10-07-2023 12:32 AM
Hello all ,
Lets suppose that we have directly connected routes ,
We want to redistribute them into the ospf process except for just one subnet.
How can we accomplish this ,
I think that we can not use route filtering cuz they handle type 3 LSAs ,
Here we are talking about type 5 LSAs ,
I can ask the question in an other way,
Can we filter subnets from being redistributed into the ospf process?
10-07-2023 12:34 AM - edited 10-07-2023 12:43 AM
Hello @Aladdin0z,
You can filter subnets from being redistributed into OSPF by using route maps or access lists. When redistributing routes into OSPF (or any routing protocol), you can use filtering mechanisms to control which routes are actually advertised.
In the acl match subnets permit to be redistributed through OSPF.
Apply the acl to a route-map
Apply the route-map under OSPF process: #redistribute connected/static subnet route-map <name>
10-07-2023 10:14 AM
10-08-2023 01:14 PM
You need a prefix list to define the routes and a route-map to be applied to redistribution. For your situation a good syntax could be:
If your denied network is 192.168.1.0/24 then use the below template:
ip prefix-list CONNECTED deny 192.168.1.0/24
ip prefix-list CONNECTED permit 0.0.0.0/0 le 32
route-map CONNECTED permit 10
match ip address prefix-list CONNECTED
router ospf 1
redistribute connected route-map CONNECTED
You can also set the metric type and add a tag in the route map to be able to filter or control the routes further in your network.
Hope that helps
-David
10-07-2023 03:04 AM
Redistrubte with route map can use for lsa5.
For lsa3 I think you can use area range command not route map.
10-08-2023 10:59 PM
I send you private message check it
10-07-2023 04:58 AM
Just curious, why redistribute directly connected networks rather than use an OSPF network statement or the later OSPF interface statements? Either would easily allow which networks are included.
Possibly some reason you want directly connected routes as external routes?
10-07-2023 11:21 PM
Hello
Not sure why you would want to redistributed connect interfaces, however if you are then the most simplistic approach will be to suppress the interface.
example:
int x/x
ip ospf prefix-suppression
10-08-2023 02:21 AM
@paul driver my understanding is prefix-suppression does not apply to type 5 LSAs.
For reference: https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/213404-open-shortest-path-first-prefix-suppress.html
10-08-2023 10:25 AM
Hello @Joseph W. Doherty
My understanding mate specifying OSPF area specific on the interface negates Type-5 generation via redistributed connected as such the prefix suppression should work - apologies should have made my self a bit clearer
10-08-2023 11:44 AM
If you're saying it will also suppress type 5 LSAs, that seems contrary to reference's:
OSPF prefix-suppression helps in faster Shortest Path First (SPF) calculation due to less number of prefixes in the database (DB). OSPF Type 3, Type 4, Type5, or Type 7 LSAs are not suppressed.
If I find the time, I'll lab it up in CML.
10-08-2023 11:51 AM
Hello @Joseph W. Doherty
what i mean is applying ospf at the interface level should be prioritised over redistributed connected when both are applied
example:
int x/x
ip ospf x area x
ip ospf prefix-suppression
10-08-2023 12:27 PM - edited 10-08-2023 02:32 PM
Ah, gotcha.
As OP explicitly asked about redistributing connected interfaces, generating type 5 LSAs, thought you were suggesting prefix suppression for those.
Addendum:
Here's what I thought you were suggesting . . .:
int x/x
ip address 192.168.1.1 255.255.255.0
ip ospf prefix-suppression ! . . . that this would exclude 192.168.1.1/24 from being redistributed
int x/x
ip address 192.168.2.1 255.255.255.0
router ospf #
redistribute connected
10-08-2023 02:27 PM
Hello @Joseph W. Doherty
Yes apologies for the ambiguity it wasn't intended - However I do believe it would be a lot easier then appending a whole bunch of PF and RMs just to negate a single subnet.
10-08-2023 03:37 PM - edited 10-08-2023 03:38 PM
Good alternate solutions provided by others as well. Another possible solution could be to shutdown the OSPF process on that interface. I would have to check my lab when I get a chance but redistributing connected and then going to the interface and issuing the ip ospf shutdown command might work. I know this works when interfaces are added with the network statement so it stands to reason it could do the same for redistributed interface routes. Will update my response if I am able to lab this up.
-David
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide