Community discussions

MikroTik App
 
wispmikrotik
Member Candidate
Member Candidate
Topic Author
Posts: 137
Joined: Tue Apr 25, 2017 10:43 am

OSPF area NSSA LSA type 7 to type 5

Fri Mar 05, 2021 6:15 pm

Hi,

Following RFC 1587 "4.1 Translating Type-7 LSAs Into Type-5 LSAs", and according to mikrotik's own documentation "https://help.mikrotik.com/docs/display/ ... +Solutions" Section LSA Types:

"type 7 - type 7 LSAs are used to tell the ABRs about these external routes imported in NSSA area. Area Border Router then translates these LSAs to type 5 external LSAs and floods as normal to the rest of the OSPF network"

In my lab this does NOT work, my scheme is very simple:

R1 is an ASBR connected to area 0 (default type) to R2.

R2 is an ABR connected in vlan 2 to area 0 (defualt type) and in vlan 3 to area 1 (NSSA)

R3 is a simple RI transit router in area 1 NSSA

R4 is another ASBR router, connected to area 1 NSSA, which knows the prefix 7.7.7.7/32 by static route.

Image

The question is, R4 imports the route in area 1 NSSA as type 7 (7.7.7.7 static), the lsa travels through area 1 perfectly, but when it reaches R2, it is not able to convert the lsa type 7 to type 5 and import it to the backbone (area 0 R1). This with cisco and juniper works perfectly without making any invention (create 2 instances and redistribute-other-ospf).

Attached configurations.

R1
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether4 ] disable-running-check=no
set [ find default-name=ether5 ] disable-running-check=no
/interface vlan
add interface=ether5 name=vlan2 vlan-id=2
/routing ospf instance
set [ find default=yes ] metric-bgp=200 metric-connected=0 metric-other-ospf=110 metric-rip=120 metric-static=5 name=ospf100 redistribute-connected=as-type-1 router-id=1.1.1.1
/system logging action
add disk-file-name=log_ASBR name=action1 target=disk
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add interface=ether3
add interface=ether4
add interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ip address
add address=192.168.2.1/30 interface=vlan2 network=192.168.2.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dns
set servers=1.1.1.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether1
/routing filter
add action=accept chain=ospf-out prefix=192.168.122.0/24 prefix-length=24-32
add action=discard chain=ospf-out prefix=0.0.0.0/0 prefix-length=0-32
add action=accept chain=ospf-out prefix=192.168.122.0/24 prefix-length=24-32
add action=discard chain=ospf-out prefix=0.0.0.0/0 prefix-length=0-32
/routing ospf interface
add dead-interval=4s hello-interval=2s interface=vlan2 network-type=point-to-point priority=105 retransmit-interval=1s use-bfd=yes
/routing ospf network
add area=backbone network=192.168.2.0/30
/system clock
set time-zone-name=Europe/Madrid
/system identity
set name=R1
/system logging
add action=action1 topics=ospf,!raw
add action=action1 topics=ospf,!raw
/system package update
set channel=testing
/tool romon
set enabled=yes

R2
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether4 ] disable-running-check=no
set [ find default-name=ether5 ] disable-running-check=no
/interface vlan
add interface=ether5 name=vlan2 vlan-id=2
add interface=ether1 name=vlan3 vlan-id=3
/routing ospf area
add area-id=0.0.0.1 default-cost=1 inject-summary-lsas=no name=area1 translator-role=translate-always type=nssa
/routing ospf instance
set [ find default=yes ] metric-bgp=200 metric-connected=0 metric-other-ospf=110 metric-rip=120 metric-static=5 name=ospf100 redistribute-other-ospf=as-type-2 router-id=2.2.2.2
/system logging action
add disk-file-name=log_ASBR name=action1 target=disk
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add tagged=ether3,ether4,ether5,*6 vlan-ids=2
/ip address
add address=192.168.2.2/30 interface=vlan2 network=192.168.2.0
add address=192.168.3.1/30 interface=vlan3 network=192.168.3.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dns
set servers=1.1.1.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether1
/routing ospf interface
add dead-interval=4s hello-interval=2s interface=vlan2 network-type=point-to-point priority=105 retransmit-interval=1s use-bfd=yes
add dead-interval=4s hello-interval=2s interface=vlan3 network-type=point-to-point priority=105 retransmit-interval=1s use-bfd=yes
/routing ospf network
add area=backbone network=192.168.2.0/30
add area=area1 network=192.168.3.0/30
/system clock
set time-zone-name=Europe/Madrid
/system identity
set name=R2
/system logging
add action=action1 topics=ospf,!raw
add action=action1 topics=ospf,!raw
/system package update
set channel=testing
/tool romon
set enabled=yes

R3
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether4 ] disable-running-check=no
set [ find default-name=ether5 ] disable-running-check=no
/interface vlan
add interface=ether1 name=vlan3 vlan-id=3
add interface=ether5 name=vlan4 vlan-id=4
/routing ospf area
add area-id=0.0.0.1 default-cost=1 inject-summary-lsas=no name=area1 translator-role=translate-never type=nssa
/routing ospf instance
set [ find default=yes ] metric-bgp=200 metric-connected=0 metric-other-ospf=110 metric-rip=120 metric-static=5 name=ospf100 router-id=3.3.3.3
/system logging action
add disk-file-name=log_ASBR name=action1 target=disk
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add tagged=ether3,ether4,ether5,*6 vlan-ids=2
/ip address
add address=192.168.3.2/30 interface=vlan3 network=192.168.3.0
add address=192.168.4.1/30 interface=vlan4 network=192.168.4.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dns
set servers=1.1.1.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/routing ospf interface
add dead-interval=4s hello-interval=2s interface=vlan3 network-type=point-to-point priority=105 retransmit-interval=1s use-bfd=yes
add dead-interval=4s hello-interval=2s interface=vlan4 network-type=point-to-point priority=105 retransmit-interval=1s use-bfd=yes
/routing ospf network
add area=area1 network=192.168.3.0/30
add area=area1 network=192.168.4.0/30
/system clock
set time-zone-name=Europe/Madrid
/system identity
set name=R3
/system logging
add action=action1 topics=ospf,!raw
/system package update
set channel=testing
/tool romon
set enabled=yes

R4
/interface bridge
add name=bdi100
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
set [ find default-name=ether2 ] disable-running-check=no
set [ find default-name=ether3 ] disable-running-check=no
set [ find default-name=ether4 ] disable-running-check=no
set [ find default-name=ether5 ] disable-running-check=no
/interface vlan
add interface=ether5 name=vlan4 vlan-id=4
add interface=bdi100 name=vlan5 vlan-id=5
/routing ospf area
add area-id=0.0.0.1 default-cost=1 inject-summary-lsas=no name=area1 translator-role=translate-always type=nssa
/routing ospf instance
set [ find default=yes ] metric-bgp=200 metric-connected=0 metric-other-ospf=110 metric-rip=120 metric-static=5 name=ospf100 redistribute-static=as-type-2 router-id=\
    4.4.4.4
/system logging action
add disk-file-name=log_ASBR name=action1 target=disk
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=bdi100 interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add tagged=ether3,ether4,ether5,*6 vlan-ids=2
/ip address
add address=192.168.4.2/30 interface=vlan4 network=192.168.4.0
add address=192.168.5.1/30 interface=vlan5 network=192.168.5.0
/ip dns
set servers=1.1.1.1
/ip route
add distance=1 dst-address=7.7.7.7/32 gateway=192.168.5.2
/routing ospf interface
add dead-interval=4s hello-interval=2s interface=vlan4 network-type=point-to-point priority=105 retransmit-interval=1s use-bfd=yes
/routing ospf network
add area=area1 network=192.168.4.0/30
/system clock
set time-zone-name=Europe/Madrid
/system identity
set name=R4
/system logging
add action=action1 topics=ospf,!raw
/system package update
set channel=testing
/tool romon
set enabled=yes

Routes R1
[admin@R1] > /ip ro pr
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          192.168.122.1             1
 1 ADC  192.168.2.0/30     192.168.2.1     vlan2                     0
 2 ADo  192.168.3.0/30                     192.168.2.2             110
 3 ADo  192.168.4.0/30                     192.168.2.2             110
 4 ADC  192.168.122.0/24   192.168.122.125 ether1                    0
[admin@R1] > /routing ospf lsa pr
AREA                                                                                                   TYPE         ID             ORIGINATOR     SEQUENCE-NUMBER        AGE
area2                                                                                                  router       1.1.1.1        1.1.1.1             0x80000005       1404
area2                                                                                                  router       2.2.2.2        2.2.2.2             0x80000006       1410
area2                                                                                                  summary-n... 192.168.3.0    2.2.2.2             0x80000001       1517
area2                                                                                                  summary-n... 192.168.4.0    2.2.2.2             0x80000001       1517
area2                                                                                                  summary-asbr 4.4.4.4        2.2.2.2             0x80000001       1516
external                                                                                               as-external  192.168.122.0  1.1.1.1             0x80000001       1407

LSA R2
[admin@R2] > /routing ospf lsa pr
AREA                                                                                                   TYPE         ID             ORIGINATOR     SEQUENCE-NUMBER        AGE
backbone                                                                                               router       1.1.1.1        1.1.1.1             0x80000006         79
backbone                                                                                               router       2.2.2.2        2.2.2.2             0x80000006         73
backbone                                                                                               summary-n... 192.168.3.0    2.2.2.2             0x80000003         77
backbone                                                                                               summary-n... 192.168.4.0    2.2.2.2             0x80000001         62
backbone                                                                                               summary-asbr 4.4.4.4        2.2.2.2             0x80000001         49
area1                                                                                                  router       2.2.2.2        2.2.2.2             0x80000002         68
area1                                                                                                  router       3.3.3.3        3.3.3.3             0x80000003         56
area1                                                                                                  router       4.4.4.4        4.4.4.4             0x80000002         52
area1                                                                                                  summary-n... 0.0.0.0        2.2.2.2             0x80000001         78
area1                                                                                                  type-7       7.7.7.7        4.4.4.4             0x80000002         50
external                                                                                               as-external  192.168.122.0  1.1.1.1             0x80000002        431
Regards,
 
sarah
newbie
Posts: 27
Joined: Mon Feb 29, 2016 1:41 am

Re: OSPF area NSSA LSA type 7 to type 5

Sat Mar 06, 2021 6:22 am

I just reproduced this too in my lab.
If you change the NSSA area to default, the lsa seems to be flooded correctly. At this point if you change the area back to NSSA things work correctly. HOWEVER if you now change the RIP network to other prefix, the old prefix will continue to be flooded.
Maybe time to email support@mikrotik.com?
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: OSPF area NSSA LSA type 7 to type 5

Sat Mar 06, 2021 7:15 am

you can do email to support. They will give you maybe better answer.

From what i can see, i not sure what you want to achieve, but i think your topology is wrong. NSSA you can't use in this case.

Please see the folowing atachent to get an idea in which caisess you can play with NSSA
You do not have the required permissions to view the files attached to this post.
 
wispmikrotik
Member Candidate
Member Candidate
Topic Author
Posts: 137
Joined: Tue Apr 25, 2017 10:43 am

Re: OSPF area NSSA LSA type 7 to type 5

Sat Mar 06, 2021 9:11 am

Hi,

Thanks for the answers, yes, I have a ticket open to mikrotik for 7 days without an answer.

Regarding the topology, I was testing ospf in mikrotik, as for the network is not correct, why? This same network you change R2 for a cisco, vyos, junos and it works perfectly, it is broken in translate-role routerOS.

Regards,
 
wispmikrotik
Member Candidate
Member Candidate
Topic Author
Posts: 137
Joined: Tue Apr 25, 2017 10:43 am

Re: OSPF area NSSA LSA type 7 to type 5

Sat Mar 06, 2021 10:12 am

Hi,

Confirmed is a BUG

v6.46 - OK

Image

Image


v6.48.1 and v6.49beta11 not working

Regards
 
wispmikrotik
Member Candidate
Member Candidate
Topic Author
Posts: 137
Joined: Tue Apr 25, 2017 10:43 am

Re: OSPF area NSSA LSA type 7 to type 5

Sat Mar 06, 2021 10:42 am

Hi,

Total disaster:

All current versions affected :(

long term: v6.47.9
stable: v6.48.1
testing: v6.49beta11
development: v7.1beta4

Regards.
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: OSPF area NSSA LSA type 7 to type 5

Sat Mar 06, 2021 11:10 am

im not sure,
try on R3

/routing ospf area
add area-id=0.0.0.1 default-cost=1 inject-summary-lsas=no name=area1 translator-role=translate-always type=nssa
 
MrZoidberg
just joined
Posts: 1
Joined: Fri Sep 08, 2023 9:24 am

Re: OSPF area NSSA LSA type 7 to type 5

Fri Sep 08, 2023 9:42 am

Hi, I had the same problem. After some tinkering with Cisco and ROS 6.46 I was able to discover the following:
1) In Cisco and RouterOS 6.46, everything works, the route to the network announced in NSSA appears on R1. LSA Type 1 are as follows:
RouterOS 6.46
Mikrotik 6-46.jpg
Cisco
Cisco.jpg
As you can see, there are E and B bits that tell us that this router (R2) is an ABR and an ASBR
2) The route is not displayed in RouterOS 7.11.2, but the LSA type 5 is available in the database
LSA Type 5.jpg
We also see that in LSA type 1, the R2 only sets the B bit, which tells us that this is just an ABR
Mikrotik 7-11-2.jpg
However, if we configure R2 to perform radio distribution, for example RIP, it will additionally mark itself as an ASBR, and R1 will place the route from NSSA in the routing table
You do not have the required permissions to view the files attached to this post.
Last edited by MrZoidberg on Fri Sep 08, 2023 9:44 am, edited 1 time in total.
 
User avatar
antosusan
just joined
Posts: 11
Joined: Mon Apr 03, 2023 7:37 am
Location: Indonesia

Re: OSPF area NSSA LSA type 7 to type 5

Fri Oct 27, 2023 6:59 am

im not sure,
try on R3

/routing ospf area
add area-id=0.0.0.1 default-cost=1 inject-summary-lsas=no name=area1 translator-role=translate-always type=nssa
yes i try this is work properly for nssa

Who is online

Users browsing this forum: Husky and 20 guests