Some of the reasons why a network engineer might want to enable these features are: stopping updates from being sent out an interface that connects to an external customer, reducing the processing load, reducing the memory requirements on a router, reducing bandwidth required to send updates to a remote site, and increase the stability in the OSPF process (reducing the need to run the SPF algorithm).
Database Outbound Filtering
interface Serial1/0:0.609 point-to-point description IP Services Link to RemoteA ip address 10.1.1.1 255.255.255.252 ip ospf database-filter all out router ospf 10 network 10.1.1.0 0.0.0.3 area 5 Core1#sh ip ospf int s1/0:0.609 Serial1/0:0.609 is up, line protocol is up Internet Address 10.1.1.0/30, Area 5 Process ID 10, Router ID 172.31.1.1, Network Type POINT_TO_POINT, Cost: 1 Transmit Delay is 1 sec, State POINT_TO_POINT Database-filter all out Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:03 Supports Link-local Signaling (LLS) Cisco NSF helper support enabled IETF NSF helper support enabled Index 10/11, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0, maximum is 0 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 172.31.1.15 Suppress hello for 0 neighbor(s)
In the example above, the “ip ospf database-filter all out” command was enabled on the core router WAN interface facing a remote site. What this command does is it stops the transmission of all OSPF LSAs going out that interface. However, it does allow OSPF hello packets to be sent and received, and therefore it can establish a neighbor adjacency. Because of the neighbor adjacency, the remote site can advertise routes to the core router, it just doesn’t receive any routes, and requires a default route for any traffic outbound from the site.
! interface FastEthernet0/1 description ***Customer 1 Service Delivery Point*** ip address 192.168.100.1 255.255.255.0 ip access-group Cust1-IN in ip access-group Cust1-OUT out rate-limit input 512000 70400 76800 conform-action set-prec-transmit 2 exceed-action set-prec-transmit 1 rate-limit output 512000 70400 76800 conform-action set-prec-transmit 2 exceed-action drop duplex auto speed auto no cdp enable router ospf 10 redistribute static subnets route-map Cust1 passive-interface FastEthernet0/1 network 192.168.100.1 0.0.0.255 area 5 ip route 192.168.101.0 255.255.255.0 192.168.100.1 tag 5000 route-map Cust1 permit 10 match tag 5000 set metric-type type-1 RemoteA#sh ip ospf int fa0/1 FastEthernet0/1 is up, line protocol is up Internet Address 192.168.100.1/24, Area 5 Process ID 10, Router ID 172.31.1.15, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) RemoteA.xyz.com, Interface address 172.31.2.1 No backup designated router on this network Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 No Hellos (Passive interface) Supports Link-local Signaling (LLS) Cisco NSF helper support enabled IETF NSF helper support enabled Index 9/9, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0, maximum is 0 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 0, Adjacent neighbor count is 0 Suppress hello for 0 neighbor(s) Message digest authentication enabled No key configured, using default key id 0
In this example, the FastEthernet0/1 interface is a connection to an external customer service and sending any OSPF packets over the interface is less than desirable. We still want to include the connected interface subnet and any subnets beyond our connected point into our OSPF domain, so other customer sites can talk to them. The “passive-interface” command stops hellos from being sent out the interface, preventing a neighbor adjacency, but still allows the connected interface route to be injected into the OSPF process. Any networks that are beyond the connected interface will require redistribution.
Stub Areas – Limiting LSAs
There are several types of stub areas that have different effects, and include: Stub Areas, Totally Stub Areas, Not So Stubby Areas (NSSA), and NSSA Totally Stub. The quick gist of their difference is which types of LSAs the ABR will send to the stub area, and then advertise a default route for all other networks.
- Stub areas will send only Intra-area and Inter-area LSAs (types 1-4) to the stub, and a default route.
- Totally stubby areas will only send Intra-area routes (types 1-2), and the default route.
- NSSAs are the same as a Stub area, but a router in the stub area is also an ASBR (routes are being redistributed into OSPF). Since Type-5 LSAs are not allowed in a Stub area, a type 7 LSA is required to send back to the core router (ABR), where it will be converted by the ABR into a type 5 LSA to advertise out.
- NSSA totally stub areas are, of course, the same as a regular NSSA, but they do not advertise any Inter-area routes into the stub (no type 3-5, only 1-2).
A network engineer might want to use one of these types of stub areas in situations similar to the first example for “Database Outbound Filtering”. Rather than cutting off all routes advertised to a remote site, having some visibility into the OSPF domain could prove to be more resilient to network outages.
Configuration of the different stub areas is fairly straight forward. Below are the commands to configure each type of stub area.
router ospf 10 area 5 stub network 10.1.1.0 0.0.0.3 area 5
Totally Stub Area:
router ospf 10 area 5 stub no-summary network 10.1.1.0 0.0.0.3 area 5
router ospf 10 area 5 nssa network 10.1.1.0 0.0.0.3 area 5
NSSA Totally Stub:
router ospf 10 area 5 nssa no-summary network 10.1.1.0 0.0.0.3 area 5
The ‘area’ command that specifies the stub area must be configured on the ABR, and all routers in the stub area. The easiest way you can verify the functionality of each of the different types of stubs is with the “show ip route” command to see the “O” (intra-area), “O IA” (inter-area), “O E1” (external type-1), and “O E2” (external type-2) routes. The default route that is generated and advertised into the stub area is always listed as an OSPF inter-area route.
These are just some of the ways that I’ve come across over the past few years as a network engineer to adjust the way OSPF operates. If you know of any other ways, please post your ideas!