A stub area is an area which does not receive route advertisements external to the Autonomous system (AS) and routing from withing the area is based entirely on a default route, this reduces the size of routing databases for the area's internal routers.
Stub areas are through which or into which AS external advertisements are not flooded.
You might want to create stub areas when much of the topological database consists of AS external advertisements, doing so reduces the size of the topological databases and therefore, the amount of memory required on the internal routers in the stub area.
When an area border router is configured for a stub area, the router automatically advertises a default route in place of the external routes that are not being advertised within the stub area so that routers in the stub area can reach destinations outside the area.
An area where LSA 5 has got nothing to do, we can see LSA 1, 2, 3, 4 but we can’t see LSA 5 advertisements in our topology table.
ABR will block LSA 5 and will inject a default static route 0.0.0.0, means it will replace LSA 5 with default static route.
Before creating a stub you can see O, O IA, OE1 and OE2 and After creating stub you’ll see O, O IA, O* IA 0.0.0.0, Means replacing LSA 5 with default static route O* IA 0.0.0.0
Example
Use "area xx stub" command on all therouters in the area to define an area as a stub area.
In the topology shown below, routers in area 7 do not need to know about all the external destinations.
The routers in area 7 must send a packet to the ABR to reach the ASBR, no matter what the external destination is.
Area 7 can be defined as a stub area. To define area 7 as a stub area, configure the area 7 stub command in all routers in that area.
Stub is a word for area, not router as a whole becomes stub, and you need to give “area xx stub” command to all the routers in that area.
When you say that this area is stub it means that there’s only one exit point, single exit point.
Why we make stub areas
People say that we make stub to implement security, because all external LSA’s are blocked, so we’ve no connection with external world because OE2 is blocked. But it’s wrong, because security was only in that case if LSA 5 is blocked and no default route is injected. let’s suppose 10 routes are coming as LSA 5 in our network so we can reach these five destinations but when we make an area stub then no LSA 5 in our routing table and we have only one default route 0.0.0.0, because of that default route, now we can reach all the networks in the world it’s a big security loophole, stub areas are made to reduce the size of routing table.
|
Actually, stub areas are made, where we want to reduce the size of routing table, where there is trusted network, our own network.
Like in route summarization, size of routing table is reduced in stub area also but it’s a security loophole because now our traffic is going for unwanted destinations (Networks) also.
Example
Like first we have detailed routing table which have New York and New Jersey so our traffic will go to New York and New Jersey only but when we configure route summarization and configure “N” our routing table size will be reduced but our traffic will also go to New York, New Jersey, North Carolina, New Mexico, New Hampshire, Nevada, Nebraska and North Dakota as well
So stub area is dangerous, it is open invitation “Go anywhere”
Totally Stub Area
In totally stubby area, along with LSA 5, LSA 4 and LSA 3 are also blocked, only LSA 1 and LSA 2 exists.
Here you will see O, and default route will be injected for “O IA” also 0.0.0.0, once again it’s not for security it’s for reducing the size of routing table.
“O” is LSA 1 and LSA 2, it means that in totally stubby area we’ll see only routes from our own area and in stub area we’ll see LSA 1, LSA 2, LSA 3, LSA 4, means we’ll see routes from our own autonomous system.
|
Stub means single point of exit
|
When you make a stub area it’s wrong to say that now you don’t have any connection with outside world in-fact you have connection to all world but there LSA’s are not coming in your area.
Not so Stubby area
This is non-proprietary extension of stub
area feature, which allows the injection of external routes in a limited
fashion into stub area.
When you redistribute into an NSSA area,
a special type of Link State Advertisement (LSA) known as type 7 is produced,
which can only exist inside NSSA, an NSSA ASBR generates this LSA and NSSA ABR
translates it into type 5 LSA, which gets advertised into OSPF domain.
Means the area is stub but not so strictly,
Stub basically blocks LSA 5.
If
we configure IP addresses 11, 12, 13, and 14 on “Router A” and advertise them,
router A will also become ASBR and the advertisement will be LSA 5, now there
will be two ASBR Router A and C as in the above diagram.
Now if we configure area 1 as stub, it
will block all the LSA 5 whether it’s coming from router A or C, but we want to
block LSA 5 coming from outside and we don’t want to block those which are
generated in our own area, we want to advertise them.
We want LSA 5 which are generated in our
own area (Router A O1/1) to be advertised but suppress LSA 5 produced by any
other ASBR, So I’m
making it stub but not strictly stub, I’m blocking LSA 5 but not blocking all
of them.
In the above diagram case, LSA 5 will be
generated on router A but LSA 5 (OE) is blocked by the stub area, no matter
what.
Once we have configured an area as NSSA
it will block all LSA 5 except which are being generated by it’s on ASBR, if we
configure area 1 as NSSA and there are 10 ASBRs in area 1, area 1 will not
block LSA 5 generated by all 10 of them.
For any correction, improvement or suggestion please do not hesitate to reach out at usman@cyberswats.com
 area)){kind=link}
0 Comments