Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1237
Views
3
Helpful
11
Replies

Router receiving OSPF updates despite deny in filter list

rakuten02
Level 1
Level 1

‎03-28-2023 01:09 AM - edited ‎03-28-2023 09:54 AM

Why is Router B able to receive OSPF updates for 192.168.234.0/24 from Router A when it is denied by the filter list? 

Network Topology: Router A - Switch 1 - Switch 2  - Router B

Router B:

router ospf 192
router-id 192.2.102.9
area 192 filter-list prefix filter_192 in 
network 192.2.102.9 0.0.0.0 area 192
ip prefix-list filter_192 seq 10 deny 192.0.0.0/8 ge 9
ip prefix-list filter_192 seq 20 permit 0.0.0.0/0 le 32

interface Gi0/0/0
description To SW 2
ip address 192.2.102.9 255.255.255.0

Router A:

router ospf 192
router-id 192.2.102.6
network 192.2.102.6 0.0.0.0 area 192

interface Gi0/0/0
description To SW 1
ip address 192.2.102.6 255.255.255.0

When I do a 'show ip route 192.168.234.0 in Router B, why is the last update from Router A 192.2.102.6? Shouldn't it be denied?

Known via "ospf 192:, distance 119, metric 60, type intra area
Last update from 192.2.102.6 on GigabitEthernet0/0/0, 1d04h ago
...
* 192.2.102.6, from 192.2.102.6, 1d04h ago, via GigabitEthernet0/2/0
...

 

Labels:
11 Replies 11

Kanan Huseynli
VIP
VIP

‎03-28-2023 01:54 AM - edited ‎03-28-2023 01:55 AM

Hi,

filter-list is used on ABR to filter LSA3 routes (inter-area). As you see below, your mentioned route is intra area route, it can not be filtered since Type1/2 LSA scope is full area. You may use distribute-list filtering on RouterB to filter route in RIB (routing-table). You'll still have OSPF path and LSA for this subnet in background (link-state behavior).

Known via "ospf 192:, distance 119, metric 60, type intra area

 https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-e/iro-15-e-book/iro-abr-type-3.pdf

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-mt/iro-15-mt-book/ospf_inbound_filtering_using_route_maps_with_a_distribute_list.pdf

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

rakuten02
Level 1
Level 1
In response to Kanan Huseynli

‎03-29-2023 06:40 AM

Oh I see, thanks! So the filter list does not apply for Type 1 & 2 LSAs, hence the 192.168.234.0 routes were still being learnt in the RIB. The only way is to use distribute-list filtering to perform the filtering.

0 Helpful

MHM Cisco World
VIP
VIP

‎03-28-2023 03:17 AM

you can not use filter in this case since both router in same area and the OSPF prefix is LSA1/2 
you want to filter this prefix ??

0 Helpful

MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎03-28-2023 04:00 AM - edited ‎03-29-2023 07:16 AM

this way in OSPF you can filter the LSA1/2 (intra-area) from inject into RIB 
BUT BUT 
I dont prefer it as also cisco recommend, 
you see the route (10.0.0.0/24) disappear from RIB of R2 but appear in OSPF db 
this can lead to some blackhole in real network 
use it carefully 

Screenshot (466).pngScreenshot (467).pngScreenshot (468).pngScreenshot (469).png

Kanan Huseynli
VIP
VIP
In response to MHM Cisco World

‎03-28-2023 04:48 AM

Hello@MHM Cisco World ,

in order not to confuse, it would be better to rephrase your statement: there is no way to filter type1/2 LSA within area. They will be in OSPF database in any case, you can only filter route to be downloaded into routing-table (RIB/FIB). And I already explained this in my first comment.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

MHM Cisco World
VIP
VIP
In response to Kanan Huseynli

‎03-28-2023 10:01 AM

I read your comment but distribute list with route map using tag can not help him here' 

This can help him if he receives prefix tag with specific tagging.

In other hand I use simple way to filter prefix (from db) using distribute list (without route map)

0 Helpful

Kanan Huseynli
VIP
VIP
In response to MHM Cisco World

‎03-28-2023 10:56 AM

Please, re-read.. I nowhere mention about route tags. I explained that distribute list can be used for RIB filtering.

Given link does not contain only tag based filtering, but generic route-map based (which may match different parameters).

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful

M02@rt37
VIP
VIP

‎03-28-2023 04:57 AM

Hello @rakuten02 

Based on the configuration provided, it seems like there is a mistake in the name of the prefix-list applied in Router B's OSPF process. In Router B's configuration, the filter-list name used is "filter_192" but in the prefix-list configuration, the name used is "filter_107". Therefore, the filter list is not applied correctly to OSPF updates and all updates are being accepted by Router B.

To resolve the issue, the filter list name in Router B's OSPF process should be corrected to "filter_107" to match the prefix-list configuration. This will ensure that OSPF updates for the denied prefix 192.168.234.0/24 are not accepted by Router B.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

rakuten02
Level 1
Level 1
In response to M02@rt37

‎03-28-2023 09:55 AM - edited ‎03-28-2023 09:55 AM

Oh, it was a typing mistake on my part. I've fixed it, thanks!

0 Helpful

M02@rt37
VIP
VIP
In response to rakuten02

‎03-28-2023 09:57 AM

Great! @rakuten02 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

MHM Cisco World
VIP
VIP

‎03-29-2023 07:18 AM - edited ‎03-29-2023 07:22 AM

@rakuten02 
there are two table 
OSPF database show ip ospf database router or network 
RIB (which router use for forwarding packet) show ip route 
distribute-list  not effect OSPF DB (NOT DELETE LSA FROM DB) it effect remove the ROUTE from RIB 
please check my lab again I mention that the route in OSPF DB but it missing from RIB

0 Helpful
Customers Also Viewed These Support Documents