OSPF Filter Inter-area routes



Topology consist of 3 OSPF areas
Router R2 generates the following routes into Area 0
2.2.0.0/24
2.2.1.0/24
2.2.2.0/24
2.2.3.0/24

Router 5 generates the following routes into Area 135
5.5.0.0/24
5.5.1.0/24
5.5.2.0/24
5.5.3.0/24
Router 6 generates the following routes into Area 146
4.4.0.0/24
4.4.1.0/24
4.4.2.0/24
4.4.3.0/24
So let’s see how we can filter some Inter area routes
Task 1
Filter these 2 prefixes 2.2.0.0/24 and 2.2.3.0/24 form being propagated outside area 0 and allow any other routes
So do that we create a prefix list to deny these 2 routes and allow everything else
ip prefix-list FROM_AREA0 seq 5 deny 2.2.0.0/24
ip prefix-list FROM_AREA0 seq 10 deny 2.2.3.0/24
ip prefix-list FROM_AREA0 seq 15 permit 0.0.0.0/0 le 32
then we apply a filter list under the ospf configuration  on R1, the filtering has to be done on the ABR routers
We need to filter these routes out from Area 0 so the filter list will be applied outbound direction
Router ospf 1
area 0 filter-list prefix FROM_AREA0 out

now let’s see the effect of that on other Areas
on R6
R6(config)#do sh ip route | in 2.2
O IA    2.2.1.0 [110/22] via 10.1.46.4, 00:35:59, FastEthernet0/0
O IA    2.2.2.0 [110/22] via 10.1.46.4, 00:35:59, FastEthernet0/0
On R5
R5(config-if)#do sh ip route os | in 2.2.
O IA    2.2.1.0 [110/31] via 10.1.35.3, 00:25:49, FastEthernet0/0
O IA    2.2.2.0 [110/31] via 10.1.35.3, 00:25:49, FastEthernet0/0

So what happens  if add another route in area 0
R2(config-if)#do sh ip os inter br
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Lo0          1     0               2.2.0.2/24         1     P2P   0/0
Lo1          1     0               2.2.1.2/24         1     P2P   0/0
Lo2          1     0               2.2.2.2/24         1     P2P   0/0
Lo3          1     0               2.2.3.2/24         1     P2P   0/0
Lo4          1     0               2.2.4.1/24         1     P2P   0/0

Now on R6
R6(config)#do sh ip route | in 2.2
O IA    2.2.1.0 [110/22] via 10.1.46.4, 00:38:08, FastEthernet0/0
O IA    2.2.2.0 [110/22] via 10.1.46.4, 00:38:08, FastEthernet0/0
O IA    2.2.4.0 [110/22] via 10.1.46.4, 00:00:26, FastEthernet0/0

And R4
R5(config-if)#do sh ip route os | in 2.2.
O IA    2.2.1.0 [110/31] via 10.1.35.3, 00:27:53, FastEthernet0/0
O IA    2.2.2.0 [110/31] via 10.1.35.3, 00:27:53, FastEthernet0/0
O IA    2.2.4.0 [110/31] via 10.1.35.3, 00:00:53, FastEthernet0/0
Now let’s examine R1 routing table
R1(config-router)#do sh ip route os | in 2.2
O       2.2.0.0 [110/11] via 10.1.12.2, 00:02:25, FastEthernet0/0
O       2.2.1.0 [110/11] via 10.1.12.2, 00:02:25, FastEthernet0/0
O       2.2.2.0 [110/11] via 10.1.12.2, 00:02:25, FastEthernet0/0
O       2.2.3.0 [110/11] via 10.1.12.2, 00:02:25, FastEthernet0/0
O       2.2.4.0 [110/11] via 10.1.12.2, 00:02:25, FastEthernet0/0
As we can see filtering didn’t affect R1 because for R1 these routes are intra area routes

Task 2:
Remove configuration from previous task
Filter these 2 prefixes 2.2.0.0/24 and 2.2.3.0/24 from entering area 135 only, these 2 prefixes should be still allowed to other areas in the ospf domain
To achieve that we can use the same prefix list we used on the first task
ip prefix-list FROM_AREA0 seq 5 deny 2.2.0.0/24
ip prefix-list FROM_AREA0 seq 10 deny 2.2.3.0/24
ip prefix-list FROM_AREA0 seq 15 permit 0.0.0.0/0 le 32
but we should apply the filter list inbound to area 135
so on R1
router ospf 1
area 135 filter-list prefix FROM_AREA0 in

no let’s check area 135 R5
R5(config-if)#do sh ip route os | in 2.2.
O IA    2.2.1.0 [110/31] via 10.1.35.3, 00:36:36, FastEthernet0/0
O IA    2.2.2.0 [110/31] via 10.1.35.3, 00:36:36, FastEthernet0/0
O IA    2.2.4.0 [110/31] via 10.1.35.3, 00:09:36, FastEthernet0/0

The two prefixes were filtered from getting into the Area
While on R6 Area 146 these 2 routes were received along all routes from area 0

Task 3:
Remove configurations from previous task
Filter these 2 prefixes  4.4.0.0/24 and 4.4.3.0/24 from entering area 0 and allow everything else
Configuration should only affect Area 0
Again we match the two prefixes using a prefix list

ip prefix-list AREA_135 seq 5 deny 5.5.0.0/24
ip prefix-list AREA_135 seq 10 deny 5.5.3.0/24
ip prefix-list AREA_135 seq 15 permit 0.0.0.0/0 le 32
under the ospf configuration of R1 we filter these routes in Area 0, if we filter them out Area 135 this will affect Area 146 as well
on R1
router ospf 1
area 0 filter-list prefix AREA_135 in
now let’s check the routing table on R2
R2(config-if)#do sh ip route os | in 5.5.
O IA    5.5.1.0 [110/31] via 10.1.12.1, 01:09:08, FastEthernet0/0
O IA    5.5.2.0 [110/31] via 10.1.12.1, 01:09:08, FastEthernet0/0
And the database
R2(config-if)#do sh ip os data | b Summary
                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
5.5.1.0         1.1.1.1         1887        0x80000003 0x00B165
5.5.2.0         1.1.1.1         1887        0x80000003 0x00A66F
6.6.0.0         1.1.1.1         595         0x80000004 0x0047D6
6.6.1.0         1.1.1.1         595         0x80000004 0x003CE0
6.6.2.0         1.1.1.1         595         0x80000004 0x0031EA
6.6.3.0         1.1.1.1         595         0x80000004 0x0026F4
10.1.13.0       1.1.1.1         595         0x80000004 0x00AB68
10.1.14.0       1.1.1.1         595         0x80000004 0x0046D5
10.1.35.0       1.1.1.1         595         0x80000004 0x001DD6
10.1.46.0       1.1.1.1         595         0x80000004 0x0049A8
While on R6
R6(config)#do sh ip route | in 5.5
O IA    5.5.0.0 [110/32] via 10.1.46.4, 01:39:19, FastEthernet0/0
O IA    5.5.1.0 [110/32] via 10.1.46.4, 01:39:19, FastEthernet0/0
O IA    5.5.2.0 [110/32] via 10.1.46.4, 01:37:39, FastEthernet0/0
O IA    5.5.3.0 [110/32] via 10.1.46.4, 01:37:53, FastEthernet0/0










Comments

Post a Comment

Popular posts from this blog

BPDU Filter vs BPDU Guard

        Today we will try to explore the difference between these 2 options, BPDU guard and BPDU filter We know that BPDU are used to communicate between switches in L2 networks  to ensure loop free topology. BPDU Guard is used to protect our access (or trunks incase of servers) ports from receiving undesired BPDU packets, this feature is helpful in enforcing your network boundary in access layer BPDU Guard can be enabled on global configuration as well as under the interface configuration BPDU Filter on the other hand is used to filter BPDU packets outbound when configured  in global configuration (after sending 11 BPDU out ) and will filter BPDU inbound/outbound when configured under the interface level To better understand these two features, let’s use this simple topology R1 is connected to SW1 through F0/0 to have R1 send and receive BPDU we will simple configure bridging group 1 on the router and we will join the bridge group when desired to test our configuration BPDU
Read more

BGP Weight Attribute

Image
Before we start the lab let's see the BGP path selection process If the path specifies a next hop that is inaccessible, drop the update. •Prefer the path with the highest weight. •If the weights are the same, prefer the path with the largest local preference. •If the local preferences are the same, prefer the path that was originated by BGP running on this router. •If no route was originated, prefer the route that has the shortest AS_path. •If all paths have the same AS_path length, prefer the path with the lowest origin code (where IGP is lower than EGP, and EGP is lower than incomplete). •If the origin codes are the same, prefer the path with the lowest MED attribute. •If the paths have the same MED, prefer the external path over the internal path. •If the paths are still the same, prefer the path through the closest IGP neighbor. •Prefer the path with the lowest IP address, as specified by the BGP router ID. I read this on CCIE Pursuit blog We Love Oranges As O
Read more

OSPF–Point To Multipoint Non-Broadcast

Image
Using same setup that we have been using in the last 3 posts, we will change the network type to point-to-multipoint Non-Broadcast we will also add a Ethernet link between R2 and R3 and enable OSPF on it Our final configuration should be something like this R1 interface Serial0/0   no ip address   encapsulation frame-relay   no frame-relay inverse-arp ! interface Serial0/0.123 multipoint   ip address 10.1.123.1 255.255.255.0   ip ospf network point-to-multipoint non-broadcast   ip ospf 1 area 0   frame-relay map ip 10.1.123.2 102   frame-relay map ip 10.1.123.3 103 !          router ospf 1   router-id 1.1.1.1   log-adjacency-changes   neighbor 10.1.123.2   neighbor 10.1.123.3 R2 interface Serial0/0   no ip address   encapsulation frame-relay   no frame-relay inverse-arp ! interface Serial0/0.123 multipoint   ip address 10.1.123.2 255.255.255.0   ip ospf network point-to-multipoint non-broadcast   ip ospf 1 area 0   frame-relay map ip 10.1.123.1 201 R3 interface
Read more