Re: OSPF LSA type 3 filtering from Narbik Kocharians on 2013-01-02 (Ccielab archives 01/2013)

From: Narbik Kocharians <narbikk_at_gmail.com>
Date: Wed, 2 Jan 2013 12:49:55 -0800

*Sarad,*
*Since we are all engineers, and engineers are "Must See" people, walk
through the following lab.*
**
*Lets assume the following topology:*

Lo0(1.1.1.1/24)----- *R1*(F0/0)12.1.1.1/24 -------- 12.1.1.2/24(F0/0)*R2*

*R2*(S0/0.23) 23.1.1.2/24----------23.1.1.3/24(S0/0.32) *R3*

*R3*(F0/0)34.1.1.3/24--------34.1.1.4/24(F0/0)*R4*

*OSPF Areas configuration:*

R1s Lo0 is advertised with a mask of 24 in area 1

The link connecting R1 to R2 is in area 1

The link connecting R2 to R3 is in area 0

The link connecting R3 to R4 is in area 2

*To verify:*

R1#*Show ip route ospf | I O*

O IA 34.1.1.0 [110/66] via 12.1.1.2, 00:04:13, FastEthernet0/0

O IA 23.1.1.0 [110/65] via 12.1.1.2, 00:04:13, FastEthernet0/0

R2#*Show ip route ospf | I O*

O IA 34.1.1.0 [110/65] via 23.1.1.3, 00:05:05, Serial0/0.23

O 1.1.1.0 [110/2] via 12.1.1.1, 00:04:35, FastEthernet0/0

R3#*Show ip route ospf | I O*

O IA 1.1.1.0 [110/66] via 23.1.1.2, 00:04:30, Serial0/0.32

O IA 12.1.1.0 [110/65] via 23.1.1.2, 00:05:05, Serial0/0.32

R4#*Show ip route ospf | I O*

O IA 1.1.1.0 [110/67] via 34.1.1.3, 00:04:30, FastEthernet0/0

O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:04:30, FastEthernet0/0

O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:04:30, FastEthernet0/0

*Lets test the "area range" command on R3:*

*On R3*

R3(config)#*router ospf 1*

R3(config-router)#*area 1 range 1.1.1.0 255.255.255.0 not-ad*

*To verify the configuration:*

*On R4*

R4#*Show ip route ospf | I O*

*O IA 1.1.1.0 [110/67] via 34.1.1.3, 00:07:07, FastEthernet0/0*

O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:07:07, FastEthernet0/0

O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:07:07, FastEthernet0/0

*NOTE: It did not work, because the Area range command does not work
on inter-area routes at all; now lets try this command on R2:*
**

*On R2*

R2(config)#*router ospf 1*

R2(config-router)#*area 1 range 1.1.1.0 255.255.255.0 not-ad*

*To verify the configuration:*
**
*On** R2*

*NOTE: Its in the routing table and the database of the local router (R2):*

R2#*sh ip route ospf | I O*

O IA 34.1.1.0 [110/65] via 23.1.1.3, 00:00:33, Serial0/0.23

*O 1.1.1.0 [110/2] via 12.1.1.1, 00:00:33, FastEthernet0/0*

R2#*Show ip ospf da router*

*Link connected to: a Stub Network*

* (Link ID) Network/subnet number: 1.1.1.0*

* (Link Data) Network Mask: 255.255.255.0*

* Number of TOS metrics: 0*

* TOS 0 Metrics: 1*

* *

*But is it going to be advertised to the other areas? Lets check:*

*On R3*

R3#*Show ip route ospf | I O*

O IA 12.1.1.0 [110/65] via 23.1.1.2, 00:07:49, Serial0/0.32

R4#*Show ip route ospf | I O*

O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:18:52, FastEthernet0/0

O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:09:14, FastEthernet0/0

*As you can see the answer is "NO". *

*So you can see that it prevented the LSA type-3 generation for the
1.1.1.0/24 prefix on the router that sees the route as LSA-1 and LSA-3. *

* *

*NOW.lets test the area filter-list, but before we test it, we should
remove the Area range command:*

*On R2*

R2(config)#*router ospf 1*

R2(config-router)#*No area 1 range 1.1.1.0 255.255.255.0 not-advertise*

*To verify the configuration:*

*On R3*

R3#*Show ip route ospf | I O*

*O IA 1.1.1.0 [110/66] via 23.1.1.2, 00:00:16, Serial0/0.32*

O IA 12.1.1.0 [110/65] via 23.1.1.2, 00:12:47, Serial0/0.32

*Lets configure the area filter-list on R2:*

* *

*On R2*

R2(config)#*IP prefix-list tst deny 1.1.1.0/24*

R2(config)#*IP prefix-list tst permit 0.0.0.0/0 le 32*

R2(config)#*router ospf 1*

R2(config-router)#*area 1 filter-list prefix tst out*

*To verify the configuration:*

*On R2*

R2#*Show ip route ospf | I O*

O IA 34.1.1.0 [110/65] via 23.1.1.3, 00:02:12, Serial0/0.23

*O 1.1.1.0 [110/2] via 12.1.1.1, 00:02:12, FastEthernet0/0*

R2#*Show ip ospf da router*

*Link connected to: a Stub Network*

* (Link ID) Network/subnet number: 1.1.1.0*

* (Link Data) Network Mask: 255.255.255.0*

* Number of TOS metrics: 0*

* TOS 0 Metrics: 1*

*The output of the above show command reveals that the area filter-list
did not do anything to the routing table or the database of the router that
its configured on. But lets see how it affected the other routers:*

*On R3*

R3#*Show ip route ospf | I O*

O IA 12.1.1.0 [110/65] via 23.1.1.2, 00:15:36, Serial0/0.32

*GR8, it worked.*

*So this may seem like both area range and the area filter-list
commands do the same thing, because of the end result, b**ut lets
configure the "Area Filter-list" on R3. Remember in the earlier test the
area range command did not work on R3:*

* *

*Lets remove the previous command before testing it on R3:*

*On R2*

R2(config)#*router ospf 1*

R2(config-router)#*No area 1 filter-list prefix tst out*

*To verify the configuration:*

*On R3*

R3#*Show ip route ospf | I O*

*O IA 1.1.1.0 [110/66] via 23.1.1.2, 00:00:10, Serial0/0.32*

O IA 12.1.1.0 [110/65] via 23.1.1.2, 00:17:47, Serial0/0.32

*NOW.lets configure the area filter-list on R3:*

*On R3*

R3(config)#*ip prefix-list tst deny 1.1.1.0/24*

R3(config)#*ip prefix-list tst permit 0.0.0.0/0 le 32*

R3(config)#*router ospf 1*

R3(config-router)#*area 0 filter-list prefix tst out*

*Lets verify the routing table of R4*

R4#*Show ip route ospf | I O*

O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:29:01, FastEthernet0/0

O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:19:23, FastEthernet0/0

*So you can see that it did affect the routers in area 2. *

*So the area range command can be used on the ABR that is directly
connected to the area that originated the route (intra-area routes) or
another way of saying it (Does NOT generate LSA-3 for the other areas),
whereas, the Area filter-list command affects LSA type-3s and can be
configured on any ABR within your routing domain.*

*You could also use the following command to accomplish the same result,
the following two methods will work on LSA Type-3s going from area 0 to
another area: *

*Lets remove the previous command and verify:*

*On R3*

R3(config)#*router ospf 1*

R3(config-router)#*No area 0 filter-list prefi tst out*

*On R4*

R4#*Show ip route ospf | I O*

*O IA 1.1.1.0 [110/67] via 34.1.1.3, 00:00:27, FastEthernet0/0*

O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:35:22, FastEthernet0/0

O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:25:44, FastEthernet0/0

*Lets configure a static route on R3 and point it to Null0:*

*On R3*

R3(config)#*IP route 1.1.1.0 255.255.255.0 null0*

*To verify the configuration:*

*On R4*

R4#*Show ip route ospf | I O*

O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:37:00, FastEthernet0/0

O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:27:22, FastEthernet0/0

*Or the following: Lets remove the previous command and verify:*

*On R3*

R3(config)#*no IP route 1.1.1.0 255.255.255.0 null0*

*On R4*

R4#*Show ip route ospf | I O*

*O IA 1.1.1.0 [110/67] via 34.1.1.3, 00:00:27, FastEthernet0/0*

O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:37:54, FastEthernet0/0

O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:28:16, FastEthernet0/0

*Contrary to popular belief, the distribute-list in command can affect
the neighboring router/s:*

*On R3*

R3(config)#*access-list 1 deny 1.1.1.0 0.0.0.255*

R3(config)#*access-list 1 permit any*

R3(config)#*router ospf 1*

R3(config-router)#*distribute-list 1 in*

*On R4*

R4#*Show ip route ospf | I O*

O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:38:55, FastEthernet0/0

O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:29:17, FastEthernet0/0

*I hope this helped.*

On Tue, Jan 1, 2013 at 9:36 PM, Sarad <tosara_at_gmail.com> wrote:

> Hi All,
>
> May be it's not clear what I have sent before let me put this straight,
>
> Other than direction (In/Out) what are the limitations of area range
> command over filter-list command in term of OSPF LSA type 3 filtering?
>
> Thanks
> Saranga
>
>
> On Wed, Jan 2, 2013 at 4:16 PM, Sarad <tosara_at_gmail.com> wrote:
>
> > Hi Experts,
> >
> > Can somebody help me to get my head around this, I've been labbing ospf
> > type 3 filtering, Main method use for this is filter-list command. Which
> we
> > can use to filter route based on the direction (in /out)
> >
> >
> >
> > Then there is area range command with not-advertise switch we can use to
> > do limited filtering on ABR. When I tested this it only works when I
> filter
> > LSA type 3 from non backbone area to a backbone area.
> >
> > Can somebody help me to explain what is the exact usage of this command
> in
> > term of filtering in OSPF. There is nothing much in the doc CD
> >
> > *
> > *
> > *area area-id filter-list prefix prefix-list-name {in | out}
> > area* area-id *range* ipv6-prefix /prefix-length [*advertise* | *
> > not-advertise*] [*cost* cost]
> >
> >
> > Cheers
> > Sara
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

--
*Narbik Kocharians
*CCSI#30832, CCIE# 12410 (R&S, SP, Security)
*www.MicronicsTraining.com* <http://www.micronicstraining.com/>
Sr. Technical Instructor
YES! We take Cisco Learning Credits!
A Cisco Learning Partner
Blogs and organic groups at http://www.ccie.net

Received on Wed Jan 02 2013 - 12:49:55 ART

This archive was generated by hypermail 2.2.0 : Sun Feb 03 2013 - 16:27:17 ART