Re: OSPF LSA type 3 filtering from Tim Cribbs Jr. on 2013-01-02 (Ccielab archives 01/2013)

From: Tim Cribbs Jr. <tmcribbs_at_gmail.com>
Date: Wed, 2 Jan 2013 17:28:27 -0500

I was JUST at this exact point in my studies and was about to comment,
but THANKFULLY Narbik got to it before me. lol

BTW, area range will also work with type 2 (1&2).

Tim

On Wed, Jan 2, 2013 at 5:05 PM, Sarad <tosara_at_gmail.com> wrote:
> Hi Narbik,
>
> Thanks for the in detailed expert level explanation. People like you keep
> this forum alive. I just did a lab on this and now it make more sense. So
> take out from this would be both these commands do the LSA filtering on ABR
> but Area range command would work only when filtering LSA type 1
> regenerating as type 3.
>
>
> Area-range
>
> LSA1 ---> LSA3
>
> Filter-list
>
> LSA1/LSA3 -----> LSA
>
>
> Thanks again for the awesome explanation.
>
> Cheers
> Sara
>
>
> On Thu, Jan 3, 2013 at 7:49 AM, Narbik Kocharians <narbikk_at_gmail.com> wrote:
>
>> *Sarad,*
>> *Since we are all engineers, and engineers are "Must See" people, walk
>> through the following lab.*
>> **
>> *Let s assume the following topology:*
>>
>>
>>
>> Lo0(1.1.1.1/24)----- *R1*(F0/0)12.1.1.1/24 -------- 12.1.1.2/24(F0/0)*R2*
>>
>>
>>
>> *R2*(S0/0.23) 23.1.1.2/24----------23.1.1.3/24(S0/0.32) *R3*
>>
>>
>>
>> *R3*(F0/0)34.1.1.3/24--------34.1.1.4/24(F0/0)*R4*
>>
>>
>>
>> *OSPF Areas configuration:*
>>
>> R1 s Lo0 is advertised with a mask of 24 in area 1
>>
>> The link connecting R1 to R2 is in area 1
>>
>> The link connecting R2 to R3 is in area 0
>>
>> The link connecting R3 to R4 is in area 2
>>
>>
>>
>> *To verify:*
>>
>> R1#*Show ip route ospf | I O*
>>
>> O IA 34.1.1.0 [110/66] via 12.1.1.2, 00:04:13, FastEthernet0/0
>>
>> O IA 23.1.1.0 [110/65] via 12.1.1.2, 00:04:13, FastEthernet0/0
>>
>>
>>
>> R2#*Show ip route ospf | I O*
>>
>> O IA 34.1.1.0 [110/65] via 23.1.1.3, 00:05:05, Serial0/0.23
>>
>> O 1.1.1.0 [110/2] via 12.1.1.1, 00:04:35, FastEthernet0/0
>>
>>
>>
>> R3#*Show ip route ospf | I O*
>>
>> O IA 1.1.1.0 [110/66] via 23.1.1.2, 00:04:30, Serial0/0.32
>>
>> O IA 12.1.1.0 [110/65] via 23.1.1.2, 00:05:05, Serial0/0.32
>>
>>
>>
>> R4#*Show ip route ospf | I O*
>>
>> O IA 1.1.1.0 [110/67] via 34.1.1.3, 00:04:30, FastEthernet0/0
>>
>> O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:04:30, FastEthernet0/0
>>
>> O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:04:30, FastEthernet0/0
>>
>>
>>
>> *Let s test the "area range" command on R3:*
>>
>>
>>
>> *On R3*
>>
>> R3(config)#*router ospf 1*
>>
>> R3(config-router)#*area 1 range 1.1.1.0 255.255.255.0 not-ad*
>>
>>
>>
>> *To verify the configuration:*
>>
>> **
>>
>> *On R4*
>>
>> R4#*Show ip route ospf | I O*
>>
>> *O IA 1.1.1.0 [110/67] via 34.1.1.3, 00:07:07, FastEthernet0/0*
>>
>> O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:07:07, FastEthernet0/0
>>
>> O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:07:07, FastEthernet0/0
>>
>>
>> *NOTE: It did not work, because the Area range command does not work
>> on inter-area routes at all; now let s try this command on R2:*
>> **
>>
>> *On R2*
>>
>> R2(config)#*router ospf 1*
>>
>> R2(config-router)#*area 1 range 1.1.1.0 255.255.255.0 not-ad*
>>
>>
>>
>> *To verify the configuration:*
>> **
>> *On** R2*
>>
>> *NOTE: It s in the routing table and the database of the local router
>> (R2):*
>>
>>
>>
>> R2#*sh ip route ospf | I O*
>>
>> O IA 34.1.1.0 [110/65] via 23.1.1.3, 00:00:33, Serial0/0.23
>>
>> *O 1.1.1.0 [110/2] via 12.1.1.1, 00:00:33, FastEthernet0/0*
>>
>>
>>
>> R2#*Show ip ospf da router*
>>
>>
>>
>> *Link connected to: a Stub Network*
>>
>> * (Link ID) Network/subnet number: 1.1.1.0*
>>
>> * (Link Data) Network Mask: 255.255.255.0*
>>
>> * Number of TOS metrics: 0*
>>
>> * TOS 0 Metrics: 1*
>>
>> * *
>>
>> *But is it going to be advertised to the other areas? Let s check:*
>>
>>
>>
>> *On R3*
>>
>> R3#*Show ip route ospf | I O*
>>
>> O IA 12.1.1.0 [110/65] via 23.1.1.2, 00:07:49, Serial0/0.32
>>
>>
>>
>> R4#*Show ip route ospf | I O*
>>
>> O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:18:52, FastEthernet0/0
>>
>> O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:09:14, FastEthernet0/0
>>
>>
>>
>> *As you can see the answer is "NO". *
>>
>> *So you can see that it prevented the LSA type-3 generation for the
>> 1.1.1.0/24 prefix on the router that sees the route as LSA-1 and LSA-3. *
>>
>> * *
>>
>> *NOW .let s test the area filter-list , but before we test it, we should
>> remove the Area range command:*
>>
>> **
>>
>> *On R2*
>>
>> R2(config)#*router ospf 1*
>>
>> R2(config-router)#*No area 1 range 1.1.1.0 255.255.255.0 not-advertise*
>>
>>
>>
>> *To verify the configuration:*
>>
>> **
>>
>> *On R3*
>>
>>
>>
>> R3#*Show ip route ospf | I O*
>>
>> *O IA 1.1.1.0 [110/66] via 23.1.1.2, 00:00:16, Serial0/0.32*
>>
>> O IA 12.1.1.0 [110/65] via 23.1.1.2, 00:12:47, Serial0/0.32
>>
>>
>>
>> *Let s configure the area filter-list on R2:*
>>
>> * *
>>
>> *On R2*
>>
>> R2(config)#*IP prefix-list tst deny 1.1.1.0/24*
>>
>> R2(config)#*IP prefix-list tst permit 0.0.0.0/0 le 32*
>>
>>
>>
>> R2(config)#*router ospf 1*
>>
>> R2(config-router)#*area 1 filter-list prefix tst out*
>>
>>
>>
>> *To verify the configuration:*
>>
>> **
>>
>> *On R2*
>>
>>
>>
>> R2#*Show ip route ospf | I O*
>>
>> O IA 34.1.1.0 [110/65] via 23.1.1.3, 00:02:12, Serial0/0.23
>>
>> *O 1.1.1.0 [110/2] via 12.1.1.1, 00:02:12, FastEthernet0/0*
>>
>>
>>
>> R2#*Show ip ospf da router*
>>
>>
>>
>> *Link connected to: a Stub Network*
>>
>> * (Link ID) Network/subnet number: 1.1.1.0*
>>
>> * (Link Data) Network Mask: 255.255.255.0*
>>
>> * Number of TOS metrics: 0*
>>
>> * TOS 0 Metrics: 1*
>>
>>
>>
>> *The output of the above show command reveals that the area filter-list
>> did not do anything to the routing table or the database of the router that
>> it s configured on. But let s see how it affected the other routers:*
>>
>>
>>
>> *On R3*
>>
>> R3#*Show ip route ospf | I O*
>>
>> O IA 12.1.1.0 [110/65] via 23.1.1.2, 00:15:36, Serial0/0.32
>>
>>
>>
>> *GR8, it worked.*
>>
>> *So this may seem like both area range and the area filter-list
>> commands do the same thing, because of the end result, b**ut let s
>> configure the "Area Filter-list" on R3. Remember in the earlier test the
>> area range command did not work on R3:*
>>
>> * *
>>
>> *Let s remove the previous command before testing it on R3:*
>>
>>
>>
>> *On R2*
>>
>> R2(config)#*router ospf 1*
>>
>> R2(config-router)#*No area 1 filter-list prefix tst out*
>>
>>
>>
>> *To verify the configuration:*
>>
>> **
>>
>> *On R3*
>>
>> R3#*Show ip route ospf | I O*
>>
>> *O IA 1.1.1.0 [110/66] via 23.1.1.2, 00:00:10, Serial0/0.32*
>>
>> O IA 12.1.1.0 [110/65] via 23.1.1.2, 00:17:47, Serial0/0.32
>>
>>
>>
>> *NOW .let s configure the area filter-list on R3:*
>>
>>
>>
>> *On R3*
>>
>> R3(config)#*ip prefix-list tst deny 1.1.1.0/24*
>>
>> R3(config)#*ip prefix-list tst permit 0.0.0.0/0 le 32*
>>
>>
>>
>> R3(config)#*router ospf 1*
>>
>> R3(config-router)#*area 0 filter-list prefix tst out*
>>
>>
>>
>> *Let s verify the routing table of R4*
>>
>>
>>
>> R4#*Show ip route ospf | I O*
>>
>> O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:29:01, FastEthernet0/0
>>
>> O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:19:23, FastEthernet0/0
>>
>>
>>
>> *So you can see that it did affect the routers in area 2. *
>>
>> *So the area range command can be used on the ABR that is directly
>> connected to the area that originated the route (intra-area routes) or
>> another way of saying it (Does NOT generate LSA-3 for the other areas),
>> whereas, the Area filter-list command affects LSA type-3s and can be
>> configured on any ABR within your routing domain.*
>>
>>
>>
>> *You could also use the following command to accomplish the same result,
>> the following two methods will work on LSA Type-3s going from area 0 to
>> another area: *
>>
>> **
>>
>> *Let s remove the previous command and verify:*
>>
>>
>>
>> *On R3*
>>
>> R3(config)#*router ospf 1*
>>
>> R3(config-router)#*No area 0 filter-list prefi tst out*
>>
>>
>>
>> *On R4*
>>
>> R4#*Show ip route ospf | I O*
>>
>> *O IA 1.1.1.0 [110/67] via 34.1.1.3, 00:00:27, FastEthernet0/0*
>>
>> O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:35:22, FastEthernet0/0
>>
>> O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:25:44, FastEthernet0/0
>>
>>
>>
>> *Let s configure a static route on R3 and point it to Null0:*
>>
>>
>>
>> *On R3*
>>
>> R3(config)#*IP route 1.1.1.0 255.255.255.0 null0*
>>
>>
>>
>> *To verify the configuration:*
>>
>> **
>>
>> *On R4*
>>
>> R4#*Show ip route ospf | I O*
>>
>> O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:37:00, FastEthernet0/0
>>
>> O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:27:22, FastEthernet0/0
>>
>>
>>
>> *Or the following: Let s remove the previous command and verify:*
>>
>>
>>
>> *On R3*
>>
>> R3(config)#*no IP route 1.1.1.0 255.255.255.0 null0*
>>
>>
>>
>> *On R4*
>>
>> R4#*Show ip route ospf | I O*
>>
>> *O IA 1.1.1.0 [110/67] via 34.1.1.3, 00:00:27, FastEthernet0/0*
>>
>> O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:37:54, FastEthernet0/0
>>
>> O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:28:16, FastEthernet0/0
>>
>>
>>
>> *Contrary to popular belief, the distribute-list in command can affect
>> the neighboring router/s:*
>>
>>
>>
>> *On R3*
>>
>> R3(config)#*access-list 1 deny 1.1.1.0 0.0.0.255*
>>
>> R3(config)#*access-list 1 permit any*
>>
>>
>>
>> R3(config)#*router ospf 1*
>>
>> R3(config-router)#*distribute-list 1 in*
>>
>>
>>
>> *On R4*
>>
>> R4#*Show ip route ospf | I O*
>>
>> O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:38:55, FastEthernet0/0
>>
>> O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:29:17, FastEthernet0/0
>>
>>
>>
>> *I hope this helped.*
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Jan 1, 2013 at 9:36 PM, Sarad <tosara_at_gmail.com> wrote:
>>
>>> Hi All,
>>>
>>> May be it's not clear what I have sent before let me put this straight,
>>>
>>> Other than direction (In/Out) what are the limitations of area range
>>> command over filter-list command in term of OSPF LSA type 3 filtering?
>>>
>>> Thanks
>>> Saranga
>>>
>>>
>>> On Wed, Jan 2, 2013 at 4:16 PM, Sarad <tosara_at_gmail.com> wrote:
>>>
>>> > Hi Experts,
>>> >
>>> > Can somebody help me to get my head around this, I've been labbing ospf
>>> > type 3 filtering, Main method use for this is filter-list command.
>>> Which we
>>> > can use to filter route based on the direction (in /out)
>>> >
>>> >
>>> >
>>> > Then there is area range command with not-advertise switch we can use to
>>> > do limited filtering on ABR. When I tested this it only works when I
>>> filter
>>> > LSA type 3 from non backbone area to a backbone area.
>>> >
>>> > Can somebody help me to explain what is the exact usage of this command
>>> in
>>> > term of filtering in OSPF. There is nothing much in the doc CD
>>> >
>>> > *
>>> > *
>>> > *area area-id filter-list prefix prefix-list-name {in | out}
>>> > area* area-id *range* ipv6-prefix /prefix-length [*advertise* | *
>>> > not-advertise*] [*cost* cost]
>>> >
>>> >
>>> > Cheers
>>> > Sara
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> *Narbik Kocharians
>> *CCSI#30832, CCIE# 12410 (R&S, SP, Security)
>> *www.MicronicsTraining.com* <http://www.micronicstraining.com/>
>> Sr. Technical Instructor
>> YES! We take Cisco Learning Credits!
>> A Cisco Learning Partner
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jan 02 2013 - 17:28:27 ART

This archive was generated by hypermail 2.2.0 : Sun Feb 03 2013 - 16:27:17 ART