1. OSPF NSSA Configuration 구성도
1) OSPF NSSA Configuration 구성도
- 본 글은 NSSA 및 totally NSSA를 구성했을 때, 앞에서 스터디한 LSA type을 차단하는지, default-route를 전달하기 위해 cost를 명시적으로 설정해야 하는지 확인하는 것이 목표
2) 테스트 장비
- Emulator : EVE-NG
- OS : Juniper vMX 23.1R1.8
2. OSPF NSSA Configuration
1) Interface and OSPF Configuration
더보기
< vMX1 : Interface and OSPF 설정 >
set interfaces ge-0/0/1 unit 0 family inet address 1.1.2.1/24
set interfaces lo0 unit 0 family inet address 1.1.1.1/32
set routing-options router-id 1.1.1.1
set protocols ospf area 0.0.0.2 interface lo0.0
set protocols ospf area 0.0.0.2 interface ge-0/0/1.0 interface-type p2p< vMX2 : Interface and OSPF 설정 >
set interfaces ge-0/0/0 unit 0 family inet address 1.1.2.2/24
set interfaces ge-0/0/1 unit 0 family inet address 1.2.3.2/24
set interfaces lo0 unit 0 family inet address 2.2.2.2/32
set routing-options router-id 2.2.2.2
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0 interface-type p2p
set protocols ospf area 0.0.0.2 interface ge-0/0/0.0 interface-type p2p< vMX3 : Interface and OSPF 설정 >
set interfaces ge-0/0/0 unit 0 family inet address 1.2.3.3/24
set interfaces ge-0/0/1 unit 0 family inet address 1.3.4.3/24
set interfaces lo0 unit 0 family inet address 3.3.3.3/32
set routing-options router-id 3.3.3.3
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p
set protocols ospf area 0.0.0.3 interface ge-0/0/1.0 interface-type p2p< vMX4 : Interface and OSPF 설정 >
set interfaces ge-0/0/0 unit 0 family inet address 1.3.4.4/24
set interfaces lo0 unit 0 family inet address 4.4.4.4/32
set routing-options router-id 4.4.4.4
set protocols ospf area 0.0.0.3 interface lo0.0
set protocols ospf area 0.0.0.3 interface ge-0/0/0.0 interface-type p2p
root@vMX2> show ospf neighbor
Address Interface State ID Pri Dead
1.2.3.3 ge-0/0/1.0 Full 3.3.3.3 128 37
1.1.2.1 ge-0/0/0.0 Full 1.1.1.1 128 34root@vMX3> show ospf neighbor
Address Interface State ID Pri Dead
1.2.3.2 ge-0/0/0.0 Full 2.2.2.2 128 34
1.3.4.4 ge-0/0/1.0 Full 4.4.4.4 128 39
2) OSPF Redistribution Configuration
< vMX1 : OSPF Redistribution 설정 >
set interfaces ge-0/0/9 unit 0 family inet address 1.10.1.1/24
set interfaces ge-0/0/9 unit 0 family inet address 2.10.1.1/24
set interfaces ge-0/0/9 unit 0 family inet address 3.10.1.1/24
set interfaces ge-0/0/9 unit 0 family inet address 4.10.1.1/24
set interfaces ge-0/0/9 unit 0 family inet address 5.10.1.1/24
set policy-options policy-statement EXPORT from protocol direct
set policy-options policy-statement EXPORT then accept
set protocols ospf export EXPORT< vMX4 : OSPF Redistribution 설정 >
set interfaces ge-0/0/9 unit 0 family inet address 1.10.4.1/24
set interfaces ge-0/0/9 unit 0 family inet address 2.10.4.1/24
set interfaces ge-0/0/9 unit 0 family inet address 3.10.4.1/24
set interfaces ge-0/0/9 unit 0 family inet address 4.10.4.1/24
set interfaces ge-0/0/9 unit 0 family inet address 5.10.4.1/24
set policy-options policy-statement EXPORT from protocol direct
set policy-options policy-statement EXPORT then accept
set protocols ospf export EXPORT- 재분배를 위해 direct network를 생성
- 생성한 direct network를 OSPF로 재분배
root@vMX1> show ospf database
OSPF database, Area 0.0.0.2
Type ID Adv Rtr Seq Age Opt Cksum Len
Router *1.1.1.1 1.1.1.1 0x8000000b 11 0x22 0xfaee 60
Router 2.2.2.2 2.2.2.2 0x80000009 1139 0x22 0x8576 48
Summary 1.2.3.0 2.2.2.2 0x80000009 1735 0x22 0x125 28
Summary 1.3.4.0 2.2.2.2 0x80000002 2047 0x22 0x228 28
Summary 2.2.2.2 2.2.2.2 0x80000009 1437 0x22 0xe044 28
Summary 3.3.3.3 2.2.2.2 0x80000002 240 0x22 0xca5c 28
Summary 4.4.4.4 2.2.2.2 0x80000002 339 0x22 0xa67b 28
ASBRSum 4.4.4.4 2.2.2.2 0x80000001 31 0x22 0x9a87 28
OSPF AS SCOPE link state database
Type ID Adv Rtr Seq Age Opt Cksum Len
Extern *1.10.1.0 1.1.1.1 0x80000001 10 0x22 0x5250 36
Extern 1.10.4.0 4.4.4.4 0x80000001 34 0x22 0xd6bc 36
Extern *2.10.1.0 1.1.1.1 0x80000001 10 0x22 0x455c 36
Extern 2.10.4.0 4.4.4.4 0x80000001 34 0x22 0xc9c8 36
Extern *3.10.1.0 1.1.1.1 0x80000001 10 0x22 0x3868 36
Extern 3.10.4.0 4.4.4.4 0x80000001 34 0x22 0xbcd4 36
Extern *4.10.1.0 1.1.1.1 0x80000001 10 0x22 0x2b74 36
Extern 4.10.4.0 4.4.4.4 0x80000001 34 0x22 0xafe0 36
Extern *5.10.1.0 1.1.1.1 0x80000001 10 0x22 0x1e80 36
Extern 5.10.4.0 4.4.4.4 0x80000001 34 0x22 0xa2ec 36- 재분배한 network address 정보는 LSA type 5로 확인
- LSA type 5는 area를 넘어가도 정보가 변경되지 않으므로 advertising router는 vMX1과 vMX4로 유지
3) NSSA Configuration
< vMX1 : NSSA 설정 >
set protocols ospf area 2 nssaroot@vMX2> show ospf neighbor
Address Interface State ID Pri Dead
1.2.3.3 ge-0/0/1.0 Full 3.3.3.3 128 38- NSSA 구성 시, OSPF hello message의 option field의 "n(nssa)" bit가 설정되므로 OSPF neighbor 단절 발생
< vMX2 : NSSA 설정 >
set protocols ospf area 2 nssaroot@vMX2> show ospf neighbor
Address Interface State ID Pri Dead
1.2.3.3 ge-0/0/1.0 Full 3.3.3.3 128 35
1.1.2.1 ge-0/0/0.0 Full 1.1.1.1 128 34- neighbor의 "n(nssa)" bit가 동일하므로 OSPF neighbor 형성
root@vMX1> show ospf overview
Instance: master
Router ID: 1.1.1.1
Route table index: 0
AS boundary router, NSSA router
LSA refresh time: 50 minutes
Post Convergence Backup: Disabled
Area: 0.0.0.2
Stub type: Stub NSSA
Authentication Type: None
Area border routers: 1, AS boundary routers: 1
Neighbors
Up (in full state): 1
Topology: default (ID 0)
Prefix export count: 5
Full SPF runs: 6
SPF delay: 0.200000 sec, SPF holddown: 5 sec, SPF rapid runs: 3
Backup SPF: Not Needed- area 2가 NSSA 임을 확인
root@vMX1> show ospf database
OSPF database, Area 0.0.0.2
Type ID Adv Rtr Seq Age Opt Cksum Len
Router *1.1.1.1 1.1.1.1 0x80000003 71 0x20 0x29ca 60
Router 2.2.2.2 2.2.2.2 0x80000002 103 0x20 0xb74b 48
Summary 1.2.3.0 2.2.2.2 0x80000002 103 0x20 0x2d02 28
Summary 1.3.4.0 2.2.2.2 0x80000001 92 0x20 0x220b 28
Summary 2.2.2.2 2.2.2.2 0x80000002 103 0x20 0xd21 28
Summary 3.3.3.3 2.2.2.2 0x80000001 92 0x20 0xea3f 28
Summary 4.4.4.4 2.2.2.2 0x80000001 92 0x20 0xc65e 28
NSSA *1.10.1.0 1.1.1.1 0x80000001 111 0x28 0xe88 36
NSSA *2.10.1.0 1.1.1.1 0x80000001 111 0x28 0x194 36
NSSA *3.10.1.0 1.1.1.1 0x80000001 111 0x28 0xf3a0 36
NSSA *4.10.1.0 1.1.1.1 0x80000001 111 0x28 0xe6ac 36
NSSA *5.10.1.0 1.1.1.1 0x80000001 111 0x28 0xd9b8 36- NSSA에서 재분배한 network address 정보는 NSSA 내에서 LSA type 7으로 전달
- NSSA이므로 ABR에서 LSA type 4, type 5를 차단
- juniper는 NSSA를 구성해도 기본적으로 default-route를 미전달
< vMX2 : LSA type 3 default-route 설정 >
set protocols ospf area 2 nssa default-lsa default-metric 10- ABR이 LSA type 7이고 cost가 10인 default-route를 전달
- 관리자가 default-route를 ABR 또는 ASBR에 설치할 수 있는 선택권을 부여하기 위해 LSA type 7으로 전달
root@vMX1> show ospf database
OSPF database, Area 0.0.0.2
Type ID Adv Rtr Seq Age Opt Cksum Len
Router *1.1.1.1 1.1.1.1 0x80000003 146 0x20 0x29ca 60
Router 2.2.2.2 2.2.2.2 0x80000002 178 0x20 0xb74b 48
Summary 1.2.3.0 2.2.2.2 0x80000002 178 0x20 0x2d02 28
Summary 1.3.4.0 2.2.2.2 0x80000001 167 0x20 0x220b 28
Summary 2.2.2.2 2.2.2.2 0x80000002 178 0x20 0xd21 28
Summary 3.3.3.3 2.2.2.2 0x80000001 167 0x20 0xea3f 28
Summary 4.4.4.4 2.2.2.2 0x80000001 167 0x20 0xc65e 28
NSSA 0.0.0.0 2.2.2.2 0x80000001 35 0x20 0xa779 36
NSSA *1.10.1.0 1.1.1.1 0x80000001 186 0x28 0xe88 36
NSSA *2.10.1.0 1.1.1.1 0x80000001 186 0x28 0x194 36
NSSA *3.10.1.0 1.1.1.1 0x80000001 186 0x28 0xf3a0 36
NSSA *4.10.1.0 1.1.1.1 0x80000001 186 0x28 0xe6ac 36
NSSA *5.10.1.0 1.1.1.1 0x80000001 186 0x28 0xd9b8 36- ABR이 LSA type 7이고 advertising router가 vMX2인 defaut-route를 전달
root@vMX1> show ospf database nssa extensive
OSPF database, Area 0.0.0.2
Type ID Adv Rtr Seq Age Opt Cksum Len
NSSA 0.0.0.0 2.2.2.2 0x80000001 95 0x20 0xa779 36
mask 0.0.0.0
Topology default (ID 0)
Type: 1, Metric: 10, Fwd addr: 0.0.0.0, Tag: 0.0.0.0
Aging timer 00:58:24
Installed 00:01:32 ago, expires in 00:58:25
Last changed 00:01:32 ago, Change count: 1
~~~ 생략 ~~~- LSA type 7인 default-route의 link-state id는 0.0.0.0, subnet mask는 0.0.0.0, cost는 10으로 구성
< vMX2 : default-route의 metric type을 지정>
set protocols ospf area 2 nssa default-lsa metric-type 2root@vMX1> show ospf database nssa extensive
OSPF database, Area 0.0.0.2
Type ID Adv Rtr Seq Age Opt Cksum Len
NSSA 0.0.0.0 2.2.2.2 0x80000002 33 0x20 0x2976 36
mask 0.0.0.0
Topology default (ID 0)
Type: 2, Metric: 10, Fwd addr: 0.0.0.0, Tag: 0.0.0.0
Aging timer 00:59:26
Installed 00:00:30 ago, expires in 00:59:27
Last changed 00:00:30 ago, Change count: 2
~~~ 생략 ~~~- ABR이 전달하는 default-route의 metric type을 2로 구성
4) Totally NSSA Configuration
< vMX2 : Totally NSSA >
set protocols ospf area 2 nssa no-summaries- totally NSSA로 구성
- 해당 설정은 ABR에서만 구성
root@vMX1> show ospf overview
Instance: master
Router ID: 1.1.1.1
Route table index: 0
AS boundary router, NSSA router
LSA refresh time: 50 minutes
Post Convergence Backup: Disabled
Area: 0.0.0.2
Stub type: Stub NSSA
Authentication Type: None
Area border routers: 1, AS boundary routers: 1
Neighbors
Up (in full state): 1
Topology: default (ID 0)
Prefix export count: 5
Full SPF runs: 32
SPF delay: 0.200000 sec, SPF holddown: 5 sec, SPF rapid runs: 3
Backup SPF: Not Needed- area 2가 NSSA 임을 확인
root@vMX1> show ospf database
OSPF database, Area 0.0.0.2
Type ID Adv Rtr Seq Age Opt Cksum Len
Router *1.1.1.1 1.1.1.1 0x8000000c 11 0x20 0x17d3 60
Router 2.2.2.2 2.2.2.2 0x8000000a 12 0x20 0xa753 48
Summary 0.0.0.0 2.2.2.2 0x80000001 12 0x20 0xcf5d 28
NSSA *1.10.1.0 1.1.1.1 0x80000002 17 0x28 0xc89 36
NSSA *2.10.1.0 1.1.1.1 0x80000002 17 0x28 0xfe95 36
NSSA *3.10.1.0 1.1.1.1 0x80000002 17 0x28 0xf1a1 36
NSSA *4.10.1.0 1.1.1.1 0x80000002 17 0x28 0xe4ad 36
NSSA *5.10.1.0 1.1.1.1 0x80000002 17 0x28 0xd7b9 36- totally NSSA이므로 ABR에서 LSA type3, type 4, type 5를 차단
- NSSA를 구성할 때 default-route를 전달하는 명령어를 설정했으므로 LSDB에서 default-route가 존재
- totally NSSA는 NSSA와 달리 default-route를 LSA type 3으로 전달
< vMX2 : default-route LSA type 변경 >
set protocols ospf area 2 nssa default-lsa type-7- "no-summaries" 명령문이 구성된 경우 해당 명령어를 입력하여 default-route를 LSA type 7로 Flooding
root@vMX1> show ospf database
OSPF database, Area 0.0.0.2
Type ID Adv Rtr Seq Age Opt Cksum Len
Router *1.1.1.1 1.1.1.1 0x8000000c 84 0x20 0x17d3 60
Router 2.2.2.2 2.2.2.2 0x8000000a 85 0x20 0xa753 48
NSSA 0.0.0.0 2.2.2.2 0x80000001 12 0x20 0x2b75 36
NSSA *1.10.1.0 1.1.1.1 0x80000002 90 0x28 0xc89 36
NSSA *2.10.1.0 1.1.1.1 0x80000002 90 0x28 0xfe95 36
NSSA *3.10.1.0 1.1.1.1 0x80000002 90 0x28 0xf1a1 36
NSSA *4.10.1.0 1.1.1.1 0x80000002 90 0x28 0xe4ad 36
NSSA *5.10.1.0 1.1.1.1 0x80000002 90 0x28 0xd7b9 36- ABR이 LSA type 7이고 advertising router가 vMX2인 defaut-route를 전달
'Network > OSPF' 카테고리의 다른 글
| OSPF Virtual Link Configuration(Juniper vMX) (0) | 2025.10.28 |
|---|---|
| OSPF Route Summary Configuration(Juniper vMX) (0) | 2025.10.26 |
| LSA Flooding Type in OSPF Domain (0) | 2025.10.24 |
| Number of Flooding by LSA Type in OSPF domain (0) | 2025.10.22 |
| OSPF Stub Configuration(Juniper vMX) (0) | 2025.10.18 |
| OSPF Stub Area and NSSA (0) | 2025.10.16 |
| OSPF LSA Type 7 Deep Dive (0) | 2025.10.14 |
| OSPF LSA Type 4 and LSA Type 5 Deep Dive (0) | 2025.10.12 |