Re: OSPF LSA type 3 filtering from Narbik Kocharians on 2013-01-02 (Ccielab archives 01/2013)

From: Narbik Kocharians <narbikk_at_gmail.com>
Date: Wed, 2 Jan 2013 18:54:46 -0800

May be a correct way of saying it is intra-area routes.

On Wed, Jan 2, 2013 at 6:17 PM, Brian McGahan <bmcgahan_at_ine.com> wrote:

> How does it affect Type 2 LSAs?
>
>
> Brian McGahan, CCIE #8593 (R&S/SP/Security)
> bmcgahan_at_INE.com
>
> Internetwork Expert, Inc.
> http://www.INE.com
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Narbik Kocharians
> Sent: Wednesday, January 02, 2013 4:52 PM
> To: Tim Cribbs Jr.
> Cc: Sarad; Cisco certification
> Subject: Re: OSPF LSA type 3 filtering
>
> Thanks very much, I am glad it helped. And yes it also handles LSA type-2.
>
> On Wed, Jan 2, 2013 at 2:28 PM, Tim Cribbs Jr. <tmcribbs_at_gmail.com> wrote:
>
> > I was JUST at this exact point in my studies and was about to comment,
> > but THANKFULLY Narbik got to it before me. lol
> >
> > BTW, area range will also work with type 2 (1&2).
> >
> > Tim
> >
> > On Wed, Jan 2, 2013 at 5:05 PM, Sarad <tosara_at_gmail.com> wrote:
> > > Hi Narbik,
> > >
> > > Thanks for the in detailed expert level explanation. People like you
> > > keep this forum alive. I just did a lab on this and now it make more
> > > sense. So take out from this would be both these commands do the LSA
> > > filtering on
> > ABR
> > > but Area range command would work only when filtering LSA type 1
> > > regenerating as type 3.
> > >
> > >
> > > Area-range
> > >
> > > LSA1 ---> LSA3
> > >
> > > Filter-list
> > >
> > > LSA1/LSA3 -----> LSA
> > >
> > >
> > > Thanks again for the awesome explanation.
> > >
> > > Cheers
> > > Sara
> > >
> > >
> > > On Thu, Jan 3, 2013 at 7:49 AM, Narbik Kocharians
> > > <narbikk_at_gmail.com>
> > wrote:
> > >
> > >> *Sarad,*
> > >> *Since we are all engineers, and engineers are "Must See" people,
> > >> walk through the following lab.*
> > >> **
> > >> *Let s assume the following topology:*
> > >>
> > >>
> > >>
> > >> Lo0(1.1.1.1/24)----- *R1*(F0/0)12.1.1.1/24 --------
> > 12.1.1.2/24(F0/0)*R2*
> > >>
> > >>
> > >>
> > >> *R2*(S0/0.23) 23.1.1.2/24----------23.1.1.3/24(S0/0.32) *R3*
> > >>
> > >>
> > >>
> > >> *R3*(F0/0)34.1.1.3/24--------34.1.1.4/24(F0/0)*R4*
> > >>
> > >>
> > >>
> > >> *OSPF Areas configuration:*
> > >>
> > >> R1 s Lo0 is advertised with a mask of 24 in area 1
> > >>
> > >> The link connecting R1 to R2 is in area 1
> > >>
> > >> The link connecting R2 to R3 is in area 0
> > >>
> > >> The link connecting R3 to R4 is in area 2
> > >>
> > >>
> > >>
> > >> *To verify:*
> > >>
> > >> R1#*Show ip route ospf | I O*
> > >>
> > >> O IA 34.1.1.0 [110/66] via 12.1.1.2, 00:04:13, FastEthernet0/0
> > >>
> > >> O IA 23.1.1.0 [110/65] via 12.1.1.2, 00:04:13, FastEthernet0/0
> > >>
> > >>
> > >>
> > >> R2#*Show ip route ospf | I O*
> > >>
> > >> O IA 34.1.1.0 [110/65] via 23.1.1.3, 00:05:05, Serial0/0.23
> > >>
> > >> O 1.1.1.0 [110/2] via 12.1.1.1, 00:04:35, FastEthernet0/0
> > >>
> > >>
> > >>
> > >> R3#*Show ip route ospf | I O*
> > >>
> > >> O IA 1.1.1.0 [110/66] via 23.1.1.2, 00:04:30, Serial0/0.32
> > >>
> > >> O IA 12.1.1.0 [110/65] via 23.1.1.2, 00:05:05, Serial0/0.32
> > >>
> > >>
> > >>
> > >> R4#*Show ip route ospf | I O*
> > >>
> > >> O IA 1.1.1.0 [110/67] via 34.1.1.3, 00:04:30, FastEthernet0/0
> > >>
> > >> O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:04:30, FastEthernet0/0
> > >>
> > >> O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:04:30, FastEthernet0/0
> > >>
> > >>
> > >>
> > >> *Let s test the "area range" command on R3:*
> > >>
> > >>
> > >>
> > >> *On R3*
> > >>
> > >> R3(config)#*router ospf 1*
> > >>
> > >> R3(config-router)#*area 1 range 1.1.1.0 255.255.255.0 not-ad*
> > >>
> > >>
> > >>
> > >> *To verify the configuration:*
> > >>
> > >> **
> > >>
> > >> *On R4*
> > >>
> > >> R4#*Show ip route ospf | I O*
> > >>
> > >> *O IA 1.1.1.0 [110/67] via 34.1.1.3, 00:07:07, FastEthernet0/0*
> > >>
> > >> O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:07:07, FastEthernet0/0
> > >>
> > >> O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:07:07, FastEthernet0/0
> > >>
> > >>
> > >> *NOTE: It did not work, because the Area range command does not
> > >> work on inter-area routes at all; now let s try this command on
> > >> R2:*
> > >> **
> > >>
> > >> *On R2*
> > >>
> > >> R2(config)#*router ospf 1*
> > >>
> > >> R2(config-router)#*area 1 range 1.1.1.0 255.255.255.0 not-ad*
> > >>
> > >>
> > >>
> > >> *To verify the configuration:*
> > >> **
> > >> *On** R2*
> > >>
> > >> *NOTE: It s in the routing table and the database of the local
> > >> router
> > >> (R2):*
> > >>
> > >>
> > >>
> > >> R2#*sh ip route ospf | I O*
> > >>
> > >> O IA 34.1.1.0 [110/65] via 23.1.1.3, 00:00:33, Serial0/0.23
> > >>
> > >> *O 1.1.1.0 [110/2] via 12.1.1.1, 00:00:33, FastEthernet0/0*
> > >>
> > >>
> > >>
> > >> R2#*Show ip ospf da router*
> > >>
> > >>
> > >>
> > >> *Link connected to: a Stub Network*
> > >>
> > >> * (Link ID) Network/subnet number: 1.1.1.0*
> > >>
> > >> * (Link Data) Network Mask: 255.255.255.0*
> > >>
> > >> * Number of TOS metrics: 0*
> > >>
> > >> * TOS 0 Metrics: 1*
> > >>
> > >> * *
> > >>
> > >> *But is it going to be advertised to the other areas? Let s check:*
> > >>
> > >>
> > >>
> > >> *On R3*
> > >>
> > >> R3#*Show ip route ospf | I O*
> > >>
> > >> O IA 12.1.1.0 [110/65] via 23.1.1.2, 00:07:49, Serial0/0.32
> > >>
> > >>
> > >>
> > >> R4#*Show ip route ospf | I O*
> > >>
> > >> O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:18:52, FastEthernet0/0
> > >>
> > >> O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:09:14, FastEthernet0/0
> > >>
> > >>
> > >>
> > >> *As you can see the answer is "NO". *
> > >>
> > >> *So you can see that it prevented the LSA type-3 generation for the
> > >> 1.1.1.0/24 prefix on the router that sees the route as LSA-1 and
> > LSA-3. *
> > >>
> > >> * *
> > >>
> > >> *NOW .let s test the area filter-list , but before we test it, we
> > should
> > >> remove the Area range command:*
> > >>
> > >> **
> > >>
> > >> *On R2*
> > >>
> > >> R2(config)#*router ospf 1*
> > >>
> > >> R2(config-router)#*No area 1 range 1.1.1.0 255.255.255.0
> > >> not-advertise*
> > >>
> > >>
> > >>
> > >> *To verify the configuration:*
> > >>
> > >> **
> > >>
> > >> *On R3*
> > >>
> > >>
> > >>
> > >> R3#*Show ip route ospf | I O*
> > >>
> > >> *O IA 1.1.1.0 [110/66] via 23.1.1.2, 00:00:16, Serial0/0.32*
> > >>
> > >> O IA 12.1.1.0 [110/65] via 23.1.1.2, 00:12:47, Serial0/0.32
> > >>
> > >>
> > >>
> > >> *Let s configure the area filter-list on R2:*
> > >>
> > >> * *
> > >>
> > >> *On R2*
> > >>
> > >> R2(config)#*IP prefix-list tst deny 1.1.1.0/24*
> > >>
> > >> R2(config)#*IP prefix-list tst permit 0.0.0.0/0 le 32*
> > >>
> > >>
> > >>
> > >> R2(config)#*router ospf 1*
> > >>
> > >> R2(config-router)#*area 1 filter-list prefix tst out*
> > >>
> > >>
> > >>
> > >> *To verify the configuration:*
> > >>
> > >> **
> > >>
> > >> *On R2*
> > >>
> > >>
> > >>
> > >> R2#*Show ip route ospf | I O*
> > >>
> > >> O IA 34.1.1.0 [110/65] via 23.1.1.3, 00:02:12, Serial0/0.23
> > >>
> > >> *O 1.1.1.0 [110/2] via 12.1.1.1, 00:02:12, FastEthernet0/0*
> > >>
> > >>
> > >>
> > >> R2#*Show ip ospf da router*
> > >>
> > >>
> > >>
> > >> *Link connected to: a Stub Network*
> > >>
> > >> * (Link ID) Network/subnet number: 1.1.1.0*
> > >>
> > >> * (Link Data) Network Mask: 255.255.255.0*
> > >>
> > >> * Number of TOS metrics: 0*
> > >>
> > >> * TOS 0 Metrics: 1*
> > >>
> > >>
> > >>
> > >> *The output of the above show command reveals that the area
> > >> filter-list did not do anything to the routing table or the
> > >> database of the router
> > that
> > >> it s configured on. But let s see how it affected the other
> > >> routers:*
> > >>
> > >>
> > >>
> > >> *On R3*
> > >>
> > >> R3#*Show ip route ospf | I O*
> > >>
> > >> O IA 12.1.1.0 [110/65] via 23.1.1.2, 00:15:36, Serial0/0.32
> > >>
> > >>
> > >>
> > >> *GR8, it worked.*
> > >>
> > >> *So this may seem like both area range and the area filter-list
> > >> commands do the same thing, because of the end result, b**ut let s
> > >> configure the "Area Filter-list" on R3. Remember in the earlier
> > >> test the area range command did not work on R3:*
> > >>
> > >> * *
> > >>
> > >> *Let s remove the previous command before testing it on R3:*
> > >>
> > >>
> > >>
> > >> *On R2*
> > >>
> > >> R2(config)#*router ospf 1*
> > >>
> > >> R2(config-router)#*No area 1 filter-list prefix tst out*
> > >>
> > >>
> > >>
> > >> *To verify the configuration:*
> > >>
> > >> **
> > >>
> > >> *On R3*
> > >>
> > >> R3#*Show ip route ospf | I O*
> > >>
> > >> *O IA 1.1.1.0 [110/66] via 23.1.1.2, 00:00:10, Serial0/0.32*
> > >>
> > >> O IA 12.1.1.0 [110/65] via 23.1.1.2, 00:17:47, Serial0/0.32
> > >>
> > >>
> > >>
> > >> *NOW .let s configure the area filter-list on R3:*
> > >>
> > >>
> > >>
> > >> *On R3*
> > >>
> > >> R3(config)#*ip prefix-list tst deny 1.1.1.0/24*
> > >>
> > >> R3(config)#*ip prefix-list tst permit 0.0.0.0/0 le 32*
> > >>
> > >>
> > >>
> > >> R3(config)#*router ospf 1*
> > >>
> > >> R3(config-router)#*area 0 filter-list prefix tst out*
> > >>
> > >>
> > >>
> > >> *Let s verify the routing table of R4*
> > >>
> > >>
> > >>
> > >> R4#*Show ip route ospf | I O*
> > >>
> > >> O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:29:01, FastEthernet0/0
> > >>
> > >> O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:19:23, FastEthernet0/0
> > >>
> > >>
> > >>
> > >> *So you can see that it did affect the routers in area 2. *
> > >>
> > >> *So the area range command can be used on the ABR that is
> > >> directly connected to the area that originated the route
> > >> (intra-area routes) or another way of saying it (Does NOT generate
> > >> LSA-3 for the other areas), whereas, the Area filter-list command
> > >> affects LSA type-3s and can be configured on any ABR within your
> > >> routing domain.*
> > >>
> > >>
> > >>
> > >> *You could also use the following command to accomplish the same
> > >> result, the following two methods will work on LSA Type-3s going
> > >> from area 0 to another area: *
> > >>
> > >> **
> > >>
> > >> *Let s remove the previous command and verify:*
> > >>
> > >>
> > >>
> > >> *On R3*
> > >>
> > >> R3(config)#*router ospf 1*
> > >>
> > >> R3(config-router)#*No area 0 filter-list prefi tst out*
> > >>
> > >>
> > >>
> > >> *On R4*
> > >>
> > >> R4#*Show ip route ospf | I O*
> > >>
> > >> *O IA 1.1.1.0 [110/67] via 34.1.1.3, 00:00:27, FastEthernet0/0*
> > >>
> > >> O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:35:22, FastEthernet0/0
> > >>
> > >> O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:25:44, FastEthernet0/0
> > >>
> > >>
> > >>
> > >> *Let s configure a static route on R3 and point it to Null0:*
> > >>
> > >>
> > >>
> > >> *On R3*
> > >>
> > >> R3(config)#*IP route 1.1.1.0 255.255.255.0 null0*
> > >>
> > >>
> > >>
> > >> *To verify the configuration:*
> > >>
> > >> **
> > >>
> > >> *On R4*
> > >>
> > >> R4#*Show ip route ospf | I O*
> > >>
> > >> O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:37:00, FastEthernet0/0
> > >>
> > >> O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:27:22, FastEthernet0/0
> > >>
> > >>
> > >>
> > >> *Or the following: Let s remove the previous command and verify:*
> > >>
> > >>
> > >>
> > >> *On R3*
> > >>
> > >> R3(config)#*no IP route 1.1.1.0 255.255.255.0 null0*
> > >>
> > >>
> > >>
> > >> *On R4*
> > >>
> > >> R4#*Show ip route ospf | I O*
> > >>
> > >> *O IA 1.1.1.0 [110/67] via 34.1.1.3, 00:00:27, FastEthernet0/0*
> > >>
> > >> O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:37:54, FastEthernet0/0
> > >>
> > >> O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:28:16, FastEthernet0/0
> > >>
> > >>
> > >>
> > >> *Contrary to popular belief, the distribute-list in command can
> > >> affect the neighboring router/s:*
> > >>
> > >>
> > >>
> > >> *On R3*
> > >>
> > >> R3(config)#*access-list 1 deny 1.1.1.0 0.0.0.255*
> > >>
> > >> R3(config)#*access-list 1 permit any*
> > >>
> > >>
> > >>
> > >> R3(config)#*router ospf 1*
> > >>
> > >> R3(config-router)#*distribute-list 1 in*
> > >>
> > >>
> > >>
> > >> *On R4*
> > >>
> > >> R4#*Show ip route ospf | I O*
> > >>
> > >> O IA 23.1.1.0 [110/65] via 34.1.1.3, 00:38:55, FastEthernet0/0
> > >>
> > >> O IA 12.1.1.0 [110/66] via 34.1.1.3, 00:29:17, FastEthernet0/0
> > >>
> > >>
> > >>
> > >> *I hope this helped.*
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> On Tue, Jan 1, 2013 at 9:36 PM, Sarad <tosara_at_gmail.com> wrote:
> > >>
> > >>> Hi All,
> > >>>
> > >>> May be it's not clear what I have sent before let me put this
> > >>> straight,
> > >>>
> > >>> Other than direction (In/Out) what are the limitations of area
> > >>> range command over filter-list command in term of OSPF LSA type 3
> filtering?
> > >>>
> > >>> Thanks
> > >>> Saranga
> > >>>
> > >>>
> > >>> On Wed, Jan 2, 2013 at 4:16 PM, Sarad <tosara_at_gmail.com> wrote:
> > >>>
> > >>> > Hi Experts,
> > >>> >
> > >>> > Can somebody help me to get my head around this, I've been
> > >>> > labbing
> > ospf
> > >>> > type 3 filtering, Main method use for this is filter-list command.
> > >>> Which we
> > >>> > can use to filter route based on the direction (in /out)
> > >>> >
> > >>> >
> > >>> >
> > >>> > Then there is area range command with not-advertise switch we
> > >>> > can
> > use to
> > >>> > do limited filtering on ABR. When I tested this it only works
> > >>> > when I
> > >>> filter
> > >>> > LSA type 3 from non backbone area to a backbone area.
> > >>> >
> > >>> > Can somebody help me to explain what is the exact usage of this
> > command
> > >>> in
> > >>> > term of filtering in OSPF. There is nothing much in the doc CD
> > >>> >
> > >>> > *
> > >>> > *
> > >>> > *area area-id filter-list prefix prefix-list-name {in | out}
> > >>> > area* area-id *range* ipv6-prefix /prefix-length [*advertise* |
> > >>> > * not-advertise*] [*cost* cost]
> > >>> >
> > >>> >
> > >>> > Cheers
> > >>> > Sara
> > >>>
> > >>>
> > >>> Blogs and organic groups at http://www.ccie.net
> > >>>
> > >>> __________________________________________________________________
> > >>> _____ Subscription information may be found at:
> > >>> http://www.groupstudy.com/list/CCIELab.html
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >>
> > >>
> > >> --
> > >> *Narbik Kocharians
> > >> *CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> > >> *www.MicronicsTraining.com* <http://www.micronicstraining.com/>
> > >> Sr. Technical Instructor
> > >> YES! We take Cisco Learning Credits!
> > >> A Cisco Learning Partner
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > ____________________________________________________________________
> > > ___ Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
>
>
>
> --
> *Narbik Kocharians
> *CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> *www.MicronicsTraining.com* <http://www.micronicstraining.com/>
> Sr. Technical Instructor
> YES! We take Cisco Learning Credits!
> A Cisco Learning Partner
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
*Narbik Kocharians
*CCSI#30832, CCIE# 12410 (R&S, SP, Security)
*www.MicronicsTraining.com* <http://www.micronicstraining.com/>
Sr. Technical Instructor
YES! We take Cisco Learning Credits!
A Cisco Learning Partner
Blogs and organic groups at http://www.ccie.net

Received on Wed Jan 02 2013 - 18:54:46 ART

This archive was generated by hypermail 2.2.0 : Sun Feb 03 2013 - 16:27:17 ART