From: SCDasarathan (scdman@gmail.com)
Date: Wed Jun 20 2007 - 11:45:56 ART
Hi,
Distribute-list is cumbersome, if used within OSPF domain, since if they
are used within OSPF Domain they wont be able to filter LSA2 being converted
at the ABR into LSA3. Hence you were able to see the route for 3.3.3.3 in
the ospf database even after applying the distribute-list.
http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a0080094704.shtml#q12
You may have to use area filter-list in ABR to achieve proper filtering. I
am still looking if there is any way to filter routes within single OSPF
Area. Add the following commands if you really interested to block the
routes 2.2.2.2 and 3.3.3.3 in non-backbone areas connected to R1. You may
still be required to use the distribute-list if you dont want to have the
2.2.2.2 and 3.3.3.3 routes in the routing table of R1.
R1(config-router)#area 0 filter-list prefix BLOCK out
Summary:
Use the distribute-list to remove the route entry for 2.2.2.2 and 3.3.3.3from R1
Use area filter-list to block LSAs being send beyond R1 into Area 1.
Hope that clarifies.
Regards
SCD
On 6/19/07, Bit Gossip <bit.gossip@chello.nl > wrote:
>
> Daniel,
> I have labbed it and I get your exact same results:
> the distribute-list not only prevents 2.2.2.2 to be installed in the RT
> but
> also removes it from the database.
> I have no idea why and is certainly in contrast to my undertanding of
> distribute-list in OSPF
> Thanks,
> Bit.
>
>
> ----- Original Message -----
> From: "Narbik Kocharians" <narbikk@gmail.com>
> To: "Daniel Kutchin" < daniel@kutchin.com>
> Cc: < ccielab@groupstudy.com>
> Sent: Tuesday, June 12, 2007 12:32 AM
> Subject: Re: Distribute-list & OSPF LSA 3
>
>
> > Sorry for a delayed response, i was in the middle of some work, but I
> > think
> > the problem is with the ip prefix-list that you have configured, you
> > forgot
> > to assign sequence numbers, but here is what i got:
> >
> > *This is before the prefix-list / distribute-list*
> > R1#Sh ip route ospf
> > 2.0.0.0/32 is subnetted, 1 subnets
> > O IA 2.2.2.2 [110/2] via 172.16.1.2, 00:03:21, FastEthernet0/0
> > 3.0.0.0/32 is subnetted, 1 subnets
> > O 3.3.3.3 [110/2] via 172.16.1.2, 00:03:21, FastEthernet0/0
> > 4.0.0.0/32 is subnetted, 1 subnets
> > O IA 4.4.4.4 [110/2] via 172.16.1.2, 00:03:21, FastEthernet0/0
> >
> > *R1#sh ip ospf da rou adv-router 4.4.4.4*
> >
> > OSPF Router with ID ( 172.16.2.1) (Process ID 1
> >
> > Router Link States (Area 0)
> >
> > Routing Bit Set on this LSA
> > LS age: 239
> > Options: (No TOS-capability, DC)
> > LS Type: Router Links
> > Link State ID: 4.4.4.4
> > Advertising Router: 4.4.4.4
> > LS Seq Number: 80000004
> > Checksum: 0x2F44
> > Length: 48
> > Area Border Router
> > Number of Links: 2
> >
> > Link connected to: a Stub Network
> > (Link ID) Network/subnet number: 3.3.3.3
> > (Link Data) Network Mask: 255.255.255.255
> > Number of TOS metrics: 0
> > TOS 0 Metrics: 1
> >
> > Link connected to: a Transit Network
> > (Link ID) Designated Router address: 172.16.1.1
> > (Link Data) Router Interface address: 172.16.1.2
> > Number of TOS metrics: 0
> > TOS 0 Metrics: 1
> >
> > *R1#sh ip ospf da summ adv-router 4.4.4.4*
> >
> > OSPF Router with ID ( 172.16.2.1) (Process ID 1)
> >
> > Summary Net Link States (Area 0)
> >
> > Routing Bit Set on this LSA
> > LS age: 293
> > Options: (No TOS-capability, DC, Upward)
> > LS Type: Summary Links(Network)
> > Link State ID: 2.2.2.2 (summary Network Number)
> > Advertising Router: 4.4.4.4
> > LS Seq Number: 80000001
> > Checksum: 0xBE65
> > Length: 28
> > Network Mask: /32
> > TOS: 0 Metric: 1
> >
> > Routing Bit Set on this LSA
> > LS age: 283
> > Options: (No TOS-capability, DC, Upward)
> > LS Type: Summary Links(Network)
> > Link State ID: 4.4.4.4 (summary Network Number)
> > Advertising Router: 4.4.4.4
> > LS Seq Number: 80000001
> > Checksum: 0x62B9
> > Length: 28
> > Network Mask: /32
> > TOS: 0 Metric: 1
> >
> >
> > *R1(config)#ip prefix-list BLOCK seq 5 deny 2.2.2.2/32
> > R1(config)#ip prefix-list BLOCK seq 10 deny 3.3.3.3/32
> > R1(config)#ip prefix-list BLOCK seq 15 permit 0.0.0.0/0 le 32
> > R1(config)#router ospf 1
> > R1(config-router)#distribute-list prefix BLOCK in*
> >
> >
> > *R1#sh ip rou ospf*
> > 4.0.0.0/32 is subnetted, 1 subnets
> > O IA 4.4.4.4 [110/2] via 172.16.1.2, 00:00:07, FastEthernet0/0
> >
> >
> >
> > *Note it did NOT effect the database*
> >
> > *R1#sh ip ospf da rou adv-router 4.4.4.4*
> >
> > OSPF Router with ID (172.16.2.1 ) (Process ID 1)
> >
> > Router Link States (Area 0)
> >
> > Routing Bit Set on this LSA
> > LS age: 54
> > Options: (No TOS-capability, DC)
> > LS Type: Router Links
> > Link State ID: 4.4.4.4
> > Advertising Router: 4.4.4.4
> > LS Seq Number: 80000006
> > Checksum: 0x412F
> > Length: 48
> > Area Border Router
> > Number of Links: 2
> >
> > Link connected to: a Stub Network
> > (Link ID) Network/subnet number: 3.3.3.3
> > (Link Data) Network Mask: 255.255.255.255
> > Number of TOS metrics: 0
> > TOS 0 Metrics: 1
> >
> > Link connected to: a Transit Network
> > (Link ID) Designated Router address: 172.16.1.2
> > (Link Data) Router Interface address: 172.16.1.2
> > Number of TOS metrics: 0
> > TOS 0 Metrics: 1
> >
> >
> > *R1#sh ip ospf da summ adv-router 4.4.4.4*
> >
> > OSPF Router with ID ( 172.16.2.1) (Process ID 1)
> >
> > Summary Net Link States (Area 0)
> >
> > Routing Bit Set on this LSA
> > LS age: 547
> > Options: (No TOS-capability, DC, Upward)
> > LS Type: Summary Links(Network)
> > Link State ID: 2.2.2.2 (summary Network Number)
> > Advertising Router: 4.4.4.4
> > LS Seq Number: 80000001
> > Checksum: 0xBE65
> > Length: 28
> > Network Mask: /32
> > TOS: 0 Metric: 1
> >
> > Routing Bit Set on this LSA
> > LS age: 537
> > Options: (No TOS-capability, DC, Upward)
> > LS Type: Summary Links(Network)
> > Link State ID: 4.4.4.4 (summary Network Number)
> > Advertising Router: 4.4.4.4
> > LS Seq Number: 80000001
> > Checksum: 0x62B9
> > Length: 28
> > Network Mask: /32
> > TOS: 0 Metric: 1
> >
> >
> >
> >
> >
> > On 6/11/07, Daniel Kutchin < daniel@kutchin.com> wrote:
> >>
> >> Narbik ---
> >>
> >> This is exactly the problem here. Why is the database different when he
> >> applies the filter?
> >> And why only the Inter-Area prefix is filtered?
> >>
> >> #--- before:
> >>
> >> Summary Net Link States (Area 1)
> >>
> >> Link ID ADV Router Age Seq# Checksum
> >> 2.2.2.2 1.1.1.1 2 0x80000001 0x007DA8 <---
> >> will
> >> be filtered
> >> 3.3.3.3 1.1.1.1 2 0x80000001 0x004FD2 <---
> >> will
> >> be filtered
> >> 4.4.4.4 1.1.1.1 2 0x80000001 0x0021FC
> >> 172.16.1.0 1.1.1.1 3602 0x80000002 0x0056CA
> >>
> >>
> >> #--- after:
> >>
> >> Summary Net Link States (Area 1)
> >>
> >> Link ID ADV Router Age Seq# Checksum
> >> 3.3.3.3 1.1.1.1 574 0x80000001 0x004FD2 <---
> >> only
> >> this remains
> >> 4.4.4.4 1.1.1.1 574 0x80000001 0x0021FC
> >> 172.16.1.0 1.1.1.1 568 0x80000003 0x00B85D
> >>
> >>
> >> -----Original Message-----
> >> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> >> Narbik Kocharians
> >> Sent: Montag, 11. Juni 2007 22:38
> >> To: want2bccie@gmail.com
> >> Cc: ccielab@groupstudy.com
> >> Subject: Re: Distribute-list & OSPF LSA 3
> >>
> >> When you block prefixes using the "distribute-list in" command, the
> >> prefixes
> >> are filtered from the routing table BUT NOT the database.
> >>
> >> On 6/8/07, want2bccie@gmail.com < want2bccie@gmail.com> wrote:
> >> >
> >> > Hi GS,
> >> >
> >> > Below is my ospf topology
> >> >
> >> > Lo 3( 3.3.3.3/32)__
> >> > \ ___Lo 2(2.2.2.2/32)
> >> > +----+ +----+ /
> >> > Lo 1( 1.1.1.1/32)--| <http://1.1.1.1/32)--%7C> R1 | | R2
> |--X
> >> > +----+ +----+ \___Lo 4( 4.4.4.4/32)
> >> > |fa0/0 fa0/0|
> >> > | |
> >> > |--172.16.1.0/30---| <http://172.16.1.0/30---%7C>
> >> >
> >> > My config:
> >> >
> >> > -----------R1------------------------
> >> > interface FastEthernet1/0
> >> > ip address 172.16.1.1 255.255.255.0
> >> > !
> >> > interface Loopback1
> >> > ip address 1.1.1.1 255.255.255.255
> >> > !
> >> > router ospf 1
> >> > router-id 1.1.1.1
> >> > log-adjacency-changes
> >> > network 1.1.1.1 0.0.0.0 area 1
> >> > network 172.16.1.1 0.0.0.0 area 0
> >> > distribute-list prefix BLOCK in
> >> > !
> >> > ip prefix-list BLOCK seq deny 2.2.2.2/32
> >> > ip prefix-list BLOCK seq deny 3.3.3.3/32
> >> > ip prefix-list BLOCK seq permit 0.0.0.0/0 le 32
> >> >
> >> > --------------R2-----------------------
> >> > interface FastEthernet1/0
> >> > ip address 172.16.1.2 255.255.255.0
> >> > !
> >> > interface Loopback2
> >> > ip address 2.2.2.2 255.255.255.255
> >> > !
> >> > interface Loopback3
> >> > ip address 3.3.3.3 255.255.255.255
> >> > !
> >> > interface Loopback4
> >> > ip address 4.4.4.4 255.255.255.255
> >> > !
> >> > router ospf 1
> >> > router-id 2.2.2.2
> >> > log-adjacency-changes
> >> > network 2.2.2.2 0.0.0.0 area 2
> >> > network 3.3.3.3 0.0.0.0 area 0
> >> > network 4.4.4.4 0.0.0.0 area 4
> >> > network 172.16.1.2 0.0.0.0 area 0
> >> > ---------------------------------------
> >> > R1#show ip ospf database
> >> >
> >> > OSPF Router with ID ( 1.1.1.1) (Process ID 1)
> >> >
> >> > Router Link States (Area 0)
> >> >
> >> >
> >> > Link ID ADV Router Age Seq# Checksum Link
> >> count
> >> > 1.1.1.1 1.1.1.1 951 0x800000A5 0x8F6F 1
> >> > 2.2.2.2 2.2.2.2 947 0x80000030 0x7ECF 2
> >> >
> >> >
> >> > Net Link States (Area 0)
> >> >
> >> >
> >> > Link ID ADV Router Age Seq# Checksum
> >> > 172.16.1.1 1.1.1.1 954 0x80000001 0x6DFD
> >> >
> >> >
> >> > Summary Net Link States (Area 0)
> >> >
> >> >
> >> > Link ID ADV Router Age Seq# Checksum
> >> > 1.1.1.1 1.1.1.1 1172 0x80000033 0xE21F
> >> > 2.2.2.2 2.2.2.2 945 0x80000049 0x6A79
> >> > 4.4.4.4 2.2.2.2 948 0x80000001 0x9E85
> >> >
> >> >
> >> > Router Link States (Area 1)
> >> >
> >> >
> >> > Link ID ADV Router Age Seq# Checksum Link
> >> count
> >> > 1.1.1.1 1.1.1.1 1184 0x80000001 0xD351 1
> >> >
> >> >
> >> > Summary Net Link States (Area 1)
> >> >
> >> >
> >> > Link ID ADV Router Age Seq# Checksum
> >> > 3.3.3.3 1.1.1.1 946 0x80000001 0x4FD2
> >> > 4.4.4.4 1.1.1.1 946 0x80000001 0x21FC
> >> > 172.16.1.0 1.1.1.1 950 0x80000003 0x3B34
> >> > ------------------------------------------------------------
> >> >
> >> > As per above config, on R1 OSPF learned routes should not installed
> in
> >> its
> >> > routing table but those routes still be in database and advertise to
> >> > its
> >> > neighbors. But in this case R1 is not getting type-3 LSA's for
> >> 2.2.2.2network into ospf AREA 1.
> >> > If above database output is correct, then can someone clear why R1
> >> > won't
> >> > get LSA3 for 2.2.2.2.
> >> >
> >> > Regards,
> >> > Naresh
> >> >
> >> >
> _______________________________________________________________________
> >> > Subscription information may be found at:
> >> > http://www.groupstudy.com/list/CCIELab.html
> >> >
> >>
> >>
> >>
> >> --
> >> Narbik Kocharians
> >> CCIE# 12410 (R&S, SP, Security)
> >> CCSI# 30832
> >> Network Learning, Inc. (CCIE class Instructor)
> >> www.ccbootcamp.com (CCIE Training)
> >>
> >> _______________________________________________________________________
>
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >> _______________________________________________________________________
>
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >
> >
> >
> > --
> > Narbik Kocharians
> > CCIE# 12410 (R&S, SP, Security)
> > CCSI# 30832
> > Network Learning, Inc. (CCIE class Instructor)
> > www.ccbootcamp.com (CCIE Training)
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:50 ART