OSPF ABR Type 3 LSA Filtering on Cisco IOS

daniel.campos · February 6, 2016, 6:57pm

Hi Rene,

Quick question would be possible make outbound filtering in OSPF in single area, picture this R1 - R2 - R3 all running OSPF in area 0 with 10 routes in routing table, would be possible filter OSPF in R1 to send just default route to R2 and R3? If possible could you share the commands?

ReneMolenaar · February 9, 2016, 5:41pm

Hi Daniel,

Outbound filtering within the area is a no-go for OSPF. Since OSPF is a link-state routing protocol, the LSDB within the area has to be the same.

You can use a distribute-list for inbound filtering but that’s it.

Rene

engg2007.deepak · April 15, 2016, 2:13pm

Hey Rene,

I tried to use Type 3 LSA filtering with Virtual Link created, but somehow it was not working. However, when I deleted the virtual link, I was able to filter out LSA Type 3 on ABR. Does it mean we cannot use Type 3 LSA filter with virtual links?? If we cannot, then how do we use Type 3 LSA and Virtual link?

Thanks!!

ReneMolenaar · April 20, 2016, 9:12pm

Hi Deepak,

I’d have to lab it up but I don’t think you can use filtering like this.

Rene

shannon.sariman · May 9, 2016, 1:43am

Hi Rene,

There’s a typo, I see:

The 192.168.12.0 /24 and 192.168.24.0 /24 prefixes are now gone from the routing table. It doesn’t matter from which area they come from…

Should be this instead, in bold:

The 192.168.14.0 /24 and 192.168.24.0 /24 prefixes are now gone from the routing table. It doesn’t matter from which area they come from…

Cheers,

Shannon

ReneMolenaar · May 9, 2016, 1:55pm

Hi Shannon,

That’s right, thanks for letting me know. It’s fixed.

Rene

shannon.sariman · May 10, 2016, 4:58am

Awesome!

Kchandu · August 31, 2016, 11:26pm

Hi Rene

I want to know why the filtering in ospf only occurs in ABR or ASBR.

andrew · September 1, 2016, 1:15am

Rajendra,
This has to do with how link state protocols work. In order for a link protocol to be able to run the Dijkstra algorithm, they must all have identical databases to run the algorithm against. If filtering were allowed within an area, then by definition, some routers would have a different database than others, and when those routers ran the shortest path tree calculations, they would arrive at different results.

Notice that both the ASBR and ABR, by definition, are at the area boundary. They are allowed to do filtering or summarization only on routes that exist outside of the area where they are presenting the filtering or summarization. This ensures that all routers within the area where the ASBR or ABR has done filtering will all be getting the same information (from the ASBR or ABR).

To put it another way, imagine an ABR like this:

(AREA 0)—ABR—(AREA 1)

The ABR is NOT allowed to summarize or filter an area and re-introduce that back into the same area. So it is okay for the ABR to filter Area 0 and present that to Area 1, or summarize area 1 and present the summary to area 0.

Kchandu · September 1, 2016, 2:23pm

Thanks Andrew for the clarification

shantel · December 26, 2016, 6:57pm

19 posts were merged into an existing topic: OSPF ABR Type 3 LSA Filtering on Cisco IOS

sid6224 · March 19, 2017, 3:18pm

Hi Rene,

I was doing a lab setup exactly as yours LSA Type-3 Filtering (Inbound). My loopback address on R4 is 4.4.4.1/24, and I haven’t defined any loopback on any other routers:

I want to block this into AREA-3. I am defining my prefix-list on ABR as

ip prefix-list into_area3 seq 7 deny 4.4.4.1/24
ip prefix-list into_area3 seq 10 permit 0.0.0.0/0 le 32

 router ospf 1
 router-id 4.4.4.4
 log-adjacency-changes
 area 3 filter-list prefix into_area3 in
 network 4.4.4.0 0.0.0.255 area 0
 network 192.168.14.0 0.0.0.255 area 1
 network 192.168.24.0 0.0.0.255 area 2
 network 192.168.34.0 0.0.0.255 area 3

But I still see it in route of R3:

O IA 4.4.4.1 [110/11] via 192.168.34.4, 00:47:37, FastEthernet0/0

sid6224 · March 19, 2017, 3:57pm

Never mind I figured this out. Basically to block the route for 4.4.4.1, I should make an exact match in my prefix-list.

So basically I changed

ip prefix-list into_area3 seq 7 deny 4.4.4.1/24

TO

ip prefix-list into_area3 seq 7 deny 4.4.4.1/32

And it works.

rosamariasanchez080 · September 19, 2017, 10:40pm

Hi,
I have a question Im configuring OSPF for some data links between my networks equipments and ISP equipment s but the ISP uses the area 0 for the data links and I use area 0 on my network .

How the ISP will redistribute the networks of area 0 to me and how can I redistribute the networks of area 0 to them.

lagapidis · September 23, 2017, 8:27am

Hello Helen.

I am assuming that you and the ISP are operating completely separate OSPF domains. That is, their OSPF routing is completely autonomous from yours. This means that your area 0 has nothing to do with their area 0. They are two completely separate systems.

If this is the case, then the way one OSPF domain communicates with another OSPF domain is via a router that has two separate OSPF processes running. One interface is using process number 1 for example, this may be your internal OSPF domain, and the outside interface is using process 2, which is part of the ISP’s OSPF domain. This is assuming that the redistribution point is your edge router. You can find detailed information of redistribution between separate OSPF domains at this comprehensive Cisco documentation.

Now if the ISP is participating in the SAME OSPF domain as you (which I consider unlikely, but I’m including this for completion), then there is essentially no redistribution taking place as far as domain to domain is concerned. Both are in the same domain.

I hope this has been helpful!

Laz

hengsovandara1345 · January 23, 2018, 4:00am

Hello
By using filtering on ABR, does this method tell the ABR not to advertise this prefix list or it tell the router in the area not to install this prefix in their routing table ?
Thank
Sovandara

lagapidis · January 28, 2018, 6:54am

Hello Heng

When you apply LSA3 filtering, you are telling the ABR not to advertise the specific prefix. In other words, it does not send any information about the specific prefix in its LSAs.

I hope this has been helpful!

Laz

bahriaygordu · August 4, 2018, 10:10am

R4(config)#ip prefix-list INTO-AREA3 seq 6 deny 192.168.14.0/24
R4(config)#ip prefix-list INTO-AREA3 seq 7 deny 192.168.24.0/24

i dont understand what means seq 6 seq 7

lagapidis · August 4, 2018, 1:28pm

Hello Bahri

When creating a prefix list, we can add multiple statements. For example, in Rene’s lesson, he initially started with the following two commands:

R4(config)#ip prefix-list INTO-AREA3 deny 2.2.2.2/32
R4(config)#ip prefix-list INTO-AREA3 permit 0.0.0.0/0 le 32

Now because the INTO-AREA3 prefix list has two entries, these entries are given specific sequence numbers. Because Rene didn’t specify these sequence numbers, by default, the IOS will assign sequence numbers at intervals of 5 (or 10 depending on the IOS version and platform). If you were to display the INTO-AREA3 prefix list, you would see something like this:

R4# show prefix-list INTO-AREA3
5  deny 2.2.2.2/32
10 permit 0.0.0.0/0 le 32

Now in the case where the commands in your post were implemented, it was required that these be entered between the two existing entries, that is, somewhere between sequence numbers 5 and 10. Using the seq keyword, the location of these two new entries can be specified. Once the commands are implemented, and you display the current prefix list, you would get something like this:

R4# show prefix-list INTO-AREA3
5  deny 2.2.2.2/32
6  deny 192.168.14.0/24
7  deny 192.168.24.0/24
10 permit 0.0.0.0/0 le 32

I hope this has been helpful!

Laz

bahriaygordu · August 4, 2018, 7:40pm

Hi
LAZ
Thank you very much,
it useful