Sunday, February 20, 2011

Lab 12 - OSPF Filtering with Area Filter-List

Prerequisites: CCNP level skills.

Note!
Routers use OSPF configuration from the lab 6.
One thing to remember is that all routers within the same OSPF area share the EXACT same LSA database! This will affect how we can filter OSPF updates.

There are a few filtering methods:
  1. Ingress filtering using a 'distribute-list'. 
  2. Ingress filtering using a 'distribute-list' with a 'route-map'. 
  3. Ingress filtering by changing the Administrative Distance of the prefixes to UNKNOWN (255).
  4. Type 3 LSA filtering using 'area area-number range' command (applied on ABR).
  5. Type 3 LSA filtering using 'filter-list' command.
  6. LSA Flooding Filtering.
The first three methods (1-3) prevent prefixes from entering the routing table. The LSAs are still going to be present in the LSDB since all routers in OSPF area must be synchronized (the same LSDB). These methods are the intra-area filters.

The last three methods (4-5) are inter-area filters preventing LSAs from entering LSDB.

Topology

Pic. 1 - OSPF Multi-Area Topology.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Task List

Task 1
On R3, check the routing table. Make sure that it shows prefixes: 172.16.104.0/24 and 172.16.144.0/24.

Task 2
Configure router(s) so R3 does not receive 172.16.104.0/24 and 172.16.144.0/24 prefixes.

Task 3
Check the results.

Lab Solution

Task 1
On R3, check the routing table. Make sure that it shows prefixes: 172.16.104.0/24 and 172.16.144.0/24. 
 Pic. 2 -  R3's Routing Table.

Task 2
Configure router(s) so R3 does not receive 172.16.104.0/24 and 172.16.144.0/24 prefixes. 

Note!
'Filter-list' command can only take a prefix-list as its argument (as of the time of writing this post).

R1 Configuration:
!
ip prefix-list DENY_R4_LOOPBACKS seq 5 deny 172.16.104.0/24
ip prefix-list DENY_R4_LOOPBACKS seq 10 deny 172.16.144.0/24
ip prefix-list DENY_R4_LOOPBACKS seq 15 permit 0.0.0.0/0 le 32
!
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 area 1 filter-list prefix DENY_R4_LOOPBACKS out
 network 10.1.13.1 0.0.0.0 area 0
 network 10.1.124.1 0.0.0.0 area 1
 network 172.16.101.1 0.0.0.0 area 0
!

R2 Configuration:
!
ip prefix-list DENY_R4_LOOPBACKS seq 5 deny 172.16.104.0/24
ip prefix-list DENY_R4_LOOPBACKS seq 10 deny 172.16.144.0/24
ip prefix-list DENY_R4_LOOPBACKS seq 15 permit 0.0.0.0/0 le 32
!
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 area 1 filter-list prefix DENY_R4_LOOPBACKS out
 network 10.1.13.1 0.0.0.0 area 0
 network 10.1.124.1 0.0.0.0 area 1
 network 172.16.101.1 0.0.0.0 area 0
!

Task 3
Check the results.

Pic. 3 - R3's Routing Table with Filter-List.
The prefixes in question no longer show in R3's routing table.