Tuesday, 4 October 2016

Route Filtering with OSPF

Route filtering allows us to prevent routes from being distributed between other routers in our domain / area.



One important thing to note about OSPF is that normal routers within thier area are unaware of where inter-networks reside (the other areas topology ) in that area and instead simply reference the area's ABR - i.e. for example in the topology above if we look at the Router1's OSPF database:

do show ip ospf database

...
            OSPF Router with ID (1.1.1.1) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
1.1.1.1         1.1.1.1         1311        0x80000008 0x009b17 2
2.2.2.2         2.2.2.2         1402        0x80000007 0x00e813 2
3.3.3.3         3.3.3.3         1358        0x80000002 0x000123 1

                Net Link States (Area 0)
Link ID         ADV Router      Age         Seq#       Checksum
10.0.0.2        2.2.2.2         1310        0x80000004 0x003acd

                Summary Net Link States (Area 0)
Link ID         ADV Router      Age         Seq#       Checksum
10.1.0.0        3.3.3.3         1358        0x80000003 0x0094b3
192.168.1.0     3.3.3.3         1338        0x80000004 0x00766e
10.1.0.0        2.2.2.2         1072        0x80000003 0x00b299
10.2.0.0        3.3.3.3         1050        0x80000005 0x0084c0
192.168.3.0     3.3.3.3         364         0x80000008 0x00627b

We can see that the 192.168.3.0/24 (attached to Router4) network we can see that the advertising router is 3.3.3.3 (Router3) - where in fact it was originally advertised by Router 4 (4.4.4.4.)

Since unlike distance vector protocol such as RIP and EIGRP; OSPF uses LSA's to distribute routes - although if we filter LSA's with an area we will come into problems - since the Link State Database of the routers within an area MUST be the same - so instead we can filter routes from entering into the routing table - however it is possible to filter LSA's between areas (ABR's) or between routing domains (ASBR's) though.

For this example we want to ensure the 192.168.3.0 network is not present in Router1's routing table - we accomplish this with a prefix list on Router1 (Area 0):

Router1>
ip prefix-list netblock seq 10 deny 192.168.3.0/24
ip prefix-list netblock seq 20 allow 0.0.0.0/0

router ospf 1
area 0 filter-list prefix netblock in
do wri mem

We can then review the absense of the route from the routing table with:

show ip route ospf

Although notice it is still present in the link state database:

show ip ospf database

0 comments:

Post a Comment