Sunday, February 20, 2011

Lab 13 - OSPF LSA Flood Filtering

Prerequisites: CCNP level skills.

Note!
Routers use OSPF configuration from the lab 6.
One thing to remember is that all routers within the same OSPF area share the EXACT same LSA database! This will affect how we can filter OSPF updates.

There are a few filtering methods:
  1. Ingress filtering using a 'distribute-list'. 
  2. Ingress filtering using a 'distribute-list' with a 'route-map'. 
  3. Ingress filtering by changing the Administrative Distance of the prefixes to UNKNOWN (255).
  4. Type 3 LSA filtering using 'area area-number range' command (applied on ABR).
  5. Type 3 LSA filtering using 'filter-list' command.
  6. LSA Flooding Filtering.
The first three methods (1-3) prevent prefixes from entering the routing table. The LSAs are still going to be present in the LSDB since all routers in OSPF area must be synchronized (the same LSDB). These methods are the intra-area filters.

The last three methods (4-5) are inter-area filters preventing LSAs from entering LSDB.

Topology

Pic. 1 - OSPF Multi-Area Topology.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Task List

Task 1
On R3, check the routing table. It should receive all prefixes from area 1.

Task 2
Configure router(s) so R3 does not receive any prefixes from R1 and R2.  Prefixes advertised by R3 should be learned in R1 and R2 and propagated to R4. Do not use access-list, distribute-list or any other command in the router ospf context.

Task 3
Verify the results.  

Lab Solution

Task 1
On R3, check the routing table. It should receive all prefixes from area 1.

The highlighted are the area 1 prefixes R3 learns from the two ABRs (R1 and R2).

Pic. 2 - R3's Routing Table.
Task 2
Configure router(s) so R3 does not receive any prefixes from R1 and R2.  Prefixes advertised by R3 should be learned on R1 and R2 and propagated to R4. Do not use access-list, distribute-list or any other command in the router ospf context.

R1 Configuration:
!
interface Serial0/1
 ip address 10.1.13.1 255.255.255.0
 ip ospf database-filter all out
!

R2 Configuration:
!
interface Serial0/2
 ip address 10.1.23.2 255.255.255.0
 ip ospf database-filter all out
!

Note!
This command does not prevent OSPF from sending hello packets out the interface. It only filters out LSAs (all of them). R1 and R2 still learn prefixes advertised by R3.

Note!
Clearing ospf process is required for the changes to take effect (I could not see the change without clearing the process off).

Note!
In point-to-multipoint mode I can use:

!
router ospf 1
 neighbor address database-filter all out
!

Task 3
Verify the results.

Pic. 3 - The Results on R3.
Pic. 4 - The Results on R4.
Note!
R4 learns prefixes advertised by R3.
Posted by at
Labels: , ,