Solved: Re: OSFP route filter

SJ K · ‎09-12-2021

Hi all

192.168.1.0/24 is directly connected to gi0/0/2

192.168.97.0/24 is directly connected to gi0/0/7

router ospf 1

network 192.168.1.0

network 192.168.97.0

How do i prevent 192.168.1x from being advertised out of 192.168.97.x ?

Thank you

paul driver · ‎09-12-2021

Hello
so you want to negate that prefix from being advertised correct?

Most simplistic way is interface prefix suppression which accomplish this but stills allow for ospf peering to form on that interface.

int x/x

ip ospf prefix suppression

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Joseph W. Doherty · ‎09-12-2021

@paul driver makes a great suggestion.

You may though, if unfamiliar with this command, read up on it (https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/213404-open-shortest-path-first-prefix-suppress.html) to insure it does what you truly desire.

View solution in original post

Giuseppe Larosa · ‎09-12-2021

Hello @SJ K ,

OSPF prefix suppression is thought to help OSPF scalability within an area by removing IP subnets on links between OSPF routers that are classified as transit links.

These kind of prefixes can be removed, but leaving the topology knowledge that they exist otherwise SPF would not work well.

So the suggestion by @paul driver is for sure really valuable but it can be used only if out of interface gi0/0/2 there is an OSPF neighbor otherwise the link is not classified as a transit link leading to another OSPF router..

see

https://networklessons.com/cisco/ccie-routing-switching-written/ospf-prefix-suppression

and also from the link provided by @Joseph W. Doherty

>>

n an OSPF area which has multiple transit links between hosts and actual communication is between the hosts. There is no need to advertise the transit link LSAs to all the routers. You can only advertise the LSAs related to end hosts. By default, OSPF advertises all the LSAs that include the transit link LSAs.

OSPF prefix-suppression feature helps to overcome this behavior and reduces the number of Type 1(router) and Type 2(network) LSAs advertised.

This feature can be enabled globally on a router or on per interfaces basis.

OSPF prefix-suppression helps in faster Shortest Path First (SPF) calculation due to less number of prefixes in the database (DB). OSPF Type 3, Type 4, Type 5, or Type 7 LSAs are not suppressed.

To be more correct the feature allows to remove some entries from Router LSAs and from Network LSAs (it removes the subnet and subnet mask from the Network LSAs and the stub network component i.e. the IP prefix of p2p transit links that are suppressed from Router LSAs)

So OSPF prefix suppression is not intended as a general purpose route filter tool. It can work for you but only under the conditions described above.

Hope to help

Giuseppe

View solution in original post

paul driver · ‎09-12-2021

Hello
so you want to negate that prefix from being advertised correct?

Most simplistic way is interface prefix suppression which accomplish this but stills allow for ospf peering to form on that interface.

int x/x

ip ospf prefix suppression

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Joseph W. Doherty · ‎09-12-2021

@paul driver makes a great suggestion.

You may though, if unfamiliar with this command, read up on it (https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/213404-open-shortest-path-first-prefix-suppress.html) to insure it does what you truly desire.

SJ K · ‎09-12-2021

Hi Paul, Joseph

Thanks for the suggestion

Are we able to use route filtering instead - to prevent 192.168.1.x from being advertised out ?

Thank you

paul driver · ‎09-12-2021

Hello

@SJ K wrote:

Are we able to use route filtering instead - to prevent 192.168.1.x from being advertised out ?

Yes..
ip prefix-list ospf-filter seq 5 deny 192.168.1.0/24
ip prefix-list ospf-filter 10 permit 0.0.0.0/0 le 32

router ospf x
distribute-list prefix ospf-filter out

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Giuseppe Larosa · ‎09-12-2021

Hello @paul driver ,

as far as I know OSPF is a link state protocol we can use a distribute list to influence what prefixes are installed in the local routing table but we cannot influence the flooding of LSA in an area.

So the distribute-list command should be supported only in direction in for an OSPF process and as you have showed me in another thread recent IOS images support to specify also an interface.

Edit:

in 2017 Protocol indipendent command reference OSPF limitations are reported in other newer command references they are not.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_pi/command/Cisco_IOS_IP_Routing_Protocol-Independent_Command_Reference/IP_Routing_Protocol-Independent_Commands_A_through_R.html

Hope to help

Giuseppe

paul driver · ‎09-12-2021

Hello @Giuseppe Larosa

Thanks for pointing it out, it was a typo which i should have noticed so apologies., The distribute-list should be applied ingress (in) for filtering from a specific rtr in the same area , Also what i didn’t clarify it this should should be applied on the neighbouring rtr to negate the prefix advertisement, addtionaly added an example using a route-map.

Applied to the neigbouring rtr
example1:
ip prefix-list ospf-filter seq 5 deny 192.168.1.0/24
ip prefix-list ospf-filter 10 permit 0.0.0.0/0 le 32

router ospf x
distribute-list prefix ospf-filter IN

Example2:
ip prefix-list ospf-filter permit 192.168.1.0/24

route-map ospf-filter_rm deny 10
match ip address prefix-list ospf-filter

route-map ospf-filter_rm permit 99

router ospf x
distribute-list route-map ospf-filter_rm IN

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Giuseppe Larosa · ‎09-12-2021

Hello @SJ K ,

OSPF prefix suppression is thought to help OSPF scalability within an area by removing IP subnets on links between OSPF routers that are classified as transit links.

These kind of prefixes can be removed, but leaving the topology knowledge that they exist otherwise SPF would not work well.

So the suggestion by @paul driver is for sure really valuable but it can be used only if out of interface gi0/0/2 there is an OSPF neighbor otherwise the link is not classified as a transit link leading to another OSPF router..

see

https://networklessons.com/cisco/ccie-routing-switching-written/ospf-prefix-suppression

and also from the link provided by @Joseph W. Doherty

>>

n an OSPF area which has multiple transit links between hosts and actual communication is between the hosts. There is no need to advertise the transit link LSAs to all the routers. You can only advertise the LSAs related to end hosts. By default, OSPF advertises all the LSAs that include the transit link LSAs.

OSPF prefix-suppression feature helps to overcome this behavior and reduces the number of Type 1(router) and Type 2(network) LSAs advertised.

This feature can be enabled globally on a router or on per interfaces basis.

OSPF prefix-suppression helps in faster Shortest Path First (SPF) calculation due to less number of prefixes in the database (DB). OSPF Type 3, Type 4, Type 5, or Type 7 LSAs are not suppressed.

To be more correct the feature allows to remove some entries from Router LSAs and from Network LSAs (it removes the subnet and subnet mask from the Network LSAs and the stub network component i.e. the IP prefix of p2p transit links that are suppressed from Router LSAs)

So OSPF prefix suppression is not intended as a general purpose route filter tool. It can work for you but only under the conditions described above.

Hope to help

Giuseppe

SJ K · ‎09-13-2021

Hi Paul, Giuseppe

Thanks for the wonderful feedback

if the router is connected to a LAN segment of x routers -> this means i have to do route filtering inbound on all 5 routers ? to prevent 192.168.1.x from being installed into the routing table ?

but it can be used only if out of interface gi0/0/2 there is an OSPF neighbor otherwise the link is not classified as a transit link leading to another OSPF router

how does ospf knows if a link is a transit link ?

Thank you

Giuseppe Larosa · ‎09-13-2021

Hello @SJ K ,

>> how does ospf knows if a link is a transit link ?

by checking if at least one OPSF neighbor is present on it.

You need to think from the point of view of an OSPF router that has to builtd its own Router LSA, in doing this it will list the links that active in the area and it can easily discriminatet transit links from stub networks

Hope to help

Giuseppe

MHM Cisco World · ‎09-16-2021

follow