happen.

But Still R1 gets the type 5 for the loopback from R2?

I mean, if the P bit is not set, then how can this redistributed loopback on R2 make it to R1 as a type5?

What i

... Continue reading in our forum

Hi Edwin,

In case anyone else reads this, we are talking about this post right:

https://networklessons.com/ospf/ospf-nssa-p-bit-explained/

You are correct. In this example, R2 will create a LSA type 5 directly which R1 can learn and a LSA type 7 that R4 will learn. There’s no need to create a LSA type 7 and then translate it into a type 5, that’s why the P-bit is disabled.

Rene

29 more replies! Ask a question or join the discussion by visiting our Community Forum

We're Sorry, Full Content Access is for Members Only...

Forum Replies