Saturday, February 19, 2011

Lab 8 - OSPF Filtering with Distribute-List

Prerequisites: CCNP level skills.

Note!
Routers use OSPF configuration from the lab 6.
One thing to remember is that all routers within the same OSPF area share the EXACT same LSA database! This will affect how we can filter OSPF updates.

There are a few filtering methods:
  1. Ingress filtering using a 'distribute-list'.
  2. Ingress filtering using a 'distribute-list' with a 'route-map'.
  3. Ingress filtering by changing the Administrative Distance of the prefixes to UNKNOWN (255).
  4. Type 3 LSA filtering using 'area area-number range' command (applied on ABR).
  5. Type 3 LSA filtering using 'filter-list' command.
  6. LSA Flooding Filtering.
The first three methods (1-3) prevent prefixes from entering the routing table. The LSAs are still going to be present in the LSDB since all routers in OSPF area must be synchronized (the same LSDB). These methods are the intra-area filters.

The last three methods (4-6) are inter-area filters preventing LSAs from entering LSDB 

Topology

Pic. 1 - OSPF Multi-Area Topology.
Icons designed by: Andrzej Szoblik - http://www.newo.pl

Task List

Task 1
Check the current routing table on R1. Make sure that it receives both 172.16.104.0/24 and 172.16.144.0/24.

Task 2
Configure R1 so the subnet 172.16.144.0/24 is no longer listed in the routing table. Make sure R1 still has connectivity to 172.16.104.0/24. Use distribute list to accomplish this.

Task 3
Check the results. R1 should have prefix 172.16.144.0/24 in its LSDB but not in the routing table.

Lab Solution

Task 1
Check the current routing table on R1. Make sure that it receives both 172.16.104.0/24 and 172.16.144.0/24.


Pic. 1 - R1's Routing Table Before Distribute-List.

Task 2
Configure R1 so the subnet 172.16.144.0/24 is no longer listed in the routing table. Make sure R1 still has connectivity to 172.16.104.0/24. Use distribute list to accomplish this.

R1 Configuration:
!
access-list 1 deny 172.16.144.0 0.0.0.255
access-list 1 permit any
!
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 network 10.1.13.1 0.0.0.0 area 0
 network 10.1.124.1 0.0.0.0 area 1
 network 172.16.101.1 0.0.0.0 area 0
 distribute-list 1 in
!

Task 3
Check the results. R1 should have prefix 172.16.144.0/24 in its LSDB but not in the routing table.

R1 Check:
R1#show ip ospf database router adv-router 4.4.4.4

Pic. 2 - LSDB after Applying Distribute-List.

Pic. 3 - R1's Routing Table with the Distribute-List Applied.
Posted by at
Labels: , ,