Solved: Re: How to restrict routes in OSPF

Bhardwajp · ‎07-27-2021

Hi All,

How i can block the routes which R 2 is receiving from R1 to be advertised to R3 from R2.

Richard Burts · ‎07-27-2021

The drawing and the original post are not specific about how OSPF is configured. Would I be correct to assume that a single area is configured for OSPF on each router?

It is important to remember that OSPF is a link state protocol and that in a link state protocol all participating routers must have exactly the same understanding of the topology of the network. So any OSPF route that R1 advertised to R2 then R2 will advertise to R3. There is no way to prevent R2 from advertising those routes to R3.

It is possible to use a distribute list on R2 and to prevent those routes from being in the routing table for R2. But the distribute list does not prevent R2 advertising those routes to R3.

HTH

Rick

View solution in original post

Giuseppe Larosa · ‎07-27-2021

Hello @Bhardwajp ,

OSPF is a link state protocols where each router generates one or more data structures called LSAs . These LSAs are of different types and provide a description of the topology within an OSPF area.

OSPF routers in a single area should have the same sets of LSAs , their LSDBs are synchronized.

The LSAs are flooded unchanged in the whole area.

So the answer to your question is that OSPF does not provide route filtering mechanisms within a single aeea.

However in a multi area OSPF domain the routers connecting other areas to the backbone area 0 or 0.0.0.0 can, if configured to do so, perform route filtering but only for internal routes originated by LSA Type 1 or Type 2.

The ABR can be configured to filter some prefixes when preparing the LSA type 3 to be injected in area backbone 0.

the area x filter-list <prefix-list-name> out

can be used to decide what should exit from area x

Within a single area you can prevent some routes to be installed in the local routing table with distribute-list in but this does not stop flloding so you should implement the same filter in all routers to have the same set of routes not installed in every router even if they are still in the OSPF database.

For external routes LSA type 5 OSPF does not provide granular control : by using stubby areas or NSSA areas you can prevent LSA type 5 and LSA type 4 from entering from backbone to specific areas.

But it is an all or nothing.

NSSA areas are special as they do not receive LSA type 5 from backbone but supports ASBR performing redstribution by using LSA type 7.

LSA type 7 are translated to LSA type 5 by an ABR in the direction NSSA area --> area 0 if they have the P bit set .

Hope to help

Giuseppe

View solution in original post

paul driver · ‎07-28-2021

Hello @Giuseppe Larosa

FYI, I've manage to test this in CML given your comments using (IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.8(3)M2) and specifying the interface with the distribute list does work in this instance.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Manoj Reddy · ‎07-27-2021

Hi, increase the cost between R1 and R3, so that R3 will prefer routes via R2

Richard Burts · ‎07-27-2021

The drawing and the original post are not specific about how OSPF is configured. Would I be correct to assume that a single area is configured for OSPF on each router?

It is important to remember that OSPF is a link state protocol and that in a link state protocol all participating routers must have exactly the same understanding of the topology of the network. So any OSPF route that R1 advertised to R2 then R2 will advertise to R3. There is no way to prevent R2 from advertising those routes to R3.

It is possible to use a distribute list on R2 and to prevent those routes from being in the routing table for R2. But the distribute list does not prevent R2 advertising those routes to R3.

HTH

Rick

Giuseppe Larosa · ‎07-27-2021

Hello @Bhardwajp ,

OSPF is a link state protocols where each router generates one or more data structures called LSAs . These LSAs are of different types and provide a description of the topology within an OSPF area.

OSPF routers in a single area should have the same sets of LSAs , their LSDBs are synchronized.

The LSAs are flooded unchanged in the whole area.

So the answer to your question is that OSPF does not provide route filtering mechanisms within a single aeea.

However in a multi area OSPF domain the routers connecting other areas to the backbone area 0 or 0.0.0.0 can, if configured to do so, perform route filtering but only for internal routes originated by LSA Type 1 or Type 2.

The ABR can be configured to filter some prefixes when preparing the LSA type 3 to be injected in area backbone 0.

the area x filter-list <prefix-list-name> out

can be used to decide what should exit from area x

Within a single area you can prevent some routes to be installed in the local routing table with distribute-list in but this does not stop flloding so you should implement the same filter in all routers to have the same set of routes not installed in every router even if they are still in the OSPF database.

For external routes LSA type 5 OSPF does not provide granular control : by using stubby areas or NSSA areas you can prevent LSA type 5 and LSA type 4 from entering from backbone to specific areas.

But it is an all or nothing.

NSSA areas are special as they do not receive LSA type 5 from backbone but supports ASBR performing redstribution by using LSA type 7.

LSA type 7 are translated to LSA type 5 by an ABR in the direction NSSA area --> area 0 if they have the P bit set .

Hope to help

Giuseppe

paul driver · ‎07-28-2021

Hello

On R3 -P2P towards R2 - Note - it only filters from the rtr not from the LSDB

R3
ip prefix-list filter-route deny 1.1.1.0/24
ip prefix-list filter-route permit 0.0.0.0/0 le 32

router ospf x
distribute-list prefix filter-route in <R2 facing interface>

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Giuseppe Larosa · ‎07-28-2021

Hello @paul driver ,

you have provided a configuration example that should work.

However, I have one doubt about the capability of OSPF to support the specification of an interface with the distribute-list command. when I have tested this many years ago it was not possible for OSPF to specify a specific interface for the flooding nature of the protocol.

router ospf x
distribute-list prefix TST in

This worked in my tests ( I think I had used a standard Access List) but in the command reference for OSPF was stated that you could not specify an interface.

The reason is that this is implemented by preventing OSPF from installing the specified prefix in the IP routing table regardless of the outgoing interface.

Clearly this is protocol specific and RIP and EIGRP supports specifying an interface and they also support the outgoing direction.

Hope to help

Giuseppe

paul driver · ‎07-28-2021

Hello @Giuseppe Larosa

FYI, I've manage to test this in CML given your comments using (IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.8(3)M2) and specifying the interface with the distribute list does work in this instance.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Giuseppe Larosa · ‎07-28-2021

Hello @paul driver ,

thanks for your feedback

Best Regards

Giuseppe