Filtering outbound routes in OSPF (Catalyst 4500 IOS XR)

JPavonM · ‎05-06-2013

We are redistributing routes from BGP to OSPF and we want to filter out some of this routes from the OSPF proccess to be announced to neightbours.

This is the topology:

ASR#1 --------------------------------- ASR#2

| bgp |

| |

| ospf area0 | static

| |

| ospf area1 |

Catalyst ----------------------------- Enterasys

We want to announce some networks from ASR#1 to Catalyst. We are redistributing them from BGP to OSPF Area 0. Then,

to prevent loops in the topology, these routes have to be filtered out from been redistributed from Area 0 to Area 1 in the Catalyst, so Enterasys appliances don't install those routes through OSPF but to point them out through default route to ASR#2.

Is it possible with only one OSPF proccess or we have to separate OSPF in two proccess to redistribute between them?

Regards

Giuseppe Larosa · ‎05-08-2013

Hello Pavon,

external routes cannot be filtered at area boundary in current OSPF implementation

so:

>> Is it possible with only one OSPF proccess or we have to separate OSPF in two proccess to redistribute between them?

You will need two OSPF processes.

You will need to use two different OSPF processes in order to be able to selectively propagate routes from OSPF domain#1 to OSPF domain#2

Hope to help

Giuseppe

antonio.guirado · ‎05-08-2013

Hello,

you can define area 1 as nssa area. All external subnets (LSA type 5) are filtered and do not go into area 1. Interarea subnets area allowed (LSA type 3). You can select as defining area as stub if you want default route or not:

area area-id nssa [default-information-originate]

Notice that you should define the area as nssa in both router (Catalyst and Enterasys).

Regards.

Jose Jara · ‎05-14-2013

I agree with the solution proposed by Antonio. On the other hand, it is possible to filter external routes at area boundary:

- Creating Stub Areas or NSSA Areas.

- Manual Summarization/Filtering at the ABR/ASBR in case of a NSSA. This should be done at the ABR which is doing the translation of Type 7 LSA into Type 5 LSA, the ABR with the highest router-id. At least, this is the behavior in IOS, but I do not know in IOS-XR.

So, I would go with Antonio's solution or:

1. Current design and do not redistribute the routes, just inject the default route in OSPF in ASR-1. Then create area 1 as NSSA.

2. Change the design and put Area 1 between ASR-1 and Catalyst and Area 0 between Catalyst and Enterasys. Create Area 1 as NSSA and filter the externals at Catalyst:

summary-address x.x.x.x y.y.y.y not-advertise

OR

summary-address 0.0.0.0 0.0.0.0 not-advertise --- this would filter all the external routes

The second solution has been tested in IOS but remember that you have to tested in IOS-XR and see if it works the same as in IOS.

Best Regards,

Jose.

Giuseppe Larosa · ‎05-14-2013

Hello Jose,

the original poster has made an error his C4500 runs IOS XE. IOS XR is not supported on this platform.

The second point is that I agree on the use of an NSSA area as the best solution, but filtering of external routes into the NSSA area is performed by default by the protocol so the command

>>summary-address x.x.x.x y.y.y.y not-advertise

>>OR

>>summary-address 0.0.0.0 0.0.0.0 not-advertise --- this would filter all the external routes

is not needed at all and it could create problems to the original poster as it could prevent the sending of external routes into other standard OSPF areas.

>> On the other hand, it is possible to filter external routes at area boundary:

No or you get all of them or you get none of them depending on area type, a selective filtering of external routes at area boundary is not possible.

Hope to help

Giuseppe

paul driver · ‎05-14-2013

Hello

Why would you use a NSSA?

Totally stubby area would be sufficient if you are not or in the future require to advertise external routes from the stub area

Also you could filter All external routes via

Router ospf xxx
Distance external 255

Please share your thoughts?

Res
Paul

Sent from Cisco Technical Support iPad App

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Jose Jara · ‎05-14-2013

Hello Giuseppe,

you are totally right about the IOS XR not supported in this platform.

Regarding the use of NSSA area, I agree with Antonio's solution but I offered two additional solutions for flexibility/variety:

- The first would be to avoid the redistribution and just inject the default route on ASR-1 as I said in my post in the 2nd option. Then, create the Area 1 as NSSA to avoid the injection of the 0/0.

- The second would be changing the place of Area 1, putting in between ASR-1 and Catalyst. Then you could filter the external routes at the ABR/ASBR (Catalyst). This would be a filter of the externals towards the Area 0. Regarding other areas, I just see two areas in the picture and therefore I thought in this solution.

I disagree with your sentence:

"No or you get all of them or you get none of them depending on area type, a selective filtering of external routes at area boundary is not possible."

It not possible with standard areas but It is possible in the case of an NSSA Area towards the backbone, doing selective filtering of externals at the ABR which is doing the translation and this is the the one with the highest router-id according to RFC 1587. Let's say area 1 is NSSA and is advertising 1.1.1.1/32. It is attached to Area 0, Then at the ABR you could do summary-address 1.1.1.1 255.255.255.255 not-advertise and it would prevent the generation of the LSA type-5 to Area 0.

pdriver:

Doing filtering by distance 255 or distribute-list in, it is going to filter the routes in the RIB. However, as OSPF is a link state protocol it advertises the information between the databases, and the information is contained in LSAs. So, this would work in the router applied but it will continue advertising the routes (LSAs) to other routers, creating a potential black hole. However, in case the area is a NSSA type, this would prevent the generation of LSA Type 5, again applied in the ABR/ASBR that is connecting the NSSA with the Area 0. The reason for that is because OSPF takes into account the LSA's-Type 7 that have been added to the route table to do the translation. But, I do not recommend it because this router would not know how to reach these external prefixes even though is in the same area.

Hope this helps,

Jose.

Giuseppe Larosa · ‎05-15-2013

Hello Jose,

I totally agree with you

>> "No or you get all of them or you get none of them depending on area type, a selective filtering of external routes at area boundary is not possible."

I was thinking of the backbone to other area direction only. I see your point about NSSA area capabilities for the direction NSSA to backbone area

I couldn't review my previous answer but I had realized it was incomplete.

Best Regards

Giuseppe

Broken-Arrow · ‎05-15-2013

Has anyone considered route maps? You initially asked to 'filter' routes you can do this quite easily with a route map applied to the redistribution syntax.

Alternatively if you want to avoid any loops you could tag routes in a direction then inspect that tag on routers you don't wish to learn the route and filter out matching statements.

Also, people have missed the easy answer. You probably still want routes to be advertised Enterasys otherwise you will lose the redundancy your topology currently offers. However, from what I understand, you want your static routes to be the peferred route for that device to the ASR2? Well static by default has a lower metric and administrative distance than any dynamic protocol. Therefore your router will install this route in the routing table and consider any other route as an alternative/backup.