26 April 2015

OSPF Filtering (AREA)

Some network designs require that OSPF routes should not be advertised by ABRs into other areas. Filtering Type 3 LSA generation stills allows the routes to install in the appropriate area of the OSPF database, and does not generate a Type 3 LSA for the area being filtered.


The figure below demonstrates that the ABR can filter routes as they advertise out of an area into another areas, or into an area. XR2 is able to filter routes (link-state advertisements, LSAs) as they leave Area 1 or enter Area 0, and that R3 can filter routes as they leave Area 0 or enter Area 2. the same logic applies with routes advertised in the opposition direction.


The last figure provides a reference topology where R1 is advertising the 172.16.1.0/24 and 172.16.2.0/24 network prefixes, and R4 is advertising the 172.20.1.0/24 and 172.20.2.0/24 network prefixes into OSPF. Follow the configurations and the output of RIBs to learn how the filters can be placed.



[-] RIBs before the filters

R1# show ip route ospf
...
      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O IA     10.23.1.0/24 [110/2] via 10.12.1.2, 00:07:47, GigabitEthernet0/1
O IA     10.34.1.0/24 [110/3] via 10.12.1.2, 00:07:47, GigabitEthernet0/1
      172.20.0.0/24 is subnetted, 2 subnets
O IA     172.20.1.0 [110/4] via 10.12.1.2, 00:07:15, GigabitEthernet0/1
O IA     172.20.2.0 [110/4] via 10.12.1.2, 00:07:15, GigabitEthernet0/1

R4# sh ip route ospf
...
      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O IA     10.12.1.0/24 [110/3] via 10.34.1.3, 00:06:22, GigabitEthernet0/1
O IA     10.23.1.0/24 [110/2] via 10.34.1.3, 00:06:22, GigabitEthernet0/1
      172.16.0.0/24 is subnetted, 2 subnets
O IA     172.16.1.0 [110/4] via 10.34.1.3, 00:06:22, GigabitEthernet0/1
O IA     172.16.2.0 [110/4] via 10.34.1.3, 00:06:22, GigabitEthernet0/1

[+] RIBs after the filters

R1# show ip route ospf    
...
      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O IA     10.23.1.0/24 [110/2] via 10.12.1.2, 00:09:45, GigabitEthernet0/1
O IA     10.34.1.0/24 [110/3] via 10.12.1.2, 00:09:45, GigabitEthernet0/1
      172.20.0.0/24 is subnetted, 1 subnets
O IA     172.20.2.0 [110/4] via 10.12.1.2, 00:09:13, GigabitEthernet0/1

R4# sh ip route ospf        
...
      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O IA     10.12.1.0/24 [110/3] via 10.34.1.3, 00:10:27, GigabitEthernet0/1
O IA     10.23.1.0/24 [110/2] via 10.34.1.3, 00:10:27, GigabitEthernet0/1
      172.16.0.0/24 is subnetted, 1 subnets
O IA     172.16.2.0 [110/4] via 10.34.1.3, 00:10:27, GigabitEthernet0/1

[XR2 config/filter]
router ospf 1
 router-id 192.168.3.2
 area 0
  interface GigabitEthernet0/0/0/1
  !
 !
 area 1
  route-policy OSPF-AREA-FILTER in
  interface GigabitEthernet0/0/0/0
  !
 !
route-policy OSPF-AREA-FILTER
  if not destination in (172.20.1.0/24) then
    pass
  endif
end-policy

[R3 config/filter]
router ospf 1
 router-id 192.168.3.3
 area 0 filter-list prefix PREFIX-FILTER out
 network 10.23.1.3 0.0.0.0 area 0
 network 10.34.1.3 0.0.0.0 area 2
!
ip prefix-list PREFIX-FILTER seq 5 deny 172.16.1.0/24
ip prefix-list PREFIX-FILTER seq 10 permit 0.0.0.0/0 le 32


biOos
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)