automaty do gry

Social Icons

Thursday, April 10, 2014

CCNP ROUTE: 13.OSPF route filtering - Filtering Type 3 LSAs

OSPF routers do not advertise routes; instead, they advertise LSAs.
Any filtering applied to OSPF messages would need to filter the transmission of LSAs.
However, inside one area, all routers must know all LSAs, or the whole SPF concept fails, and routing loops could occur.
As a result, OSPF cannot and does not allow the filtering of LSAs inside an area, specifically the Type 1 and Type 2 LSAs that describe the intra-area topology.

 IOS limits OSPF route filtering to the following:
■ Filtering Type 3 LSAs on ABRs
■ Filtering Type 5 LSAs on ASBRs (will be covered in Redistribution labs)
■ Filtering the routes OSPF would normally add to the IP routing table on a single router

ABRs, by definition, connect to the backbone area and at least one other area.
ABRs, as a fundamental part of their role as ABR, create and flood Type 3 Summary LSAs into one area to represent the subnets in the other areas connected to that ABR.

To configure type 3 LSA filtering, you use the "area number filter-list prefix name in | out" command under router ospf.
The referenced prefix-list matches subnets, with subnets matched by a deny action being filtered, and subnets match with a permit action allowed through as normal.
Then OSPF performs the filtering by not flooding the Type 3 LSAs into the appropriate areas.

These parameters define the direction relative to the area listed in the command, as follows:
■ When in is configured, IOS filters prefixes being created and flooded into the configured area.
■ When out is configured, IOS filters prefixes coming out of the configured area.

Task 1: R9 should not advertise Type 3 LSAs referring to networks in Area 1 to Area 3 => the "in" parameter should be used on R9!

Initially, R12 (in Area 3) knows about networks in Area 1:

R12#show ip route

     192.168.168.0/30 is subnetted, 1 subnets
O IA    192.168.168.0 [110/94] via 192.168.3.1, 00:23:13, FastEthernet0/0
     192.168.169.0/32 is subnetted, 1 subnets
O IA    192.168.169.170 [110/95] via 192.168.3.1, 00:23:13, FastEthernet0/0

Configure and apply a prefix-list on R9:

R9(config)#ip prefix-list filter-into-area3 deny 192.168.168.0/30
R9(config)#ip prefix-list filter-into-area3 deny 192.168.169.0/24 ge 25
R9(config)#ip prefix-list filter-into-area3 permit 0.0.0.0/0 le 32

R9(config-router)#area 3 filter-list prefix filter-into-area3 in

Verify the routing table of R12 again:

R12#show ip route  
...
     192.168.13.0/32 is subnetted, 1 subnets
O IA    192.168.13.13 [110/85] via 192.168.3.1, 00:34:41, FastEthernet0/0
     10.0.0.0/32 is subnetted, 5 subnets
O IA    10.0.1.3 [110/74] via 192.168.3.1, 00:15:44, FastEthernet0/0
O IA    10.0.1.2 [110/74] via 192.168.3.1, 00:15:44, FastEthernet0/0
O IA    10.0.11.11 [110/75] via 192.168.3.1, 00:12:22, FastEthernet0/0
O IA    10.0.10.10 [110/75] via 192.168.3.1, 00:12:22, FastEthernet0/0
O IA    10.0.1.1 [110/10] via 192.168.3.1, 00:15:44, FastEthernet0/0
C    192.168.22.0/24 is directly connected, Loopback22
     192.168.0.0/24 is variably subnetted, 4 subnets, 2 masks
O IA    192.168.0.12/30 [110/138] via 192.168.3.1, 00:34:43, FastEthernet0/0
O IA    192.168.0.0/29 [110/84] via 192.168.3.1, 00:34:43, FastEthernet0/0
O IA    192.168.0.16/30 [110/138] via 192.168.3.1, 00:34:43, FastEthernet0/0
O IA    192.168.0.20/30 [110/74] via 192.168.3.1, 00:34:43, FastEthernet0/0
     192.168.100.0/32 is subnetted, 1 subnets
O IA    192.168.100.100 [110/75] via 192.168.3.1, 00:34:43, FastEthernet0/0
     192.168.3.0/30 is subnetted, 1 subnets
C       192.168.3.0 is directly connected, FastEthernet0/0
C    192.168.33.0/24 is directly connected, Loopback33

Routes for 192.168.168.0 and 192.168.169.0 do not appear in Area 3 anymore.

Task 2: R9 should not advertise Type 3 LSAs referring to networks in Area 2 to other OSPF areas => the "out" parameter should be used on R9!

Initially, routers from other areas know about networks in Area 2:

R3#show ip route
...
     10.0.0.0/32 is subnetted, 5 subnets
O IA    10.0.1.3 [110/138] via 192.168.0.1, 00:22:38, FastEthernet0/0
O IA    10.0.1.2 [110/138] via 192.168.0.1, 00:22:11, FastEthernet0/0
O IA    10.0.11.11 [110/139] via 192.168.0.1, 00:22:38, FastEthernet0/0
O IA    10.0.10.10 [110/139] via 192.168.0.1, 00:22:11, FastEthernet0/0
O IA    10.0.1.1 [110/74] via 192.168.0.1, 00:22:38, FastEthernet0/0

R12#show ip route
...
     10.0.0.0/32 is subnetted, 5 subnets
O IA    10.0.1.3 [110/74] via 192.168.3.1, 00:00:53, FastEthernet0/0
O IA    10.0.1.2 [110/74] via 192.168.3.1, 00:00:53, FastEthernet0/0
O IA    10.0.11.11 [110/75] via 192.168.3.1, 00:00:53, FastEthernet0/0
O IA    10.0.10.10 [110/75] via 192.168.3.1, 00:00:53, FastEthernet0/0
O IA    10.0.1.1 [110/10] via 192.168.3.1, 00:00:53, FastEthernet0/0

Configure and apply a prefix-list on R9:

R9(config)#ip prefix-list filter-out-of-area2 deny 10.0.10.0/24 ge 25
R9(config)#ip prefix-list filter-out-of-area2 deny 10.0.11.0/24 ge 25
R9(config)#ip prefix-list filter-out-of-area2 permit 0.0.0.0/0 le 32
 
R9(config-router)#area 2 filter-list prefix filter-out-of-area2 out

Verify the routing tables of R3 and R12 again:

R3#show ip route
...
     10.0.0.0/32 is subnetted, 3 subnets
O IA    10.0.1.3 [110/138] via 192.168.0.1, 00:00:05, FastEthernet0/0
O IA    10.0.1.2 [110/138] via 192.168.0.1, 00:00:05, FastEthernet0/0
O IA    10.0.1.1 [110/74] via 192.168.0.1, 00:00:05, FastEthernet0/0

R12#show ip route
...
     10.0.0.0/32 is subnetted, 3 subnets
O IA    10.0.1.3 [110/74] via 192.168.3.1, 00:01:22, FastEthernet0/0
O IA    10.0.1.2 [110/74] via 192.168.3.1, 00:01:22, FastEthernet0/0
O IA    10.0.1.1 [110/10] via 192.168.3.1, 00:01:22, FastEthernet0/0

Note: Type 3 LSA filtering can only filter the LSA from being flooded throughout the entire area.

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)