OSPF supports a number of methods to filter routes but it is more restrictive compared to distance vector routing protocols like RIP or EIGRP.
As a link-state routing protocol OSPF uses LSAs to build its LSDB (Link State Database). Routers will run the SPF algorithm to find the shortest path to each destination, the topology in the LSDB has to be the same on all routers or SPF will fail.
However OSPF routers only know what the topology looks like within the area. They don’t know what the topology looks like for other areas. For inter-area routes OSPF only knows the prefix and the ABR (Area Border Router) to reach it.
You could say that OSPF acts like a distance vector routing protocol for inter-area routes. It only knows the metric (distance) and the ABR to get there (vector).
Unlike RIP or EIGRP, OSPF doesn’t advertise routes but LSAs so if we want to filter something we’ll have to filter the advertisement of LSAs.
Since the LSDB within the area has to be the same we can’t filter LSAs within the area, we can however filter routes from entering the routing table. Filtering LSAs between areas on an ABR or ASBR is no problem.
In this lesson I’ll show you how we can filter routes from entering the routing table within the area. In other lessons I will explain how to filter type 3 LSAs and type 5 LSAs.
Here’s the topology I will use:
Nothing fancy, we have three routers running OSPF in the same area. R1 has a loopback interface that is advertised in OSPF, we’ll see if we can filter this network.
Configuration
Here’s the OSPF configuration:
R1#show running-config | section ospf
router ospf 1
network 1.1.1.0 0.0.0.255 area 0
network 192.168.12.0 0.0.0.255 area 0R2#show running-config | section ospf
router ospf 1
network 192.168.12.0 0.0.0.255 area 0
network 192.168.23.0 0.0.0.255 area 0R3#show running-config | section ospf
router ospf 1
network 192.168.23.0 0.0.0.255 area 0Let’s verify if R2 and R3 have learned 1.1.1.1 /32:
R2#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 192.168.12.1, 00:00:27, FastEthernet0/0R3#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/3] via 192.168.23.2, 00:00:28, FastEthernet0/0
O 192.168.12.0/24 [110/2] via 192.168.23.2, 00:00:28, FastEthernet0/0Let’s see if we can get rid of this network on R3:
R3(config)#router ospf 1
R3(config-router)#distribute-list ?
<1-199> IP access list number
<1300-2699> IP expanded access list number
WORD Access-list name
gateway Filtering incoming updates based on gateway
prefix Filter prefixes in routing updates
route-map Filter prefixes based on the route-mapWe can use a distribute-list for this, to keep it simple I’ll combine it with an access-list;
R3(config-router)#distribute-list R1_L0 inWhen we want to remove something from the routing table we have to apply it inbound. The outbound distribute-list is used for LSA type 5 filtering.
Let’s create that access-list:
R3(config)#ip access-list standard R1_L0
R3(config-std-nacl)#deny host 1.1.1.1
R3(config-std-nacl)#permit anyIt will now be gone from the routing table:
R3#show ip route 1.1.1.1
% Network not in tableAs you can see it’s gone…it’s still in the LSDB though:
R3#show ip ospf database router 192.168.12.1
OSPF Router with ID (192.168.23.3) (Process ID 1)
Router Link States (Area 0)
LS age: 664
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 192.168.12.1
Advertising Router: 192.168.12.1
LS Seq Number: 80000003
Checksum: 0xF14F
Length: 48
Number of Links: 2
Link connected to: a Stub Network
(Link ID) Network/subnet number: 1.1.1.1
(Link Data) Network Mask: 255.255.255.255
Number of MTID metrics: 0
TOS 0 Metrics: 1
Link connected to: a Transit Network
(Link ID) Designated Router address: 192.168.12.2
(Link Data) Router Interface address: 192.168.12.1
Number of MTID metrics: 0
TOS 0 Metrics: 1You have to be very careful if you use this command. If you are not careful you can end up in a scenario where you blackhole some traffic. For example, let’s see what happens when I filter this network on R2 instead of R3.
Good Day Rene,
I was practice labs and i come across below redistribute and i failed to understood the metric 1544 2000 255 1 1500
Kindly assist to elaborate on this.
Hi Dani,
Each routing protocol uses different metrics which are incompatible. When you redistribute something into EIGRP, you need to enter the K values manually.
Rene
Hi Rene,
Really enjoying the OSPF lessons! Just one query, the first output is what you had in the lesson and am just wondering why you chose the network statement for the loopback 0 as 1.1.1.0 0.0.0.255 area 0, instead of 1.1.1.1 0.0.0.0 area 0, as in the second output?
... Continue reading in our forumHi Shannon,
It doesn’t matter much which of the two you pick, both will work. The network command basically checks the IP addresses that you have on your interfaces and if it falls within the range of your network command, it will activate OSPF on it.
If you use 1.1.1.0 0.0.0.255 as the network command then any interfaces that have IP address 1.1.1.X on it will run OSPF. If I have a loopback with IP address 1.1.1.1/32 then this will do the job. The problem is that a loopback with 1.1.1.2/32 will also be automatically advertised in OSPF since it matches the netw
... Continue reading in our forumThanks Rene! Got it.