Configure OSPF To Filter Type-5 LSAs

Contents

Introduction Prerequisites Requirements Components Used Background Information Configure Network Diagram Initial Configurations Filter Options Distribute List Summary-address Route-map Verify Troubleshoot

Introduction

This document describes the various methods of filtering OSPF Type 5 LSAs on routers and switches that run Cisco IOS? and

Contributed by Rohit Nair, Cisco TAC Engineer.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions. This document applies to all Cisco routers and switches that run Cisco IOS.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Background Information

An OSPF type 5 LSA is originated by an Autonomous System Boundary Router (ASBR) and flooded within the OSPF area. These routes are generated by means of redistribution into OSPF from other protocols or by the redistribution of connected or static routes.

Configure

The following example shows the various methods to filter Type 5 LSAs within an OSPF domain.

Network Diagram

Initial Configurations

NewYork

interface FastEthernet0/0 ip address 10.12.1.1 255.255.255.0 end

router ospf 1 network 10.12.1.1 0.0.0.0 area 0

London

interface FastEthernet0/0 ip address 10.12.1.2 255.255.255.0 end

interface FastEthernet1/0 ip address 10.23.1.1 255.255.255.0 end

router ospf 1 network 10.12.1.2 0.0.0.0 area 0 network 10.23.1.1 0.0.0.0 area 0

Dubai

interface FastEthernet0/0 ip address 10.23.1.2 255.255.255.0 end

interface FastEthernet1/0 ip address 192.168.1.1 255.255.255.0 end

router ospf 1 network 10.23.1.2 0.0.0.0 area 0

router eigrp 1 network 192.168.1.1 0.0.0.0

no auto-summary

Tokyo

interface FastEthernet0/0 ip address 192.168.1.2 255.255.255.0 end

interface Loopback100 ip address 172.16.1.1 255.255.255.255 end

router eigrp 1 network 172.16.1.1 0.0.0.0 network 192.168.1.2 0.0.0.0 no auto-summary

Filter Options

Distribute List

The distribute list out function, associated with an access-list or prefix-list can be used on the ASBR generating the Type 5 LSAs.

Note: The distribute-list out command is not a supported command in OSPF. The distribute-list out command must be used.

Below is an example from the ASBR, Dubai. The distribute list is used to define what networks, from EIGRP are to be advertised within the OSPF domain:

Standard IP access list 1 10 deny 192.168.1.0, wildcard bits 0.0.0.255 20 permit any

router ospf 1 redistribute eigrp 1 subnets network 10.23.1.2 0.0.0.0 area 0 distribute-list 1 out eigrp 1

After applying the above distribute list, the 192.168.1.0 LSA is not seen on NewYork and London:

NewYork:

Type-5 AS External Link States

Link ID 172.16.1.1

ADV Router

Age

192.168.1.1

23

NewYork#sh ip route 192.168.1.0 % Network not in table

London:

Seq#

Checksum Tag

0x80000001 0x003442 0

Type-5 AS External Link States

Link ID 172.16.1.1

ADV Router

Age

192.168.1.1

152

Seq#

Checksum Tag

0x80000001 0x003442 0

London#sh ip route 192.168.1.0 % Network not in table

Note: A distribute-list in linked to the interface can be used on any router within the area. This however, only restricts the route from being installed in the routing table and will not block a type 5 LSAs from being forwarded.

Summary-address

The summary-address command along with the not-advertise keyword can be used on the ASBR under the Router OSPF process to stop the propagation of a Type 5 LSA.

On Dubai, the summary-address command has been used to stop the advertisement of the 172.16.1.0 Type 5LSA.

Dubai:

router ospf 1 log-adjacency-changes summary-address 172.16.1.0 255.255.255.0 not-advertise redistribute eigrp 1 subnets network 10.23.1.2 0.0.0.0 area 0

The 172.16.1.0 LSA is no longer present on NewYork and London:

NewYork:

Link ID 192.168.1.0

Type-5 AS External Link States

ADV Router

Age

192.168.1.1

112

Seq#

Checksum Tag

0x80000001 0x0012B8 0

NewYork#sh ip route 172.16.1.0 % Network not in table

London:

Link ID 192.168.1.0

Type-5 AS External Link States

ADV Router

Age

192.168.1.1

172

Seq#

Checksum Tag

0x80000001 0x0012B8 0

London#sh ip route 172.16.1.0 % Network not in table Route-map

While redistributing an IGP into OSPF, a route-map can also be used to stop the TYPE 5 LSA from being generated on the ASBR.

On Dubai, while redistributing from EIGRP, a route-map is used to deny the 192.168.1.0 subnet from being advertised into OSPF:

Dubai:

Standard IP access list 1 10 deny 192.168.1.0, wildcard bits 0.0.0.255 20 permit any

route-map REDIS, permit, sequence 10 Match clauses: ip address (access-lists): 1 Set clauses: Policy routing matches: 0 packets, 0 bytes

router ospf 1 log-adjacency-changes redistribute eigrp 1 subnets route-map REDIS network 10.23.1.2 0.0.0.0 area 0

The Type 5 LSA for 192.168.1.0 is not created:

Link ID 172.16.1.0

Type-5 AS External Link States

ADV Router

Age

192.168.1.1

47

Seq#

Checksum Tag

0x80000001 0x003E39 0

Verify

Verification can be done by checking the show ip ospf database external command to confirm whether the LSAs that were filtered have indeed been blocked.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download