OSPF Filtering

sanjaykt · ‎11-18-2002

In a hub and spoke WAN topology, OSPF is configured as area 0 in core and area 1 on the spoke routers. One of the spoke router is connected has two router in that area 1. I wanted to allow only two subnets to be available in the end router R4. Is this possible to control the routes filtering from interface connecting between R3 and R4?

I want to allow routes for only 2 subnets to be advertised from R3 to R4. I dont want to apply any distribution list IN on R4. As I cant apply distribution list OUT on the interface connecting between R3 & R4.

Is their any solution, apart from area filter list on ABR ?

----R1-----R2------R3--------R4

<--area0--|------area1------->|

Thanks

thisisshanky · ‎11-18-2002

Since R3 is not an ABR, you cannot use Area filter list feature of new IOS, to filter type 3 lsa. on R3. You can do it at R2, but that would prevent LSAs from reching R3 also.

If you use distribute list out on R3, you cannot filter the lsas from reaching R4. Instead you will have to use distribute list in on R4, which you dont want to do.

The only other way is to put link between R3 and R4 to be in area 2. and configure a virtual link between R2 and R3. Once you do this, you can configure filterlist at R3, to filter type 3 lsa to R4. (because once you configure a virtual link between r2 and r3, r3 becomes a ABR, with a virtual link to area 0)

Hope that helps!

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

linxiang · ‎11-18-2002

on R3's interface which connect to R4 use the command "ip ospf database-filter all out" to filtering all ospf update to R4. and made two subnets static route on R3, and redistribute it to ospf.

hope this helps.

sanjaykt · ‎11-20-2002

I dont want to stop all the lsa updates, but I want to allow only two subnets and disallow rest of the subnet updates. this command or the neighbo

Michael Strnad · ‎11-20-2002

I don't think that there is no other way to filter out the lsa's other than the area filter-list and i can only see distribute list IN being put on r4 interface but you didn't want to do that. if you on want 2 subnets to show up in the routing table in R4 you can turn off OSPF on R4 and put two static routes. then on R3 point a static route to R4 LAN network and then redistribute the static into the OSPF domain. obviously the other ospf routers will see it as an external but its a solution. i would advise only this if your network is not going to grow really fast. as you would have to keep adding static routes to R4 to get reachability. hope this helps.

sanjaykt · ‎11-21-2002

I think there must be some solution, as R4 is a customer router and I dont want to pass other routes that what is required to him, also customer wants to see the dynamic routes as he has a isdn backup with a highter metric static routes.

vcjones · ‎11-21-2002

This is not an appropriate use of OSPF. OSPF assumes all routers are trusted peers and share equivalent metrics. Since the customer is not in your routing domain, use of an interdomain routing protocol, such as BGP, would be far more appropriate and would give you the policy controls you are looking for and be compatible with the customer's requirement for ISDN backup.

Good luck and have fun!

Vincent C Jones

www.networkingunlimited.com

thisisshanky · ‎11-21-2002

Reconfigure your topology like this...

R1----------R2------------------------R3-------------------------R4

<--area0----|---------area1----------|-----------area2---------|

Now configure virtual link between R2 and R3, so that area 2 can have a link to backbone. area 0.

Now R3 is an ABR. You can apply a area filter list on R3 to filter the desired routes going to R4.

Hope that helps.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

sanjaykt · ‎11-22-2002

Hi

To resolve this requirement what I have done is as follows, can you all advise me if this has any good / bad effects.

a. I configured two ospf processes [100 & 101] on R3 and removed network statement for network R3-R4 and added to the new ospf process ID [e.g. 101].

b. I redistributed routes from ospf 100 process to ospf 101 with a route map that permits only 2 subnets [which I am interested in].

thanks

ivashchenko · ‎11-22-2002

Why don't you just use distribute lists on your R3 or R4?

It would look something like this:

router ospf 333

network 10.0.0.0

distribute-list 111 out serial0/0

access-list 111 permit 10.100.100.0 0.0.0.255

access-list 111 permit 10.100.200.0 0.0.0.255

The routing process will advertise only those two subnets through the interface.

Hope this helps.

sanjaykt · ‎11-23-2002

distribution list out on interface doesnt work with ospf