Does GNS3 support for type - 5 LSA filtering ? I did this for 3 time as it is still its not working for me so can you make sure whether GNS3 support for Type-5 LSA filtering or not ?
I am sure that i am not wrong in confutation as i have checked my config 3 times
As far as I know, GNS3 has no limitations on Type-5 filtering. It should function correctly. Take a look at this Cisco support thread to see if you have any issues similar to this:
If we applied this route map as you have it here, the following would happen:
You have an access list that denies host 172.16.1.1 and permits everything else. This means that this access list, within a route map will match EVERYTHING except for that specific IP.
When you add it to the route map, with a permit statement, then every time a packet with an IP address other than 172.16.1.1, it will be permitted. Because of the implicit deny at the end of the route map, everything else, which is essentially 172.16.1.1 alone, will be denied.
So a match (which takes place with everything except 172.16.1.1) in your case will permit redistribution. A lack of matching (which will only occur with 172.16.1.1) will result in a denial of redistribution.
So yes, your solution would work. It may be considered a little bit counterintuitive, but if the thought process works for you then so be it!
I am really liking your lessons but I would like to suggest you to always include the full sintaxe regarding the configuration of certain topic, for example in the ospf route summarization you did not talk about the configuration options.
I have some questions regarding OSPF LSA Filtering.
What to say regarding LSA Type 7 Filtering?
a) Do we still use Distribute-list, Route-map and not-advertise trick to filter this LSAs?
b) Since the ABR converts Type 7 LSA to Type 5 to propagate it to other areas, on the ABR Router if I am receiving this Type 7 LSA how can I filter them to avoid having some routes entering the backbone area? Do I use Type 5 LSA filtering procedures ou Type 3 LSA filtering procedures on the ABR Router. I am asking because according to your LSA Type lesson ABR converts Type 7 LSA and propagate it as Type 5 to other areas.
As you mention in your post, this really isn’t filtering, because type 7 LSA’s don’t traverse an ABR, but they are converted to type 5 LSAs. Conversely, Type 3 and Type 5 LSAs can be literally filtered because, in the absence of filtering, they simply traverse the ABR unchanged.
You can find out more details about filtering type 7 LSAs from the following Cisco documentation:
Also, thanks for your feedback, every suggestion that you make helps us to make Networklessons better!
Just to quote “the distribute-list is actually filtering the network while the route-map and summary-address prevent the router from advertising something.”
Since they are all applied at the ‘router OSPF 1’ process, how exactly is the distribute-list actually filtering the network yet the route-map and summary-address are preventing the router from advertising something?
As Rene stated, the devil is indeed in the details. Even though all three are applied on the OSPF process, and they can be configured to have the same result as far as routing goes, the logic behind the way each works is different.
For the distribute list will filter routes from being added to the routing table but it will not remove the LSA for that subnet. So the subnet is still being advertised, however, it is simply not put into the routing table, and that’s the definition of filtering.
The route-map and summary-address methods actually prevent the route from being advertised, so the LSA for that subnet is not advertised at all. Thus, it doesn’t end up in the routing table either.
The result is the same, the mechanism is different.
Please clarify me on which scenarios in network we should need to filter LSA3 & LSA5.
if we filter LSA5 using filter list. then how this external route will propagate to Another Area?
distribute list will filter routes from being added to the routing table but it will not remove the LSA for that subnet.
The route-map and summary-address methods actually prevent the route from being advertised, so the LSA for that subnet is not advertised at all.
it will be very helpful if you explained above 2 statements with example in real scenarios
To start off, take a look at this post that should answer at least part of your question:
Remember that LSAs can only be filtered between areas, so both LSA3 and LSA5 filtering is applied at the ABR. The purpose of filtering these LSAs is specifically to reduce the amount of unnecessary routing information to be distributed into OSPF areas that don’t need it. The following post describes these scenarios:
Take a look at this info, and if you have any further questions, please feel free to respond and ask!
Could you please explain me, why we are permitting entry in acl while denying in route-map.
Is it like if have to deny any route with route-map, then we have permit it in acl and put a deny statement in route-map? I am confused here… Please explain…
R1(config)#ip access-list standard R1_L1
R1(config-std-nacl)#permit host 172.16.1.1
R1(config)#route-map CONNECTED_TO_OSPF deny 10
R1(config-route-map)#match ip address R1_L1
This is indeed one of the confusing things associated with using ACLs and route maps. When an ACL is used as part of a route map, its role is to match particular traffic, and not to act upon that traffic. Whenever there is a permit statement in an ACL, it is considered a match. It is the role of the route map that takes action based on what is matched.
So a route map will use an ACL only to match traffic. So a match statement that references an ACL with a permit statement simply says that “this traffic matches our criteria”. The action that will be taken, however, must be configured at the route map.
So the permit statement in the ACL matches the traffic, and the deny statement in the route map takes action upon that matched traffic.
Be careful what filtering technique you use if you learn this for a CCIE R&S lab. The devil is in the details…the distribute-list is actually filtering the network while the route-map and summary-address prevent the router from advertising something.
Couldn’t the route-map be used to filter the network as well? Or were you referring to the examples used in the lesson.
Yes, a route map could be used to filter the network as well, however, the comment was meant for the specific example in the lesson. The point is that as far as R2 and R3 go, the results of both the route map and the distribute-list solutions are the same. However, from the point of view of R1, there is a difference:
The distribute-list solution allows these redistributed routes in the OSPF database but filters the advertisements towards R2. The route map solution denies these routes from ever entering the OSPF database in the first place.
Thanks Laz. I’m not sur i understood correctly. In the example from the lesson, it means R2 and R3 receive T5 LSA for 172.16.0.1 and add it in the LSDB but do not add it in the routing table? Doesn’t seem logic to me so i guess i’m missing something
With the distribute-list, R1 contains the 172.16.0.1/32 network in its LSDB, BUT, it is not advertised to R2, and thus it is not further advertised to R3. So no type 5 LSA is ever sent that contains this network.
The route-map on the other hand, denies the 172.16.0.1/32 network from being redistributed into OSPF. Therefore, the network never appears in the LSDB of R1 at all!